from Yahoo Mail for iPhone
>
>
> On Monday, May 6, 2019, 3:53 PM, Bigendian Smalls
> wrote:
>
> Which is how 80% of all the hacks today start. Find purchase and advance
> your position. This is how the game is played. It was as classic of a hack as
> anything today.
>
>>
Which is how 80% of all the hacks today start. Find purchase and advance your
position. This is how the game is played. It was as classic of a hack as
anything today.
> On May 6, 2019, at 21:43, Bill Johnson
> <0047540adefe-dmarc-requ...@listserv.ua.edu> wrote:
>
> Still never would
Charles is correct. He found vulnerabilities in DFS I believe. Used that for
privesc.
> On May 6, 2019, at 21:17, Charles Mills wrote:
>
> No.
>
> From the link you cite:
>
> "According to various sources, the hackers succeeded in finding (and
> exploiting) at least 2 previously unknown
An update on this for those using CentOS or RHEL. Got it working just fine
tonight.
The problem exists in the update of glibc to 157.el7_3.1
The last version that I can make work (of glibc) is 106.el7_2.6
The 106 version of glibc is in the 1511 minor release of CentOS 7.2.
The issue is with the USB licensing / sw protection system (sentinel by
gemalto) and it’s interaction with either a kernel code/module, or library
update (like a libc etc)
For CentOS anyway, I’ve almost got it narrowed down to the exact update
(presume it’ll be the same for RedHat etc). When
> "Drink waters out of thine own cistern, and running waters out of thine own
> well." -Proverbs 5:15
This stuff just got biblical.It’s about time.
:)
> --
> Jack J. Woehr # Science is more than a body of knowledge. It's a way of
> www.well.com/~jax # thinking, a way of
See this webinar about RD
"DRINKING OUR OWN CHAMPAGNE, WITH Z SYSTEMS DEVELOPMENT AND TEST ENVIRONMENT
V10 (2)”
Start Date:1/24/2017
Start Time:12:00 PM CST
Duration:60 minutes
https://vts.inxpo.com/scripts/Server.nxp?LASCmd=AI:4;F:QS!10100=36587
Have you tried running the daemon in foreground/debug mode to see what it's
trying to do and failing on? You can run the client also with debug messages,
if necessary. This solves 99% of my wonky ssh issues.
sshd -dd -D -f /your-sshd-file
Chad
> On Dec 11, 2016, at 05:25, venkat kulkarni
. Nope.
Respectfully,
Chad
> On Dec 9, 2016, at 12:40 AM, Timothy Sipples <sipp...@sg.ibm.com> wrote:
>
> Bigendian Smalls wrote:
>> TL;DR - there needs to be a free version of z/os & it’s siblings sooner
> than
>> later, to not do this is to potentially starv
Not to be contrarian, but - well - let me be contrarian. Rant coming. TL;DR -
there needs to be a free version of z/os & it’s siblings sooner than later, to
not do this is to potentially starve the platoform out of existence as we know
it.
I don’t think, for a moment, that when people ask
If it were me, I’d start by Googling open source web file sharing or open
source private cloud. I think the issue is starting with “Z” based xyz. Most
/ many technologies can / will run on z if they’re java / c / plain ol’ web
type stuff - you might very well be able to port or even just
I am trying to setup a virtual server on zos 2.2 apache http server. My intent
is to have anyone coming in on ip 12.1.1.12:80 to be directed to a welcome
page html. But I keep getting the access error below. I have tried many, many
different directive variations but no luck. Any examples or
This is something I hadn’t heard much about, but a couple questions come to
mind - for anyone who has thought about or implemented this:
1) If you have a pool of IDs, then are you losing granularity with which you
might want to assign privelages? Meaning you now have to have IDs that have
especially
when FTP/S isn't configured.
On Nov 18, 2016, at 06:07, David Crayford
<dcrayf...@gmail.com<mailto:dcrayf...@gmail.com>> wrote:
On 18/11/2016 7:52 PM, Bigendian Smalls wrote:
Any Linux or unix or MacOS has sftp built in.
I believe only binary transfers are possible with t
Any Linux or unix or MacOS has sftp built in.
I believe only binary transfers are possible with these, you'll have to
character convert separately.
But it'll be sufficient to test your implementation.
> On Nov 18, 2016, at 05:10, David Crayford wrote:
>
> I've googled
Rocket ported tools has curl.
> On Oct 14, 2016, at 1:36 PM, Dyck, Lionel B. (TRA) wrote:
>
> Is there a OMVS version of WGET?
>
> Thanks
>
> --
> Lionel B. Dyck (TRA Contractor)
> Mainframe Systems
You can run z/PDT on a Linux VM in a free or cheap hypervisor (Like vmware
fusion or virtualbox) on a small Mac or PC giving it only 1 CP and ~3G ram if
you're the only one on it. Don't need to pay for SUSE or CENTos (both are
supported and free).
It works pretty well in this config if all
Thoughts - Charles is right on. And:
> How can IBM know that your hardware is working correctly and they aren't
> having to diagnose your hardware system rather than just diagnosing their
> software, if you get what I mean?
The license would be 'as is' - no support. And it'd be easier to
Not necessarily IBM specific, but probably of interest to some.
http://www.cio.com/article/3126816/dell-emc-patches-critical-flaws-in-vmax-enterprise-storage-systems.html
http://arstechnica.com/security/2016/10/security-company-finds-five-zero-day-flaws-in-emc-management-console/
While we are piling on, I agree - it’s pretty miserable (and still full of
broken links).The only reasonable way to find anything these days is
searching one at a time (which works fairly well) but I miss the tree-driven
system, and generally revert to the PDFs now constantly.
Chad
> On
t is MORE secure, or at least, that the security is 100% in your hands.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Bigendian Smalls
Sent: Wednesday, June 22, 2016 8:46 AM
To: IBM-MAIN@LISTSERV.UA.EDU<mailto:IBM-MAIN@lis
Well said Charles!Slightly OT - It’s also worth noting that while the
powers of the internet have seen fit to bless
the likes of Verisign and GoDaddy as “trusted” they’ve also blessed quite a
few others with more dubious
roots. The latest revision of Firefox, for example, has 168 unique
In general ..
Mirroring is a recovery technology for infrastructure - should you lose
hardware / geographic incident, etc. - If you have any data corruption
(intentional or otherwise) - Mirroring just makes it worse.. If you’re serious
about having a development environment (Most shops are
> However, you will be able to use HTTPS.
Kurt - that hasn’t been my experience on z/OS 2.1. Without Sec Lvl 3
(JCPT411) the test SMP/E download job fails - captures show that it cannot
negotiate a common cipher suite with the server - and fails right after the
Client Hello - as I’d expect
My favorite, along this line, was taking a screenshot of the users desktop and
replacing their wallpaper with this, then hiding the desktop icons. The gift
that keeps giving.
Chad.
> On Apr 1, 2016, at 11:10 AM, Pommier, Rex wrote:
>
> Hmm, mine works on a
That’s a satire piece, but I”m sure you knew that :)
The NAND chip replacement avenue, as far as I’ve heard, is not the route
they’re going with this - it’s a software exploit from all I have seen.
Chad
> On Mar 29, 2016, at 12:11 PM, Roach, Dennis wrote:
>
> Has
Check out the zfsadm command for info on the volume. It's likely a mount point
at /usr.
https://www.ibm.com/support/knowledgecenter/#!/SSLTBW_2.1.0/com.ibm.zos.v2r1.ioea700/ioea7zcmd1008032.htm
Chad
> On Mar 21, 2016, at 4:41 PM, Scott Ford wrote:
>
> All,
>
> How do
>
> How much malware is there on github? The only malware I'm aware of is the
> stuff security companies throw up for scrutiny.
No idea. How much is too much if you get hit by, say some type of ransomware?
It was an AS400 according to the full report
Behind the scenes, KWC was a likely candidate for a data breach. Its internet-
facing perimeter showed several high-risk vulnerabilities often seen being
exploited in the wild. The OT end of the water district relied heavily on
antiquated computer
: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Bigendian Smalls
> Sent: Friday, March 04, 2016 12:00 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: gist.github.com unreachable [was: RE: rexx and tso alllocate]
>
>> On Mar 4, 2016, at 10:46 A
On Mar 4, 2016, at 10:46 AM, Leonardo Vaz wrote:
>
> You could be right, it might just be unintentional blocking.
>
> I would certainly prefer this version vs intentional blocking since the later
> is pretty much security by obscurity (as long as you don't know the code you
> 192 prefixed IP addresses are class C addresses
> https://en.wikipedia.org/wiki/Classful_network.
That's a deprecated term. Since this introduction of cidr addresses there
really aren't classes of addresses anymore. The only special 192.x.x.x
addresses are the private space as has been
192.168.0.0/16 is the private address space. This IP is outside that.
Were I a betting man, I'd say many employers block some or all GitHub as a
security risk because of he possibility of people downloading malicious code.
> On Mar 4, 2016, at 9:50 AM, Farley, Peter x23353
>
Fantastic thank you.
> On Feb 25, 2016, at 3:36 AM, Timothy Sipples wrote:
>
> Yes, take a look here for source code (with more to come, including as I
> understand it more details on building on z):
>
> https://github.com/IBM-Blockchain
>
Hey Timothy -
I’ve read quite a bit on blockchain - and agree it could be very game changing
for certain types of applications.
It was stated elsewhere that IBM’s implementation (along with their corporate
and Linux partners) would be open source. Is it available yet?
Cheers
Chad
> On
> It seems, but it concerns me that one can't rely on the width in the format
> specification for visual column alignment of tabular data. "C", but not awk,
> may have additional format modifiers to make this work. Probably even
> worse for DBCS with shift-in/shift-out sequences.
>
>>> On Feb
Which part of that concerns you? Seems like expected awk & printf behavior no?
> On Feb 20, 2016, at 7:37 PM, Paul Gilmartin
> <000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
>
>> On Sun, 21 Feb 2016 00:21:08 +, Bigendian Smalls wrote:
>>
&g
Agreed 100%
> On Feb 20, 2016, at 6:13 PM, Paul Gilmartin
> <000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
>
>> On Sat, 20 Feb 2016 00:41:22 +0000, Bigendian Smalls wrote:
>>
>> The answer may be in compiling it to be Unicode based. Gonna look into i
To really make it go you need the whole autotools suite. Make autoconf
automake m4 configure etc. Have had some luck getting most of those going. The
usual stumbling blocks are code page as per usual.
> On Feb 20, 2016, at 10:42 AM, Paul Gilmartin
>
Is there a defined klingon code page?
> On Feb 20, 2016, at 11:07 AM, Charles Mills wrote:
>
> Going just from memory here -- too lazy or too inconsequential to look it up.
>
> 1. Yes, the bit has gone away.
> 2. It never did much. After all, CLC or MVC does not care if the
The answer may be in compiling it to be Unicode based. Gonna look into it
with the extra 'round tuits.
> On Feb 19, 2016, at 6:28 PM, Farley, Peter x23353
> wrote:
>
> AFAIK that version is strictly EBCDIC, intended to be run using JCL in batch
> jobs
Yes well there in lies the rub. I've been working on compiling gcc on and off
for a while. Eventually I'll get it and share :)
> On Feb 19, 2016, at 1:35 PM, Vince Coen <vbc...@gmail.com> wrote:
>
> Not on a m/f but loads of other kit.
>
> On 19/02/16 18:24, B
ilmartin wrote:
>> On 2016-02-19, at 10:14, Bigendian Smalls wrote:
>>> I always feel like i have to backtrack skills learned over decades of other
>>> ‘nix’s when using OMVS .. would be nice to have a modern complement of
>>> tools and switches.
>>>
>&
complement of tools
and switches.
Chad
> On Feb 19, 2016, at 10:48 AM, Paul Gilmartin
> <000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
>
> On 2016-02-19, at 09:26, Bigendian Smalls wrote:
>>
>> I’m a big proponent of using the switches to be sure and
9:35 AM, Paul Gilmartin
> <000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
>
> On 2016-02-19, at 07:48, Bigendian Smalls wrote:
>
>> Tim have you tried this from a shell at the root of your ZFS partition (or
>> just root / )
>>
>> du -sk | sort
> But beware; it may be resource-intensive.
Alternatively you could du -sk * > file.txt
then cat file.txt|sort
Saving the trouble of doing it in memory. Though I suspect calculating the
sizes of the folders is much much more intensive than sorting a relatively
brief set of text.
> Does UNIX
Couple other commands handy to manage ZFS / other mountpoint sizes
zfsadm aggrinfo
ex:
...
ZFS.DIR.U2 (R/W COMP): 1314251 K free out of total 2728080
df -kP
ex:
Filesystem 1024-blocksUsed Available Capacity Mounted on
...
ZFS.DIR.U2 2728080 14138291314251
Tim have you tried this from a shell at the root of your ZFS partition (or just
root / )
du -sk | sort
*that’s a pipe sign, not an I or an l :)
drop the | sort if you just want to see the folder sizes in alphabetical order
That should give you all the directories sizes in kilobytes sorted
Two factor auth in the OS is a big (and long overdue) deal. Has anyone heard
of this in a general flavor of z/os or know what version / add-on might contain
such a thing for the rest of us?
> On Feb 16, 2016, at 9:10 AM, Dana Mitchell wrote:
>
> I found support for SSL
That is a devastating loss. And sounds like bizarre circumstances-yet to get
all the details.
> On Dec 31, 2015, at 09:00, Andre Massena wrote:
>
> An this as well -
> http://www.theregister.co.uk/2015/12/30/ian_murdock_debian_founder/
>
>
>
>
> Message
Apologies to Shane I hadn't read beyond the first reply. Best sir.
> On Dec 31, 2015, at 09:58, Bigendian Smalls <mainfr...@bigendiansmalls.com>
> wrote:
>
> That is a devastating loss. And sounds like bizarre circumstances-yet to get
> all the details.
>
>
Working on a git compilation - but it isn’t ready for prime time yet. I’ll let
you know when it is.
I haven’t seen any commercial or non-commercial version that work out of the
box. I’m compiling from source. Slowly.
Very Slowly.
> On Dec 18, 2015, at 1:46 AM, Munif Sadek
check on pax command. think there's some overlap there.
> On Dec 16, 2015, at 18:54, Pinnacle wrote:
>
>> On 12/16/2015 7:41 PM, Leonard Sasso wrote:
>> Hello !
>> Anyone know of a product (besides Data21's ZIP/390 Product), that can
>> "extract" a file(s) from a TAR
Hey Bob - perfect!
Any chance you’d be willing to take Paypal or Wells Fargo’s sure pay? Both
just require an email address (being an employee of the latter I can vouch for
it’s integrity).
If not, no sweat - just gotta find a check, envelope, stamp, :) Perils of the
21st century.
Depending on the volume, python's usage of the REST APIs I've used (like Aws
works great). I'm sure it'd be not to hard to do in REXX also from the few
client HTTP code snippets I've seen in Google.
But the python one works great - using Rocket's ported tools. fwiw.
Chad
> On Nov 23,
.
>> On Nov 23, 2015, at 19:30, David Crayford <dcrayf...@gmail.com> wrote:
>>
>> On 24/11/2015 9:12 AM, Bigendian Smalls wrote:
>> Depending on the volume, python's usage of the REST APIs I've used (like Aws
>> works great). I'm sure it'd be not to hard to do
It occurs to me Tony, there could be a multitude things here. But one involves
routes and routing tables. Presuming the two networks on your multi-homed HMC
don't overlap (different subnets) I'd wonder how your routes in that box are
set up (default and otherwise).
#3 concerns me a little
y for . At first we thought maybe the the laptops
> in the z10, but the ping does not fail if we disconnect the cable going to
> the z10 switch.
>
> I wish I could get into the real linux and doing some displays.
>
> Tony Thigpen
>
> Bigendian Smalls wrote on
Hi Nathan -
I believe the HMCs come default with a self-signed certificate (meaning not
generated by a real Certificate Authority), rather the kind that anyone can
just create on their own - getting the encryption benefits, but not the
verification ones that come with certificates.
I think
Lizette is correct. You need an SMS DC to get the EA but you don't need SMS to
manage the allocation. I do this with ZFS and other non ZFS all the time.
Chad
> On Nov 10, 2015, at 05:26, Lizette Koehler wrote:
>
> I think you need a dataclas the adds the ea/ef
I think you want gofundme. More for a personal goal vs product.
> On Nov 7, 2015, at 18:24, Charles Mills wrote:
>
> Does anyone have any experience with setting up an account on KickStarter?
>
> You need a budget or goal on KickStarter. What would a reasonable budget be
Outstanding … very cool
> On Nov 6, 2015, at 3:05 PM, Connor Krukosky wrote:
>
> Mine is a model 320.
> I wouldn't mind getting a larger system but the problem is if I can't just
> trade say the PU Book and the SE's to do this then I would like to NOT have
> to go
For binary you have to use sftp - uses the same back end as openssh. Very easy
to configure - couple settings in the sshd_config file.
For hashing I use ported tools OpenSSL.
openssl md5
that works great.
> On Nov 2, 2015, at 15:29, Paul Gilmartin
>
hey Venkat -
Pinging (even /bin/ping) requires root (if you look at it on a UNIX / linux
machine it is almost always a SETUID binary, executing with root privelidges)
privileges.
The perl version is no different (same underlying reasons - opening a socket in
raw mode is a high privilege
the other end is there. I would try
this route - it’s the safest, doesn’t require privilege escalation and should
work unless you have firewalls in the middle dropping those packets.
Best,
Chad
On Oct 29, 2015, at 10:17 AM, Bigendian Smalls
<mainfr...@bigendiansmalls.com<mailto:
type ping, but I
suspect that might not have the same effect. TCP sockets do not require root
permissions.
On Oct 29, 2015, at 10:17 AM, Bigendian Smalls
<mainfr...@bigendiansmalls.com<mailto:mainfr...@bigendiansmalls.com>> wrote:
hey Venkat -
Pinging (even /bin/ping) requires
Maybe a guilty conscience is the driver ?
http://mobile.reuters.com/article/idUSKCN0SD0AT20151019
On Oct 18, 2015, at 23:13, Ed Gould
> wrote:
http://www.theregister.co.uk/2015/10/18/ibm_source_code_chinese_government/
Another take on
It does beg the question of who is looking out, software vulnerability-wise,
for those who don’t have enough clout to review source code. As Barry
mentions, there is no such thing as perfect code. There is a lot of trust out
there I think, and not enough skepticism / push back in this area.
And - I don’t mean to imply at all that most companies are willfully abusing
that fact, just simply that most software is a black box.
> On Oct 17, 2015, at 11:08 AM, Clark Morris wrote:
>
> On Sat, 17 Oct 2015 06:16:47 -0700 (PDT), in bit.listserv.ibm-main you
>
Positively terrifying. I know large companies often get to review unthinkable
source code, because of the risks this article states. But a foreign
government, and China no less - seems risky. I’m sure it is done ‘eyes only’
and they don’t actually get to keep a copy. But still, stealing IP
Thanks Jack! - Chad
> On Oct 15, 2015, at 2:49 PM, Jack J. Woehr wrote:
>
> Mark Post wrote:
>> Related to this, Chad Rikansrud has written a blog post about APAR OA43999
>> and just how much that APAR improves RACF's encryption.
>>
71 matches
Mail list logo