Re: grep ascii files...

[Itschak Mugzach]

In my specific case, it is all English (IBMish).

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Fri, Apr 19, 2024 at 6:31 PM Seymour J Metz  wrote:

> It depends on the language and the context. I'm not conversant with
> Arabic, but Hebrew uses both, as does English.
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
> 
> From: IBM Mainframe Discussion List  on behalf
> of Paul Gilmartin <042bfe9c879d-dmarc-requ...@listserv.ua.edu>
> Sent: Thursday, April 18, 2024 12:03 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: grep ascii files...
>
> On Thu, 18 Apr 2024 15:02:41 +, Farley, Peter wrote:
>
> >Re: “When typing Hebrew or Arabic text on a 3270, does tne cursor move
> right-to-left?”, I can testify that yes it does.  Quite remarkable when you
> first see it, but then for numeric fields it moves left to right, just like
> non-Arabic/Hebrew screens.  And while typing non-numeric characters, the
> characters you already typed can change as you type other characters,
> according to the language rules.
> >
> someone conversant with such languages has posted here that the
> spoken convention is low-to-high order: "four and twenty blackbirds."
>
> --
> gil
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: grep ascii files...

[Itschak Mugzach]

The file is a .jar which is an ascii archive. However, the text I was
looking for was not condensed. rep did not discover the text.

Anyway, I have an alternative. I just hoped grep will be shorter in terms
of elapsed and cpu.

ITachak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Thu, Apr 18, 2024 at 7:17 PM Grant Taylor <
023065957af1-dmarc-requ...@listserv.ua.edu> wrote:

> On 4/18/24 11:03 AM, Paul Gilmartin wrote:
> > someone conversant with such languages has posted here that the spoken
> > convention is low-to-high order: "four and twenty blackbirds."
>
> Would you please clarify / confirm the example language?  "four and
> twenty blackbirds" sort of breaks my brain and I'd like to research and
> learn more.
>
>
>
> --
> Grant. . . .
> unix || die
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: grep ascii files...

[Itschak Mugzach]

Kirk,

I want to directly grep ascii files instead of iconv first.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ה׳, 18 באפר׳ 2024 ב-15:37 מאת Kirk Wolf :

> Behold the power of Unix pipelines:
>
> $ iconv -f ISO8859-1 -t IBM-1047  myasciifile | grep  MATCH
>
> iconv is not "first converting" the the whole file to EBCDIC since both
> iconv and grep run at the same time :-)
>
> Kirk Wolf
> Dovetailed Technologies
> https://coztoolkit.com
>
> On Thu, Apr 18, 2024, at 4:03 AM, ITschak Mugzach wrote:
> > Is there any command to grep ascii files without the need to first
> convert
> > them to ebcdic (iconv -f)?
> >
> > ITschak
> >
> > ITschak Mugzach
> > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> > for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

grep ascii files...

[ITschak Mugzach]

Is there any command to grep ascii files without the need to first convert
them to ebcdic (iconv -f)?

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IMS - DFSRRC00 vs ODBA

[ITschak Mugzach]

If the database is local, ODBC will slow it down. DFSRRC00 is batch
oriented ( may run with TM/DBCTL as well).
The question you need to answer is where the database is.

ITschak


*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ב׳, 15 באפר׳ 2024 ב-20:06 מאת Pierre Fichaud :

> To All,
> My IMS is somewhat limited and my terminology may be incorrect.
>
> Is there a performance difference between 1) executing DFSRRC00  and
> 2) executing an assembler program that uses ODBA calls ?
> 1) An assembler routine and a PSB name would be provided to DFSRRC00.
> I'm not sure what API is used in this case.
> 2) The assembler program (JOB STEP program) would be supplied a PSB
> name.
> The calls would be CIMS INIT, APSB, GN, DPSB, TERM and TALL using
> AERTDLI.
> Thanks in advance, Pierre.
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IMS - DFSRRC00 vs ODBA

[Itschak Mugzach]

If the database is local, ODBC will slow it down. DFSRRC00 is batch
oriented ( may run with TM/DBCTL as well).
The question you need to answer is where the database is.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ב׳, 15 באפר׳ 2024 ב-20:06 מאת Pierre Fichaud :

> To All,
> My IMS is somewhat limited and my terminology may be incorrect.
>
> Is there a performance difference between 1) executing DFSRRC00  and
> 2) executing an assembler program that uses ODBA calls ?
> 1) An assembler routine and a PSB name would be provided to DFSRRC00.
> I'm not sure what API is used in this case.
> 2) The assembler program (JOB STEP program) would be supplied a PSB
> name.
> The calls would be CIMS INIT, APSB, GN, DPSB, TERM and TALL using
> AERTDLI.
> Thanks in advance, Pierre.
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ./ ADD - which utility?

[ITschak Mugzach]

IEBUPDTE. JCL can be found in google

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Sat, Apr 13, 2024 at 5:30 PM   <
0619bfe39560-dmarc-requ...@listserv.ua.edu> wrote:

> Which utility do you use for control statement/input:
> ./ ADD
>
> A jcl for that would be nice too.
>
> ...Embarassed by my lack of memory after 8 years out of this
> envirinment...
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Program to split a jobs output

[Itschak Mugzach]

Try ? In the np column and then xdp for each file!to create them. You may
send them via cssmtp to ibm (if possible) or to yourself and then to ibm

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ג׳, 9 באפר׳ 2024 ב-11:43 מאת גדי בן אבי :

> Hi,
> Today I had to sent a jobs output to IBM to help determine a problem.
> The jobs had 11 sysout datasets, and I wanted to send each one
> individually.
>
> Does anyone know of a program to do this automagically, before I see how
> complicated it would be to write one?
>
> Gadi
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SMP/E

[ITschak Mugzach]

You might use the steplib as the one used to create the One, so it upgrades
to same level. Which is level are you in?

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך שבת, 30 במרץ 2024 ב-1:00 מאת Steely.Mark :

> I recently received this message: GIM58903WSMP/E COULD NOT PROCESS A
> ++HOLD FIXCAT MCS BECAUSE IT WOULD HAVE MADE A CHANGE TO THE GLOBAL ZONE
> THAT
>
>CANNOT BE PROCESSED COMPLETELY BY PRIOR LEVELS OF SMP/E. USE THE
> UPGRADE COMMAND TO ALLOW SMP/E TO MAKE
>
>SUCH CHANGES.
>
> The message says you can execute the upgrade command.  ( I am not sure if
> I can do that without having some type of maintenance applied)
>
> It has been a while since I upgraded SMP/e independently of a Service Pack
> or some other type of installation.
>
> I thought I would just install the new release of SMP/e - for some reason
> I can't find it on ShopzSeries.
>
> I have tried to look all over the internet for the answer, but I always
> gets hits on installing other products using SMP/e.
>
> We are currently at SMP/E 37.13
> Our SMP/E is 2.4 FMID - HMP1K00.
>
> What should I do ?
>
> Thank You
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: TSO ALLOC with/wo unit

[Itschak Mugzach]

I think it is the data in the tso segment.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Wed, Mar 20, 2024 at 4:06 PM Michael Babcock <
05ad4e2d7232-dmarc-requ...@listserv.ua.edu> wrote:

> SMS versus non-SMS?   Esoterics?
>
> On Wed, Mar 20, 2024 at 1:57 AM ITschak Mugzach <
> 05a7ced721d8-dmarc-requ...@listserv.ua.edu> wrote:
>
> > I have a program in Rexx that allocates a dataset using dsname and volume
> > serial (1) . it works well in my shop but requires a unit type (2) in
> > another shop. Actually the error is msg "IKJ56241I SPECIFIED UNIT IS
> > UNDEFINED".
> > Why does 1 work here and fails in another shop?
> >
> >1. ALLOC F(XXX) DA('dsname') VOLUME(volser)
> >2. ALLOC F(XXX) DA('dsname') VOLUME(volser) UNIT(390)
> >
> > ITschak
> >
> > ITschak Mugzach
> > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> > for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: TSO ALLOC with/wo unit

[Itschak Mugzach]

Tx. I forgot this one!

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Wed, Mar 20, 2024 at 12:11 PM Beate Kawelke 
wrote:

> SYSALLDA will also work - see
> https://www.ibm.com/docs/en/zos/2.5.0?topic=up-subparameter-definition-1
>
> -Ursprüngliche Nachricht-
> Von: IBM Mainframe Discussion List  Im Auftrag
> von Itschak Mugzach
> Gesendet: Mittwoch, 20. März 2024 09:54
> An: IBM-MAIN@LISTSERV.UA.EDU
> Betreff: Re: [IBM-MAIN] TSO ALLOC with/wo unit
>
> Agree, but it is common to use the devtype 3390.
>
> *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
> Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
> and IBM I **|  *
>
> *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
> *Skype**: ItschakMugzach **|* *Web**: http://www.securiteam.co.il/  **|*
>
>
>
>
>
> On Wed, Mar 20, 2024 at 10:52 AM Mike Schwab <
> 05962a42dc49-dmarc-requ...@listserv.ua.edu> wrote:
>
> > UNIT is defined in the I/O gen and is customized by each site.  3390,
> > SYSDA, etc may or may not be present.
> >
> > On Wed, Mar 20, 2024 at 1:57 AM ITschak Mugzach
> > <05a7ced721d8-dmarc-requ...@listserv.ua.edu> wrote:
> > >
> > > I have a program in Rexx that allocates a dataset using dsname and
> > > volume serial (1) . it works well in my shop but requires a unit
> > > type (2) in another shop. Actually the error is msg "IKJ56241I
> > > SPECIFIED UNIT IS UNDEFINED".
> > > Why does 1 work here and fails in another shop?
> > >
> > >1. ALLOC F(XXX) DA('dsname') VOLUME(volser)
> > >2. ALLOC F(XXX) DA('dsname') VOLUME(volser) UNIT(390)
> > >
> > > ITschak
> > >
> > > ITschak Mugzach
> > > *|** IronSphere Platform* *|* *Information Security Continuous
> > > Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> > >
> > > 
> > > -- For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO
> > > IBM-MAIN
> >
> >
> >
> > --
> > Mike A Schwab, Springfield IL USA
> > Where do Forest Rangers go to get away from it all?
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: TSO ALLOC with/wo unit

[Itschak Mugzach]

Agree, but it is common to use the devtype 3390.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Wed, Mar 20, 2024 at 10:52 AM Mike Schwab <
05962a42dc49-dmarc-requ...@listserv.ua.edu> wrote:

> UNIT is defined in the I/O gen and is customized by each site.  3390,
> SYSDA, etc may or may not be present.
>
> On Wed, Mar 20, 2024 at 1:57 AM ITschak Mugzach
> <05a7ced721d8-dmarc-requ...@listserv.ua.edu> wrote:
> >
> > I have a program in Rexx that allocates a dataset using dsname and volume
> > serial (1) . it works well in my shop but requires a unit type (2) in
> > another shop. Actually the error is msg "IKJ56241I SPECIFIED UNIT IS
> > UNDEFINED".
> > Why does 1 work here and fails in another shop?
> >
> >1. ALLOC F(XXX) DA('dsname') VOLUME(volser)
> >2. ALLOC F(XXX) DA('dsname') VOLUME(volser) UNIT(390)
> >
> > ITschak
> >
> > ITschak Mugzach
> > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> > for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
> --
> Mike A Schwab, Springfield IL USA
> Where do Forest Rangers go to get away from it all?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: TSO ALLOC with/wo unit

[Itschak Mugzach]

Tx.

I think the answer is in the volume operand (I marked it in red). The
reason I use volume operand is that the source of the dataset information
is APF, where the dataset does not have to be cataloged. If the volume
value is not SMS, I allocate it with the volume information. otherwise I
ignore the volume information (SMS).

ITschak


VOLUME(serial_list)specifies the serial number(s) of an eligible direct
access volume(s) on which a new data set is to reside or on which an old
data set is located. If you specify VOLUME for an old data set, the data
set must be on the specified volume(s) for allocation to take place. If you
do not specify VOLUME, new data sets are allocated to any eligible direct
access volume. Eligibility is determined by the UNIT information in your
procedure entry in the user attribute data set (UADS). You can specify up
to 255 volume serial numbers.

With SMS, the VOLUME operand is not suggested. The system determines the
UNIT and VOLUME from the storage class (STORCLAS operand) associated with
the data set. If SMS does not manage the data set and you want to allocate
a data set to a *specific* volume, explicitly specify VOLUME.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Wed, Mar 20, 2024 at 10:44 AM Leonard D Woren 
wrote:

> Specifying VOLUME more or less always requires specification of UNIT.
> Ignoring SMS altering the historic behavior, there is a "default
> unitname" associated with each userid.  For ALLOC VOL to work without
> UNIT, the VOL specified must be within the set of devices covered by
> that default unitname.
>
> I think it doesn't matter that it's an existing data set.
>
> Why are you specifying VOL for an existing data set???
>
> /Leonard
>
>
> Itschak Mugzach wrote on 3/20/2024 1:28 AM:
> > GAdi,
> >
> > Does this rule apply to existing datasets? The allocation request was for
> > existing datasets not new.
> >
> > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
> > Platform* *|* *Information Security Continuous Monitoring for Z/OS,
> zLinux
> > and IBM I **|  *
> >
> > *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404
> **|*
> > *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*
> >
> >
> >
> >
> >
> > On Wed, Mar 20, 2024 at 9:17 AM Gadi Ben-Avi  wrote:
> >
> >> As far as I know, If you do not specify a UNIT Type, it will look for
> >> volumes that are STORAGE.
> >> If there aren't any, the allocation will fail.
> >>
> >> -Original Message-
> >> From: IBM Mainframe Discussion List  On
> Behalf
> >> Of ITschak Mugzach
> >> Sent: יום ד 20 מרץ 2024 08:57
> >> To: IBM-MAIN@LISTSERV.UA.EDU
> >> Subject: TSO ALLOC with/wo unit
> >>
> >> [Some people who received this message don't often get email from
> >> 05a7ced721d8-dmarc-requ...@listserv.ua.edu. Learn why this is
> >> important at https://aka.ms/LearnAboutSenderIdentification ]
> >>
> >> I have a program in Rexx that allocates a dataset using dsname and
> volume
> >> serial (1) . it works well in my shop but requires a unit type (2) in
> >> another shop. Actually the error is msg "IKJ56241I SPECIFIED UNIT IS
> >> UNDEFINED".
> >> Why does 1 work here and fails in another shop?
> >>
> >> 1. ALLOC F(XXX) DA('dsname') VOLUME(volser)
> >> 2. ALLOC F(XXX) DA('dsname') VOLUME(volser) UNIT(390)
> >>
> >> ITschak
> >>
> >> ITschak Mugzach
> >> *|** IronSphere Platform* *|* *Information Security Continuous
> Monitoring
> >> for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> >>
> >> --
> >> For IBM-MAIN subscribe / signoff / archive access instructions, send
> email
> >> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >>
> >> --
> >> For IBM-MAIN subscribe / signoff / archive access instructions,
> >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >>
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: TSO ALLOC with/wo unit

[Itschak Mugzach]

GAdi,

Does this rule apply to existing datasets? The allocation request was for
existing datasets not new.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Wed, Mar 20, 2024 at 9:17 AM Gadi Ben-Avi  wrote:

> As far as I know, If you do not specify a UNIT Type, it will look for
> volumes that are STORAGE.
> If there aren't any, the allocation will fail.
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of ITschak Mugzach
> Sent: יום ד 20 מרץ 2024 08:57
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: TSO ALLOC with/wo unit
>
> [Some people who received this message don't often get email from
> 05a7ced721d8-dmarc-requ...@listserv.ua.edu. Learn why this is
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> I have a program in Rexx that allocates a dataset using dsname and volume
> serial (1) . it works well in my shop but requires a unit type (2) in
> another shop. Actually the error is msg "IKJ56241I SPECIFIED UNIT IS
> UNDEFINED".
> Why does 1 work here and fails in another shop?
>
>1. ALLOC F(XXX) DA('dsname') VOLUME(volser)
>    2. ALLOC F(XXX) DA('dsname') VOLUME(volser) UNIT(390)
>
> ITschak
>
> ITschak Mugzach
> *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> for z/OS, x/Linux & IBM I **| z/VM coming soon  *
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

TSO ALLOC with/wo unit

[ITschak Mugzach]

I have a program in Rexx that allocates a dataset using dsname and volume
serial (1) . it works well in my shop but requires a unit type (2) in
another shop. Actually the error is msg "IKJ56241I SPECIFIED UNIT IS
UNDEFINED".
Why does 1 work here and fails in another shop?

   1. ALLOC F(XXX) DA('dsname') VOLUME(volser)
   2. ALLOC F(XXX) DA('dsname') VOLUME(volser) UNIT(390)

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: GIMAPI returned buffer size limit

[Itschak Mugzach]

Sure. The Interface to GIMAPU is an assembler program called by a rexx
program. The assembler program creates stem variables with the results from
the call. The Query is for:
MVS.GLOBAL.CSI
GLOBAL (zone)
SYSMOD (entry)
ENAME,SOURCEID,SMODTYPE (sub entry)
SOURCEID='PUT2312'  (filter)

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Thu, Mar 14, 2024 at 2:34 PM Kurt Quackenbush  wrote:

> > Does GIMAPI have a storage limitation, and if so, can it be controlled
> by the program?
>
> GIMAPI does not have a storage limit which can be easily controlled by the
> caller.  It will gobble up as much 31-bit storage as it needs to return the
> requested information, limited only by REGION size or similar factors.  If
> GIMAPI can not get enough storage to satisfy the request it returns an
> error.
>
> Can you describe in more detail the behavior you find questionable?  What
> is your query and which zones/entries/subentries are not being returned?
>
> Kurt Quackenbush
> IBM  |  z/OS SMP/E and z/OSMF Software Management  |  ku...@us.ibm.com
>
> Chuck Norris never uses CHECK when he applies PTFs.
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

GIMAPI returned buffer size limit

[ITschak Mugzach]

We are using the GIMAPU (SMP) to retrieve data from SMP. We noticed that
not all of the data conform with the conditions specified are returned. At
the end of the query command, we perform a FREE command to free the storage
occupied by the QUERY call.

The problem is easy to identify when querying for SYSMOD entry.

Does GIMAPI have a storage limitation, and if so, can it be controlled by
the program?

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Rexx numeric digits and scientific notation question

[Itschak Mugzach]

Charles,

Tried it with 20, 12 and 11 numeric digits. All returned the correct number
(7730208). Your problem may be related to numeric FORM.

Best,
ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Tue, Mar 12, 2024 at 7:29 PM Charles Mills  wrote:

> In a Rexx program I start out by executing NUMERIC DIGITS 15 (and I have
> also tried 11 and 13 and gotten the same result).
>
> For 8947 * 864 I am getting a result of 7.73020800E+10 rather than the
> desired 7730208.
>
> Is this to be expected? I interpret the Rexx documentation as saying that
> a result is only converted to scientific notation when it exceeds NUMERIC
> DIGITS.
>
> Where am I going wrong? Or more to the point, how do I get the desired
> result?
>
> (Why do I care? I am subsequently going to add a relatively small number
> to the product and don't want to lose low-order digits.)
>
> I tried using FORMAT but unless I use it in every subsequent calculation
> Rexx goes back to scientific notation and I lose low order digits.
>
> Thanks,
> Charles
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

[ITschak Mugzach]

I think that SMF itself is not sufficient for security alerts. Only part of
the activity is recorded and the event is not understood by the auditors. A
good example is adding a dataset to APF by a sysprog. He got a call the
first time, saying this is his day job, second call, but as the wolf and
the shepherd,  they will white list the event. However, such change has
side effects on security. For example, the dataset is not properly
protected and can be used by others.
Many MVS commands allow change of system configuration on the fly and,
again, are not visible to SMF. In general, I think SIEM is nice to have,
but you need to have a more accurate solution that goes directly to SOC
telling the event and how it affects security by creating new attack
vectors.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Wed, Mar 6, 2024 at 6:02 PM Charles Mills  wrote:

> I of course saw first-hand a lot of mainframe -> SIEM or Splunk
> integrations, and they ran the gamut. Some were as you describe; some were
> quite effective. The worst I saw was one company that was printing an SMF
> report to spool, using a mainframe product to convert the spooled report to
> a PDF, and sending it to the SIEM, which dutifully archived it. Made the
> auditors happy: mission accomplished. On the other hand, believe me, there
> were customers doing truly amazing "production" and ad hoc analyses both of
> security and performance data, using Splunk and other tools. (Recall I have
> no financial or similar interest in BMC, Splunk, or anything similar.)
> Splunk is not my favorite product -- the company was extremely difficult to
> deal with and the product is expensive to license, but it is an AMAZING
> product and many customers and customer people absolutely LOVE it. (That of
> course is why they are able to charge what they charge.)
>
> I was personally on a Zoom call with a very major financial institution
> that you would recognize in a heartbeat, doing a product new-feature demo,
> when we caught an intruder in the mainframe, real time. It was a contractor
> who was authorized to be on the mainframe but who had managed to improperly
> elevate his privileges to SPECIAL. it was an amazing moment, going from
> routine vendor product demo to "what the heck is HE doing -- hey, we gotta
> go."
>
> I was not aware of all of the exact details but our processing in
> conjunction with a SIEM was instrumental in uncovering a money-laundering
> scheme at a large bank in Mexico.
>
> My main interest was the security stuff, but yes, customers are doing very
> effective analysis of RMF and similar data. You are making a mistake if you
> discount the effectiveness of industry-standard tools in analyzing
> mainframe data.
>
> Charles
>
> On Wed, 6 Mar 2024 15:26:47 +, kekronbekron <
> kekronbek...@protonmail.com> wrote:
>
> >Exactly. I have my reservations on whether we as mainframe folks are
> choosing this (log analytics products) or are defaulting to it because no
> one is challenging for appropriate options from the mainframe technical
> side.
> >For an org, there is of course the valid point of correlation that
> Charles mentions, however, if you objectively work out costs and that, I
> don't think it works out as cost-effective.
> >
> >We may see kubernetes platforms sending auth logs, syslog, and whatever
> else to log analytics, but they don't send system metrics.
> >Time-series data is a different beast altogether. However much
> elastic/splunk/whoever else says they also do metrics, they're only
> secondary features at best.
> >There's a reason time-series databases exist, and are necessary.
> >
> >
> >
> >On Wednesday, March 6th, 2024 at 20:48, Dave Beagle <
> 0525eaef6620-dmarc-requ...@listserv.ua.edu> wrote:
> >
> >> We used Splunk at a former employer. Well, not really used it. An
> auditor “suggested” we implement it to “improve” our mainframe security.
> The auditor knew nothing about mainframe security. Likely read about Splunk
> somewhere or saw a session on it at a conference. And of course the topic
> of “security” is at the top of the heap among executives who wouldn’t know
> Top Secret from ACF2 from RACF. Especially when they hear that other
> companies are being hacked or blackmailed in the media nearly every day.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: PCOM Question

[ITschak Mugzach]

Gadi,

The name is PCOMM. Did you copy (or edit) the keyboard map)?

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Mar 7, 2024 at 8:13 AM Gadi Ben-Avi  wrote:

> Hi,
> I upgraded from PCOM v13.0.1 to v 13.0.7.
> When I press ENTER, there is no indication in the OIA.
> How do I enable this?
>
> Thanks
>
> Gadi
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ZOS Sending Logs to Sumologic Experience?

[ITschak Mugzach]

Technically, it is not an issue. You can send everything using Rexx (I can
supply a sample for syslog). The main issue is converting the input to a
format familiar to the syslog parser. In my code I use CEF.

So, what are your input sources?

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ב׳, 4 במרץ 2024 ב-20:43 מאת Steve Estle <
05dcac13570d-dmarc-requ...@listserv.ua.edu>:

> All,
>
> We are embarking on an endeavor to explore sending logics to a tool called
> Sumologic(sumologic.com).  For those who are unaware, Sumologic is a
> competitor to Splunk and contains a very powerful real time log parsing
> analytics engine which can be used to build dashboards, alerts, and more.
> My basic question is has anyone heard of or actually been involved in
> devising ways to send ZOS logs into Sumalogic - our initial efforts will be
> security related, but for now am just asking if anyone has any experience
> in this realm at all?  Or maybe you are doing something similar to Splunk?
> If so, you can post in forum or feel free to reach directly out to me:
>
> Thanks much,
>
> Steve Estle
> sest...@gmail.com
> 303-817-9954
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Understanding, Language and Comminication

[Itschak Mugzach]

It is an inappropriate statement.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ג׳, 27 בפבר׳ 2024 ב-22:17 מאת Gibney, Dave <
03b5261cfd78-dmarc-requ...@listserv.ua.edu>:

> I believe it was explicitly stated some years ago, but it is clear that
> English is not Mr. Reichman's native language. He doesn't catch many
> nuances. I suspect there may also be some issues that are sometimes
> described as location on the spectrum.
>
> I also think it unfortunate (but understandable) that legal concerns keep
> the very helpful IBM people like Peter from directly looking at CBT files,
> forcing them to derive context from incomplete questions like this and
> other threads.
>
> > > Thanks and I apologize if sone of my posts made it seem like I wasn’t
> > > listening to what you were telling me
> >
> > Joseph, you missed Peter's point. Clearly you don't understand this is
> not
> > about "seems like". By ignoring several clarification requests, you
> caused lots
> > of confusing posts because you forced false speculation that would have
> been
> > avoided by the clarifications. Everyone is wasting their time reading
> irrelevant
> > posts (not just the poster) because you couldn't be bothered to respond.
> Do
> > you not consider this rude?
> >
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Question

[ITschak Mugzach]

Same here on Mac. One drive is a pain...

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ג׳, 20 בפבר׳ 2024 ב-21:28 מאת Steve Thompson :

> Yes. If you go this route, and you have your own file server(s)
> and backup systems, the first thing you do is uninstall ONEDRIVE.
>
> You may find that after doing this, you may have issues with Word
> and XL. (we did with W10)
>
> If you do not, it will back up various folders to the M/S cloud.
> And I think once you cross the limit (not sure what it is), you
> may start getting billed by M/$ for space for all your data it is
> backing up for you.
>
> Steve Thompson
>
> On 2/20/2024 1:36 PM, Steve Beaver wrote:
> > I have run MS Office 2010 for years.
> >
> >
> >
> > Has anyone in the group Subscribed to Office 365 since there is
> >
> > No more MS Office.  I also have my own domain for email
> >
> >
> >
> > Thanks
> >
> >
> >
> > Steve
> >
> >
> >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tn3270 back door

[Itschak Mugzach]

Paul,
That what I was suggesting. Switching a console to a local non sna
terminal. There are many ways to handle the certificate issue, one is
extending its expiration date.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ו׳, 16 בפבר׳ 2024 ב-18:41 מאת Paul Feller <
05aa34d46684-dmarc-requ...@listserv.ua.edu>:

> This is why I have setup a few 3270 sessions for each lpar in the OSA-ICC
> environment.  That was my back door into the lpars if something went wrong
> with TCPIP/TN3270 and associated stuff.  As for updating the cert I'm sorry
> I can't help with that.  That type of activity is handled by only a small
> group of people and I was not part of that group.
>
> If you have session manager running on another lpar that allows cross
> access to the test lpar, I think that might bypass the whole cert stuff.
> Not 100% sure about it.
>
> Good luck getting things fixed.
>
> Paul
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Keith Gooding
> Sent: Friday, February 16, 2024 8:36 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Tn3270 back door
>
> My understanding is that a policy agent refresh only reloads the
> definitions if something has changed in the policy. I have certainly had a
> problem when a keyring had been changed - policy agent did not recognise a
> change so the cached keyring remains. The solution was to increment the
> connection instance value in the policy before the refresh. Have you tried
> restarting pagent ?
>
> Keith
>
> > On 16 Feb 2024, at 10:54, James Cradesh <
> 05a6576c6fa2-dmarc-requ...@listserv.ua.edu> wrote:
> >
> > I’m locked out of my test lpar.  The ssl cert expired.  A new cert was
> uploaded but the tn3270 doesn’t see it. I did refresh Pagent but it didn’t
> help.  How do you get around this situation?  Is there a way to enable the
> non ssl port?
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tn3270 back door

[ITschak Mugzach]

try changing one of the consoles to 3270 local and login from there.

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Fri, Feb 16, 2024 at 1:19 PM Styles, Andy (CIO GS - Core
Infrastructure & IT Operations ) <
00d68f765d25-dmarc-requ...@listserv.ua.edu> wrote:

> Classification: Public
>
> What about zOSMF or ssh?
>
> Andy Styles
> z/Series Systems Programmer
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of James Cradesh
> Sent: Friday, February 16, 2024 10:55 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Tn3270 back door
>
> [Some people who received this message don't often get email from
> 05a6576c6fa2-dmarc-requ...@listserv.ua.edu. Learn why this is
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> *** This email is from an external source - be careful of attachments and
> links. Please report suspicious emails ***
>
> I'm locked out of my test lpar.  The ssl cert expired.  A new cert was
> uploaded but the tn3270 doesn't see it. I did refresh Pagent but it didn't
> help.  How do you get around this situation?  Is there a way to enable the
> non ssl port?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ.
> Registered in Scotland no. SC95000. Telephone: 0131 225 4555.
>
> Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN.
> Registered in England and Wales no. 2065. Telephone 0207626 1500.
>
> Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ.
> Registered in Scotland no. SC327000. Telephone: 03457 801 801.
>
> Lloyds Bank Corporate Markets plc. Registered office: 25 Gresham Street,
> London EC2V 7HN. Registered in England and Wales no. 10399850.
>
> Scottish Widows Schroder Personal Wealth Limited. Registered Office: 25
> Gresham Street, London EC2V 7HN. Registered in England and Wales no.
> 11722983.
>
> Lloyds Bank plc, Bank of Scotland plc and Lloyds Bank Corporate Markets
> plc are authorised by the Prudential Regulation Authority and regulated by
> the Financial Conduct Authority and Prudential Regulation Authority.
>
> Scottish Widows Schroder Personal Wealth Limited is authorised and
> regulated by the Financial Conduct Authority.
>
> Lloyds Bank Corporate Markets Wertpapierhandelsbank GmbH is a wholly-owned
> subsidiary of Lloyds Bank Corporate Markets plc. Lloyds Bank Corporate
> Markets Wertpapierhandelsbank GmbH has its registered office at
> Thurn-und-Taxis Platz 6, 60313 Frankfurt, Germany. The company is
> registered with the Amtsgericht Frankfurt am Main, HRB 111650. Lloyds Bank
> Corporate Markets Wertpapierhandelsbank GmbH is supervised by the
> Bundesanstalt für Finanzdienstleistungsaufsicht.
>
> Halifax is a division of Bank of Scotland plc.
>
> HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in
> Scotland no. SC218813.
>
>
>
> This e-mail (including any attachments) is private and confidential and
> may contain privileged material. If you have received this e-mail in error,
> please notify the sender and delete it (including any attachments)
> immediately. You must not copy, distribute, disclose or use any of the
> information in it or any attachments. Telephone calls may be monitored or
> recorded.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SRCHFOR vs OPT 3.14

[Itschak Mugzach]

Tx. I changed it. seems to work.

Best,
ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Thu, Feb 1, 2024 at 7:14 AM Bruce Hewson <
0499d3d5e892-dmarc-requ...@listserv.ua.edu> wrote:

> Hello ITschak,
>
> I made sure that Mixed Mode and Any case are set. That seems to make it
> find everything:-
>
> | Select Process  Search  Search  Select
> Display
> | Options with /  MigratedExcludedOptions with
> /
> | /  Mixed Mode   1  1. None  3  1. Excluded View
> output
> | /  Any case2. First level  2. Non-excluded Exclude
> not
> |ASCII   3. All  3. Both found
>
> | Command ===>
>
>
> +---------
>
> On Wed, 31 Jan 2024 11:03:34 +0200, ITschak Mugzach 
> wrote:
>
> >I noticed that strings that are not found by srchfor command are found by
> >opt 3.14. Is there any customization needed for srchfor to work properly?
> >
> >ITschak Mugzach
> >*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> >for z/OS, x/Linux & IBM I **| z/VM coming soon  *
>
> Regards
> Bruce
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

SRCHFOR vs OPT 3.14

[ITschak Mugzach]

I noticed that strings that are not found by srchfor command are found by
opt 3.14. Is there any customization needed for srchfor to work properly?

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Masking SMF data internally

[Itschak Mugzach]

At the end, you mask specific fields (which are defined in records). The
method I offered is generic. The data for this logic is unstructured, and
the translation purpose is to identify possible texts and numbers the user
might wish to hide. A loop of TRANSLATE, VERIFY and OVERLAY does need
structured data.
Indeed, the OP didn't supply much info.
ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Tue, Jan 23, 2024 at 11:45 AM Radoslaw Skorupka <
0471ebeac275-dmarc-requ...@listserv.ua.edu> wrote:

> You talk about fields.
> However user see records, not fields. Various records.
> Manual editing single records with known fields is easy, however mass
> change can be risky.
> Note: as usually *we don't know* what is the author's need. IMHO this is
> the least active person in this thread.
> Without that we can only guess, assume or create very generic models.
>
>
> Regards
> --
> Radoslaw Skorupka
> Lodz, Poland
>
>
>
>
> W dniu 22.01.2024 o 17:24, ITschak Mugzach pisze:
> > You can mask any character or external decimal field by using translate
> > everything but a-z and 0 to 9 and check for minimum length (say, not less
> > than three characters) in order not to convert hex data. Now find the
> > positions and mask the original record. This way you do not care for the
> > actual value in the field or record type.
> >
> > ITschak
> >
> >
> >
> > ITschak Mugzach
> > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> > for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> >
> >
> >
> >
> > On Mon, Jan 22, 2024 at 5:50 PM Willy Jensen
> > wrote:
> >
> >> Most SMF records can be copied to a normal VB dataset. As I recall, only
> >> one or two CICS records were really that big (or perhaps it is DB2, it's
> >> been a while)? Anyway, you can select the record types that you need and
> >> the use SORT to convert to normal VB.
> >>
> >>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Masking SMF data internally

[ITschak Mugzach]

You can mask any character or external decimal field by using translate
everything but a-z and 0 to 9 and check for minimum length (say, not less
than three characters) in order not to convert hex data. Now find the
positions and mask the original record. This way you do not care for the
actual value in the field or record type.

ITschak



ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Mon, Jan 22, 2024 at 5:50 PM Willy Jensen 
wrote:

> Most SMF records can be copied to a normal VB dataset. As I recall, only
> one or two CICS records were really that big (or perhaps it is DB2, it's
> been a while)? Anyway, you can select the record types that you need and
> the use SORT to convert to normal VB.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Masking SMF data internally

[ITschak Mugzach]

It is a span record format probably. Rexx can read it,  it you need to be
more careful by identifying text fields. I have done that with dump
masking. Maybe I still have the code

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום א׳, 21 בינו׳ 2024 ב-8:43 מאת Jake Anderson <
justmainfra...@gmail.com>:

> I am not even able to browse
>
> It says 'Invalid record length'. I tried setting the block size and LRECL
> but by default it takes as
>
> Record length': 32767
> Block size : 32760
>
> On Sun, Jan 21, 2024, 10:26 AM ITschak Mugzach  wrote:
>
> > Are these files machine or human readable? As you can edit them, I
> believe
> > they are human readable and no Hex data inside. If so, write a rexx to
> > translate everything a-z to blanks and write back.
> >
> > ITschak
> >
> > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
> > Platform* *|* *Information Security Continuous Monitoring for Z/OS,
> zLinux
> > and IBM I **|  *
> >
> > *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404
> **|*
> > *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*
> >
> >
> >
> >
> >
> > בתאריך יום א׳, 21 בינו׳ 2024 ב-7:59 מאת Jake Anderson <
> > justmainfra...@gmail.com>:
> >
> > > Hello
> > >
> > > We have a requirement of sharing our SMF data to vendor for a sizing
> > > operation of our hardware connected to our mainframe
> > >
> > >
> > > Our organization has a policy of masking the critical values before
> > sharing
> > > it. I see SMF datasets are are editable from ISPF.
> > >
> > > Is there a way or someone has undergone this exercise of masking the
> > > confidential values inside SMF output Dataset?
> > >
> > > Please advise
> > >
> > > Jake
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Masking SMF data internally

[ITschak Mugzach]

Are these files machine or human readable? As you can edit them, I believe
they are human readable and no Hex data inside. If so, write a rexx to
translate everything a-z to blanks and write back.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום א׳, 21 בינו׳ 2024 ב-7:59 מאת Jake Anderson <
justmainfra...@gmail.com>:

> Hello
>
> We have a requirement of sharing our SMF data to vendor for a sizing
> operation of our hardware connected to our mainframe
>
>
> Our organization has a policy of masking the critical values before sharing
> it. I see SMF datasets are are editable from ISPF.
>
> Is there a way or someone has undergone this exercise of masking the
> confidential values inside SMF output Dataset?
>
> Please advise
>
> Jake
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Another Getting away from the mainframe tale

[ITschak Mugzach]

Langsam langsam aber sicher... I saw that here in Israel. It take on a
stage of 15 years.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ו׳, 19 בינו׳ 2024 ב-21:40 מאת Steve Beaver <
050e0c375a14-dmarc-requ...@listserv.ua.edu>:

> I was up in Seattle at Pemco insurance.  They made the decision to leave
> the mainframe
> In 1995,
>
> Well its 2022 and they are still on the mainframe
>
>
>
> Regards,
>
>
> Steve
>
>
> Steve Thompson
>
> On 1/19/2024 1:42 PM, Tim Ribble wrote:
> > Greetings all,
> >
> > Haven't posted here in quite some time but I thought it'd be fun to post
> > another "getting off the mainframe" story.  Been working for the City of
> > San Antonio for 25 years now.  I started as part of the mainframe staff
> and
> > that was my primary function until 2009 when it was decided to move away
> > from the mainframe.  In the intervening years, my primary function moved
> to
> > storage/backup systems which made sense for me since I dealt heavily with
> > storage/backup operations on the mainframe and HDS storage.  We were
> > supposed to be off the mainframe by 30 Sep 2012 but here we are in 2024
> and
> > it's still running production applications.  It's just a handful but
> > they're critical.  So here I am maintaining both a z/890 & HDS USP-V with
> > no IBM or Hitachi support (just hardware support contracts from third
> party
> > vendors).  I'm now hearing we'll be off of it by Nov of this year.  You
> > think I'm going to hold my breath?  I may actually retire before it's
> > gone.  Anyway, I just thought this audience may be amused by this.
> >
> > Cheers all,
> >
> > Tim
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: I hate to be a pain (Cross-Posted)

[ITschak Mugzach]

Rick,

You blond the messenger. STIGs are developed by DISA. We only automate the
process. This is why I am very familiar with the STIG rules.
Btw, unix file system is less understood and maintained by the mainframe
security teams, so the risk is built in uss security (if you do not use
external security for this).

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ה׳, 18 בינו׳ 2024 ב-15:53 מאת Rick Troth :

> On 1/18/24 02:53, ITschak Mugzach wrote:
> > see below the relevant STIG (V8r11)- TSS0-ES-000100:
> >
> > IBM z/OS for PKI-based authentication must use ICSF or the ESM to store
> > keys.
>
>
> Why?
> (And I realize that YOU are not making this up, so don't take any
> challenge personally.)
>
>
> > Any keys or Certificates must be managed in ICSF or the external security
> > manager and not in UNIX files.
>
>
> Here too, why?
>
> I found the following, but with no rationale or justification for the
> above mandates.
>
> https://www.stigviewer.com/stig/ibm_zos_tss/2021-03-30/finding/V-223883
>
> "If the private key is discovered, an attacker can use the key to
> authenticate as an authorized user and gain access to the network
> infrastructure. The cornerstone of the PKI is the private key used to
> encrypt or digitally sign information. If the private key is stolen,
> this will lead to the compromise of the authentication and
> non-repudiation gained through PKI because the attacker can use the
> private key to digitally sign documents and pretend to be the authorized
> user. Both the holders of a digital certificate and the issuing
> authority must protect the computers, storage devices, or whatever they
> use to keep the private keys."
>
> I was going to breaking that down in this note for sake of
> understanding, but that would be tedious.
> Instead I'll cut to the chase: _none of the above identifies a problem
> with keys residing in USS_. The statement correctly indicates the need
> to protect the private key, but stops short of evaluating means of
> protection.
>
> What is the risk? discovery of the private key.
>
> Can that happen with USS? yes (that's an area I am very familiar with)
>
> Can that happen with ICSF? you tell me (but I'll wager yes)
>
> Can that happen with an ESM? you tell me (same)
>
> Because of my familiarity with USS and things like it, combined with the
> common techniques used there and in other systems, it appeals to me.
> That's both subjective (personal) and objective (common techniques and
> methods, win/win).
>
> Observation:
> EVERY DAY I find doors closing on existing security methods in favor of
> obscure alternatives.
> The reasoning seems to be that attackers know the familiar routes and
> therefore the familiar routes must be avoided.
> That reasoning does not scale, and Wirth's law comes into play:
> "software is getting slower more rapidly than hardware becomes faster".
>
> Someone should expound on why ICSF or ESM is actually better or I'm
> calling BS on this.
>
> -- R; <><
>
>
> > ITschak Mugzach
> > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> > for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> >
> >
> >
> >
> > On Wed, Jan 17, 2024 at 11:22 PM Phil Smith III  wrote:
> >
> >> Itschak Mugzach wrote:
> >>> The STIG does not allow a uss keystore.
> >> Ummmkay? I see no mention of a STIG here. But as I said, I'm even
> SWAGging
> >> what he really wants/needs.
> >>
> >>
> >> --
> >> For IBM-MAIN subscribe / signoff / archive access instructions,
> >> send email tolists...@listserv.ua.edu  with the message: INFO IBM-MAIN
> >>
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email tolists...@listserv.ua.edu  with the message: INFO IBM-MAIN
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: I hate to be a pain (Cross-Posted)

[ITschak Mugzach]

see below the relevant STIG (V8r11)- TSS0-ES-000100:

IBM z/OS for PKI-based authentication must use ICSF or the ESM to store
keys.

Any keys or Certificates must be managed in ICSF or the external security
manager and not in UNIX files.

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Wed, Jan 17, 2024 at 11:22 PM Phil Smith III  wrote:

> Itschak Mugzach wrote:
> >The STIG does not allow a uss keystore.
>
> Ummmkay? I see no mention of a STIG here. But as I said, I'm even SWAGging
> what he really wants/needs.
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SMPE HOLDDATA - when received?

[ITschak Mugzach]

Does gimapi has access to this data?

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ד׳, 17 בינו׳ 2024 ב-22:36 מאת Kurt Quackenbush :

> > How can I check the date of HOLDDATA in my SMPE CSI?
>
> Examining the SMPLOG as already mentioned is one option.
>
> Another:  SMP/E does maintain the date each ++HOLD statement was received,
> but it does not expose it, not even in the CSI Query API.  However, z/OSMF
> Software Management has two reports which query the HOLDDATA and both
> expose that date.  So, if you define a Software Instance for your installed
> software you can perform the Maintenance Reports -> Missing Critical
> Service or Missing FIXCAT SYSMODs actions.  The resulting reports contain a
> "HOLDDATA Received" column indicating the most recent date ERROR or FIXCAT
> HOLDDATA was received into the global zone.
>
> Kurt Quackenbush
> IBM  |  z/OS SMP/E and z/OSMF Software Management  |  ku...@us.ibm.com
>
> Chuck Norris never uses CHECK when he applies PTFs.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: I hate to be a pain (Cross-Posted)

[Itschak Mugzach]

Phil

The STIG does not allow a uss keystore.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ד׳, 17 בינו׳ 2024 ב-22:47 מאת Phil Smith III :

> If you mean certificates for TLS, the USS gskkyman utility is great for
> testing/verification. Nothing wrong with it for production, but most sites
> in my experience are happier with the certs in SAF (RACF/ACF2/TSS) for
> production. The beauty of gskkyman is that it's isolated AND discrete. With
> SAF you can screw other folks up and/or think you have it working correctly
> when you don't. With gskkyman you can create a database containing just the
> certificate(s) you think you need and verify that they work, then move them
> to SAF.
>
>
>
> gskkyman operates via a series of prompts, so it's pretty easy to use:
>
> *   Get the certificate in a USS file, preferably as a Base64-encoded
> file (doesn't have to be, just easier to say "Yep, that looks like a
> certificate")
> *   Go into gskkyman and import it
> *   Point the application truststore at the gskkyman database and test
>
>
>
> Obviously I'm making a bunch of assumptions about what you're doing in the
> above, so none of it may apply.
>
>
>
> ...phsiii
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Opinion

[ITschak Mugzach]

I use curved monitor standing on a stand sit desk. And a folded treadmill,
so I can walk while programming...


*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ב׳, 15 בינו׳ 2024 ב-22:52 מאת Steve Thompson :

> Opinions in general:
>
> Having used a 4K 43" flat TV/monitor and having had access to a
> curved monitor once, I'd go curved every time the $$$ were
> available for such a device.
>
> Note: I have a 8' wide desk that is ~3' "deep". So a 43" monitor
> sits on the back edge of the desk, center. I sometimes have to
> move my chair left-right because of the lack of curvature. So my
> opinion is, for that wide, curved is best.
>
> Generally, because of work I've done, two of these wide curved
> monitors side by side is better than 1 43" and 3 30-ish inch
> monitors. But you have to make sure your GPU of the computer
> driving these has the horsepower to handle it.
>
> I also suggest you get a mount that will attach to your
> desk/table so you can reclaim real estate as the monitor will sit
> within a few inches of the top of your desk/table. Which may take
> up room for manuals, or whatever else you need for working.
>
>  From my experience, make sure you have long enough cables so you
> can go from computer to monitor, without cables crossing your
> desk and if at all possible go wireless via a KVM switch from a
> single keyboard/mouse to any other system you need to have
> keyboard mouse for.
>
> My 2 cents.
>
> Steve Thompson
>
> On 1/15/2024 12:32 PM, Steve Beaver wrote:
> > Does anyone have an opinion on
> >
> >
> >
> > LG - 49" IPS LED Curved UltraWide Dual QHD 144Hz FreeSync and G-SYNC
> > Compatible Monitor with HDR (HDMI, DisplayPort, USB) - Black
> >
> >
> >
> >
> >
> > Steve Beaver
> >
> >
> >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> Regards, Steve Thompson
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Opinion

[Itschak Mugzach]

I use curved monitor standing on a stand sit desk. And a folded treadmill,
so I can walk while programming...

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ב׳, 15 בינו׳ 2024 ב-22:52 מאת Steve Thompson :

> Opinions in general:
>
> Having used a 4K 43" flat TV/monitor and having had access to a
> curved monitor once, I'd go curved every time the $$$ were
> available for such a device.
>
> Note: I have a 8' wide desk that is ~3' "deep". So a 43" monitor
> sits on the back edge of the desk, center. I sometimes have to
> move my chair left-right because of the lack of curvature. So my
> opinion is, for that wide, curved is best.
>
> Generally, because of work I've done, two of these wide curved
> monitors side by side is better than 1 43" and 3 30-ish inch
> monitors. But you have to make sure your GPU of the computer
> driving these has the horsepower to handle it.
>
> I also suggest you get a mount that will attach to your
> desk/table so you can reclaim real estate as the monitor will sit
> within a few inches of the top of your desk/table. Which may take
> up room for manuals, or whatever else you need for working.
>
>  From my experience, make sure you have long enough cables so you
> can go from computer to monitor, without cables crossing your
> desk and if at all possible go wireless via a KVM switch from a
> single keyboard/mouse to any other system you need to have
> keyboard mouse for.
>
> My 2 cents.
>
> Steve Thompson
>
> On 1/15/2024 12:32 PM, Steve Beaver wrote:
> > Does anyone have an opinion on
> >
> >
> >
> > LG - 49" IPS LED Curved UltraWide Dual QHD 144Hz FreeSync and G-SYNC
> > Compatible Monitor with HDR (HDMI, DisplayPort, USB) - Black
> >
> >
> >
> >
> >
> > Steve Beaver
> >
> >
> >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> Regards, Steve Thompson
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Technical Reason? - Why you can't encrypt load libraries (PDSE format)?

[ITschak Mugzach]

I think that another major consideration not to encrypt programs is
performance. Racf exits, for example, are not getting control of program
calls. Pervasive encryption is done in bulks, programs may be called
thousands of time during data processing.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום א׳, 14 בינו׳ 2024 ב-1:38 מאת Seymour J Metz :

> Off course they're files; they just aren't in EUnix file systems. Part of
> the file contents for load modules is in the directory entries, and Fetch
> relies on those data. As for program objects, if I  knew they'd have to
> shoot me; I don't have FAMS.
>
> The issue on STEPLIB is simply that IBM doesn't see a business case to
> support it. Part of that support would be an update to APF and program
> control for paths. Would you want individual executables in STEPLIB, or
> only directories? RFE?
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
> 
> From: IBM Mainframe Discussion List  on behalf
> of Paul Gilmartin <042bfe9c879d-dmarc-requ...@listserv.ua.edu>
> Sent: Saturday, January 13, 2024 1:57 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Technical Reason? - Why you can't encrypt load libraries
> (PDSE format)?
>
> On Sat, 13 Jan 2024 18:06:24 +0100, Radoslaw Skorupka  wrote:
>
> >I can imagine technical reason to not encrypt such libraries.
> >However encryption is a kind of data protection. Data. Not programs.
> >
> But some load modules/program objects aren't really files.  As Ifond
> out to my dismay as a novice when I tried to use IEBGENER to copy
> a load module to a different PDS.
>
> But UNIX program objects are "really files".  "cp -p" works on then.
>
> But content Supervision relies heavily on the elaborate format.  Part
> of the reason that UNIX directories don't work in STEPLIB
> concatenation.  (Idea?)
>
> What about Format preserving encryption?
>
> Should the directory be encrypted likewise?
>
> What about driver-level encryption of virtual DASD?
>
> Unload it and encrypt the archive?
>
> What authority should be needed to use an encrypted program?
>
>
> >W dniu 13.01.2024 o 17:28, Steve Estle pisze:
> >> Everyone,
> >>
> >> Our team is knee deep into pervasive encryption rollout on ZOS 2.5 and
> despite the fact such functionality has been out for years by IBM to do
> this, it is quite surprising how many software vendors when you contact
> them they have no clue what you're talking about - that is a complete aside
> - I'm not going to name vendors here but if you want some examples you can
> contact me offline.
> >>
> >> My true reason for composing this is that we've discovered the
> inability to encrypt load libraries - even in PDSE format.  I've yet to get
> a straight answer from IBM on why this is?...   Is this a "giant" technical
> hurdle for IBM?  Or is it just cause there hasn't been anyone who raised
> the need yet?  If the latter does this capability interest others here if I
> were to raise as an IBM idea - would you vote for it?
> >>
> >> I know this seems innocuous, but we'd like to encrypt as much as
> possible in our environment and due to Top Secret deficiencies we have to
> encrypt at high level qualifier level (HLQ) (all or nothing under each HLQ
> unfortunately).  Given we have load module libraries under many differ
> HLQ's this is posing difficulties in moving forward with our rollout when
> an HLQ does have one or more load module libraries as part of that HLQ.
> You can only imagine the pain of renaming a load library given all the JCL,
> etc that is referencing that library name.
> >>
> >> Also, while encrypting load module libraries might seem a little far
> fetched, there are of course many malicious viruses that have been launched
> by injecting code into a suspecting piece of code.
> >>
> >> So two questions:
> >>
> >> 1. Why has IBM not already provided such functionality - can anyone
> speak to the technical hurdles to provide?
> >> 2. If I were to submit an IBM idea, can I count on this community for
> some backing here to help in upvoting such an idea submission?
>
> --
> gil
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
>

Re: HEALTH CHECKER (USS_FILESYS_CONFIG)

[ITschak Mugzach]

>From sdsf ck panel enter E line command on the check line  to enable the
check

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ו׳, 12 בינו׳ 2024 ב-22:08 מאת Peter Ten Eyck <
04d3761a18a7-dmarc-requ...@listserv.ua.edu>:

> Not sure I follow?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: HEALTH CHECKER (USS_FILESYS_CONFIG)

[ITschak Mugzach]

Try E.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ו׳, 12 בינו׳ 2024 ב-21:26 מאת Peter Ten Eyck <
04d3761a18a7-dmarc-requ...@listserv.ua.edu>:

> Struggling to get HEALTH CHECKER check USS_FILESYS_CONFIG to a state of
> ACTIVE(ENABLED) on z/OS 2.4. Currently ACTIVE(DISABLED).
>
> Trying commands like: F
> HZSPROC,ADDREPLACE,CHECK=(IBMUSS,USS_HFS_DETECTED),USS=YES
>
> Is there a command to do this?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: How to configure using PDS members in JCL.

[ITschak Mugzach]

Since I lost my copy of IPOUPDTE (zPDT ADCD does not include it), I wrote a
rexx exec that does it. It can change strings with different lengths and be
limited to a member prefix.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Jan 11, 2024 at 4:00 AM Jon Perryman  wrote:

> On Wed, 10 Jan 2024 08:47:38 -0600, Paul Gilmartin 
> wrote:
>
> >On Wed, 10 Jan 2024 11:41:16 +, Colin Paice wrote:
> >
> >>I think all products should use this technique, instead of asking users
> to
> >>make the same changes to multiple files as part of configuration.
> >>
> >It's regrettable that there's no clean way to provide defaults.
> Perhapsis onl
> >another JCLLIB member.
>
> I would think that most product developers would create professional
> installer instead of using a quick and dirty solution. z/OS has many tools.
> ISPF Panels, models. Clists, REXX, TSO, IRXJCL, ISPF edit and more. It
> doesn't take much to use ISPF panels, validate user input and set defaults.
> Having customers modify JCL set statements is only useful for very simple
> products.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM Security Portal

[ITschak Mugzach]

Mark, there is a way to identify such PTFs without access to the holddata,
but the CVE information is not accessible.

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Wed, Jan 10, 2024 at 10:43 PM Mark Jacobs <
0224d287a4b1-dmarc-requ...@listserv.ua.edu> wrote:

> Yes. They make their way into normal RSUs just like all other recommended
> PTFs. Without access to the security portal they won't be identified as
> SECINT PTFs though.
>
> Mark Jacobs
>
> Sent from ProtonMail, Swiss-based encrypted email.
>
> GPG Public Key -
> https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com
>
>
> On Wednesday, January 10th, 2024 at 3:22 PM, rpinion865 <
> 042a019916dd-dmarc-requ...@listserv.ua.edu> wrote:
>
>
> > Which begs the next question. Would security related PTFs make their way
> into normal RSUs, or must they be ordered separately as per the holddata?
> >
> >
> >
> >
> > Sent with Proton Mail secure email.
> >
> > On Wednesday, January 10th, 2024 at 3:14 PM, Allan Staller
> 0387911dea17-dmarc-requ...@listserv.ua.edu wrote:
> >
> >
> >
> > > Classification: Confidential
> > >
> > > This is a severely manual process.
> > > The PTFS/APARS can be determined from the HOLDDATA.
> > >
> > > The PTFs are individually orderable via ShopZ (just like any other
> PTF). The only difference is that the PTF/APAR information is only
> available in the HOLDDATA.
> > >
> > > HTH,
> > >
> > > -Original Message-
> > > From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On
> Behalf Of rpinion865
> > >
> > > Sent: Wednesday, January 10, 2024 2:03 PM
> > > To: IBM-MAIN@LISTSERV.UA.EDU
> > > Subject: IBM Security Portal
> > >
> > > [CAUTION: This Email is from outside the Organization. Unless you
> trust the sender, Don't click links or open attachments as it may be a
> Phishing email, which can steal your Information and compromise your
> Computer.]
> > >
> > > I know how to navigate to IBM's Security Portal and pull down the
> security hold data. My question pertains to where does one get the security
> related PTFs and APARs. In other words, do the security related PTFs and
> APARs have to be pulled down from another site, as opposed to the site
> where one pulls down general maintenance? Thanks in advance.
> > >
> > > Sent with Proton Mail secure email.
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > > ::DISCLAIMER::
> > > 
> > > The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only. E-mail transmission is not
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or may contain
> viruses in transmission. The e mail and its contents (with or without
> referred errors) shall therefore not attach any liability on the originator
> or HCL or its affiliates. Views or opinions, if any, presented in this
> email are solely those of the author and may not necessarily reflect the
> views or opinions of HCL or its affiliates. Any form of reproduction,
> dissemination, copying, disclosure, modification, distribution and / or
> publication of this message without the prior written consent of authorized
> representative of HCL is strictly prohibited. If you have received this
> email in error please delete it and notify the sender immediately. Before
> opening any email and/or attachments, please check them for viruses and
> other defects.
> > > 
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: IBM Security Portal

[ITschak Mugzach]

The reason the HOLDDATA is separated from regular PTF/APARs is that the
holddata stores information of type SECINT. SECINT has structured
information much like the CVE/NDV.

For some reasons, IBM does not disclose such information in public (but
does so for IBM I). There is a way to identify such PTFs but the CVE info
is not in the PTYF but in the holddata.


ITschakl

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Wed, Jan 10, 2024 at 10:12 PM Ed Jaffe 
wrote:

> On 1/10/2024 12:03 PM, rpinion865 wrote:
> > I know how to navigate to IBM's Security Portal and pull down the
> security hold data. My question pertains to where
> > does one get the security related PTFs and APARs. In other words, do the
> security related PTFs and APARs have
> > to be pulled down from another site, as opposed to the site where one
> pulls down general maintenance? Thanks
> > in advance.
>
> The fixes come from the usual place. Only the HOLDs come from the portal.
>
> If that were not true, how would people not signed up for the portal
> obtain these important fixes?
>
> --
> Phoenix Software International
> Edward E. Jaffe
> 831 Parkview Drive North
> El Segundo, CA 90245
> https://www.phoenixsoftware.com/
>
>
>
> 
> This e-mail message, including any attachments, appended messages and the
> information contained therein, is for the sole use of the intended
> recipient(s). If you are not an intended recipient or have otherwise
> received this email message in error, any use, dissemination, distribution,
> review, storage or copying of this e-mail message and the information
> contained therein is strictly prohibited. If you are not an intended
> recipient, please contact the sender by reply e-mail and destroy all copies
> of this email message and do not otherwise utilize or retain this email
> message or any or all of the information contained therein. Although this
> email message and any attachments or appended messages are believed to be
> free of any virus or other defect that might affect any computer system
> into
> which it is received and opened, it is the responsibility of the recipient
> to ensure that it is virus free and no responsibility is accepted by the
> sender for any loss or damage arising in any way from its opening or use.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: LISTDSI - hardcoded dsn vs. read in from file

[ITschak Mugzach]

Simply remove the quote and double quotes from your input file and add
address tso prof nopref

The list Sai sees two set of quotes instead of one at a maximum. You can
try Dan=translate(dsn,' ','"') before the list Sai command

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ה׳, 4 בינו׳ 2024 ב-21:55 מאת Steve Estle :

> All,
>
> I'm sure I'm doing something boneheaded but can't quite figure out what.
> I have a list of fully qualified datasets in a file that I want to read the
> dataset names once per record and then once I've read the record with
> dataset name then use that name in a LISTDSI command.  When I hard code
> name in REXX exec it works fine - when I read dsname from file it fails.
> I've hardcoded the enclosing double quote/quote inside my file as follows:
>
> "'SYS1.PARMLIB'"
>
> When it fails (2nd version) I get this error message:
>
> IKJ56712I INVALID KEYWORD, "'SYS1.PARMLIB'"
>
> Two scenarios:
>
> Works Fine:
>
> /* REXX */
>
>
> /*--*/
>
> /*S E L E C T   D S N S   &  L I S T   I N F O*/
>
> /*--*/
>
>DSName = "'SYS1.PARMLIB'"
>
>Say DSName
>
>x = LISTDSI(DSName)
>
>SAY 'Function code from LISTDSI is: ' x
>
>SAY 'The data set name is:  ' sysdsname
>
>SAY 'The device unit on which the volume resides is:' sysunit
>
>SAY 'The record format is:  ' sysrecfm
>
>SAY 'The logical record length is:  ' syslrecl
>
>SAY 'The block size is: ' sysblksize
>
>SAY 'The allocation in space units is:  ' sysalloc
>
>
> EXIT
>
> Failing Version:
>
> /* REXX */
>
>
>
> INDSN = "'P69792.LISTDSI.INPUT'"
>
> OUTDSN = "'P69792.LISTDSI.OUTPUT.CSV'"
>
> DDNI  = "DD"||RANDOM(1,9)
>
> DDNO  = "DD"||RANDOM(1,9)
>
>
>
> /*--*/
>
> /*  R E A D   D S N   L I S T   */
>
> /*--*/
>
> ADDRESS TSO "ALLOC DA(" INDSN ") DDNAME( " DDNI ") SHR REUSE "
>
> ADDRESS TSO "ALLOC DA(" OUTDSN ") DDNAME( " DDNO ") OLD REUSE "
>
> ADDRESS TSO "EXECIO * DISKR " DDNI "(STEM Dsni. FINIS"
>
> ADDRESS TSO "FREE DDNAME(" DDNI ") "
>
>
>
> /*--*/
>
> /*S E L E C T   D S N S   &  L I S T   I N F O  */
>
> /*--*/
>
>
>Trace i
>
> DO I = 1 TO Dsni.0
>
>dsn = Word(Dsni.I,1)
>
>Say dsn
>
>x = LISTDSI(dsn)
>
>SAY 'Function code from LISTDSI is: ' x
>
>SAY 'The data set name is:  ' sysdsname
>
>SAY 'The device unit on which the volume resides is:' sysunit
>
>SAY 'The record format is:  ' sysrecfm
>
>SAY 'The logical record length is:  ' syslrecl
>
>SAY 'The block size is: ' sysblksize
>
>SAY 'The allocation in space units is:  ' sysalloc
>
> END I
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Merry Christmas

[ITschak Mugzach]

Merry Christmas from the holy land.

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Tue, Dec 26, 2023 at 3:09 AM Steve Horein  wrote:

> Merry Christmas and Happy Holidays mainframe friends!
>
> On Mon, Dec 25, 2023, 11:28 Steve Beaver <
> 050e0c375a14-dmarc-requ...@listserv.ua.edu> wrote:
>
> > Merry Christmas to all
> >
> > Sent from my iPhone
> >
> > No one said I could type with one thumb
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Z/OS Survey - Unusuall system commands

[Itschak Mugzach]

Wrong thread, Lennie...

Itschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Wed, Dec 20, 2023 at 3:35 PM Lennie Dymoke-Bradshaw <
032fff1be9b4-dmarc-requ...@listserv.ua.edu> wrote:

> Maybe my statement needs correcting. I meant DD parameters, rather than
> JCL statements.
> I have done this, but it was over 30 years ago. I believe you can specify
> many JCL parameters which can go on DD statements. These are then applied
> to the IEFRDER DD statement.
> Happy to be corrected if someone else has better knowledge or if behaviour
> has changed since then.
>
> Lennie Dymoke-Bradshaw
> https: //rsclweb.com
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Seymour J Metz
> Sent: 20 December 2023 12:31
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Z/OS Survey - Unusuall system commands
>
> ?
>
> What JCL statements can START provide. As for parameters, that's limited
> to JOB, EXEC and DD.
>
> Of course, that's enough for a competent auditor to check who can use what.
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
> 
> From: IBM Mainframe Discussion List  on behalf
> of Lennie Dymoke-Bradshaw <032fff1be9b4-dmarc-requ...@listserv.ua.edu>
> Sent: Tuesday, December 19, 2023 7:33 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Z/OS Survey - Unusuall system commands
>
> START will take all sorts of JCL statements as parameters. You can use it
> to recreate data sets that are needed for other things to start.
> Lennie
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Seymour J Metz
> Sent: 19 December 2023 14:52
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Z/OS Survey - Unusuall system commands
>
> No, START.
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
> 
> From: IBM Mainframe Discussion List  on behalf
> of Itschak Mugzach <0305158ad67d-dmarc-requ...@listserv.ua.edu>
> Sent: Tuesday, December 19, 2023 9:23 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Z/OS Survey - Unusuall system commands
>
> Seymour,
> Was it ROUTE command? ;-) Don't tell them. We fill our refrigerator using
> these weaknesses...
>
> BTW, I like your new Hebrew signature!
>
> ITschak
>
> *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
> Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
> and IBM I **|  *
>
> *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
> *Skype**: ItschakMugzach **|* *Web**:
> http://secure-web.cisco.com/1HFDwSALATpGpnOVQ1twvj_azjQO-49TCl66YZFiSGexFVtgJkqArNBLWq14ILxHxchctP5jw0R07PXsqOKidaa7KQIrorgeG3cKJFduizLKhcHE53HCgRQOzbg0MS58ChodSKN6oOU3P8VYqWoIFF2VRL2uFOaZHToBmQGAIQaDFnXV_E5uCdm4BtBTPzrXc3PotMpXndQTj6ODKe5CFxgJcAJc5buY2MuxA3pEIbImngo8exnCd4M59AKiKEyS7qfrtV6rA_YyljMDw7kVJ08WUO3oIEzKtbsZ0MsXUkEmAf4g04v5Nj9_rp4LWAaUBU7MRo2yZ1OgOnR8gDdWnKX1eMDIh5JQUTBRlrVqqjKKGmBNqMiqMGKHF2e_Q8PEItrsFtFUT1aCntdwgf_JNQ_V6Z592kGusGuZ5V9EmTj0/http%3A%2F%2Fwww.Securiteam.co.il
> **|*
>
>
>
>
>
> On Tue, Dec 19, 2023 at 4:20 PM Seymour J Metz  wrote:
>
> > I you control your console commands through SAF, you have fairly fine
> > granularity.
> >
> > BTW, a couple of decades ago I reported a similar issue .on a command
> > that is extremely common.  If you're doing an audit, look at the
> > common commands in addition to the rare ones.
> >
> > --
> > Shmuel (Seymour J.) Metz
> > http://mason.gmu.edu/~smetz3
> > עַם יִשְׂרָאֵל חַי
> > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
> >
> > 
> > From: IBM Mainframe Discussion List  on
> > behalf of ITschak Mugzach 
> > Sent: Tuesday, December 19, 2023 3:12 AM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Z/OS Survey - Unusuall system commands
> >
> > There are some MVS commands that are hard to understand how and why
> > they were created. What bothers me is the fact that the input of the
> > commands that modify MVS behavior allows input from private dataset.
> > These are the first commands I am trying when I do a pentest...
> > For example:
> > *SETLOAD* allows on-the-fly change of

Re: Z/OS Survey - Unusuall system commands

[Itschak Mugzach]

Radoslaw,

My concern is security.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





בתאריך יום ג׳, 19 בדצמ׳ 2023 ב-22:32 מאת Radoslaw Skorupka <
0471ebeac275-dmarc-requ...@listserv.ua.edu>:

> Unusal commands?
> Well, it is enough to open both MVS System Commands and JES2 Commands
> manuals.
> OBEY is not exactly the system command, however it is widely used.
>
> My favourite is QUIESCE.
> There are also other commands which I (almost) never use, but I
> understand their purpose.
> JES2 world is more complex - there are many commands which I vaguely
> understand the purpose. And many which I consider really obsolete.
>
> Fun fact: recently I've been cleaning some z/OS installation, RACF
> definitions. I've found approx. 400 OPERCMDS profiles. Some of them were
> really, really obsolete - like MSS related command, TCAM commands, etc.
> What's funny, even not-so-current documentation does not mention such
> commands or profiles, but at least few of them are still present in the
> system code.
> Explanation: MSS - Mass Storage Subsystem. Very interesting tape-disc
> device, but withdrawn in early 80's. TCAM - VTAM predecessor. I have no
> idea how old it is. I'm pretty sure the OPERCMDS profiles were created
> for an installation with neither MSS nor TCAM.
>
> --
> Radoslaw Skorupka
> Lodz, Poland
>
>
>
> W dniu 19.12.2023 o 09:12, ITschak Mugzach pisze:
> > There are some MVS commands that are hard to understand how and why they
> > were created. What bothers me is the fact that the input of the commands
> > that modify MVS behavior allows input from private dataset. These are the
> > first commands I am trying when I do a pentest...
> > For example:
> > *SETLOAD* allows on-the-fly change of parmlib concatenation using a
> dataset
> > that is not part of the parmlib concatenation itself. for example:
> SETLOAD
> > 03,PARMLIB,DSN=sys4.relson
> > TCPCIP *OBEY* command allows specification of TCPIP configuration from a
> > private library.
> >
> > How frequent do you use these commands (if ever) and how do you identify
> > the use (assuming that the commands are protected by your ESM). I wonder
> > why IBM allows such a scenario.
> >
> > ITschak
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Z/OS Survey - Unusuall system commands

[Itschak Mugzach]

Seymour,
Was it ROUTE command? ;-) Don't tell them. We fill our refrigerator using
these weaknesses...

BTW, I like your new Hebrew signature!

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Tue, Dec 19, 2023 at 4:20 PM Seymour J Metz  wrote:

> I you control your console commands through SAF, you have fairly fine
> granularity.
>
> BTW, a couple of decades ago I reported a similar issue .on a command that
> is extremely common.  If you're doing an audit, look at the common commands
> in addition to the rare ones.
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
> 
> From: IBM Mainframe Discussion List  on behalf
> of ITschak Mugzach 
> Sent: Tuesday, December 19, 2023 3:12 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Z/OS Survey - Unusuall system commands
>
> There are some MVS commands that are hard to understand how and why they
> were created. What bothers me is the fact that the input of the commands
> that modify MVS behavior allows input from private dataset. These are the
> first commands I am trying when I do a pentest...
> For example:
> *SETLOAD* allows on-the-fly change of parmlib concatenation using a dataset
> that is not part of the parmlib concatenation itself. for example: SETLOAD
> 03,PARMLIB,DSN=sys4.relson
> TCPCIP *OBEY* command allows specification of TCPIP configuration from a
> private library.
>
> How frequent do you use these commands (if ever) and how do you identify
> the use (assuming that the commands are protected by your ESM). I wonder
> why IBM allows such a scenario.
>
> ITschak
>
> ITschak Mugzach
> *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> for z/OS, x/Linux & IBM I **| z/VM coming soon  *
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Z/OS Survey - Unusuall system commands

[ITschak Mugzach]

There are some MVS commands that are hard to understand how and why they
were created. What bothers me is the fact that the input of the commands
that modify MVS behavior allows input from private dataset. These are the
first commands I am trying when I do a pentest...
For example:
*SETLOAD* allows on-the-fly change of parmlib concatenation using a dataset
that is not part of the parmlib concatenation itself. for example: SETLOAD
03,PARMLIB,DSN=sys4.relson
TCPCIP *OBEY* command allows specification of TCPIP configuration from a
private library.

How frequent do you use these commands (if ever) and how do you identify
the use (assuming that the commands are protected by your ESM). I wonder
why IBM allows such a scenario.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

How to download PERL from rocket

[ITschak Mugzach]

I am trying to download Perl from Rocket, but when clicking "download Now"
I get a screen "Rocket Open Source for z/os" without a download link. Any
idea how to download Perl for z/os?

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Rexx to clone users in RACF

[ITschak Mugzach]

If you do not have a product, use RACF unload utility and look for all
records associated with the source user and generate racf commands to copy
the user. The records are described in racf macros and interfaces guide.

ITschak

בתאריך יום ו׳, 17 בנוב׳ 2023 ב-14:44 מאת Steve Beaver <
050e0c375a14-dmarc-requ...@listserv.ua.edu>:

> You only have 3 choices. zSecure or VRA Or write your own utility
>
> Sent from my iPhone
>
> No one said I could type with one thumb
>
> > On Nov 16, 2023, at 23:08, Wayne Bickerdike  wrote:
> >
> > *Doesn't the RACF ISPF interface have the ability to close a user?*
> >
> > No, Consul RACF which became z/Secure has that capability. As Radowslaw
> > says, set up a template or use an ISPF file tailoring skeleton with a set
> > of templates and generate from a panel.
> >
> >
> >> On Fri, Nov 17, 2023 at 1:55 PM Jon Perryman 
> wrote:
> >>
> >>> On Thu, 16 Nov 2023 08:04:47 +0400, Peter 
> wrote:
> >>>
> >>> I am looking for a rexx logic which can multiple RACFID based on one
> >> model user ?
> >>
> >> Doesn't the RACF ISPF interface have the ability to close a user?
> >>
> >> --
> >> For IBM-MAIN subscribe / signoff / archive access instructions,
> >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >>
> >
> >
> > --
> > Wayne V. Bickerdike
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Cloud Storage

[ITschak Mugzach]

I have seen some Model9 implementations during security assessments.
Usually the S3 backup is taken to their on perm server that stores the data
on a DS8xxx (or compatible) and mirrors that elsewhere using standard
DS*xxx mirroring. So restore can be at the regular disk speed on site or on
backup site.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Sun, Oct 29, 2023 at 7:29 AM Brian Westerman <
brian_wester...@syzygyinc.com> wrote:

> Yes,
>
> I have 4 smaller clients that use cloud tape connector who store the
> second copy of migrated datasets to the cloud, as well as some DR related
> items.  Also, I have their DS8K DASD conduct backups of the full DASD
> volumes directly to the cloud.  The neat part of doing that directly is
> there is no CPU overhead involved in the process.
>
> In a DR test, we reload the cloud volumes from the cloud, and we direct
> HSM to use the second migrate copy instead of the primary one.  It did seem
> a 'little" slow, but was offset by the fact that we had the volumes
> immediately available to be loaded.  We had no tapes to transfer.
>
> Those sites could not afford and frankly did not need PPRC and a second
> DS8K sitting around so they saved a lot of hardware costs.
>
> Obviously I'm over simplifying a bit, but if you put the thought into the
> process, you can have a viable DR for frankly a very low cost.  The biggest
> cost issue for using the cloud isn't writing the data, it's reading it
> back, depending on what your plan is, it can cost several times as much to
> read as it does to write.
>
> One of the sites uses Adabas, and after we flashcopy the database to a
> backup set of volumes, we then use CTC to write that saved database to the
> cloud and as the PLOGs are created, they are also copied to the cloud.
>
> Obviously none of these sites are a bank, and redoing work between the
> last PLOG (they cut them hourly) and the current time is completely
> possible and not a real hardship.
>
> Writing to the cloud isn't as fast as writing to a VTS, but it's not super
> slow either.  Just make sure you have a zIIP processor so that the CPU
> overhead on your actual CPs is kept in the trivial zone.  Normally you
> wouldn't have any production processes that write directly to the cloud.  I
> try to have HSM do most of the work where possible, even if that means
> creating an extra backup copy of "important" production datasets.  It's a
> lot of work to set things up properly, but then most DR solutions are
> pretty involved.  If you don't spend a lot of time thinking it all through,
> your DR test, and more importantly the actual DR will likely fail, so take
> your time and think it all through.
>
> Brian
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Does z/VM have a product/tool which can send backup to the Cloud ?

[Itschak Mugzach]

It is based on the Amazon Rest API. It is not a product, just a solution we
use here for testing and also runs on our appliances. You can follow the
Amazon manual about the API.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Wed, Oct 25, 2023 at 10:49 PM Jon Perryman  wrote:

> On Wed, 25 Oct 2023 21:27:10 +0300, Itschak Mugzach <
> i_mugz...@securiteam.co.il> wrote:
>
> > We backup our servers to Amazon S3 and wrong the protocols
> > ourselves, so it is possible.
>
> Hi Itschak,
>
> Can you give a very short overview of how your solution works. Which cloud
> API's you used? Is it z/OS, z/VM or z/VSE? Is it strictly disaster recovery
> or includes file recovery? Are you using standard backup utilities and how
> you integrate with those utilities?
>
> Thanks, Jon.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Does z/VM have a product/tool which can send backup to the Cloud ?

[Itschak Mugzach]

Mike,

If you use S3, you can specify which zone to use. BTW, I think Amazon has a
new local zone in Israel, but I think the requirement Arie put was outside
of Israel. We backup our servers to Amazon S3 and wrong the protocols
ourselves, so it is possible.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Wed, Oct 25, 2023 at 7:34 PM Mike Schwab  wrote:

> Most clouds store data in the nearest facility for reduced read write
> time.  Some clouds replicate to other sites.  Have been outages when a
> cloud site went down and the data was not available.
>
> 2022 Google outage when a fire occured.
>
> https://www.datacenterknowledge.com/google-alphabet/data-center-fire-google-suffers-electrical-incident-3-injured
>
> On Wed, Oct 25, 2023 at 10:45 AM Jon Perryman 
> wrote:
> >
> > On Wed, 25 Oct 2023 10:08:20 +0300, Arye Shemer 
> wrote:
> >
> > > one of the most important reason is the
> > >time frame that should be immediately (preferably tomorrow :-)  ).
> >
> > One very important detail I did not mention is the location of your data
> in the cloud. You may connect to a cloud location thinking that is where it
> will be stored. In order to be more efficient, some clouds may redirect
> your request to a closer location. Potentially the country of the
> requester. Why send the data halfway across the world when their cloud has
> a location closer to the point of origin.
> >
> > My assumption was that this was an ASAP request which is why I suggested
> FTP. Someone could manually FTP the backups starting today and a REXX exec
> quickly written to automate the process. Writing a cloud enabled program
> takes longer which could be considered later when there isn't a time
> constraint.
> >
> > Another possibility you may not have considered is using one of your
> satellite offices located in a different country using a PC with USB
> drives. Transfer the backups to the USB drive and take the drive to a safe
> deposit box or a company similar to the one you currently use.
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
> --
> Mike A Schwab, Springfield IL USA
> Where do Forest Rangers go to get away from it all?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Does z/VM have a product/tool which can send backup to the Cloud ?

[ITschak Mugzach]

Arie,

Assuming your client agrees to use Amazon s3 bucket, they can develop their
own rest api calls. The Amazon SDK is recommended, but not a requirement.
At end, it is just a rest api. All sequence. Google for "developing with
Amazon s3 using rest api"

ITschak

בתאריך יום ב׳, 23 באוק׳ 2023 ב-16:20 מאת Arye Shemer :

> Hello  Timothy,
> TS7700 baby, z/OS LPAR (or guest) and even Linux were introduced and
> offered to the customer but completely rejected
> Only a solution  built on software running in z/VM would be accepted by the
> customer.
> Thank you all for the suggestions and help,
> Best Regards,
> Arye Shemer
>
> On Mon, Oct 23, 2023 at 4:12 AM Timothy Sipples 
> wrote:
>
> > I’m not aware of any pure software-based option from IBM or any other
> > vendor that fits your/their description. However, IBM fairly recently
> > introduced a “baby” TS7700 model that’s customer rack mounted. If they’re
> > concerned about consuming another whole frame footprint it’s not that
> big.
> > And the hardware-based approach has its advantages, notably lower
> > processing impact(s) on the z/VM environment(s).
> >
> > If they’re willing to relax their z/OS “ban” then I think it can be done
> > with a pure software-based approach, but I’d have to double check.
> >
> > There are hypothetical “Roll Your Own” approaches involving Linux. I
> > suppose for example you could configure the storage system to take
> > point-in-time copies then use a Linux LPAR to back those PITCs up to
> cloud
> > object storage, highly preferably encrypted before transmission. Not
> ideal
> > IMHO, and I don’t see how you’d get incremental backups that way.
> >
> > —
> > Timothy Sipples
> > Senior Architect
> > Digital Assets, Industry Solutions, and Cybersecurity
> > IBM zSystems/LinuxONE, Asia-Pacific
> > sipp...@sg.ibm.com
> >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Extracting SMP/e details

[ITschak Mugzach]

Alan,
I spent a lot of time calling GIMAPI. Few calls did work, but in the end we
decided to develop an assembler program that will be calleing GIMAPI.


ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Fri, Oct 20, 2023 at 2:51 PM Allan Staller  wrote:

> Classification: Confidential
>
> There is a REXX? API available. Check the fine manuals.
>
> An alternative would be SMPLIST and parse the output with the tool of you
> choice.
>
>
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Lizette Koehler
> Sent: Thursday, October 19, 2023 9:33 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Extracting SMP/e details
>
> [CAUTION: This Email is from outside the Organization. Unless you trust
> the sender, Don’t click links or open attachments as it may be a Phishing
> email, which can steal your Information and compromise your Computer.]
>
> I need a simple process to get the following out of SMP/e
>
> PTF. Fmid. Date received. Date applied
>
> I am thinking of writing a Rexx or icetool to read a listing to produce
> the one liners
>
> Just wanted to check here to see if there was a better way
>
> I have not found much on cbttape
>
> From time to time I need to show when fixes went in. So this just needs to
> be a simple report
>
> Thanks
>
> Sent from EarthLink Mobile mail
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> ::DISCLAIMER::
> 
> The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only. E-mail transmission is not
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or may contain
> viruses in transmission. The e mail and its contents (with or without
> referred errors) shall therefore not attach any liability on the originator
> or HCL or its affiliates. Views or opinions, if any, presented in this
> email are solely those of the author and may not necessarily reflect the
> views or opinions of HCL or its affiliates. Any form of reproduction,
> dissemination, copying, disclosure, modification, distribution and / or
> publication of this message without the prior written consent of authorized
> representative of HCL is strictly prohibited. If you have received this
> email in error please delete it and notify the sender immediately. Before
> opening any email and/or attachments, please check them for viruses and
> other defects.
> 
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Extracting SMP/e details

[ITschak Mugzach]

The standard solution is gimapi. We developed an assembler program since we
failed to use rexx. However, you can list the csi and process the output

ITschak

בתאריך יום ה׳, 19 באוק׳ 2023 ב-17:33 מאת Lizette Koehler <
stars...@mindspring.com>:

> I need a simple process to get the following out of SMP/e
>
> PTF. Fmid. Date received. Date applied
>
> I am thinking of writing a Rexx or icetool to read a listing to produce
> the one liners
>
> Just wanted to check here to see if there was a better way
>
> I have not found much on cbttape
>
> From time to time I need to show when fixes went in. So this just needs to
> be a simple report
>
> Thanks
>
> Sent from EarthLink Mobile mail
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Access to PDS(E) ISPF statistics outside of TSO/ISPF

[ITschak Mugzach]

There is a sample assembler program in xephon magazine. Find it in the
cbttape website

ITschak

בתאריך יום ג׳, 10 באוק׳ 2023 ב-21:46 מאת Matt Hogstrom :

> Thanks Mike, this helps a lot.
>
> Matt Hogstrom
> m...@hogstrom.org
> +1-919-656-0564
> PGP Key: 0x90ECB270
> Facebook   LinkedIn <
> https://linkedin/in/mhogstrom>  Twitter 
>
> “It may be cognitive, but, it ain’t intuitive."
> — Hogstrom
>
> > On Oct 10, 2023, at 1:53 PM, Mike Shaw  wrote:
> >
> > Matt,
> >
> > I have Assembler code to decode the ISPF stats once you have the
> directory
> > entry in-hand. Here is the IBM mapping macro for the ISPF stats in a
> > directory entry:
> >
> > MACRO
> > ISPDSTAT ,   Macro from ISP.AISPMACS ISPF DLIB
> > ISPFDIR  DSECT
> > ISPVERS  DSX   Version
> > ISPMOD   DSX   Modification level
> > ISPFLAGS DSX   Flag byte
> > ISPSCLM  EQU   X'80'   Stats created by SCLM
> > *EQU   X'40'   Reserved for ISPF
> > ISPESTAT EQU   X'20'   Extended statistics
> > *EQU   X'10'   Reserved for ISPF
> > *EQU   X'08'   Reserved for ISPF
> > *EQU   X'04'   Reserved for ISPF
> > *EQU   X'02'   Reserved for ISPF
> > *EQU   X'01'   Reserved
> > ISPMSEC  DSX   '   Seconds portion of Mod Time
> > * see the description of the TIME DEC macro for the format of
> > * ISPCDATE and ISPMDATE
> > ISPCDATE DSCL4 Date Statistics created
> > ISPMDATE DSCL4 Date Statistics modified
> > ISPMTIME DSCL2 Time modified HHMM
> > ISPCLINE DSCL2 Current number of lines
> > ISPILINE DSCL2 Initial number of lines
> > ISPMLINE DSCL2 Number of modified lines
> > ISPUSRID DSCL7 Userid
> > ISPBLANK DSCL3 Reserved for ISPF
> > *  Next 10 bytes must not be
> > *  referenced unless ISPESTAT is
> > *  ON and SMDE_USRD_LEN = X'14'
> > DSCL10Reserved for ISPF
> > * when ISPESTAT = On and SMDE_USRD_LEN = X'28' then
> > ORG   ISPBLANK+1
> > ISPECLIN DSCL4 Current number of lines
> > ISPEILIN DSCL4 Initial number of lines
> > ISPEMLIN DSCL4 Number of modified lines
> > MEND
> >
> >
> > Mike Shaw
> > MVS/QuickRef Support Group
> > Chicago-Soft, Ltd.
> >
> > On Tue, Oct 10, 2023 at 12:53 PM Matt Hogstrom 
> wrote:
> >
> >> I’m looking for a way to access ISPF statistics from Java or C outside
> of
> >> a TSO / ISPF environment.  Does such an animal exist out there ?
> >>
> >> Matt Hogstrom
> >> m...@hogstrom.org
> >>
> >> “It may be cognitive, but, it ain’t intuitive."
> >> — Hogstrom
> >>
> >>
> >> --
> >> For IBM-MAIN subscribe / signoff / archive access instructions,
> >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >>
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Israel

[ITschak Mugzach]

I served the infantry until the age of 45...

בתאריך יום ב׳, 9 באוק׳ 2023 ב-23:52 מאת Seymour J Metz :

> In the reserves is one thing; young enough to be called up is quite
> another. I doubt that I could get an age waiver, and I doubt that I'm the
> only one to be over the hill..
>
> 
> From: IBM Mainframe Discussion List  on behalf
> of Steve Beaver <050e0c375a14-dmarc-requ...@listserv.ua.edu>
> Sent: Monday, October 9, 2023 10:02 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Israel
>
> How any of you guys are in the IDF reserves?
>
> Sent from my iPhone
>
> No one said I could type with one thumb
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Israel

[Itschak Mugzach]

Afaik he is a us citizen.
בתאריך יום א׳, 8 באוק׳ 2023 ב-20:58 מאת Dave Beagle <
0525eaef6620-dmarc-requ...@listserv.ua.edu>:

> Pretty sure Shmuel lives in the US.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Sunday, October 8, 2023, 1:27 PM, August Carideo <
> august.cari...@avon.com> wrote:
>
> Is Seymour Metz there also ?
>
>
>
> Get Outlook for iOS<https://aka.ms/o0ukef>
> 
> From: IBM Mainframe Discussion List  on behalf
> of Steve Beaver <050e0c375a14-dmarc-requ...@listserv.ua.edu>
> Sent: Sunday, October 8, 2023 1:20:30 PM
> To: IBM-MAIN@LISTSERV.UA.EDU 
> Subject: Re: Israel
>
> Thank you ITschak.  You keep your head and your ass down
>
> Sent from my iPhone
>
> No one said I could type with one thumb
>
> > On Oct 8, 2023, at 12:03, Itschak Mugzach <
> 0305158ad67d-dmarc-requ...@listserv.ua.edu> wrote:
> >
> > No, but I afaik he lives in a safe area in Israel.
> >
> > ITschak
> >
> > בתאריך יום א׳, 8 באוק׳ 2023 ב-19:46 מאת Steve Beaver <
> > 050e0c375a14-dmarc-requ...@listserv.ua.edu>:
> >
> >> Has anyone heard from Benyamin in Israel since the shit storm has
> started?
> >>
> >> Sent from my iPhone
> >>
> >> No one said I could type with one thumb
> >>
> >> --
> >> For IBM-MAIN subscribe / signoff / archive access instructions,
> >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >>
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Israel

[Itschak Mugzach]

No. The concert planned to Saturday night in Tel Aviv. The large civilian
event in the Negev was a nature party with 3,000 participants, some of them
are foreign citizens. So fat we count more than 700 death people, most of
them civilians: children, woman, old people. Some families were completely
killed.
I've got many emails and messages from friends and partners around the
world, includes muslins, that supports Israel.

ITschak

בתאריך יום א׳, 8 באוק׳ 2023 ב-20:27 מאת Mike Schwab :

> The attack included a concert with International guests.
>
> On Sun, Oct 8, 2023 at 12:21 PM Steve Beaver
> <050e0c375a14-dmarc-requ...@listserv.ua.edu> wrote:
> >
> > Thank you ITschak.  You keep your head and your ass down
> >
> > Sent from my iPhone
> >
> > No one said I could type with one thumb
> >
> > > On Oct 8, 2023, at 12:03, Itschak Mugzach <
> 0305158ad67d-dmarc-requ...@listserv.ua.edu> wrote:
> > >
> > > No, but I afaik he lives in a safe area in Israel.
> > >
> > > ITschak
> > >
> > > בתאריך יום א׳, 8 באוק׳ 2023 ב-19:46 מאת Steve Beaver <
> > > 050e0c375a14-dmarc-requ...@listserv.ua.edu>:
> > >
> > >> Has anyone heard from Benyamin in Israel since the shit storm has
> started?
> > >>
> > >> Sent from my iPhone
> > >>
> > >> No one said I could type with one thumb
> > >>
> > >> --
> > >> For IBM-MAIN subscribe / signoff / archive access instructions,
> > >> send email to lists...@listserv.ua.edu with the message: INFO
> IBM-MAIN
> > >>
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
> --
> Mike A Schwab, Springfield IL USA
> Where do Forest Rangers go to get away from it all?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Israel

[Itschak Mugzach]

No, but I afaik he lives in a safe area in Israel.

ITschak

בתאריך יום א׳, 8 באוק׳ 2023 ב-19:46 מאת Steve Beaver <
050e0c375a14-dmarc-requ...@listserv.ua.edu>:

> Has anyone heard from Benyamin in Israel since the shit storm has started?
>
> Sent from my iPhone
>
> No one said I could type with one thumb
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Retrieve LPAR weight without BCPii HWIQUERY ?

[ITschak Mugzach]

I don't know how they do this, but you can access the HMC with a rest api
call to get this data.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Sep 28, 2023 at 4:21 PM Boesel Guillaume 
wrote:

> Hi,
>
> With HWIQUERY, I'm able to retrieve the weight of a LPAR but, of course,
> it doesn't work if BCPii is not started.
>
> Mainview (LPARACT view) or Sysview (PRISM command) are able to retrieve
> this information on LPARs without BCPii.
>
> Is somebody could help me to understand how products like Mainview or
> Sysview are able to retrieve the weight of a LPAR without BCPii ?
>
> Thank you for your help,
> Regards
>
> Guillaume
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: EDIT panel modification

[ITschak Mugzach]

tx Michael,

I found the problem... I used underscore as a field type and there are
titles that have underscore in it. You are correct, for testing, I am using
panel ISREDDE2 (but will use the samples you pointed me to later).

BTW, U couldn't report it as I don't see my original posts until someone
answers.

Best,
ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Tue, Sep 19, 2023 at 6:29 PM Schmitt, Michael 
wrote:

> My guess is you have a stray x'15' in what you added, if the panel you're
> modifying is ISREDDE2.
>
>
> Also, I'll just say that the only approved way to modify an Edit panel is
> to use the EDIT service combined with a panel that is derived from one of
> the sample panels: ISREFR01, ISREFR02, ISREFR03, or ISREFR04.
>
>
> https://www.ibm.com/docs/en/zos/2.4.0?topic=edit-providing-customized-browse-panels
>
> This is because ISPF cheats: it doesn't always follow its rules when it is
> doing its own code.
>
>
> If you're using ISREFR02 then the action bar attribute is x'AB'.
>
>
>
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of ITschak Mugzach
> Sent: Tuesday, September 19, 2023 3:52 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: EDIT panel modification
>
> I am trying to add fields to the edit panel after the zCMD field and before
> the dynamic data section. The control characters _ and @ are defined in the
> )ATTR section. When running the program, I am getting an error msg
> "Duplicate action bar field text found in )BODY section." and
>
> Panel line where error was detected:
> .. File. Edit. Edit_Settings. Menu. Utilities. Compilers. Test. Help.
>
> Any idea how to modify the panel to allow these extra fields?
>
>
>  Command ===> Z/ /         Scroll ===>
> Z
>  _AK@QIFZDATA _BK@CK
>  ZDATA,ZSHADOW/ /
>  / /
>
> ITschak Mugzach
> *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> for z/OS, x/Linux & IBM I **| z/VM coming soon  *
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

EDIT panel modification

[ITschak Mugzach]

I am trying to add fields to the edit panel after the zCMD field and before
the dynamic data section. The control characters _ and @ are defined in the
)ATTR section. When running the program, I am getting an error msg
"Duplicate action bar field text found in )BODY section." and

Panel line where error was detected:
.. File. Edit. Edit_Settings. Menu. Utilities. Compilers. Test. Help.

Any idea how to modify the panel to allow these extra fields?


 Command ===> Z/ / Scroll ===>
Z
 _AK@QIFZDATA _BK@CK
 ZDATA,ZSHADOW/ /
 / /

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Bill Johnson

[Itschak Mugzach]

Darren,

Most of us have a rule to ignore his posts. The list is too valuable to
shut down.

ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Mon, Sep 18, 2023 at 10:24 PM Darren Evans-Young  wrote:

> I have removed Bill Johnson from the IBM-MAIN list and you all know why.
>
> He has now officially lodged a complaint against me accusing me of
> discrimination
> and violating his 1st Amendment rights.  This complaint was sent to the
> President and
> the Chief Administrative Officer at The University of Alabama.
>
> Worst case, I'll have to dissolve IBM-MAIN. If you are at a university
> that hosts
> listserv lists, and would be able to host IBM-MAIN in the event I'm told
> to take
> the list down, please contact me off-list (dar...@ua.edu dar...@ua.edu>).
>
> Darren
>
> P.S. - Please do not contact Bill Johnson. It will only make things worse.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BCPii retcode 3841

[Itschak Mugzach]

Did you run the TSO PARMLIB command (or mvs set)?

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Tue, Sep 5, 2023 at 11:36 AM Radoslaw Skorupka <
0471ebeac275-dmarc-requ...@listserv.ua.edu> wrote:

> Well, I just tried and still same error code.
>
>
> --
> Radoslaw Skorupka
> Lodz, Poland
>
>
>
> W dniu 05.09.2023 o 10:25, Gadi Ben-Avi pisze:
> > Try adding the program to the AUTHTSF section of IKJPRMxx.
> > Gadi
> >
> > -Original Message-
> > From: IBM Mainframe Discussion List  On
> Behalf Of Radoslaw Skorupka
> > Sent: יום ג 05 ספטמבר 2023 11:22
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: BCPii retcode 3841
> >
> > I'm trying to run a sample from the manual, nothing sophisticated:
> > ListType= HWI_LIST_CPCS;
> > Address BCPII "HWILIST retcode ConnectionToken ListType AnswerArea.
> > DiagArea."
> >
> > and I get retcode = F01 (3841 dec).
> > The manual say HWI_AUTH_FAILURE, the program does not reside in
> APF-authorized library.
> > Note, the HWILIST module reside in CSSLIB, which is APF-authorized.
> > I run the exec from TSO.
> >
> > Any clue?
> >
> > --
> > Radoslaw Skorupka
> > Lodz, Poland
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: RACF for using SDSF

[Itschak Mugzach]

You do not need to have sys1 as a default group. Che k if you are
authorised to sdsf isf.connect profile

ITschak

בתאריך יום ב׳, 4 בספט׳ 2023 ב-17:34 מאת Rob Scott :

> Joseph,
>
> I think you need to use the "CONNECT" command instead of ALTUSER :
>
> CONNECT userid GROUP(group_name)
>
> Afterwards a "LISTUSER userid" command should list all groups that the
> user is connected to.
>
> As most sites run with "list of groups checking", there is normally no
> need to change the default group after a CONNECT.
>
> Rob Scott
> Rocket Software
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Joseph Reichman
> Sent: Monday, September 4, 2023 3:19 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: RACF for using SDSF
>
> EXTERNAL EMAIL
>
>
>
>
>
> Hi
>
>
>
> I am getting the following message on my ADCD system
>
>
>
> ISF024I USER ADCDANOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT
>
>
>
> I tried  ALU ADCDA GROUP(SYS1) this is the group that my other tso Is
> which has access to SDSF
>
>
>
> Regardless after I do the command and do a LU ADCDA the group still shows
> up as TEST
>
>
>
> When doing ALU ADCDA DFLTGRP(SYS1) racf says its not connected
>
>
>
> thanks
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> 
> Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA
> 02451 ■ Main Office Toll Free Number: +1 855.577.4323
> Contact Customer Support:
> https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
> Unsubscribe from Marketing Messages/Manage Your Subscription Preferences -
> http://www.rocketsoftware.com/manage-your-email-preferences
> Privacy Policy -
> http://www.rocketsoftware.com/company/legal/privacy-policy
> 
>
> This communication and any attachments may contain confidential
> information of Rocket Software, Inc. All unauthorized use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> notify Rocket Software immediately and destroy all copies of this
> communication. Thank you.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Is SMP/E needed for installs?

[ITschak Mugzach]

Kurt,

I think the power of SMP/E is not the initial install, but the fix
management (ptf chain management). Actually many deliveries from IBM have
SMP/E already populated and technically this is a kind of DSS dump (or can
be).

ITschak


ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Aug 24, 2023 at 6:48 PM Kurt Quackenbush  wrote:

> Yes, thanks for asking, we have thought about an alternative.  And an
> alternative exists in z/OSMF Software Management and Portable Software
> Instances.  In this form you can package, deliver, and install software
> whether it is SMP/E managed or not.  If it is SMP/E managed, as much of the
> software on the z/OS platform is, then the package includes the SMP/E
> artifacts like CSIs so you can install PTF fixes.  You can of course choose
> to ignore the SMP/E artifacts and just repeat the process to install an
> updated Portable Software Instance in 3 months as you suggest.
>
> Kurt Quackenbush
> IBM  |  z/OS SMP/E and z/OSMF Software Management  |  ku...@us.ibm.com
>
> Chuck Norris never uses CHECK when he applies PTFs.
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Colin Paice
> Sent: Thursday, August 24, 2023 10:37 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: [EXTERNAL] Is SMP/E needed for installs?
>
> This week, I did my first SMP/E install since my previous one over 40 years
> ago!   The process hasn't changed much.  It took me about half a day to
> download the files and configure the jobs - making the same changes in
> several jobs.
> For people new to z/OS "installation" is hard to get into, understand, and
> get working properly.
>
> Has anyone thought about alternative ways of shipping products?  For
> example many products are now Web downloads, which you just restore.
> I would like to see a DFDSS dump of the CST level of all objects and a
> matching dump of the  SMP/E datasets of the product.
> I can just restore the product stuff,and not the SMP/E stuff, or I can
> install the SMP/E stuff as well.   If you want to install a fix, then apply
> it to the SMP/E libraries.
> In 3 months time,  repeat the whole process.
>
> I think we have to do something before all those with the knowledge and
> experience retire!
>
> Colin
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Generating WTO Messages to do message suppression

[ITschak Mugzach]

Tony,

I are right about the extra plus sign... I used this trick in the past to
attack the z.

If you want to remove the plus sign, you can write a system rexx exec to
use axrwto.

ITschak
בתאריך יום ב׳, 21 באוג׳ 2023 ב-21:30 מאת Tony Harminc :

> On Mon, 21 Aug 2023 at 12:44, ITschak Mugzach  wrote:
>
> > user TSO SEND command '+IKJX0001I BLA BLA',cn(00) (or the actual name of
> > the console at your shop. It is also a tricky way to fool automation
> > products...
>
> Those automation products should be set up to check for the leading +
> sign. (In your example you've added a second + which will come out as
> ++.)
>
> That + is there precisely so that unuthorized programs can't fool
> operators (in the old days) or auto-ops these days into acting on a
> bogus message. But of course some auto-ops actions can be legitimately
> triggered by messages from an unauthorized program.
>
> Tony H.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Generating WTO Messages to do message suppression

[ITschak Mugzach]

Mark,

user TSO SEND command '+IKJX0001I BLA BLA',cn(00) (or the actual name of
the console at your shop. It is also a tricky way to fool automation
products...

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Mon, Aug 21, 2023 at 7:41 PM Mark Regan  wrote:

> Is there a way to generate WTO messages via a batch job to check message
> suppression? At my last site, where we had NetView, we used a CLIST (or was
> it REXX), to do this.
>
> Regards,
>
> Mark Regan, K8MTR General, EN80tg
> CTO1 USNR-Retired (1969-1991)
> Nationwide Insurance, Retired, 1986-2017
> z/OS Network Systems Programmer (z NetView, z/OS Communications Server)
>
> Email: marktre...@gmail.com
> LinkedIn:  https://www.linkedin.com/in/mark-t-regan
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ransomware on z

[Itschak Mugzach]

Bob,

Few days ago a hospital in central Israel got a ransomware attack by a
group of hackers named Block Shadow. Two years ago another hospital was
attacked. The total cost of recovering (nothing paid to the attacking group
afaik) was estimated about 36 million ILS, about $10 Million USD.

ITschak


*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Sun, Aug 13, 2023 at 7:24 AM Bob Bridges  wrote:

> I've a favorite author who points out that criminals mostly are optimists.
> They think everyone else is a sucker and they're smarter than everyone
> else,
> they therefore think they can't get caught, and they risk 12 years in
> prison
> for a haul they could get with a mere eight months of honest work.
>
> ---
> Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
>
> /* Now if you're destined to have a not very interesting life -- and I was
> so destined -- the next best thing, if you're going to be a writer, is to
> have a huge family.   ...when you're the only pea in the pod, your parents
> are likely to get you confused with the Hope Diamond. And that encourages
> you to talk too much.  -columnist Russell Baker on listening skills */
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of
> Phil Smith III
> Sent: Saturday, August 12, 2023 16:13
>
> This falls into the category of "things I just don't get": if that had been
> me, I'd've woken up every single morning wondering if this was the day that
> my access would be gone, and whether there was about to be a loud knock on
> the door (at least). Yes, I know, this wasn't in the U.S. so the cops would
> have been less violent, but still-if I were out committing crimes, I'd want
> them to be over as soon as possible so I could continue on with my life,
> knowing that there was some chance of evidence leading to me, but not with
> a
> continuous, live channel leading back to me!
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ransomware on z

[ITschak Mugzach]

I used the generic term DS8000, but I don't recall the exact device type. I
think that, as other mentioned, the point is that you do not need to access
the mainframe itself in order to damage the data.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Sun, Aug 13, 2023 at 12:50 AM Tony Thigpen  wrote:

> Well, I will be the one to call this story BS.
>
> You can not run that script remote without the Remote-CE option enabled.
> And, that option was not available until the DS8870. And, to run it you
> have to first log in as CE. A password that should have been changed at
> installation.
>
>
> Tony Thigpen
>
> ITschak Mugzach wrote on 8/12/23 4:45 PM:
> > Agree. my point is that a mainframe is just another server and that
> > you don't need to login into to damage the data.
> >
> > ITschak
> >
> > ITschak Mugzach
> > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> > for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> >
> >
> >
> >
> > On Sat, Aug 12, 2023 at 11:35 PM Charles Mills  wrote:
> >
> >> The long periods of bad guy access are typical. You read most of the
> >> breach stories the attack unfolded over weeks or months. The hackers
> talk
> >> about pwning (owning) a group of servers.
> >>
> >> CM
> >>
> >> On Sat, 12 Aug 2023 16:13:12 -0400, Phil Smith III 
> >> wrote:
> >>
> >>> ITschak Mugzach wrote, in part:
> >>>> Remember that when pirate bay penetrated Logica, he had
> >>>> no clue on mainframes, but was able to stay for almost 1.5 years.
> >>>
> >>> This falls into the category of "things I just don't get": if that had
> >> been me, I'd've woken up every single morning wondering if this was the
> day
> >> that my access would be gone, and whether there was about to be a loud
> >> knock on the door (at least). Yes, I know, this wasn't in the U.S. so
> the
> >> cops would have been less violent, but still-if I were out committing
> >> crimes, I'd want them to be over as soon as possible so I could
> continue on
> >> with my life, knowing that there was some chance of evidence leading to
> me,
> >> but not with a continuous, live channel leading back to me!
> >>
> >> --
> >> For IBM-MAIN subscribe / signoff / archive access instructions,
> >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >>
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: ransomware on z

[ITschak Mugzach]

Agree. my point is that a mainframe is just another server and that
you don't need to login into to damage the data.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Sat, Aug 12, 2023 at 11:35 PM Charles Mills  wrote:

> The long periods of bad guy access are typical. You read most of the
> breach stories the attack unfolded over weeks or months. The hackers talk
> about pwning (owning) a group of servers.
>
> CM
>
> On Sat, 12 Aug 2023 16:13:12 -0400, Phil Smith III 
> wrote:
>
> >ITschak Mugzach wrote, in part:
> >>Remember that when pirate bay penetrated Logica, he had
> >>no clue on mainframes, but was able to stay for almost 1.5 years.
> >
> >This falls into the category of "things I just don't get": if that had
> been me, I'd've woken up every single morning wondering if this was the day
> that my access would be gone, and whether there was about to be a loud
> knock on the door (at least). Yes, I know, this wasn't in the U.S. so the
> cops would have been less violent, but still-if I were out committing
> crimes, I'd want them to be over as soon as possible so I could continue on
> with my life, knowing that there was some chance of evidence leading to me,
> but not with a continuous, live channel leading back to me!
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

ransomware on z

[ITschak Mugzach]

Few days ago, I don't remember who and if it was here or at racf-l, someone
asked about a known case of a mainframe ransomware attack by encrypting the
disks.
Few years ago we performed a whitehat attack at a large insurance company.
WE started with the DS8xxx HMC server. A short RTFM showed that there is a
scrypt to reset the password of the DS8000 to it's defaults. We then were
able to manage the LUNs, and ofcourse delete them, encrypt them and so on.

What I am trying to say is that one doesn;t have to access the mainframe
itself in order to access the data... And again, password sync and sso
makes life easier. Remember that when pirate bay penetrated Logica, he had
no clue on mainframes, but was able to stay for almost 1.5 years.

MY 2 cents

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: [EXT] Re: Cloud may be overpriced compared to on-premises systems

[ITschak Mugzach]

> > > trucking which is designed for large trucks and fast speeds. That’s
> > exactly
> > > why the carnage on US highways from trucks is way higher. And wind as
> an
> > > excuse is just silly. Or speed differential.
> > > > In Germany and other European Union counties, trucks with a gross
> > > vehicle weight rating of 3.5 tonnes (7,700 pounds) or more must have a
> > > governor that limits their speed to 90 kph (54 miles per hour).
> > > >
> > > >
> > > > Sent from Yahoo Mail for iPhone
> > > >
> > > >
> > > > On Tuesday, August 8, 2023, 3:52 AM, Jeremy Nicoll <
> > > jn.ls.mfrm...@letterboxes.org> wrote:
> > > >
> > > > On Tue, 8 Aug 2023, at 01:56, Bill Johnson wrote:
> > > >> In Europe all the trucks go the same speed.
> > > > Rubbish.  Age of truck and how heavy its load is are certainly
> factors.
> > > >
> > > > An unloaded truck, is a lot more susceptible to high winds so might
> > > > be driven slower in those conditions; trucks with no load with
> curtain-
> > > > sides often have their curtains open in high winds to significantly
> > > > reduce wind effects.  But that's impossible if there's a partial load
> > > > or nowhere safe for the driver to open (and tie back) the curtains.
> > > >
> > > >> The trucks all have governors.
> > > > No they don't.  Some do.  Even so it sets a maximum speed not
> > > > the actual speed.
> > > >
> > > >> They are also all in the right lane.
> > > > By "right" do you mean "correct"?  Or do you mean the slowest
> > > > lane?  In any case trucks are permitted to be in the next fastest
> > > > lane while overtaking a slower truck.
> > > >
> > > >
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> > >
> > >
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> >
> >
> > --
> > Jay Maynard
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> >
> >
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
>
> --
> Jay Maynard
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Accessing JCL SETs in Rexx

[ITschak Mugzach]

Paul,

END is how the variable name ends. It can be separated  by comma, a dot,
tow dots and a space. After substituting the variable with its value, I
clean double dots for example.

Remember that in the op situation, the input is a jock library. Nothing was
submitted nor running. IEF messages are not relevant in this case.

Btw, substituting DD cards a
Is relatively simple. Try to parse parm fields that might have spaces,
brackets and apostrophes and variables inside

Best,
ITschak

בתאריך יום ו׳, 4 באוג׳ 2023 ב-16:26 מאת Paul Gilmartin <
042bfe9c879d-dmarc-requ...@listserv.ua.edu>:

> On Fri, 4 Aug 2023 10:02:29 +0300, Itschak Mugzach  wrote:
> >...
> >   - Substitution is more complex since you have several END options and
> to
> >   ignore temporary datasets such as those starting with '&'
>
> What's an END option?  (Example?)
>
> I need to submit an RCF that the JCL Ref. fails to clarify the effect of
> substitutioh's resulting in a name beginning with "&" or "&" in the
> equivalent JCL. as in:
> //   SET V1=''
> //  SET  V2='&BAR'
> //*
> //STEP  EXEC PGM=MYPGM
> //DD1  DD  DSN=,...
> //DD2  DD  DSN=,...
>
>
> On Fri, 4 Aug 2023 11:58:13 +, Seymour J Metz wrote:
>
> >Senior moment - it was the disposition messages, not the substitution
> messages, that got moved. For substitution the change was using a message
> id.
> >
> I believe that substitution messages can be issued by the Converter but
> disposition
> messages only after step execution.
>
> And I find it an irritating omission that substitution messages do not
> report
> substitution of "&" for "&".
>
> --
> gil
>
> ----------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Accessing JCL SETs in Rexx

[Itschak Mugzach]

OK. If this is a scan and not run-time, you should be able to identify all
types of variables: System variables (returned by MVSVAR(SYMDEF,xxx)), JCL
SET commands, and PROC variables. This is the general case. If you only
look at your private case that involves only JCL SET variables, you should
look at a code like the one below (I have a complete solution but it is
part of our IronSphere Breaking Lines product that performs code review).
Some things to consider:


   - It will only work if the DD and DSNAME/PATH/DSN are on the same line.
   I usually make a DD a single line to solve this.
   - Substitution is more complex since you have several END options and to
   ignore temporary datasets such as those starting with '&&'
   - The reason I am using an index (SYMINDX) is to be able to access the
   variables directly and sequentially.

Best,
ITschak

JCLSUBS:
   Parse Arg $Lib $Mem
   $Dsn = $lib'('$Mem')'

   If (Sysdsn($Lib) /= OK) Then Do
  Say 'MEMBER OR DATASET DOES NOT EXIST'
  Exit 8
  End

   "Alloc f(JCLMEMBR) DA('"$Lib"("$Mem")') SHR"
   "ExecIO * DiskR JCLMEMBR (Stem JCL. Fini"

   SymIndx = 0

   Do i = 1 to JCL.0
  Jcl.i  = Substr(Jcl.i,1,71)
  Parse Var JCL.i xName xTYpe XRest

  If (xType = 'SET') Then Do
 Interpret xrest
 Parse Var xRest xVar '=' xValue
 xVar   = Strip(xVar)
 SymIndx = SymIndx + 1
 Sym.SymIndx = xVar
 Sym.xVar = xValue
 SAy xVar '=' xValue
 End

  End

   Do i = 1 to JCL.0
  Parse Var JCL.i xName xTYpe XRest

  If (xType /= 'DD') Then Do
 Iterate
 End

  xPos1 = WordPos('DSN=',xRest)
  xPos2 = WordPos('DSNAME=',xRest)
  xPos3 = WordPos('PATH=',xRest)

  If (xPos1 > 0) Then Do
 Parse Var xRest . 'SN=' xDsn ' ' .
 End

  If (xPos2 > 0) Then Do
 Parse Var xRest . 'SNName=' xDsn ' ' .
 End

  If (xPos3 > 0) Then Do
 Parse Var xRest . 'ATH=' xDsn ' ' .
 End

  xPos = Pos(',',xDsn)

  If (xPos > 0) Then Do
 Parse Var xDsn xdsn ',' .
     End

  Call Substitute
  End

   Return

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Fri, Aug 4, 2023 at 12:58 AM David Spiegel <
0468385049d1-dmarc-requ...@listserv.ua.edu> wrote:

> Hi R'Itschak AMVS"H,
> Yes, it is a scan.
> The purpose of the scan is to ensure that my jobs which implement a
> Middleware upgrade have a good chance of succeeding.
> These jobs are SUBMITd at 02:00 when the adrenaline is flowing, Teams
> messages are non-stop and the stress level is through the roof.
> The last thing I want to do is start looking for missing Datasets and/or
> RENAME conflicts.
>
> Shabbat Shalom
>
> Regards,
> David
> 
> From: IBM Mainframe Discussion List  on behalf
> of ITschak Mugzach 
> Sent: Thursday, August 3, 2023 3:54:18 PM
> To: IBM-MAIN@LISTSERV.UA.EDU 
> Subject: Re: Accessing JCL SETs in Rexx
>
> David,
>
> So this is not a run time issue, but a scan of a jcl before submition?
>
> ITschak Mugzach
> *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> for z/OS, x/Linux & IBM I **| z/VM coming soon  *
>
>
>
>
> On Thu, Aug 3, 2023 at 10:21 PM David Spiegel <
> 0468385049d1-dmarc-requ...@listserv.ua.edu> wrote:
>
> > Hi Gil,
> > My intention is to read a Job and make sure that all datasets are
> > available, but, the dsnames contain SET variables.
> >
> > Regards,
> > David
> >
> > Sent from my Bell Samsung device over Canada’s largest network.
> > 
> > From: IBM Mainframe Discussion List  on behalf
> > of Paul Gilmartin <042bfe9c879d-dmarc-requ...@listserv.ua.edu>
> > Sent: Thursday, August 3, 2023 1:58:20 PM
> > To: IBM-MAIN@LISTSERV.UA.EDU 
> > Subject: Re: Accessing JCL SETs in Rexx
> >
> > On Thu, 3 Aug 2023 17:11:08 +, David Spiegel wrote:
> > >
> > >Does anyone know how to access the JCL SET variables from Rexx.
> > >
> > What are your constraints?  I could envision invoking your REXX with
> > BPXWUNIX or BPXBATCH and passing your symbols in
> > //STDPARM  DD  *,SYMBOLS=JCLONLY
> > ...
> >
> > --
> > gil
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send ema

Re: Accessing JCL SETs in Rexx

[ITschak Mugzach]

David,

So this is not a run time issue, but a scan of a jcl before submition?

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Aug 3, 2023 at 10:21 PM David Spiegel <
0468385049d1-dmarc-requ...@listserv.ua.edu> wrote:

> Hi Gil,
> My intention is to read a Job and make sure that all datasets are
> available, but, the dsnames contain SET variables.
>
> Regards,
> David
>
> Sent from my Bell Samsung device over Canada’s largest network.
> 
> From: IBM Mainframe Discussion List  on behalf
> of Paul Gilmartin <042bfe9c879d-dmarc-requ...@listserv.ua.edu>
> Sent: Thursday, August 3, 2023 1:58:20 PM
> To: IBM-MAIN@LISTSERV.UA.EDU 
> Subject: Re: Accessing JCL SETs in Rexx
>
> On Thu, 3 Aug 2023 17:11:08 +, David Spiegel wrote:
> >
> >Does anyone know how to access the JCL SET variables from Rexx.
> >
> What are your constraints?  I could envision invoking your REXX with
> BPXWUNIX or BPXBATCH and passing your symbols in
> //STDPARM  DD  *,SYMBOLS=JCLONLY
> ...
>
> --
> gil
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Accessing JCL SETs in Rexx

[ITschak Mugzach]

I tried MVSVAR(SYMDEF,xxx). It does not do the job. If this is worth the
effort, try reading the JESJCL spool dataset using ISFEXEC.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Aug 3, 2023 at 8:11 PM David Spiegel <
0468385049d1-dmarc-requ...@listserv.ua.edu> wrote:

> Hi,
> Does anyone know how to access the JCL SET variables from Rexx.
>
> Thanks in advance,
> David
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: How does chineez banks runs their IT?

[Itschak Mugzach]

Many other roles at these banks are still on linkedin. Why are only
mainframe profs removed from linkedin ;-) ?

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Thu, Jul 27, 2023 at 11:00 PM Bill Johnson <
0047540adefe-dmarc-requ...@listserv.ua.edu> wrote:

> Unfortunately, by 2021, LinkedIn shut down its flagship networking
> service in China. When the Microsoft-owned networking platform cited
> compliance issues and a “significantly more challenging operating
> environment,” it wasn’t surprising.
>
> Chinese banks still use mainframes.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Thursday, July 27, 2023, 3:51 PM, ITschak Mugzach 
> wrote:
>
> Five out of ten top banks in the world are from China. I believe their
> number of accounts is huge as there are almost 1.5 billion citizens in
> china.
> I looked at linkedin and none of them runs on mainframe no z/os programmers
> of any kind: developers sysprogs, DBAs, etc.).
> How do they run such a big number of acounts?
>
> ITschak
>
> ITschak Mugzach
> *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> for z/OS, x/Linux & IBM I **| z/VM coming soon  *
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: How does Chinese banks runs their IT?

[Itschak Mugzach]

tx, Tom

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Thu, Jul 27, 2023 at 10:59 PM Tom Brennan 
wrote:

> I don't know, I just responded to modify the subject line a bit.
>
> On 7/27/2023 12:50 PM, ITschak Mugzach wrote:
> > Five out of ten top banks in the world are from China. I believe their
> > number of accounts is huge as there are almost 1.5 billion citizens in
> > china.
> > I looked at linkedin and none of them runs on mainframe no z/os
> programmers
> > of any kind: developers sysprogs, DBAs, etc.).
> > How do they run such a big number of acounts?
> >
> > ITschak
> >
> > ITschak Mugzach
> > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring
> > for z/OS, x/Linux & IBM I **| z/VM coming soon  *
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

How does chineez banks runs their IT?

[ITschak Mugzach]

Five out of ten top banks in the world are from China. I believe their
number of accounts is huge as there are almost 1.5 billion citizens in
china.
I looked at linkedin and none of them runs on mainframe no z/os programmers
of any kind: developers sysprogs, DBAs, etc.).
How do they run such a big number of acounts?

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Where am I going wrong with XLC __TIMESTAMP__ ?

[Itschak Mugzach]

This is the link where I open tickets with IBM (zPDT 1090-L01 box) :
https://www.ibm.com/mysupport/s/createrecord/NewCase?productId=flatitem=en_US

Best,
ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Sun, Jul 2, 2023 at 9:03 PM Mike Shaw  wrote:

> Itschak,
>
> Ok. We received no such letter and we are partnerworld members and an ISV
> using the ADCD on a zPDT system. This is news to us.
>
> I see that it is for use only to report defects in the ADCD system.
>
> Thanks for that info.
>
> Mike Shaw
> MVS/QuickRef Support Group
> Chicago-Soft, Ltd.
>
>
> On Sun, Jul 2, 2023 at 1:50 PM Itschak Mugzach <
> 0305158ad67d-dmarc-requ...@listserv.ua.edu> wrote:
>
> > Yes. We are an is. (IronSphere). Last week was not the first time we
> opened
> > a ticket. Below is the letter I received from IBM before opening the
> first
> > ticket:
> >
> > Dear zPDT user,
> >
> > The entitlement of your PartnerWorld location ID has been updated to
> > include the ability to report defects in z/OS products. To report a
> defect,
> > please follow the following steps:
> >
> >Go to the PartnerWorld web site ( www.ibm.com/partnerworld ) and sign
> > in
> >to PartnerWorld.
> >
> >After sign in, go to
> >https://www-304.ibm.com/isv/tech/remoteEmail/entryForm.jsp and
> document
> >your findings in PartnerWorld Remote email support. On the "Select
> area
> > of
> >your question" please choose "System z z/OS ADCD (defect only)" from
> the
> >pull down.
> >
> >If this link does not work start at the IBM PartnerWorld home page (
> >www.ibm.com/partnerworld ); select Technical (at the left); select
> >Support from the list (still at the left); on a new page, select
> Problem
> >Reporting (near the top and in the center); select Entitled email (in
> > the
> >box); on a new page, look for the Remote email support box in the
> > center of
> >the page (scrolling may be required) and select Access Remote Email
> >Support. Document your findings in PartnerWorld Remote email support.
> On
> >the "Select area of your question" please choose "System z z/OS ADCD
> >(defect only)" from the pull down.
> >
> > Please note, this support allows qualified zPDT users with a process to
> > resolve defects only. For other needs such as product configuration
> > questions, usability questions, requirements for IBM product
> enhancements,
> > etc. entitlement through another IBM program such as a PartnerWorld Value
> > Package/Option for technical support is required. ISVs wishing to
> purchase
> > SW "how-to" support can do so through the PartnerWorld "IBM Systems and
> > middleware technical support options for software development" option.
> This
> > covers z/OS and Cross-server IBM middleware products and technologies and
> > interfaces to a wide variety of IBM middleware products. Details are
> > provided at: *http://www.ibm.com/isv/welcome/guide/pub_value.html*
> > <http://www-304.ibm.com/isv/welcome/guide/pub_value.html>
> >
> >
> > בתאריך יום א׳, 2 ביולי 2023 ב-20:45 מאת Mike Shaw <
> > techsupp...@quickref.com
> > >:
> >
> > > Itschak,
> > >
> > > How? Calling the support center? They always ask for a CPU serial
> number.
> > > Are you an ISV?
> > >
> > > Mike Shaw
> > > MVS/QuickRef Support Group
> > > Chicago-Soft, Ltd.
> > >
> > >
> > > On Sun, Jul 2, 2023 at 1:18 PM ITschak Mugzach 
> > wrote:
> > >
> > > > Not true. ZPDT users can open tickets and access shops for ptfs.
> > > >
> > > > ITschak
> > > >
> > > > בתאריך יום א׳, 2 ביולי 2023 ב-19:59 מאת Mike Shaw <
> > > > techsupp...@quickref.com
> > > > >:
> > > >
> > > > > Ed is correct. If you don't license IBM mainframe hardware, you
> can't
> > > get
> > > > > full z/OS support. ISVs using zPDT as their sole z/OS development
> > host
> > > > > can't report problems OR get formal tech support for z/OS. We
> > adapt...
> > > > >
> > > > > Mike Shaw
> > > > > MVS/QuickRef Su

Re: Where am I going wrong with XLC __TIMESTAMP__ ?

[ITschak Mugzach]

Mike

Since then I opened tickets directly at ibm support portal and not from
partner world

ITschak

בתאריך יום א׳, 2 ביולי 2023 ב-20:50 מאת Itschak Mugzach <
i_mugz...@securiteam.co.il>:

> Yes. We are an is. (IronSphere). Last week was not the first time we
> opened a ticket. Below is the letter I received from IBM before opening
> the first ticket:
>
> Dear zPDT user,
>
> The entitlement of your PartnerWorld location ID has been updated to
> include the ability to report defects in z/OS products. To report a defect,
> please follow the following steps:
>
>Go to the PartnerWorld web site ( www.ibm.com/partnerworld ) and sign
>in to PartnerWorld.
>
>After sign in, go to
>https://www-304.ibm.com/isv/tech/remoteEmail/entryForm.jsp and
>document your findings in PartnerWorld Remote email support. On the "Select
>area of your question" please choose "System z z/OS ADCD (defect only)"
>from the pull down.
>
>If this link does not work start at the IBM PartnerWorld home page (
>www.ibm.com/partnerworld ); select Technical (at the left); select
>Support from the list (still at the left); on a new page, select Problem
>Reporting (near the top and in the center); select Entitled email (in the
>box); on a new page, look for the Remote email support box in the center of
>the page (scrolling may be required) and select Access Remote Email
>Support. Document your findings in PartnerWorld Remote email support. On
>the "Select area of your question" please choose "System z z/OS ADCD
>(defect only)" from the pull down.
>
> Please note, this support allows qualified zPDT users with a process to
> resolve defects only. For other needs such as product configuration
> questions, usability questions, requirements for IBM product enhancements,
> etc. entitlement through another IBM program such as a PartnerWorld Value
> Package/Option for technical support is required. ISVs wishing to purchase
> SW "how-to" support can do so through the PartnerWorld "IBM Systems and
> middleware technical support options for software development" option. This
> covers z/OS and Cross-server IBM middleware products and technologies and
> interfaces to a wide variety of IBM middleware products. Details are
> provided at: *http://www.ibm.com/isv/welcome/guide/pub_value.html*
> <http://www-304.ibm.com/isv/welcome/guide/pub_value.html>
>
>
> בתאריך יום א׳, 2 ביולי 2023 ב-20:45 מאת Mike Shaw <
> techsupp...@quickref.com>:
>
>> Itschak,
>>
>> How? Calling the support center? They always ask for a CPU serial number.
>> Are you an ISV?
>>
>> Mike Shaw
>> MVS/QuickRef Support Group
>> Chicago-Soft, Ltd.
>>
>>
>> On Sun, Jul 2, 2023 at 1:18 PM ITschak Mugzach 
>> wrote:
>>
>> > Not true. ZPDT users can open tickets and access shops for ptfs.
>> >
>> > ITschak
>> >
>> > בתאריך יום א׳, 2 ביולי 2023 ב-19:59 מאת Mike Shaw <
>> > techsupp...@quickref.com
>> > >:
>> >
>> > > Ed is correct. If you don't license IBM mainframe hardware, you can't
>> get
>> > > full z/OS support. ISVs using zPDT as their sole z/OS development host
>> > > can't report problems OR get formal tech support for z/OS. We adapt...
>> > >
>> > > Mike Shaw
>> > > MVS/QuickRef Support Group
>> > > Chicago-Soft, Ltd.
>> > >
>> > >
>> > > On Sun, Jul 2, 2023 at 12:33 PM Ed Jaffe > >
>> > > wrote:
>> > >
>> > > > On 7/2/2023 7:52 AM, David Crayford wrote:
>> > > > > That's interesting. I was of the understanding that PDT customers
>> > were
>> > > > > IBM business partners, in which case had to have access to
>> > > > > Partnerworld and had full access to services to open cases. I now
>> > > > > that's certainly the case for other ISVs that use Dallas systems.
>> > > >
>> > > > For as long as I can remember, only the owner of the Designated
>> Machine
>> > > > (language from the ICA) was entitled to open new cases.
>> > > >
>> > > > I was unaware (and am somewhat surprised) that the remote
>> development
>> > > > contract somehow entitles an ISV using a z/VM guest on IBM's
>> hardware
>> > in
>> > > > Dallas to do so.
>> > > >
>> > > > It's certainly not true for ISVs enrolled in the z/OS ETP.
>> Everything
>> > > > must be handled by t

Re: Where am I going wrong with XLC __TIMESTAMP__ ?

[Itschak Mugzach]

Yes. We are an is. (IronSphere). Last week was not the first time we opened
a ticket. Below is the letter I received from IBM before opening the first
ticket:

Dear zPDT user,

The entitlement of your PartnerWorld location ID has been updated to
include the ability to report defects in z/OS products. To report a defect,
please follow the following steps:

   Go to the PartnerWorld web site ( www.ibm.com/partnerworld ) and sign in
   to PartnerWorld.

   After sign in, go to
   https://www-304.ibm.com/isv/tech/remoteEmail/entryForm.jsp and document
   your findings in PartnerWorld Remote email support. On the "Select area of
   your question" please choose "System z z/OS ADCD (defect only)" from the
   pull down.

   If this link does not work start at the IBM PartnerWorld home page (
   www.ibm.com/partnerworld ); select Technical (at the left); select
   Support from the list (still at the left); on a new page, select Problem
   Reporting (near the top and in the center); select Entitled email (in the
   box); on a new page, look for the Remote email support box in the center of
   the page (scrolling may be required) and select Access Remote Email
   Support. Document your findings in PartnerWorld Remote email support. On
   the "Select area of your question" please choose "System z z/OS ADCD
   (defect only)" from the pull down.

Please note, this support allows qualified zPDT users with a process to
resolve defects only. For other needs such as product configuration
questions, usability questions, requirements for IBM product enhancements,
etc. entitlement through another IBM program such as a PartnerWorld Value
Package/Option for technical support is required. ISVs wishing to purchase
SW "how-to" support can do so through the PartnerWorld "IBM Systems and
middleware technical support options for software development" option. This
covers z/OS and Cross-server IBM middleware products and technologies and
interfaces to a wide variety of IBM middleware products. Details are
provided at: *http://www.ibm.com/isv/welcome/guide/pub_value.html*
<http://www-304.ibm.com/isv/welcome/guide/pub_value.html>


בתאריך יום א׳, 2 ביולי 2023 ב-20:45 מאת Mike Shaw :

> Itschak,
>
> How? Calling the support center? They always ask for a CPU serial number.
> Are you an ISV?
>
> Mike Shaw
> MVS/QuickRef Support Group
> Chicago-Soft, Ltd.
>
>
> On Sun, Jul 2, 2023 at 1:18 PM ITschak Mugzach  wrote:
>
> > Not true. ZPDT users can open tickets and access shops for ptfs.
> >
> > ITschak
> >
> > בתאריך יום א׳, 2 ביולי 2023 ב-19:59 מאת Mike Shaw <
> > techsupp...@quickref.com
> > >:
> >
> > > Ed is correct. If you don't license IBM mainframe hardware, you can't
> get
> > > full z/OS support. ISVs using zPDT as their sole z/OS development host
> > > can't report problems OR get formal tech support for z/OS. We adapt...
> > >
> > > Mike Shaw
> > > MVS/QuickRef Support Group
> > > Chicago-Soft, Ltd.
> > >
> > >
> > > On Sun, Jul 2, 2023 at 12:33 PM Ed Jaffe 
> > > wrote:
> > >
> > > > On 7/2/2023 7:52 AM, David Crayford wrote:
> > > > > That's interesting. I was of the understanding that PDT customers
> > were
> > > > > IBM business partners, in which case had to have access to
> > > > > Partnerworld and had full access to services to open cases. I now
> > > > > that's certainly the case for other ISVs that use Dallas systems.
> > > >
> > > > For as long as I can remember, only the owner of the Designated
> Machine
> > > > (language from the ICA) was entitled to open new cases.
> > > >
> > > > I was unaware (and am somewhat surprised) that the remote development
> > > > contract somehow entitles an ISV using a z/VM guest on IBM's hardware
> > in
> > > > Dallas to do so.
> > > >
> > > > It's certainly not true for ISVs enrolled in the z/OS ETP. Everything
> > > > must be handled by the IBM Dallas team even if you run the
> <https://www.google.com/maps/search/ed+by+the+IBM+Dallas+team+even+if+you+run+the+?entry=gmail=g>code
> on your
> > > > own Designated Machine...
> > > >
> > > >
> > > > --
> > > > Phoenix Software International
> > > > Edward E. Jaffe
> > > > 831 Parkview Drive North
> > > > El Segundo, CA 90245
> > > > https://www.phoenixsoftware.com/
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ---

Re: Where am I going wrong with XLC __TIMESTAMP__ ?

[ITschak Mugzach]

Not true. ZPDT users can open tickets and access shops for ptfs.

ITschak

בתאריך יום א׳, 2 ביולי 2023 ב-19:59 מאת Mike Shaw :

> Ed is correct. If you don't license IBM mainframe hardware, you can't get
> full z/OS support. ISVs using zPDT as their sole z/OS development host
> can't report problems OR get formal tech support for z/OS. We adapt...
>
> Mike Shaw
> MVS/QuickRef Support Group
> Chicago-Soft, Ltd.
>
>
> On Sun, Jul 2, 2023 at 12:33 PM Ed Jaffe 
> wrote:
>
> > On 7/2/2023 7:52 AM, David Crayford wrote:
> > > That's interesting. I was of the understanding that PDT customers were
> > > IBM business partners, in which case had to have access to
> > > Partnerworld and had full access to services to open cases. I now
> > > that's certainly the case for other ISVs that use Dallas systems.
> >
> > For as long as I can remember, only the owner of the Designated Machine
> > (language from the ICA) was entitled to open new cases.
> >
> > I was unaware (and am somewhat surprised) that the remote development
> > contract somehow entitles an ISV using a z/VM guest on IBM's hardware in
> > Dallas to do so.
> >
> > It's certainly not true for ISVs enrolled in the z/OS ETP. Everything
> > must be handled by the IBM Dallas team even if you run the code on your
> > own Designated Machine...
> >
> >
> > --
> > Phoenix Software International
> > Edward E. Jaffe
> > 831 Parkview Drive North
> > El Segundo, CA 90245
> > https://www.phoenixsoftware.com/
> >
> >
> >
> >
> 
> > This e-mail message, including any attachments, appended messages and the
> > information contained therein, is for the sole use of the intended
> > recipient(s). If you are not an intended recipient or have otherwise
> > received this email message in error, any use, dissemination,
> distribution,
> > review, storage or copying of this e-mail message and the information
> > contained therein is strictly prohibited. If you are not an intended
> > recipient, please contact the sender by reply e-mail and destroy all
> copies
> > of this email message and do not otherwise utilize or retain this email
> > message or any or all of the information contained therein. Although this
> > email message and any attachments or appended messages are believed to be
> > free of any virus or other defect that might affect any computer system
> > into
> > which it is received and opened, it is the responsibility of the
> recipient
> > to ensure that it is virus free and no responsibility is accepted by the
> > sender for any loss or damage arising in any way from its opening or use.
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Where am I going wrong with XLC __TIMESTAMP__ ?

[ITschak Mugzach]

zPDT clients can open tickets and order PTFs. I just did it last week for
the certificate issue we had.

ITschak




-- 
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS Client Web Enablement Toolkit

[ITschak Mugzach]

The z/os http/http enablement toolkit is part of z/os bcp. it starts at ipl
(no explicit start i needed). I make intensive use of this product (both
the http and json parser parts) and it works very well.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Thu, Jun 29, 2023 at 12:35 AM MARTIN, MIKE <
04b29373b847-dmarc-requ...@listserv.ua.edu> wrote:

> Hi all,
>
> Is anyone familiar with the z/OS Client Web Enablement Toolkit?
>
> Is it part of z/OS 2.4?  (it appears it is, but I want to make sure)
>
> z/OS client web enablement toolkit - IBM Documentation<
> https://www.ibm.com/docs/en/zos/2.5.0?topic=languages-zos-client-web-enablement-toolkit
> >
>
> Mike Martin
>
> This email may contain confidential and privileged material for the sole
> use of the intended recipient. If you are not the intended recipient,
> please contact the sender and delete all copies. Any review or distribution
> by others is strictly prohibited. Personal emails are restricted by policy
> of the State Employees' Credit Union (SECU).  Therefore SECU specifically
> disclaims any responsibility or liability for any personal information or
> opinions of the author expressed in this email.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tls 1.2 and server authentiaction

[ITschak Mugzach]

Yow indeed.

בתאריך יום ג׳, 27 ביוני 2023 ב-17:15 מאת Charles Mills :

> Yow!
>
> https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
>
> CM
>
> On Tue, 27 Jun 2023 16:59:23 +0300, ITschak Mugzach 
> wrote:
>
> >Surprise... Although the server certificate SHOULD be verified, IBM did
> not
> >perform this check until APAR OA63164...
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tls 1.2 and server authentiaction

[ITschak Mugzach]

Surprise... Although the server certificate SHOULD be verified, IBM did not
perform this check until APAR OA63164...

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *




On Tue, Jun 27, 2023 at 4:31 PM Charles Mills  wrote:

> The check is "optional" on the application's part for z/OS System SSL:
>
> https://www.ibm.com/docs/en/zos/2.5.0?topic=reference-gsk-validate-server
>
> I use optional in quotes because the TLS protocol has two main purposes:
> encryption (which is not under discussion here) and preventing a
> man-in-the-middle attack. The server certificate proves the identity of the
> server that the client has actually connected to -- proves that it is not
> some imposter "in the middle." Yes, it is utterly possible for a client
> application to skip that step, but it is a Really Bad Idea.
>
> If the user has specified an IP address then in some senses that is
> equivalent to a URL, except that there is no way to check that the server
> certificate is really for the site the user intended to connect to. (Unless
> the certificate is in fact issued for an IP address -- which is rare.)
> Actually, some servers now will not even allow a connection by IP address:
> they demand a TLS protocol feature called Server Name Indication (SNI) in
> which the client indicates the name they are trying to connect to early in
> the TLS startup sequence. That lets a server respond differently depending
> on exactly which DNS name the user has specified.
>
> Charles
>
> On Mon, 26 Jun 2023 18:57:13 -0700, Tom Brennan <
> t...@tombrennansoftware.com> wrote:
>
> >In my limited (non-mainframe) experience with OpenSSL, I think it's up
> >to the application to decide whether to check the common name in a
> >validated cert with, say, a URL or IP address string.  So it could be an
> >older application didn't bother, and a newer one does.  Just guessing.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OSMF

[Itschak Mugzach]

Processor capacity index.


בתאריך יום ג׳, 27 ביוני 2023 ב-8:49 מאת kekronbekron <
02dee3fcae33-dmarc-requ...@listserv.ua.edu>:

> QQ - what's a PCI?
>
> - KB
>
> --- Original Message ---
> On Tuesday, June 27th, 2023 at 10:37 AM, Timothy Sipples <
> sipp...@sg.ibm.com> wrote:
>
>
> > Andrew Rowley wrote:
> >
> > > I've said it before but I'll say it again - to avoid embarrassment
> > > alongside 5 year old laptops or perhaps even a Raspberry Pi, IBM needs
> > > to figure out how to bring the smallest z/OS systems up to a modern
> > > configuration - I would suggest minimum 4 processors and 200 MSU.
> >
> >
> > IBM doesn't require anyone to order/configure less than 200 MSUs (PCIs)
> of general purpose processor capacity. If you want to order a configuration
> like that go for it!
> >
> > Bearing in mind that VSEn is important and also exists, and IBM really
> ought to be building machines that also cater to VSEn customers, here's the
> current minimum orderable machine configuration (latest model) for z/OS and
> VSEn:
> >
> > * IBM z16 A02 (or AGZ for rack mount)
> > * Capacity Model A01
> > * Base CP capacity: 105 PCIs (13 MSUs)
> > * z/OS System Recovery Boosted capacity (standard/no additional charge):
> 1,982 PCIs
> > * 64GB of usable memory (plus HSA)
> >
> > Add just 1 zIIP and you get ~1,900 PCIs of full-time zIIP capacity with
> 2 processor threads (SMT2). You can add as many zIIPs as you wish up to the
> physical capacity of the machine.
> >
> > Capacity Model A01 continues to be zELC eligible on the full capacity.
> Even though it has 105 PCIs (plus System Recovery Boost, plus more and far
> better on chip accelerators, plus optional zIIPs) it still qualifies for
> the same software licensing tier that the ~26 PCIs IBM z890 Model 110 did
> 19 years ago.
> >
> > I don't see any problem here. If 105 PCIs/13 MSUs (plus a zIIP I
> suggest) is all you need for your z/OS computing, well OK then! That model
> is available, and (in most countries) you can get a nifty rack mounted form
> factor if you'd like. If you need more, OK, that's available too.
> >
> > Here's the recent history of minimum orderable/configurable CP capacity
> (all Capacity Models A01):
> >
> > IBM z16 A02/AGZ: 105 PCIs*
> > IBM z15 T02: 98 PCIs**
> > IBM z14 ZR1: 88 PCIs
> > IBM z13s: 80 PCIs
> > IBM zBC12: 50 PCIs
> > IBM z114: 26 PCIs
> >
> > * System Recovery Boost capacity: 1,982 PCIs
> > ** System Recovery Boost capacity: 1,761 PCIs
> >
> > The z114 was announced in 2011 and the z16 A02/AGZ in 2023. Over that
> period IBM increased the minimum orderable CP capacity by ~12.4% per year
> (compounded), plus SRB.
> >
> > —
> > Timothy Sipples
> > Senior Architect
> > Digital Assets, Industry Solutions, and Cybersecurity
> > IBM zSystems/LinuxONE, Asia-Pacific
> > sipp...@sg.ibm.com
> >
> >
> > ----------
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tls 1.2 and server authentiaction

[Itschak Mugzach]

IP.  I thing changed until Friday's IPL.

בתאריך יום ג׳, 27 ביוני 2023 ב-0:58 מאת Shawn Prenevost <
shawnprenev...@gmail.com>:

> Is the cert for a DNS and not an IP address?
>
> On Mon, Jun 26, 2023, 4:48 PM Itschak Mugzach <
> 0305158ad67d-dmarc-requ...@listserv.ua.edu> wrote:
>
> > We use htwtconn and the message is returned during handshake. It is also
> > written to trace if running in verbose mode.
> >
> >
> > בתאריך יום ג׳, 27 ביוני 2023 ב-0:38 מאת Phil Smith III  >:
> >
> > > Itschak Mugzach wrote:
> > > >The error msg says "certificate is not valid for IP address". It
> worked
> > > >until Friday before fixes applied.
> > >
> > > That's an error from gsk? Or what? What's the return code? I don't see
> > > that error in the doc.
> > >
> > >
> > >
> > >
> > > ------
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> > --
> >
> > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
> > Platform* *|* *Information Security Continuous Monitoring for Z/OS,
> zLinux
> > and IBM I **|  *
> >
> > *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404
> **|*
> > *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tls 1.2 and server authentiaction

[Itschak Mugzach]

We use htwtconn and the message is returned during handshake. It is also
written to trace if running in verbose mode.


בתאריך יום ג׳, 27 ביוני 2023 ב-0:38 מאת Phil Smith III :

> Itschak Mugzach wrote:
> >The error msg says "certificate is not valid for IP address". It worked
> >until Friday before fixes applied.
>
> That's an error from gsk? Or what? What's the return code? I don't see
> that error in the doc.
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tls 1.2 and server authentiaction

[Itschak Mugzach]

Phill,

The error msg says "certificate is not valid for IP address". It worked
until Friday before fixes applied.

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Mon, Jun 26, 2023 at 9:49 PM Phil Smith III  wrote:

> Itschak Mugzach wrote:
> >Since the last ptfs applied last weekend, The server certificate CN is now
> >verified by Z/oS (the client).  I know it is a normal behaviour of TLS,
> but
> >it has never been performed by z/os before.
>
> Eh? What you're saying makes no sense. Of course the server cert is
> validated by the client. I suspect some root changed; what error are you
> getting, and from what?
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Tls 1.2 and server authentiaction

[Itschak Mugzach]

Since the last ptfs applied last weekend, The server certificate CN is now
verified by Z/oS (the client).  I know it is a normal behaviour of TLS, but
it has never been performed by z/os before.

Does anyone know which PTF made the change?

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Certificate differences between Z/VM and Z/OS?

[Itschak Mugzach]

Thanks Allan and Colin,

I can list the certificate in gskkyman with no problem (when gskkyman
works...). I'll try to IPL this guest as a standalone (it doesn't run
network well as a second level vm) and report results.

Best,
ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Mon, Jun 12, 2023 at 4:16 PM Allan Staller <
0387911dea17-dmarc-requ...@listserv.ua.edu> wrote:

> Classification: Confidential
>
> Did you transfer the certificate as text (DO NOT USE BINARY).
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Itschak Mugzach
> Sent: Sunday, June 11, 2023 1:29 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Certificate differences between Z/VM and Z/OS?
>
> [CAUTION: This Email is from outside the Organization. Unless you trust
> the sender, Don't click links or open attachments as it may be a Phishing
> email, which can steal your Information and compromise your Computer.]
>
> I have a certificate signed by an intermediate CA that is self signed (the
> CA certificate). The certificate CN is not specific for a client.
> Now I installed it on Z?OS RACF and it works with no problem against a
> server having a server certificate from the same CA.
> Now I installed the same certificate on Z/VM (gskyman) and tried to
> connect to the same server. The certificate is refused and the server asks
> for renegotiating (which is impossible at TLS 1.2).
>
> Why does that happen? Both certificates are marked TRUSTED.
>
> ITschak
>
>
> *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
> Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
> and IBM I **|  *
>
> *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
> *Skype**: ItschakMugzach **|* *Web**: http://www.securiteam.co.il/  **|*
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> ::DISCLAIMER::
> 
> The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only. E-mail transmission is not
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or may contain
> viruses in transmission. The e mail and its contents (with or without
> referred errors) shall therefore not attach any liability on the originator
> or HCL or its affiliates. Views or opinions, if any, presented in this
> email are solely those of the author and may not necessarily reflect the
> views or opinions of HCL or its affiliates. Any form of reproduction,
> dissemination, copying, disclosure, modification, distribution and / or
> publication of this message without the prior written consent of authorized
> representative of HCL is strictly prohibited. If you have received this
> email in error please delete it and notify the sender immediately. Before
> opening any email and/or attachments, please check them for viruses and
> other defects.
> 
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Certificate differences between Z/VM and Z/OS?

[Itschak Mugzach]

I have a certificate signed by an intermediate CA that is self signed (the
CA certificate). The certificate CN is not specific for a client.
Now I installed it on Z?OS RACF and it works with no problem against a
server having a server certificate from the same CA.
Now I installed the same certificate on Z/VM (gskyman) and tried to connect
to the same server. The certificate is refused and the server asks for
renegotiating (which is impossible at TLS 1.2).

Why does that happen? Both certificates are marked TRUSTED.

ITschak


*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

D IZU command not always working

[ITschak Mugzach]

When I enter 'D IZU' in the console (z/os 2.4), I may get one of the
following responses (assuming that zOSMF is active):

   1. IZUG016I The server IZUSVR1 on system  is not available. ** msg
   CWWKF0011I: the server zosmfServer is ready to run a smarter planet is
   written to the job log before I enter the command **
   2. IZUG015I The command of DISPLAY IZU is performed in MODIFY command
   against server IZUSVS1 on system .

My system is heavily loaded, but from the IZUSVR1 log I can see that it has
completed initialization. Why is this happens?

ITschak


ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN