Re: Asking for a friend - reported NPM/node.js vulnerabilities

2021-11-06 Thread Support, DUNNIT SYSTEMS LTD. 
Thanks for the update.

I've now also come across this, though I haven't a clue whether this might 
affect ZOWE users:

Popular 'coa' NPM library hijacked to steal user passwords

https://www.bleepingcomputer.com/news/security/popular-coa-npm-library-hijacked-to-steal-user-passwords/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Redbooks Rumor

2021-11-06 Thread Paul Robichaux 
> On Nov 6, 2021, at 4:21 PM, Charles Mills  wrote:
> 
> Every time I see the title of this thread I think it says Redneck Humor.
> 
> Charles
> 
> 
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On 
> Behalf Of zMan
> Sent: Saturday, November 6, 2021 3:37 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Redbooks Rumor
> 
>> I can't tell, Colin:  Is this facetism?
> "facetism"?? fetishism? fascism? fetishist fascism? (is that last one
> redundant?)
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Redbooks Rumor

2021-11-06 Thread Charles Mills 
Every time I see the title of this thread I think it says Redneck Humor.

Charles


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of zMan
Sent: Saturday, November 6, 2021 3:37 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Redbooks Rumor

> I can't tell, Colin:  Is this facetism?
"facetism"?? fetishism? fascism? fetishist fascism? (is that last one
redundant?)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Redbooks Rumor

2021-11-06 Thread zMan 
> I have noticed that the lack of books related to z/OS has been steadily
declining

So there are more now?

On Thu, Nov 4, 2021 at 10:22 PM Cheryl Watson 
wrote:

> This is really appalling! I hope it's not true, but I have noticed that
> the lack of books related to z/OS has been steadily declining, and I find
> it very distressing. I've always found the Redbooks to be the best
> documentation ever provided by IBM. Unfortunately, most of the Redbooks are
> now simply marketing guides.
>
> The post from Bill Bitner was from a Linux blog post. Is IBM speaking
> about Linux/Power Redbooks only? Does it also apply to z/OS Redbooks?
>
> Why isn't there more outrage on this forum? If you don't complain, IBM
> will bury these in one more opportunity to save money while leaving
> customers without the excellent resources they've had in the past.
>
> If you want z/OS Redbooks, please make your voice heard here.
>
> Thanks,
> Cheryl
>
> ==
> Cheryl Watson Walker, CEO
> Watson & Walker, Inc.
> www.watsonwalker.com
> ==
>
>
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Neale Ferguson
> Sent: Thursday, October 28, 2021 10:03 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Redbooks Rumor
>
> I am hearing strong rumors that IBM is about to commit the type of
> corporate facepalm that is the stuff for future textbooks. Apparently
> Redbooks are no longer going to be a thing and the organization disbanded.
> If there’s one thing that has differentiated IBM in the mainframe space has
> been the quality of its documentation and, in particular, the type of
> HOW-TO information contained within Redbooks and Redpieces. These documents
> turn a “that’d be nice to do” into a proof-of-concept and finally into
> production. In doing so, they must be responsible for millions or billions
> of dollar in revenue to IBM.
>
> Many of the topics of Redbooks cover are complex and even intimidating.
> They provide a step-by-step approach to learning and implementing using a
> group of people actually doing what they’re writing about. This is
> invaluable.
>
> I hope these rumors are untrue but if not I think we should all be
> shouting from the roof until someone with some sense realizes how
> shortsighted this decision is.
>
> Neale
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


-- 
zMan -- "I've got a mainframe and I'm not afraid to use it"

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Redbooks Rumor

2021-11-06 Thread zMan 
> I can't tell, Colin:  Is this facetism?
"facetism"?? fetishism? fascism? fetishist fascism? (is that last one
redundant?)

On Fri, Nov 5, 2021 at 12:45 PM Bob Bridges  wrote:

> I can't tell, Colin:  Is this facetism?  Some months ago, or maybe a year,
> I found I was no longer able to access the on-line HTMLs; I had to content
> myself with downloaded PDFs (and hope that I'd remember to download the
> updates as often as necessary).  It is nice, I agree, to know that the
> documentation I've remembered to download is at my fingertips even when my
> internet connection is down.  Not so great to know that I can't look up
> something new during that time.  And I really liked the HTML search
> function; the analogue in PDFs isn't as useful.
>
> I supposed that PDF downloads are the only option, nowadays.  Are you
> saying the on-line HTMLs are still available somewhere?
>
> ---
> Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
>
> /* The secret of being miserable is to have leisure to bother about
> whether you are happy or not.  The cure for it is occupation.  -George
> Bernard Shaw (1856-1950) */
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Colin Paice
> Sent: Friday, November 5, 2021 10:03
>
> I find the IBM Doc site very slow (10 seconds to get into it) - not a good
> advertisement for IBM servers.   (most of the time "scripting")
> I hope they provide PDF's rather than just web pages.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


-- 
zMan -- "I've got a mainframe and I'm not afraid to use it"

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

32nd International Rexx Language Symposium

2021-11-06 Thread René Jansen 
Dear list members,

I am sure these lists have enough Rexx enthusiasts to warrant this 
announcement; the crossposting is intentional so you might receive this twice.

The 32nd International Rexx Language Symposium will run from 7-10 November 
2021. We have a full roster of interesting presentations; there is some 
interesting Rexx content, by which we mean Classic Rexx as seen on z/VM and 
z/OS, as well as presentations for other Rexx platforms like Open Object Rexx, 
NetRexx and Regina. You are cordially invited to follow this online symposium 
for free, we will run it over Zoom and details are at the RexxLA website. 
Sunday 7 will be dedicated to seminars by Rony Flatscher regarding ooRexx. The 
times are late afternoon/early evening for Europe (including the UK for this 
purpose), and daytime for most of the the USA. Details are on 
https://www.rexxla.org/events/symposium.rsp 
 - the schedule can also be found 
on the homepage www.rexxla.org  .

Zoom URL’s for every symposium day (Sunday 7th will have seminars by Prof. Dr. 
Rony Flatscher from Vienna’s Wirtschaftsuniversität on Open Object Rexx, the 
symposium proper will start Monday the 8th of November, and will run up to and 
including Wednesday the 10th) will be announced on the website and on the 
RexxLA mailing list. Please register at the RexxLA website (it is free, and 
incurs no obligations - you will have a direct line to most Rexx implementers 
from then on, and a lifetime free RexxLA membership).

Hope to see a lot of you at the symposium!

Best regards,

René Vincent Jansen,
President, Rexx Language Association.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Multiple TSO logons within sysplex

2021-11-06 Thread Jousma, David 
The only problem with &sysname is that unless you have sms rules to "cleanup" 
these work datasets sometimes hang around.  Not sure if you'd get a not 
catalog2 error or if they get reused.




Dave Jousma

Vice President | Director, Technology Engineering


Fifth Third Bank  |  1830 East Paris Ave, SE  |  MD RSCB2H  |  Grand Rapids, MI 
49546

616.653.8429




From: IBM Mainframe Discussion List  on behalf of 
Radoslaw Skorupka 
Sent: Saturday, November 6, 2021 11:43:53 AM
To: IBM-MAIN@LISTSERV.UA.EDU 
Subject: Re: Multiple TSO logons within sysplex

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

I've got a many responses, thank everybody! I appreciate your help. This
is the value from being on IBM-MAIN.

Now technical topics:
ISPPROF can now be shared. However you have to configure ISPF for that
(ISPCCONF, single checkbox).
temporary datasets should remain unique, but you no longer need exit 16,
because you can use ISPCCONF instead. BTW: I prefer &SYSNAME over &SEQ.
Reason: &SYSNAME clearly show system relationship.
GRS SYSIKJUA - nothing changed.
GRS SPFEDIT - seems to be not an issue because of shared ISPPROF.

Regards

--
Radoslaw Skorupka
Lodz, Poland




W dniu 05.11.2021 o 16:57, Radoslaw Skorupka pisze:
> I just re-read Configuring ISPF for Fun and Profit presentation and
> found the following link:
> http://home.roadrunner.com/~pinncons/TSO LOGON with the Same Userid on
> Multiple LPARs in a Sysplex.pdf
>
> However the link is dead.
> Does anyone have the presentation?
> Or any other presentation on the topic.
>
> My goal is to enable multiple TSO/ISPF logons within sysplex.
> What I know:
> - ISPPROF dataset can be shared now (it has changed)
> - LIST, LOG, TEMP datasets should not be shared. The solution is exit
> 16 or ISPF Configuration Utility (add &SYSNAME to the DSNs).
> - I'm not sure about PDF edit recovery files.
> - Did I miss something?
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**
This e-mail transmission contains information that is confidential and may be 
privileged.
It is intended only for the addressee(s) named above. If you receive this 
e-mail in error,
please do not read, copy or disseminate it in any manner.  If you are not the 
intended 
recipient, any disclosure, copying, distribution or use of the contents of this 
information
is prohibited. Please reply to the message immediately by informing the sender 
that the 
message was misdirected. After replying, please erase it from your computer 
system. Your 
assistance in correcting this error is appreciated.




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Multiple TSO logons within sysplex

2021-11-06 Thread Paul Gilmartin 
On Sat, 6 Nov 2021 16:43:53 +0100, Radoslaw Skorupka wrote:
>...
>Now technical topics:
>...
>GRS SPFEDIT - seems to be not an issue because of shared ISPPROF.
>
Cnange /because o/ /espite/

ISPF member enqueue ought to handle that:



Which has worked for me in batch versus foreground processing.  I allocated
ISPPROF toa temp DSN for batch.

Once it failed horribly because MIM had crashed.  A fail-safe design would
prohibit access when MIM was inaccessible.  But that might have other
adverse consequences.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Multiple TSO logons within sysplex

2021-11-06 Thread Radoslaw Skorupka 
I've got a many responses, thank everybody! I appreciate your help. This 
is the value from being on IBM-MAIN.


Now technical topics:
ISPPROF can now be shared. However you have to configure ISPF for that 
(ISPCCONF, single checkbox).
temporary datasets should remain unique, but you no longer need exit 16, 
because you can use ISPCCONF instead. BTW: I prefer &SYSNAME over &SEQ. 
Reason: &SYSNAME clearly show system relationship.

GRS SYSIKJUA - nothing changed.
GRS SPFEDIT - seems to be not an issue because of shared ISPPROF.

Regards

--
Radoslaw Skorupka
Lodz, Poland




W dniu 05.11.2021 o 16:57, Radoslaw Skorupka pisze:
I just re-read Configuring ISPF for Fun and Profit presentation and 
found the following link:
http://home.roadrunner.com/~pinncons/TSO LOGON with the Same Userid on 
Multiple LPARs in a Sysplex.pdf


However the link is dead.
Does anyone have the presentation?
Or any other presentation on the topic.

My goal is to enable multiple TSO/ISPF logons within sysplex.
What I know:
- ISPPROF dataset can be shared now (it has changed)
- LIST, LOG, TEMP datasets should not be shared. The solution is exit 
16 or ISPF Configuration Utility (add &SYSNAME to the DSNs).

- I'm not sure about PDF edit recovery files.
- Did I miss something?



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Noodle picker - found reference

2021-11-06 Thread Paul Gilmartin 
On Sat, 6 Nov 2021 16:30:06 +0100, Radoslaw Skorupka  
wrote:

>Maybe this would be accepted by wiki editors:
>
>ZE11 System z and Storage Synergy
>Scott Drummond
>(snipped)@us.ibm.com
>18 - 20 September, 2012
>IBM Forum Brussels
>
I may have fumbled away the URL.  Perhaps:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwit94_zlPvzAhVBlGoFHbbFDMQQFnoECAoQAQ&url=ftp%3A%2F%2Fwww.redbooks.ibm.com%2Fredbooks%2F2012_ITSO_Total_Solution_Event_System_z_Brussels%2Ftrack_03_New_Technologies_on_zEnterprise%2FZE11_%2520System_z_and_Storage_Synergy_September_11_2012.pdf&usg=AOvVaw1dHbjFmr4HYw8kOEqcDPod

Ugh!  Google Tracker!  FTP!  I downloaded with difficulty.

Or: 
(But is that Shmuel's  own article?)

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Noodle picker - found reference

2021-11-06 Thread Radoslaw Skorupka 

Maybe this would be accepted by wiki editors:

ZE11 System z and Storage Synergy
Scott Drummond
(snipped)@us.ibm.com
18 - 20 September, 2012
IBM Forum Brussels


--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Asking for a friend - reported NPM/node.js vulnerabilities

2021-11-06 Thread Sebastian Welton 
On Mon, 25 Oct 2021 05:29:53 -0500, Support, DUNNIT SYSTEMS LTD. 
 wrote:

>Correct. We installed node.js on our PCs in as part of the ZOWE CLI 
>installation. That is what we are concerned about. We do not understand 
>whether the reports I linked to may negatively affect us or not.
>

From the Zowe mailing list and I suspect we will see more and more of this as 
more and more opensource software ends up on z/OS:



Hello Zowe Users,


We were informed of a published vulnerability in NPM dependencies which 
affected Zowe CLI’s secure-credential-store during the time period of Nov 4th 
to Nov 5th. If you installed the plugin from npmjs.org during the vulnerable 
window of time via a direct command line install, you should follow the 
recommended resolution steps from the security advisory here: 
https://github.com/advisories/GHSA-g2q5-5433-rhrf. You are not affected if you 
downloaded the secure credential store plugin from zowe.org or a Zowe support 
conformant vendor (IBM or Broadcom). You are not affected if you downloaded 
from any source prior to Nov 4.


   The following component versions were affected:


@zowe/secure-credential-store-for-zowe-cli@zowe-v1-lts 

@zowe/secure-credential-store-for-zowe-cli@latest


If you issued one of these commands Nov 4 or Nov 5, you should follow the above 
resolution steps:


“zowe plugins install 
@zowe/secure-credential-store-for-zowe-cli@zowe-v1-lts”

“zowe plugins install @zowe/secure-credential-store-for-zowe-cli@latest”



Hello Zowe Developers,


We found additional Zowe components which the above vulnerability affects at 
development time, during the same time period of Nov 4th - Nov 5th. There was a 
second hijacked dependency, https://github.com/veged/coa/issues/99, which 
contained the same exploit.


Conditions for vulnerability:


Zowe API Mediation Layer, Frontend Catalog (path: api-catalog-ui/frontend)
If you issued an “npm install” for the first time in this directory Nov 
4 or Nov 5, you may have been compromised.
If you deleted any existing “package-lock.json” and then issued “npm 
install” for the first time Nov 4 or Nov 5, you may have been compromised.
Zowe Desktop Sample React Application (path: webClient)
If you issued an “npm install” for the first time in this directory Nov 
4 or Nov 5, you may have been compromised.
If you deleted any existing “package-lock.json” and then issued “npm 
install” for the first time Nov 4 or Nov 5, you may have been compromised.
Zowe CLI
If you deleted “package-lock.json” and then issued “npm install” for 
the first time Nov 4 or Nov 5, you may have been compromised.
Imperative 
If you deleted “package-lock.json” and then issued “npm install” for 
the first time Nov 4 or Nov 5, you may have been compromised.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN