Re: Insecure security - was SDSF PS Command column

[Paul Gilmartin]

On Thu, 15 Feb 2024 01:55:26 +, Seymour J Metz wrote:

>The combination of a non-display entry field and blocking paste is devasting 
>to those with awkward keyboards or coordination issues.
>
My eyesight is bad enough that I rely heavily on spellcheck, copy/paste and 
audio I/O.

Disability rights activist organizations should take up the cause.

How does employment ADA handle this?

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Steve Thompson]

I have disabled the camera in my laptop, and put painter's tape 
over it (because we found out some years ago when I was an IBM 
employee, that there was a way to have your camera turned on, and 
the indicator light to not light up).


So in Teams (and related), all you see for me is a blue cloud if 
the camera gets activated. Hmmm. Never thought about the 
relationship there Oh well. And I do the same with my cell 
phone's cameras.


Electrical tape (Black, Red, Green, etc.) is very gummy and kind 
of greasy. Getting that cleaned off is sometimes a chore.


Just say'n'

Steve Thompson

On 2/14/2024 9:08 PM, Tom Brennan wrote:
When I'm home my laptop is on a shelf under my desk, connected 
to a KVM switch so I can swap to it using my desktop keyboard 
and screen. I had standard black electrical tape covering the 
camera and on a meeting I expected to see black for my image, 
but I saw legs (in pants).  I'm guessing the camera is somewhat 
sensitive to infrared.  Doubling and tripling the tape didn't 
even help that much, so I taped a penny across the lens.


On 2/14/2024 2:24 PM, Michael Oujesky wrote:


Won't work when there is electical tape across the camera lens.



Webcam when they open the binder to enter the password.

--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

-- 


For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO 
IBM-MAIN


-- 


For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO 
IBM-MAIN





-- 


For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO 
IBM-MAIN


--
Regards, Steve Thompson

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Tom Brennan]

When I'm home my laptop is on a shelf under my desk, connected to a KVM 
switch so I can swap to it using my desktop keyboard and screen.  I had 
standard black electrical tape covering the camera and on a meeting I 
expected to see black for my image, but I saw legs (in pants).  I'm 
guessing the camera is somewhat sensitive to infrared.  Doubling and 
tripling the tape didn't even help that much, so I taped a penny across 
the lens.


On 2/14/2024 2:24 PM, Michael Oujesky wrote:


Won't work when there is electical tape across the camera lens.



Webcam when they open the binder to enter the password.

--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Seymour J Metz]

The combination of a non-display entry field and blocking paste is devasting to 
those with awkward keyboards or coordination issues.

In my current position I use chip and PIN; much harder to crack, less prone to 
typos. Scanning finger prints or retinas should also work well, although I have 
no experience with those technologies.

For applications that don't directly support the id card, there are one-time 
pass tickets. Slightly more awkward, but not enough to matter.

--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר


From: IBM Mainframe Discussion List  on behalf of 
Joel C. Ewing 
Sent: Wednesday, February 14, 2024 6:45 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Insecure security - was SDSF PS Command column

It obviously depends on what websites you visit, but there is only one
website of the many I use that completely prevents paste of a password
by all methods.   Most of the websites I've encountered that prevent a
mouse right-click and selection of "Paste" for login fields will still
allow the key combination of Enter+Insert  to do a paste -- works on
both Linux and Windows. Does irritate me that some websites don't seem
to have heard of password managers, or they wouldn't make it
difficult.   I could see an argument where you are entering a new
password with a second copy for verification to require at least one to
be actually typed, but that becomes a real pain with long, secure,
random passwords assigned by a password manager.

 Jc Ewing


On 2/14/24 16:28, Tony Harminc wrote:
> On Wed, 14 Feb 2024 at 16:17, Paul Gilmartin <
> 042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:
>
> But I've encountered sites that prohibit OS desktop Paste into password
>> field.
>>
> Plenty of those. And some that allow a paste into the email field, but not
> into the "verify email" field. That one just reinforces the feeling that
> the designers of web sites don't really understand how much of anything
> works.
>
> Tony H.
>
--
Joel C. Ewing

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: [EXTERNAL] Re: Insecure security - was SDSF PS Command column

[Steve Thompson]

Painter's tape for when I really do need to use the camera.

On 2/14/2024 5:29 PM, Pommier, Rex wrote:

Mine's a gum wrapper.  

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Michael Oujesky
Sent: Wednesday, February 14, 2024 4:25 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: Insecure security - was SDSF PS Command column


Won't work when there is electical tape across the camera lens.



Webcam when they open the binder to enter the password.

--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
The information contained in this message is confidential, protected from 
disclosure and may be legally privileged. If the reader of this message is not 
the intended recipient or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that any disclosure, 
distribution, copying, or any action taken or action omitted in reliance on it, 
is strictly prohibited and may be unlawful. If you have received this 
communication in error, please notify us immediately by replying to this 
message and destroy the material in its entirety, whether in electronic or hard 
copy format. Thank you.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
Regards, Steve Thompson

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Joel C. Ewing]

It obviously depends on what websites you visit, but there is only one 
website of the many I use that completely prevents paste of a password 
by all methods.   Most of the websites I've encountered that prevent a 
mouse right-click and selection of "Paste" for login fields will still 
allow the key combination of Enter+Insert  to do a paste -- works on 
both Linux and Windows. Does irritate me that some websites don't seem 
to have heard of password managers, or they wouldn't make it 
difficult.   I could see an argument where you are entering a new 
password with a second copy for verification to require at least one to 
be actually typed, but that becomes a real pain with long, secure, 
random passwords assigned by a password manager.


    Jc Ewing


On 2/14/24 16:28, Tony Harminc wrote:

On Wed, 14 Feb 2024 at 16:17, Paul Gilmartin <
042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:

But I've encountered sites that prohibit OS desktop Paste into password

field.


Plenty of those. And some that allow a paste into the email field, but not
into the "verify email" field. That one just reinforces the feeling that
the designers of web sites don't really understand how much of anything
works.

Tony H.


--
Joel C. Ewing

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Paul Gilmartin]

On Wed, 14 Feb 2024 17:28:53 -0500, Tony Harminc wrote:
>
>But I've encountered sites that prohibit OS desktop Paste into password
>> field.
>
>Plenty of those. And some that allow a paste into the email field, but not
>into the "verify email" field. That one just reinforces the feeling that
>the designers of web sites don't really understand how much of anything
>works.
> 
They're trusting me not to make the same mistake twice.  See Emerson on
consistency.

Mostly it prevents my copy-pasting from my Contacts.

Keyloggers.

USB drives that spoof keyboards.

Facial recognition.  Fingerprint recognition. Voice recognition.  How few
years until my holographic twin walks into Radoslaw's bank!?



--
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: [EXTERNAL] Re: Insecure security - was SDSF PS Command column

[Pommier, Rex]

Mine's a gum wrapper.  

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Michael Oujesky
Sent: Wednesday, February 14, 2024 4:25 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: Insecure security - was SDSF PS Command column

>
>Won't work when there is electical tape across the camera lens.


>Webcam when they open the binder to enter the password.
>
>--
>Mike A Schwab, Springfield IL USA
>Where do Forest Rangers go to get away from it all?
>
>--
>For IBM-MAIN subscribe / signoff / archive access instructions, send 
>email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
The information contained in this message is confidential, protected from 
disclosure and may be legally privileged. If the reader of this message is not 
the intended recipient or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that any disclosure, 
distribution, copying, or any action taken or action omitted in reliance on it, 
is strictly prohibited and may be unlawful. If you have received this 
communication in error, please notify us immediately by replying to this 
message and destroy the material in its entirety, whether in electronic or hard 
copy format. Thank you.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Tony Harminc]

On Wed, 14 Feb 2024 at 16:17, Paul Gilmartin <
042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:

But I've encountered sites that prohibit OS desktop Paste into password
> field.
>

Plenty of those. And some that allow a paste into the email field, but not
into the "verify email" field. That one just reinforces the feeling that
the designers of web sites don't really understand how much of anything
works.

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Michael Oujesky]

Won't work when there is electical tape across the camera lens.




Webcam when they open the binder to enter the password.

--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Paul Gilmartin]

On Wed, 14 Feb 2024 21:18:28 +0100, Radoslaw Skorupka wrote:
>
>Regarding passwords - IMHO private notebook/organizer is much better
>than saving passwords in web browser (do you remember password
>stealers?) or other "nice and automatic" methods. Even IT illiterates
>know how to protect paper organizer. And they know ways to obfuscate the
>notes.
>Last, but not least: no hacker know method to read paper notebook. And
>most people are not subject of interest of KGB or other three letter
>agency.
> 
It's not " know method" but physical access. Hide the paper notebook under
your mattress.  For complex passwords,OCR or Q-R code might be an option.
But I've encountered sites that prohibit OS desktop Paste into password field.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Mike Schwab]

On Wed, Feb 14, 2024 at 2:19 PM Radoslaw Skorupka <
0471ebeac275-dmarc-requ...@listserv.ua.edu> wrote:


> Last, but not least: no hacker know method to read paper notebook.
>


> --
> Radoslaw Skorupka
> Lodz, Poland
>
Webcam when they open the binder to enter the password.

-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Query - do you have access to GitHub from your z/OS system? And do you have git on your z/OS system?

[Rick Troth]

I previously used CVS and then Subversion. About ten years ago I was 
introduced to Git and have come to prefer it.


Q:    1. Do you have access to GitHub from your z/OS system?

A: yes*

In two recent roles, my team used an internal GitHub server.
Personally I use GitHub.com (heavily) and GItLab.com (somewhat less).
I coulda/woulda/shoulda argued for access to the external servers, but 
see below about security.


Q:    2. Do you have git installed on your z/OS system?

A: no

(And this is the asterisk on "yes" above.)
In both roles where I have used GitHub internally, we did not have Git 
installed on z/OS.
That could change, but there remains some resistance to using free/libre 
open source software directly.
We may or may not have had IP connectivity to the outside servers. (We 
*did* have IP connectivity to the inside servers.)


The primary source of resistance is FUD. (And as a security 
professional, I will again say, we protect the wrong things.) But there 
is also legitimate concern over the supply chain. (The Chicory project 
is one of many means to have a solid FLOSS supply chain.)


Aside: we see the increasing use of code signing.
I recommend simple PGP signing of downloadable archives (e.g., TAR files 
or PAX files or similar).
This is not to say that we cannot also use PKI based code signing, but 
PKI requires third parties and introduces A LOT more moving parts. BT/DT
So I recommend PGP signatures for starters. With an appropriate 
web-of-trust PGP is more than sufficient. PKI is not cryptographically 
any stronger and has more third party risk.
(This can lead to heated discussion. Apologies for drifting away from 
Lionel's question. But it becomes important sooner than later.)


But there are other means of incorporating Git into the z/OS development 
cycle.
In both of the roles that I mention, we *did* have SSH, and that 
included SCP/SFTP, so we had a secure way of copying files between z/OS 
and development workstations.
So there's no reason to *not* use Git with z/OS even if you cannot 
install 'git' directly.


I hope this helps.


-- R; <><


On 2/14/24 09:20, Lionel B. Dyck wrote:

As part of the z/OS Open Tools project I'm asking if your z/OS system has
access to GitHub. The reason for this question is that IBM, ISVs, and
open-source developers are increasingly using GitHub.

Questions:

1. Do you have access to GitHub from your z/OS system?
2. Do you have git installed on your z/OS system?

Thank you


Lionel B. Dyck <><
Github:https://github.com/lbdyck
System Z Enthusiasts Discord:
https://discord.gg/system-z-enthusiasts-880322471608344597

“Worry more about your character than your reputation. Character is what you
are, reputation merely what others think you are.”   - - - John Wooden

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email tolists...@listserv.ua.edu  with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Query - do you have access to GitHub from your z/OS system? And do you have git on your z/OS system?

[Matt Hogstrom]

Yes and yes.



Matt Hogstrom

“It may be cognitive, but, it ain’t intuitive."
— Hogstrom

> On Feb 14, 2024, at 14:16, Frank Swarbrick  
> wrote:
> 
> From: IBM Mainframe Discussion List  > on behalf of Lionel B. Dyck 
> <057b0ee5a853-dmarc-requ...@listserv.ua.edu 
> >
> Sent: Wednesday, February 14, 2024 7:20 AM
> To: IBM-MAIN@LISTSERV.UA.EDU  
> mailto:IBM-MAIN@LISTSERV.UA.EDU>>
> Subject: Query - do you have access to GitHub from your z/OS system? And do 
> you have git on your z/OS system?
> 
> As part of the z/OS Open Tools project I'm asking if your z/OS system has
> access to GitHub. The reason for this question is that IBM, ISVs, and
> open-source developers are increasingly using GitHub.
> 
> Questions:
> 
>1. Do you have access to GitHub from your z/OS system?
>2. Do you have git installed on your z/OS system?
> 
> Thank you


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: EXTERNAL EMAIL: Query - do you have access to GitHub from your z/OS system? And do you have git on your z/OS system?

[Jerry Whitteridge]

No & No

Jerry Whitteridge
Sr Manager Managed Services
jerry.whitteri...@albertsons.com
480 578 7889

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Lionel B. Dyck
Sent: Wednesday, February 14, 2024 7:20 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: EXTERNAL EMAIL: Query - do you have access to GitHub from your z/OS 
system? And do you have git on your z/OS system?

As part of the z/OS Open Tools project I'm asking if your z/OS system has
access to GitHub. The reason for this question is that IBM, ISVs, and
open-source developers are increasingly using GitHub.

Questions:

1. Do you have access to GitHub from your z/OS system?
2. Do you have git installed on your z/OS system?

Thank you


Lionel B. Dyck <><
Github: https://github.com/lbdyck
System Z Enthusiasts Discord:
https://discord.gg/system-z-enthusiasts-880322471608344597

"Worry more about your character than your reputation. Character is what you
are, reputation merely what others think you are."   - - - John Wooden

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

 Warning: All e-mail sent to this address will be received by the corporate 
e-mail system, and is subject to archival and review by someone other than the 
recipient. This e-mail may contain proprietary information and is intended only 
for the use of the intended recipient(s). If the reader of this message is not 
the intended recipient(s), you are notified that you have received this message 
in error and that any review, dissemination, distribution or copying of this 
message is strictly prohibited. If you have received this message in error, 
please notify the sender immediately.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Radoslaw Skorupka]

W dniu 14.02.2024 o 19:32, Lennie Dymoke-Bradshaw pisze:

I would hope they are instead using a password generator and password safe such 
as Keepass, Passwordsafe, Lastpass or Bitwarden. Writing things down is not so 
good.
Welcome to the world of zero-trust.
Lennie


Well, I frequently advice writing down passwords. Yes, I mean it.
However it is not advice directed to highly experienced IT-specialist.
It for my mom, my aunt and dozens of IT illiterates which do use 
computers. Sometimes they use computers for web browsing, social media 
and emails, but sometimes they also want to use internet banking . In 
many cases I advise to not use it - too much risk for IT-uneducated 
person. (note: I started the first internet bank in Poland - on 
mainframe :-) )
Regarding passwords - IMHO private notebook/organizer is much better 
than saving passwords in web browser (do you remember password 
stealers?) or other "nice and automatic" methods. Even IT illiterates 
know how to protect paper organizer. And they know ways to obfuscate the 
notes.
Last, but not least: no hacker know method to read paper notebook. And 
most people are not subject of interest of KGB or other three letter 
agency.


--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Query - do you have access to GitHub from your z/OS system? And do you have git on your z/OS system?

[Frank Swarbrick]

I have git installed, but we don't make any real use of it at this point.
I don't have access to github because our mainframe has no internet access.  Do 
other shops mainframes have internet access?

From: IBM Mainframe Discussion List  on behalf of 
Lionel B. Dyck <057b0ee5a853-dmarc-requ...@listserv.ua.edu>
Sent: Wednesday, February 14, 2024 7:20 AM
To: IBM-MAIN@LISTSERV.UA.EDU 
Subject: Query - do you have access to GitHub from your z/OS system? And do you 
have git on your z/OS system?

As part of the z/OS Open Tools project I'm asking if your z/OS system has
access to GitHub. The reason for this question is that IBM, ISVs, and
open-source developers are increasingly using GitHub.

Questions:

1. Do you have access to GitHub from your z/OS system?
2. Do you have git installed on your z/OS system?

Thank you


Lionel B. Dyck <><
Github: https://github.com/lbdyck
System Z Enthusiasts Discord:
https://discord.gg/system-z-enthusiasts-880322471608344597

“Worry more about your character than your reputation. Character is what you
are, reputation merely what others think you are.”   - - - John Wooden

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Query - do you have access to GitHub from your z/OS system? And do you have git on your z/OS system?

[Pew, Curtis G]

On Feb 14, 2024, at 8:20 AM, Lionel B. Dyck 
<057b0ee5a853-dmarc-requ...@listserv.ua.edu> wrote:

Questions:

1. Do you have access to GitHub from your z/OS system?

Yes

2. Do you have git installed on your z/OS system?

Yes


Thank you

I spent much of the past two days helping one of our more traditional 
developers get more comfortable with git.

I probably should have responded to the last query: yes, we have Python and use 
it in production.


--
Curtis Pew
ITS Campus Solutions
curtis@austin.utexas.edu




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Lennie Dymoke-Bradshaw]

I would hope they are instead using a password generator and password safe such 
as Keepass, Passwordsafe, Lastpass or Bitwarden. Writing things down is not so 
good.
Welcome to the world of zero-trust.
Lennie

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Pommier, Rex
Sent: 14 February 2024 15:13
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Insecure security - was SDSF PS Command column

Steve,

You make a good point about making security so onerous one can't use it.  At my 
employer, we use a third party cloud application (unnamed to conceal the 
perpetrator) that doesn't use multi-factor yet.  However their password to get 
in has to be a minimum of 16 characters.  No problem, right, just use a 
passphrase type password.  However, they also require upper, lower, number, and 
special character.  And they keep a history of 10 prior passwords and require a 
change every 60 days.  Their requirements pretty much guarantee most people 
will be writing the passwords down, thus bypassing a lot of the security they 
think they have.  

Rex

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Steve Thompson
Sent: Wednesday, February 14, 2024 8:49 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: SDSF PS Command column

Seymour, this is a very interesting observation you made.

I'm now experiencing similar

With a certain banking system we use, you logon, and then you have to prove you 
are the person you say you are by providing more information. While having 2 
factor authentication.

With a certain cell provider, you have to login, then provide your PIN, then 
tell them your IMEI 

How many people have that information memorized?

At some point we make being secure, *insecure,* because we won't talk to you 
because we can't be sure you are who you say you are, even with 2 factor 
authentication, and your password.

Corporate paranoia.

Steve Thompson

On 2/13/2024 11:31 PM, Seymour J Metz wrote:
> The  problem is not auditors; it is incompetent auditors.
>
> In the Army they taught us that preventing authorized access is a security 
> violation. An unthinking automatic timeout is a DOS attack when it prevents 
> running an annual job.
>
> --
> Shmuel (Seymour J.) Metz
> https://urldefense.com/v3/__http://mason.gmu.edu/*smetz3__;fg!!KjMRP1I
> xj6eLE0Fj!r3eDyWon_gy4rfKn8xiwhaf7-aligjydAdLV_p-26FcFegDBRI5PS9lR5OH9
> bl_WBA3n8nAu4SOXe5hz$
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
> 
> From: IBM Mainframe Discussion List  on 
> behalf of Farley, Peter 
> <031df298a9da-dmarc-requ...@listserv.ua.edu>
> Sent: Monday, February 5, 2024 12:27 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: SDSF PS Command column
>
> I am constantly amazed at how much this whole “zero trust” meme is violating 
> the concept of sharing everything among application developers.  I for one 
> have no qualms about any other application programmer at my shop seeing any 
> coding I am doing (though I might be occasionally embarrassed by my own dumb 
> mistakes).
>
> It is not “innocent” to share access to application programming information 
> and styles and pitfalls, it is crucial to application programmer development 
> and advancement.  We learn from each other, especially from sharing our 
> mistakes as well as our best practices and clever innovations.
>
> Add to that stupid security rules like “if you didn’t access this resource 
> for the last 180 days we revoke your access to that resource”, which causes 
> all kinds of headaches when you have to suddenly deal with issues in a yearly 
> weekend production process and you don’t have read rights to the data files 
> you need to view to resolve the issue and the security team only works 9 to 5 
> weekdays and the on-call is out shopping somewhere.
>
> Shakespeare was almost right – first get rid of all the auditors, the lawyers 
> are easy to deal with compared to them.
>
> Peter
> From: IBM Mainframe Discussion List  On 
> Behalf Of Paul Gilmartin
> Sent: Monday, February 5, 2024 11:02 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: SDSF PS Command column
>
>
> On Mon, 5 Feb 2024 11:02:07 +, Rob Scott wrote:
>
>> ...
>> As to "why don't you just fix it ?"tstyle questions, we have to consider 
>> quite a few compatibility issues across n-2 releases especially when the 
>> "fix" requires changes to configuration and security ...
> Such as users' embedding cryptographic keys in commands?  Ugh!
>
>
>
> UNIX arose in a more innocent age when no one worried much about such as:
>
>  ls -lt /u
>
>
>
> --
>
> This message and any attachments are intended only for the use of the 
> addressee and may contain information that is privileged and confidential. If 
> the reader of the message is not the intended recipient or an authorized 
> representative of the intended recipient, you are hereby notified that any 
> dissemination of this communication is strictly 

Re: [EXTERNAL] Re: Insecure security - was SDSF PS Command column

[Pommier, Rex]

I've used them in the past too, but I would guess the average person on the 
street just writes their obtuse passwords down.  

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Jay 
Maynard
Sent: Wednesday, February 14, 2024 10:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: Insecure security - was SDSF PS Command column

This is what password managers were created for. I use Bitwarden, and can't 
recommend them highly enough.

On Wed, Feb 14, 2024 at 9:13 AM Pommier, Rex 
wrote:

> You make a good point about making security so onerous one can't use it.
> At my employer, we use a third party cloud application (unnamed to 
> conceal the perpetrator) that doesn't use multi-factor yet.  However 
> their password to get in has to be a minimum of 16 characters.  No 
> problem, right, just use a passphrase type password.  However, they 
> also require upper, lower, number, and special character.  And they 
> keep a history of 10 prior passwords and require a change every 60 
> days.  Their requirements pretty much guarantee most people will be 
> writing the passwords down, thus bypassing a lot of the security they think 
> they have.
>

--
Jay Maynard

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
The information contained in this message is confidential, protected from 
disclosure and may be legally privileged. If the reader of this message is not 
the intended recipient or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that any disclosure, 
distribution, copying, or any action taken or action omitted in reliance on it, 
is strictly prohibited and may be unlawful. If you have received this 
communication in error, please notify us immediately by replying to this 
message and destroy the material in its entirety, whether in electronic or hard 
copy format. Thank you.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

AI strikes again in another court...

[Steve Thompson]

This is from a Legal news paper (as it were) [law360.com]

AI-Generated Fake Case Law Leads To Sanctions In Wage Suit
By Rose Krebs

The owner of a Missouri-based technology business that was 
ordered to pay an ex-employee roughly $311,000 in unpaid wages, 
damages and legal costs was sanctioned Tuesday by an appellate 
court for briefing "deficiencies," including *submitting fake 
cases generated by artificial intelligence. *


---

How many more of these kinds of things are we going to see if we 
do not find a way to, in the hardware(?), effect laws to stop 
this (I keep thinking of Isaac Asimov's fiction about robotics...)


What will keep us from having "creative accounting" that humans 
just wouldn't be able to "audit"?


Imagine the IRS (or other national tax agency) implementing AI 
that is not neutral, but shaded toward the state


Yes this can be done on any platform, but this ability can also 
be used by bad actors to exploit holes in security and that 
includes Mainframes.


Steve Thompson

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Insecure security - was SDSF PS Command column

[Jay Maynard]

This is what password managers were created for. I use Bitwarden, and can't
recommend them highly enough.

On Wed, Feb 14, 2024 at 9:13 AM Pommier, Rex 
wrote:

> You make a good point about making security so onerous one can't use it.
> At my employer, we use a third party cloud application (unnamed to conceal
> the perpetrator) that doesn't use multi-factor yet.  However their password
> to get in has to be a minimum of 16 characters.  No problem, right, just
> use a passphrase type password.  However, they also require upper, lower,
> number, and special character.  And they keep a history of 10 prior
> passwords and require a change every 60 days.  Their requirements pretty
> much guarantee most people will be writing the passwords down, thus
> bypassing a lot of the security they think they have.
>

-- 
Jay Maynard

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: How read Cyl 0 from within a program?

[Tom Brennan]

I just took a look.  That's a good example of an EXCP with its own CCW, 
which is the way I would have attempted this.  Just wondering, how did 
you find this on the CBT?  I always have to ask Sam.


On 2/14/2024 5:14 AM, Joe Monk wrote:

Take a look at the CBT, file 846.

I believe the TRK0SAVE program takes the IPL records from a DASD and writes
them out to a dataset.

https://www.cbttape.org/ftp/cbt/CBT846.zip

Joe

On Tue, Feb 13, 2024 at 12:20 PM Charles Mills  wrote:


I am interested in writing a program to read the IPL records from a DASD
volume. (Read only, not update). I am comfortable with XDAP but how do I
OPEN a "dataset" that would include cylinder 0?

APF, OPERATIONS and so forth are not out of the question.

Thanks,
Charles

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Insecure security - was SDSF PS Command column

[Pommier, Rex]

Steve,

You make a good point about making security so onerous one can't use it.  At my 
employer, we use a third party cloud application (unnamed to conceal the 
perpetrator) that doesn't use multi-factor yet.  However their password to get 
in has to be a minimum of 16 characters.  No problem, right, just use a 
passphrase type password.  However, they also require upper, lower, number, and 
special character.  And they keep a history of 10 prior passwords and require a 
change every 60 days.  Their requirements pretty much guarantee most people 
will be writing the passwords down, thus bypassing a lot of the security they 
think they have.  

Rex

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Steve Thompson
Sent: Wednesday, February 14, 2024 8:49 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: SDSF PS Command column

Seymour, this is a very interesting observation you made.

I'm now experiencing similar

With a certain banking system we use, you logon, and then you have to prove you 
are the person you say you are by providing more information. While having 2 
factor authentication.

With a certain cell provider, you have to login, then provide your PIN, then 
tell them your IMEI 

How many people have that information memorized?

At some point we make being secure, *insecure,* because we won't talk to you 
because we can't be sure you are who you say you are, even with 2 factor 
authentication, and your password.

Corporate paranoia.

Steve Thompson

On 2/13/2024 11:31 PM, Seymour J Metz wrote:
> The  problem is not auditors; it is incompetent auditors.
>
> In the Army they taught us that preventing authorized access is a security 
> violation. An unthinking automatic timeout is a DOS attack when it prevents 
> running an annual job.
>
> --
> Shmuel (Seymour J.) Metz
> https://urldefense.com/v3/__http://mason.gmu.edu/*smetz3__;fg!!KjMRP1I
> xj6eLE0Fj!r3eDyWon_gy4rfKn8xiwhaf7-aligjydAdLV_p-26FcFegDBRI5PS9lR5OH9
> bl_WBA3n8nAu4SOXe5hz$
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
> 
> From: IBM Mainframe Discussion List  on 
> behalf of Farley, Peter 
> <031df298a9da-dmarc-requ...@listserv.ua.edu>
> Sent: Monday, February 5, 2024 12:27 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: SDSF PS Command column
>
> I am constantly amazed at how much this whole “zero trust” meme is violating 
> the concept of sharing everything among application developers.  I for one 
> have no qualms about any other application programmer at my shop seeing any 
> coding I am doing (though I might be occasionally embarrassed by my own dumb 
> mistakes).
>
> It is not “innocent” to share access to application programming information 
> and styles and pitfalls, it is crucial to application programmer development 
> and advancement.  We learn from each other, especially from sharing our 
> mistakes as well as our best practices and clever innovations.
>
> Add to that stupid security rules like “if you didn’t access this resource 
> for the last 180 days we revoke your access to that resource”, which causes 
> all kinds of headaches when you have to suddenly deal with issues in a yearly 
> weekend production process and you don’t have read rights to the data files 
> you need to view to resolve the issue and the security team only works 9 to 5 
> weekdays and the on-call is out shopping somewhere.
>
> Shakespeare was almost right – first get rid of all the auditors, the lawyers 
> are easy to deal with compared to them.
>
> Peter
> From: IBM Mainframe Discussion List  On 
> Behalf Of Paul Gilmartin
> Sent: Monday, February 5, 2024 11:02 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: SDSF PS Command column
>
>
> On Mon, 5 Feb 2024 11:02:07 +, Rob Scott wrote:
>
>> ...
>> As to "why don't you just fix it ?"tstyle questions, we have to consider 
>> quite a few compatibility issues across n-2 releases especially when the 
>> "fix" requires changes to configuration and security ...
> Such as users' embedding cryptographic keys in commands?  Ugh!
>
>
>
> UNIX arose in a more innocent age when no one worried much about such as:
>
>  ls -lt /u
>
>
>
> --
>
> This message and any attachments are intended only for the use of the 
> addressee and may contain information that is privileged and confidential. If 
> the reader of the message is not the intended recipient or an authorized 
> representative of the intended recipient, you are hereby notified that any 
> dissemination of this communication is strictly prohibited. If you have 
> received this communication in error, please notify us immediately by e-mail 
> and delete the message and any attachments from your system.
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
> 

Re: SDSF PS Command column

[Steve Thompson]

Seymour, this is a very interesting observation you made.

I'm now experiencing similar

With a certain banking system we use, you logon, and then you 
have to prove you are the person you say you are by providing 
more information. While having 2 factor authentication.


With a certain cell provider, you have to login, then provide 
your PIN, then tell them your IMEI 


How many people have that information memorized?

At some point we make being secure, *insecure,* because we won't 
talk to you because we can't be sure you are who you say you are, 
even with 2 factor authentication, and your password.


Corporate paranoia.

Steve Thompson

On 2/13/2024 11:31 PM, Seymour J Metz wrote:

The  problem is not auditors; it is incompetent auditors.

In the Army they taught us that preventing authorized access is a security 
violation. An unthinking automatic timeout is a DOS attack when it prevents 
running an annual job.

--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר


From: IBM Mainframe Discussion List  on behalf of Farley, 
Peter <031df298a9da-dmarc-requ...@listserv.ua.edu>
Sent: Monday, February 5, 2024 12:27 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SDSF PS Command column

I am constantly amazed at how much this whole “zero trust” meme is violating 
the concept of sharing everything among application developers.  I for one have 
no qualms about any other application programmer at my shop seeing any coding I 
am doing (though I might be occasionally embarrassed by my own dumb mistakes).

It is not “innocent” to share access to application programming information and 
styles and pitfalls, it is crucial to application programmer development and 
advancement.  We learn from each other, especially from sharing our mistakes as 
well as our best practices and clever innovations.

Add to that stupid security rules like “if you didn’t access this resource for 
the last 180 days we revoke your access to that resource”, which causes all 
kinds of headaches when you have to suddenly deal with issues in a yearly 
weekend production process and you don’t have read rights to the data files you 
need to view to resolve the issue and the security team only works 9 to 5 
weekdays and the on-call is out shopping somewhere.

Shakespeare was almost right – first get rid of all the auditors, the lawyers 
are easy to deal with compared to them.

Peter
From: IBM Mainframe Discussion List  On Behalf Of 
Paul Gilmartin
Sent: Monday, February 5, 2024 11:02 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SDSF PS Command column


On Mon, 5 Feb 2024 11:02:07 +, Rob Scott wrote:


...
As to "why don't you just fix it ?"tstyle questions, we have to consider quite a few 
compatibility issues across n-2 releases especially when the "fix" requires changes to 
configuration and security ...

Such as users' embedding cryptographic keys in commands?  Ugh!



UNIX arose in a more innocent age when no one worried much about such as:

 ls -lt /u



--

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Missing LMOD doing APPLY

[Gord Neill]

We opened a ticket with IBM, and they said that installing z/OS 3.1 using CBPDO 
on a brand new system is not supported, we need to use ServerPac.

>From the z/OS 3.1 Planning for Installation manual:

If you are a new customer and did not have z/OS installed previously, use one 
of the following installation packages to install z/OS 3.1:
* For entitled packages (ServerPac and CBPDO), use ServerPac (z/OSMF 
portable software instance). You   also need the Customized Offerings Driver 
(5751-COD) as a   driving system; the Customized Offering Driver is 
entitled.

It's a wee bit fuzzy when they say use "one of the following", but the only one 
is ServerPac.  We've ordered a ServerPac and will go forward with that.  

Thanks to all for your help.

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Kurt Quackenbush
Sent: Friday, February 9, 2024 9:51 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Missing LMOD doing APPLY

Caution: This email is originated from outside the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


> We are using the waves and ripples sequence in the Program Directory.  This 
> error occurs in Wave 0.



> We found that LMOD IEWDLR00 is created in HBB77E0.F6(HBB77E0), STEP 17.  
> Looks like part of Wave 1A.

> Is it possible that running the DDDEFs for Wave 1 and Wave 2 before Wave 0 
> APPLY was completed has messed up things, i.e. pointing to incorrect 
> libraries?

No, the presence of DDDEF entries should not affect or cause this error.

If you have not already, I suggest you open a support case with IBM as I think 
we need to look at your output to debug this further.  IEWDLR00 defined I Wave 
1A, after Wave 0, is a head scratcher.  There should be no reference to 
IEWDLR00 in Wave 0.  Are you installing into a brand new empty target zone, or 
did you make a copy of the target zone from a prior release?

Kurt Quackenbush
IBM  |  z/OS SMP/E and z/OSMF Software Management  |  ku...@us.ibm.com

Chuck Norris never uses CHECK when he applies PTFs.

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Query - do you have access to GitHub from your z/OS system? And do you have git on your z/OS system?

[Lionel B. Dyck]

As part of the z/OS Open Tools project I'm asking if your z/OS system has
access to GitHub. The reason for this question is that IBM, ISVs, and
open-source developers are increasingly using GitHub.

Questions:

1. Do you have access to GitHub from your z/OS system?
2. Do you have git installed on your z/OS system?

Thank you


Lionel B. Dyck <>< 
Github: https://github.com/lbdyck
System Z Enthusiasts Discord:
https://discord.gg/system-z-enthusiasts-880322471608344597

“Worry more about your character than your reputation. Character is what you
are, reputation merely what others think you are.”   - - - John Wooden

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: How read Cyl 0 from within a program?

[Joe Monk]

Take a look at the CBT, file 846.

I believe the TRK0SAVE program takes the IPL records from a DASD and writes
them out to a dataset.

https://www.cbttape.org/ftp/cbt/CBT846.zip

Joe

On Tue, Feb 13, 2024 at 12:20 PM Charles Mills  wrote:

> I am interested in writing a program to read the IPL records from a DASD
> volume. (Read only, not update). I am comfortable with XDAP but how do I
> OPEN a "dataset" that would include cylinder 0?
>
> APF, OPERATIONS and so forth are not out of the question.
>
> Thanks,
> Charles
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Banks migrate from mainframes to AI-driven cloud

[Allan Staller]

Classification: Confidential

Thae last LzLabs project I was involved in was finally completed  1 1/2 years 
late and the overrun ate up all of the potential saving to the client.
LzLabs now has a total AFAIK 2 "production" implementations.

My USD $0.02 worth

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Andrew Wilkinson
Sent: Tuesday, February 13, 2024 6:52 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Banks migrate from mainframes to AI-driven cloud

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don’t click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

> Just ask LzLabs how its goingQuite well I would guess. Otherwise IBM wouldn't 
> bother to sue.


--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
::DISCLAIMER::

The contents of this e-mail and any attachment(s) are confidential and intended 
for the named recipient(s) only. E-mail transmission is not guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or may contain viruses in transmission. 
The e mail and its contents (with or without referred errors) shall therefore 
not attach any liability on the originator or HCL or its affiliates. Views or 
opinions, if any, presented in this email are solely those of the author and 
may not necessarily reflect the views or opinions of HCL or its affiliates. Any 
form of reproduction, dissemination, copying, disclosure, modification, 
distribution and / or publication of this message without the prior written 
consent of authorized representative of HCL is strictly prohibited. If you have 
received this email in error please delete it and notify the sender 
immediately. Before opening any email and/or attachments, please check them for 
viruses and other defects.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Banks migrate from mainframes to AI-driven cloud

[Andrew Wilkinson]

Perhaps I misunderstood the original remark.The business of migrating to the 
cloud must be doing well if IBM has decided to sue.I don't know how the actual 
case is progressing. Cheers,Andrew


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN