Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
shmuel+ibm-m...@patriot.net (Shmuel Metz , Seymour J.) writes: Fishing with dynamite, are we? OS/360 had so many holes[1] that most people lost count. Take ISAM - please. MVS may have holes, but it's harder to find them and IBM is willing to fix them. It's my fault that the operator can no longer blow you away with a simple START command. for future system effort ... the corporation wanted to move to softcopy document ... avoid some of problems where hard copy FS specification might be copied and leaked outside the company (there was a situation involving unannounced 370 virtual memory features that had leaked out in this manner ... prompting a number of things, including retrofitting all corporation copies with unique serial numbers attached under the glass ... which would appear on all pages copied). there were some enhancements added to vm370/cms that was supposedly the base for FS softcopy documentation (like disabling lots of mechanisms for copying and/or printing what was being displayed on 3270 screen). they would needle me that the fixes were such that if I was left alone in the datacenter with the machine ... that even I couldn't access the FS documentation (part of this may have been in response to various unflattering comments that I had been making about the FS effort). one friday afternoon when I was visiting to setup for some offshift dedicated time ... they got somewhat irritating about the subject ... which prompted me to reply it would take less than five minutes and involve changing one byte. I first had to disable all access to the machine from other than the operators console. I then used the hardware console to patch a branch instruction in the kernel password checking routine ... so that everything entered was treated as valid password. I pointed out that countermeasure would require something like service console passwords for access to hardware functions (like display/alter storage). misc. past posts mentioning Future System effort http://www.garlic.com/~lynn/submain.html#futuresys -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
re: http://www.garlic.com/~lynn/2010j.html#32 Personal use z/OS machines was Re: Multiprise 3k for personal Use? it was also about the time that the corporation hired a new CSO, long distinquished career in gov. ... things like having been head of presidential detail; knew a lot about physical security. I got asked to run around with him some; supposedly the corporate computer/information security expert (a few details about physical security would rub off). other posts in this thread: http://www.garlic.com/~lynn/2010j.html#14 Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#17 Personal use z/OS machines was Re: Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#18 Personal use z/OS machines was Re: Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#19 Personal use z/OS machines was Re: Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#20 Personal use z/OS machines was Re: Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#22 Personal use z/OS machines was Re: Multiprise 3k for personal Use? -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
In 4c0f05b8.2030...@ync.net, on 06/08/2010 at 10:08 PM, Rick Fochtman rfocht...@ync.net said: OS/360 had a FREEDBUF macro that could SYNCH to a user-supplied exit in Supv. state Key-0. IIRC, it was part of BDAM. Fishing with dynamite, are we? OS/360 had so many holes[1] that most people lost count. Take ISAM - please. MVS may have holes, but it's harder to find them and IBM is willing to fix them. It's my fault that the operator can no longer blow you away with a simple START command. [1] One of which I exploited in a storage zap program. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
In 643814fdcaa74b54b6f94196472ef...@pinnacledesk1, on 06/08/2010 at 05:36 PM, Pinnacle pinnc...@rochester.rr.com said: It would be nice if someone actually documented a hole, instead of all the urban legends we hear. I document security holes in IBM software when I report them to IBM. I don't document them to anybody else until the exposure has been fixed. I hope that others will do the same. Please don't publicly disclose the details of a security hole while the vendor is still developing a fix. Note that I'm *NOT* talking about cases where the vendor can't be bothered to deal with security issues, but I haven't had that problem with IBM in decades. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
From: Andy Wood woo...@ozemail.com.au To: IBM-MAIN@bama.ua.edu Sent: Tue, June 8, 2010 6:20:57 PM Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use? On Tue, 8 Jun 2010 17:36:03 -0400, Pinnacle pinnc...@rochester.rr.com wrote: . . . Barry, It would be nice if someone actually documented a hole, instead of all the urban legends we hear. Outside the magic SVC, or a trusted person planting malware in an APF library, I don't know of any holes. Please share. Andy: Unfortunately the person who found quite a few holes moved on and would not reveal what he found and how he found them. I just know that he managed to find a lot of them. Now what is a lot, He admitted finding 5 but again would not give anyone hints at what they were. I can attest (by looking at dumps and the logrec entries and even some stand alone dumps that he found some as when ever he logged on the system we started seeing a lot more dumps with some really strange reason codes(and no reported issues from other IBM users). I can also say that he regularly was able to alter memory in any address space in the system. I could not prove but dumps and some other evidence told me he was doing things that MVS should have stopped but he was able to get into any state/key whatever he wanted. Once he got his code working it was hard to prove he had done something he was not supposed to. And just to reiterate that he did *NOT* have a special SVC or secret mod that allowed him to do so. we had pretty tight control over the OS and a few times we created a truly fresh system from IBM and it did not make a bit of difference. Bypassing RACF was his early on attempt and it took him maybe about 3 days to get around RACF. We attempted to stop him but the politics of the time would let it happen. (This was almost at the board level - maybe one step below). It was frustrating trying to fix issues as it was (most of the time) difficult to figure out if it was an IBM issue or him playing around. When IBM got a dump he would look at it and if it looked strange and did not make any sense he would mark it as user and would toss it away. I know (because I was a party to some of the discussions between IBM and my upper management that they were as frustrated as he was as the politics involved were really rough. BTW the IBM person was excellent and he was not the type to not label something that was not an IBM issue as a user issue. He was exceedingly honest and after looking at the dumps before he got a hold of them several of us who previewed the dumps before we handed them over to IBM, some of them were just weird and could not be explained except someone was mucking around where they were not suppose to be. Ed -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
Rick Fochtman pisze: -snip-- It would be nice if someone actually documented a hole, instead of all the urban legends we hear. Outside the magic SVC, or a trusted person planting malware in an APF library, I don't know of any holes. Please share. -unsnip Documenting a hole could be a seriously bad idea, since it might give a potential troublemaker exactly the opening he's looking for. Documenting a hole is very good idea. If you don't do it, hackers will do it. What's better - to have a hole and don't know about it or to have hole and be aware of that? I choose he second option, definitely. Last but not least: documented hole can be went around, avoided. Of course, usually documenting hole is first step to fix it. Example: BPX.DAEMON resource in FACILITY class. It can be understood as a fix for the hole existing in original Unix standard. It is quite well documented - that's why I know what is the purpose of the profile and what is the risk if I don't have the profile. It can reside on what you have to protect security checklist. Regards -- Radoslaw Skorupka Lodz, Poland -- BRE Bank SA ul. Senatorska 18 00-950 Warszawa www.brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237 NIP: 526-021-50-88 Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym BRE Banku SA bd w caoci opacone. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On Tue, 8 Jun 2010 20:14:29 -0400 Pinnacle pinnc...@rochester.rr.com wrote: :same thing. Authorized code can hack MVS, unauthorized code can't. The security exposures exist when the authorized code trusts an address passed by unauthorized code. Authorized code cannot trust anything provided by unauthorized code. That means going into the callers key when fetching or modifying storage based on an address provided and should the caller pass the address of a protected control block, such as a TCB address, verifying that the address is in fact of a TCB and it is where such service is allowed. Should an exit be allowed, such as a DCB OPEN exit, SYNCH back to problem state and key must be used. And, obviously, no workareas of the authorized routine are allowed to be in a key that allows the unauthorized routine ability to update (and, perhaps, even fetch). -- Binyamin Dissen bdis...@dissensoftware.com http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
Pinnacle wrote: Tony, Thank you for at least posting two concrete examples of past holes. There was a recent article in zJournal about hacking z/OS, but it was disappointing, limited to what we've discussed here. The article quoted a number of noted gurus (some on this thread), and they all basically said the same thing. Authorized code can hack MVS, unauthorized code can't. Also, like your examples above, none of the examples of hacking quoted in the article were less than 20 years old. I wonder if anyone was able to exploit SMP/E to run arbitrary code in a privileged state? -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On Wed, 9 Jun 2010 06:01:51 -0700, Edward Jaffe wrote: I wonder if anyone was able to exploit SMP/E to run arbitrary code in a privileged state? You're cruel. Integrity exposures, like pregnancy, are pretty much devoid of degree. If a program gets in KEY 0, it can modify system control blocks. If it gets in Supervisor state, it can LPSW to KEY 0. If it has AC=1, it can MODESET. If it can update APF libraries, it can ... And IBM considers the SMP/E problem fixed merely because they told customers, Don't do that! Even though they haven't told us what to not do. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On 9 Jun 2010 06:38:50 -0700, in bit.listserv.ibm-main you wrote: On Wed, 9 Jun 2010 06:01:51 -0700, Edward Jaffe wrote: I wonder if anyone was able to exploit SMP/E to run arbitrary code in a privileged state? You're cruel. Integrity exposures, like pregnancy, are pretty much devoid of degree. If a program gets in KEY 0, it can modify system control blocks. If it gets in Supervisor state, it can LPSW to KEY 0. If it has AC=1, it can MODESET. If it can update APF libraries, it can ... And IBM considers the SMP/E problem fixed merely because they told customers, Don't do that! Even though they haven't told us what to not do. -- gil It gets even better. If the goal is to invade a system for profit, knowing the vulnerabilities in Websphere may be sufficient. It isn't RACF directly that is preventing me from getting into someone else's account when I log in to my bank which I believe is on z/OS. The advantages of having your own machine to try out hacking is that you don't alert someone else as to what you are doing. Figuring out the vulnerability in SMP/E in and of itself may not be that useful if you confine yourself to SMP/E because getting that far requires a valid logon to TSO. Figuring out where else similar vulnerabilities might exist from understanding that vulnerability could be profitable. If REXX or JAVA can be executed through a web entry (Websphere, another web server, etc.) then all sorts of interesting things might happen. In short, the advantage of having your own system to explore vulnerabilities is that you don't get anyone's security people aroused when you probe. Clark Morris -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well. cfmpub...@ns.sympatico.ca (Clark Morris) writes: In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? For security purposes are we better off with some kind of regulated hobbyist access to z/OS running under z/VM at data centers? re: http://www.garlic.com/~lynn/2010j.html#14 Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#17 Personal use z/OS machines was Re: Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#18 Personal use z/OS machines was Re: Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#19 Personal use z/OS machines was Re: Multiprise 3k for personal Use? aka, during the OCO-wars ... in the transition from freely available source to object-code-only ... I don't remember being able to hide threats and vulnerabilities being an argument ... it was about protecting corporate property (i.e. source) in a competitive environment with clone processors. starting to charge for application software (23jun69 unbundling announcement) was about various litigation ... but case had been made that kernel/system software would still be free. later decision to start charging for kernel software was in period when clone processors had gained market foothold (during FS distraction, and my resource manager was initial guinea pig for kernel software charging); http://www.garlic.com/~lynn/submain.html#unbundle OCO could be construed as further market inhibitors (in addition to software no longer free). sometimes (in OCO-wars) there were issues raised about protecting customers from themselves ... that freely available source encourages customer programmers to make modifications ... which would cause problems/delays in moving to newer releases (things like newer source was incompatible with older source). customer source modifications could also result in delays in replacing existing machines with newer machines (that might have various kinds of differences). there was case where ATT had gotten a highly modified versions of early csc/vm system (w/o multiprocessor support) ... old csc/vm email reference (long before OCO-wars, still when vm370 shipped with full source maintenance): http://www.garlic.com/~lynn/2006v.html#email731212 http://www.garlic.com/~lynn/2006w.html#email750430 ATT then made a large number of their own source modifications (things like virtual device support that ran over network connections ... aka being able to run application at one ATT facility ... thinking it was doing i/o to local tape drive ... but tape drive was actually connected to system at another ATT facility) ... which was widely distributed/used within ATT. Nearly a decade later, the national account manager for ATT tracked me down looking for help in moving ATT off that csc/vm system to a more current vm370. This was related to 3081 ... which was only going to be available in multiprocessor configuration ... and there was not going to be a non-multiprocessor (although this was later modified to ship 3083 ... in large part because ACP/TPF didn't have multiprocessor support). Since that particular csc/vm system (w/o multiprocessor support) was so entrenched in ATT ... they were going to be forced to going to clone processor vendor that was selling newer uniprocessor machines (early csc/vm systems didn't have multiprocessor support until after the version that had escaped to ATT; except for version that escaped to ATT ... my csc/vm systems were limited to large number of internal installations ... which I could keep current). misc. recent posts mentioning 3083 http://www.garlic.com/~lynn/2010.html#1 DEC-10 SOS Editor Intra-Line Editing http://www.garlic.com/~lynn/2010.html#21 Happy DEC-10 Day http://www.garlic.com/~lynn/2010d.html#14 Happy DEC-10 Day http://www.garlic.com/~lynn/2010d.html#79 LPARs: More or Less? http://www.garlic.com/~lynn/2010e.html#23 Item on TPF http://www.garlic.com/~lynn/2010i.html#24 Program Work Method Question http://www.garlic.com/~lynn/2010i.html#78 IBM to announce new MF's this year other reference to 3081 ( future system) http://www.jfsowa.com/computer/memo125.htm -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well. Anne Lynn Wheeler l...@garlic.com writes: there was case where ATT had gotten a highly modified versions of early csc/vm system (w/o multiprocessor support) ... old csc/vm email reference (long before OCO-wars, still when vm370 shipped with full source maintenance): http://www.garlic.com/~lynn/2006v.html#email731212 http://www.garlic.com/~lynn/2006w.html#email750430 re: http://www.garlic.com/~lynn/2010j.html#20 Personal use z/OS machines was Re: Multiprise 3k for personal Use? also csc/vm email http://www.garlic.com/~lynn/2006w.html#email750102 jan75, a couple engineers from POK came up to science center to talk about doing a 5-way SMP skunkworks effort. in the morph from cp67 to vm370 ... there was a lot of simplification and dropping of code ... which accounted for large part of the effort to move the cp67 csc/vm system to a vm370 base. I did get a bunch of fastpath stuff put back in (that I had originally done as undergraduate on cp67 in 1968) which shipped in vm370 release 1plc9 (aka vm370 had monthly source maintenance mini-releases that were called plc or program level change). in any case, spring of '75, they roped me into helping with 5-way SMP skunkworks effort called VAMPS ... which was eventually killed w/o even being announced ... some past posts http://www.garlic.com/~lynn/submain.html#bounce I got to do a lot of microcode/machine design ... queued i/o and queued i/o termination (something similar showed up later in 811 ... internal codename for 370xa for the nov78 date on the registered confidential documents). I also got to do multiprocessor dispatching interface ... somewhat similar to what showed up later in intel432 (but in microcode rather than silicon ... the i432 group gave a talk about one of the things that help kill i432 was putting really complex stuff into silicon ... and then difficulty in shipping fixes/patches). after VAMPS was killed ... one or two of the people from VAMPS helped form another smp skunkworks effort for 16-way smp. this got killed and some people invited to never appear in POK again, when the head of POK was told that it might be decades before the POK favorite son operating system had (effective) 16-way support. misc. past posts mentioning SMP (/or compareswap instruction): http://www.garlic.com/~lynn/subtopic.html#smp misc. recent posts mentioning charlie inventing compareswap instruction (compare-and-swap was chosen because CAS are charlie's initials): http://www.garlic.com/~lynn/2010b.html#67 How long for IBM System/360 architecture and its descendants? http://www.garlic.com/~lynn/2010c.html#47 Extracting STDOUT data from USS http://www.garlic.com/~lynn/2010d.html#20 search engine history, was Happy DEC-10 Day http://www.garlic.com/~lynn/2010e.html#15 search engine history, was Happy DEC-10 Day http://www.garlic.com/~lynn/2010g.html#80 What is the protocal for GMT offset in SMTP (e-mail) header time-stamp? http://www.garlic.com/~lynn/2010h.html#86 Itanium had appeal http://www.garlic.com/~lynn/2010i.html#31 IBM Unix prehistory, someone smarter than Dave Cutler -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On 7 Jun 2010 16:31:17 -0700, in bit.listserv.ibm-main you wrote: -snip Well I hate to look like a solicitor, but, if there is anyone out there, particularly in the Houston area, with a multiprise (actually, any mainframe for that matter, I mean it depends, but if you have ANYTHING talk to me) that is just going to waste that'll be trashed anyway, it would be going to a good home. I have been asking for older equipment for the collection for several years, and I do not think anyone really takes offense. There have been some extremely generous people on this list - and I would once again like to give a public THANK YOU to them. Saving an old machine, a pile of docs, or some reels of tape can go a long way, and in just about every way is better than the stuff going to the scrapper. Someday IBM may have some sort of non-commercial license for their mainframe software - perhaps something like Syntegra/Control Data or HP/Digital has. Save the software first, then worry about the legal issues. Once the software is gone, it is GONE. In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? For security purposes are we better off with some kind of regulated hobbyist access to z/OS running under z/VM at data centers? unsnip-- Clark, I think your concerns are valid, but unwarranted. Even with a disasembler, the complexity of the instruction set and the complexity of z/OS code and interfaces would require a VERY sharp Assembler programmer to be able to do serious hacks into z/OS. It's taken 46 years to develop the current level and, like they say, Rome wasn't built in a day. Given the constant evolution of both hardware and software, I'm not sure any of US could keep up with it effectively enough to crack into it consistantly, and we're all experienced professionals, some more so than others. And even a Disassembler won't decode things like SVC parameter lists, PC parms, etc. or even what a particular PC is intended to accomplish. If I were looking for vulnerabilities, I wouldn't even go for the source. I would just set up the system as a server and see what I could get away with. The vulnerability can be in CICS, Websphere or any other portal open to the outside world. My second line of attack would be the CBT and JES mods to see if any of them have vulnerabilities I could exploit. Having my own system would enable me to see what flags are raised by various attempts. I don't think enough like an intruder to make it worth while either as a white hat consultant or a black hat thief but intimate code knowledge may not be the only way to break the system. The ability to test exploits based on APARs might be interesting. A regulated hobbyist with access to z/OS running under z/VM could crack into that system just as easily as a home user. Then what? Also, by putting it under z/VM, you could be giving him access to two systems to crack: z/OS AND z/VM. Here I would assume a hardened and monitored VM NOT controlled by the z/OS hobbyist user. There also might be some vetting of the person before access is allowed. We are now all holding, or have held, positions of grave responsibility in our various organizations, be they private industry or government; along with that comes trust and our ability to prove that the trust is not misplaced. The ultimate bottom line: sooner or later the honesty of the user, or system programmer, has to be proven and that's probably the hardest part of dealing with this whole set of interrelated issues. Rick Clark -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On Tue, 8 Jun 2010 22:12:29 +0200 (CEST), starwars nonscrivet...@tatooine.homelinux.net wrote: Holes in 3rd party products do not equal holes in z/OS. Get the vendor to fix his mess. I don't know if this is necessarily true. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
-From an installations point of view all code that runs in system key (0-7), supervisor state, or has the ability to do so: -Should be considered part of the operating system (system extensions if you like). -Has the ability to circumvent the installation implemented security (independent of the ESM). -Should be corrected if an integrity exposure exists in the code. The Vendor does not matter. A single integrity exposure from a single vendor compromises your entire z/OS system regardless of whether you think z/OS is secure or not. It also does not matter if you think the ISV authorized code is part of z/OS or not. The reality is authorized ISV code has the ability to modify the environment just like real authorized z/OS code from IBM. As it turns out z/OS does have integrity exposures. Given that IBM is the largest producers of authorized code for z/OS this should not be a surprise. IBM has a statement of integrity. This is the basis for z/OS to be a secure operating system. Any code you install on top of z/OS should also have an integrity statement. However, the IBM statement of integrity does not say that z/OS does not have any integrity exposures, just that IBM will fix them when found. There are examples of integrity exposures in IBM z/OS (the SMPE one for instance). It is also true that ISV's also have integrity exposures. Probably in a larger proportion than IBM does if you look at it statistically (number of modules to number of integrity exposures). The bottom line is all integrity exposures regardless of source (vendor) need to be fixed if you are to have a secure z/OS. On 6/8/2010 15:44 PM, Howard Brazee wrote: On Tue, 8 Jun 2010 22:12:29 +0200 (CEST), starwars nonscrivet...@tatooine.homelinux.net wrote: Holes in 3rd party products do not equal holes in z/OS. Get the vendor to fix his mess. I don't know if this is necessarily true. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
- Original Message - From: barryschra...@cs.com Newsgroups: bit.listserv.ibm-main Sent: Tuesday, June 08, 2010 5:28 PM Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use? On 8-Jun-2010, Howard Brazee howard.bra...@cusys.edu wrote: Holes in 3rd party products do not equal holes in z/OS. Get the vendor to fix his mess. I don't know if this is necessarily true. You're right, it's not true. Holes in 3rd party products are holes in the z/OS system. After a system is penetrated, are you going to say, gee, it wasn't an IBM error that got us, it was xyz company error. Big deal. Your system and, therefore your company, was taken. And, right now, 3rd party vendors are either not aware of the issues or not taking them seriously. There are holes in the 3rd party products and there are even some holes in z/OS that IBM is working on fixing. Now, the difference is that IBM, when it is pointed out to them, says, we will fix it as we honor the Statement of Integrity. 3rd party vendors sometimes have to be pushed and prodded and threatened. So, what are the holes on your system -- don't you want to know so you can start taking action to close them? Or would you rather be dumb and happy until disaster strikes. Then you can just say, gee, I didn't think there were any serious hole ... Barry, It would be nice if someone actually documented a hole, instead of all the urban legends we hear. Outside the magic SVC, or a trusted person planting malware in an APF library, I don't know of any holes. Please share. Regards, Tom Conley -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On 8 June 2010 17:36, Pinnacle pinnc...@rochester.rr.com wrote: It would be nice if someone actually documented a hole, instead of all the urban legends we hear. Outside the magic SVC, or a trusted person planting malware in an APF library, I don't know of any holes. Please share. Well no one is going to step up and document a current hole that they may know about. Two holes I happen to know of that were fixed so long ago that it can't possibly matter now, are the whole GAM implementation, which happily accepted a user-supplied address and branched to it in supervisor state, and the ability of any user to run a line trace on a 37x5 without the possibility of control by the installation. These were fixed in the 1970s and 1980s respectively. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On Tue, 8 Jun 2010 17:36:03 -0400, Pinnacle pinnc...@rochester.rr.com wrote: . . . Barry, It would be nice if someone actually documented a hole, instead of all the urban legends we hear. Outside the magic SVC, or a trusted person planting malware in an APF library, I don't know of any holes. Please share. I'm with Barry on this one. For about twenty years my day job (or at least part of it) was to seek out such exposures. I found dozens of problems in products from just about any vendor you care to name, and yes, that includes IBM. What do I mean by 'problem'? Well, in just about every case I was able to write a small demonstration program which could get control in supervisor state. Some of the vendors were extremely apathetic when it came to fixing such problems. Often it took them two, three, or more attempts to get it right. A certain well known vendor took five years to fix an issue. A problem in another very popular product was uncorrected three vendors (think takeovers) and eleven years later. I moved on so I don't know if it ever got fixed - I suspect not. Things have improved, but only very slowly. I first became aware of the user key CSA issue about thirty years ago (!). User key CSA problems have only really gone away in the last few years when IBM took the trouble to show their disapproval. As for magic SVCs, they obviously still exist, as a recent thread here proved. More of a worry is the SVC which the author thinks is 100% safe, when it is anything but. I'll bet that the old SPFCOPY SVC, or something derived from it, is still out there on many systems. Those SVCs usually have as many holes as a piece of fine emmentaler. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
- Original Message - From: Tony Harminc t...@harminc.net Newsgroups: bit.listserv.ibm-main Sent: Tuesday, June 08, 2010 5:56 PM Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use? On 8 June 2010 17:36, Pinnacle pinnc...@rochester.rr.com wrote: It would be nice if someone actually documented a hole, instead of all the urban legends we hear. Outside the magic SVC, or a trusted person planting malware in an APF library, I don't know of any holes. Please share. Well no one is going to step up and document a current hole that they may know about. Two holes I happen to know of that were fixed so long ago that it can't possibly matter now, are the whole GAM implementation, which happily accepted a user-supplied address and branched to it in supervisor state, and the ability of any user to run a line trace on a 37x5 without the possibility of control by the installation. These were fixed in the 1970s and 1980s respectively. Tony, Thank you for at least posting two concrete examples of past holes. There was a recent article in zJournal about hacking z/OS, but it was disappointing, limited to what we've discussed here. The article quoted a number of noted gurus (some on this thread), and they all basically said the same thing. Authorized code can hack MVS, unauthorized code can't. Also, like your examples above, none of the examples of hacking quoted in the article were less than 20 years old. Regards, Tom Conley -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
-snip-- It would be nice if someone actually documented a hole, instead of all the urban legends we hear. Outside the magic SVC, or a trusted person planting malware in an APF library, I don't know of any holes. Please share. -unsnip Documenting a hole could be a seriously bad idea, since it might give a potential troublemaker exactly the opening he's looking for. In early versions of the IDMS SVC, there was an undocumented parm that would place the caller in Supervisor state, Key-0. When we pointed this out to CA, it was fixed in 48 hours. Satisfied? :-) Rick -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
--snip-- Well no one is going to step up and document a current hole that they may know about. Two holes I happen to know of that were fixed so long ago that it can't possibly matter now, are the whole GAM implementation, which happily accepted a user-supplied address and branched to it in supervisor state, and the ability of any user to run a line trace on a 37x5 without the possibility of control by the installation. These were fixed in the 1970s and 1980s respectively. unsnip--- I those, since we didn't use any of that type of equipment. OS/360 had a FREEDBUF macro that could SYNCH to a user-supplied exit in Supv. state Key-0. IIRC, it was part of BDAM. Rick -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
Clark Morris pisze: [...] In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? For security purposes are we better off with some kind of regulated hobbyist access to z/OS running under z/VM at data centers? I wholly and completely DISAGREE. Security by obscurity is no security. You THINK there are no people looking for the holes now. Wrong. BTW: Let's hide documentation! Undocumented system is harder to learn or analyze, so it would even harder to find any hole. -- Radoslaw Skorupka Lodz, Poland -- BRE Bank SA ul. Senatorska 18 00-950 Warszawa www.brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237 NIP: 526-021-50-88 Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym BRE Banku SA bd w caoci opacone. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
cfmpub...@ns.sympatico.ca (Clark Morris) writes: In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? For security purposes are we better off with some kind of regulated hobbyist access to z/OS running under z/VM at data centers? re: http://www.garlic.com/~lynn/2010j.html#17 Personal use z/OS machines was Re: Multiprise 3k for personal Use? the question of security thru obscurity comes up periodically in relation to provable cryptography ... usely related to terms like snake-oil. open infrastructures tend to have faults identified and corrected much earlier ... there can be a painful period if attempting to transition from obscurity to open ... since all sorts of hidden infections could be found festering ... taking some period to clean out. we were tangentially involved in the cal. state data breach notification legislation. we had been brought in to help wordsmith the digital signature legislation and some of the parties were also heavily involved in privacy issues. they had done, detail consumer surveys on privacy. the number one issue was identity theft, a major component being account fraud ... where skimmed/breached information was being used for fraudulent financial transactions. there appeared to be little or nothing being done about breaches ... and so it seemed that they felt the resulting publicity from data breach notifications would provide motivation to taking corrective action and countermeasures. at the time, they were also working on opt-in privacy sharing legislation, but then GLBA (possibly better known for repeal of glass-steagall) came out with opt-out privacy sharing ... sort of federal pre-emption of the cal. work in progress (the difference between opt-in/opt-out privacy sharing has been in the news recently). -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well. re: http://www.garlic.com/~lynn/2010j.html#17 Personal use z/OS machines was Re: Multiprise 3k for personal Use? http://www.garlic.com/~lynn/2010j.html#18 Personal use z/OS machines was Re: Multiprise 3k for personal Use? and for some related topic drift (in a.f.c): http://www.garlic.com/~lynn/2010j.html#15 Idiotic programming style edicts late 90s, there was folklore that ceo of large financial institution let their CSO go with comment that fraud was much more cost effectively handled out of the public relations department (than the security department). some of this could be considered short-term horizon associated with quarterly financial filings of public companies (minimize infrastructure investment and maintenance ... moving the funds into the profit column and used for executive bonuses ... planing on being long gone by the time the infrastructures begin collapsing). maintaining the facade also showed up (at least) in financial sector infrastructure protection meetings http://en.wikipedia.org/wiki/Critical_infrastructure_protection http://en.wikipedia.org/wiki/National_Information_Infrastructure_Protection_Act at the time a lot of the infrastructure protection meetings were with regard to y2k remediation ... however, there were also issue of information sharing (ISAC) databases ... capturing exploits, threats and vulnerabilities. the initial push-back was fear that ISACs would be subject to FOIA ... when the FOIA issues were addressed ... there was still pushback that information about exploits, threats and vulnerabilities (at least in much of the financial industry) was viewed as competitive advantage (who had them, who didn't, who knew about them, and what were the countermeasures; even when the information was not available publicly ... limited to industry insiders and appropriate law enforcement agencies). http://www.fsisac.com/ http://www.isaccouncil.org/ the breadbutter of the financial sector ... possibly much more than the other sectors, has been *trust* ... with lots of concern about publicity damaging their reputation. unfortunately this can result in coming to believe that managing information about exploits can replace/substitute actually doing something about exploits. misc. past posts mentioning ISAC/FOIA http://www.garlic.com/~lynn/2007i.html#17 John W. Backus, 82, Fortran developer, dies http://www.garlic.com/~lynn/2007u.html#0 folklore indeed http://www.garlic.com/~lynn/2008g.html#11 Hannaford case exposes holes in law, some say http://www.garlic.com/~lynn/2008m.html#82 Data sharing among Industry players about frauds http://www.garlic.com/~lynn/2009f.html#48 Bankers as Partners In Crime Stopping http://www.garlic.com/~lynn/2009n.html#11 Banks should share cyber crime information IT PRO http://www.garlic.com/~lynn/2009p.html#27 FBI: National data-breach law would help fight cybercrime http://www.garlic.com/~lynn/2009p.html#45 ATM machines are increasingly attractive to hackers scenario regarding OCO-wars (aka Object-Code-Only wars) ... sort of goes starting to charge for (23jun69 unbundling) application software in response to various litigation ... but making case that system/kernel software was still free; Future System project started (a least partially motivated by clone controllers); Future System distraction is credited with allowing clone processors to gain market foothold; starting to charge for system/kernel software (at least partially motivated by clone processors gaining market foothold) ... then followed by OCO. misc. past posts mentioning unbundling ... first 23jun69 announcement for application software ... then later change starting to charge for system/kernel software (my resource manager was selected as guinea pig for starting to charge for system/kernel software) http://www.garlic.com/~lynn/submain.html#unbundle misc. past posts mentioning Future System http://www.garlic.com/~lynn/submain.html#futuresys misc. past posts mentioning clone controller http://www.garlic.com/~lynn/subtopic.html#360pcm -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
-snip Well I hate to look like a solicitor, but, if there is anyone out there, particularly in the Houston area, with a multiprise (actually, any mainframe for that matter, I mean it depends, but if you have ANYTHING talk to me) that is just going to waste that'll be trashed anyway, it would be going to a good home. I have been asking for older equipment for the collection for several years, and I do not think anyone really takes offense. There have been some extremely generous people on this list - and I would once again like to give a public THANK YOU to them. Saving an old machine, a pile of docs, or some reels of tape can go a long way, and in just about every way is better than the stuff going to the scrapper. Someday IBM may have some sort of non-commercial license for their mainframe software - perhaps something like Syntegra/Control Data or HP/Digital has. Save the software first, then worry about the legal issues. Once the software is gone, it is GONE. In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? For security purposes are we better off with some kind of regulated hobbyist access to z/OS running under z/VM at data centers? unsnip-- Clark, I think your concerns are valid, but unwarranted. Even with a disasembler, the complexity of the instruction set and the complexity of z/OS code and interfaces would require a VERY sharp Assembler programmer to be able to do serious hacks into z/OS. It's taken 46 years to develop the current level and, like they say, Rome wasn't built in a day. Given the constant evolution of both hardware and software, I'm not sure any of US could keep up with it effectively enough to crack into it consistantly, and we're all experienced professionals, some more so than others. And even a Disassembler won't decode things like SVC parameter lists, PC parms, etc. or even what a particular PC is intended to accomplish. A regulated hobbyist with access to z/OS running under z/VM could crack into that system just as easily as a home user. Then what? Also, by putting it under z/VM, you could be giving him access to two systems to crack: z/OS AND z/VM. We are now all holding, or have held, positions of grave responsibility in our various organizations, be they private industry or government; along with that comes trust and our ability to prove that the trust is not misplaced. The ultimate bottom line: sooner or later the honesty of the user, or system programmer, has to be proven and that's probably the hardest part of dealing with this whole set of interrelated issues. Rick -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
-snip-- Security through Obscurity Isn't -- A semi-anonymous Security Maven, a few years back --unsnip Security through honest and trustworthy staffers IS --- ME :-) Rick -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On 3 Jun 2010 10:42:16 -0700, in bit.listserv.ibm-main you wrote: Well I hate to look like a solicitor, but, if there is anyone out there, particularly in the Houston area, with a multiprise (actually, any mainframe for that matter, I mean it depends, but if you have ANYTHING talk to me) that is just going to waste that'll be trashed anyway, it would be going to a good home. I have been asking for older equipment for the collection for several years, and I do not think anyone really takes offense. There have been some extremely generous people on this list - and I would once again like to give a public THANK YOU to them. Saving an old machine, a pile of docs, or some reels of tape can go a long way, and in just about every way is better than the stuff going to the scrapper. Someday IBM may have some sort of non-commercial license for their mainframe software - perhaps something like Syntegra/Control Data or HP/Digital has. Save the software first, then worry about the legal issues. Once the software is gone, it is GONE. In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? For security purposes are we better off with some kind of regulated hobbyist access to z/OS running under z/VM at data centers? Clark Morris -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? For security purposes are we better off with some kind of regulated hobbyist access to z/OS running under z/VM at data centers? I do not think this really is an issue. We have not had a rash of VMS security holes, ever since DEC/HP started the hobbyist license. And it is not like we will have a zillion eyes going over the systems, like with Windows or *nix. One solution to this is to not make the software easily available. Make hobbyists jump through hoops if they must. Saving the software is of prime importance, even if it means keeping it under fairly tight control. Also, IBM could keep hobbyists back a few releases. So basically, don't junk those tapes or CDs for a while... -- Will -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote: In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? This is admitting defeat; acknowledging that z/OS is so riddled with defects, some irreparable, that the best we can hope for is that no one finds out. This brings to mind a thread that went through here a couple months ago. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote: In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? Quoted improperly! -- Will -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On 6 Jun 2010 13:19:57 -0700, in bit.listserv.ibm-main you wrote: On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote: In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? This is admitting defeat; acknowledging that z/OS is so riddled with defects, some irreparable, that the best we can hope for is that no one finds out. One of the sources of vulnerability of any operating system is have a computer that can be dedicated to breaking that systems. Some of the mods that have been applied from various public domain sources may have created vulnerabilities. We know that in the past various third party software has put holes into the system through magic SVCs and/or other less than good practices. The hole in SMP/E that is being covered might be fun to play with on a dedicated system with no oversight. Of course criminal enterprises looking to make decent money on finding holes for profit may already have a z machine purchased or leased with the software through legitimate or less than legitimate channels. Clark Morris This brings to mind a thread that went through here a couple months ago. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
Security through Obscurity Isn't -- A semi-anonymous Security Maven, a few years back B On Sun, Jun 6, 2010 at 3:47 PM, Clark Morris cfmpub...@ns.sympatico.ca wrote: On 6 Jun 2010 13:19:57 -0700, in bit.listserv.ibm-main you wrote: On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote: In one sense, we need to be careful about what we ask for. Do we want z/OS to be easily available to those who want to find vulnerabilities and crack the system? This is admitting defeat; acknowledging that z/OS is so riddled with defects, some irreparable, that the best we can hope for is that no one finds out. One of the sources of vulnerability of any operating system is have a computer that can be dedicated to breaking that systems. Some of the mods that have been applied from various public domain sources may have created vulnerabilities. We know that in the past various third party software has put holes into the system through magic SVCs and/or other less than good practices. The hole in SMP/E that is being covered might be fun to play with on a dedicated system with no oversight. Of course criminal enterprises looking to make decent money on finding holes for profit may already have a z machine purchased or leased with the software through legitimate or less than legitimate channels. Clark Morris This brings to mind a thread that went through here a couple months ago. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Bob Goolsby bob.gool...@gmail.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
I think those that are paranoid, are overly so. Just because an OS is available for public use doesn't make it available for cracking. Not that I expect z/OS to ever be available! - Too busy driving to stop for gas! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
eamacn...@yahoo.ca (Ted MacNEIL) writes: I think those that are paranoid, are overly so. Just because an OS is available for public use doesn't make it available for cracking. Not that I expect z/OS to ever be available! there is folklore about various agencies requesting exact source that corresponded to complete running system. supposedly after extremely large amount of money (seven figures) spent investigating the issue, it was eventually decided that it wasn't feasible/practical. misc. past posts mentioning the subject: http://www.garlic.com/~lynn/99.html#58 When did IBM go object only http://www.garlic.com/~lynn/2002q.html#32 Collating on the S/360-2540 card reader? http://www.garlic.com/~lynn/2002q.html#48 myths about Multics http://www.garlic.com/~lynn/2002q.html#49 myths about Multics by comparison cp67 and then vm370 not only shipped source ... but provided source maintenance ... fixes were shipped as source from which customer did new system rebuilds (there was significant retrenching with the OCO-wars). cp67 was used for commercial timesharing service bureaus ... some of which moved up the value stream providing financial information ... getting customers from different, competitive large wall street firms ... where critical competitive information was frequently involved. misc. references to virtual machines based timesharing (bears some similarities with current cloud computing): http://www.garlic.com/~lynn/submain.html#timeshare science center also got into provide timesharing services ... both internally as well as to educational institutions in the cambridge area (students and other non-employees). The science center has also done a port of apl\360 to cms for cms\apl ... opening up workspace size to virtual memory limits (from typical 16k-32k bytes) and adding APIs for system facilities (like read/write files) ... which allowed using APL for large real-world applications. One of the early internal customers for the services was the business planning people in Armonk ... which loaded the most valuable of all corporate information on the system (for their business planning models). This assumed that there was significant security given the most valuable of all corporate resources on the same system with a lot of univ. students. a couple recent posts mentioning providing services for armonk business planners: http://www.garlic.com/~lynn/2010e.html#24 Unbundling HONE http://www.garlic.com/~lynn/2010i.html#66 Global CIO: Global Banks Form Consortium To Counter HP, IBM, Oracle also slightly related ... http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml i didn't hear about the above customers until much later. other recent posts mentioning the above url: http://www.garlic.com/~lynn/2010b.html#63 Source code for s/360 [PUBLIC] http://www.garlic.com/~lynn/2010b.html#97 The Naked Mainframe (Forbes Security Article) http://www.garlic.com/~lynn/2010d.html#62 LPARs: More or Less? http://www.garlic.com/~lynn/2010f.html#59 More calumny: Secret Service Uses 1980s Mainframe http://www.garlic.com/~lynn/2010f.html#74 Is Security a Curse for the Cloud Computing Industry? http://www.garlic.com/~lynn/2010g.html#9 Far and near pointers on the 80286 and later http://www.garlic.com/~lynn/2010g.html#40 someone smarter than Dave Cutler http://www.garlic.com/~lynn/2010g.html#53 Far and near pointers on the 80286 and later -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
W dniu 2010-06-03 00:52, Kevin Keith pisze: Hi, I know this idea might sound crazy, but I was wondering about the prospects of an IBM mainframe for personal use. I'm aware of the hurdles considering the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other problems. My question is where would one go about looking for one of these? I could obviously buy one from a reseller for thousands of dollars, but I can't really afford that. I feel like there are many of these machines being dumped and scrapped (especially since they are relatively recently no longer supported) is there any way to get one just ONE of these before its destroyed by a scrapper? Obviously you can have MP3K and use it, BUT. The gotcha is software license. YOU HAVE TO PAY FOR THE SOFTWARE! There are not z/OS licences for homefun use. It's a pity, but reality. BTW: MP3K is relatively small, but not less affordable than big 9672. BTW2: I know some guy in Poland who owns two z/800 boxes and has licence for z/OS.e. In Parallel Sysplex, with ISC cards, sysplex timer, external DASD, etc. Just for fun. g -- Radoslaw Skorupka Lodz, Poland -- BRE Bank SA ul. Senatorska 18 00-950 Warszawa www.brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237 NIP: 526-021-50-88 Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym BRE Banku SA bd w caoci opacone. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
R.S. wrote: W dniu 2010-06-03 00:52, Kevin Keith pisze: Hi, I know this idea might sound crazy, but I was wondering about the prospects of an IBM mainframe for personal use. I'm aware of the hurdles considering the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other problems. My question is where would one go about looking for one of these? I could obviously buy one from a reseller for thousands of dollars, but I can't really afford that. I feel like there are many of these machines being dumped and scrapped (especially since they are relatively recently no longer supported) is there any way to get one just ONE of these before its destroyed by a scrapper? Obviously you can have MP3K and use it, BUT. The gotcha is software license. YOU HAVE TO PAY FOR THE SOFTWARE! There are not z/OS licences for homefun use. It's a pity, but reality. BTW: MP3K is relatively small, but not less affordable than big 9672. Yes, what a shame. IF you could license z/OS just for fun (Hercules) then there are a lot better hardware platforms than a MP3K to run it on. A medium sized Intel server would nuke a MP3K. BTW2: I know some guy in Poland who owns two z/800 boxes and has licence for z/OS.e. In Parallel Sysplex, with ISC cards, sysplex timer, external DASD, etc. Just for fun. g -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
My latest Mainframe Blog post discusses acquiring and configuring a personal mainframe: http://mainframe.typepad.com/blog/2010/05/my-personal-mainframe-2010-edition.html I tend to think that a used z890 (2086-110) is currently the ideal personal mainframe, possessing an excellent balance of capabilities, acquisition price, software licensing options, and likely useful service life from a technology relevance point of view. However, I think the z800 (2066-0E1) is still a viable second choice provided you can get a substantially better price, and provided you understand the technology currency issues (notably that DB2 9 is the last version that will run on the z800/z900). Obviously if you can get a heck of a deal on a used z9 BC or z10 BC you would jump on it. Note that in the blog post I do *not* assume that you would qualify for PartnerWorld software licensing if you own and operate a physical mainframe in your home data center, but that is another possible option for software licensing if you can meet the terms and conditions. I assumed full commercial licensing because I assumed that you might be entering the time sharing business in order to share the costs of your personal mainframe equitably, co-op style. I did, however, assume that you (and any time sharing users) could meet zNALC terms and conditions. I very much appreciate the offer that an IBM-MAINer made to send me a Multiprise 3000. It was (and is) extremely generous, thank you. Perhaps that offer (or similar) would be open to you, Kevin. I considered it very carefully and almost said yes. But in the end there was just too big a gap between an MP3000 and today's (or even yesterday's) software licensing and software capabilities. A second or first generation z/Architecture machine just seems like a much better financial and technical proposition all around at this point in time for a personal mainframe (assuming a physical one). Yes, it is possible to run 31-bit Linux on an MP3000, but I couldn't figure out any use cases where that capability would provide unique value nowadays given Linux's technical ability to cross-compile. And no, you're not crazy, Kevin. Or if you are, so am I. :-) - - - - - Timothy Sipples Resident Architect (Based in Singapore) STG Value Creation and Complex Deals Team IBM Growth Markets E-Mail: timothy.sipp...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
On 3 June 2010 07:16, R.S. r.skoru...@bremultibank.com.pl wrote: BTW: MP3K is relatively small, but not less affordable than big 9672. Not less? For the home user it's not only a question of acquisition cost. The MP3000 is a great little box, because it is entirely self-contained (DASD, network, etc.) and because it runs on an ordinary household power circuit. It uses about as much electricity as a largish PC server, and of course puts out a matching and not huge amount of heat, so it's entirely reasonable for home use. On the other hand, having just helped put one into the back of an SUV (on its way to Mike Ross's corestore.org), I can tell you that it's not a light box, even with all the DASD, fans, side and end covers, and several other things removed! Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
On 2 June 2010 18:52, Kevin Keith krfke...@gmail.com wrote: I know this idea might sound crazy, but I was wondering about the prospects of an IBM mainframe for personal use. I'm aware of the hurdles considering the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other problems. My question is where would one go about looking for one of these? I could obviously buy one from a reseller for thousands of dollars, but I can't really afford that. I feel like there are many of these machines being dumped and scrapped (especially since they are relatively recently no longer supported) is there any way to get one just ONE of these before its destroyed by a scrapper? It is a problem - some would call it market failure of a kind. There are resellers who have, or claim to have, just about any IBM hardware you'd like, and as you say, they ask a huge amount for it. I'm not sure I understand their business model, but I'm sure in many cases they don't actually have the hardware in question, and act more as brokers. On the other side, these machines are going to the scrapper all the time (I just saved one from that fate), where they have in effect negative value, i.e. you have to pay someone to take it away, and depending on where you are, pay various recycling charges because there may be lead-acid and/or NiCad batteries, and other non RoHS stuff inside. I think you've done exactly the right thing - ask on this list, and the several other mainframe related ones. Doubtless somewhere a reader of these lists knows that the boss is deciding that it's cleanup time for that dusty corner of the datacentre, and typically these things happen suddenly. If you are prepared to pay for quick packaging and shipping (evidently not as outrageous as I imagined), are prepared to arrange drive wiping so they won't be physically destroyed, and remind people occasionally that you're looking, I think your chances are pretty good. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
Thanks for the encouragement Tony. Like I said, I know of several z9s that have been scrapped, that would've been perfect (they were ECs). You'd think in a huge city like Houston, with all the industry, oil companies, etc, it would be easy to find such things, but I've not had any luck yet. Right now I'm hoping for a Multiprise 3000, and I hope to some day acquire a z9 EC (I actually think this may not be THAT ridiculous). On Thu, Jun 3, 2010 at 5:44 PM, Tony Harminc t...@harminc.net wrote: On 2 June 2010 18:52, Kevin Keith krfke...@gmail.com wrote: I know this idea might sound crazy, but I was wondering about the prospects of an IBM mainframe for personal use. I'm aware of the hurdles considering the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other problems. My question is where would one go about looking for one of these? I could obviously buy one from a reseller for thousands of dollars, but I can't really afford that. I feel like there are many of these machines being dumped and scrapped (especially since they are relatively recently no longer supported) is there any way to get one just ONE of these before its destroyed by a scrapper? It is a problem - some would call it market failure of a kind. There are resellers who have, or claim to have, just about any IBM hardware you'd like, and as you say, they ask a huge amount for it. I'm not sure I understand their business model, but I'm sure in many cases they don't actually have the hardware in question, and act more as brokers. On the other side, these machines are going to the scrapper all the time (I just saved one from that fate), where they have in effect negative value, i.e. you have to pay someone to take it away, and depending on where you are, pay various recycling charges because there may be lead-acid and/or NiCad batteries, and other non RoHS stuff inside. I think you've done exactly the right thing - ask on this list, and the several other mainframe related ones. Doubtless somewhere a reader of these lists knows that the boss is deciding that it's cleanup time for that dusty corner of the datacentre, and typically these things happen suddenly. If you are prepared to pay for quick packaging and shipping (evidently not as outrageous as I imagined), are prepared to arrange drive wiping so they won't be physically destroyed, and remind people occasionally that you're looking, I think your chances are pretty good. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Thanks, Kevin Kevin Keith OLPC Volunteer -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Tony Harminc Sent: Thursday, June 03, 2010 10:30 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Multiprise 3k for personal Use? On 3 June 2010 07:16, R.S. r.skoru...@bremultibank.com.pl wrote: BTW: MP3K is relatively small, but not less affordable than big 9672. Not less? For the home user it's not only a question of acquisition cost. The MP3000 is a great little box, because it is entirely self-contained (DASD, network, etc.) and because it runs on an ordinary household power circuit. It uses about as much electricity as a largish PC server, and of course puts out a matching and not huge amount of heat, so it's entirely reasonable for home use. On the other hand, having just helped put one into the back of an SUV (on its way to Mike Ross's corestore.org), I can tell you that it's not a light box, even with all the DASD, fans, side and end covers, and several other things removed! SNIPPAGE How well you make my point about needing a drop, plug, LOAD and IPL type of entry box. In my opinion this is the way to have an entry level [starter?] system. You want to replace my Intel type servers with a mainframe? I have 1 file server, 2 DB Servers, and a print server. I don't have a SAN. And I have 25 users. So, I need, per IBM today, a z/9 (or 10), raised flooring, special power circuits, and a RAID box. The entry to a mainframe is quite expensive. Today, my hardware costs are less than $10K, everything runs on 120VAC single phase, and I don't have to put in a Liebart or some such. So to convert to a mainframe it is not cost effective until I hit that magical 30 Server number. But by then, when you factor the software migration costs, it is still not cost effective to go to a z box. I really wish that IBM would re-think this area. Regards, Steve Thompson -- Opinions expressed by this poster may not reflect those of poster's employer -- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
On Thu, 2010-06-03 at 11:44 -0400, Tony Harminc wrote: Doubtless somewhere a reader of these lists knows that the boss is deciding that it's cleanup time for that dusty corner of the datacentre Well, you make me go and look. There across the parking lot, in an attic over a farm equipment shop and accessible by forklift, still sits a bus-and-tag 3088 CTC - plastic wrapped against the elements. Some people don't throw ANYTHING away. -- David Andrews A. Duda and Sons, Inc. david.andr...@duda.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
d...@lists.duda.com (David Andrews) writes: Well, you make me go and look. There across the parking lot, in an attic over a farm equipment shop and accessible by forklift, still sits a bus-and-tag 3088 CTC - plastic wrapped against the elements. one of the battles my wife lost when she served her stint responsible for loosely-coupled architecture in POK ... was added more features to 3088 (code-name trouter) than simply acting like multi-arm ctc. one of the reasons a little later she started pushing hyperchannel ... put was opposed by people that had pushed vanilla 3088 and were worried that if there was a lot of hyperchannel out there ... it would interfere with eventually being able to ship escon. she had done peer-coupled shared data architecture http://www.garlic.com/~lynn/subtopic.html#sharedata which saw little uptake (except for ims hot-standby) until sysplex. other battles that contributed to her not staying long in the position was SNA camp trying to force all loosely-coupled operations thru VTAM. prior to taking the position in POK ... she had been in the JES group working on merged JES2/JES3 (figuring out what were the missing things in one ... that the customers of the other couldn't live w/o) ... JES Ultimate System. -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
Well I hate to look like a solicitor, but, if there is anyone out there, particularly in the Houston area, with a multiprise (actually, any mainframe for that matter, I mean it depends, but if you have ANYTHING talk to me) that is just going to waste that'll be trashed anyway, it would be going to a good home. I have been asking for older equipment for the collection for several years, and I do not think anyone really takes offense. There have been some extremely generous people on this list - and I would once again like to give a public THANK YOU to them. Saving an old machine, a pile of docs, or some reels of tape can go a long way, and in just about every way is better than the stuff going to the scrapper. Someday IBM may have some sort of non-commercial license for their mainframe software - perhaps something like Syntegra/Control Data or HP/Digital has. Save the software first, then worry about the legal issues. Once the software is gone, it is GONE. -- Will -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
---snip- For the home user it's not only a question of acquisition cost. The MP3000 is a great little box, because it is entirely self-contained (DASD, network, etc.) and because it runs on an ordinary household power circuit. It uses about as much electricity as a largish PC server, and of course puts out a matching and not huge amount of heat, so it's entirely reasonable for home use. On the other hand, having just helped put one into the back of an SUV (on its way to Mike Ross's corestore.org), I can tell you that it's not a light box, even with all the DASD, fans, side and end covers, and several other things removed! SNIPPAGE How well you make my point about needing a drop, plug, LOAD and IPL type of entry box. In my opinion this is the way to have an entry level [starter?] system. You want to replace my Intel type servers with a mainframe? I have 1 file server, 2 DB Servers, and a print server. I don't have a SAN. And I have 25 users. So, I need, per IBM today, a z/9 (or 10), raised flooring, special power circuits, and a RAID box. The entry to a mainframe is quite expensive. Today, my hardware costs are less than $10K, everything runs on 120VAC single phase, and I don't have to put in a Liebart or some such. So to convert to a mainframe it is not cost effective until I hit that magical 30 Server number. But by then, when you factor the software migration costs, it is still not cost effective to go to a z box. I really wish that IBM would re-think this area. -unsnip-- IBM should DEFINITELY rethink this area, especially now that they're the only kid on the block. :-) Rick -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
---snip Doubtless somewhere a reader of these lists knows that the boss is deciding that it's cleanup time for that dusty corner of the datacentre Well, you make me go and look. There across the parking lot, in an attic over a farm equipment shop and accessible by forklift, still sits a bus-and-tag 3088 CTC - plastic wrapped against the elements. Some people don't throw ANYTHING away. -unsnip- I can match that with a matched pair of fully-configured bus/tag 2914 switches. :-) Anyone need a boat anchor that intermittently floats? Rick -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Multiprise 3k for personal Use?
Hi, I know this idea might sound crazy, but I was wondering about the prospects of an IBM mainframe for personal use. I'm aware of the hurdles considering the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other problems. My question is where would one go about looking for one of these? I could obviously buy one from a reseller for thousands of dollars, but I can't really afford that. I feel like there are many of these machines being dumped and scrapped (especially since they are relatively recently no longer supported) is there any way to get one just ONE of these before its destroyed by a scrapper? Thanks for your help -Kevin -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
Hi Kevin, Just a thought, but for government entities (fed, state, local, educational) and some large businesses, equipment is put up for surplus bid. That generally results in getting someone to take it away for something between a little bit of money going in either direction, or sometimes free. You could watch the postings on the sellers purchasing or surplus websites. You might have to contact the 'possibilities' and let them know of your interest. Some organizations send invitations to bid to folks on a list, some post on a website available to the public. You can use the web to find out what computer systems many public entities run. It is probably easiest to find out what a college or university has. The generally have meetings that are open to the public, and their minutes are typically posted on their website. Just do a site search and you can probably find the minutes of the meeting where the original machine purchase was approved. A peek at the page for computing services will tell you who to call so that you can ask if they still have the one you want. You could contact a company that deals in the equipment you want. Used dealers sell to the secondary market, they sell to third party maintenance providers, and to individuals. Be sure to communicate your requirements well, best to do it in writing. Check out the companies before sending money. I'm sure you know the drill. :-) Third party maintenance providers can be a good source. Often they will remove working and under maintenance equipment for a customer. The advantage of this is that you can often get the maintenance history, and they will often arrange transport and setup for you, if you want that. They can probably supply any missing parts, too. Some of the third party maintainers only do maintenance for companies, but some will do maint for individuals, if you want that. HTH, Linda Mooney - Original Message - From: Kevin Keith krfke...@gmail.com To: IBM-MAIN@bama.ua.edu Sent: Wednesday, June 2, 2010 3:52:02 PM GMT -08:00 US/Canada Pacific Subject: Multiprise 3k for personal Use? Hi, I know this idea might sound crazy, but I was wondering about the prospects of an IBM mainframe for personal use. I'm aware of the hurdles considering the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other problems. My question is where would one go about looking for one of these? I could obviously buy one from a reseller for thousands of dollars, but I can't really afford that. I feel like there are many of these machines being dumped and scrapped (especially since they are relatively recently no longer supported) is there any way to get one just ONE of these before its destroyed by a scrapper? Thanks for your help -Kevin -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
We've got one sitting in the corner of the office computer room, holding floor tiles in place. I suspect others (closer to you) will be in similar situations. I tried to get a couple of flavours of Linux running on it, but couldn't get the comms side of it sorted. Gave up in frustration. Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Multiprise 3k for personal Use?
Well I hate to look like a solicitor, but, if there is anyone out there, particularly in the Houston area, with a multiprise (actually, any mainframe for that matter, I mean it depends, but if you have ANYTHING talk to me) that is just going to waste that'll be trashed anyway, it would be going to a good home. Thanks, -Kevin On Wed, Jun 2, 2010 at 6:52 PM, Shane Ginnane ibm-m...@tpg.com.au wrote: We've got one sitting in the corner of the office computer room, holding floor tiles in place. I suspect others (closer to you) will be in similar situations. I tried to get a couple of flavours of Linux running on it, but couldn't get the comms side of it sorted. Gave up in frustration. Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Thanks, Kevin Kevin Keith OLPC Volunteer -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html