INFO-VAX Tue, 28 Oct 2008 Volume 2008 : Issue 583 Contents: Re: AS200 and DE500 Re: Banana Republic (was Re: OpenVMS Book Wins award) Re: Bell Labs closes Re: DCPS setpagedevice PS error on a Xerox WCP 35 Re: DCPS setpagedevice PS error on a Xerox WCP 35 Re: DCPS setpagedevice PS error on a Xerox WCP 35 Re: Does anyone know what time it is? SYS$GETTIM Re: Fortran, debugger and Alpha/VMS 7.3-2 Re: Java for OpenVMS registration for download broken Re: Java for OpenVMS registration for download broken Re: Java for OpenVMS registration for download broken Re: Java for OpenVMS registration for download broken Re: supported SCSI interfaces in a VMS cluster VMS socket policy files Re: Who is left at VMS engineering ? Re: Who is left at VMS engineering ? ---------------------------------------------------------------------- Date: Tue, 28 Oct 2008 10:13:09 -0700 (PDT) From: Rich Jordan Subject: Re: AS200 and DE500 Message-ID: <6402d3a3-4dc6-401d-a6c0-fdd9707fa2dd@40g2000prx.googlegroups.com> On Oct 25, 8:45=A0pm, "Richard B. Gilbert" wrote: > Steven M. Schweda wrote: > > From: "Richard B. Gilbert" > > >> Steven M. Schweda wrote: > >>> From: "Richard B. Gilbert" > > >>>> The built in interface is 10/100, the same as the DE500. =A0Installi= ng a > >>>> DE500 is pointless unless you need a second Ethernet interface or yo= u > >>>> somehow fried the built in interface. > >>> =A0 =A0Maybe on yours. =A0On mine, EWA0 said "DE435", and was 10Mb/s.= =A0I did > >>> add a DE205 (10Mb/s, ISA, ERA0) card once, which was mildly > >>> entertaining. =A0That was back when my DSL gizmo was a bridge, and I > >>> wanted to keep the non-IP traffic off it, so a second interface was > >>> useful. > > >> Didn't you ever set it to 100 MB? =A0I did it so many years ago that I= 've > >> forgotten exactly how but ISTR it was done from the SRM console. > > > =A0 =A0No, I never did. =A0My guess is that you've not only forgotten e= xactly > > how you did it, but also exactly where and/or to what. =A0But, hey. =A0= All > > evidence to the contrary aside, I'm open to an actual demonstration of > > this miraculous phenomenon. > > > =A0 =A0SMS. > > It could be that I've forgotten. =A0I dug out the "User Information" whic= h > is the only documenation that I recall getting with the system. =A0It > looks as if the built in Ethernet is 10MB only. =A0Maybe what I set was > full duplex. =A0I've had the box for about ten years now; I bought it whe= n > =A0 it went EOL and DEC had a "clearance sale". =A0It cost me about $2K a= nd > I just about broke my arm reaching for my check book. =A0That got me the > box, with VMS and NAS 150 licenses, etc. > > It has run for ten years now without a hardware problem. =A0DEC really > knew how to build em!! My AS200 came from onsale.com with 16MB memory and no OS. It was able to run Linux as soon as I added a drive, then later Win-NT Alpha (node name 'wastedalpha') with that 16MB (slow!). I moved it to VMS with hobby licenses as soon as I could get enough memory, and it has been running since with no issues other than cleaning the fans and grilles. I did upgrade it to 233MHz from 166, and put in the full flash to make the occasional downgrade to NT easier (had to for one program, now defunct). All else is still original and running fine with 384MB RAM, the KZPBA SCSI controller, and the ZLXp-E2 graphics card it originally came with. Like a tank, that box. And it ran fine with the DE500-BA ethernet card, when I had the PCI slots for it. ------------------------------ Date: Tue, 28 Oct 2008 20:09:25 +0800 From: "Richard Maher" Subject: Re: Banana Republic (was Re: OpenVMS Book Wins award) Message-ID: Hi Mark, Thanks for the reply. > I bought it through Barnes and Noble in late May '08 for US$36.00 plus > US$13.00 P&P, and I think my credit card statement said something like > AU$52.00 so it was right at the 'peak'. Why the AU$ currently should be > at US$0.65 now escapes me - perhaps that's one reason I'm still working > for wages. I looked seriously at Perth Mint gold in August (when the bank deposit guarantee was sweet FA) and Foreign Currency accounts aren't as common here as they are in the UK. Either way I would (and have) lost big time - but haven't we all :-( > That any network connectivity has some sandboxing doesn't exactly > surprise me. Me either! I'm a big fan of the same-origin, or codebase, policy for Applets but these guys just want to keep pushing the envelope. > A network conduit (like SSH or HTTP CONNECT) is carte > blanche for whatever the agent wishes to transfer. No constraint would > be considered negligence. Yeah, but here I bow to your much greater experience and ask "What the hell can a *Socket not HTTP* proxy-server do for me?". Look I wanted a HTTP CONNECT handshake to give me a Tunnel for my Socket over a httpS connection to an arbitray TCP/IP server, but it doesn't look doable; please advise. I also view with interest what the Comet guys are doing with Orbited (see www.cometdaily.com for some background) as they don't seem to be bound by (or have already solved) these proxy-server restrictions. > I'm guessing you mention this because the suggestion below that > > "that the time could be better spent providing guidelines for > communication via an asynchronous CGI [originally I read GUI :-] > interface." > > sounds remarkably like Tier3 :-) Damn, I'm as transparent and one-domensional as usual :-) The way I see it is we have two camps (and I'm happy to live with the pluralism and think there's enough room for everyone). 1) The WebSockets http/html5 guys who have the distinct (and only) advantage of being able to tunnel out of 80/443 as HTTP 2) The New Order of full-blown, connection-oriented, full-duplex, binary, Socket Interaction If Sockets can't traverse public proxy-servers with existing HTTP then option 1 is no longer on the table as far as I can see? Anyway, please let me ask the question of why anyone would want to use a proxy-server for Socket communication? . Socket Cacheing - No Thanks . Limited client IP addresses - IPV6 . Anonymity - Not always a good thing . Firewall - Open up connections to/from valid hosts/ports . Monitoring/filtering - Requirements spec for binary data Cheers Richard Maher "Mark Daniel" wrote in message news:011308d4$0$20645$c3e8da3@news.astraweb.com... > Richard Maher wrote: > > Hi Mark, > > > >> (I purchased it when AU$ was almost at US$ parity :-) > > > > Aaah, it seems like only weeks ago :-( > > I bought it through Barnes and Noble in late May '08 for US$36.00 plus > US$13.00 P&P, and I think my credit card statement said something like > AU$52.00 so it was right at the 'peak'. Why the AU$ currently should be > at US$0.65 now escapes me - perhaps that's one reason I'm still working > for wages. > > It was a good 'background' read but not directly applicable to my > daytime duty statement these days. I had not (as I indicated to Roland > I might) gotten around to a public review (that would have required a > second read). Willem Grooters provided one I'd generally endorse. > > At around the same time I purchased Heller's, "Catch 22" (shipped to one > of my daughters), Earl's, "Digital Equipment Corporation (MA) (Images > of America)", and Schein's, "DEC Is Dead, Long Live DEC"; all good > reads and all for different reasons. With the exchange rate more like > 2:3 I might have to think think more carefully. (The Earl soft-cover is > a particularly easy but also interesting 'read' I'd recommend to all > interested in DEC :-) > > > Cheers Richard Maher > > > > PS. Just in case you don't subscribe to the WHATWG mailing list, do you have > > any interest in, or opinions on the following: - > > No I don't and indirectly I guess I do. > > That any network connectivity has some sandboxing doesn't exactly > surprise me. A network conduit (like SSH or HTTP CONNECT) is carte > blanche for whatever the agent wishes to transfer. No constraint would > be considered negligence. > > I'm guessing you mention this because the suggestion below that > > "that the time could be better spent providing guidelines for > communication via an asynchronous CGI [originally I read GUI :-] > interface." > > sounds remarkably like Tier3 :-) > > I agree; why would anyone spend time abstracting interfaces if a > monolithic solution is all that is currently required? Of course this > is an entirely fresh (if not novel) discussion point ... > > > ----- Original Message ----- > > From: "Shannon" > > To: "WHAT working group" > > > Sent: Tuesday, October 14, 2008 7:22 AM > > Subject: [whatwg] WebSocket and proxies > > > > > >> In the process of testing my WebSocket proposal I discovered the CONNECT > >> method has a major restriction. Most proxies disable CONNECT to anything > >> but port 443. > >> > >> The following is from "Squid and the Blowfish": > >> ------------------ > >> It is very important that you stop CONNECT type requests to non-SSL > >> ports. The CONNECT method allows data transfer in any direction at any > >> time, regardless of the transport protocol used. As a consequence, a > >> malicious user could telnet(1) to a (very) badly configured proxy, enter > >> something like: > >> ... snip example ... > >> and end up connected to the remote server, as if the connection was > >> originated by the proxy. > >> ------------------- > >> > >> I verified that Squid and all public proxies I tried disable CONNECT by > >> default to non-SSL ports. It's unlikely many internet hosts will have > >> 443 available for WebSockets if they also run a webserver. It could be > >> done with virtual IPs or dedicated hosts but this imposes complex > >> requirements and costs over alternatives like CGI. > >> > >> The availability and capabilities of the OPTIONS and GET protocols also > >> varied from proxy to proxy. The IETF draft related to TLS > >> (http://tools.ietf.org/html/draft-ietf-tls-http-upgrade-05) has this to > > say: > >> ------------------- > >> 3.2 Mandatory Upgrade > >> > >> If an unsecured response would be unacceptable, a client MUST send > >> an OPTIONS request first to complete the switch to TLS/1.0 (if > >> possible). > >> > >> OPTIONS * HTTP/1.1 > >> Host: example.bank.com > >> Upgrade: TLS/1.0 > >> Connection: Upgrade > >> ------------------- > >> > >> So according to this draft spec OPTIONS is the only way to do a > >> *mandatory* upgrade of our connection. Once again this failed in testing > >> > >> ------------------- > >> => OPTIONS * HTTP/1.1 > >> => Proxy-Connection: keep-alive > >> => Connection: Upgrade > >> => Upgrade: WebSocket/1.0 > >> => Host: warriorhut.org:8000 > >> => > >> <= HTTP/1.0 400 Bad Request > >> <= Server: squid/3.0.STABLE8 > >> -------------------- > >> > >> Other proxies gave different errors or simply returned nothing. The > >> problem may be related to the Upgrade and Connection headers rather than > >> OPTIONS, since I had similar issues using Connection: Upgrade with GET. > >> > >> I had the most success using GET without a Connection: Upgrade header. > >> It seems that the proxy thinks the header is directed at it so it does > >> not pass it on to the remote host. In many cases it will abort the > >> connection. Using the Upgrade: header without Connection allows the > >> Upgrade header through to the actual websocket service. > >> > >> It seems to me that whatever we try in many cases the connection will be > >> silently dropped by the proxy and the reasons will be unclear due to the > >> lack of error handling. There seems to be a wide variation in proxy > >> behaviour for uncommon operations. I suppose proxy developers could fix > >> these issues but whether a significant rollout could be achieved before > >> HTML5 is released is questionable. > >> > >> Given that an asynchronous connection cannot be cached the only reasons > >> remaining for going through a proxy are anonymity and firewall > >> traversal. Automatically bypassing the users proxy configuration to > >> solve the issues above has the potential to break both of these. It > >> would be a significant breach of trust for a UA to bypass the users > >> proxy and some networks only allow connections via a proxy (for security > >> and monitoring). > >> > >> It seems that we're stuck between a rock and hard place here. In light > >> of this I reiterate my earlier suggestion that the time could be better > >> spent providing guidelines for communication via an asynchronous CGI > >> interface. This would allow reuse of existing port 80 and 443 web > >> services which would resolve the cross-domain issues (the CGI can relay > >> the actual service via a backend connection) and most of the proxy > >> issues above (since proxy GET and CONNECT are more reliable on these > > ports). > >> Shannon > >> > > > > "Mark Daniel" wrote in message > > news:01110d0c$0$20616$c3e8da3@news.astraweb.com... > >> yyyc186 wrote: > >>> The Minimum You Need to Know About Service Orieted Architecture by > >>> Roland Hughes > >>> > >>> Award-Winner in the Business: Technology/Computers/Internet category > >>> of the National Best Books 2008 Awards, sponsored by USA Book News > >> Congratulations Roland! > >> > >> (I purchased it when AU$ was almost at US$ parity :-) > >> > >>> You can find this book in Island Computer's Web store. ------------------------------ Date: 28 Oct 2008 08:50:02 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Bell Labs closes Message-ID: <9VDkJoPf$u83@eisner.encompasserve.org> In article <490537c7$0$9620$c3e8da3@news.astraweb.com>, JF Mezei writes: > > On the surface yes. But if , by the time Chain's costs/wages rise, the > western economy will be decimated and without viable manufacturing > infrastructure ? Rebuilding it will be very hard. Large companies who have relied on Chinese labor to keep thier costs down are already moving thier work to the US because in some cases it's now cheaper to do so. ------------------------------ Date: Tue, 28 Oct 2008 11:34:26 +0000 (UTC) From: Dale Dellutri Subject: Re: DCPS setpagedevice PS error on a Xerox WCP 35 Message-ID: On Mon, 27 Oct 2008 13:54:22 GMT, Jan-Erik S?derholm wrote: > Hi. > I just setup a new queue against a "Xerox WCP 35". > Or "Workcentre Pro 35" as it's also called, at least > I *guess* that it's the same printer ! > "Xerox WCP 35" is in the list of supported printers > in the DCPS management manual. > When printing (a text file printed as "ANSI") we get > an Postscript error from the printer. It's a page > with only the following text printed : > > ERROR: rangecheck > > OFFENDING COMMAND: setpagedevice > > STACK: --dict--, > Nothing else on the page and nothing after the ending ",". > The DCPS$xxx_PRODUCT_NAME logical is def as "Xerox WCP 35". > (But it didn't make any change when defined...) > And the DCPS$xxx_PARAMETER is def as "DATA_TYPE=ANSI". > (Didn't change anything either...) > Now, while looking for solutions I thought I'd post > a question here about it also at the same time. In case > someone else has seen this before... I've read the rest of the thread, and I don't know the printer itself, so I just have some random thoughts on printers: 1. The printer probably has a web interface that allows you to tweak settings. Are there relevant settings in the Postscript setup, for example, Postscript level accepted? 2. You can probably get more detailed info about the error from the printer itself. I found one document on the Xerox site "Retrieving fault codes from Xerox multifunction devices". 3. Is the printer set to autodetect whatever stream it receives (postscript, pcl, xerox printer language, straight ascii, ...) or is it set to expect only postscript? If only postscript, perchaps DCPS is sending non-postscript in this case (since you're printing PAR=(DATA=ANSI) ). 4. You have other printers that work. Are there differences that stand out in the printer setup (comparing the setup shown on a working printer's web page versus the xerox's web page)? 5. Does the Xerox printer have the latest software/firmware? (I have a Toshiba e-studio 35 coper with a plug-in module that allows use as a printer/scanner/fax, and I needed to get the latest firmware (an embedded Linux system) to get it to work with the various systems on our lan.) -- Dale Dellutri (lose the Q's) ------------------------------ Date: Tue, 28 Oct 2008 12:06:03 -0400 From: Paul Anderson Subject: Re: DCPS setpagedevice PS error on a Xerox WCP 35 Message-ID: In article , Jan-Erik Söderholm wrote: > I didn't know about the DCPS$TEST logical ! (And it's not in the > manuals...) Shhhh, it's a secret. > I guess that it's enough to re-start the offending queue ? Yes. > All queues are running it's own DCPS symbiont (so far). Having the logical name DCPS$MAX_STREAMS undefined or set to 1 helps in this case, since the DCPS$TEST logical name is interpreted when a new symbiont process starts. If a symbiont process can control more than one queue by having DCPS$MAX_STREAMS set to more than 1, you're not guaranteed of getting a new symbiont process when you start a queue. > I'll try that romorrow morning on the actual site. Since you're running spooled LPD to this printer, you can, instead of using DCPS$TEST, define the logical name DCPS$SPOOL_KEEP (or DCPS$queuename_SPOOL_KEEP) to be TRUE and then the temporary spool file created in DCPS$SPOOL_DIRECTORY will be kept after printing instead of being deleted. This file is the actual data being sent to the printer so it could be copied to another type of system and sent from there for debugging purposes. The queue does not have to be stopped or restarted after defining DCPS$SPOOL. And all these logical names should be defined /EXECUTIVE_MODE /SYSTEM. (The files created with the DCPS$TEST logical name contain some interpreted control characters; for example a ^T character would be the text string "Ctrl/T" in the file. That's easier to see but not to print.) Shhhh, that logical name is a secret too. Paul -- Paul Anderson OpenVMS Engineering Hewlett-Packard Company ------------------------------ Date: Tue, 28 Oct 2008 17:23:56 +0100 From: Michael Unger Subject: Re: DCPS setpagedevice PS error on a Xerox WCP 35 Message-ID: <6motk0FhvspeU1@mid.individual.net> On 2008-10-27 22:57, "JF Mezei" wrote: > [...] > > mark (or <<) /variable value /variable value /variable value >> will > create a dictionary on the stack and define all those variables with > those values. > > [...] > > It is a real shame that the VMS engineers ran some program to > purposefully make that code difficult to read. Not neccessarily -- there _is_ a simpler syntax to create dictionaries "on the fly", but this _requires_ a compliant "PostScript Level *2*" interpreter: | /NamedDictionary | << /Object1 Value1 | /Object2 Value2 | ... | >> def Michael -- Real names enhance the probability of getting real answers. My e-mail account at DECUS Munich is no longer valid. ------------------------------ Date: Tue, 28 Oct 2008 03:08:03 -0700 (PDT) From: IanMiller Subject: Re: Does anyone know what time it is? SYS$GETTIM Message-ID: <0a835b10-78df-432b-8ca8-db37d2639542@64g2000hsm.googlegroups.com> On 27 Oct, 14:13, "Stanley F. Quayle" wrote: > I'm developing an application on VAX/Alpha/Itanium that uses timers to co= ver I/O > operations. =A0Earliest VAX and Alpha versions needs to support V6.2. =A0= This application is > launched as a detached process, and needs to run 7 x 24. > > The code uses SYS$GETTIM exclusively to get the current time, and timeout= values are > added to that value, and then a timer is set (typically for 5-30 seconds)= . > > What happens when daylight savings time kicks in (or out)? =A0It's not cl= ear from the > manuals that those timers will still fire at the right interval. > > And what happens in V6.0-V6.2? =A0Or is the behavior the same as V7.0 and= later? > > Yes, I know that someone doing a SET TIME will mess this all up. =A0But I= can't prevent > privileged idiots from really messing things up... > > --Stan Quayle > Quayle Consulting Inc. > > ---------- > Stanley F. Quayle, P.E. N8SQ =A0Toll free: 1-888-I-LUV-VAX > 8572 North Spring Ct., Pickerington, OH =A043147 =A0USA > stan-at-stanq-dot-com =A0http://www.stanq.com/charon-vax.html > "OpenVMS, when downtime is not an option" If its a absolute timer you set then it will finish at the time you specify i.e if at midnight you set it for 02:00 then the clocks go back it will be three hours before it goes off. If its a relative timer you set then it will wait for as long as you set irrespective of time changes. The TQE entries are adjusted to make this happen. Read the big black book for details. ------------------------------ Date: 28 Oct 2008 09:01:06 -0600 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Fortran, debugger and Alpha/VMS 7.3-2 Message-ID: In article <6mnn33Fhnpk7U1@mid.individual.net>, "David Weatherall" writes: > We finally upgraded the Alphas in our cluster from V7.3-1 to -2 last > week. As expected, we never saw any problem until my colleague needed > to use the debugger with her Fortran (V7.5...) program. > > It contains a Structure/record like > > structure /asd$record/ > character*36 asd_name > character*36 efile_name > character*12 other_name > ... > end structure > > record /asd$record/ asd_record I don't know what specifically is causing your problem, but I would not define anything with $ in the name. Generally $ should be considered reserved to VMS. You might be tripping over some VMS factility named asd (although I don't know of any). Try structure /asd_record_type/ character*36 asd_name character*36 efile_name character*12 other_name ... end structure record /asd_record_type/ asd_record ------------------------------ Date: Tue, 28 Oct 2008 06:50:15 +0100 From: Wilm Boerhout Subject: Re: Java for OpenVMS registration for download broken Message-ID: <4906a827$0$8588$ba620dc5@nova.planet.nl> sean@obanion.us vaguely mentioned on 28-10-2008 2:00: > http://h18012.www1.hp.com/java/download/ovms/1.5.0/jdk5.0_form.html [snip] > Or is this just me? Nope, the website times out for me as well, as does the ping. /Wilm ------------------------------ Date: Tue, 28 Oct 2008 11:13:12 -0400 From: "warren sander" Subject: Re: Java for OpenVMS registration for download broken Message-ID: The backend server for that form got shutdown a few weeks ago and all the pages were supposed to be migrated to a new form processor. I've informed the site owners that they need to complete their migration to get those forms working -warren "Wilm Boerhout" wrote in message news:4906a827$0$8588$ba620dc5@nova.planet.nl... > sean@obanion.us vaguely mentioned on 28-10-2008 2:00: >> http://h18012.www1.hp.com/java/download/ovms/1.5.0/jdk5.0_form.html > > [snip] > >> Or is this just me? > > Nope, the website times out for me as well, as does the ping. > > /Wilm ------------------------------ Date: Tue, 28 Oct 2008 09:35:09 -0700 (PDT) From: etmsreec@yahoo.co.uk Subject: Re: Java for OpenVMS registration for download broken Message-ID: <17fa60cb-f16b-41b3-ba38-e024d22e907e@a3g2000prm.googlegroups.com> On 28 Oct, 05:50, Wilm Boerhout wrote: > s...@obanion.us vaguely mentioned on 28-10-2008 2:00: > > >http://h18012.www1.hp.com/java/download/ovms/1.5.0/jdk5.0_form.html > > [snip] > > > Or is this just me? > > Nope, the website times out for me as well, as does the ping. > > /Wilm I wouldn't expect the server to respond to a ping request anyway - I'd expect the HP firewalls to block ping and similar. ------------------------------ Date: Tue, 28 Oct 2008 10:41:07 -0700 (PDT) From: sean@obanion.us Subject: Re: Java for OpenVMS registration for download broken Message-ID: <2fa57612-dc67-4e77-9551-6857da65813a@r15g2000prh.googlegroups.com> Update: from my ITRC post I got an email stating that this is a known problem and it's being worked on. I was given a URL to a different server to do the download from, but was asked not to share it. I'll update this thread a little later as to how this goes... Sean On Oct 27, 6:00=A0pm, s...@obanion.us wrote: > http://h18012.www1.hp.com/java/download/ovms/1.5.0/jdk5.0_form.html > > Above is the web site for downloading Java for OpenVMS. > When submitting it's filled out registration form, connection to > ONLINECGI03.COMPAQ.COM times out, which also does not respond to > PING. > > The support page for the above page points to the same > ONLINECGI03.COMPAQ.COM so a direct complaint is not possible. > I've submitted this problem through ITRC... > > Or is this just me? > > Sean ------------------------------ Date: Tue, 28 Oct 2008 09:41:00 -0700 (PDT) From: etmsreec@yahoo.co.uk Subject: Re: supported SCSI interfaces in a VMS cluster Message-ID: On 26 Oct, 16:08, H Vlems wrote: > Last month I bought five KZPCM-DX SCSI adapters. Three of them are in > use and work wel under both VMS V8.3 and V7.3-2 in Alpha Server 1200's > and =A0Digital Server 5305. > This afternoon the idea of forming a VMS cluster with two 1200's came > up. I read the manual on configuring OpenVMS clusters for scalability > (V8.3 kit), especially appendix A. The KZPCM is not listed as a > supported SCSI interface. > Questions that I have: > - the manual doesn't mention the KZPCM at all, perhaps it is supported > to connect to a common SCSI bus? > - if not supported, will it work (after all this is a hobbyist > environment)? > - if it's not supported and won't work, what's the reason? > Hans Spookily, I read a few lines about this kind of thing in the v8.2 New Features manual this morning. P3-2 says: "Fibre Channel is supported as a shared-storage cluster interconenct on OpenVMS I64 systems but SCSI is not. (SCSI as a shared-storage clsuter interconnect is also not supported for OpenVMS Alpha systems for the recent SCSI adapters.)" I'm not sure how recent the KZPCM is off the top of my head. There were also issues with some differential interfaces and shared VMS buses, IIRC. ------------------------------ Date: Tue, 28 Oct 2008 19:00:41 +0800 From: "Richard Maher" Subject: VMS socket policy files Message-ID: Hi, Is any VMS System/Network Manager out there implementing (or looking to implement) a Socket Policy File a la mode de: - http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html It seems they've really tightened things up a bit with the "to ports" port level granularity eg: - and the centralized port for Policy File Servers as in: - [Adobe has filed with IANA, the Internet Assigned Numbers Authority, to reserve port 843 for the purposes of serving socket policy files. By introducing a centralized location for socket policy files, Flash Player enables a system administrator to define what ports are available through one master policy that overrides any other policy file on the host. If Flash Player 9,0,124,0 cannot retrieve a master policy file from port 843, then it requests a socket policy file on the port where it is trying to connect. However, if a policy file is available from a service on TCP port 843, then Flash Player considers that to be the authoritative set of permissions for that system.] Now, I'm not keen that the request is null-terminated and will require a specialized policy-file-server, and I'm a bit suss about anyone getting a copy of a hosts security access restrictions by just asking, but hey it's a shit-load better than what those xenophobic little-HTTPers over at HTML5 have to offer!!! (Oooh, we use HTTP headers and bollocks handshakes to ensure that everyone will suffer the tyranny of ports 80/443 for ever more!) SUN/Java (as of 1.6_10) is following Adobe, and Microsoft Silverlight is also falling into line (as well as doing their own thing surprise, surprise) so I'd suggest you pay attention to it. Look, I'm all for the status quo of same-origin policy, but this whole mash-up thing seems to be spreading further than Ajax and well and truly into Sockets. Anyway, I'm guessing that the pig-ignorant, jobs-worth slime that are in charge of most VMS systems in the world today will steadfastly refuse to punch *any* holes in their firewalls at all (as it might increase the amount of "monitoring" they have to do, but at least don't say you weren't told! Cheers Richard Maher ------------------------------ Date: Tue, 28 Oct 2008 08:43:07 -0400 From: "John Reagan" Subject: Re: Who is left at VMS engineering ? Message-ID: "JF Mezei" wrote in message news:48ffae65$0$9662$c3e8da3@news.astraweb.com... > BTW, aren't you technically an Intel employee ? Or are you still > officially VMS engineering and paid by HP ? > I've never been an Intel employee. I've had 3 badges: Digital, Compaq, HP all doing 100% OpenVMS compilers. At one point in my career, I had the same cubicle for 17 years. I just hit my 25th anniversary back in August. John ------------------------------ Date: Tue, 28 Oct 2008 15:25:30 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Who is left at VMS engineering ? Message-ID: <00A81C6F.F7359570@SendSpamHere.ORG> In article , "John Reagan" writes: > >"JF Mezei" wrote in message >news:48ffae65$0$9662$c3e8da3@news.astraweb.com... > > >> BTW, aren't you technically an Intel employee ? Or are you still >> officially VMS engineering and paid by HP ? >> > >I've never been an Intel employee. I've had 3 badges: Digital, Compaq, HP >all doing 100% OpenVMS compilers. At one point in my career, I had the same >cubicle for 17 years. I just hit my 25th anniversary back in August. Congrats on 25 years John. Are you sure that was a cubicle and not a padded cell? :) -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ End of INFO-VAX 2008.583 ************************