Re: unable to access IPCS 64 bit storage using Storage map service

[Joseph Reichman]

Joe Reichman


On Mon, Nov 13, 2023 at 2:56 AM Joseph Reichman 
wrote:

>
> Joe Reichman
>
>
> On Mon, Nov 13, 2023 at 2:55 AM Jon Perryman  wrote:
>
>> On Sat, 11 Nov 2023 21:34:57 -0500, Joseph Reichman <
>> reichman...@gmail.com> wrote:
>>
>> >In IPCS I did a list subcommand from the value of double word value in
>> >TSTAUVCT and it had the values I was expecting however using storage map
>> >services I get zeros in the area pointed to by  XMSPBUF
>>
>> My suggestion would be to start from a function use of ADPLSACC which can
>> be found at https://planetmvs.com/ipcs/ivxSName.txt
>>
>> Once you verify it's functioning correctly, start modifying it to access
>> 64 bit storage. Without a source listing, it's hard to tell if everything
>> is initialized correctly.
>>
>> --
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: unable to access IPCS 64 bit storage using Storage map service

[Joseph Reichman]

Joe Reichman


On Mon, Nov 13, 2023 at 2:55 AM Jon Perryman  wrote:

> On Sat, 11 Nov 2023 21:34:57 -0500, Joseph Reichman 
> wrote:
>
> >In IPCS I did a list subcommand from the value of double word value in
> >TSTAUVCT and it had the values I was expecting however using storage map
> >services I get zeros in the area pointed to by  XMSPBUF
>
> My suggestion would be to start from a function use of ADPLSACC which can
> be found at https://planetmvs.com/ipcs/ivxSName.txt
>
> Once you verify it's functioning correctly, start modifying it to access
> 64 bit storage. Without a source listing, it's hard to tell if everything
> is initialized correctly.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: unable to access IPCS 64 bit storage using Storage map service

[Jon Perryman]

On Sat, 11 Nov 2023 21:34:57 -0500, Joseph Reichman  
wrote:

>In IPCS I did a list subcommand from the value of double word value in
>TSTAUVCT and it had the values I was expecting however using storage map
>services I get zeros in the area pointed to by  XMSPBUF

My suggestion would be to start from a function use of ADPLSACC which can be 
found at https://planetmvs.com/ipcs/ivxSName.txt

Once you verify it's functioning correctly, start modifying it to access 64 bit 
storage. Without a source listing, it's hard to tell if everything is 
initialized correctly.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: UNIX "BLKSIZE"?

[Jon Perryman]

On Sat, 11 Nov 2023 21:44:51 -0600, Paul Gilmartin  wrote:

>Suppose I am writing with QSAM/BSAM to a UNIX file allocated
>RECFM=FB,LRECL=80,FILEDATA=BINARY,PATH=...
>Should I specify:
>o BLKSIZE=80 for minimum latency for other jobs doing "tail -f"?

z/OS Unix filesystems are linear datasets. Unless things have changed, BLKSIZE 
is ignored. LRECL is not stored and must be specified.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Is True Skip-Sequential Processing Possible with RECFM=FB,DSORG=PS?

[Jon Perryman]

On Sat, 11 Nov 2023 18:43:18 -0600, Michael Oujesky  
wrote:

>Does seek() actually do a direct access?  Or read, but skip the
>records from the start of the file?

seek() only reads the physical record containing the byte position. This is 
also true on Unix where physical records are called sectors.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

erroneous BLS18100I message

[Joseph Reichman]

While waiting for a reply for previous post I noticed didn't the following
byte set as it was dsected

After inserting the following instruction MVI   MAPRST,MAPRST64


I got the following message tracing VERBX routine under TEST 

BLS18100I ASID(X'0040') 01EF_8550 not available

Yet when I do the following running IPCS from the TSO command prompt 
The storage is there 

 
IPCS

 BLS21001I IPCS for z/OS 02.05.00-0

 IPCS

L 01EF_8550.

 

 LIST 01EF_8550. ASID(X'0040') LENGTH(X'04') AREA

 _550. 0001||

L 01EF_8550. LEN(100)

 

 LIST 01EF_8550. ASID(X'0040') LENGTH(X'64') AREA

 _550. 0001  01EF 85501793 |e&.l|

 _5500010. 0200  0001 EF855018 |.e&.|

 _5500020. 5303   01EF8550 |..e&|

 _5500030. 1913 0400  0001EF85 |...e|

 _5500040. 5019D300 0005  01EF |&.L.|

 ***


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Is True Skip-Sequential Processing Possible with RECFM=FB,DSORG=PS?

[Attila Fogarasi]

Don't forget about XDAP ... that still works, as an alternative to using
access methods :) Of course XDAP is 24-bit only (for the most part).

On Sun, Nov 12, 2023 at 8:11 PM Martin Trübner <
047eec287bd9-dmarc-requ...@listserv.ua.edu> wrote:

> I wrote code that did it and it saved considerable time.
>
>
> Here is the setting/requirments
>
>
> the processing programs can not be changed.
>
> the program skips records till the first correct record is read- then
> does one after the other till out of range or EOF.
>
> The file is FBS (created under VSE which does not support DISP=MOD)
>
> The file needs a full 3390 mod 27 (or bigger)
>
>
> Solution: a POST-OPEN Vendor exit which manipulated the DTFSD such that
> the next (first) read is way into the file.
>
>
> Problem I ran into: multiextent-files (there is no way to tell the
> op-sys to open the n-th extent of a sequential file during above
> mentioned exit). This was no real restrictiooon since the file had its
> own disk anyway - so creating it with singe extent on a disk was easy.
>
>
> Martin
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Phil Smith III]

Ed Jaffe recommended against creating a SAF class. I'll respectfully suggest 
that it's not that hard.

First, if you do, IBM told us, "Start the class name with a dollar sign-we'll 
never use those". Of course you could collide with
another vendor, but that's unlikely.

We've had customers doing so for 13 years or so. Besides some folks who didn't 
understand how to use their own ESM, we've had no
problems. ACF2 and TSS were easy, too.

Now, I admit that our usage is pretty simple: we have named data protection 
entities called Cryptids, and you can use them to
protect (encrypt/tokenize/hash) or access (decrypt/detokenize) data. So if you 
have a Cryptid named BANANA, a user needs READ or
greater authority to PROTECT.BANANA or ACCESS.BANANA, as appropriate to use 
BANANA to protect or access. 

For something like EJES, with possibly dozens of subtleties, it would surely be 
harder. The complexity of SAF related to
certificates comes to mind, though I suspect some of that is due to some 
historical mistakes. Still, once you've defined a scheme,
it's just PERMITs, right?


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Binyamin Dissen]

On Sun, 12 Nov 2023 10:46:36 -0800 Ed Jaffe 
wrote:

:>On 11/12/2023 10:30 AM, Binyamin Dissen wrote:
:>> With the CDT class, it is just a few RACF commands.

:>> RDEFINE CDT class  +
:>>   CDTINFO(+
:>>  MAXLENGTH(100) +
:>>  RACLIST(ALLOWED) +
:>>  GENLIST(ALLOWED)+
:>>  FIRST(ALPHA,NATIONAL,NUMERIC) +
:>>  OTHER(ALPHA,NUMERIC,NATIONAL,SPECIAL) +
:>>  POSIT(posit) +
:>>  DEFAULTRC(rc) /* 8=fail w/o profile, 4=use OPER */ +
:>>  OPERATIONS(oper) /* YES=Operations always allowed */ +
:>>)
 
:>> SETROPTS RACLIST(CDT) REFRESH

:>> No need for assemblies or anything. If they are going to write rules, they
:>> need the RACF knowledge anyway.

:>Can you provide the same procedure for the other two popular ESMs: ACF2 
:>and TSS?

I would have to look it up. But I would bet in their manuals they explain
exactly how to map it.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Ed Jaffe]

On 11/12/2023 10:30 AM, Binyamin Dissen wrote:

With the CDT class, it is just a few RACF commands.

RDEFINE CDT class  +
  CDTINFO(+
 MAXLENGTH(100) +
 RACLIST(ALLOWED) +
 GENLIST(ALLOWED)+
 FIRST(ALPHA,NATIONAL,NUMERIC) +
 OTHER(ALPHA,NUMERIC,NATIONAL,SPECIAL) +
 POSIT(posit) +
 DEFAULTRC(rc) /* 8=fail w/o profile, 4=use OPER */ +
 OPERATIONS(oper) /* YES=Operations always allowed */ +
   )

SETROPTS RACLIST(CDT) REFRESH


No need for assemblies or anything. If they are going to write rules, they
need the RACF knowledge anyway.


Can you provide the same procedure for the other two popular ESMs: ACF2 
and TSS?


--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/



This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Binyamin Dissen]

On Sun, 12 Nov 2023 07:13:03 -0800 Ed Jaffe 
wrote:

:>On 11/12/2023 3:02 AM, Binyamin Dissen wrote:
:>> You should make your own class.
:>>
:>> Classes can be dynamically added by adding to the CDT class.
:>
:>This is extra hassle at client sites and IMHO should be avoided.

With the CDT class, it is just a few RACF commands.

RDEFINE CDT class  +  
 CDTINFO(+ 
MAXLENGTH(100) +   
RACLIST(ALLOWED) + 
GENLIST(ALLOWED)+  
FIRST(ALPHA,NATIONAL,NUMERIC) +
OTHER(ALPHA,NUMERIC,NATIONAL,SPECIAL) +
POSIT(posit) + 
DEFAULTRC(rc) /* 8=fail w/o profile, 4=use OPER */ +   
OPERATIONS(oper) /* YES=Operations always allowed */ + 
  )
   
SETROPTS RACLIST(CDT) REFRESH  

No need for assemblies or anything. If they are going to write rules, they
need the RACF knowledge anyway.


:>Long ago, we suggested clients create an "EJES" class for our (E)JES 
:>product. There are three popular security products: RACF, ACF2, and TSS. 
:>Unless you are well-versed in all three of them, I recommend you steer 
:>clear of recommending new classes be created. (These days we recommend 
:>clients use the existing "SDSF" class for (E)JES resources.)

Yeah, if you have a mirror class, great.

:>I recommend you use the XFACILIT class instead of FACILITY. Its raison 
:>d'être addresses exactly your issue: resources in FACILITY are too short.

To each their own. For a distributed product I would recommend defining your
own class. Much more flexibility and you don't have to worry about something
else screwing with you.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: PC Interference from shredder Was: Kinda fun

[Lloyd Fuller]

When I was at Orange Coast College in the mid-70s, we had a 370-155 that had 
non-IBM memory.  The College had a microwave link between the Costa Mesa campus 
and the Huntington Beach campus.  The microwave link was at the campus library, 
and they fired it up about 9AM each week-day.  The computer center was in the 
path between the two campuses.  We would get machine checks each morning and 
about two minutes or so later, the system would IPL and everything would be 
fine until the next morning.
We finally got someone to look at the problem, and if I remember correctly, the 
microwave dish was slightly out of alignment and once they fixed that, no more 
machine checks.
Lloyd


Sent from AT Yahoo Mail for iPad


On Sunday, November 12, 2023, 8:55 AM, Paul Gilmartin 
<042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:

On Sun, 12 Nov 2023 10:48:19 +0100, Bernd Oppolzer wrote:
>
>At some point he looked out of the window and he saw the radar tower,
>which is about
>half a mile away and is needed for the traffic control of the airport
>nearby. So he speculated
>
A co-worker had worked for the FAA at a commercial airport near a
military airfield.  Military controlled its airspace; airport controlled
its.  He made a scatter plot of where planes vanished from civilian
control, thinking it might be useful..He showed it to a military
colleague who was aghast that the boundary of military control,
classified, was publicly available.

I heard a story of a physics lab that tried to operate a computer
room next to a spark chamber.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Ed Jaffe]

On 11/12/2023 3:02 AM, Binyamin Dissen wrote:

You should make your own class.

Classes can be dynamically added by adding to the CDT class.


This is extra hassle at client sites and IMHO should be avoided.

Long ago, we suggested clients create an "EJES" class for our (E)JES 
product. There are three popular security products: RACF, ACF2, and TSS. 
Unless you are well-versed in all three of them, I recommend you steer 
clear of recommending new classes be created. (These days we recommend 
clients use the existing "SDSF" class for (E)JES resources.)


I recommend you use the XFACILIT class instead of FACILITY. Its raison 
d'être addresses exactly your issue: resources in FACILITY are too short.


--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/



This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Kinda fun

[Paul Gilmartin]

On Sun, 12 Nov 2023 00:01:59 -0600, g...@gabegold.com wrote:
>
>User brought odd printout (1403 or 3211) to system programming, asked what 
>happened. It showed two output streams overprinted -- like a double exposed 
>photo. Clearly impossible, but there it was.
> 
I once received a punched binary deck with one card punched inverted.

Plausible explanation:  The card had been loaded in the hopper inverted and  
punched.
Operator de-batching output had noticed the wrong corner cut and fixed the 
problem.
I reproed the card.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: PC Interference from shredder Was: Kinda fun

[Paul Gilmartin]

On Sun, 12 Nov 2023 10:48:19 +0100, Bernd Oppolzer wrote:
>
>At some point he looked out of the window and he saw the radar tower,
>which is about
>half a mile away and is needed for the traffic control of the airport
>nearby. So he speculated
>
A co-worker had worked for the FAA at a commercial airport near a
military airfield.  Military controlled its airspace; airport controlled
its.  He made a scatter plot of where planes vanished from civilian
control, thinking it might be useful..He showed it to a military
colleague who was aghast that the boundary of military control,
classified, was publicly available.

I heard a story of a physics lab that tried to operate a computer
room next to a spark chamber.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: CEE3512S / CSV034I

[Henri Kuiper]

Denis,

Confirming the STC running the Python code did not have enough
"ASSIZEMAX". Easy fix, happy customer :)
For those looking to do JWT signage, and running into same problems, I'll
paste pieces of relevant python here... to feed future 'SRCHFOR'-actions :)


*Bash actions to create the key-files*

> # Create privkey
> openssl ecparam -name secp256k1  -genkey -noout -out privkey
>
> # Extract pubkey
> openssl pkey -in privkey -pubout -out pubkey
>


*Python-code to use them*

> import jwt
> from time import time
>
> with open('privkey') as p:
>privkey = p.read()
>
> payload = {"some": "data", "in": "our", "awesome": "payload"), 'exp':
> time() + 30}
> datoken = jwt.encode(payload, privkey, algorithm='ES256K').encode('utf-8')
> print(f"TOKEN -==> {datoken}")
>
>
> with open('pubkey', 'r') as pubkeyfile:
>   pubkey = pubkeyfile.read()
>   try:
> payload2 = jwt.decode(datoken, pubkey, algorithms=['ES256K'],
> options={'require':['exp','some','in','awesome']})
>   except Exception as e:
> print("Not signed with requried privkey")
>
> print(payload2)
>

Now to find the proper route to get those docs changed :)

Met vriendelijke groeten,

*Henri Kuiper*
*zdevops*

On Sat, Nov 11, 2023 at 9:04 PM Henri Kuiper 
wrote:

> Nice!
>
> thanks... I will give that a try.
>
>
> Met vriendelijke groeten,
>
> *Henri Kuiper*
>
> *zdevops*
>
>
> On Fri, Nov 10, 2023 at 7:39 AM Denis <
> 01664d8ede6c-dmarc-requ...@listserv.ua.edu> wrote:
>
>>  Hi Henri,
>> if you google the reason code you find other entries that point to not
>> enough region size. So try increasing the region size?
>> Denis.
>>
>> On Thursday, November 9, 2023 at 10:31:52 PM GMT+1, Henri Kuiper <
>> henrikui...@zdevops.com> wrote:
>>
>>  Heya Fellow Mainframers,
>>
>> I'm trying to do some 'normal ES256K' JWT token signage with python...
>>
>> on my 'test SYSPLEX' this works like a charm.yet one hop over I get
>> the
>> following
>>
>> CEE3512S An HFS load of module
>> /.../site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
>> failed. The system return code was 000157; the reason code was
>> 0BDF019B.
>>
>> MSGTXT: CSV034I PGMF FETCH FAILED FOR THE REQUESTED MODULE. RETURN CODE
>> 14,
>> REASON CODE 26110021 PATHNAME =
>> /../site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
>>
>> I've checked all the obvious stuff : perms, openssl versions,
>> module/package versions for cryptography, python version etc. and they're
>> all the same...
>>
>> . Does anyone have another idea where to look?...
>>
>> Thanks!
>>
>> *Henri Kuiper*
>> *zdevops*
>>
>> --
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>
>> --
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>
>>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Well, I guess RESMGR is documented as only supporting 24/31 bit

[Peter Relson]

Paul G added

>It does not check SYSSTATE AMODE64.
>
Don't be impatient.  They're probably working on it.


In this case "they" are not. If someone had previously asked for it, it would 
have possibly already been done. It's always better to ask formally than to 
assume that mentioning something on IBM-Main will somehow make it happen.

FWIW, this kind of support (we call it "hollow" in that it allows the AMODE, 
but does not allow data in the corresponding RMODE, and the concept has existed 
at least since MVS/XA) precludes "full" AMODE 64 support that does support data 
above the bar without introducing a new keyword by which the caller asserts 
where their data resides (for compatibility reasons). But since it's unlikely 
there will ever be such "full" support, making this change is reasonable.

We would not unconditionally change the "L" to "LLGT" because LLGT is a 6-byte 
instruction.

Peter Relson
z/OS Core Technology Design


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Rob Scott]

Another option is the XFACILIT class which supports much longer profile names ( 
up to 246 characters).

Rob Scott
Rocket Software

Sent from Samsung Mobile on O2
Sent from Outlook for Android

From: IBM Mainframe Discussion List  on behalf of 
Binyamin Dissen 
Sent: Sunday, November 12, 2023 11:02:01 AM
To: IBM-MAIN@LISTSERV.UA.EDU 
Subject: Re: RACF, the FACILITY class, and z/XDC

EXTERNAL EMAIL




You should make your own class.

Classes can be dynamically added by adding to the CDT class.

On Sun, 12 Nov 2023 05:40:03 -0500 David Cole  wrote:

:>I've got a problem. Decades ago, I made some assumptions about RACF's
:>FACILITY class that have turned out to be wrong.

:>Currently, I'm working on implementing a new security rule for z/XDC,
:>and the individual rules ("entities") can be up to 59 characters long.

:>Decades ago, when I was porting z/XDC's security rules from ACF2 to
:>RACF, I made the decision to piggy-back my security rules into RACF's
:>FACILITY class. I didn't know much about RACF then (and I still
:>don't), and it did not occur to me that rule length would be an
:>issue. I was wrong. It is an issue.

:>Yesterday, I was testing with an instance of the new rule that was 44
:>characters long. Boom! My "RACROUTE REQUEST=AUTH" (racheck) call
:>failed with "ICH409I 282-054 ABEND DURING RACHECK PROCESSING". This
:>basically means that the entity I passed (my 44-character rule) was
:>too long for its class (FACILITY).

:>Ouch!

:>So now I have several questions that I'm hoping someone here can
:>provide answers to.
:> * What is the longest entity the FACILITY class will accept?
:> * Where do I find that specific fact doc'd?
:> * Is there a command that will display that information?
:> * Is there a catch-all class that z/XDC can use for its rules
:>other than FACILITY?
:> * Where do other vendors put their rules?

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? 
Main Office Toll Free Number: +1 855.577.4323
Contact Customer Support: 
https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - 
http://www.rocketsoftware.com/manage-your-email-preferences
Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy


This communication and any attachments may contain confidential information of 
Rocket Software, Inc. All unauthorized use, disclosure or distribution is 
prohibited. If you are not the intended recipient, please notify Rocket 
Software immediately and destroy all copies of this communication. Thank you.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Binyamin Dissen]

You should make your own class.

Classes can be dynamically added by adding to the CDT class.

On Sun, 12 Nov 2023 05:40:03 -0500 David Cole  wrote:

:>I've got a problem. Decades ago, I made some assumptions about RACF's 
:>FACILITY class that have turned out to be wrong.

:>Currently, I'm working on implementing a new security rule for z/XDC, 
:>and the individual rules ("entities") can be up to 59 characters long.

:>Decades ago, when I was porting z/XDC's security rules from ACF2 to 
:>RACF, I made the decision to piggy-back my security rules into RACF's 
:>FACILITY class. I didn't know much about RACF then (and I still 
:>don't), and it did not occur to me that rule length would be an 
:>issue. I was wrong. It is an issue.

:>Yesterday, I was testing with an instance of the new rule that was 44 
:>characters long. Boom! My "RACROUTE REQUEST=AUTH" (racheck) call 
:>failed with "ICH409I 282-054 ABEND DURING RACHECK PROCESSING". This 
:>basically means that the entity I passed (my 44-character rule) was 
:>too long for its class (FACILITY).

:>Ouch!

:>So now I have several questions that I'm hoping someone here can 
:>provide answers to.
:>* What is the longest entity the FACILITY class will accept?
:>* Where do I find that specific fact doc'd?
:>* Is there a command that will display that information?
:>* Is there a catch-all class that z/XDC can use for its rules 
:>other than FACILITY?
:>* Where do other vendors put their rules?

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Gadi Ben-Avi]

The properties for the supplied classes in RACF can be found here 
https://www.ibm.com/docs/en/zos/2.3.0?topic=reference-supplied-class-descriptor-table-entries
You can easily add new classes by adding a profile in the CDT class.

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
David Cole
Sent: יום א 12 נובמבר 2023 12:40
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: RACF, the FACILITY class, and z/XDC

[You don't often get email from dbc...@colesoft.com. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

I've got a problem. Decades ago, I made some assumptions about RACF's FACILITY 
class that have turned out to be wrong.

Currently, I'm working on implementing a new security rule for z/XDC, and the 
individual rules ("entities") can be up to 59 characters long.

Decades ago, when I was porting z/XDC's security rules from ACF2 to RACF, I 
made the decision to piggy-back my security rules into RACF's FACILITY class. I 
didn't know much about RACF then (and I still don't), and it did not occur to 
me that rule length would be an issue. I was wrong. It is an issue.

Yesterday, I was testing with an instance of the new rule that was 44 
characters long. Boom! My "RACROUTE REQUEST=AUTH" (racheck) call failed with 
"ICH409I 282-054 ABEND DURING RACHECK PROCESSING". This basically means that 
the entity I passed (my 44-character rule) was too long for its class 
(FACILITY).

Ouch!

So now I have several questions that I'm hoping someone here can provide 
answers to.
* What is the longest entity the FACILITY class will accept?
* Where do I find that specific fact doc'd?
* Is there a command that will display that information?
* Is there a catch-all class that z/XDC can use for its rules other than 
FACILITY?
* Where do other vendors put their rules?

Asking for a friend [:-J]
Dave Cole

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF, the FACILITY class, and z/XDC

[Gadi Ben-Avi]

The longest profile name in FACILITY is 39 characters (At least in z/OS v2.3)
I would say that if you need something longer, you should create a dedicated 
class with the properties you want. 

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
David Cole
Sent: יום א 12 נובמבר 2023 12:40
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: RACF, the FACILITY class, and z/XDC

[You don't often get email from dbc...@colesoft.com. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

I've got a problem. Decades ago, I made some assumptions about RACF's FACILITY 
class that have turned out to be wrong.

Currently, I'm working on implementing a new security rule for z/XDC, and the 
individual rules ("entities") can be up to 59 characters long.

Decades ago, when I was porting z/XDC's security rules from ACF2 to RACF, I 
made the decision to piggy-back my security rules into RACF's FACILITY class. I 
didn't know much about RACF then (and I still don't), and it did not occur to 
me that rule length would be an issue. I was wrong. It is an issue.

Yesterday, I was testing with an instance of the new rule that was 44 
characters long. Boom! My "RACROUTE REQUEST=AUTH" (racheck) call failed with 
"ICH409I 282-054 ABEND DURING RACHECK PROCESSING". This basically means that 
the entity I passed (my 44-character rule) was too long for its class 
(FACILITY).

Ouch!

So now I have several questions that I'm hoping someone here can provide 
answers to.
* What is the longest entity the FACILITY class will accept?
* Where do I find that specific fact doc'd?
* Is there a command that will display that information?
* Is there a catch-all class that z/XDC can use for its rules other than 
FACILITY?
* Where do other vendors put their rules?

Asking for a friend [:-J]
Dave Cole

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

RACF, the FACILITY class, and z/XDC

[David Cole]

I've got a problem. Decades ago, I made some assumptions about RACF's 
FACILITY class that have turned out to be wrong.


Currently, I'm working on implementing a new security rule for z/XDC, 
and the individual rules ("entities") can be up to 59 characters long.


Decades ago, when I was porting z/XDC's security rules from ACF2 to 
RACF, I made the decision to piggy-back my security rules into RACF's 
FACILITY class. I didn't know much about RACF then (and I still 
don't), and it did not occur to me that rule length would be an 
issue. I was wrong. It is an issue.


Yesterday, I was testing with an instance of the new rule that was 44 
characters long. Boom! My "RACROUTE REQUEST=AUTH" (racheck) call 
failed with "ICH409I 282-054 ABEND DURING RACHECK PROCESSING". This 
basically means that the entity I passed (my 44-character rule) was 
too long for its class (FACILITY).


Ouch!

So now I have several questions that I'm hoping someone here can 
provide answers to.

   * What is the longest entity the FACILITY class will accept?
   * Where do I find that specific fact doc'd?
   * Is there a command that will display that information?
   * Is there a catch-all class that z/XDC can use for its rules 
other than FACILITY?

   * Where do other vendors put their rules?

Asking for a friend [:-J]
Dave Cole

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: PC Interference from shredder Was: Kinda fun

[Bernd Oppolzer]

I like these stories.

in the nineties I had similar problems with my new computer, which had 
external SCSI drives
in a separate box, and a 1,5 meter SCSI cable between this box and the 
PC tower.


A friend of mine who knows more about electrical engineering than I do 
came along

to look for the problem.

At some point he looked out of the window and he saw the radar tower, 
which is about
half a mile away and is needed for the traffic control of the airport 
nearby. So he speculated
about the problems coming from the radar pulses ... in fact, my office 
at that time was
in the 3rd floor of the house, and we're just in between the tower and 
the main

entry path of the airplanes.

I don't recall exactly how we fixed the problem ... today, the computer 
is still in use,
but now it is in the 2nd floor :-) in my private computer museum (OS/2 
box, still running).


Kind regards

Bernd


Am 12.11.2023 um 02:50 schrieb Steve Thompson:
Many years ago at Hagerstown MD, they had a computer (I think it was 
an NCR3 or 3000, it's just been too long ago) that at odd points would 
just fail. My father was an RF tech working on radios, and had a 
contract for the Police Department... so I will make this short. It 
turns out that a few stories below this computer room was the door out 
of the garage where the police cars were parked. And so upon exiting 
the parking garage and entering the alley to the street, officers 
would key their mics to verify their radio was working and that would 
cause the computer system to lock up (machine check?).


This was discovered by an NCR CE that had an Oscilloscope doing 
tracing trying to find what was causing this problem and just happened 
to be standing at the window looking down when a police car came out 
and the machine froze.  the police mobile radios were a harmonic 
of the system clock!! And were 100 Watts IRC.


A sign was put at the exit of the garage informing anyone who keyed 
their mic for their radio before getting out of the alley, upon being 
discovered who they were, their pay check would be the last one to be 
passed out at the end of the month. This problem had been invariably 
happening during payroll runs and they had to be restarted from the 
beginning.


Problem stopped.

Steve Thompson

Oh, and the windows did have a metal grid over them in an attempt to 
prevent things like this.


On 11/11/2023 5:07 PM, Tom Brennan wrote:
Just before I worked with mainframes I drew maps on a computer that 
had a big display, a small drawing pad and pen, and a large light 
table with a "puck" for tracing existing maps into the computer. Both 
the puck and pen worked by receiving a magnetic signal from the pad 
or table in order to determine its location.  About once a week 
someone would complain that their pen was throwing the cursor all 
over the screen, so a new pen was ordered at maybe $500.


The light table had bunch of fluorescent bulbs inside, and you could 
dim them with a knob if needed.  One day I noticed that when the 
light was either full on or full off, there was no problem with my 
pen.  But if the dimmer was in the middle, the pen had issues.  Those 
dimmers used triacs which work by holding back each AC wave a bit and 
then sharply rising.  The sharp rise generates all sorts of EMF and 
that's what was messing with the coil in the pen.


On 11/11/2023 12:55 PM, Wayne Bickerdike wrote:
On the subject of RF interference. Years ago we came back from 
living in
California to Australia. We had a 110V coffee espresso machine. It 
worked
well and we ran it from a voltage changer plugged into the socket. 
Early

rise time, my wife would go into the kitchen and make a coffee.

I'm in the habit of reading my email and surfing at that time (like 
now in

Australia).

For weeks and months my internet would go off and come back a few
minutes later. I eventually tied it back to the coffee machine/voltage
reducer. We stopped using it and all good. The wireless router runs on
2.4Ghz and is located in my study, maybe 30 feet from the kitchen 
and there

is a double brick wall in the way.

As an adjunct to this. I switch off my router at midnight and I get 
much

better sleep.

On Sun, Nov 12, 2023 at 6:11 AM Joel C. Ewing  
wrote:



I think shielding of the PC itself is unlikely the problem, unless the
case is not properly closed.  All PCs I have ever seen have metal 
cases,

which if properly seated and grounded act as a RF shield, inbound and
outbound.

Any electric motor could be producing power transients at power on/off
and possible RF interference from contact arcing (which can increase
with motor age), which might travel over the house wiring, or via air
and get picked up by other cables in the room which are connected 
to the

PC.  Any magnetic effects of a motor should be minor by comparison.

If it's a large enough motor, start up may produce a temporary dip in
voltage big enough to be a problem for a computer that is not powered
through an 

Re: Is True Skip-Sequential Processing Possible with RECFM=FB,DSORG=PS?

[Martin Trübner]

I wrote code that did it and it saved considerable time.


Here is the setting/requirments


the processing programs can not be changed.

the program skips records till the first correct record is read- then 
does one after the other till out of range or EOF.


The file is FBS (created under VSE which does not support DISP=MOD)

The file needs a full 3390 mod 27 (or bigger)


Solution: a POST-OPEN Vendor exit which manipulated the DTFSD such that 
the next (first) read is way into the file.



Problem I ran into: multiextent-files (there is no way to tell the 
op-sys to open the n-th extent of a sequential file during above 
mentioned exit). This was no real restrictiooon since the file had its 
own disk anyway - so creating it with singe extent on a disk was easy.



Martin

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN