Re: Mainframes open to internet attacks?

[Meir Zohar]

Hi All 

I completely agree with Phil - the issue is not whether the Mainframe is open 
to the Internet - it’s an issue of complacency vs. correct configuration. 
Too many C*O types are so focused on the availability aspect of CIA that they 
downplay the risks to the other aspects of that triad - particularly on Z.
Assuming z/OS is safe - does not make it so - and ignoring the various 
vulnerabilities (misconfiguration, under or mis-staffing, lack of controls, 
lack of SLCM/DLCM , lack of anything else that's required)  - does not make 
them go away. 
This is not true in every case, but I too have seen TSO users with minimal 
capabilities owning the system - in under two hours.  
If you have security assessments regularly - you'll always find something. Your 
goal should be to make your external auditor work really hard to find what 
you've forgotten :-) 

MZ



-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Phil
Sent: Friday, August 28, 2015 8:26 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

Hi All, 

I’m actually the person interviewed in this (frankly overblown) article. 
Thankfully I had a chance to talk again about this project here: 
https://www.bostonglobe.com/ideas/2015/08/13/remote-corner-internet-art-sprouts/joPVVFqBnctHanbtUBLhzL/story.html
 
https://www.bostonglobe.com/ideas/2015/08/13/remote-corner-internet-art-sprouts/joPVVFqBnctHanbtUBLhzL/story.html

Radoslaw, I’m so glad you were able to attend one of my talks (was it the 
Skytalks or BSidesLV?). However, I think you misunderstood the point I was 
trying to make. I’ve constantly touted how stupid the information security 
industry has been in thinking mainframes were old and obsolete. See this 
article about one of my first talks from two years ago: 
http://www.darkreading.com/attacks-breaches/cutting-through-the-mystique-of-testing-the-mainframe/d/d-id/1140239
 
http://www.darkreading.com/attacks-breaches/cutting-through-the-mystique-of-testing-the-mainframe/d/d-id/1140239
 my story hasn’t really changed since. My toolset has, and participation is 
slowly increasing, but not fast enough. In fact, my co-speaker and I, at the 
most recent DEFCON, were making fun of the audience for not knowing what CICS 
was despite how important it likely was to their daily lives. 

On the topic on whether they are secure or not, thats up to the implementation. 
I know of someone who claims ‘give me an account and I can own your mainframe’. 
He doesn’t do it through magical 0-days, he’s using misconfigurations and easy 
to access tools (for example, in one instance he found a surrogate profile for 
an account with system special open to everyone because it was an ‘emergency 
id’). But this is true of any platform. zLinux is just as secure as z/OS, if 
both are configured correctly. 

Finally, on to the ‘art project’ as I like to call it. Back, long ago, when I 
was on x.25 networks looking for things to play with I might encounter a screen 
like these. I just find them amazing and beautiful (and a little nostalgic to 
be honest). Having them be on the internet doesn’t really matter, if they are 
configured correctly. My assumption is that they are on the internet on purpose 
and are no different than a staff landing page (for example: 
https://fs.aircanada.ca/idp/SSO.saml2 https://fs.aircanada.ca/idp/SSO.saml2, 
i found this through literally 1 second on google). 

If you want to see other interesting ’things' on the internet check out SHODANs 
twitter feed for devices like ‘Lake Pumping Stations’ and ‘Skilift in France’: 
https://twitter.com/shodanhq https://twitter.com/shodanhq

I realize this is likely way off-topic for this discussion list but feel free 
to email me if you have questions or concerns (or are interested in how I did 
it).

Phil


 On Aug 27, 2015, at 9:00 PM, IBM-MAIN automatic digest system 
 lists...@listserv.ua.edu wrote:
 
 Date:Thu, 27 Aug 2015 17:38:05 +0200
 From:R.S. r.skoru...@bremultibank.com.pl 
 mailto:r.skoru...@bremultibank.com.pl
 Subject: Re: Mainframes open to internet attacks?
 
 W dniu 2015-08-19 o 00:26, Robert Harrison pisze:
 From technologyreview.com http://technologyreview.com/:
 
 http://www.technologyreview.com/news/540011/mainframe-computers-that-
 handle-our-most-sensitive-data-are-open-to-internet-attacks/ 
 http://www.technologyreview.com/news/540011/mainframe-computers-that
 -handle-our-most-sensitive-data-are-open-to-internet-attacks/
 
 Really?
 
 What I understod from the lecture:
 a) mainframes are old, obsolete, but unfotunately sometimes still in 
 use
 - which is a sin.
 b) mainframes are insecure
 c) some mainframe are directly accessible from Internet, by mistake of 
 course.
 
 What I mean:
 a)  b) - IMHO obvious ;-)
 
 c) IMHO it is bad idea to make any system directly accessible from 
 Internet. Mainframe, any kind of Unix, Linux, Windows...
 Some exceptions do apply but it's still 

Re: Mainframes open to internet attacks?

[R.S.]

W dniu 2015-08-28 o 06:19, Timothy Sipples pisze:

Radoslaw Skorupka wrote:

c) IMHO it is bad idea to make any system directly accessible from
Internet. Mainframe, any kind of Unix, Linux, Windows...

Which leaves...what? Is Wang still selling machines? (But those were
systems, too...)


Well...
OS/2 and it's successor eComStation
VMS aka OpenVMS
OS/400

(now more funny answers)
iOS
Android
PC DOS (it's hard to find server working uder DOS, but...)
BeOS
NetWare
FreeBSD
QNX



--
Radoslaw Skorupka
Lodz, Poland






--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzib w Warszawie, ul. Senatorska 18, 00-950 Warszawa, 
www.mBank.pl, e-mail: kont...@mbank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru 
Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. 
Wedug stanu na dzie 01.01.2015 r. kapita zakadowy mBanku S.A. (w caoci 
wpacony) wynosi 168.840.228 zotych.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Klan, Rob (RET-DAY)]

Compared to what?

compared to a mainframe locked in a vault.


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Shmuel Metz (Seymour J.)
Sent: Thursday, August 27, 2015 7:23 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

In 55df2edd.5090...@bremultibank.com.pl, on 08/27/2015
   at 05:38 PM, R.S. r.skoru...@bremultibank.com.pl said:

What I understod from the lecture:
a) mainframes are old, obsolete, but unfotunately sometimes still in 
use  - which is a sin.

If they do the job as well as or better than available alternatives then 
they're not obsolete.

b) mainframes are insecure

Compared to what? 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Mike Wawiorko]

Just to make sure we get answers to the correct question, which mainframe 
operating system are we talking about?

z/OS

z/VM  CMS

Linux on z

Mike Wawiorko
 Please consider the environment before printing this e-mail

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Eamon C
Sent: 28 August 2015 13:37
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Mainframe hyperlink

Hi, we had a query from a user we don't think is possible but posting here just 
in case.   

The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
mainframe to be able to click to a share drive or server'

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This e-mail and any attachments are confidential and intended solely for the 
addressee and may also be privileged or exempt from disclosure under applicable 
law. If you are not the addressee, or have received this e-mail in error, 
please notify the sender immediately, delete it from your system and do not 
copy, disclose or otherwise act upon any part of this e-mail or its attachments.

Internet communications are not guaranteed to be secure or virus-free. The 
Barclays Group does not accept responsibility for any loss arising from 
unauthorised access to, or interference with, any Internet communications by 
any third party, or from the transmission of any viruses. Replies to this 
e-mail may be monitored by the Barclays Group for operational or business 
reasons.

Any opinion or other information in this e-mail or its attachments that does 
not relate to the business of the Barclays Group is personal to the sender and 
is not given or endorsed by the Barclays Group.

Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). 
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. 

Barclays Bank PLC is authorised by the Prudential Regulation Authority and 
regulated by the Financial Conduct Authority and the Prudential Regulation 
Authority (Financial Services Register No. 122702).

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Staller, Allan]

There is a lot of infrastructure to put in place before that can happen, but 
given an HTTP server on the mainframe,
I would expect this to be possible.

As a minimum, NFS would need to be installed/updated, not to mention security 
upgrades, OMVS configuration changes,...

Good Luck!

snip
Hi, we had a query from a user we don't think is possible but posting here just 
in case.   

The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
mainframe to be able to click to a share drive or server'
/snip

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Eosze, Jonathan L.]

Assuming that you are talking about z/OS, the old HTTP server based on Domino 
had a facility that would handle PS, PDS and PDSE: the GWAPIS MVSDS DLL 
Service. Unfortunately, the new Apache based HTTP server doesn't have it, so 
we've been holding off on converting.

More information can be found at 
http://www-01.ibm.com/support/knowledgecenter/#!/SSLTBW_1.12.0/com.ibm.zos.r12.dgwa400/imwziu181527.htm.

Snippet from our /etc/httpd.conf:

#4. EXAMPLE URL's
#=
#Example URL's containing this type of naming would be:
#
# http://www.mvs.tcp.ibm.com/MVSDS/'WEBSRV.PAGES.HTML.HOME'
# http://www.mvs.tcp.ibm.com/MVSDS/DD:PAGES(OTHERPAG)
# http://www.mvs.tcp.ibm.com/MVSDS/MYPAGES.IMAGES.GIF(NATURE)
#
#In these examples, MVSDS is used as the key. The examples represent:
# - a (an?) FQN
# - a JCL DD reference (to a PDS, whose member OTHERPAG is
#   to be retrieved), and
# - a PQN to which the MVS user ID will be prepended

Jonathan Eosze | Sr Computer Sys Engr | IT Operations
Mainframe Management 1 (IMS), Information Technology, USAA

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Staller, Allan
Sent: Friday, August 28, 2015 8:14 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: EXTERNAL: Re: Mainframe hyperlink

There is a lot of infrastructure to put in place before that can happen, but 
given an HTTP server on the mainframe,
I would expect this to be possible.

As a minimum, NFS would need to be installed/updated, not to mention security 
upgrades, OMVS configuration changes,...

Good Luck!

snip
Hi, we had a query from a user we don't think is possible but posting here just 
in case.   

The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
mainframe to be able to click to a share drive or server'
/snip

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[David Crayford]

On 28/08/2015 9:54 PM, Eosze, Jonathan L. wrote:

Assuming that you are talking about z/OS, the old HTTP server based on Domino 
had a facility that would handle PS, PDS and PDSE: the GWAPIS MVSDS DLL 
Service. Unfortunately, the new Apache based HTTP server doesn't have it, so 
we've been holding off on converting.


Will this do? 
http://publib.boulder.ibm.com/httpserv/manual70/mod/mod_mvsds.html




More information can be found at 
http://www-01.ibm.com/support/knowledgecenter/#!/SSLTBW_1.12.0/com.ibm.zos.r12.dgwa400/imwziu181527.htm.

Snippet from our /etc/httpd.conf:

#4. EXAMPLE URL's
#=
#Example URL's containing this type of naming would be:
#
# http://www.mvs.tcp.ibm.com/MVSDS/'WEBSRV.PAGES.HTML.HOME'
# http://www.mvs.tcp.ibm.com/MVSDS/DD:PAGES(OTHERPAG)
# http://www.mvs.tcp.ibm.com/MVSDS/MYPAGES.IMAGES.GIF(NATURE)
#
#In these examples, MVSDS is used as the key. The examples represent:
# - a (an?) FQN
# - a JCL DD reference (to a PDS, whose member OTHERPAG is
#   to be retrieved), and
# - a PQN to which the MVS user ID will be prepended

Jonathan Eosze | Sr Computer Sys Engr | IT Operations
Mainframe Management 1 (IMS), Information Technology, USAA

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Staller, Allan
Sent: Friday, August 28, 2015 8:14 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: EXTERNAL: Re: Mainframe hyperlink

There is a lot of infrastructure to put in place before that can happen, but 
given an HTTP server on the mainframe,
I would expect this to be possible.

As a minimum, NFS would need to be installed/updated, not to mention security 
upgrades, OMVS configuration changes,...

Good Luck!

snip
Hi, we had a query from a user we don't think is possible but posting here just 
in case.

The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
mainframe to be able to click to a share drive or server'
/snip

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[R.S.]

W dniu 2015-08-28 o 14:12, John McKown pisze:


The die hard AmigaDOS people will be wanting an apology for being ignored
  -- yet again. The CP/M people have all died, so no worries from them.
[grin].


Well, I still have working CP/M machine and feel quite alive. However I 
never tried to  connect it to Internet.

(yes, it's Friday...)

--
Radoslaw Skorupka
Lodz, Poland






--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku 
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie 
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem 
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania 
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być 
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie 
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość 
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, 
www.mBank.pl, e-mail: kont...@mbank.pl
Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru 
Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. 
Według stanu na dzień 01.01.2015 r. kapitał zakładowy mBanku S.A. (w całości 
wpłacony) wynosi 168.840.228 złotych.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[John McKown]

On Fri, Aug 28, 2015 at 3:02 AM, R.S. r.skoru...@bremultibank.com.pl
wrote:

 W dniu 2015-08-28 o 06:19, Timothy Sipples pisze:

 Radoslaw Skorupka wrote:

 c) IMHO it is bad idea to make any system directly accessible from
 Internet. Mainframe, any kind of Unix, Linux, Windows...

 Which leaves...what? Is Wang still selling machines? (But those were
 systems, too...)


 Well...
 OS/2 and it's successor eComStation
 VMS aka OpenVMS
 OS/400

 (now more funny answers)
 iOS
 Android
 PC DOS (it's hard to find server working uder DOS, but...)
 BeOS
 NetWare
 FreeBSD


​The NetBSD and OpenBSD projects will have their seconds call on you for
ignoring them.

QNX


The die hard AmigaDOS people will be wanting an apology for being ignored
 -- yet again. The CP/M people have all died, so no worries from them.
[grin]. But the real danger from omitting somone is from the Mac OSX
people. They tend to be fanatics.





 --
 Radoslaw Skorupka
 Lodz, Poland


-- 

Schrodinger's backup: The condition of any backup is unknown until a
restore is attempted.

Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.

He's about as useful as a wax frying pan.

10 to the 12th power microphones = 1 Megaphone

Maranatha! 
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Mike Schwab]

We have Mobius running to recall mainframe files to be displayed on a PC.

On Fri, Aug 28, 2015 at 8:13 AM, Staller, Allan allan.stal...@kbmg.com wrote:
 There is a lot of infrastructure to put in place before that can happen, but 
 given an HTTP server on the mainframe,
 I would expect this to be possible.

 As a minimum, NFS would need to be installed/updated, not to mention security 
 upgrades, OMVS configuration changes,...

 Good Luck!

 snip
 Hi, we had a query from a user we don't think is possible but posting here 
 just in case.

 The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
 mainframe to be able to click to a share drive or server'
 /snip

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Smaller Private Area in DR

[Peter Relson]

It of course might turn out that nothing changed wasn't correct.

But I/O configuration is a possibility.  However, I think that would 
affect SQA not CSA. The size of SQA, I believe, is the sum of the customer 
specification for SQA and the early-IPL needs. SQA in turn would affect 
where LPA goes. That in turn would affect where CSA goes. That in turn 
would affect where PVT goes.

A pair of dumps (one on each system) seems like the right way to diagnose 
this (rather than making intelligent guesses), in order to be able to view 
things like the boundaries and sizes of CSA, LPA, SQA, and the nucleus 
(most of the data is either in the CVT or the GDA).

Peter Relson
z/OS Core Technology Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Eamon C]

z/OS

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Smaller Private Area in DR

[John Eells]

rel...@us.ibm.com (Peter Relson) wrote:
snip

A pair of dumps (one on each system) seems like the right way to diagnose
this (rather than making intelligent guesses), in order to be able to view
things like the boundaries and sizes of CSA, LPA, SQA, and the nucleus
(most of the data is either in the CVT or the GDA).


Also, if you have RMF available, the Virtual Storage Activity Report 
shows the starting address and size of common storage areas under the 
Static Storage Map heading.  (The RMF SMF records might be available 
even if the DR system is not currently available...just a thought.)


--
John Eells
z/OS Technical Marketing
IBM Poughkeepsie
ee...@us.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Mainframe hyperlink

[Eamon C]

Hi, we had a query from a user we don't think is possible but posting here just 
in case.   

The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
mainframe to be able to click to a share drive or server'

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Paul Gilmartin]

On Fri, 28 Aug 2015 07:36:50 -0500, Eamon C wrote:

Hi, we had a query from a user we don't think is possible but posting here 
just in case.   

The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
mainframe to be able to click to a share drive or server'

Need more information.  Where do the files reside?  On which system do you wish 
to
access them?  How or where would the user click?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Elardus Engelbrecht]

Eamon C wrote:

The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
mainframe to be able to click to a share drive or server'

In theory yes! But, as others said, you'll need a lot of things to setup in the 
first place.

First, you'll have to explain the terms you use. 'share drive' and 'server' for 
example are not really the right terms.

You said it is z/OS, Ok, I have a lot of questions...

What will you then use to drive a web server? HTTP server? CICS? DB2? etc.?
As Allan said, what about NFS?
How will you setup your OMVS?
What will you use for TCP/IP?
Security? RACF? Firewalls?
Oh, what will you use to see a 'drive'? Do you want see a device? On z/OS, the 
general users don't see 'drives', but on OMVS, yes, but then with mountable 
paths+folders depending on setup.

Or do you want to open files? Others suggested about using files via various 
ways...

And lastly... what language or utility will you use to serve up those pages and 
accept the 'clicks'?

Finally, what will you to limit the availability of those pages containing 
those links?

About 'server'. This is way too ambiguous. You'll have to decide on what 
database you want to work on and then with right security setup the 'surfer' 
can perhaps click on something as long the application can handle the request. 

Lots of work, yes...

Groete / Greetings
Elardus Engelbrecht

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Itschak Mugzach]

If it is displayed on a screen, no problem. The emulator will link to it.

ITschak
בתאריך 28 באוג 2015 15:47,‏ Eamon C cus...@gmail.com כתב:

 Hi, we had a query from a user we don't think is possible but posting here
 just in case.

 The user is asking 'if there is a way to code a 'hyperlink' type entry on
 the mainframe to be able to click to a share drive or server'

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: EXTERNAL: Re: Mainframe hyperlink

[Eamon C]

Thanks everyone for your replies and thoughts so far.  

I'll go back to the users and try and get more information on what exactly they 
are hoping to do and how that ties in with the information provided here.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Smaller Private Area in DR

[phil yogendran]

Thanks Peter and John. I am looking into whether SMF data from DR is
available. Will post on the list of I find anything new.

On Fri, Aug 28, 2015 at 9:56 AM, John Eells ee...@us.ibm.com wrote:

 rel...@us.ibm.com (Peter Relson) wrote:
 snip

 A pair of dumps (one on each system) seems like the right way to diagnose
 this (rather than making intelligent guesses), in order to be able to view
 things like the boundaries and sizes of CSA, LPA, SQA, and the nucleus
 (most of the data is either in the CVT or the GDA).


 Also, if you have RMF available, the Virtual Storage Activity Report shows
 the starting address and size of common storage areas under the Static
 Storage Map heading.  (The RMF SMF records might be available even if the
 DR system is not currently available...just a thought.)

 --
 John Eells
 z/OS Technical Marketing
 IBM Poughkeepsie
 ee...@us.ibm.com

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: EXTERNAL: Re: Mainframe hyperlink

[Eosze, Jonathan L.]

And the comment about a share drive makes me think of a Windows desktop mapping 
a shared drive, which would imply SMB or SAMBA--or z/OS DFS (Distributed File 
Service).

http://www-01.ibm.com/support/knowledgecenter/#!/SSLTBW_2.1.0/com.ibm.zos.v2r1.ioe/ioe.htm

However, our experience has been poor performance compared to almost anything, 
including NFS and a 15+ year old port of SAMBA, and unable to support the 
changing of the owning system of a file system. Though that is supported, we 
never attempted to use it for access to datasets.

Jonathan Eosze | Sr Computer Sys Engr | IT Operations
Mainframe Management 1 (IMS), Information Technology, USAA


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Elardus Engelbrecht
Sent: Friday, August 28, 2015 8:59 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: EXTERNAL: Re: Mainframe hyperlink

Eamon C wrote:

The user is asking 'if there is a way to code a 'hyperlink' type entry on the 
mainframe to be able to click to a share drive or server'

In theory yes! But, as others said, you'll need a lot of things to setup in the 
first place.

First, you'll have to explain the terms you use. 'share drive' and 'server' for 
example are not really the right terms.

You said it is z/OS, Ok, I have a lot of questions...

What will you then use to drive a web server? HTTP server? CICS? DB2? etc.?
As Allan said, what about NFS?
How will you setup your OMVS?
What will you use for TCP/IP?
Security? RACF? Firewalls?
Oh, what will you use to see a 'drive'? Do you want see a device? On z/OS, the 
general users don't see 'drives', but on OMVS, yes, but then with mountable 
paths+folders depending on setup.

Or do you want to open files? Others suggested about using files via various 
ways...

And lastly... what language or utility will you use to serve up those pages and 
accept the 'clicks'?

Finally, what will you to limit the availability of those pages containing 
those links?

About 'server'. This is way too ambiguous. You'll have to decide on what 
database you want to work on and then with right security setup the 'surfer' 
can perhaps click on something as long the application can handle the request. 

Lots of work, yes...

Groete / Greetings
Elardus Engelbrecht

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[John McKown]

On Fri, Aug 28, 2015 at 8:40 AM, Eamon C cus...@gmail.com wrote:

 z/OS


​And how are they accessing z/OS? If they are using a 3270 emulator, then
no. Well, maybe. I've heard of some people who have written a PC based
script which they can set up in their particular 3270 emulation package
which can recognize if the user clicks on a field containing something
which looks like a Web address (e.g. http://something.or.other ). The only
thing which has real hyper-link capability would be one of the Web servers
on z/OS being accessed via a Web brower on the user's desktop.​




 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




-- 

Schrodinger's backup: The condition of any backup is unknown until a
restore is attempted.

Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.

He's about as useful as a wax frying pan.

10 to the 12th power microphones = 1 Megaphone

Maranatha! 
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Dave Salt]

I'm not sure what you're trying to accomplish but SimpList might be able to do 
what you want. It integrates the mainframe and PC so you can perform tasks on 
either one. For example, you can click hyperlinks on ISPF panels and have it 
open web pages in a browser,  or open PC files for edit on the mainframe, or 
print mainframe files on a PC printer, or display a PC directory on the 
mainframe so you can select files to browse/edit/print/transfer (etc.). Feel 
free to contact me off-list if you want more information.

Dave Salt

SimpList(tm) - try it; you'll get it! 

http://www.mackinney.com/products/program-development/simplist.html  


 Date: Fri, 28 Aug 2015 22:02:24 +0800
 From: dcrayf...@gmail.com
 Subject: Re: Mainframe hyperlink
 To: IBM-MAIN@LISTSERV.UA.EDU
 
 On 28/08/2015 9:54 PM, Eosze, Jonathan L. wrote:
  Assuming that you are talking about z/OS, the old HTTP server based on 
  Domino had a facility that would handle PS, PDS and PDSE: the GWAPIS MVSDS 
  DLL Service. Unfortunately, the new Apache based HTTP server doesn't have 
  it, so we've been holding off on converting.
 
 Will this do? 
 http://publib.boulder.ibm.com/httpserv/manual70/mod/mod_mvsds.html
 
 
  More information can be found at 
  http://www-01.ibm.com/support/knowledgecenter/#!/SSLTBW_1.12.0/com.ibm.zos.r12.dgwa400/imwziu181527.htm.
 
  Snippet from our /etc/httpd.conf:
 
  #4. EXAMPLE URL's
  #=
  #Example URL's containing this type of naming would be:
  #
  # http://www.mvs.tcp.ibm.com/MVSDS/'WEBSRV.PAGES.HTML.HOME'
  # http://www.mvs.tcp.ibm.com/MVSDS/DD:PAGES(OTHERPAG)
  # http://www.mvs.tcp.ibm.com/MVSDS/MYPAGES.IMAGES.GIF(NATURE)
  #
  #In these examples, MVSDS is used as the key. The examples 
  represent:
  # - a (an?) FQN
  # - a JCL DD reference (to a PDS, whose member OTHERPAG is
  #   to be retrieved), and
  # - a PQN to which the MVS user ID will be prepended
 
  Jonathan Eosze | Sr Computer Sys Engr | IT Operations
  Mainframe Management 1 (IMS), Information Technology, USAA
 
  -Original Message-
  From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On 
  Behalf Of Staller, Allan
  Sent: Friday, August 28, 2015 8:14 AM
  To: IBM-MAIN@LISTSERV.UA.EDU
  Subject: EXTERNAL: Re: Mainframe hyperlink
 
  There is a lot of infrastructure to put in place before that can happen, 
  but given an HTTP server on the mainframe,
  I would expect this to be possible.
 
  As a minimum, NFS would need to be installed/updated, not to mention 
  security upgrades, OMVS configuration changes,...
 
  Good Luck!
 
  snip
  Hi, we had a query from a user we don't think is possible but posting here 
  just in case.
 
  The user is asking 'if there is a way to code a 'hyperlink' type entry on 
  the mainframe to be able to click to a share drive or server'
  /snip
 
  --
  For IBM-MAIN subscribe / signoff / archive access instructions,
  send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
 
  --
  For IBM-MAIN subscribe / signoff / archive access instructions,
  send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
 
 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
  
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[David Crayford]

On 29/08/2015 5:56 AM, Charles Mills wrote:

http://mainframesproject.tumblr.com/


That really is a hall of shame! If you can access telnet then you can 
disrupt the system with a DDoS attack.




Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Scott Ford
Sent: Friday, August 28, 2015 1:42 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

I think the dude who wrote to article was looking for money or being a name in the 
industry.  Every Z system I have been on you could not get to a login screen that easy. 
That's about 20+ shops , so dude give us details no fluff

Scott

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Smaller Private Area in DR

[J O Skip Robinson]

Peter makes good points--as always. I was thinking mainly about CSA *usage*. 
The real question is when the COMMON/PRIVATE boundary gets set. IODF must be 
read and digested very early in IPL, certainly before SYS1.PARMLIB is opened. 
By the time IEASYSxx is processed, do below-the-line UCBs figure into the 
boundary calculation? Alas, my microfiche reader is down for maintenance. ;-)

But Peter also raises a delicate question that I often have to ask: is the 
claim that 'nothing changed' really true? I mean aside from the IODF. How often 
does it come out in the wash that 'we changed only one little thing'? As Peter 
says, some dumps would go far toward resolving the problem. OTOH I know that DR 
issues may be impossible to explore ahead of the next DR exercise.

.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
626-302-7535 Office
323-715-0595 Mobile
jo.skip.robin...@sce.com

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Peter Relson
Sent: Friday, August 28, 2015 5:48 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Smaller Private Area in DR

It of course might turn out that nothing changed wasn't correct.

But I/O configuration is a possibility.  However, I think that would affect SQA 
not CSA. The size of SQA, I believe, is the sum of the customer specification 
for SQA and the early-IPL needs. SQA in turn would affect where LPA goes. That 
in turn would affect where CSA goes. That in turn would affect where PVT goes.

A pair of dumps (one on each system) seems like the right way to diagnose this 
(rather than making intelligent guesses), in order to be able to view things 
like the boundaries and sizes of CSA, LPA, SQA, and the nucleus (most of the 
data is either in the CVT or the GDA).

Peter Relson
z/OS Core Technology Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe hyperlink

[Shmuel Metz (Seymour J.)]

In 2801158597658286.wa.cushecgmail@listserv.ua.edu, on
08/28/2015
   at 07:36 AM, Eamon C cus...@gmail.com said:

The user is asking 'if there is a way to code a 'hyperlink' type
entry on the mainframe to be able to click to a share drive or
server'

That's not a mainframe question. A mainframe web server can serve the
same content as any other web server, but if you want the client to
mount a drive that takes code on the client.
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Charles Mills]

http://mainframesproject.tumblr.com/ 

Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Scott Ford
Sent: Friday, August 28, 2015 1:42 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

I think the dude who wrote to article was looking for money or being a name in 
the industry.  Every Z system I have been on you could not get to a login 
screen that easy. That's about 20+ shops , so dude give us details no fluff

Scott

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Scott Ford]

I think the dude who wrote to article was looking for money or being a name
in the industry.  Every Z system I have been on you could not get to a
login screen that easy. That's about 20+ shops , so dude give us details no
fluff

Scott

On Friday, August 28, 2015, R.S. r.skoru...@bremultibank.com.pl wrote:

 W dniu 2015-08-28 o 14:12, John McKown pisze:


 The die hard AmigaDOS people will be wanting an apology for being ignored
   -- yet again. The CP/M people have all died, so no worries from them.
 [grin].


 Well, I still have working CP/M machine and feel quite alive. However I
 never tried to  connect it to Internet.
 (yes, it's Friday...)

 --
 Radoslaw Skorupka
 Lodz, Poland






 --
 Treść tej wiadomości może zawierać informacje prawnie chronione Banku
 przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być
 jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś
 adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej
 przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie,
 rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie
 zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo,
 prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale
 usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub
 zapisane na dysku.

 This e-mail may contain legally privileged information of the Bank and is
 intended solely for business use of the addressee. This e-mail may only be
 received by the addressee and may not be disclosed to any third parties. If
 you are not the intended addressee of this e-mail or the employee
 authorized to forward it to the addressee, be advised that any
 dissemination, copying, distribution or any other similar activity is
 legally prohibited and may be punishable. If you received this e-mail by
 mistake please advise the sender immediately by using the reply facility in
 your e-mail software and delete permanently this e-mail including any
 copies of it either printed or saved to hard drive.

 mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa,
 www.mBank.pl, e-mail: kont...@mbank.pl
 Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego
 Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP:
 526-021-50-88. Według stanu na dzień 01.01.2015 r. kapitał zakładowy mBanku
 S.A. (w całości wpłacony) wynosi 168.840.228 złotych.


 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN