Re: email and crypto
Also, everyone should be aware key service is effectively dead since it was discovered nothing prevents apparent public keys from being poisoned by a black hat. If you want one of my public keys, visit http://dlcusa.net (hosted on a Marist Z-box--thanks, Sir Santa). -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: email and crypto
On 23Dec05:1319-0500, Rick Troth wrote: > So that's the question: are any of you using PGP via Thunderbird? (Or > using PGP at all?) I'd like to hear from you. Maybe converse with myself > and our unnamed colleague. Sorry, I glossed over this since I do not use Thunderbird. I've used GPG for well over a decade on my GNU/Linux (CRUX) home server with mutt. I use fetchmail to retrieve all my email from Zoho (~10USD/year) handling everything sent to dlcusa.net and to which gmail.com forwards my other main address. I learned long ago LISTMAIN doesn't like signatures so I clear them for such listservs; otherwise, I sign everything I send. Of course, the web of trust only means the person signing the key believes the owner of the key is who they purport to be and it is believed said owner is competent to ensure the private key will never be compromised without it being quickly revoked. More trust than that is uncertain. -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: IBM vs other virtualizations
On 21Oct30:1346-0400, Rick Troth wrote: > Haven't used Qubes. Qubes requires Xen. -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390 signature.asc Description: PGP signature
Re: Future-Watch: Big changes to login and /home directory handling
On 20May02:0808+, David L. Craig wrote: > > This may say it all: https://systemd.io/CONVERTING_TO_HOMED/ > > Really? No support for ssh is designed in yet? > Who do they think they're kidding? Wrong link, go to https://www.techrepublic.com/article/linux-home-directory-management-is-about-to-undergo-major-change/ instead. -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Future-Watch: Big changes to login and /home directory handling
On 20Apr30:1442+, David Boyes wrote: > > On 4/30/20, 10:41 AM, "Linux on 390 Port on behalf of Rick Troth" > wrote: > > somebody please make it stop > > +1. This may say it all: https://systemd.io/CONVERTING_TO_HOMED/ Really? No support for ssh is designed in yet? Who do they think they're kidding? -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Devuan
On 20Mar08:1216-0700, Dave Jones wrote: > Gentoo? What about Funtoo, then, which is on record to never support systemd? -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Devuan
Does anyone have Devuan running on Z? Are there any Z distros besides Rick Troth's NORD that do not require systemd? -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: I checked that it's not April 1
On 18Oct28:1919+, Neale Ferguson wrote: > https://newsroom.ibm.com/2018-10-28-IBM-To-Acquire-Red-Hat-Completely-Changing-The-Cloud-Landscape-And-Becoming-Worlds-1-Hybrid-Cloud-Provider On the other hand, it IS Sunday... -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Meltdown/Spectre; Linux on z affected?
On 18Jan04:1754+, David L. Craig wrote: > > According to this article published by Red Hat, you cannot. > > : Red Hat has been made aware of multiple microarchitectural > : (hardware) implementation issues affecting many modern > : microprocessors, requiring updates to the Linux kernel, > : virtualization-related components, and/or in combination > : with a microcode update. An unprivileged attacker can use > : these flaws to bypass conventional memory security > : restrictions in order to gain read access to privileged > : memory that would otherwise be inaccessible. There are 3 > : known CVEs related to this issue in combination with Intel, > : AMD, and ARM architectures. Additional exploits for other > : architectures are also known to exist. These include IBM > : System Z, POWER8 (Big Endian and Little Endian), and > : POWER9 (Little Endian). > > https://access.redhat.com/security/vulnerabilities/speculativeexecution?sc_cid=701600127NJAAY They have also published clear updates for Z kernel components: https://access.redhat.com/errata/RHSA-2018:0011 -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Meltdown/Spectre; Linux on z affected?
On 18Jan04:1336+, Guest, Darren wrote: > > Not sure if people have seen that attached article or heard : of the 'intel' chip issues from elsewhere: > https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > The 'fix' for meltdown (at least) is apparently to change the > Linux kernel which will potentially affect performance. I'm > pretty sure that zSeries isn't affected by the issue (is it?), > but if the Linux Kernel is changed, are we likely to see a > performance hit on Linux running on zSeries as well (even > though we don't need the fix)? > > Best case scenario, can I tell my management that these won't > affect Linux on z? According to this article published by Red Hat, you cannot. : Red Hat has been made aware of multiple microarchitectural : (hardware) implementation issues affecting many modern : microprocessors, requiring updates to the Linux kernel, : virtualization-related components, and/or in combination : with a microcode update. An unprivileged attacker can use : these flaws to bypass conventional memory security : restrictions in order to gain read access to privileged : memory that would otherwise be inaccessible. There are 3 : known CVEs related to this issue in combination with Intel, : AMD, and ARM architectures. Additional exploits for other : architectures are also known to exist. These include IBM : System Z, POWER8 (Big Endian and Little Endian), and : POWER9 (Little Endian). https://access.redhat.com/security/vulnerabilities/speculativeexecution?sc_cid=701600127NJAAY -- May the LORD God bless you exceedingly abundantly! Dave_Craig__ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Network Time Protocol Daemon needed for zLinux?
On 15Mar19:0045-0400, Alan Altmark wrote: But you must be careful. If you think about this too hard, you will create a tear in the time-space continuum and fall in. Just remember that The music is reversible, but time is not. Kcab nrut, kcab nrut, What is it about computers and their clocks that after so many decades, we still struggle with getting this right? We can leave the politicians and their local time games out of this. Why does the world standard need to be concerned with the sun's position at exactly noon anyway--why not let just the applications that have a need to know (does that include GPS?) deal with it? The engineering issues been resolved, but we still can't build consensus globally for a proper standard. Am I the only person who considers this state of affairs embarrassing? -- not cent from sell May the LORD God bless you exceedingly abundantly! Dave_Craig__ So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe. __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: openssl CA certificate maintenance
On 14Jul14:1553-0400, Alan Altmark wrote: On Monday, 07/14/2014 at 11:03 EDT, Rick Troth ri...@velocitysoftware.com wrote: A growing number of experts are making noise about the sad state of PKI on this planet. The people who make the most noise about old mousetraps typically have a vested interest in a new model. There's nothing wrong with the PKI model, IMO, but there is an incredible lack of understanding about how to manage its deployment so that it improves your overall security posture. I'd suggest the model is flawed if it assumes all CAs are above reproach--history has proven otherwise. -- not cent from sell May the LORD God bless you exceedingly abundantly! Dave_Craig__ So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe. __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: openCOBOL
On 14May05:1549+, Neale Ferguson wrote: I saw the following on a LinkedIn group: Customers who are proposed to migrate from zOS to zLinux may have a concern about the presence of cobol programs. Porting the cobol code to a different language not only may affect the migration costs, but it also may be painful if not even unsuccessful. So, a cobol compiler for zLinux may be picked from the market, but again, this may heavily affect the project costs. The adoption of the OpenCobol compiler might be a fine option. The OpenCobol compiler is an open source project whose site is https://sourceforge.net/projects/open-cobol/; I created a s390x and src RPM for it based on the latest tarball. They are available at http://download.sinenomine.net/opencobol/ I've run the test suite and it passes but haven't tried any code of my own (not being a prolific COBOL programmer). Debian has an opencobol deb in main as well. The homepage link still points to opencobol.org, but that site now points folks to SourceForge. Is anybody on this list running Debian on zSeries? (I'd be happy to that if someone provided me with a virtual machine to do so. :-) ) -- not cent from sell May the LORD God bless you exceedingly abundantly! Dave_Craig__ So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe. __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Learn something new every day
On 13Nov13:1047-0700, Mark Post wrote: For all of you out there with auditors that get all upset if netcat (nc) is installed on your Linux systems... You probably should never tell them about the bash /dev/tcp builtin. Just for fun... exec 3/dev/tcp/www.google.com/80 echo -e GET / HTTP/1.1\r\nHost: www.google.com\r\nConnection: close\r\n\r\n 3 cat 3 exec 3- Absolutely, Mr. Auditor--no TELNET on THIS system, nosiree. ;-) -- not cent from sell May the LORD God bless you exceedingly abundantly! Dave_Craig__ So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe. __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Anyone running z/Linux natively and not under z/VM?
On 13May28:2000+, Pesce, Andy wrote: Just a curiosity question: Is anyone running Red Hat or SUSE natively in its own LPAR without having z/VM? I know that under z/VM you can run multiple LINUX images. It is also very easy to clone systems. However, just wondering if there are clients out there that only want to run one LINUX system. So, they are not spending the money to get z/VM and installing it. Any response would be appreciated. IIRC, zLinux kernels run with DAT off; indeed, BC, whether real or virtual. Am I remembering correctly, and if so, is this still the state of the art? And if it is still so, why isn't anybody playing with it--is it just not worth the effort? -- not cent from sell May the LORD God bless you exceedingly abundantly! Dave_Craig__ So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe. __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Shell Account Or zLinux VPS Service
Sigh. I have begun sending out the following form letter to some ISPs: : Alas, after becoming a digex.net refugee in the mid : '90s, radix.net has announced I must find a new : provider of UNIX shell and web page service by the : end of June. For $250 annually, I've had a 10 MB disk : quota and a monthly 200 MB http server transmission : quota (shell networking and CPU unmetered--but watch : it!). Please visit http://www.radix.net/~dlc for all : the information about me you're likely to need to : determine I am an ethical computing professional. I : hope we can do business. I would be interested in leads and other ideas about this need I have. I would prefer to let someone else be the system janitor but I may have to go with a VPS solution. If so, I'd really like it to be a zLinux instance and never have to become an ISP refugee again. -- not cent from sell May the LORD God bless you exceedingly abundantly! Dave_Craig__ So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe. __--from_Nightfall_by_Asimov/Silverberg_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Micro Focus
I found this thread late. Did these issues get resolved? My experience with MF, back in the '90s when they were loathe to acknowledge the W32 compiler and RTE were supported by GNU/Linux very nicely indeed, makes me think what you seek should be eminently feasible. Did that turn out to be so? On Tue, Feb 15, 2011 at 4:42 PM, Bern VK2KAD vk2...@hotmail.com wrote: All I'm about to embark on a project to assess the feasibility of using the Micro Focus suite to extract a system which is currently running on zOS and porting it to zLinux. Any experiences that can be shared would be appreciated. Bernie.. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
SuSE Withdrawal
Did anyone besides me notice this among today's announcements? What exactly does it signify? http://www-01.ibm.com/common/ssi/rep_ca/0/897/ENUS909-210/ENUS909-210.PDF -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Posting etiquette
On Fri, Mar 13, 2009 at 03:50:57PM -0500, Mark Wheeler wrote: These sorts of messages have been used for many years by members of the VM community to announce retirements, job changes, etc. The subject Moving On was not arbitrary, tracing back to MEMO MOVING-ON on the old VMSHARE site (for people old enough to remember that collaboration occurred amongst VMers long before the Internets). MEMO ITSABOY, ITSAGIRL--yup, they were all primordial Facebook and an extremely important reason why VM survived. I surely hope there's a place for such social networking amongst all those who subscribe herein, even if it not be via this particular facility. -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: SLES11
On Fri, Feb 27, 2009 at 01:27:45PM -0500, Aria Bamdad wrote: It basically says that if you want to stay current, you better be able to afford to buy a new processor. Why does it have to be like this? The short answer is because IBM is _not_ a non-profit corporation. The longer answer involves the costs to IBM of supporting older platforms versus the income those platforms generate. Or was the question retorical? -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Encryption on a 7060
On Sat, Jan 24, 2009 at 10:45:11AM -0600, Dave Jones wrote: David L. Craig wrote: [snip.] Sigh... We're running VM/ESA 2.2 which means CP doesn't know about the IEEE floating point hardware. As I see it, we can upgrade VM, tell the kernel to use emulation even though the hardware is there, or put Debian (and VM) into their own LPARs. Does crypto make heavy use of floating point? No, it does not. It makes (heavy) use of integer arithmetic, though. Note that a crypto processor is available for the 7060, to offload this work from the CPU. Is there a way to virtually network between LPARs? Not on a 7060, as far as I know. It does not support hipersockets, so any network connections between LPARS will, I think, require some sort of route through the OS/2 side or some other external connection. Does the kernel parameter support using emulation even when the hardware is available? If you can answer off the top of your head, let me know. Otherwise, I'll figure this out next week. If the Linux kernel detects the crypto hardware, it will use it; if not, it uses emulation (all that integer arithmetic mentioned above). If you need an encryption solution for the CMS environment, drop me a note off list. I looked at the code (don't you just love free software?) and it looks like I can get away with zapping off the AFP bit in the first set of control registers loaded by the kernel in head31.S shortly after bootstrapping completes; i.e., .Lctl: .long 0x04b50002 # cr0: various things becomes .Lctl: .long 0x00b50002 # cr0: various things When the same module tests for the IEEE feature by attempting an EFPC, it merely sets a flag in machine_Flags if no program check is incurred. The Program New PSW has been modified to merely point at the instruction following the OI, so the AFP bit is left alone (it ought to check that CP IEEE support is also functional if no program check occurs and it is in a virtual machine and, if so, skip the machine_flags change and reset the AFP bit in CR0, but since I'm probably the only person in the world that would care, I'll just zap the bit). Unless, of course, CP will panic when it sees the funny program check caused by attempting EFPC with the real AFP bit off. I guess I'd better check out if that's the case... -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Encryption on a 7060
On Wed, Jan 28, 2009 at 02:09:58PM -0500, David L. Craig wrote: I looked at the code (don't you just love free software?) and it looks like I can get away with zapping off the AFP bit in the first set of control registers loaded by the kernel in head31.S shortly after bootstrapping completes; i.e., .Lctl: .long 0x04b50002 # cr0: various things becomes .Lctl: .long 0x00b50002 # cr0: various things Oops, wrong bit--make that .Lctl: .long 0x04b10002 # cr0: various things -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Encryption on a 7060
On Wed, Jan 28, 2009 at 02:19:45PM -0600, Dave Jones wrote: I'm a bit confused here.why are you turning off the AFP bit in the Linux kernel? Is it causing you some problems on teh 7060? I want to run it in a virtual machine under VM/ESA 2.2, but support for the IEEE floating point hardware by CP wasn't available before 2.3 with PTFs. If BFP didn't use HFP registers, it would probably be okay, but CP needs to ensure Linux gets his BFP registers back after being interrupted. Or I can tell Linux there's no BFP hardware and then he'll do the emulation instead. Does that make sense? -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Encryption on a 7060
On Tue, Jan 13, 2009 at 12:46:08PM -0600, Adam Thornton wrote: On Jan 13, 2009, at 12:16 PM, Mark Post wrote: On 1/13/2009 at 1:00 PM, David L. Craig d...@radix.net wrote: I curate a museum which includes a uni-CP Multiprise 3000 -snip- Do current distros still support this platform or will I need something older, and if so, will current encryption software work on the older distro? SLES10 and RHEL5 are 64-bit only. Previous versions are 31-bit or 64-bit. The non-commercial distributions, Debian/390, Slack/390, CentOS are mostly 31-bit. So far as I know, they all include GPG and OpenSSL. Yeah. How acceptable this will be depends, really, on the bandwidth you need encrypted, because doing crypto on a multiprise is pretty slow. Something that we've had success with (depending on your requirements) is to use an outboard x86 box, a private network, and some iptables magic to make it transparent to everything else on the network but do your crypto where it's cheap. There are, of course, organizations that will provide support for non- major distributions, and at least one that really, really likes Debian. Ask me offline. Sigh... We're running VM/ESA 2.2 which means CP doesn't know about the IEEE floating point hardware. As I see it, we can upgrade VM, tell the kernel to use emulation even though the hardware is there, or put Debian (and VM) into their own LPARs. Does crypto make heavy use of floating point? Is there a way to virtually network between LPARs? Does the kernel parameter support using emulation even when the hardware is available? If you can answer off the top of your head, let me know. Otherwise, I'll figure this out next week. -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Encryption on a 7060
I curate a museum which includes a uni-CP Multiprise 3000 (7060-H30) with 2 GB in basic mode running VM/ESA 2.2 and hosting VSE/ESA 2.2 in V=R. We may be required by auditors to encrypt files for transmission to other hosts. I'm saying it's feasible to install a Linux distribution into a V=V virtual machine and perform the encryption there, either with gpg or by using openssl. We're currently averaging about 20% CPU utilization. Can anyone see any holes in this? Do current distros still support this platform or will I need something older, and if so, will current encryption software work on the older distro? -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Encryption on a 7060
On Tue, Jan 13, 2009 at 10:58:57AM -0800, O'Brien, Dennis L wrote: I knew Multiprises were old, but I didn't know that they were old enough to be museum exhibits. Oh, it's not the main exhibit at all. It's our newest. The main event is the 9121 we use for DR, complete with 9345s. If more than three people can top that, I'll stop calling myself the curator. -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Encryption on a 7060
On Tue, Jan 13, 2009 at 04:23:57PM -0500, David Boyes wrote: IBM 360/75 with 2311s? 8-) Powered up? Under hardware maintenance (the drives, not the CPC)? Has a business purpose? -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Encryption on a 7060
On Tue, Jan 13, 2009 at 05:54:16PM -0500, David Boyes wrote: On Tue, Jan 13, 2009 at 04:23:57PM -0500, David Boyes wrote: IBM 360/75 with 2311s? 8-) Powered up? Well, only on request. That thing EATS power. Under hardware maintenance (the drives, not the CPC)? Well, if you count me as maintenance personnel Has a business purpose? Well, it *used* to launch NASA spacecraft, until 1984 -- it was replaced by a 3090E. As to now, it's a great teaching tool about 370 architecture. I'll accept all three, although only one is necessary. That's one. Any other takers? I wonder if it's one of the two 75s Goddard used for orbit computation? I was part of the effort that replaced them in 83 with two NAS (Itel) 8040s. That's where this whole curator thing came from. The Data Center Manager told me he was conducting his usual tour, in this case a group of Japanese dignitaries, when one of them asked him, So you're the curator of this museum? This museum was what took over if Houston was hit by a hurricane. I'm so glad I wasn't there at the time because I'm sure I would have totally cracked up. My first mainframe had two (Marshall) 2311s. And 16 KB of core. But it was a Model 22, not as old as a 75. -- May the LORD God bless you exceedingly abundantly! Dave Craig - - - - - - - - - - - - - - - - - - - - 'So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe.' --from _Nightfall_ by Asimov/Silverberg -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
