Re: Mainframes open to internet attacks?
Hi All I completely agree with Phil - the issue is not whether the Mainframe is open to the Internet - it’s an issue of complacency vs. correct configuration. Too many C*O types are so focused on the availability aspect of CIA that they downplay the risks to the other aspects of that triad - particularly on Z. Assuming z/OS is safe - does not make it so - and ignoring the various vulnerabilities (misconfiguration, under or mis-staffing, lack of controls, lack of SLCM/DLCM , lack of anything else that's required) - does not make them go away. This is not true in every case, but I too have seen TSO users with minimal capabilities owning the system - in under two hours. If you have security assessments regularly - you'll always find something. Your goal should be to make your external auditor work really hard to find what you've forgotten :-) MZ -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Phil Sent: Friday, August 28, 2015 8:26 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframes open to internet attacks? Hi All, I’m actually the person interviewed in this (frankly overblown) article. Thankfully I had a chance to talk again about this project here: https://www.bostonglobe.com/ideas/2015/08/13/remote-corner-internet-art-sprouts/joPVVFqBnctHanbtUBLhzL/story.html https://www.bostonglobe.com/ideas/2015/08/13/remote-corner-internet-art-sprouts/joPVVFqBnctHanbtUBLhzL/story.html Radoslaw, I’m so glad you were able to attend one of my talks (was it the Skytalks or BSidesLV?). However, I think you misunderstood the point I was trying to make. I’ve constantly touted how stupid the information security industry has been in thinking mainframes were old and obsolete. See this article about one of my first talks from two years ago: http://www.darkreading.com/attacks-breaches/cutting-through-the-mystique-of-testing-the-mainframe/d/d-id/1140239 http://www.darkreading.com/attacks-breaches/cutting-through-the-mystique-of-testing-the-mainframe/d/d-id/1140239 my story hasn’t really changed since. My toolset has, and participation is slowly increasing, but not fast enough. In fact, my co-speaker and I, at the most recent DEFCON, were making fun of the audience for not knowing what CICS was despite how important it likely was to their daily lives. On the topic on whether they are secure or not, thats up to the implementation. I know of someone who claims ‘give me an account and I can own your mainframe’. He doesn’t do it through magical 0-days, he’s using misconfigurations and easy to access tools (for example, in one instance he found a surrogate profile for an account with system special open to everyone because it was an ‘emergency id’). But this is true of any platform. zLinux is just as secure as z/OS, if both are configured correctly. Finally, on to the ‘art project’ as I like to call it. Back, long ago, when I was on x.25 networks looking for things to play with I might encounter a screen like these. I just find them amazing and beautiful (and a little nostalgic to be honest). Having them be on the internet doesn’t really matter, if they are configured correctly. My assumption is that they are on the internet on purpose and are no different than a staff landing page (for example: https://fs.aircanada.ca/idp/SSO.saml2 https://fs.aircanada.ca/idp/SSO.saml2, i found this through literally 1 second on google). If you want to see other interesting ’things' on the internet check out SHODANs twitter feed for devices like ‘Lake Pumping Stations’ and ‘Skilift in France’: https://twitter.com/shodanhq https://twitter.com/shodanhq I realize this is likely way off-topic for this discussion list but feel free to email me if you have questions or concerns (or are interested in how I did it). Phil On Aug 27, 2015, at 9:00 PM, IBM-MAIN automatic digest system lists...@listserv.ua.edu wrote: Date:Thu, 27 Aug 2015 17:38:05 +0200 From:R.S. r.skoru...@bremultibank.com.pl mailto:r.skoru...@bremultibank.com.pl Subject: Re: Mainframes open to internet attacks? W dniu 2015-08-19 o 00:26, Robert Harrison pisze: From technologyreview.com http://technologyreview.com/: http://www.technologyreview.com/news/540011/mainframe-computers-that- handle-our-most-sensitive-data-are-open-to-internet-attacks/ http://www.technologyreview.com/news/540011/mainframe-computers-that -handle-our-most-sensitive-data-are-open-to-internet-attacks/ Really? What I understod from the lecture: a) mainframes are old, obsolete, but unfotunately sometimes still in use - which is a sin. b) mainframes are insecure c) some mainframe are directly accessible from Internet, by mistake of course. What I mean: a) b) - IMHO obvious ;-) c) IMHO it is bad idea to make any system directly accessible from Internet. Mainframe, any kind of Unix, Linux, Windows... Some exceptions do apply but it's still
Re: Mainframes open to internet attacks?
W dniu 2015-08-28 o 06:19, Timothy Sipples pisze: Radoslaw Skorupka wrote: c) IMHO it is bad idea to make any system directly accessible from Internet. Mainframe, any kind of Unix, Linux, Windows... Which leaves...what? Is Wang still selling machines? (But those were systems, too...) Well... OS/2 and it's successor eComStation VMS aka OpenVMS OS/400 (now more funny answers) iOS Android PC DOS (it's hard to find server working uder DOS, but...) BeOS NetWare FreeBSD QNX -- Radoslaw Skorupka Lodz, Poland -- Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorized to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. mBank S.A. z siedzib w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2015 r. kapita zakadowy mBanku S.A. (w caoci wpacony) wynosi 168.840.228 zotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframes open to internet attacks?
Compared to what? compared to a mainframe locked in a vault. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Shmuel Metz (Seymour J.) Sent: Thursday, August 27, 2015 7:23 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframes open to internet attacks? In 55df2edd.5090...@bremultibank.com.pl, on 08/27/2015 at 05:38 PM, R.S. r.skoru...@bremultibank.com.pl said: What I understod from the lecture: a) mainframes are old, obsolete, but unfotunately sometimes still in use - which is a sin. If they do the job as well as or better than available alternatives then they're not obsolete. b) mainframes are insecure Compared to what? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
Just to make sure we get answers to the correct question, which mainframe operating system are we talking about? z/OS z/VM CMS Linux on z Mike Wawiorko Please consider the environment before printing this e-mail -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Eamon C Sent: 28 August 2015 13:37 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Mainframe hyperlink Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 122702). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
There is a lot of infrastructure to put in place before that can happen, but given an HTTP server on the mainframe, I would expect this to be possible. As a minimum, NFS would need to be installed/updated, not to mention security upgrades, OMVS configuration changes,... Good Luck! snip Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' /snip -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
Assuming that you are talking about z/OS, the old HTTP server based on Domino had a facility that would handle PS, PDS and PDSE: the GWAPIS MVSDS DLL Service. Unfortunately, the new Apache based HTTP server doesn't have it, so we've been holding off on converting. More information can be found at http://www-01.ibm.com/support/knowledgecenter/#!/SSLTBW_1.12.0/com.ibm.zos.r12.dgwa400/imwziu181527.htm. Snippet from our /etc/httpd.conf: #4. EXAMPLE URL's #= #Example URL's containing this type of naming would be: # # http://www.mvs.tcp.ibm.com/MVSDS/'WEBSRV.PAGES.HTML.HOME' # http://www.mvs.tcp.ibm.com/MVSDS/DD:PAGES(OTHERPAG) # http://www.mvs.tcp.ibm.com/MVSDS/MYPAGES.IMAGES.GIF(NATURE) # #In these examples, MVSDS is used as the key. The examples represent: # - a (an?) FQN # - a JCL DD reference (to a PDS, whose member OTHERPAG is # to be retrieved), and # - a PQN to which the MVS user ID will be prepended Jonathan Eosze | Sr Computer Sys Engr | IT Operations Mainframe Management 1 (IMS), Information Technology, USAA -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Staller, Allan Sent: Friday, August 28, 2015 8:14 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: EXTERNAL: Re: Mainframe hyperlink There is a lot of infrastructure to put in place before that can happen, but given an HTTP server on the mainframe, I would expect this to be possible. As a minimum, NFS would need to be installed/updated, not to mention security upgrades, OMVS configuration changes,... Good Luck! snip Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' /snip -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
On 28/08/2015 9:54 PM, Eosze, Jonathan L. wrote: Assuming that you are talking about z/OS, the old HTTP server based on Domino had a facility that would handle PS, PDS and PDSE: the GWAPIS MVSDS DLL Service. Unfortunately, the new Apache based HTTP server doesn't have it, so we've been holding off on converting. Will this do? http://publib.boulder.ibm.com/httpserv/manual70/mod/mod_mvsds.html More information can be found at http://www-01.ibm.com/support/knowledgecenter/#!/SSLTBW_1.12.0/com.ibm.zos.r12.dgwa400/imwziu181527.htm. Snippet from our /etc/httpd.conf: #4. EXAMPLE URL's #= #Example URL's containing this type of naming would be: # # http://www.mvs.tcp.ibm.com/MVSDS/'WEBSRV.PAGES.HTML.HOME' # http://www.mvs.tcp.ibm.com/MVSDS/DD:PAGES(OTHERPAG) # http://www.mvs.tcp.ibm.com/MVSDS/MYPAGES.IMAGES.GIF(NATURE) # #In these examples, MVSDS is used as the key. The examples represent: # - a (an?) FQN # - a JCL DD reference (to a PDS, whose member OTHERPAG is # to be retrieved), and # - a PQN to which the MVS user ID will be prepended Jonathan Eosze | Sr Computer Sys Engr | IT Operations Mainframe Management 1 (IMS), Information Technology, USAA -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Staller, Allan Sent: Friday, August 28, 2015 8:14 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: EXTERNAL: Re: Mainframe hyperlink There is a lot of infrastructure to put in place before that can happen, but given an HTTP server on the mainframe, I would expect this to be possible. As a minimum, NFS would need to be installed/updated, not to mention security upgrades, OMVS configuration changes,... Good Luck! snip Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' /snip -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframes open to internet attacks?
W dniu 2015-08-28 o 14:12, John McKown pisze: The die hard AmigaDOS people will be wanting an apology for being ignored -- yet again. The CP/M people have all died, so no worries from them. [grin]. Well, I still have working CP/M machine and feel quite alive. However I never tried to connect it to Internet. (yes, it's Friday...) -- Radoslaw Skorupka Lodz, Poland -- Treść tej wiadomości może zawierać informacje prawnie chronione Banku przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorized to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.pl Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2015 r. kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.840.228 złotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframes open to internet attacks?
On Fri, Aug 28, 2015 at 3:02 AM, R.S. r.skoru...@bremultibank.com.pl wrote: W dniu 2015-08-28 o 06:19, Timothy Sipples pisze: Radoslaw Skorupka wrote: c) IMHO it is bad idea to make any system directly accessible from Internet. Mainframe, any kind of Unix, Linux, Windows... Which leaves...what? Is Wang still selling machines? (But those were systems, too...) Well... OS/2 and it's successor eComStation VMS aka OpenVMS OS/400 (now more funny answers) iOS Android PC DOS (it's hard to find server working uder DOS, but...) BeOS NetWare FreeBSD The NetBSD and OpenBSD projects will have their seconds call on you for ignoring them. QNX The die hard AmigaDOS people will be wanting an apology for being ignored -- yet again. The CP/M people have all died, so no worries from them. [grin]. But the real danger from omitting somone is from the Mac OSX people. They tend to be fanatics. -- Radoslaw Skorupka Lodz, Poland -- Schrodinger's backup: The condition of any backup is unknown until a restore is attempted. Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be. He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
We have Mobius running to recall mainframe files to be displayed on a PC. On Fri, Aug 28, 2015 at 8:13 AM, Staller, Allan allan.stal...@kbmg.com wrote: There is a lot of infrastructure to put in place before that can happen, but given an HTTP server on the mainframe, I would expect this to be possible. As a minimum, NFS would need to be installed/updated, not to mention security upgrades, OMVS configuration changes,... Good Luck! snip Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' /snip -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Smaller Private Area in DR
It of course might turn out that nothing changed wasn't correct. But I/O configuration is a possibility. However, I think that would affect SQA not CSA. The size of SQA, I believe, is the sum of the customer specification for SQA and the early-IPL needs. SQA in turn would affect where LPA goes. That in turn would affect where CSA goes. That in turn would affect where PVT goes. A pair of dumps (one on each system) seems like the right way to diagnose this (rather than making intelligent guesses), in order to be able to view things like the boundaries and sizes of CSA, LPA, SQA, and the nucleus (most of the data is either in the CVT or the GDA). Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
z/OS -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Smaller Private Area in DR
rel...@us.ibm.com (Peter Relson) wrote: snip A pair of dumps (one on each system) seems like the right way to diagnose this (rather than making intelligent guesses), in order to be able to view things like the boundaries and sizes of CSA, LPA, SQA, and the nucleus (most of the data is either in the CVT or the GDA). Also, if you have RMF available, the Virtual Storage Activity Report shows the starting address and size of common storage areas under the Static Storage Map heading. (The RMF SMF records might be available even if the DR system is not currently available...just a thought.) -- John Eells z/OS Technical Marketing IBM Poughkeepsie ee...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Mainframe hyperlink
Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
On Fri, 28 Aug 2015 07:36:50 -0500, Eamon C wrote: Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' Need more information. Where do the files reside? On which system do you wish to access them? How or where would the user click? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
Eamon C wrote: The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' In theory yes! But, as others said, you'll need a lot of things to setup in the first place. First, you'll have to explain the terms you use. 'share drive' and 'server' for example are not really the right terms. You said it is z/OS, Ok, I have a lot of questions... What will you then use to drive a web server? HTTP server? CICS? DB2? etc.? As Allan said, what about NFS? How will you setup your OMVS? What will you use for TCP/IP? Security? RACF? Firewalls? Oh, what will you use to see a 'drive'? Do you want see a device? On z/OS, the general users don't see 'drives', but on OMVS, yes, but then with mountable paths+folders depending on setup. Or do you want to open files? Others suggested about using files via various ways... And lastly... what language or utility will you use to serve up those pages and accept the 'clicks'? Finally, what will you to limit the availability of those pages containing those links? About 'server'. This is way too ambiguous. You'll have to decide on what database you want to work on and then with right security setup the 'surfer' can perhaps click on something as long the application can handle the request. Lots of work, yes... Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
If it is displayed on a screen, no problem. The emulator will link to it. ITschak בתאריך 28 באוג 2015 15:47, Eamon C cus...@gmail.com כתב: Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: EXTERNAL: Re: Mainframe hyperlink
Thanks everyone for your replies and thoughts so far. I'll go back to the users and try and get more information on what exactly they are hoping to do and how that ties in with the information provided here. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Smaller Private Area in DR
Thanks Peter and John. I am looking into whether SMF data from DR is available. Will post on the list of I find anything new. On Fri, Aug 28, 2015 at 9:56 AM, John Eells ee...@us.ibm.com wrote: rel...@us.ibm.com (Peter Relson) wrote: snip A pair of dumps (one on each system) seems like the right way to diagnose this (rather than making intelligent guesses), in order to be able to view things like the boundaries and sizes of CSA, LPA, SQA, and the nucleus (most of the data is either in the CVT or the GDA). Also, if you have RMF available, the Virtual Storage Activity Report shows the starting address and size of common storage areas under the Static Storage Map heading. (The RMF SMF records might be available even if the DR system is not currently available...just a thought.) -- John Eells z/OS Technical Marketing IBM Poughkeepsie ee...@us.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: EXTERNAL: Re: Mainframe hyperlink
And the comment about a share drive makes me think of a Windows desktop mapping a shared drive, which would imply SMB or SAMBA--or z/OS DFS (Distributed File Service). http://www-01.ibm.com/support/knowledgecenter/#!/SSLTBW_2.1.0/com.ibm.zos.v2r1.ioe/ioe.htm However, our experience has been poor performance compared to almost anything, including NFS and a 15+ year old port of SAMBA, and unable to support the changing of the owning system of a file system. Though that is supported, we never attempted to use it for access to datasets. Jonathan Eosze | Sr Computer Sys Engr | IT Operations Mainframe Management 1 (IMS), Information Technology, USAA -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht Sent: Friday, August 28, 2015 8:59 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: EXTERNAL: Re: Mainframe hyperlink Eamon C wrote: The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' In theory yes! But, as others said, you'll need a lot of things to setup in the first place. First, you'll have to explain the terms you use. 'share drive' and 'server' for example are not really the right terms. You said it is z/OS, Ok, I have a lot of questions... What will you then use to drive a web server? HTTP server? CICS? DB2? etc.? As Allan said, what about NFS? How will you setup your OMVS? What will you use for TCP/IP? Security? RACF? Firewalls? Oh, what will you use to see a 'drive'? Do you want see a device? On z/OS, the general users don't see 'drives', but on OMVS, yes, but then with mountable paths+folders depending on setup. Or do you want to open files? Others suggested about using files via various ways... And lastly... what language or utility will you use to serve up those pages and accept the 'clicks'? Finally, what will you to limit the availability of those pages containing those links? About 'server'. This is way too ambiguous. You'll have to decide on what database you want to work on and then with right security setup the 'surfer' can perhaps click on something as long the application can handle the request. Lots of work, yes... Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
On Fri, Aug 28, 2015 at 8:40 AM, Eamon C cus...@gmail.com wrote: z/OS And how are they accessing z/OS? If they are using a 3270 emulator, then no. Well, maybe. I've heard of some people who have written a PC based script which they can set up in their particular 3270 emulation package which can recognize if the user clicks on a field containing something which looks like a Web address (e.g. http://something.or.other ). The only thing which has real hyper-link capability would be one of the Web servers on z/OS being accessed via a Web brower on the user's desktop. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Schrodinger's backup: The condition of any backup is unknown until a restore is attempted. Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be. He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
I'm not sure what you're trying to accomplish but SimpList might be able to do what you want. It integrates the mainframe and PC so you can perform tasks on either one. For example, you can click hyperlinks on ISPF panels and have it open web pages in a browser, or open PC files for edit on the mainframe, or print mainframe files on a PC printer, or display a PC directory on the mainframe so you can select files to browse/edit/print/transfer (etc.). Feel free to contact me off-list if you want more information. Dave Salt SimpList(tm) - try it; you'll get it! http://www.mackinney.com/products/program-development/simplist.html Date: Fri, 28 Aug 2015 22:02:24 +0800 From: dcrayf...@gmail.com Subject: Re: Mainframe hyperlink To: IBM-MAIN@LISTSERV.UA.EDU On 28/08/2015 9:54 PM, Eosze, Jonathan L. wrote: Assuming that you are talking about z/OS, the old HTTP server based on Domino had a facility that would handle PS, PDS and PDSE: the GWAPIS MVSDS DLL Service. Unfortunately, the new Apache based HTTP server doesn't have it, so we've been holding off on converting. Will this do? http://publib.boulder.ibm.com/httpserv/manual70/mod/mod_mvsds.html More information can be found at http://www-01.ibm.com/support/knowledgecenter/#!/SSLTBW_1.12.0/com.ibm.zos.r12.dgwa400/imwziu181527.htm. Snippet from our /etc/httpd.conf: #4. EXAMPLE URL's #= #Example URL's containing this type of naming would be: # # http://www.mvs.tcp.ibm.com/MVSDS/'WEBSRV.PAGES.HTML.HOME' # http://www.mvs.tcp.ibm.com/MVSDS/DD:PAGES(OTHERPAG) # http://www.mvs.tcp.ibm.com/MVSDS/MYPAGES.IMAGES.GIF(NATURE) # #In these examples, MVSDS is used as the key. The examples represent: # - a (an?) FQN # - a JCL DD reference (to a PDS, whose member OTHERPAG is # to be retrieved), and # - a PQN to which the MVS user ID will be prepended Jonathan Eosze | Sr Computer Sys Engr | IT Operations Mainframe Management 1 (IMS), Information Technology, USAA -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Staller, Allan Sent: Friday, August 28, 2015 8:14 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: EXTERNAL: Re: Mainframe hyperlink There is a lot of infrastructure to put in place before that can happen, but given an HTTP server on the mainframe, I would expect this to be possible. As a minimum, NFS would need to be installed/updated, not to mention security upgrades, OMVS configuration changes,... Good Luck! snip Hi, we had a query from a user we don't think is possible but posting here just in case. The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' /snip -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframes open to internet attacks?
On 29/08/2015 5:56 AM, Charles Mills wrote: http://mainframesproject.tumblr.com/ That really is a hall of shame! If you can access telnet then you can disrupt the system with a DDoS attack. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Scott Ford Sent: Friday, August 28, 2015 1:42 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframes open to internet attacks? I think the dude who wrote to article was looking for money or being a name in the industry. Every Z system I have been on you could not get to a login screen that easy. That's about 20+ shops , so dude give us details no fluff Scott -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Smaller Private Area in DR
Peter makes good points--as always. I was thinking mainly about CSA *usage*. The real question is when the COMMON/PRIVATE boundary gets set. IODF must be read and digested very early in IPL, certainly before SYS1.PARMLIB is opened. By the time IEASYSxx is processed, do below-the-line UCBs figure into the boundary calculation? Alas, my microfiche reader is down for maintenance. ;-) But Peter also raises a delicate question that I often have to ask: is the claim that 'nothing changed' really true? I mean aside from the IODF. How often does it come out in the wash that 'we changed only one little thing'? As Peter says, some dumps would go far toward resolving the problem. OTOH I know that DR issues may be impossible to explore ahead of the next DR exercise. . . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile jo.skip.robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Peter Relson Sent: Friday, August 28, 2015 5:48 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Smaller Private Area in DR It of course might turn out that nothing changed wasn't correct. But I/O configuration is a possibility. However, I think that would affect SQA not CSA. The size of SQA, I believe, is the sum of the customer specification for SQA and the early-IPL needs. SQA in turn would affect where LPA goes. That in turn would affect where CSA goes. That in turn would affect where PVT goes. A pair of dumps (one on each system) seems like the right way to diagnose this (rather than making intelligent guesses), in order to be able to view things like the boundaries and sizes of CSA, LPA, SQA, and the nucleus (most of the data is either in the CVT or the GDA). Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframe hyperlink
In 2801158597658286.wa.cushecgmail@listserv.ua.edu, on 08/28/2015 at 07:36 AM, Eamon C cus...@gmail.com said: The user is asking 'if there is a way to code a 'hyperlink' type entry on the mainframe to be able to click to a share drive or server' That's not a mainframe question. A mainframe web server can serve the same content as any other web server, but if you want the client to mount a drive that takes code on the client. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframes open to internet attacks?
http://mainframesproject.tumblr.com/ Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Scott Ford Sent: Friday, August 28, 2015 1:42 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframes open to internet attacks? I think the dude who wrote to article was looking for money or being a name in the industry. Every Z system I have been on you could not get to a login screen that easy. That's about 20+ shops , so dude give us details no fluff Scott -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Mainframes open to internet attacks?
I think the dude who wrote to article was looking for money or being a name in the industry. Every Z system I have been on you could not get to a login screen that easy. That's about 20+ shops , so dude give us details no fluff Scott On Friday, August 28, 2015, R.S. r.skoru...@bremultibank.com.pl wrote: W dniu 2015-08-28 o 14:12, John McKown pisze: The die hard AmigaDOS people will be wanting an apology for being ignored -- yet again. The CP/M people have all died, so no worries from them. [grin]. Well, I still have working CP/M machine and feel quite alive. However I never tried to connect it to Internet. (yes, it's Friday...) -- Radoslaw Skorupka Lodz, Poland -- Treść tej wiadomości może zawierać informacje prawnie chronione Banku przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorized to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.pl Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2015 r. kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.840.228 złotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN