INFO-VAX Sat, 06 Sep 2008 Volume 2008 : Issue 488 Contents: Re: Automated Shutdown/Reboot Re: Automated Shutdown/Reboot Re: Automated Shutdown/Reboot CIFS PDBEDIT -A gives a "Username not found!" error Re: CIFS PDBEDIT -A gives a "Username not found!" error Re: CIFS PDBEDIT -A gives a "Username not found!" error Re: CIFS PDBEDIT -A gives a "Username not found!" error Re: CIFS PDBEDIT -A gives a "Username not found!" error Re: CIFS PDBEDIT -A gives a "Username not found!" error Re: Current status? Re: Current status? Re: Current status? Re: Forms (printed) processing on VMS? Re: Forms (printed) processing on VMS? Re: HP TestDrive systems to be shutdown Re: HP TestDrive systems to be shutdown Re: huge USB disks and VMS Re: huge USB disks and VMS Re: Note to Island Computers customers Re: open TCPIP ports Re: open TCPIP ports Re: OT: Carly speeks at convetion Re: OT: Carly speeks at convetion Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) f Re: OT: SYSMAN Equiv. on AIX? Re: [RBL] Current status? ---------------------------------------------------------------------- Date: Fri, 5 Sep 2008 13:38:43 -0700 (PDT) From: urbancamo Subject: Re: Automated Shutdown/Reboot Message-ID: <3348d28b-90cf-4af4-863b-938c043dc630@m3g2000hsc.googlegroups.com> Sorry, To clarify - the boot issue is that currently when I apply power to the ZX6000 it doesn't turn on without me hitting the soft power button. As VAXman pointed out, currently once I've hit the soft power button the box will boot into VMS as it's the first item on the boot menu. For shutdown, I just want the box to shutdown at a specified time then I'll set the power timer for 10 mins after to turn the box off at the wall. Thanks for the tips, Mark. ------------------------------ Date: Fri, 05 Sep 2008 17:08:29 -0400 From: JF Mezei Subject: Re: Automated Shutdown/Reboot Message-ID: <48c1a020$0$12361$c3e8da3@news.astraweb.com> urbancamo wrote: > To clarify - the boot issue is that currently when I apply power to > the ZX6000 it doesn't turn on without me hitting the soft power > button. For a "server" type machines, there really must be some way to have it start up automatically upon power being applied. There must be some option in the machine to have it auto power up. Is there some management console below EFI that might have some non-volatile variable to "auto power on" or something like that ? Consider a lights out data center after a power failure, you woudl think that there would be a way to have servers power back up without human intervention. For machines with the extra console interface (the one with TCPIP/TELNET access to the console), perhaps that one has the ability to do the power-up sequence upon receiving a call ? Do you have the documentation for the hardware ? ------------------------------ Date: Fri, 5 Sep 2008 14:18:04 -0700 (PDT) From: urbancamo Subject: Re: Automated Shutdown/Reboot Message-ID: <570b23aa-637c-40e3-aec4-16dd00453fc9@2g2000hsn.googlegroups.com> > Is there some management console below EFI that might have some > non-volatile variable to "auto power on" or something like that ? Yes. The ZX6000 and indeed the RX2600 supports the Intel IMPI management interface. The ZX6000 documentation mentions it and a few commands but refers the reader to the intel website for more support. I've had a look at the specification for IMPI 2.0 but to be honest it is typical of specification documents - all detail and no overview. However, there is a section on Power Restore functionality that includes a setting to enable automatic turn on upon power being applied. I just need to find out/work out the IMPI command to be issued to the serial console on this box. > Do you have the documentation for the hardware ? Yes, but as mentioned above it doesn't go into the specifics. ------------------------------ Date: Fri, 5 Sep 2008 12:04:31 -0700 (PDT) From: sampsal@gmail.com Subject: CIFS PDBEDIT -A gives a "Username not found!" error Message-ID: <926b7b5e-a54a-44c8-b8fb-839e6c155ef8@m45g2000hsb.googlegroups.com> I've just installed Samba v1.0.1 on my Alpha running 8.3 and it seems to start up OK, I can even connect to SWAT running on port 901. However when I attempt to add a user it claims that the username is not found, a la: $ pdbedit -A sampsa new password: retype new password: Username not found! My SMB.CONF is as follows: $ type samba$root:[lib]smb.conf [global] server string = Samba %v running on %h (OpenVMS) security = user passdb backend = tdbsam domain master = yes guest account = SAMBA$GUEST domain logons = Yes log file = /samba$root/var/log.%m log level = 0 load printers = no printing = OpenVMS [homes] comment = Home Directories browsable = yes read only = no create mode = 0750 [temp1] browsable = yes writeable = yes path = /DRA1/temp And Samba is definitely running: $ tcpip show service smbd Service Port Proto Process Address State SMBD 139 TCP SMBD 0.0.0.0 Enabled $ tcpip show service swat Service Port Proto Process Address State SWAT 901 TCP SWAT 0.0.0.0 Enabled Any ideas? Sampsa ------------------------------ Date: Fri, 5 Sep 2008 12:45:27 -0700 (PDT) From: Rich Jordan Subject: Re: CIFS PDBEDIT -A gives a "Username not found!" error Message-ID: <32ee9964-c975-4e71-91c6-22ef230c51ff@m3g2000hsc.googlegroups.com> On Sep 5, 2:04=A0pm, samp...@gmail.com wrote: > I've just installed Samba v1.0.1 on my Alpha running 8.3 and it seems > to start up OK, I can even connect to SWAT running on port 901. > However when I attempt to add a user it claims that the username is > not found, a la: > > $ pdbedit -A sampsa > new password: > retype new password: > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Username not found! > > My SMB.CONF is as follows: > $ type samba$root:[lib]smb.conf > [global] > =A0 =A0 =A0 =A0 server string =3D Samba %v running on %h (OpenVMS) > =A0 =A0 =A0 =A0 security =3D user > =A0 =A0 =A0 =A0 passdb backend =3D tdbsam > =A0 =A0 =A0 =A0 domain master =3D yes > =A0 =A0 =A0 =A0 guest account =3D SAMBA$GUEST > =A0 =A0 =A0 =A0 domain logons =3D Yes > =A0 =A0 =A0 =A0 log file =3D /samba$root/var/log.%m > =A0 =A0 =A0 =A0 log level =3D 0 > =A0 =A0 =A0 =A0 load printers =3D no > =A0 =A0 =A0 =A0 printing =3D OpenVMS > [homes] > =A0 =A0 =A0 =A0 comment =3D Home Directories > =A0 =A0 =A0 =A0 browsable =3D yes > =A0 =A0 =A0 =A0 read only =3D no > =A0 =A0 =A0 =A0 create mode =3D 0750 > [temp1] > =A0 =A0 =A0 =A0 browsable =3D yes > =A0 =A0 =A0 =A0 writeable =3D yes > =A0 =A0 =A0 =A0 path =3D /DRA1/temp > > And Samba is definitely running: > $ tcpip show service smbd > > Service =A0 =A0 =A0 =A0 =A0 =A0 Port =A0Proto =A0 =A0Process =A0 =A0 =A0 = =A0 =A0Address > State > > SMBD =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 139 =A0TCP =A0 =A0 =A0SMBD > 0.0.0.0 =A0 =A0 =A0 =A0 =A0 =A0 Enabled > $ tcpip show service swat > > Service =A0 =A0 =A0 =A0 =A0 =A0 Port =A0Proto =A0 =A0Process =A0 =A0 =A0 = =A0 =A0Address > State > > SWAT =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 901 =A0TCP =A0 =A0 =A0SWAT > 0.0.0.0 =A0 =A0 =A0 =A0 =A0 =A0 Enabled > > Any ideas? > > Sampsa The user account in SYSUAF has to have an identifier that matches the username. It can be in a named group also, but the user ID has to match the username. following reflect a SHOW USER in AUTHORIZE user1 uic =3D [100,100] no go user1 uic =3D [user234] no go user1 uic =3D [yadda,user234] no go user1 uic =3D [user1] ok user1 uic =3D [yadda,user1] ok At least that's what we saw with V1.0 in testing. Rich Rich ------------------------------ Date: Fri, 5 Sep 2008 12:53:21 -0700 (PDT) From: sampsal@gmail.com Subject: Re: CIFS PDBEDIT -A gives a "Username not found!" error Message-ID: On Sep 5, 8:45=A0pm, Rich Jordan wrote: > user1 =A0 uic =3D [100,100] =A0 =A0no go > user1 =A0 uic =3D [user234] =A0 =A0no go > user1 =A0 uic =3D [yadda,user234] =A0 =A0no go > user1 =A0 uic =3D [user1] =A0ok > user1 =A0 uic =3D [yadda,user1] =A0ok > So should this work? UAF> show sampsa Username: SAMPSA Owner: SAMPSA LAINE Account: SAMPSA UIC: [200,101] ([ADAM,SAMPSA]) CLI: DCL Tables: DCLTABLES ------------------------------ Date: Fri, 05 Sep 2008 13:56:35 -0700 From: "Jeffrey H. Coffield" Subject: Re: CIFS PDBEDIT -A gives a "Username not found!" error Message-ID: <82hwk.21530$89.3403@nlpi069.nbdc.sbc.com> sampsal@gmail.com wrote: > I've just installed Samba v1.0.1 on my Alpha running 8.3 and it seems > to start up OK, I can even connect to SWAT running on port 901. > However when I attempt to add a user it claims that the username is > not found, a la: > > $ pdbedit -A sampsa > new password: > retype new password: > Username not found! > There are three steps to add a user 1) add usename to sysuaf (usually by copying SAMBA$TMPLT 2) pdbedit -a username 3) @samba$root:[bin]samba$grant_gidusers.com We migrated an Alpha/Pathworks to Itanium/Samba and are working with HP support to get some bugs we identified fixed. There is supposed to be an update in a few weeks. Jeff Coffield www.digitalsynergyinc.com ------------------------------ Date: Fri, 5 Sep 2008 14:28:56 -0700 (PDT) From: sampsal@gmail.com Subject: Re: CIFS PDBEDIT -A gives a "Username not found!" error Message-ID: <75f3af61-8de3-4669-8a6c-f31eb2b02473@d1g2000hsg.googlegroups.com> On Sep 5, 9:56=A0pm, "Jeffrey H. Coffield" wrote: > There are three steps to add a user > 1) add usename to sysuaf (usually by copying SAMBA$TMPLT > 2) pdbedit -a username > 3) @samba$root:[bin]samba$grant_gidusers.com > > We migrated an Alpha/Pathworks to Itanium/Samba and are working with HP > support to get some bugs we identified fixed. There is supposed to be an > update in a few weeks. > > Jeff Coffieldwww.digitalsynergyinc.com What about adding an existing user? Also, I tried the "copy template user, run pdbedit" route as well, but still got the username not found error. Sampsa ------------------------------ Date: Fri, 05 Sep 2008 19:39:54 -0500 From: BRAD@rabbit.turquoisewitch.com (Brad Hamilton) Subject: Re: CIFS PDBEDIT -A gives a "Username not found!" error Message-ID: In article <75f3af61-8de3-4669-8a6c-f31eb2b02473@d1g2000hsg.googlegroups.com>, sampsal@gmail.com wrote: >On Sep 5, 9:56 pm, "Jeffrey H. Coffield" > wrote: >> There are three steps to add a user >> 1) add usename to sysuaf (usually by copying SAMBA$TMPLT >> 2) pdbedit -a username >> 3) @samba$root:[bin]samba$grant_gidusers.com >> >> We migrated an Alpha/Pathworks to Itanium/Samba and are working with HP >> support to get some bugs we identified fixed. There is supposed to be an >> update in a few weeks. >> >> Jeff Coffieldwww.digitalsynergyinc.com > >What about adding an existing user? > >Also, I tried the "copy template user, run pdbedit" route as well, but >still got the username not found error. I noticed that in your original example, you used -A, where Jeff's example uses -a. Try variations on both, including "-A" and "-a" (quotes included). I use the "old" version of Samba (V2.2.8 or so), and I must use "-L" (quotes included) with smbpasswd in order to change a password. ------------------------------ Date: Fri, 5 Sep 2008 17:59:32 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: Current status? Message-ID: In article , david20@alpha2.mdx.ac.uk writes: > >I receive email locally on my VMS cluster, so the outside world has to > >be able to connect. Misusing me as a relay? Not a problem: > > > >SMTP Configuration > > > >Options > >Initial interval: 0 00:30:00.00 Address_max: 16 EIGHT_BIT > >Retry interval: 0 01:00:00.00 Hop_count_max: 16 NORELAY > >Maximum interval: 3 00:00:00.00 HEADERS > > > >I think NORELAY is even the default. > > > In which case your system should either > > 1) Be one of your designated MTAs > or > 2) Send and receive its mail through your organisations designated MTAs All mail I send anywhere via TCPIP goes through the host specified as the alternate gateway. The highest-priority MX record is the WAN address of my LAN, which gets forwarded to the cluster alias. Anyone can try send email to this, as far as I'm concerned. (I could have the highest-priority record point to another MX server---which I use only as backup servers, which kick in when I am not directly reachable---but this has the disadvantage that these servers would have to accept mail to non-existent users on my system which, when delivered to me, would bounce; most of this would create backscatter spam.) Most connection attempts to it, however, are dropped because the source is in an RBL. ------------------------------ Date: Sat, 6 Sep 2008 00:22:49 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: Current status? Message-ID: In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >In article , david20@alpha2.mdx.ac.uk >writes: > >> >I receive email locally on my VMS cluster, so the outside world has to >> >be able to connect. Misusing me as a relay? Not a problem: >> > >> >SMTP Configuration >> > >> >Options >> >Initial interval: 0 00:30:00.00 Address_max: 16 EIGHT_BIT >> >Retry interval: 0 01:00:00.00 Hop_count_max: 16 NORELAY >> >Maximum interval: 3 00:00:00.00 HEADERS >> > >> >I think NORELAY is even the default. >> > >> In which case your system should either >> >> 1) Be one of your designated MTAs >> or >> 2) Send and receive its mail through your organisations designated MTAs > >All mail I send anywhere via TCPIP goes through the host specified as >the alternate gateway. The highest-priority MX record is the WAN >address of my LAN, which gets forwarded to the cluster alias. So your alternate gateway and MX record host are your designated MTAs which should be allowed to communicate with the outside world over port 25. Any other systems on your internal network which wish to send mail out should send out either directly or indirectly through the same alternate gateway. Any mail for users on any other internal mail system should receive mail by it first being passed to the MX system which then forwards it onto the internal system. Hence the other internal systems do not require to open connections directly to port 25 on arbitrary external systems or to have arbitrary external systems connecting directly to port 25 on them. Your firewall can therefore block those other internal systems from attempting such port 25 connections. (You mention the WAN address of your LAN which suggests that you probably have an internal network which is using dynamic NAT. Hence NAT is probably taking care of stopping direct external connections to your other internal systems on port 25 anyway.) David Webb Security team leader CCSS Middlesex University > Anyone >can try send email to this, as far as I'm concerned. (I could have the >highest-priority record point to another MX server---which I use only as >backup servers, which kick in when I am not directly reachable---but >this has the disadvantage that these servers would have to accept mail >to non-existent users on my system which, when delivered to me, would >bounce; most of this would create backscatter spam.) Most connection >attempts to it, however, are dropped because the source is in an RBL. > ------------------------------ Date: Sat, 6 Sep 2008 00:53:48 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: Current status? Message-ID: In article , =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= writes: >david20@alpha2.mdx.ac.uk wrote: > >> The SMTP Servers which come with >> the TCPIP stacks are just meant to be very simple systems which receive mail for >> local users and send mail from local users. > >OK. >And if *that* is what you need, would you say that the >smtp parts of TCPIP Services are OK as-is ? Strange question. Obviously if a program provides all that you need then that program is OK for your needs. For my needs at the University with systems acting as central mailhubs the functionality of PMDF is much better. For my hobbyist system at home I might be able to live with the reduced functionality of one of the TCPIP stacks' SMTP servers but ancillary features of PMDF such as the ability of PMDF MAIL to send MIME mail without having to mess around with external MIME tools etc tip the balance firmly in favour of using PMDF. Or are you asking whether the SMTP server provided by TCPIP services works properly ? Since I haven't used it in anger for over ten years I can't really comment upon how well it works. David Webb Security team leader CCSS Middlesex University ------------------------------ Date: Fri, 05 Sep 2008 22:11:44 GMT From: =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= Subject: Re: Forms (printed) processing on VMS? Message-ID: norm.raphael@metso.com wrote: > > Jan-Erik Söderholm wrote on 08/27/2008 > 12:12:33 PM: > > > Hi. > > > > Many years back I used JetForm for printed form > > processing on VMS (mVAX 3100/90 at the time). > > This works just OK. JetForm Design was used on > > a Windows PC to "design" the forms and then > > JetForm Merge was run on the VMS box to "merge" > > the application data with the forms and printed > > on standard lasers, usualy HP LaserJet 4's at the > > time. > > > > As far as I have found out, JetForm was bought > > by Adobe and VMS support was dropped some years ago. > > > > Now, is there anything available today similar > > to this tools ? > > > > Jan-Erik. > > FlexForm Software > > [Disclaimer: I have no beneficial interest. I just use it.] > OK, I now have an demo/evaluation copy installed on my VMS/Alpha. "Someone" told FLEXForm I was interested... :-) Anyway, there are a few things. I will test it when back in office on Monday, but thought I'd mention it anyway. FF (FLEXform) supports PCL5e as printer language. DCPS claims to support PCL4, according to the current docs. My thought was to route the FLEXform printouts throught DCPS to be able to take advantage of the Postscript printers we have. We'll see if DCPS will complain on the FF output. That's the major potential problem. I might report back later, if anyone is interested. I wounder if DCPS would be updated to support (at least) PCL5e which have been the PCL standard version since quite many years now ? Jan-Erik. ------------------------------ Date: Fri, 05 Sep 2008 23:22:54 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Forms (printed) processing on VMS? Message-ID: <00A7F315.42B362AE@SendSpamHere.ORG> In article , =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= writes: >norm.raphael@metso.com wrote: > >> >> Jan-Erik Söderholm wrote on 08/27/2008 >> 12:12:33 PM: >> >> > Hi. >> > >> > Many years back I used JetForm for printed form >> > processing on VMS (mVAX 3100/90 at the time). >> > This works just OK. JetForm Design was used on >> > a Windows PC to "design" the forms and then >> > JetForm Merge was run on the VMS box to "merge" >> > the application data with the forms and printed >> > on standard lasers, usualy HP LaserJet 4's at the >> > time. >> > >> > As far as I have found out, JetForm was bought >> > by Adobe and VMS support was dropped some years ago. >> > >> > Now, is there anything available today similar >> > to this tools ? >> > >> > Jan-Erik. >> >> FlexForm Software >> >> [Disclaimer: I have no beneficial interest. I just use it.] >> > >OK, I now have an demo/evaluation copy installed on >my VMS/Alpha. "Someone" told FLEXForm I was interested... :-) > >Anyway, there are a few things. I will test it when >back in office on Monday, but thought I'd mention >it anyway. > >FF (FLEXform) supports PCL5e as printer language. > >DCPS claims to support PCL4, according to the current >docs. My thought was to route the FLEXform printouts >throught DCPS to be able to take advantage of the >Postscript printers we have. We'll see if DCPS will >complain on the FF output. > >That's the major potential problem. I might report >back later, if anyone is interested. > >I wounder if DCPS would be updated to support (at least) >PCL5e which have been the PCL standard version since >quite many years now If you have a postscript printer, you don't need anything beyond DCPS. Define the form with postscript in a form dictionary and then redefine the showpage command to execute execform with the on the stack. I've been creating postscript forms for customers this way for many years. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Fri, 05 Sep 2008 17:03:33 -0400 From: JF Mezei Subject: Re: HP TestDrive systems to be shutdown Message-ID: <48c19efd$0$1547$c3e8da3@news.astraweb.com> I am a bit curious about this. So they want to put the test drive systems onto a single machine that will hosts multiple instances of different OS. Fine. But instead of announcing the test drive systems will be "shutdown", why not simply announce they are moving to new virtualised hardware and announce that users shouldn't really see any changes ? Wouldn't that be far better "publicity" for their 1970s VM equivalent they just developped ? It doesn't look good if moving an existing instance to the vistualised instance requires huges changes and cannot be transparent for end users. ------------------------------ Date: Fri, 5 Sep 2008 20:56:03 -0500 (CDT) From: sms@antinode.info (Steven M. Schweda) Subject: Re: HP TestDrive systems to be shutdown Message-ID: <08090520560394_20201252@antinode.info> From: JF Mezei > But instead of announcing the test drive systems will be "shutdown", why > not simply announce they are moving to new virtualised hardware and > announce that users shouldn't really see any changes ? Perhaps because they really were shutting domn most of the TestDrive systems. Some time ago, you could get to TestDrive systems running Tru64, VMS on Alpha (multiple versions), HP-UX on PA-RISC (multiple versions), and probably a few other things which are no more. > Wouldn't that be far better "publicity" for their 1970s VM equivalent > they just developped ? It might be, if it were true. Also, any peon (even I) could get a TestDrive account. The new plan is for DSPP members only. ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547 ------------------------------ Date: 5 Sep 2008 14:28:26 -0400 From: brooks@cuebid.ovms.usa.hp.nospam (Rob Brooks) Subject: Re: huge USB disks and VMS Message-ID: moroney@world.std.spaamtrap.com (Michael Moroney) writes: > (Phillip Helbig---remove CLOTHES to reply) writes: > >>I recently saw an ad for a 1-GB RAID-1 external USB disk for EUR 179. >>Is there any VMS machine (presumably Itaniuum) one could connect this >>to? What are the largest officially supported SCSI-1, SCSI-2 and SCSI-3 >>disks for VMS? What are the largest which will work? > > AFAIK, VMS should be fine with any disk up to 1TB, for which the driver > can handle all possible blocks. This would exclude IDE drives over 137G > unless work has been done in that area recently. Due to the way SCSI > drives work, ones up to 1TB should just work. This doesn't mean > supported. The sign-bit restriction should be removed for (what will likely be called) V8.4, out in late 2009. This will theoretically allow volumes up to 2TB in size. -- Rob Brooks MSL -- Nashua brooks!cuebid.zko.hp.com ------------------------------ Date: Fri, 05 Sep 2008 15:56:46 -0500 From: "Craig A. Berry" Subject: Re: huge USB disks and VMS Message-ID: urbancamo wrote: > What about one that hangs off the network - doesn't VMS support samba > shares? The CIFS documentation explicitly states that smbclient is not supported. In other words, only the server side is supported. ------------------------------ Date: Fri, 05 Sep 2008 17:43:12 -0400 From: JF Mezei Subject: Re: Note to Island Computers customers Message-ID: <48c1a82a$0$9673$c3e8da3@news.astraweb.com> I just want to wish Island the best of luck, and we're all counting on you. http://www.nhc.noaa.gov/graphics_at3.shtml?5day?large#contents Currently just under a hurricane status. Coast of georgia under tropical storm warning, so even if they won't get hurricane speeds, thety could still get disruptive weather. So good luck. And to Mr David: if you hop on a ship, you could ride this storm and by 14:00 on Wednesday, you'd hit the coast of Ireland ! (Yep, one of the rare occasions where they have already plotted its course all the way to europe ! Not bad for a storm that started off in Africa, went west to the americas, then north east back to europe ! ------------------------------ Date: Fri, 05 Sep 2008 13:23:17 -0500 From: Michael Austin Subject: Re: open TCPIP ports Message-ID: <2Mewk.9310$cn7.891@flpi145.ffdc.sbc.com> Phillip Helbig---remove CLOTHES to reply wrote: > My old router was quite easy to configure with regard to ports; one > could specify a range of ports as well as an individual port, and select > TCP, UDP or both. The new one requires an explicit entry in a form, in > which the (usually wrong) defaults must be corrected, and separate > entries for TCP and UDP. Also, it isn't possible to specify a range. > And this has to be done via a web interface. > > As a quick fix, I set the cluster alias to "exposed host", i.e. all > ports get forwarded to that (which is essentially what I want). Is > there any reason not to keep this configuration, i.e. individually > specify the ports I need instead? With the old router, I could also see > logs of incoming connections, and there was one every few seconds, often > to port 445 IIRC. Some Windows system trying to infect another one > virally, probably. Since most bogus connections will assume a non-VMS > system, I don't think there are any security issues involved. What > about performance---if they get blocked at the router, they won't make > it to VMS at all. Of course, there is nothing listening on the ports I > don't need, but some overhead will result nevertheless. > > If it would be better to specify the ports individually, here's my list. > Comments, suggestions and criticism welcome. > > 20 FTP control > 21 FTP data > 22 SSH > 23 telnet > 25 SMTP > 43 whois > 53 DNS > 63 whois++ > 69 tftp > 79 finger > 80 http > 81 unassigned!!! (commonly used for no-cache HTTP) > 119 nntp > 443 https > 989 ftps > 990 ftps > 992 telnets > 993 telnets > 8000 I use this for HTTP > 8001 I use this for HTTP > 6000-6063 X11 > 33434 traceroute > > I won't necessarily need all of these, but I hope there are none which I > do which are not on the list. > > According to http://www.iana.org/assignments/port-numbers most (all?) > port numbers are for both TCP and UDP. I'm sure about some, but not > all; for which should I open the port for TCP and for which for UDP? > Which router did you get? I had to replace my Linksys WirelessG router and the new Linksys WirlessN router had a page for single-port forwarding (for things like forward port 80 to host xxx.xxx.xxx.xxx:8001) and range-port forwarding (forward port 20-25, 80, 443 etc... to host ) I had to replace it due to water damage. I was replacing my cabinets, counters and sink in the kitchen and the router was directly underneath in the basement. grrrrrr. ------------------------------ Date: Fri, 5 Sep 2008 21:56:47 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: open TCPIP ports Message-ID: In article <2Mewk.9310$cn7.891@flpi145.ffdc.sbc.com>, Michael Austin writes: > Which router did you get? I had to replace my Linksys WirelessG router > and the new Linksys WirlessN router had a page for single-port > forwarding (for things like forward port 80 to host > xxx.xxx.xxx.xxx:8001) and range-port forwarding (forward port 20-25, 80, > 443 etc... to host ) That's similar to the functionality I had. I had a Linksys BEFSR41. It was nice also because I could extract the WAN address via LYNX running in a batch job. :-) It got hung up from time to time (once a month or so) which could be solved by a power cycle---no big problem, unless no-one was home. A few years later, it started acting strangely more often. Might have to do with increased speed and/or other changes with the DSL link. I'm now using an AVM Fritz!Box Fon 5140. This is router, switch, DSL-modem (or bridge, or whatever) and telephone connector (I can plug in 2 analog and 1 ISDN phone and use them all, whether or not the actual telephone connection is analog or ISDN) all in one. I got this as a free replacement from my provider, 1&1, when my previousu Fritz!Box (another model) started producing noise during VOIP. Back when I had just a few Mb/s speed, I had a DSL modem then behind that the router and behind that, when I started using VOIP, a Fritz!Box only for VOIP. However, once my speed got up over 8Mb/s or so, the old modem would no longer work, and since I had the Fritz!Box in use anyway, I started using it as the modem as well. I used to have a Teledat 300, which is a rebadged Xyxel. Although it had a web interface, I never used that, but rather the ASCII menu which just needs VT100 capabilities. And from there one could even get to the command line. Those were the days! However, I soon replaced it with the Linksys because, as mentioned above, I could easily extract the WAN address from it automatically. ------------------------------ Date: Fri, 05 Sep 2008 23:22:53 -0400 From: =?ISO-8859-1?Q?Arne_Vajh=F8j?= Subject: Re: OT: Carly speeks at convetion Message-ID: <48c1f78d$0$90270$14726298@news.sunsite.dk> JF Mezei wrote: > BTW, I wonder if Carly's not so great reputation in computer > newsgroups/forums would have impacted her non-selection as VP. You think they are scared by the huge group of VMS enthusiasts ? Not likely ! Arne ------------------------------ Date: Sat, 06 Sep 2008 00:39:30 -0400 From: JF Mezei Subject: Re: OT: Carly speeks at convetion Message-ID: <48c209bd$0$9630$c3e8da3@news.astraweb.com> Arne Vajhøj wrote: > You think they are scared by the huge group of VMS enthusiasts ? I am not sure that VMS enthusiasts were the only ones to have been unimpressed (understatement) by La Carly. If there is sufficient discontent with her as head of HP, someone vetting her would have done google searches and probably seen a large variety of negative posts about her. And if they quietly checked with someone on the board, the later may have confirmed the public sentiment about her. Some of the cabinet posts she is likely to get: Post Mistress to the General. or Under the Secretary of State. My guess is that the republican party is now in charge and telling McCain what to say, and since McCain was seen as being too liberal, they have to find some ultra right wing religious zealot to compensate and it probably ruled out LaCarly and Romney. ------------------------------ Date: Fri, 05 Sep 2008 23:27:26 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) Message-ID: <00A7F315.E44CA17B@SendSpamHere.ORG> In article <48c19cd8$0$1547$c3e8da3@news.astraweb.com>, JF Mezei writes: >VAXman- @SendSpamHere.ORG wrote: > >> People do not pass out from high blood sugar unless it is extremely >> high. The dangers of high blood sugar are (long term high levels): > >There are many factors that can throw sugar levels out of whack to a >point where sugar levels are dangerous. A bladder infection on a >diabetic will/can cause elevated and dangerous blood sugar levels for >instance. > >People do get somewhat comatose or in a real coma from high blood sugar >levels. And judgement/memory begin to be impaired when sugar levels are >high. This is pretty insiduous because the person may not realise it. > >> The liver also converts fats back into sugar (hepatic gluconogenesis). > >I have been looking for this all summer long. Will have to look it up. >Most of the stuff I had read never mentioned a fat->sugar process in the >human body. Some outright stated it did not happen. > > >> Glucogon is a hormone that causes the liver to release glucose into the >> blood stream. It is an emergency measure for _low_ blood sugar. > >Since the liver can store a fair amount of glycogen (but vast majority >is stored in muscles for their own personal use), is it really an >"emergency" measure ? > > >> I'm surprised that the ADA (American Diabetes Assoc) suggests milk as a >> good alternative. > >I think that milk is suggested because it releases sugar into the blood >in a more controlled manner. Coke gives a huge rush of sugar and for a >diabetic, this may not be good. > >But if you're seconds away from passing out, then I'd say coke is >probably better... Well, I think I'll keep things status quo on my end. I've managed to live this long -- despite a schmuck's attempts to send me to an early grave -- with few issues. I've maintained my HeA1c at 6 too. Damned good for an ID diabetic who enjoys beer. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Fri, 05 Sep 2008 16:54:24 -0400 From: JF Mezei Subject: Re: OT: Flying with Diabetes (was RE: SMGRTL patch available on ITRC ftp site) f Message-ID: <48c19cd8$0$1547$c3e8da3@news.astraweb.com> VAXman- @SendSpamHere.ORG wrote: > People do not pass out from high blood sugar unless it is extremely > high. The dangers of high blood sugar are (long term high levels): There are many factors that can throw sugar levels out of whack to a point where sugar levels are dangerous. A bladder infection on a diabetic will/can cause elevated and dangerous blood sugar levels for instance. People do get somewhat comatose or in a real coma from high blood sugar levels. And judgement/memory begin to be impaired when sugar levels are high. This is pretty insiduous because the person may not realise it. > The liver also converts fats back into sugar (hepatic gluconogenesis). I have been looking for this all summer long. Will have to look it up. Most of the stuff I had read never mentioned a fat->sugar process in the human body. Some outright stated it did not happen. > Glucogon is a hormone that causes the liver to release glucose into the > blood stream. It is an emergency measure for _low_ blood sugar. Since the liver can store a fair amount of glycogen (but vast majority is stored in muscles for their own personal use), is it really an "emergency" measure ? > I'm surprised that the ADA (American Diabetes Assoc) suggests milk as a > good alternative. I think that milk is suggested because it releases sugar into the blood in a more controlled manner. Coke gives a huge rush of sugar and for a diabetic, this may not be good. But if you're seconds away from passing out, then I'd say coke is probably better... ------------------------------ Date: Fri, 05 Sep 2008 15:28:05 -0700 From: Joe Bloggs Subject: Re: OT: SYSMAN Equiv. on AIX? Message-ID: On Wed, 03 Sep 2008 20:39:14 -0500, David J Dachtera wrote: >> $ rcom.sh prod uptime >> # ssh uptime # Host A ---------------- >> 12:51pm up 43 days 5:17, 0 users, load average: 0.74, 0.80, 0.90 >> # ssh uptime # Host B ---------------- >> 12:51pm up 50 days 17:35, 1 user, load average: 1.11, 1.05, 1.06 >> # ssh uptime # Host C ---------------- >> 12:51pm up 50 days 18:45, 0 users, load average: 0.85, 1.08, 1.26 >> $ > >Now - take that to the next level, and automate it across multiple LPARs >so the command only has to be manually entered ONCE. Looks like you >have, but it's not very clear. yes, that was the intent, if it wasn't clear the use of SSH here, is not much different than, say, using RSH to execute 1-line commands but most folks would prefer to use SSH for security reasons. another caveat, is most (unix) sites would disallow using privileged accounts (eg root) via remote access (ssh, telnet, etc) but if your systems are on isolated/secure subnets, doing so, it might be reasonable choice ... >What is "rcom.sh"? nothing special. i had just named a (user) script rcom.sh deriving the name from the VMS tool. iow, it's not a 'standard' tool/script. just a short bash script, with a series of SSH invocations, determined by the cmd-line arguments snippet below. f.ex, ~/rcom.sh nyc 'uptime' would send 'uptime' to hosts nyc1, nyc2, nyc3 a fancier bash script, could do pass the node-names as arguments, or derive them from other shell variables. it might be better done from Perl, or a 3GL, to wrap the SSH invocations in a timeout handler. On Linux, it seems that ctrl-C will work to break out of a hangin ssh command (and go onto the others if needed) #!/bin/bash #set -o xtrace hst=$(hostname -s) hst=`echo $hst | tr "[:upper:]" "[:lower:]"` # tolower # if [[ ( "$1" == 'all' ) || ("$1" == 'nyc') ]]; then echo '# ssh '$2' # nyc1 ----------------' ssh nyc1 "$2" echo '# ssh '$2' # nyc2 ----------------' ssh nyc2 "$2" echo '# ssh '$2' # nyc3 ----------------' ssh nyc3 "$2" fi # #set +o xtrace ------------------------------ Date: Fri, 5 Sep 2008 23:53:10 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: [RBL] Current status? Message-ID: In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: >In article <6iakmbFpl207U2@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes: >> >> Not really. Those particular devices should be sending their email to >> the real mailserver which should be the only one communicating with mail >> servers in the the outside world. If network/system managers, in particular >> ISP's, followed this rule 99% of SPAM cold be dealt with in ver short order. > > The problem isn't the path, it's the sending. They want to send via > SMTP, not POP, IMAP, or some other client protocol. As far as the > "security experts" are concerned, only servers send via SMTP. > > I can't really fault a COTS vendor for sending email via SMTP. > Your "security experts" are talking nonsense. SMTP is used to send mail both MUA to MTA and MTA to MTA. POP and IMAP cannot be used to send mail since that is NOT their function. POP and IMAP just connect to a mail store and access or manipulate mail. The MUA should be configured to send via the organisations local MTA usually referred to as configuring the mail client to send via a smarthost. David Webb Security team leader CCSS Middlesex University ------------------------------ End of INFO-VAX 2008.488 ************************