Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Anne Lynn Wheeler]

shmuel+ibm-m...@patriot.net (Shmuel Metz  , Seymour J.) writes:
 Fishing with dynamite, are we? OS/360 had so many holes[1] that most
 people lost count. Take ISAM - please.

 MVS may have holes, but it's harder to find them and IBM is willing to
 fix them. It's my fault that the operator can no longer blow you away
 with a simple START command.

for future system effort ... the corporation wanted to move to softcopy
document ... avoid some of problems where hard copy FS specification
might be copied and leaked outside the company (there was a situation
involving unannounced 370 virtual memory features that had leaked out in
this manner ... prompting a number of things, including retrofitting all
corporation copies with unique serial numbers attached under the glass
... which would appear on all pages copied). there were some
enhancements added to vm370/cms that was supposedly the base for FS
softcopy documentation (like disabling lots of mechanisms for copying
and/or printing what was being displayed on 3270 screen).

they would needle me that the fixes were such that if I was left alone
in the datacenter with the machine ... that even I couldn't access the
FS documentation (part of this may have been in response to various
unflattering comments that I had been making about the FS effort).

one friday afternoon when I was visiting to setup for some offshift
dedicated time ... they got somewhat irritating about the subject ...
which prompted me to reply it would take less than five minutes and
involve changing one byte.

I first had to disable all access to the machine from other than the
operators console. I then used the hardware console to patch a branch
instruction in the kernel password checking routine ... so that
everything entered was treated as valid password. I pointed out that
countermeasure would require something like service console passwords
for access to hardware functions (like display/alter storage).

misc. past posts mentioning Future System effort
http://www.garlic.com/~lynn/submain.html#futuresys

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Anne Lynn Wheeler]

re:
http://www.garlic.com/~lynn/2010j.html#32 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?

it was also about the time that the corporation hired a new CSO, long
distinquished career in gov. ... things like having been head of
presidential detail; knew a lot about physical security. I got asked to
run around with him some; supposedly the corporate computer/information
security expert (a few details about physical security would rub off).

other posts in this thread:
http://www.garlic.com/~lynn/2010j.html#14 Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#17 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#18 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#19 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#20 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#22 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Shmuel Metz (Seymour J.)]

In 4c0f05b8.2030...@ync.net, on 06/08/2010
   at 10:08 PM, Rick Fochtman rfocht...@ync.net said:

OS/360 had a FREEDBUF macro that could SYNCH to a user-supplied exit
in  Supv. state Key-0. IIRC, it was part of BDAM.

Fishing with dynamite, are we? OS/360 had so many holes[1] that most
people lost count. Take ISAM - please.

MVS may have holes, but it's harder to find them and IBM is willing to
fix them. It's my fault that the operator can no longer blow you away
with a simple START command.

[1] One of which I exploited in a storage zap program.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Shmuel Metz (Seymour J.)]

In 643814fdcaa74b54b6f94196472ef...@pinnacledesk1, on 06/08/2010
   at 05:36 PM, Pinnacle pinnc...@rochester.rr.com said:

It would be nice if someone actually documented a hole, instead of
all the  urban legends we hear.

I document security holes in IBM software when I report them to IBM. I
don't document them to anybody else until the exposure has been fixed.
I hope that others will do the same.

Please don't publicly disclose the details of a security hole while
the vendor is still developing a fix. Note that I'm *NOT* talking
about cases where the vendor can't be bothered to deal with security
issues, but I haven't had that problem with IBM in decades.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Ed Gould]

From: Andy Wood woo...@ozemail.com.au
To: IBM-MAIN@bama.ua.edu
Sent: Tue, June 8, 2010 6:20:57 PM
Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

On Tue, 8 Jun 2010 17:36:03 -0400, Pinnacle 
pinnc...@rochester.rr.com wrote:

. . .

Barry,

It would be nice if someone actually documented a hole, instead of all the
urban legends we hear.  Outside the magic SVC, or a trusted person planting
malware in an APF library, I don't know of any holes.  Please share.



Andy:

Unfortunately the person who found quite a few holes moved on and would not 
reveal what he found and how he found them.
I just know that he managed to find a lot of them. Now what is a lot,  He 
admitted finding 5 but again would not give anyone hints at what they were. I 
can attest (by looking at dumps and the logrec entries and even some stand 
alone dumps that he found some as when ever he logged on the system we started 
seeing a lot more dumps with some really strange reason codes(and no reported 
issues from other IBM users). I can also say that he regularly was able to 
alter memory in any address space in the system. I could not prove but dumps 
and some other evidence told me he was doing things that MVS should have 
stopped but he was able to get into any state/key whatever he wanted. Once he 
got his code working it was hard to prove he had done something he was not 
supposed to.  And just to reiterate that he did *NOT* have a special SVC or 
secret mod that allowed him to do so. we had pretty tight control over the OS 
and a few times we created a truly fresh system from
 IBM and it did not make a bit of difference. 

Bypassing RACF was his early on attempt and it took him maybe about 3 days to 
get around RACF. We attempted to stop him but the politics of the time would 
let it happen. (This was almost at the board level - maybe one step below).
It was frustrating trying to fix issues as it was (most of the time) difficult 
to figure out if it was an IBM issue or him playing around. When IBM got a dump 
he would look at it and if it looked strange and did not make any sense he 
would mark it as user and would toss it away. I know (because I was a party 
to some of the discussions between IBM and my upper management that they were 
as frustrated as he was as the politics involved were really rough. BTW the IBM 
person was excellent and he was not the type to not label something that was 
not an IBM issue as a user issue. He was exceedingly honest and after looking 
at the dumps before he got a hold of them several of us who previewed the dumps 
before we handed them over to IBM, some of them were just weird and could not 
be explained except someone was mucking around where they were not suppose to 
be.

Ed




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
  

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[R.S.]

Rick Fochtman pisze:

-snip--
It would be nice if someone actually documented a hole, instead of all 
the urban legends we hear.  Outside the magic SVC, or a trusted person 
planting malware in an APF library, I don't know of any holes.  Please 
share.

-unsnip
Documenting a hole could be a seriously bad idea, since it might give 
a potential troublemaker exactly the opening he's looking for.


Documenting a hole is very good idea. If you don't do it, hackers will 
do it. What's better - to have a hole and don't know about it or to have 
hole and be aware of that?

I choose he second option, definitely.
Last but not least: documented hole can be went around, avoided. Of 
course, usually documenting hole is first step to fix it.


Example: BPX.DAEMON resource in FACILITY class. It can be understood as 
a fix for the hole existing in original Unix standard. It is quite well 
documented - that's why I know what is the purpose of the profile and 
what is the risk if I don't have the profile. It can reside on what you 
have to protect security checklist.


Regards
--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 025237

NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci 
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec 
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym 
BRE Banku SA bd w caoci opacone.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Binyamin Dissen]

On Tue, 8 Jun 2010 20:14:29 -0400 Pinnacle pinnc...@rochester.rr.com wrote:

:same thing.  Authorized code can hack MVS, unauthorized code can't. 

The security exposures exist when the authorized code trusts an address
passed by unauthorized code.

Authorized code cannot trust anything provided by unauthorized code. That
means going into the callers key when fetching or modifying storage based on
an address provided and should the caller pass the address of a protected
control block, such as a TCB address, verifying that the address is in fact of
a TCB and it is where such service is allowed. Should an exit be allowed, such
as a DCB OPEN exit, SYNCH back to problem state and key must be used. And,
obviously, no workareas of the authorized routine are allowed to be in a key
that allows the unauthorized routine ability to update (and, perhaps, even
fetch). 

--
Binyamin Dissen bdis...@dissensoftware.com
http://www.dissensoftware.com

Director, Dissen Software, Bar  Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Edward Jaffe]

Pinnacle wrote:

Tony,

Thank you for at least posting two concrete examples of past holes.  
There was a recent article in zJournal about hacking z/OS, but it was 
disappointing, limited to what we've discussed here.  The article 
quoted a number of noted gurus (some on this thread), and they all 
basically said the same thing.  Authorized code can hack MVS, 
unauthorized code can't.  Also, like your examples above, none of the 
examples of hacking quoted in the article were less than 20 years old.


I wonder if anyone was able to exploit SMP/E to run arbitrary code in a 
privileged state?


--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
edja...@phoenixsoftware.com
http://www.phoenixsoftware.com/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Paul Gilmartin]

On Wed, 9 Jun 2010 06:01:51 -0700, Edward Jaffe wrote:

I wonder if anyone was able to exploit SMP/E to run arbitrary code in a
privileged state?

You're cruel.

Integrity exposures, like pregnancy, are pretty much devoid of
degree.  If a program gets in KEY 0, it can modify system control
blocks.  If it gets in Supervisor state, it can LPSW to KEY 0.
If it has AC=1, it can MODESET.  If it can update APF libraries,
it can ...

And IBM considers the SMP/E problem fixed merely because they told
customers, Don't do that!  Even though they haven't told us
what to not do.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Clark Morris]

On 9 Jun 2010 06:38:50 -0700, in bit.listserv.ibm-main you wrote:

On Wed, 9 Jun 2010 06:01:51 -0700, Edward Jaffe wrote:

I wonder if anyone was able to exploit SMP/E to run arbitrary code in a
privileged state?

You're cruel.

Integrity exposures, like pregnancy, are pretty much devoid of
degree.  If a program gets in KEY 0, it can modify system control
blocks.  If it gets in Supervisor state, it can LPSW to KEY 0.
If it has AC=1, it can MODESET.  If it can update APF libraries,
it can ...

And IBM considers the SMP/E problem fixed merely because they told
customers, Don't do that!  Even though they haven't told us
what to not do.

-- gil

It gets even better.  If the goal is to invade a system for profit,
knowing the vulnerabilities in Websphere may be sufficient.  It isn't
RACF directly that is preventing me from getting into someone else's
account when I log in to my bank which I believe is on z/OS.  The
advantages of having your own machine to try out hacking is that you
don't alert someone else as to what you are doing.  Figuring out the
vulnerability in SMP/E in and of itself may not be that useful if you
confine yourself to SMP/E because getting that far requires a valid
logon to TSO.  Figuring out where else similar vulnerabilities might
exist from understanding that vulnerability could be profitable.  If
REXX or JAVA can be executed through a web entry (Websphere, another
web server, etc.) then all sorts of interesting things might happen.
In short, the advantage of having your own system to explore
vulnerabilities is that you don't get anyone's security people aroused
when you probe.

Clark Morris

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Anne Lynn Wheeler]

The following message is a courtesy copy of an article
that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.


cfmpub...@ns.sympatico.ca (Clark Morris) writes:
 In one sense, we need to be careful about what we ask for.  Do we want
 z/OS to be easily available to those who want to find vulnerabilities
 and crack the system?  For security purposes are we better off with
 some kind of regulated hobbyist access to z/OS running under z/VM at
 data centers?  

re:
http://www.garlic.com/~lynn/2010j.html#14 Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#17 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#18 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#19 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?

aka, during the OCO-wars ... in the transition from freely available
source to object-code-only ... I don't remember being able to hide
threats and vulnerabilities being an argument ... it was about
protecting corporate property (i.e. source) in a competitive environment
with clone processors.

starting to charge for application software (23jun69 unbundling
announcement) was about various litigation ... but case had been made
that kernel/system software would still be free. later decision to start
charging for kernel software was in period when clone processors had
gained market foothold (during FS distraction, and my resource manager
was initial guinea pig for kernel software charging);
http://www.garlic.com/~lynn/submain.html#unbundle

OCO could be construed as further market inhibitors (in addition to
software no longer free).

sometimes (in OCO-wars) there were issues raised about protecting
customers from themselves ... that freely available source encourages
customer programmers to make modifications ... which would cause
problems/delays in moving to newer releases (things like newer source
was incompatible with older source). customer source modifications could
also result in delays in replacing existing machines with newer machines
(that might have various kinds of differences).

there was case where ATT had gotten a highly modified versions of early
csc/vm system (w/o multiprocessor support) ... old csc/vm email
reference (long before OCO-wars, still when vm370 shipped with full
source maintenance):
http://www.garlic.com/~lynn/2006v.html#email731212
http://www.garlic.com/~lynn/2006w.html#email750430

ATT then made a large number of their own source modifications (things
like virtual device support that ran over network connections ... aka
being able to run application at one ATT facility ... thinking it was
doing i/o to local tape drive ... but tape drive was actually connected
to system at another ATT facility) ... which was widely
distributed/used within ATT.

Nearly a decade later, the national account manager for ATT tracked me
down looking for help in moving ATT off that csc/vm system to a more
current vm370. This was related to 3081 ... which was only going to be
available in multiprocessor configuration ... and there was not going to
be a non-multiprocessor (although this was later modified to ship 3083
... in large part because ACP/TPF didn't have multiprocessor
support). Since that particular csc/vm system (w/o multiprocessor
support) was so entrenched in ATT ... they were going to be forced to
going to clone processor vendor that was selling newer uniprocessor
machines (early csc/vm systems didn't have multiprocessor support until
after the version that had escaped to ATT; except for version that
escaped to ATT ... my csc/vm systems were limited to large number of
internal installations ... which I could keep current).

misc. recent posts mentioning 3083
http://www.garlic.com/~lynn/2010.html#1 DEC-10 SOS Editor Intra-Line Editing
http://www.garlic.com/~lynn/2010.html#21 Happy DEC-10 Day
http://www.garlic.com/~lynn/2010d.html#14 Happy DEC-10 Day
http://www.garlic.com/~lynn/2010d.html#79 LPARs: More or Less?
http://www.garlic.com/~lynn/2010e.html#23 Item on TPF
http://www.garlic.com/~lynn/2010i.html#24 Program Work Method Question
http://www.garlic.com/~lynn/2010i.html#78 IBM to announce new MF's this year

other reference to 3081 ( future system)
http://www.jfsowa.com/computer/memo125.htm

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Anne Lynn Wheeler]

The following message is a courtesy copy of an article
that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.


Anne  Lynn Wheeler l...@garlic.com writes:
 there was case where ATT had gotten a highly modified versions of early
 csc/vm system (w/o multiprocessor support) ... old csc/vm email
 reference (long before OCO-wars, still when vm370 shipped with full
 source maintenance):
 http://www.garlic.com/~lynn/2006v.html#email731212
 http://www.garlic.com/~lynn/2006w.html#email750430

re:
http://www.garlic.com/~lynn/2010j.html#20 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?

also csc/vm email
http://www.garlic.com/~lynn/2006w.html#email750102

jan75, a couple engineers from POK came up to science center to talk
about doing a 5-way SMP skunkworks effort.

in the morph from cp67 to vm370 ... there was a lot of simplification
and dropping of code ... which accounted for large part of the effort to
move the cp67 csc/vm system to a vm370 base. I did get a bunch of
fastpath stuff put back in (that I had originally done as undergraduate
on cp67 in 1968) which shipped in vm370 release 1plc9 (aka vm370 had
monthly source maintenance mini-releases that were called plc or program
level change).

in any case, spring of '75, they roped me into helping with 5-way SMP
skunkworks effort called VAMPS ... which was eventually killed w/o even
being announced ... some past posts
http://www.garlic.com/~lynn/submain.html#bounce

I got to do a lot of microcode/machine design ... queued i/o and queued
i/o termination (something similar showed up later in 811 ... internal
codename for 370xa for the nov78 date on the registered confidential
documents). I also got to do multiprocessor dispatching interface
... somewhat similar to what showed up later in intel432 (but in
microcode rather than silicon ... the i432 group gave a talk about one
of the things that help kill i432 was putting really complex stuff into
silicon ... and then difficulty in shipping fixes/patches).

after VAMPS was killed ... one or two of the people from VAMPS helped
form another smp skunkworks effort for 16-way smp. this got killed and
some people invited to never appear in POK again, when the head of POK
was told that it might be decades before the POK favorite son operating
system had (effective) 16-way support.

misc. past posts mentioning SMP (/or compareswap instruction):
http://www.garlic.com/~lynn/subtopic.html#smp

misc. recent posts mentioning charlie inventing compareswap instruction
(compare-and-swap was chosen because CAS are charlie's initials):
http://www.garlic.com/~lynn/2010b.html#67 How long for IBM System/360 
architecture and its descendants?
http://www.garlic.com/~lynn/2010c.html#47 Extracting STDOUT data from USS
http://www.garlic.com/~lynn/2010d.html#20 search engine history, was Happy 
DEC-10 Day
http://www.garlic.com/~lynn/2010e.html#15 search engine history, was Happy 
DEC-10 Day
http://www.garlic.com/~lynn/2010g.html#80 What is the protocal for GMT offset 
in SMTP (e-mail) header time-stamp?
http://www.garlic.com/~lynn/2010h.html#86 Itanium had appeal
http://www.garlic.com/~lynn/2010i.html#31 IBM Unix prehistory, someone smarter 
than Dave Cutler

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Clark Morris]

On 7 Jun 2010 16:31:17 -0700, in bit.listserv.ibm-main you wrote:

-snip

Well I hate to look like a solicitor, but, if there is anyone out there,
particularly in the Houston area, with a multiprise (actually, any mainframe
for that matter, I mean it depends, but if you have ANYTHING talk to me)
that is just going to waste that'll be trashed anyway, it would be going to
a good home.
  

I have been asking for older equipment for the collection for several
years, and I do not think anyone really takes offense. There have been
some extremely generous people on this list - and I would once again
like to give a public THANK YOU to them. Saving an old machine, a pile
of docs, or some reels of tape can go a long way, and in just about
every way is better than the stuff going to the scrapper.

Someday IBM may have some sort of non-commercial license for their
mainframe software - perhaps something like Syntegra/Control Data or
HP/Digital has. Save the software first, then worry about the legal
issues. Once the software is gone, it is GONE.



In one sense, we need to be careful about what we ask for.  Do we want
z/OS to be easily available to those who want to find vulnerabilities
and crack the system?  For security purposes are we better off with
some kind of regulated hobbyist access to z/OS running under z/VM at
data centers?  
  

unsnip--
Clark, I think your concerns are valid, but unwarranted.

Even with a disasembler, the complexity of the instruction set and the 
complexity of z/OS code and interfaces would require a VERY sharp 
Assembler programmer to be able to do serious hacks into z/OS. It's 
taken 46 years to develop the current level and, like they say, Rome 
wasn't built in a day. Given the constant evolution of both hardware 
and software, I'm not sure any of US could keep up with it effectively 
enough to crack into it consistantly, and we're all experienced 
professionals, some more so than others. And even a Disassembler won't 
decode things like SVC parameter lists, PC parms, etc. or even what a 
particular PC is intended to accomplish.

If I were looking for vulnerabilities, I wouldn't even go for the
source.  I would just set up the system as a server and see what I
could get away with.  The vulnerability can be in CICS, Websphere or
any other portal open to the outside world.  My second line of attack
would be the CBT and JES mods to see if any of them have
vulnerabilities I could exploit.  Having my own system would enable me
to see what flags are raised by various attempts.  I don't think
enough like an intruder to make it worth while either as a white hat
consultant or a black hat thief but intimate code knowledge may not be
the only way to break the system.  The ability to test exploits based
on APARs might be interesting.

A regulated hobbyist with access to z/OS running under z/VM could crack 
into that system just as easily as a home user. Then what? Also, by 
putting it under z/VM, you could be giving him access to two systems to 
crack: z/OS AND z/VM.

Here I would assume a hardened and monitored VM NOT controlled by the
z/OS hobbyist user.  There also might be some vetting of the person
before access is allowed.

We are now all holding, or have held, positions of grave responsibility 
in our various organizations, be they private industry or government; 
along with that comes trust and our ability to prove that the trust is 
not misplaced. The ultimate bottom line: sooner or later the honesty of 
the user, or system programmer, has to be proven and that's probably the 
hardest part of dealing with this whole set of interrelated issues.

Rick

Clark

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Howard Brazee]

On Tue,  8 Jun 2010 22:12:29 +0200 (CEST), starwars
nonscrivet...@tatooine.homelinux.net wrote:

Holes in 3rd party products do not equal holes in z/OS. Get the vendor to
fix his mess.

I don't know if this is necessarily true.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Ray Overby]

-From an installations point of view all code that runs in system 
key (0-7), supervisor state, or has the ability to do so:


 -Should be considered part of the operating system (system 
extensions if you like).
 -Has the ability to circumvent the installation implemented 
security (independent of the ESM).

 -Should be corrected if an integrity exposure exists in the code.

The Vendor does not matter. A single integrity exposure from a single 
vendor compromises your entire z/OS system regardless of whether you 
think z/OS is secure or not. It also does not matter if you think the 
ISV authorized code is part of z/OS or not. The reality is authorized 
ISV code has the ability to modify the environment just like real 
authorized z/OS code from IBM.


 As it turns out z/OS does have integrity exposures. Given that IBM is 
the largest producers of authorized code for z/OS this should not be a 
surprise.  IBM has a statement of integrity. This is the basis for z/OS 
to be a secure operating system. Any code you install on top of z/OS 
should also have an integrity statement. However, the IBM statement of 
integrity does not say that z/OS does not have any integrity exposures, 
just that IBM will fix them when found. There are examples of integrity 
exposures in IBM z/OS (the SMPE one for instance). It is also true that 
ISV's also have integrity exposures. Probably in a larger proportion 
than IBM does if you look at it statistically (number of modules to 
number of integrity exposures). The bottom line is all integrity 
exposures regardless of source (vendor) need to be fixed if you are to 
have a secure z/OS.



On 6/8/2010 15:44 PM, Howard Brazee wrote:

On Tue,  8 Jun 2010 22:12:29 +0200 (CEST), starwars
nonscrivet...@tatooine.homelinux.net  wrote:

   

Holes in 3rd party products do not equal holes in z/OS. Get the vendor to
fix his mess.
 

I don't know if this is necessarily true.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

   


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Pinnacle]

- Original Message - 
From: barryschra...@cs.com

Newsgroups: bit.listserv.ibm-main
Sent: Tuesday, June 08, 2010 5:28 PM
Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal 
Use?





On  8-Jun-2010, Howard Brazee howard.bra...@cusys.edu wrote:

Holes in 3rd party products do not equal holes in z/OS. Get the vendor 
to

fix his mess.

I don't know if this is necessarily true.


You're right, it's not true.  Holes in 3rd party products are holes in the
z/OS system.  After a system is penetrated, are you going to say, gee, it
wasn't an IBM error that got us, it was xyz company error.  Big deal. Your
system and, therefore your company, was taken.

And, right now, 3rd party vendors are either not aware of the issues or 
not
taking them seriously.  There are holes in the 3rd party products and 
there

are even some holes in z/OS that IBM is working on fixing.  Now, the
difference is that IBM, when it is pointed out to them, says, we will fix 
it
as we honor the Statement of Integrity.  3rd party vendors sometimes have 
to

be pushed and prodded and threatened.

So, what are the holes on your system -- don't you want to know so you can
start taking action to close them?  Or would you rather be dumb and happy
until disaster strikes.  Then you can just say, gee, I didn't think there
were any serious hole ...


Barry,

It would be nice if someone actually documented a hole, instead of all the 
urban legends we hear.  Outside the magic SVC, or a trusted person planting 
malware in an APF library, I don't know of any holes.  Please share.


Regards,
Tom Conley 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Tony Harminc]

On 8 June 2010 17:36, Pinnacle pinnc...@rochester.rr.com wrote:

 It would be nice if someone actually documented a hole, instead of all the
 urban legends we hear.  Outside the magic SVC, or a trusted person planting
 malware in an APF library, I don't know of any holes.  Please share.

Well no one is going to step up and document a current hole that they
may know about. Two holes I happen to know of that were fixed so long
ago that it can't possibly matter now, are the whole GAM
implementation, which happily accepted a user-supplied address and
branched to it in supervisor state, and the ability of any user to run
a line trace on a 37x5 without the possibility of control by the
installation. These were fixed in the 1970s and 1980s respectively.

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Andy Wood]

On Tue, 8 Jun 2010 17:36:03 -0400, Pinnacle 
pinnc...@rochester.rr.com wrote:

. . .

Barry,

It would be nice if someone actually documented a hole, instead of all the
urban legends we hear.  Outside the magic SVC, or a trusted person planting
malware in an APF library, I don't know of any holes.  Please share.


I'm with Barry on this one.

For about twenty years my day job (or at least part of it) was to seek out 
such exposures. I found dozens of problems in products from just about any 
vendor you care to name, and yes, that includes IBM. What do I mean 
by 'problem'? Well, in just about every case I was able to write a small 
demonstration program which could get control in supervisor state.

Some of the vendors were extremely apathetic when it came to fixing such 
problems. Often it took them two, three, or more attempts to get it right. A 
certain well known vendor took five years to fix an issue.

A problem in another very popular product was uncorrected three vendors 
(think takeovers) and eleven years later. I moved on so I don't know if it ever 
got fixed - I suspect not.

Things have improved, but only very slowly. I first became aware of the user 
key CSA issue about thirty years ago (!). User key CSA problems have only 
really gone away in the last few years when IBM took the trouble to show 
their disapproval.

As for magic SVCs, they obviously still exist, as a recent thread here proved. 
More of a worry is the SVC which the author thinks is 100% safe, when it is 
anything but. I'll bet that the old SPFCOPY SVC, or something derived from it, 
is still out there on many systems. Those SVCs usually have as many holes as 
a piece of fine emmentaler.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Pinnacle]

- Original Message - 
From: Tony Harminc t...@harminc.net

Newsgroups: bit.listserv.ibm-main
Sent: Tuesday, June 08, 2010 5:56 PM
Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal 
Use?




On 8 June 2010 17:36, Pinnacle pinnc...@rochester.rr.com wrote:

It would be nice if someone actually documented a hole, instead of all 
the
urban legends we hear. Outside the magic SVC, or a trusted person 
planting

malware in an APF library, I don't know of any holes. Please share.


Well no one is going to step up and document a current hole that they
may know about. Two holes I happen to know of that were fixed so long
ago that it can't possibly matter now, are the whole GAM
implementation, which happily accepted a user-supplied address and
branched to it in supervisor state, and the ability of any user to run
a line trace on a 37x5 without the possibility of control by the
installation. These were fixed in the 1970s and 1980s respectively.



Tony,

Thank you for at least posting two concrete examples of past holes.  There 
was a recent article in zJournal about hacking z/OS, but it was 
disappointing, limited to what we've discussed here.  The article quoted a 
number of noted gurus (some on this thread), and they all basically said the 
same thing.  Authorized code can hack MVS, unauthorized code can't.  Also, 
like your examples above, none of the examples of hacking quoted in the 
article were less than 20 years old.


Regards,
Tom Conley 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Rick Fochtman]

-snip--
It would be nice if someone actually documented a hole, instead of all 
the urban legends we hear.  Outside the magic SVC, or a trusted person 
planting malware in an APF library, I don't know of any holes.  Please 
share.

-unsnip
Documenting a hole could be a seriously bad idea, since it might give 
a potential troublemaker exactly the opening he's looking for.


In early versions of the IDMS SVC, there was an undocumented parm that 
would place the caller in Supervisor state, Key-0. When we pointed this 
out to CA, it was fixed in 48 hours.


Satisfied?  :-)

Rick

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Rick Fochtman]

--snip--
Well no one is going to step up and document a current hole that they 
may know about. Two holes I happen to know of that were fixed so long 
ago that it can't possibly matter now, are the whole GAM implementation, 
which happily accepted a user-supplied address and branched to it in 
supervisor state, and the ability of any user to run a line trace on a 
37x5 without the possibility of control by the installation. These were 
fixed in the 1970s and 1980s respectively.

unsnip---
I those, since we didn't use any of that type of equipment.

OS/360 had a FREEDBUF macro that could SYNCH to a user-supplied exit in 
Supv. state Key-0. IIRC, it was part of BDAM.


Rick

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[R.S.]

Clark Morris pisze:
[...]

In one sense, we need to be careful about what we ask for.  Do we want
z/OS to be easily available to those who want to find vulnerabilities
and crack the system?  For security purposes are we better off with
some kind of regulated hobbyist access to z/OS running under z/VM at
data centers?  


I wholly and completely DISAGREE. Security by obscurity is no security.
You THINK there are no people looking for the holes now. Wrong.

BTW: Let's hide documentation! Undocumented system is harder to learn or 
analyze, so it would even harder to find any hole.



--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 025237

NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci 
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec 
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym 
BRE Banku SA bd w caoci opacone.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Anne Lynn Wheeler]

cfmpub...@ns.sympatico.ca (Clark Morris) writes:
 In one sense, we need to be careful about what we ask for.  Do we want
 z/OS to be easily available to those who want to find vulnerabilities
 and crack the system?  For security purposes are we better off with
 some kind of regulated hobbyist access to z/OS running under z/VM at
 data centers?  

re:
http://www.garlic.com/~lynn/2010j.html#17 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?

the question of security thru obscurity comes up periodically in
relation to provable cryptography ... usely related to terms like
snake-oil.

open infrastructures tend to have faults identified and corrected much
earlier ... there can be a painful period if attempting to transition
from obscurity to open ... since all sorts of hidden infections could be
found festering ... taking some period to clean out.

we were tangentially involved in the cal. state data breach notification
legislation. we had been brought in to help wordsmith the digital
signature legislation and some of the parties were also heavily involved
in privacy issues. they had done, detail consumer surveys on privacy.
the number one issue was identity theft, a major component being account
fraud ... where skimmed/breached information was being used for
fraudulent financial transactions. there appeared to be little or
nothing being done about breaches ... and so it seemed that they felt
the resulting publicity from data breach notifications would provide
motivation to taking corrective action and countermeasures.

at the time, they were also working on opt-in privacy sharing
legislation, but then GLBA (possibly better known for repeal of
glass-steagall) came out with opt-out privacy sharing ...  sort of
federal pre-emption of the cal. work in progress (the difference between
opt-in/opt-out privacy sharing has been in the news recently).

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Anne Lynn Wheeler]

The following message is a courtesy copy of an article
that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.


re:
http://www.garlic.com/~lynn/2010j.html#17 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?
http://www.garlic.com/~lynn/2010j.html#18 Personal use z/OS machines was Re: 
Multiprise 3k for personal Use?

and for some related topic drift (in a.f.c):
http://www.garlic.com/~lynn/2010j.html#15 Idiotic programming style edicts

late 90s, there was folklore that ceo of large financial institution
let their CSO go with comment that fraud was much more cost
effectively handled out of the public relations department (than the
security department).

some of this could be considered short-term horizon associated with
quarterly financial filings of public companies (minimize
infrastructure investment and maintenance ... moving the funds into
the profit column and used for executive bonuses ... planing on being
long gone by the time the infrastructures begin collapsing).

maintaining the facade also showed up (at least) in financial sector
infrastructure protection meetings
http://en.wikipedia.org/wiki/Critical_infrastructure_protection
http://en.wikipedia.org/wiki/National_Information_Infrastructure_Protection_Act

at the time a lot of the infrastructure protection meetings were with
regard to y2k remediation ... however, there were also issue of
information sharing (ISAC) databases ... capturing exploits, threats
and vulnerabilities. the initial push-back was fear that ISACs would
be subject to FOIA ... when the FOIA issues were addressed ... there
was still pushback that information about exploits, threats and
vulnerabilities (at least in much of the financial industry) was
viewed as competitive advantage (who had them, who didn't, who knew
about them, and what were the countermeasures; even when the
information was not available publicly ... limited to industry
insiders and appropriate law enforcement agencies).
http://www.fsisac.com/
http://www.isaccouncil.org/

the breadbutter of the financial sector ... possibly much more than
the other sectors, has been *trust* ... with lots of concern about
publicity damaging their reputation. unfortunately this can result in
coming to believe that managing information about exploits can
replace/substitute actually doing something about exploits.

misc. past posts mentioning ISAC/FOIA
http://www.garlic.com/~lynn/2007i.html#17 John W. Backus, 82, Fortran 
developer, dies
http://www.garlic.com/~lynn/2007u.html#0 folklore indeed
http://www.garlic.com/~lynn/2008g.html#11 Hannaford case exposes holes in law, 
some say
http://www.garlic.com/~lynn/2008m.html#82 Data sharing among Industry players 
about frauds
http://www.garlic.com/~lynn/2009f.html#48 Bankers as Partners In Crime Stopping
http://www.garlic.com/~lynn/2009n.html#11 Banks should share cyber crime 
information IT PRO
http://www.garlic.com/~lynn/2009p.html#27 FBI: National data-breach law would 
help fight cybercrime
http://www.garlic.com/~lynn/2009p.html#45 ATM machines are increasingly 
attractive to hackers

scenario regarding OCO-wars (aka Object-Code-Only wars) ... sort of goes
starting to charge for (23jun69 unbundling) application software in
response to various litigation ... but making case that system/kernel
software was still free; Future System project started (a least
partially motivated by clone controllers); Future System distraction is
credited with allowing clone processors to gain market foothold;
starting to charge for system/kernel software (at least partially
motivated by clone processors gaining market foothold) ... then followed
by OCO.

misc. past posts mentioning unbundling ... first 23jun69 announcement
for application software ... then later change starting to charge for
system/kernel software (my resource manager was selected as guinea pig
for starting to charge for system/kernel software)
http://www.garlic.com/~lynn/submain.html#unbundle

misc. past posts mentioning Future System
http://www.garlic.com/~lynn/submain.html#futuresys

misc. past posts mentioning clone controller
http://www.garlic.com/~lynn/subtopic.html#360pcm

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Rick Fochtman]

-snip


Well I hate to look like a solicitor, but, if there is anyone out there,
particularly in the Houston area, with a multiprise (actually, any mainframe
for that matter, I mean it depends, but if you have ANYTHING talk to me)
that is just going to waste that'll be trashed anyway, it would be going to
a good home.
 


I have been asking for older equipment for the collection for several
years, and I do not think anyone really takes offense. There have been
some extremely generous people on this list - and I would once again
like to give a public THANK YOU to them. Saving an old machine, a pile
of docs, or some reels of tape can go a long way, and in just about
every way is better than the stuff going to the scrapper.

Someday IBM may have some sort of non-commercial license for their
mainframe software - perhaps something like Syntegra/Control Data or
HP/Digital has. Save the software first, then worry about the legal
issues. Once the software is gone, it is GONE.
   



In one sense, we need to be careful about what we ask for.  Do we want
z/OS to be easily available to those who want to find vulnerabilities
and crack the system?  For security purposes are we better off with
some kind of regulated hobbyist access to z/OS running under z/VM at
data centers?  
 


unsnip--
Clark, I think your concerns are valid, but unwarranted.

Even with a disasembler, the complexity of the instruction set and the 
complexity of z/OS code and interfaces would require a VERY sharp 
Assembler programmer to be able to do serious hacks into z/OS. It's 
taken 46 years to develop the current level and, like they say, Rome 
wasn't built in a day. Given the constant evolution of both hardware 
and software, I'm not sure any of US could keep up with it effectively 
enough to crack into it consistantly, and we're all experienced 
professionals, some more so than others. And even a Disassembler won't 
decode things like SVC parameter lists, PC parms, etc. or even what a 
particular PC is intended to accomplish.


A regulated hobbyist with access to z/OS running under z/VM could crack 
into that system just as easily as a home user. Then what? Also, by 
putting it under z/VM, you could be giving him access to two systems to 
crack: z/OS AND z/VM.


We are now all holding, or have held, positions of grave responsibility 
in our various organizations, be they private industry or government; 
along with that comes trust and our ability to prove that the trust is 
not misplaced. The ultimate bottom line: sooner or later the honesty of 
the user, or system programmer, has to be proven and that's probably the 
hardest part of dealing with this whole set of interrelated issues.


Rick

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Rick Fochtman]

-snip--
Security through Obscurity Isn't -- A semi-anonymous Security Maven, a 
few years back

--unsnip
Security through honest and trustworthy staffers IS --- ME  :-)

Rick

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Clark Morris]

On 3 Jun 2010 10:42:16 -0700, in bit.listserv.ibm-main you wrote:

 Well I hate to look like a solicitor, but, if there is anyone out there,
 particularly in the Houston area, with a multiprise (actually, any mainframe
 for that matter, I mean it depends, but if you have ANYTHING talk to me)
 that is just going to waste that'll be trashed anyway, it would be going to
 a good home.

I have been asking for older equipment for the collection for several
years, and I do not think anyone really takes offense. There have been
some extremely generous people on this list - and I would once again
like to give a public THANK YOU to them. Saving an old machine, a pile
of docs, or some reels of tape can go a long way, and in just about
every way is better than the stuff going to the scrapper.

Someday IBM may have some sort of non-commercial license for their
mainframe software - perhaps something like Syntegra/Control Data or
HP/Digital has. Save the software first, then worry about the legal
issues. Once the software is gone, it is GONE.

In one sense, we need to be careful about what we ask for.  Do we want
z/OS to be easily available to those who want to find vulnerabilities
and crack the system?  For security purposes are we better off with
some kind of regulated hobbyist access to z/OS running under z/VM at
data centers?  

Clark Morris

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[William Donzelli]

 In one sense, we need to be careful about what we ask for.  Do we want
 z/OS to be easily available to those who want to find vulnerabilities
 and crack the system?  For security purposes are we better off with
 some kind of regulated hobbyist access to z/OS running under z/VM at
 data centers?

I do not think this really is an issue. We have not had a rash of VMS
security holes, ever since DEC/HP started the hobbyist license. And it
is not like we will have a zillion eyes going over the systems, like
with Windows or *nix.

One solution to this is to not make the software easily available.
Make hobbyists jump through hoops if they must. Saving the software is
of prime importance, even if it means keeping it under fairly tight
control.

Also, IBM could keep hobbyists back a few releases.

So basically, don't junk those tapes or CDs for a while...

--
Will

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Paul Gilmartin]

On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote:

 In one sense, we need to be careful about what we ask for.  Do we want
 z/OS to be easily available to those who want to find vulnerabilities
 and crack the system?

This is admitting defeat; acknowledging that z/OS is so riddled
with defects, some irreparable, that the best we can hope for
is that no one finds out.

This brings to mind a thread that went through here a couple
months ago.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[William Donzelli]

 On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote:

 In one sense, we need to be careful about what we ask for.  Do we want
 z/OS to be easily available to those who want to find vulnerabilities
 and crack the system?

Quoted improperly!

--
Will

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Clark Morris]

On 6 Jun 2010 13:19:57 -0700, in bit.listserv.ibm-main you wrote:

On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote:

 In one sense, we need to be careful about what we ask for.  Do we want
 z/OS to be easily available to those who want to find vulnerabilities
 and crack the system?

This is admitting defeat; acknowledging that z/OS is so riddled
with defects, some irreparable, that the best we can hope for
is that no one finds out.

One of the sources of vulnerability of any operating system is have a
computer that can be dedicated to breaking that systems.  Some of the
mods that have been applied from various public domain sources may
have created vulnerabilities.  We know that in the past various third
party software has put holes into the system through magic SVCs and/or
other less than good practices.  The hole in SMP/E that is being
covered might be fun to play with on a dedicated system with no
oversight.  Of course criminal enterprises looking to make decent
money on finding holes for profit may already have a z machine
purchased or leased with the software through legitimate or less than
legitimate channels.

Clark Morris

This brings to mind a thread that went through here a couple
months ago.

-- gil


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Bob goolsby]

Security through Obscurity Isn't  -- A semi-anonymous Security
Maven, a few years back


B

On Sun, Jun 6, 2010 at 3:47 PM, Clark Morris cfmpub...@ns.sympatico.ca wrote:
 On 6 Jun 2010 13:19:57 -0700, in bit.listserv.ibm-main you wrote:

On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote:

 In one sense, we need to be careful about what we ask for.  Do we want
 z/OS to be easily available to those who want to find vulnerabilities
 and crack the system?

This is admitting defeat; acknowledging that z/OS is so riddled
with defects, some irreparable, that the best we can hope for
is that no one finds out.

 One of the sources of vulnerability of any operating system is have a
 computer that can be dedicated to breaking that systems.  Some of the
 mods that have been applied from various public domain sources may
 have created vulnerabilities.  We know that in the past various third
 party software has put holes into the system through magic SVCs and/or
 other less than good practices.  The hole in SMP/E that is being
 covered might be fun to play with on a dedicated system with no
 oversight.  Of course criminal enterprises looking to make decent
 money on finding holes for profit may already have a z machine
 purchased or leased with the software through legitimate or less than
 legitimate channels.

 Clark Morris

This brings to mind a thread that went through here a couple
months ago.

-- gil


 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html




-- 

Bob Goolsby
bob.gool...@gmail.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Ted MacNEIL]

I think those that are paranoid, are overly so.
Just because an OS is available for public use doesn't make it available for 
cracking.
Not that I expect z/OS to ever be available!
-
Too busy driving to stop for gas!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

[Anne Lynn Wheeler]

eamacn...@yahoo.ca (Ted MacNEIL) writes:
 I think those that are paranoid, are overly so.
 Just because an OS is available for public use doesn't make it available for 
 cracking.
 Not that I expect z/OS to ever be available!

there is folklore about various agencies requesting exact source that
corresponded to complete running system. supposedly after extremely
large amount of money (seven figures) spent investigating the issue, it
was eventually decided that it wasn't feasible/practical.

misc. past posts mentioning the subject:
http://www.garlic.com/~lynn/99.html#58 When did IBM go object only
http://www.garlic.com/~lynn/2002q.html#32 Collating on the S/360-2540 card 
reader?
http://www.garlic.com/~lynn/2002q.html#48 myths about Multics
http://www.garlic.com/~lynn/2002q.html#49 myths about Multics

by comparison cp67 and then vm370 not only shipped source ... but
provided source maintenance ... fixes were shipped as source from which
customer did new system rebuilds (there was significant retrenching with
the OCO-wars).

cp67 was used for commercial timesharing service bureaus ... some of
which moved up the value stream providing financial information ...
getting customers from different, competitive large wall street firms
... where critical competitive information was frequently involved.
misc. references to virtual machines based timesharing (bears some
similarities with current cloud computing):
http://www.garlic.com/~lynn/submain.html#timeshare

science center also got into provide timesharing services ... both
internally as well as to educational institutions in the cambridge area
(students and other non-employees). The science center has also done a
port of apl\360 to cms for cms\apl ... opening up workspace size to
virtual memory limits (from typical 16k-32k bytes) and adding APIs for
system facilities (like read/write files) ... which allowed using APL
for large real-world applications. One of the early internal customers
for the services was the business planning people in Armonk ... which
loaded the most valuable of all corporate information on the system (for
their business planning models). This assumed that there was significant
security given the most valuable of all corporate resources on the same
system with a lot of univ. students.

a couple recent posts mentioning providing services for armonk business
planners:
http://www.garlic.com/~lynn/2010e.html#24 Unbundling  HONE
http://www.garlic.com/~lynn/2010i.html#66 Global CIO: Global Banks Form 
Consortium To Counter HP, IBM,  Oracle

also slightly related ...
http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml

i didn't hear about the above customers until much later. other recent
posts mentioning the above url:
http://www.garlic.com/~lynn/2010b.html#63 Source code for s/360 [PUBLIC]
http://www.garlic.com/~lynn/2010b.html#97 The Naked Mainframe (Forbes 
Security Article)
http://www.garlic.com/~lynn/2010d.html#62 LPARs: More or Less?
http://www.garlic.com/~lynn/2010f.html#59 More calumny: Secret Service Uses 
1980s Mainframe
http://www.garlic.com/~lynn/2010f.html#74 Is Security a Curse for the Cloud 
Computing Industry?
http://www.garlic.com/~lynn/2010g.html#9 Far and near pointers on the 80286 and 
later
http://www.garlic.com/~lynn/2010g.html#40 someone smarter than Dave Cutler
http://www.garlic.com/~lynn/2010g.html#53 Far and near pointers on the 80286 
and later

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[R.S.]

W dniu 2010-06-03 00:52, Kevin Keith pisze:

Hi,
I know this idea might sound crazy, but I was wondering about the prospects
of an IBM mainframe for personal use.  I'm aware of the hurdles considering
the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other
problems.  My question is where would one go about looking for one of these?
  I could obviously buy one from a reseller for thousands of dollars, but I
can't really afford that.  I feel like there are many of these machines
being dumped and scrapped (especially since they are relatively recently no
longer supported) is there any way to get one just ONE of these before its
destroyed by a scrapper?


Obviously you can have MP3K and use it, BUT. The gotcha is software 
license. YOU HAVE TO PAY FOR THE SOFTWARE! There are not z/OS licences 
for homefun use. It's a pity, but reality.

BTW: MP3K is relatively small, but not less affordable than big 9672.

BTW2: I know some guy in Poland who owns two z/800 boxes and has licence 
for z/OS.e. In Parallel Sysplex, with ISC cards, sysplex timer, external 
DASD, etc. Just for fun. g



--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 025237

NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci 
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec 
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym 
BRE Banku SA bd w caoci opacone.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[David Crayford]

R.S. wrote:

W dniu 2010-06-03 00:52, Kevin Keith pisze:

Hi,
I know this idea might sound crazy, but I was wondering about the 
prospects
of an IBM mainframe for personal use.  I'm aware of the hurdles 
considering
the Service Element (hard drives being detroyed, etc.) HMC, OSes, and 
other
problems.  My question is where would one go about looking for one of 
these?
  I could obviously buy one from a reseller for thousands of dollars, 
but I

can't really afford that.  I feel like there are many of these machines
being dumped and scrapped (especially since they are relatively 
recently no
longer supported) is there any way to get one just ONE of these 
before its

destroyed by a scrapper?


Obviously you can have MP3K and use it, BUT. The gotcha is software 
license. YOU HAVE TO PAY FOR THE SOFTWARE! There are not z/OS licences 
for homefun use. It's a pity, but reality.

BTW: MP3K is relatively small, but not less affordable than big 9672.



Yes, what a shame. IF you could license z/OS just for fun (Hercules) 
then there are a lot better hardware platforms than a MP3K to run it on. 
A medium sized Intel server would nuke a MP3K.



BTW2: I know some guy in Poland who owns two z/800 boxes and has 
licence for z/OS.e. In Parallel Sysplex, with ISC cards, sysplex 
timer, external DASD, etc. Just for fun. g




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Timothy Sipples]

My latest Mainframe Blog post discusses acquiring and configuring a
personal mainframe:

http://mainframe.typepad.com/blog/2010/05/my-personal-mainframe-2010-edition.html

I tend to think that a used z890 (2086-110) is currently the ideal
personal mainframe, possessing an excellent balance of capabilities,
acquisition price, software licensing options, and likely useful service
life from a technology relevance point of view. However, I think the z800
(2066-0E1) is still a viable second choice provided you can get a
substantially better price, and provided you understand the technology
currency issues (notably that DB2 9 is the last version that will run on
the z800/z900). Obviously if you can get a heck of a deal on a used z9 BC
or z10 BC you would jump on it.

Note that in the blog post I do *not* assume that you would qualify for
PartnerWorld software licensing if you own and operate a physical mainframe
in your home data center, but that is another possible option for software
licensing if you can meet the terms and conditions. I assumed full
commercial licensing because I assumed that you might be entering the time
sharing business in order to share the costs of your personal mainframe
equitably, co-op style. I did, however, assume that you (and any time
sharing users) could meet zNALC terms and conditions.

I very much appreciate the offer that an IBM-MAINer made to send me a
Multiprise 3000. It was (and is) extremely generous, thank you. Perhaps
that offer (or similar) would be open to you, Kevin. I considered it very
carefully and almost said yes. But in the end there was just too big a gap
between an MP3000 and today's (or even yesterday's) software licensing and
software capabilities. A second or first generation z/Architecture machine
just seems like a much better financial and technical proposition all
around at this point in time for a personal mainframe (assuming a physical
one). Yes, it is possible to run 31-bit Linux on an MP3000, but I couldn't
figure out any use cases where that capability would provide unique value
nowadays given Linux's technical ability to cross-compile.

And no, you're not crazy, Kevin. Or if you are, so am I. :-)

- - - - -
Timothy Sipples
Resident Architect (Based in Singapore)
STG Value Creation and Complex Deals Team
IBM Growth Markets
E-Mail: timothy.sipp...@us.ibm.com
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Tony Harminc]

On 3 June 2010 07:16, R.S. r.skoru...@bremultibank.com.pl wrote:

 BTW: MP3K is relatively small, but not less affordable than big 9672.

Not less?

For the home user it's not only a question of acquisition cost. The
MP3000 is a great little box, because it is entirely self-contained
(DASD, network, etc.) and because it runs on an ordinary household
power circuit. It uses about as much electricity as a largish PC
server, and of course puts out a matching and not huge amount of heat,
so it's entirely reasonable for home use.

On the other hand, having just helped put one into the back of an SUV
(on its way to Mike Ross's corestore.org), I can tell you that it's
not a light box, even with all the DASD, fans, side and end covers,
and several other things removed!

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Tony Harminc]

On 2 June 2010 18:52, Kevin Keith krfke...@gmail.com wrote:

 I know this idea might sound crazy, but I was wondering about the prospects
 of an IBM mainframe for personal use.  I'm aware of the hurdles considering
 the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other
 problems.  My question is where would one go about looking for one of these?
  I could obviously buy one from a reseller for thousands of dollars, but I
 can't really afford that.  I feel like there are many of these machines
 being dumped and scrapped (especially since they are relatively recently no
 longer supported) is there any way to get one just ONE of these before its
 destroyed by a scrapper?

It is a problem - some would call it market failure of a kind. There
are resellers who have, or claim to have, just about any IBM hardware
you'd like, and as you say, they ask a huge amount for it. I'm not
sure I understand their business model, but I'm sure in many cases
they don't actually have the hardware in question, and act more as
brokers. On the other side, these machines are going to the scrapper
all the time (I just saved one from that fate), where they have in
effect negative value, i.e. you have to pay someone to take it away,
and depending on where you are, pay various recycling charges because
there may be lead-acid and/or NiCad batteries, and other non RoHS
stuff inside.

I think you've done exactly the right thing - ask on this list, and
the several other mainframe related ones. Doubtless somewhere a reader
of these lists knows that the boss is deciding that it's cleanup time
for that dusty corner of the datacentre, and typically these things
happen suddenly. If you are prepared to pay for quick packaging and
shipping (evidently not as outrageous as I imagined), are prepared to
arrange drive wiping so they won't be physically destroyed, and remind
people occasionally that you're looking, I think your chances are
pretty good.

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Kevin Keith]

Thanks for the encouragement Tony.  Like I said, I know  of several z9s that
have been scrapped, that would've been perfect (they were ECs).  You'd think
in a huge city like Houston, with all the industry, oil companies, etc, it
would be easy to find such things, but I've not had any luck yet.  Right now
I'm hoping for a Multiprise 3000, and I hope to some day acquire a z9 EC (I
actually think this may not be THAT ridiculous).

On Thu, Jun 3, 2010 at 5:44 PM, Tony Harminc t...@harminc.net wrote:

 On 2 June 2010 18:52, Kevin Keith krfke...@gmail.com wrote:

  I know this idea might sound crazy, but I was wondering about the
 prospects
  of an IBM mainframe for personal use.  I'm aware of the hurdles
 considering
  the Service Element (hard drives being detroyed, etc.) HMC, OSes, and
 other
  problems.  My question is where would one go about looking for one of
 these?
   I could obviously buy one from a reseller for thousands of dollars, but
 I
  can't really afford that.  I feel like there are many of these machines
  being dumped and scrapped (especially since they are relatively recently
 no
  longer supported) is there any way to get one just ONE of these before
 its
  destroyed by a scrapper?

 It is a problem - some would call it market failure of a kind. There
 are resellers who have, or claim to have, just about any IBM hardware
 you'd like, and as you say, they ask a huge amount for it. I'm not
 sure I understand their business model, but I'm sure in many cases
 they don't actually have the hardware in question, and act more as
 brokers. On the other side, these machines are going to the scrapper
 all the time (I just saved one from that fate), where they have in
 effect negative value, i.e. you have to pay someone to take it away,
 and depending on where you are, pay various recycling charges because
 there may be lead-acid and/or NiCad batteries, and other non RoHS
 stuff inside.

 I think you've done exactly the right thing - ask on this list, and
 the several other mainframe related ones. Doubtless somewhere a reader
 of these lists knows that the boss is deciding that it's cleanup time
 for that dusty corner of the datacentre, and typically these things
 happen suddenly. If you are prepared to pay for quick packaging and
 shipping (evidently not as outrageous as I imagined), are prepared to
 arrange drive wiping so they won't be physically destroyed, and remind
 people occasionally that you're looking, I think your chances are
 pretty good.

 Tony H.

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html




-- 
Thanks,
Kevin

Kevin Keith
OLPC Volunteer

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Thompson, Steve]

-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Tony Harminc
Sent: Thursday, June 03, 2010 10:30 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Multiprise 3k for personal Use?

On 3 June 2010 07:16, R.S. r.skoru...@bremultibank.com.pl wrote:

 BTW: MP3K is relatively small, but not less affordable than big 9672.

Not less?

For the home user it's not only a question of acquisition cost. The
MP3000 is a great little box, because it is entirely self-contained
(DASD, network, etc.) and because it runs on an ordinary household
power circuit. It uses about as much electricity as a largish PC
server, and of course puts out a matching and not huge amount of heat,
so it's entirely reasonable for home use.

On the other hand, having just helped put one into the back of an SUV
(on its way to Mike Ross's corestore.org), I can tell you that it's
not a light box, even with all the DASD, fans, side and end covers,
and several other things removed!
SNIPPAGE

How well you make my point about needing a drop, plug, LOAD and IPL type
of entry box. In my opinion this is the way to have an entry level
[starter?] system. 

You want to replace my Intel type servers with a mainframe? I have 1
file server, 2 DB Servers, and a print server. I don't have a SAN. And I
have 25 users.

So, I need, per IBM today, a z/9 (or 10), raised flooring, special power
circuits, and a RAID box. The entry to a mainframe is quite expensive.

Today, my hardware costs are less than $10K, everything runs on 120VAC
single phase, and I don't have to put in a Liebart or some such. 

So to convert to a mainframe it is not cost effective until I hit that
magical 30 Server number. But by then, when you factor the software
migration costs, it is still not cost effective to go to a z box.

I really wish that IBM would re-think this area.

Regards,
Steve Thompson

-- Opinions expressed by this poster may not reflect those of poster's
employer --

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[David Andrews]

On Thu, 2010-06-03 at 11:44 -0400, Tony Harminc wrote:
 Doubtless somewhere a reader of these lists knows that the boss is
 deciding that it's cleanup time for that dusty corner of the
 datacentre

Well, you make me go and look.  There across the parking lot, in an
attic over a farm equipment shop and accessible by forklift, still sits
a bus-and-tag 3088 CTC - plastic wrapped against the elements.

Some people don't throw ANYTHING away.

-- 
David Andrews
A. Duda and Sons, Inc.
david.andr...@duda.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Anne Lynn Wheeler]

d...@lists.duda.com (David Andrews) writes:
 Well, you make me go and look.  There across the parking lot, in an
 attic over a farm equipment shop and accessible by forklift, still sits
 a bus-and-tag 3088 CTC - plastic wrapped against the elements.

one of the battles my wife lost when she served her stint responsible
for loosely-coupled architecture in POK ... was added more features to
3088 (code-name trouter) than simply acting like multi-arm ctc. one of
the reasons a little later she started pushing hyperchannel ... put was
opposed by people that had pushed vanilla 3088 and were worried that if
there was a lot of hyperchannel out there ... it would interfere with
eventually being able to ship escon.

she had done peer-coupled shared data architecture
http://www.garlic.com/~lynn/subtopic.html#sharedata

which saw little uptake (except for ims hot-standby) until sysplex.
other battles that contributed to her not staying long in the position
was SNA camp trying to force all loosely-coupled operations thru VTAM.

prior to taking the position in POK ... she had been in the JES group
working on merged JES2/JES3 (figuring out what were the missing things
in one ... that the customers of the other couldn't live w/o) ...  JES
Ultimate System.

-- 
42yrs virtualization experience (since Jan68), online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[William Donzelli]

 Well I hate to look like a solicitor, but, if there is anyone out there,
 particularly in the Houston area, with a multiprise (actually, any mainframe
 for that matter, I mean it depends, but if you have ANYTHING talk to me)
 that is just going to waste that'll be trashed anyway, it would be going to
 a good home.

I have been asking for older equipment for the collection for several
years, and I do not think anyone really takes offense. There have been
some extremely generous people on this list - and I would once again
like to give a public THANK YOU to them. Saving an old machine, a pile
of docs, or some reels of tape can go a long way, and in just about
every way is better than the stuff going to the scrapper.

Someday IBM may have some sort of non-commercial license for their
mainframe software - perhaps something like Syntegra/Control Data or
HP/Digital has. Save the software first, then worry about the legal
issues. Once the software is gone, it is GONE.

--
Will

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Rick Fochtman]

---snip-
For the home user it's not only a question of acquisition cost. The 
MP3000 is a great little box, because it is entirely self-contained 
(DASD, network, etc.) and because it runs on an ordinary household power 
circuit. It uses about as much electricity as a largish PC server, and 
of course puts out a matching and not huge amount of heat, so it's 
entirely reasonable for home use.


On the other hand, having just helped put one into the back of an SUV 
(on its way to Mike Ross's corestore.org), I can tell you that it's not 
a light box, even with all the DASD, fans, side and end covers, and 
several other things removed!


SNIPPAGE

How well you make my point about needing a drop, plug, LOAD and IPL type 
of entry box. In my opinion this is the way to have an entry level 
[starter?] system.


You want to replace my Intel type servers with a mainframe? I have 1 
file server, 2 DB Servers, and a print server. I don't have a SAN. And I 
have 25 users.


So, I need, per IBM today, a z/9 (or 10), raised flooring, special power 
circuits, and a RAID box. The entry to a mainframe is quite expensive.


Today, my hardware costs are less than $10K, everything runs on 120VAC 
single phase, and I don't have to put in a Liebart or some such.


So to convert to a mainframe it is not cost effective until I hit that 
magical 30 Server number. But by then, when you factor the software 
migration costs, it is still not cost effective to go to a z box.


I really wish that IBM would re-think this area.
-unsnip--
IBM should DEFINITELY rethink this area, especially now that they're the 
only kid on the block. :-)


Rick

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Rick Fochtman]

---snip


Doubtless somewhere a reader of these lists knows that the boss is
deciding that it's cleanup time for that dusty corner of the
datacentre
   



Well, you make me go and look.  There across the parking lot, in an
attic over a farm equipment shop and accessible by forklift, still sits
a bus-and-tag 3088 CTC - plastic wrapped against the elements.

Some people don't throw ANYTHING away.
 


-unsnip-
I can match that with a matched pair of fully-configured bus/tag 2914 
switches. :-) Anyone need a boat anchor that intermittently floats?


Rick


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Multiprise 3k for personal Use?

[Kevin Keith]

Hi,
I know this idea might sound crazy, but I was wondering about the prospects
of an IBM mainframe for personal use.  I'm aware of the hurdles considering
the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other
problems.  My question is where would one go about looking for one of these?
 I could obviously buy one from a reseller for thousands of dollars, but I
can't really afford that.  I feel like there are many of these machines
being dumped and scrapped (especially since they are relatively recently no
longer supported) is there any way to get one just ONE of these before its
destroyed by a scrapper?

Thanks for your help
-Kevin

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Linda Mooney]

Hi Kevin, 



Just a thought, but for government entities (fed, state, local, 
educational) and some large businesses, equipment is put up for surplus bid.  
That generally results in getting someone to take it away for something between 
a little bit of money going in either direction, or sometimes free.  You could 
watch the postings on  the sellers purchasing or surplus websites.  You might 
have to contact the 'possibilities' and let them know of your interest.  Some 
organizations send invitations to bid to folks on a list, some post on a 
website available to the public.  



You can use the web to find out what computer systems many public entities 
run.  It is probably easiest to find out what a college or university has.  The 
generally have meetings that are open to the public, and their minutes are 
typically posted on their website.  Just do a site search and you can probably 
find the minutes of the meeting where the original machine purchase was 
approved.  A peek at the page for computing services will tell you who to call 
so that you can ask if they still have the one you want. 



You could contact a company that deals in the equipment you want.  Used dealers 
sell to the secondary market, they sell to third party maintenance providers, 
and to individuals.  Be sure to communicate your requirements well, best to do 
it in writing. Check out the companies before sending money.  I'm sure you know 
the drill. :-) 



Third party maintenance providers can be a good source.  Often they will remove 
working and under maintenance equipment for a customer.  The advantage of this 
is that you can often get the maintenance history, and they will often arrange 
transport and setup for you, if you want that.  They can probably supply any 
missing parts, too.  Some of the third party maintainers only do maintenance 
for companies, but some will do maint for individuals, if you want that. 



HTH, 



Linda Mooney 


- Original Message - 
From: Kevin Keith krfke...@gmail.com 
To: IBM-MAIN@bama.ua.edu 
Sent: Wednesday, June 2, 2010 3:52:02 PM GMT -08:00 US/Canada Pacific 
Subject: Multiprise 3k for personal Use? 

Hi, 
I know this idea might sound crazy, but I was wondering about the prospects 
of an IBM mainframe for personal use.  I'm aware of the hurdles considering 
the Service Element (hard drives being detroyed, etc.) HMC, OSes, and other 
problems.  My question is where would one go about looking for one of these? 
 I could obviously buy one from a reseller for thousands of dollars, but I 
can't really afford that.  I feel like there are many of these machines 
being dumped and scrapped (especially since they are relatively recently no 
longer supported) is there any way to get one just ONE of these before its 
destroyed by a scrapper? 

Thanks for your help 
-Kevin 

-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO 
Search the archives at http://bama.ua.edu/archives/ibm-main.html 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Shane Ginnane]

We've got one sitting in the corner of the office computer room, holding floor 
tiles in place. I suspect 
others (closer to you) will be in similar situations.
I tried to get a couple of flavours of Linux running on it, but couldn't get 
the comms side of it sorted. 
Gave up in frustration.

Shane ...

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Multiprise 3k for personal Use?

[Kevin Keith]

Well I hate to look like a solicitor, but, if there is anyone out there,
particularly in the Houston area, with a multiprise (actually, any mainframe
for that matter, I mean it depends, but if you have ANYTHING talk to me)
that is just going to waste that'll be trashed anyway, it would be going to
a good home.

Thanks,
-Kevin

On Wed, Jun 2, 2010 at 6:52 PM, Shane Ginnane ibm-m...@tpg.com.au wrote:

 We've got one sitting in the corner of the office computer room, holding
 floor tiles in place. I suspect
 others (closer to you) will be in similar situations.
 I tried to get a couple of flavours of Linux running on it, but couldn't
 get the comms side of it sorted.
 Gave up in frustration.

 Shane ...

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html




-- 
Thanks,
Kevin

Kevin Keith
OLPC Volunteer

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html