Re: z/OS holddata per https?

[Barbara Nitz]

>Does Edge force the HTTPS-Only Mode that Joel mentioned?
I have no idea. We are completely kneecapped and *have to* use what someone 
else configured.

>What's a "data store"?  Will downloads of HTTPS resources be prohibited?
>What about ShopZ and RECEIVE ORDER?

ShopZ has offered HTTPS for quite a while, so ShopZ has never been a problem. 

As for 'data store': I am unsure of the correct word. I mean the places 
somewhere in the cloud (even if the word ibm appears in the url) where just 
about everyone can store things and see it. It is kind of public, I think. Our 
installation generally prohibits us from accessing anything in these places, so 
there it doesn't matter if it https or not, we cannot get there as it is 
considered 'dangerous'. There seems to be a general list of IP addresses for it 
somewhere, maintained by whomever, so that gets blocked by the firewall.

Barbara

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Paul Gilmartin]

On Sun, 7 Nov 2021 23:00:01 -0600, Barbara Nitz wrote:

>>I notice these are now available from:
>>
>
>Yes, I found that out when I needed the lastest holddata. I had forgotten to 
>use IE (as long as we still have that) and had used Edge 
>
Does Edge force the HTTPS-Only Mode that Joel mentioned?

The page above (still) has sample JCL for batch download via FTP.
How might one download an HTTPS resource in batch?  Would it
require Co:Z and/or Ported tools (curl)?

Extra credit if one can un-TERSE a ".bin" instance without using a temp data 
set.

> ... (no Firefox, no Chrome here) and it worked. Now I can only hope that IBM 
> will no longer put ptf documentation inside a ++HOLD DOC as ftp links or as 
> links to public data stores. IE will go away here soon and access to data 
> stores gets blocked every time.
?
What's a "data store"?  Will downloads of HTTPS resources be prohibited?
What about ShopZ and RECEIVE ORDER?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Barbara Nitz]

>I notice these are now available from:
>

Yes, I found that out when I needed the lastest holddata. I had forgotten to 
use IE (as long as we still have that) and had used Edge (no Firefox, no Chrome 
here) and it worked. Now I can only hope that IBM will no longer put ptf 
documentation inside a ++HOLD DOC as ftp links or as links to public data 
stores. IE will go away here soon and access to data stores gets blocked every 
time.

IBM has converted a number of ftp links to https now. Maybe my public complaint 
in January helped. 

Regards, Barbara

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Joel C. Ewing]

You alerted me to a Firefox feature I had totally missed: Since Firefox 
83 (2020-11-17) Firefox has had an option to enable HTTPS-Only Mode to 
attempt to do the HTTP to HTTPS conversion with fall back that you 
described.   That option is DISABLED by default, even on a new install.  
You can go to Settings, Privacy & Security, HTTPS-Only Mode at the 
bottom of the options, and Enable it for "all windows", or just for 
"private windows".  Will try it out, as it is a rare site these days 
that doesn't support https, and avoiding all http closes a possible 
phishing exposure.


With HTTPS-Only Mode enabled in Firefox, for the site in question (on a 
browser where no security exception has yet been made for that site 
certificate), you receive an "HTTPS-Only Mode Alert, Secure Site Not 
Available" alert because of the certificate mismatch, and the only 
options are to proceed with just HTTP protocol or cancel the access.   
If you instead use the URL with an explicit HTTPS, you can  get to the 
option to accept the "bad" certificate, and after that has been done 
once, future auto-HTTPS conversion also works for the site, although you 
still get the little warning triangle by the lock icon indicating 
something is amiss.


A web server such as Apache can indeed also "force" a switch from http 
to https by redirecting all or selected http traffic to https.  Assuming 
one wouldn't implement that on a server that wasn't also properly 
configured to support https, failure on any currently supported browser 
wouldn't be an issue. Such server-level techniques are still widely used 
to support browsers without the auto-conversion support (or which have 
that support disabled).  Having this done at the browser level is a 
better solution, but does require the fallback capability in case https 
is not properly configured at some website.


    Joel C  Ewing

On 11/7/21 17:00, Paul Gilmartin wrote:

On Sun, 7 Nov 2021 15:44:18 -0600, Joel C. Ewing wrote:

...
I'm amazed IBM doesn't yet automatically convert http protocol to https
on all their websites, and hasn't yet changed all published links from
http to https.


I'm amazed that if the user omits the scheme and types merely the
domain name Firefox defaults to (hidden) http, not htps.

Firefox lately attempts to convert http to https but falls back to http on
failure.  The client can do that; the server can't.

Compatibility.  I suspect that  conversion is done by a redirection
and the webmaster wishes to continue supporting old clients.


Just out of curiosity I tried
https://service.software.ibm.com/holdata/390holddata.html ,
and it does actually work (good), but in Firefox you have to override an
invalid security certificate (bad), ...


Might that be reported to IBM, which maintains a reputation  for security?

(The embedded URLs to data files are explicitly  https.)


... because the certificate at the
service.software.ibm.com website server is apparently only valid for
domains www.aix.software.ibm.com and aix.software.ibm.com, not for
service.software.ibm.com .  Upon inspection, the certificate is
obviously owned by IBM, so if you understand certificates you can feel
confident that in this case a bad-certificate override is safe, but one
should not be required to override security warnings.

Maybe there are some obscure reasons IBM has to keep allowing http
access, but an explicit https access should at least be correctly
supported for all web content -- and that means having the proper
security certificates in place.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
Joel C. Ewing

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[kekronbekron]

Whenever the link is ftp://public.dhe.ibm.com/...something...
... just try https://public.dhe.ibm.com/...something...

In this case, https://public.dhe.ibm.com/s390/holddata/full.txt works.

- KB

‐‐‐ Original Message ‐‐‐

On Monday, November 8th, 2021 at 3:14 AM, Joel C. Ewing  
wrote:

> There was a big push -- several years back now -- to encourage all web
>
> sites to change all pages to force access via https to make it much more
>
> difficult to perform man-in-the-middle phishing or data modification
>
> attacks, since it is difficult to get valid security certificates for a
>
> website domain name you don't control.  The purpose of https is not just
>
> to encrypt data transferred, but to guarantee that all data you see is
>
> actually coming from the party that owns the certificates for the domain
>
> name you expect to be sending you data.
>
> I'm amazed IBM doesn't yet automatically convert http protocol to https
>
> on all their websites, and hasn't yet changed all published links from
>
> http to https.
>
> Just out of curiosity I tried
>
> https://service.software.ibm.com/holdata/390holddata.html ,
>
> and it does actually work (good), but in Firefox you have to override an
>
> invalid security certificate (bad), because the certificate at the
>
> service.software.ibm.com website server is apparently only valid for
>
> domains www.aix.software.ibm.com and aix.software.ibm.com, not for
>
> service.software.ibm.com .  Upon inspection, the certificate is
>
> obviously owned by IBM, so if you understand certificates you can feel
>
> confident that in this case a bad-certificate override is safe, but one
>
> should not be required to override security warnings.
>
> Maybe there are some obscure reasons IBM has to keep allowing http
>
> access, but an explicit https access should at least be correctly
>
> supported for all web content -- and that means having the proper
>
> security certificates in place.
>
>     Joel C Ewing
>
> On 11/7/21 11:36, Paul Gilmartin wrote:
>
> > On Mon, 11 Jan 2021 06:02:47 -0600, Barbara Nitz wrote:
> >
> > > my employer has decided that ftp is not allowed anymore anywhere. Today I 
> > > tried to download the newest holddata from 
> > > http://service.software.ibm.com/holdata/390holddata.html. The file I'm 
> > > interested in (full data, plain text) is a link to 
> > > ftp://public.dhe.ibm.com/s390/holddata/full.txt. This is an ftp-Link, and 
> > > ftp is not allowed anywhere. I get a connection failed error, purely on 
> > > our side. So no holddata :-(
> > >
> > > Does anybody a link where these holddata are downloadable via http/s?
> >
> > I notice these are now available from:
> >
> > http://service.software.ibm.com/holdata/390holddata.html
> >
> > Last-Modified: Fri, 23 Jul 2021 13:10:34 GMT^M
> >
> > -- gil
>
> --
>
> Joel C. Ewing
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
>
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Paul Gilmartin]

On Sun, 7 Nov 2021 15:44:18 -0600, Joel C. Ewing wrote:
>...
>I'm amazed IBM doesn't yet automatically convert http protocol to https
>on all their websites, and hasn't yet changed all published links from
>http to https.
>
I'm amazed that if the user omits the scheme and types merely the
domain name Firefox defaults to (hidden) http, not htps.

Firefox lately attempts to convert http to https but falls back to http on
failure.  The client can do that; the server can't.

Compatibility.  I suspect that  conversion is done by a redirection
and the webmaster wishes to continue supporting old clients.

>Just out of curiosity I tried
>https://service.software.ibm.com/holdata/390holddata.html ,
>and it does actually work (good), but in Firefox you have to override an
>invalid security certificate (bad), ...
>
Might that be reported to IBM, which maintains a reputation  for security?

(The embedded URLs to data files are explicitly  https.)

> ... because the certificate at the
>service.software.ibm.com website server is apparently only valid for
>domains www.aix.software.ibm.com and aix.software.ibm.com, not for
>service.software.ibm.com .  Upon inspection, the certificate is
>obviously owned by IBM, so if you understand certificates you can feel
>confident that in this case a bad-certificate override is safe, but one
>should not be required to override security warnings.
>
>Maybe there are some obscure reasons IBM has to keep allowing http
>access, but an explicit https access should at least be correctly
>supported for all web content -- and that means having the proper
>security certificates in place.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Joel C. Ewing]

There was a big push -- several years back now -- to encourage all web 
sites to change all pages to force access via https to make it much more 
difficult to perform man-in-the-middle phishing or data modification 
attacks, since it is difficult to get valid security certificates for a 
website domain name you don't control.  The purpose of https is not just 
to encrypt data transferred, but to guarantee that all data you see is 
actually coming from the party that owns the certificates for the domain 
name you expect to be sending you data.


I'm amazed IBM doesn't yet automatically convert http protocol to https 
on all their websites, and hasn't yet changed all published links from 
http to https.


Just out of curiosity I tried
https://service.software.ibm.com/holdata/390holddata.html ,
and it does actually work (good), but in Firefox you have to override an 
invalid security certificate (bad), because the certificate at the 
service.software.ibm.com website server is apparently only valid for 
domains www.aix.software.ibm.com and aix.software.ibm.com, not for 
service.software.ibm.com .  Upon inspection, the certificate is 
obviously owned by IBM, so if you understand certificates you can feel 
confident that in this case a bad-certificate override is safe, but one 
should not be required to override security warnings.


Maybe there are some obscure reasons IBM has to keep allowing http 
access, but an explicit https access should at least be correctly 
supported for all web content -- and that means having the proper 
security certificates in place.


    Joel C Ewing

On 11/7/21 11:36, Paul Gilmartin wrote:

On Mon, 11 Jan 2021 06:02:47 -0600, Barbara Nitz wrote:

my employer has decided that ftp is not allowed anymore anywhere. Today I tried 
to download the newest holddata from 
http://service.software.ibm.com/holdata/390holddata.html. The file I'm 
interested in (full data, plain text) is a link to 
ftp://public.dhe.ibm.com/s390/holddata/full.txt. This is an ftp-Link, and ftp 
is not allowed anywhere. I get a connection failed error, purely on our side. 
So no holddata :-(

Does anybody a link where these holddata are downloadable via http/s?


I notice these are now available from:
 
 Last-Modified: Fri, 23 Jul 2021 13:10:34 GMT^M

-- gil


--
Joel C. Ewing

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Paul Gilmartin]

On Mon, 11 Jan 2021 06:02:47 -0600, Barbara Nitz wrote:
>
>my employer has decided that ftp is not allowed anymore anywhere. Today I 
>tried to download the newest holddata from 
>http://service.software.ibm.com/holdata/390holddata.html. The file I'm 
>interested in (full data, plain text) is a link to 
>ftp://public.dhe.ibm.com/s390/holddata/full.txt. This is an ftp-Link, and ftp 
>is not allowed anywhere. I get a connection failed error, purely on our side. 
>So no holddata :-(
>
>Does anybody a link where these holddata are downloadable via http/s?
>
I notice these are now available from:

Last-Modified: Fri, 23 Jul 2021 13:10:34 GMT^M

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[R.S.]

Other solution: just circumvent restrictions. Simply download HOLDDATA 
using private PC and then send it via email. Yes, it is a crime... but 
it works.
Of course it would require some effort to understand that it is possible 
to allow ftp to IBM site, especially limited to few persons which have 
interest to use it. Access to HOLDDATA is valid need and it should be 
processed with no obstacles.


--
Radoslaw Skorupka
Lodz, Poland





==

Jeśli nie jesteś adresatem tej wiadomości:

- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś 
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać 
tylko adresat. Przypominamy, że każdy, kto rozpowszechnia (kopiuje, 
rozprowadza) tę wiadomość lub podejmuje podobne działania, narusza prawo i może 
podlegać karze.

mBank S.A. z siedzibą w Warszawie, ul. Prosta 18, 00-850 Warszawa,www.mBank.pl, 
e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st. Warszawy XII Wydział 
Gospodarczy Krajowego Rejestru Sądowego, KRS 025237, NIP: 526-021-50-88. 
Kapitał zakładowy (opłacony w całości) według stanu na 01.01.2020 r. wynosi 
169.401.468 złotych.

Jesteśmy administratorem twoich danych osobowych, które podałeś w związku z 
prowadzoną z nami korespondencją. Przetwarzamy te dane dla celów, które 
wynikają z przedmiotu korespondencji, w tym związanych z prowadzoną 
działalnością bankową.
Więcej informacji o tym jak chroniony i przetwarzamy dane osobowe znajdziesz w 
Pakietach RODO (w wersji polskiej i angielskiej), które są na www.mbank.pl/rodo


If you are not the addressee of this message:

- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have 
printed out or saved).
This message may contain legally protected information, which may be used 
exclusively by the addressee.Please be reminded that anyone who disseminates 
(copies, distributes) this message or takes any similar action, violates the 
law and may be penalised.

mBank S.A. with its registered office in Warsaw, ul. Prosta 18, 00-850 
Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court for the Capital 
City of Warsaw, 12th Commercial Division of the National Court Register, KRS 
025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN 
169.401.468 as at 1 January 2020.

We are the controller of your personal data, which you provided in connection 
with correspondence with us. We process your data for purposes resulting from 
the subject of correspondence, including those related to the banking services.
More information on how we protect and process personal data can be found in 
the GDPR Packages (in English and Polish), which are on www.mbank.pl/rodo.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Barbara Nitz]

>  RECEIVE
>ORDER(   
>ORDERSERVER(ORDRINFO)   
>CONTENT(HOLDDATA)   
> CLIENT(CLNTINFO)  
> )   

Thanks for that, Andy. I looked at the SMPE cmd reference and didn't see the 
solution.

We are a small enough installation that we only do z/OS maintenance twice a 
year, so there is really no need to receive orders/ptfs every day or at higher 
frequency. Mostly the reason is that the processes surrounding maintenance are 
extremely cumbersome and more hindrance than help.

If the powers that be cannot be convinced to allow access to the holddata ftp 
website, 'the process' has just become even more complicated.

Thanks and regards, Barbara

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Styles, Andy (ITS zPlatform Services)]

Classification: Limited

You can use RECEIVE ORDER to just get HOLDDATA.

  RECEIVE
ORDER(   
ORDERSERVER(ORDRINFO)   
CONTENT(HOLDDATA)   
 CLIENT(CLNTINFO)  
 )   

Andy Styles
z/Series System Programmer

LLOYDS BANKING GROUP
07802 309040 | andy.sty...@lloydsbanking.com
Lloyds Banking Group, 33 Old Broad Street, London

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Barbara Nitz
Sent: 12 January 2021 06:12
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z/OS holddata per https?

-- This email has reached the Bank via an external source --
 

Kurt,

>Not exactly what you asked for, but you can order and download the 
>HOLDDATA, all with HTTPS, using SMP/E RECEIVE ORDER.  Read about it 
>here (watch the wrap:
>https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.i
>bm.com%2Fsupport%2Fknowledgecenter%2FSSLTBW_2.4.0%2Fcom.ibm.zos.v2r4.gi
>m3000%2Fdsetup.htmdata=04%7C01%7CAndy.Styles%40LloydsBanking.com%7
>Cdefca5bca94947f522aa08d8b6c1083f%7C3ded2960214a46ff8cf4611f125e2398%7C
>0%7C0%7C637460287480090188%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi
>LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=UEI6uoz
>Y%2BFLRKBNVzaVGsdo%2BXD%2BYfwAa0pYkuqW%2FEbk%3Dreserved=0

I found SMPHOLD when I had already done the receive order. A colleague gave me 
a pax and a cp statement so this time around I can do my refresh. But: in 3-4 
months time I'll do the accept, and then I need fresh holddata so I don't 
accept anything gone PE in the meantime. Ditto for when we migrate to the z15 
this year. I should not have to order ptfs any time I need holddata, and I did 
not see a way in ShopZ to order only HOLDDATA.

So I take it that except for the ftp link on that page there is no other way to 
get holddata via http/s from a browser. I guess my boss will have to escalate 
this to management because in my opinion this threatens the stability of z/OS 
in our installation.

Thanks for your help,
Barbara

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. 
Registered in Scotland no. SC95000. Telephone: 0131 225 4555.

Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. 
Registered in England and Wales no. 2065. Telephone 0207626 1500.

Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. 
Registered in Scotland no. SC327000. Telephone: 03457 801 801.

Lloyds Bank Corporate Markets plc. Registered office: 25 Gresham Street, London 
EC2V 7HN. Registered in England and Wales no. 10399850.

Scottish Widows Schroder Personal Wealth Limited. Registered Office: 25 Gresham 
Street, London EC2V 7HN. Registered in England and Wales no. 11722983.

Lloyds Bank plc, Bank of Scotland plc and Lloyds Bank Corporate Markets plc are 
authorised by the Prudential Regulation Authority and regulated by the 
Financial Conduct Authority and Prudential Regulation Authority.

Scottish Widows Schroder Personal Wealth Limited is authorised and regulated by 
the Financial Conduct Authority.

Lloyds Bank Corporate Markets Wertpapierhandelsbank GmbH is a wholly-owned 
subsidiary of Lloyds Bank Corporate Markets plc. Lloyds Bank Corporate Markets 
Wertpapierhandelsbank GmbH has its registered office at Thurn-und-Taxis Platz 
6, 60313 Frankfurt, Germany. The company is registered with the Amtsgericht 
Frankfurt am Main, HRB 111650. Lloyds Bank Corporate Markets 
Wertpapierhandelsbank GmbH is supervised by the Bundesanstalt für 
Finanzdienstleistungsaufsicht.

Halifax is a division of Bank of Scotland plc.

HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in 
Scotland no. SC218813.



This e-mail (including any attachments) is private and confidential and may 
contain privileged material. If you have received this e-mail in error, please 
notify the sender and delete it (including any attachments) immediately. You 
must not copy, distribute, disclose or use any of the information in it or any 
attachments. Telephone calls may be monitored or recorded.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Gibney, Dave]

I don't any more, because we're winding down. But, is there a good reason not 
to run a RECEIVE order frequently, like even daily?

> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of Barbara Nitz
> Sent: Monday, January 11, 2021 10:12 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: z/OS holddata per https?
> 
> Kurt,
> 
> >Not exactly what you asked for, but you can order and download the
> >HOLDDATA, all with HTTPS, using SMP/E RECEIVE ORDER.  Read about it
> here
> >(watch the wrap:
> >https://urldefense.com/v3/__https://www.ibm.com/support/knowledgec
> enter/SSLTBW_2.4.0/com.ibm.zos.v2r4.gim3000/dsetup.htm__;!!JmPEgBY0H
> MszNaDT!_ZpqDD3CyetSpV_SzQ5AK9zNploTUVuIUy7ibhpsylCvRmEdE46Hu-
> mDpjhSzw$
> 
> I found SMPHOLD when I had already done the receive order. A colleague
> gave me a pax and a cp statement so this time around I can do my refresh.
> But: in 3-4 months time I'll do the accept, and then I need fresh holddata so 
> I
> don't accept anything gone PE in the meantime. Ditto for when we migrate
> to the z15 this year. I should not have to order ptfs any time I need 
> holddata,
> and I did not see a way in ShopZ to order only HOLDDATA.
> 
> So I take it that except for the ftp link on that page there is no other way 
> to
> get holddata via http/s from a browser. I guess my boss will have to escalate
> this to management because in my opinion this threatens the stability of
> z/OS in our installation.
> 
> Thanks for your help,
> Barbara
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Barbara Nitz]

Kurt,

>Not exactly what you asked for, but you can order and download the
>HOLDDATA, all with HTTPS, using SMP/E RECEIVE ORDER.  Read about it here
>(watch the wrap:
>https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.gim3000/dsetup.htm

I found SMPHOLD when I had already done the receive order. A colleague gave me 
a pax and a cp statement so this time around I can do my refresh. But: in 3-4 
months time I'll do the accept, and then I need fresh holddata so I don't 
accept anything gone PE in the meantime. Ditto for when we migrate to the z15 
this year. I should not have to order ptfs any time I need holddata, and I did 
not see a way in ShopZ to order only HOLDDATA.

So I take it that except for the ftp link on that page there is no other way to 
get holddata via http/s from a browser. I guess my boss will have to escalate 
this to management because in my opinion this threatens the stability of z/OS 
in our installation.

Thanks for your help,
Barbara

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Jesse 1 Robinson]

The problem is not in the IBM data; it's in the mechanism we use to get through 
our firewall. We cannot execute FTP at our end. We execute HTTPS. 

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Paul Gilmartin
Sent: Monday, January 11, 2021 6:05 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: z/OS holddata per https?

*** EXTERNAL EMAIL - Use caution when opening links or attachments ***

On Mon, 11 Jan 2021 22:07:04 +, Jesse 1 Robinson  
wrote:

>I can confirm that HTTPS replaces FTP for downloads very nicely. Our use of 
>FTP depends on a gizmo (Bluecoat) that cannot understand FTPS. We made the 
>switch to HTTPS some time ago.
>
How?  It doesn't seem to be as simple as changing the scheme in
ftp://public.dhe.ibm.com/s390/holddata/full.txt
to:
https://public.dhe.ibm.com/s390/holddata/full.txt
... that gives 404.  "Bluecoat" seems to be a Symantec subsidiary.
Is it also some sort of proxy?

-- gil


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Paul Gilmartin]

On Mon, 11 Jan 2021 22:07:04 +, Jesse 1 Robinson  
wrote:

>I can confirm that HTTPS replaces FTP for downloads very nicely. Our use of 
>FTP depends on a gizmo (Bluecoat) that cannot understand FTPS. We made the 
>switch to HTTPS some time ago. 
>
How?  It doesn't seem to be as simple as changing the scheme in
ftp://public.dhe.ibm.com/s390/holddata/full.txt
to:
https://public.dhe.ibm.com/s390/holddata/full.txt
... that gives 404.  "Bluecoat" seems to be a Symantec subsidiary.
Is it also some sort of proxy?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Jesse 1 Robinson]

I can confirm that HTTPS replaces FTP for downloads very nicely. Our use of FTP 
depends on a gizmo (Bluecoat) that cannot understand FTPS. We made the switch 
to HTTPS some time ago. 

Uploading doc (dumps, etc) is also problematic, but IBM has not pulled the plug 
yet on FTP. Nonetheless we also found a way to upload doc via PDUU using HTTPS 
without disturbing the gizmo. 

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Kurt Quackenbush
Sent: Monday, January 11, 2021 5:58 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: z/OS holddata per https?

*** EXTERNAL EMAIL - Use caution when opening links or attachments ***

> Does anybody a link where these holddata are downloadable via http/s?
Not exactly what you asked for, but you can order and download the HOLDDATA, 
all with HTTPS, using SMP/E RECEIVE ORDER.  Read about it here (watch the wrap:
https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.gim3000/dsetup.htm

Kurt Quackenbush -- IBM, SMP/E Development Chuck Norris never uses CHECK when 
he applies PTFs.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS holddata per https?

[Kurt Quackenbush]

Does anybody a link where these holddata are downloadable via http/s?
Not exactly what you asked for, but you can order and download the 
HOLDDATA, all with HTTPS, using SMP/E RECEIVE ORDER.  Read about it here 
(watch the wrap:

https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.gim3000/dsetup.htm

Kurt Quackenbush -- IBM, SMP/E Development
Chuck Norris never uses CHECK when he applies PTFs.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

z/OS holddata per https?

[Barbara Nitz]

Happy New Year to all of you!

my employer has decided that ftp is not allowed anymore anywhere. Today I tried 
to download the newest holddata from 
http://service.software.ibm.com/holdata/390holddata.html. The file I'm 
interested in (full data, plain text) is a link to 
ftp://public.dhe.ibm.com/s390/holddata/full.txt. This is an ftp-Link, and ftp 
is not allowed anywhere. I get a connection failed error, purely on our side. 
So no holddata :-(

Does anybody a link where these holddata are downloadable via http/s?

Best regards, Barbara

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN