June 30, 2009
Proving An Open Future for ERP
Open source software is a good fit for the HP 3000 community member, according to several sources. Applied Technologies founder Brian Edminster plans to open a portal for such solutions next month, aimed at the 3000 site looking to modernize. What's more, complete app suites have emerged and rewritten the rules for software ownership. An expert consulting and support firm for ERP solutions is proving that a full-featured ERP app suite, Openbravo, will work for 3000 customers by 2010.
A software collective launched in the '90s by the University of Navarra which has evolved to Openbravo, S.L., Openbravo is utilized by manufacturing firms around the world. Openbravo is big stuff. So large that it is one of the ten largest projects on the SourceForge.net open source repository, until Openbravo outgrew SourceForge. The software, its partners and users have their own Forge running today. HP 3000 support firm the Support Group, inc (tSGi) has put its Entsgo spinoff on track to deploy Openbravo. All the pieces should be ready within nine months, said Entsgo's Engagement Manager Sue Kiezel.
Kiezel and Entsgo are part of the tSGi enterprise that grew up aiding customers of MANMAN, the venerable and stable 3000 ERP app. Entsgo is proving the open source ERP concept this year in segments outside the HP 3000 community. “We’re working on a couple of deals right now that are going to be closing relatively soon,” Kiezel said. “We believe that within six to nine months, the solution will be as robust as MANMAN was at its best.”
Open source solutions can span a wide range of organization, from code forges with revisions and little else to the one-stop feel of a vendor, minus the high costs and long waits. Openbravo is in the latter category, operating with 100 employees and having received more than $18 million in funding. If that doesn't sound much like the Apache and Samba open source experience, then welcome to Open Source 2.0, where subscription fees have replaced software purchases and partner firms join alongside users to develop the software.
Openbravo says the model is "commercial open source business model that eliminates software license fees, providing support, services, and product enhancements via an annual subscription." Entsgo/tSGi business consultant Donnie Poston said the one-stop model makes Openbravo attractive.
“The fact that you have a company that supports it, and you can subscribe to it and verifies it, upgrades it and maintains it — all of that under one company name was enticing to us,” said Poston.
Localization capabilities will be among the last pieces of Openbravo to fall into place, and tSGi president David Floyd says for some HP 3000 owners, the Openbravo solution is ready today. In the meantime, the open source model fits well with HP 3000 strategies.
“In the 3000 community, we’re used to the independence of the open source model,” said Kiezel. “We’re used to tools that are intuitive, and if you look at us, we should be able to embrace open source more than any other community.”
Open source practices turn the enhancement experience upside down for an application. In the traditional model, a single vendor writes software at a significant investment for high profits, then accepts requests for enhancements and repairs. A complex app such as ERP might not even get 10 percent of these requests fulfilled by the average vendor.
The open source community around Openbravo operates like many open source enterprises. Companies create their own enhancements, license them back to the community, and can access bug fixes quickly—all because the ownership is shared and the source code for the app is open.
Entsgo experts such as Kiezel are establishing a trusted advisory resource for Openbravo. Entsgo is a partner to IBM, HP, Oracle, Microsoft, and top-tier ERP vendors, serving small to medium-sized manufacturing and supply chain businesses in Texas and throughout the worldwide manufacturing community.
June 29, 2009
Ecometry migration steps beyond HP-UX
Migration to HP-UX was only the first step in the Potpourri Group's exit from Ecometry on an N-Class HP 3000. A serious bottleneck in IO forced the catalog and online retailer to migrate in a second phase, settling on the Windows version of the e-commerce software, along with new hardware.
IT manager Bradley Rish said that inefficiencies of the Oracle database design in Ecometry create a performance bottleneck. Their study of IO traffic revealed six files whose performance creates a bottleneck. And the best-performing file of those six "was still 20 times slower than number 7," Rish said, adding that Ecometry's design needs an upgrade to push the Windows edition faster than the 3000's MPE/iX and IMAGE.
Potpourri, which is a holding company that serves 11 other catalog brands, processes 3 million customer transactions a year through phone sales and the Internet. But one half of that 3 million flows in during the high-season's fourth quarter. To handle this business load, the Ecometry installation at Potpourri needed a wide spread of 76 disk spindles and four DL580 servers configured in a cluster. That hardware arrived after Potpourri had already installed and then walked away from an HP-UX RP4400 and its disks.
"Ecometry is IO unfriendly under Oracle," said Rish, "but it's less unfriendly under Windows than HP-UX. It's still not as fast as the 3000. [Ecometry vendor] Escalate need to get their act together on optimizing it."
Potpourri's board of directors put the migration in motion during 2005, after a couple of years of research by IT. The exit from the 3000 was based on HP's plans for the computer, not any inability to serve the 200-plus in-house users, plus Web transactions. The HP-UX version of the migration went live in 2007, while the Windows migration went into production mode last year.
Data migration required eight months, more than the IT pros at the company estimated. Rish said that two full-time pros, working the equivalent of one year each, were need to complete the migration to Windows.
Choosing those rack-mounted DL580s from HP got Potpourri to a wider selection of disk platforms. Reconfiguring the SAN environment cost $200,000 in disk hardware, he estimated. The entire project, including Ecometry's consulting, all software licenses and hardware, came in at $1.2-$1.5 million.
Potpourri has been live on Ecometry Windows for a year. Benefits Rish cites for moving away from HP-UX include more affordable Oracle licenses, improved horsepower (the DL580s use multiple 4-core Xeon processors), better options for cluster redundancy, and more in-house expertise. Potpoutrri went from a HP 3000-Windows experience to an all-Windows solution. Although the 3-CPU N-Class server had older disk technology, the Windows installation will need a database revision from Ecometry to meet the 3000-IMAGE performance.
Batch and job processing is an HP 3000 feature that migrating customers need to replace for Windows projects. Rish said Fluent Edge Technologies, which specializes in support of Ecometry sites both homesteading and migrating, suggested the Online Toolworks product SmartBatch.
Rish said that Potpourri is preparing a shift to a new PCI-compliant encryption solution. The company is targeting a May, 2010 go-live date for the new solution; the PCI compliance deadline is July, 2010.
He also said that the experience of migrating onto an Oracle solution has a personal benefit for any IT pro who makes the move. "It makes you much more marketable," he said, adding expertise in the widely-installed database. He added that Oracle's Linux solutions could extend career paths even further, since Oracle says that Linux is its leading development platform.
June 26, 2009
New solutions assist small shop migrations
Birket Foster likes to envision the world of 2012, a future that guarantees more migration experience will be in the community's consciousness. This spring we talked about this time well away from HP’s influence on 3000 ownership and migration. Foster's MB Foster is sharpening its message this year to reflect its business beyond 3000 expertise. In the years to come the company is booked to help manage migrated applications and environments running for customers MB Foster has migrated.
What has emerged—solutions, utilities, apps, IT strategy—to help the smallest 3000 shops step away?
When we look at the marketplace, it’s the small shops that are going to suffer the most. As soon as they move to Windows, there’s a lot more work to be done that what they had to do for their 3000s. HP 3000s are like a magic thing you set and forget. Moving from a 3000 to the Windows environment means you have to pay attention to things. Like putting new patches on, or some virus will break out. Or fixing the database from time to time to make sure it’s performance-tuned. Although the 3000 databases could get out of hand occasionally, it was very rare.
The good news for these shops is that those of us who have been migrating people since 2002 have refined the processes and introduced new tools. MB Foster built nine parsers in the last seven years. Some help with moving scripts from MPE-land to Linux or Unix or Windows. Some help with changing and fixing data on the fly, like moving integers stored in a Big Endian format to Little Endian. We also have a scheduler system written for Windows, one more like the job scheduler you had on the 3000.
We built these kinds of power tools to assist us in migrations. We’ve been moving data since 1985, so we know a lot about the context of data. Our team put a tool together for the datamart team that pulls an IMAGE database into Oracle or SQL Server. This saved people from having to write all the scripts to do that. By the time HP decided to phase out the 3000, we had a tool that got tweaked to generate a few new things to help migration to Unix, Linux and Windows.
Three years from now, does the market miss the final level of HP’s 3000 support?
No, those people are already working with companies like Allegro, Beechglen or Gilles Schipper. I’m sure that the only thing that annoys these guys is HP, announcing that it will keep taking money for support. That’s a long support tail, and HP has already removed resources from it. HP won’t stack any new resources behind it.
So more than a year after the announced HP support exit date, you think HP will continue to sell 3000 support?
I don’t think HP is planning on leaving the 3000 support business. As long as there’s enough money coming in, they’ll do it. And some of the companies just look at the support from an appliance point of view. They tell themselves, “As long as I can say the original vendor will support us, it’s the same as an insurance company that will support us, too.” But when the hurricane comes through, does the insurance company declare bankruptcy and go away? Or does it actually deliver?
In the 3000’s community of 2012, do hardware and environments carry the same weight in strategies?
It’s not just the 3000 market that’s changing. Companies have mergers and acquisitions and they want to make changes. You will be encouraged to come along.
Three years from now we’ll be closer to the point where the hardware is totally irrelevant and the operating system is totally irrelevant. Because the skills sets for those elements will be hard to come by, people who are going to manage and update security for systems will be working for the Regional Bell Operating Companies (RBOC) and ISPs. The larger hardware vendors want to do a virtualized farm for an RBOC. The servers you once spent half a million dollars on are being replaced by systems that cost $20,000. The vendors can’t sell the same number of servers, so they have to find a way of consolidating.
It’s 2012: What business resource is most in demand for 3000 shops making a transition?
It starts with the end-users. Since the HP 3000 is a robust machine, technology is not the issue. But when the end users leave, and the last person who knows how use MANMAN, you will be a world of hurt because you don’t have a training plan for how to train the next person in. It’s really going to be a human resource issue. The 3000 will probably run forever, given that you can swap a motherboard if you need to. The issue will be where to find a person to swap that motherboard, and how would we bring the system back up, and what does that mean to the application when it died in the middle of the day-end batch. Those are the kinds of things people are going to have to deal with at some point.
June 25, 2009
Trust in the Future, Through Experience
We think of Birket Foster as the community’s futurist. HP has made it clear to the community that the future of the 3000 won’t include Hewlett-Packard. Since the company is now counting down its last two years of support, we wanted to look beyond that coming initial year of post-HP operations. Seeing into that future, with more migrations and fewer homesteaders, seemed a lively exercise for Birket Foster, leader of the HP Platinum Migration Partner MB Foster and a forward thinker. His company has been in this market since 1977, and a Migration Partner since 2002. He wanted to envision the 3000 market 10 years after that date.
We talked about the world of 2012, three years from now and well away from HP’s influence on 3000 ownership and migration. MB Foster is sharpening its message this year to reflect its business beyond 3000 expertise. In the years to come the company is booked to help manage migrated applications and environments running for customers MB Foster has migrated. Foster calls this mission “providing the knowledge and experience to earn your trust.” We interviewed him just after he returned from fresh field work in the 3000’s e-commerce community.
Now that the HP MPE/iX lab has closed, will it affect the timeline for migrations?
If you’re already determined to stay on the 3000, the closing of the lab means nothing. The HP lab was doing less and less over the last five years anyway. It’s really about the applications, not about the 3000’s technology.
The correct answer to the question “When do I migrate” is “when the rest of the world changes over to the next major new technology.” When that technology gets introduced, and it cannot be incorporated into the 3000 in any way, then you end up with the 3000 unable to integrate.
I sat in a meeting with a CFO this month who said, “I’m going to be the last guy standing in the management team. Everybody is moving except me, because I’m the youngster. So guess what? I don’t want this on my watch, so I want to get the process ready. I’d like to start the process to mitigate the risk.” The people in the IT trenches don’t always understand that from a risk-mitigation point of view, management may vote differently. In this company, they brought somebody back from retirement to run the 3000. Does that tell you anything?
Seemingly small things can impact the future of 3000 transitions. Can you think of an element that’s been overlooked that will shape the future of the marketplace?
Availability of people who know how to support the applications. There are lots of hardware guys. It’s not just the people in IT, but also the people on the business side of the world. The last person in accounting who knows how the accounting system works — when he leaves, you’ll have to replace that system. That’s one of the biggest risks people are facing, whether they want to admit it or not.
It’s 2012. How much of the market has made the move by now? Who’s still on the 3000, who’s moved, and why?
Maybe 10 percent of the original installed base is left. Even today there are a lot of machines out there, but I know of companies that have plans afoot to get themselves out of where they currently are. That might not be by 2012, but it’s going to be pretty close to that time. For example, anybody who has a credit card application right now needs to be able to do certain kinds of encryption and protection for credit card numbers. Some applications didn’t handle that very well. If you just got told that your Visa, MasterCard and American Express merchant rights are going to be revoked if you don’t get onto the new application, I guess you don’t have a choice, unless you want to close the doors.
In the healthcare sector, there are new HIPAA regulations that make you ensure you can see who looked at a patient file. That’s often not going to have been built into the 3000 application.
It’s going to get harder over the next three years to put out a help wanted call that says “Wanted: HP 3000 programmer.” You’re more likely to get more response if want a Windows programmer, or a .NET programmer. Even a Java programmer, although we’ll see what Oracle does with Java.
I think you’ll be stuck with the small guys on the 3000. The big guys all will have moved, because they all have some kind of accountability to banking. Banks will start pushing down the chain on how much risk they have in their client base.
In fact, there are banks already doing that. Companies are having their risk profiles revised when they apply for their annual line of credit to cover payrolls or big inventory buys. Even though you’ve done business for 20 years, there’s somebody at the bank who’s going to look at you to see whether you’re a risk after all. During that process they may look at what’s critical to your business. If that’s an HP 3000, at some point somebody’s going to recognize it’s not HP’s price list anymore, so it represents a risk.
June 24, 2009
Persevere like print people to migrate
Rather than get an early start on the transition process, your community has worked like print journalists. Taking time to get it right, releasing nothing until it’s been proven. In a world where Wikipedia and Twitter and bloggers give us instant gratification, print reporters and old school IT pros say, “People can tell the difference between an apt enhancement and a new solution.”
The newest choices were not on our menus when we started our careers. Radio and TV told stories in chunks of 30 minutes or far less. News reports that could deliver insight surfaced on the pages of magazines, written weeks earlier, or in newspapers crafted by writers on long deadlines. That was the miracle of creating with slower tools: the sight of polished work rolling off trucks or streaming out of minicomputers onto terminals.
Before this becomes a bald paean to print and line-by-line programming, let me be clear. The superior tools of today create a better, richer life. But that’s most often true when they are used by seasoned craftsmen. On our May issue’s “inside back,” as we call pages 22-23, I preened a bit about the 1,000 blog articles now on our site. But each time I sit to write one of these, I express thanks for the ability to think fast and write tight, because print would permit us journalists to do nothing less. Maybe you feel the same way when you call on end-user interview skills or testing to deploy a helper app with Linux and open source.
Since we sent our February print issue into the mails, Denver has lost a 155-year-old newspaper and Detroit readers can’t pick a paper off their doorsteps four days a week. Print is perishing, little by little. But the demise of paper will be a very slow process, with steps as subtle as erasing pages from issues or printing smaller newspaper pages, like they’ve done in San Antonio’s paper. We like our paper. And people love computer solutions that just work, all the time, like that dial tone on the land-line phones.
Newspapers will leave us someday, but journalism will drive information as long as logic skills spark computing solutions. You can add all the Twitter follows, RSS feeds and cloud computing you want to your product. If you have nothing unique to offer, it won’t do the work of news. If the report doesn’t match the data, it might as well be a story. Imagination is served by youth, but going beyond data, to information, to knowledge, and finally arriving at wisdom — that demands a patient, print-like pace for information systems.
I feel proud to have survived in my craft long enough to see the negatives and plates of newspapers revered in State of Play, to say “I once heard presses in the back room creating a paper with my story on the front page.” The pride feels fine, but we must use our experience to embrace what’s improved even while we practice the fundamentals.
Your community is in a state of play this year and all through the next. Keep looking for those truths that the powers that be will try to avoid. Alternatives, be they transition timelines or bedrock solutions, offer essential value in challenging times.
June 23, 2009
Pages stay open in state of play
The story finished with shots of film across the movie screen. Close ups of negative film, getting prepped to make a newspaper, something to offer the world facts and ideals to live up to. Print publishing stands at the heart of State of Play, this spring’s movie about journalism, newspapers’ age, and speaking power to truth. Abby and I sat and watched the printing montage roll over the credits as she said, “The same way we still print the NewsWire.” I squeezed her hand and blinked back a tear, because print journalism remains stamped in my heart.
I entered journalism in 1980, an era when the only outlet for a deep story was pages of print. Pages created with the same method we use to make this newsletter you hold. Layout images become negatives, the negs become metal plates, the metal carries ink onto paper, the folded paper rolls onto a truck at the back door and into the world. Old school, like HP 3000 computing, built around old ideals.
But just like printed news, the costs to maintain these old ideals keep rising. This quarter the US Postal Service raised our rates to mail, and last year our ink and paper got a hike. Print journalism has no cost path to follow but upward. Experience with HP 3000 environments follows a similar track, since the resource of experts is becoming more rare. At the same time as old school economics creep up, online reporting and open source computing costs less. You may discover, if you have a wise eye, that you get what you pay for.
Near the end of State of Play, the print reporter Cal McAffrey shouts out a bit of gospel. People know the difference between journalism and chatter, he tells a politician. The former moves slower but is more certain of facts. The latter appears in legion, built upon opinion and spectacle.
But as we have learned here at the NewsWire, and you accept in your IT careers, the old and the new both deliver value. MPE/iX is superior in its elegance, reliability and its integration with hardware. Nobody will be tempted to use it to deliver Web-based information or drive applets with Java. There are fundamentals for any environment, however, and right at the bottom is genuine field information: support based on experience of participants in the real world.
To go forward with the 3000 as your computing heartbeat, you’ll need faith in your fellow man. Support solutions now flow from sources outside of HP. We’re now all working in the first year when the 3000’s creators will deliver no more hope of improvement or repair. This state of play is a risk some business owners cannot tolerate. Others see the risks in choosing the right replacement. For some, that’s a choice they cannot afford to get wrong.
June 22, 2009
3000s to depart Longs after long life
Longs Drug, the Western US drug store chain which once ran as many as 450 HP 3000s in the world's biggest 3000 network, will be turning off its last system this fall. The migration away from the 3000 began nearly a decade ago when the retail chain started moving a everyday applications onto HP-UX. The systems were located in every store, housed in an enclosure so foolproof only a slot for backup tapes was needed for access. Now HP 3000 manager Jim Alexander reports the last machine will be switched off sometime in October.
Longs was such a large HP 3000 customer that the company had its own dedicated HP 3000 rep.The company's history with the platform goes back so far that its IT manager Bill Gates chaired the HP 3000 Users Group Planning Committee -- in 1975. The company's dedication to volunteer support for the 3000 community has been continued through the 1990s and this decade by Donna Garverick, who left Longs last year to join the support staff of Allegro Consultants. Garverick, who remarried and became Donna Hoffmeister while she was volunteering for OpenMPE, is best known for Internet messages typed in lowercase only, because of her dedication (at Longs) to Posix under MPE.
Alexander, who's losing his Longs job next month, said in a weekend posting that a third-party firm will be administering the last Longs HP 3000 until this fall. He added that system will be in familiar hands.
Longs operated only a handful of HP 3000s by the time HP 3000 migration became a common task for the community. But the company was thick with users of the 3000 mail system DeskManager through the 1990s, and also broke ground with virtual array use, clustering, performance thresholds and so much more. Alexander outlined the end-game for the system's departure from a drugstore chain acquired by CVS.
I will be laid off on July 10th after 11 years with Longs. A well known company will be engaged to provide operations and administrative support ..The machines will be happy because in all likelihood, familiar fingers will be pressing the keys to do administrative tasks on these boxes, but I will let the audience figure out who that lower case loving person would be. ;-)
I am transporting one of the remaining HP3000 servers for Longs / CVS to the pharmacy distribution warehouse in Ontario, California this weekend. It will continue to operate for about four more months and then be shut down for good. It will be the test and development server to the production box that has been in place for years.
After about 30 years of HP3000s being at Longs drugs, with a high water mark of about 450 HP3000s, there will be no more HP3000 for Longs Drug Stores. Long live the HP3000.
June 19, 2009
Ongoing sales suggest panic has slowed
It's a dubious fact you'll hear among community members and partners: Practically just about everyone has migrated from the HP 3000. But 3000 resellers report that their continued sales suggest much less urgency to move this year than in 2005 or earlier.
"I sell 9X9s and e3000 N4000's every month," reports Bay Pointe Technology's Bob Sigworth. "The migration panic has slowed considerably. Are we selling to new MPE users? No. But there are many, I repeat many, large, companies that are adding to their infrastructure and have no plans to migrate. Why? MPE is solid as a rock and the third-party support people are better than ever."
The topic surfaced recently when options beyond the HP 3000 came up in the 3000 newsgroup. "What is OpenMPE fighting for?" said one community volunteer. "Some version of MPE that sits on a Windows or Linux box. What's the point of that?"
The point is the same as the data point of continued sales of 3000s and good third-party support suppliers. There's life beyond HP, and a life beyond the 3000. Companies make a case every day for both kinds of life. Nobody's in a panic by now, more than seven years after HP started its 3000 exit.
And if MPE can sit on a Linux box, that's important for hardware options far into the future. Hewlett-Packard's 3000 hardware, aging all the time, can be taken out of the homesteading formula sometime in the future, perhaps beyond 2012, when the existing hardware has run its course. (You can contact Strobe Data to see how this emulation works to replace hardware for the HP 1000, and Digital Vaxen -- and for whom.)
Many other things are needed to make MPE on Linux a success, like support, marketing, R&D -- the usual list of suspects to make any product succeed. Oh, modifiable source wouldn’t hurt, either. See that pipe to HP, above, to send your requests for real source.
June 18, 2009
Support Group partners with Blue Line for solutions
Offerings from the Support Group inc. (tSGI) gained scope and depth recently, when the HP 3000 outsourcing and support company announced a partnership with Blue Line Services. The companies, which are both headquartered in Texas, will share marketing and resources for on-site and support center operations.
"We have partnered our expert services to bring complete end-to-end coverage to the HP 3000 community," said tSGi Account Manager and Business Systems consultant Donnie Poston. "With our combined services you can now have HP 3000 hardware, software and MPE operations support and management under one roof."
Poston said the companies started talks about working together early this year, when engagements with HP 3000 customers gave the firms some common group. They plan to share customer lists and use each other's support teams to back up one another's client lists. Marketing and sales support are also on the combined efforts list.
The new partners also offer support, system sales and solutions for other HP systems. As an example, Blue Line is putting HP's LeftHand SAN storage solution into the mix of options for enterprise IT customers. LeftHand can be purchased from many PC-based suppliers, but resellers with HP 3000 background are fewer in number.
Even though tSGi is best known for supporting and implementing ERP applications, the company offers independent support outside that sector. "we have HP 3000/MPE accounts that do not use MANMAN," said Poston. "We manage the HP 3000 and OS for them. They either have homegrown apps, or have folks that manage the ERP/MRP type apps onsite."
tSGi announced that it is offering discount support rates for existing and new customers who sign a 2 year support contract.
June 17, 2009
OpenMPE list tracks unresolved challenges
The OpenMPE advocacy group worked with HP for almost seven years on post-HP support issues. The volunteer work was hamstrung from the start by two conditions dictated by the vendor. First, discussions directly with HP were confidential. Second, the volunteer group had no leverage with a vendor which was leaving a marketplace behind. In leaving the development lab business this year, HP's best effort still left unresolved challenges for homesteaders.
In source code matters, the vendor has not revealed which parts of MPE/iX code can be licensed for read-only access. It also offered no assistance in license talks with companies that own rights to internal parts of the OS such as the streaming module, Posix interface or basic-level ODBC middleware. (The last piece of software has rights owned by MB Foster Associates, whose chairman Birket Foster sits on the OpenMPE board, so talks should be uncomplicated on that module.)
Other aspects of creating an emulator — which would extend the lifespan for MPE/iX on newer hardware — haven’t gotten any public response. The HPSUSAN number for HP 3000 systems, wired into stable storage on HP’s gear, will need an equivalent in software for any emulator to use third party applications. HP will sell an emulator license for MPE/iX whenever an emulator hits the market. But such an emulator would provide no mechanism for app vendors to enforce licenses, unless HP opens up technical details.
OpenMPE requested the HP 3000 test and development machines from HP’s lab, but the vendor answered no, although these 3000 devices have no clear use to a 3000 lab which is so shut down not even HP support can use it. OpenMPE worked closely with the lab during 2007 to review the MPE/iX build process, hoping to ensure the OS could be unpacked later in the 3000’s life for fixes and patches. But HP didn’t finish proposed stages to complete this review, which would ensure outside engineers could decipher the code written in an HP variant language called Modcal.
The SSH security shell for MPE/iX is also on the OpenMPE issues list. The vendor has provided little assistance in bringing the tool up to industry standards for the Secure Copy Protocol (SCP). The SSH/SCP issue is a good example of lab work that’s been requested by OpenMPE but didn’t get addressed enough by HP to become a tool for 3000 homesteaders.
While HP did address a request for HP 3000 hardware internals documentation — again, with a ‘no’ — the vendor has reported nothing about making its Response Center’s knowledge base for 3000 problems available to the community in the future.
OpenMPE chairman Birket Foster says although his group is now facing a closed 3000 lab at HP, the unresolved issues may still benefit from resources elsewhere inside the vendor. “Just because HP’s  division has gone away doesn’t mean there are no more advocacy opportunities for OpenMPE,” he said. The group can petition HP’s support organization, he said, as well as the software license transfer group. SLT will be operating inside HP for the foreseeable future and can address the CPU board issues, Foster said.
“OpenMPE got a formal recognition from HP that they need to have the ability for someone in the field to change the stable storage on a 3000’s board,” he said, “in the case of an emergency where a machine blows up. These are things that would be of service to a community that paid HP’s [3000 expert] paychecks for years. There are still people inside HP whose checks come from the fact that they know how to spell HP 3000.
June 16, 2009
Retired HP lab leaves issues behind
HP’s 3000 operations closed out development this year with assurances the vendor had addressed all issues around exiting the community. But while a 3000 issues list logs many HP decisions, some key items remain unresolved.
The OpenMPE advocacy group worked with HP for almost seven years on post-HP support issues. The list of items which has grown and shrank has been maintained by group director Matt Perdue most recently. The board has signed an official Confidential Disclosure Agreement this year with HP, which curtails the information OpenMPE can share.
But the list the group could share with the NewsWire shows some missing procedures and unspecified dates for issues such as modernizing security software and receiving OS tapes during 2011. The uncompleted issues present a sizable array of projects and puzzles the community must complete or solve with other resources.
The issue with the broadest potential impact on homesteading customers appears to be resources for the HP 3000 hardware emulator project. Perdue said the OpenMPE board — which includes Alan Tibbetts of emulator vendor Strobe Data — asked if the 3000 emulator would get the same treatment from HP as Strobe’s HP 1000 deal.
“There are some things HP’s included that are going to help us, and a coule of things that we wish we had received,” Perdue said. “We’re talking about test suites [HP used on MPE/iX]. Without them, not even Stan [Sieler of Allegro Consultants] feels comfortable about releasing a binary patch that hasn’t been tested [with the suites].”
Tibbetts told the board that Strobe had to devise its own set of tests to work with the HP 1000’s RTE operating environment in emulation. “Why HP doesn’t want to release those MPE suites, I don’t know,” Perdue said. “I would think, why not?”
In a strict accounting of questions with HP responses, the test suite request has been addressed with an answer of “no.” HP refused to enable 9x7 servers to run modern versions of MPE/iX, or remove throttling in MPE that slows 3000s. But even discounting these refusals, some items have no details available this year, or even a deadline of when the processes will be revealed.
The process to unlock HP’s 3000-specific diagnostics has no deadline or details. HP said last year it would free up these tools after HP’s support ends, but not how much longer afterward, or how.
Per-call charges to restore 3000 CPU boards with HP’s SS_CONFIG and SSUPDATE utilities are not spelled out. These services are available to HP’s support customers, but only until 2011.
June 15, 2009
Thanks for reading for four years
This week I'm grateful for four years of your attention on our blog. In June of 2005 I took the first steps into the media that was called Weblogs at the time, and your support of us has kept the news business lively, fun and a-pace of the action in 21st Century computing.
Fun comes most obviously on April 1, when journalists follow the tradition of the faux news story. We talked about a Treeware Project, and a development mission to rewrite MPE/iX as social networking software. On our first two blog Aprils the Fool's Day fell on a weekend, so we had to set the comedy aside. We've also reported on a $7 HP 3000, which was no joke, and how HP blew up Unix and NonStop servers with C4 to prove how good they were.
There's also been fun in reporting the news people would rather not have made public. It usually requires public sources, people who are willing to take a chance on speaking up. The stand-up, on-the-record sources have become tougher to find over the 25 years I've written about the HP computer environment. The trend might seem safer for those who don't speak up. But it puts everybody who needs adaptation and new ideas at risk.
Perhaps there will be a renaissance in relationships between software vendors and their customers. But here, heading into our fifth year of reporting weekdays on the blog, it seems the suppliers of technology are spooking too many customers into caution -- when those customers need action and honesty from the vendors about their options. It's baffling that a company will support a vendor with cash in this rough economy, than cringe at the vendor's displeasure should the truth ever be told in an unfavorable light.
How you will ever ensure a productive relationship with a vendor which cashes checks and tells you to keep quiet, well, I don't know. It would be untoward to call it blackmail, but the integrity of such an arrangement is a hoary mess. What's the redress for an unhappy customer? The ancients back in the 20th Century used to run companies with complaint departments. Now if you buy Oracle you're barred from reporting on its performance, right in the contract.
As a more local example, spreading word that a 3000 installation can't be PCI DSS compliant doesn't tell the whole truth, or even a decent share of it. That Ecometry continues to do this, in the face of third-party solutions to the contrary, makes it plain who the company is working for. That would be its shareholders and officers, rather than the customers who mail support checks every month.
What's more, a user group that meets in private, and keeps its discussion under wraps, doesn't seem to be working for any 3000 homesteaders who use Ecometry. It certainly isn't of much use to anyone who's outside the meeting room until somebody goes public. Over my quarter-century, and four years of blogging, I've learned that going offline to resolve an issue can be that trap-door you see in the James Bond movies. You watch and say,"Don't stand there," but people still step onto the "give me your business card so we can discuss this" chute.
Happily, there are still independent and intelligent IT pros who see the benefit of keeping discussions out in the open. Blogs push us journalists into new reporting processes, because we don't have to wait for ink and paper to dry and mail anymore. The new beta-culture makes it plain that the myth of journalism's perfection is just that, a fantasy. Newspaper people—and I started as one almost 30 years ago—see their articles as finished products of their work. Bloggers—and every journalist blogs today—see posts as part of the process of learning.
These new practices help me get more information out there faster than the old days of envelopes and staples and weeks of knowing but being unable to tell. Everyone whose help I've received for a story should know that a "off-the-record" or background-only request is an automatic yes, unless I have to say no or abandon the story. But there's a story to tell every Monday through Friday here, a joy and sometimes a challenge. Thanks for keeping your eyes on us and our new news culture since 2005.
June 12, 2009
IBM takes a swing at 9000 migration
HP employees who once attempted to sell HP 3000s now promote HP's Unix servers as a mainframe replacement. But talking heads in the Big Blue community are pushing back in the other direction, using a hardware transition as an example of migration.
Over at Mainframe Executive, an article by analyst Joe Clabby details an IBM mainframe capture of an HP-UX installation. The software and IT services company KMD decided to leave move its software off an HP 9000, Clabby's article says, because HP left the company no choice but to migrate to HP's Itanium Unix servers.
The story is puzzling in its tone of accomplishment as well as sketchy on the details. The software company already operated an IBM z Series mainframe for many years. They decided to move the HP 9000 apps, including some software services business, to an in-house server. There's not nearly as much skin in the game when an IT director consolidates onto an in-house platform. The only risk is whether your flavor of Unix can be moved onto another variation, in KMD's case Linux on a mainframe partition.
We don't know what database powered the HP 9000 apps and services, a significant missing fact for a case study. But that's not surprising when reading Clabby's reports. Early in this decade he was moderating an HP Management Roundtable for the Interex user group. Then he was advising a company to adopt Itanium. Two-plus years ago he began to tout IBM products on the vendor's Web site. Has he been learning, adapting, or just finding another nail to fit the Big Blue hammer? Tossing around the word "migration" even has him mentioning the HP 3000.
There is a migration underway for HP-UX customers. If they want newer hardware from HP, they need to purchase Integrity servers, those powered by the Itanium chips that Clabby first supported and now derides. HP has stopped selling the HP 9000 servers which use PA-RISC chips. That business is just as dead as HP's 3000 sales. The difference? HP has no alternative for new hardware that runs MPE/iX from the 3000 world.
The HP 9000 customers have a path of migration, if you choose to call this shift by that name. HP's done all it can do to make the Itanium architecture a match for HP-UX apps. Our reports from customers show that the major work in moving to Itanium from PA-RISC involves home-grown code. There's a lot of that at KMD, according to the story, but customers who've migrated say they don't see a difference between the server architectures. Except that Itanium gallops like a racehorse compared to the pony-trot of PA-RISC.
Clabby's article appeared in an IBM Mainframe Web site/newsletter, so the hammer he swings at HP probably fits the Big Blue nails nicely. But if this is an exemplary success story for adopting mainframes, then replacing Unix servers with them looks like an idea that's not tacked down completely. Tossing the HP 3000 migrations in with HP 9000 moves is misleading at best. While HP has halted sales of both computers, the 9000 customers have options and HP's swelling discounts in a bad economy to keep them in the fold. The 3000 customers have the same discounts, but a whole other world of migration services and software to pay for.
June 11, 2009
Will PCI standards kick 3000s out of service?
The answer to the question is being researched by HP 3000 customers today. Those who accept credit cards for payments, and process more than 20,000 Visa sales a year, are preparing for new standards from merchant banks to meet the Payment Card Industry (PCI) Data Security Standard (DSS).
All major credit card brands collectively adopted PCI DSS in 2006 as the requirement for organizations that process, store or transmit payment cardholder data. Ecometry's HP 3000 customers know their e-commerce software vendor will not be certifying HP 3000s for the 2010 standard. But it appears that Ecometry's owner Escalate isn't qualified to certify PCI compliance anyway.
The standard is broader than just software design, covering practices and processes as fundamental as whether and how to store cardholder data. (Don't, unless you must; encrypted plenty if you do.) Escalate wants to convert every Ecometry site to the Unix/Windows versions of the app, which Escalate will be glad to assure as PCI DSS compliant.
But security vendor Paul Taffel, who's just rolled out new features in IDent/3000, says Ecometry is far from the only place to have compliant standards implemented. A Qualified Security Assessor (QSA) can perform an audit to verify compliance — so 3000 sites can continue to process credit card transactions. Or so it appears. Merchant banks will decide.
The PCI Web site and associated white papers include a vast, 28-page listing of QSA providers. A PCI council certifies these providers. QSA is conferred by the PCI Security Standards Council to individuals who meet specific information security education requirements and have taken the appropriate training from the PCI Security Standards Council. They must also be employed by an Approved PCI Security and Auditing Firm. These assessors will be performing PCI compliance audits relating to the protection of cardholder data.
Third party solutions are available to get 3000 sites better credit card security. "The combination of Fluent Edge’s credit card encryption with IDent’s other features, and Vesoft’s Logon security, together provide a robust set of features that certainly fulfill the spirit of the PCI requirements," Taffel says.
The simple answer, for the Ecometry sites who rely completely on Escalate services, would be yes: HP 3000s won't pass the PCI DSS. But any Ecometry site which plans to remain on the HP 3000 after 2010 will be using a third-party solution anyway, since the Ecometry app loses support in that year. These Ecometry customers are leaving their vendor behind to continue to use an application which does the job without many problems. That no-fuss model is what made the 3000 an elegant and efficient business choice to begin with.
June 10, 2009
New PCI utility adds 3000 compliance tools
HP 3000 software doesn't get much updating these days. I don't mean applications running business on 3000s. Those have to be enhanced and upgraded regularly. But 3000-based off the shelf apps, or vendor utilities, haven't seen much new code since 2005 or even earlier. The exceptions to that situation are starting to work together.
Last week the community got notice of a new feature for IDent/3000, a PCI compliance utility written, sold and supported by Paul Taffel. He's developed numerous solutions for 3000s over the past two decades. At one time he was developing for Orbit Software, and most recently he's been in the development team at Quest Software.
Taffel's IDent/3000 added the ability to detect file changes by means of "of a cryptographically-secure state-of-the-art checksum algorithm, Whirlpool. Whirlpool creates a 512-bit message digest for each monitored file; IDent stores these signatures, and uses them to detect new, changed, and deleted files."
3000 sites in the e-commerce community have deployed IDent over the past year. Taffel is looking for more traction for a tool that appears to have many unique security features. He says he created IDent when Adager's CEO Rene Woc put him in touch "with a couple of Ecometry sites who realized that there was no way to meet PCI requirements with existing MPE features. These sites fed me with requirements, and I came up with a collection of solutions to take care of each requirement."
His current duties extend the security of a 3000 server which processes many late-night purchases from Americans watching television.
Taffel developed IDent/3000, then landed a job at Mouton Logistics Management, which runs its own customized e-commerce app. Mouton is a processing clearinghouse for many vendors who sell through infomercials. In a weak economy, Taffel says, infomercials are doing strong business.
The Ecometry sites working with IDent want to remain on their HP 3000s. Taffel counted on advice from IT managers at Ecometry customer sites. Ecometry has reported at its latest user group conference that 75 sites that haven't scheduled any migration away from the 3000. Other companies have home-grown e-commerce solutions on a 3000.
"The company makes a lot of use of their 3000s, and needs to become PCI-compliant, too," he says. "IDent covers all parts of the PCI spec with the exception of credit card number encryption (because Ecometry already provide that option). I am also working on credit card encryption for Moulton, but that is not included in IDent."
Taffel outlined the features that IDent offers to companies that need to meet new PCI standards in 2010:
- TurboIMAGE rule-based access control.
- Logging read/write access to datasets/files containing critical data (e.g. credit card numbers)
- log files can be automatically FTP’d to remote systems for extra security.
- cryptographically-secure checksums used to detect changes to operating system files.
- ability to protect filesets from tampering. In most cases this means log files. IDent can stop anyone (including SM users) from removing log files using any means.
This last feature, protecting log files, is essential for PCI. Taffel says that it's "key that if you have a breach, which parts of the database have been compromised? You must be auditing the access to know the extent of the compromise." If a hacker gets into data and then erases the log files on the way out, encryption alone isn't going to repair the problem, or satisfy PCI auditors.
Even the Whirlpool algorithm can't secure a system if implemented incompletely. "My main problem with encryption is with its real-world use," Taffel says. "There are a lot of front doors getting bolts added while back doors remain open."
Security software is never a favorite investment for computer owners. "No one invests in security software unless they have to," Taffel says. "Most small companies can self-certify that they’re PCI compliant, but the bigger ones have to use external auditors, so they’re the motivated ones."
PCI is posing plenty of puzzles for IT directors. "The PCI requirements are not 100 clear," Taffel says. "Everyone who reads them comes away with a different understanding of what they require. Hence, IDent is highly configurable, basically a collection of tools that can be configured as each site sees fit."
June 09, 2009
HP educates on virtual servers today
The HP user group Connect gave us notice late yesterday that HP will offer instruction in an hour-long Webcast today. Virtual servers offer a potential upgrade for HP 3000 sites who are migrating, but the concepts differ from 3000 fundamental architecture. Andy Schneider of HP will talk at 2:30 PM CDT (19:30 Central Europe time) on Mission Critical Virtualization Solutions with HP Integrity Blades and HP Virtual Server Environment.
Registration for this free GoToWebinar is open online at the Go To Meeting Web site. Schneider, who's with HP's Software Virtualization team in the Enterprise Storage and Servers unit, will show the latest deliverables for HP Integrity Blade server environments,"including processing capabilities, network/storage interconnect technologies, and their interaction with HP Virtual Connect capabilities." This Virtual Server Environment (VSE) is one driver toward migrating to the HP-UX environment.
Promising an insight on "unprecedented business outcomes," the Webcast page says Schneider will talk about the processor and networking upgrades in the Integrity Blade line.
June 08, 2009
Escalate steps up e-commerce compliance
HP 3000 shops which accept credit cards face a July 2010 deadline for compliance with new credit card security. These PCI regulations got addressed at the recent Escalate Retail users conference, the meeting of what the 3000 community once called Ecometry sites.
MB Foster Associates has prepared a PDF briefing document on the e-commerce/retail meeting, held during May in San Diego. Escalate said that Ecometry installations — there are now more than 400 — make up about a third of the Escalate revenues. The software has been available on Windows and HP-UX since 2005. Officials added that 25 HP 3000 sites migrated to other Ecometry versions during 2008. A backlog of more than 25 sites are "pending go-live" onto other platforms from the 3000.
There are also 75 Ecometry 3000 sites, out of 2002's high-water mark of 325, who haven't planned a migration, or engaged with Escalate to migrate.
PCI compliance has been driving some HP 3000 migrations. Escalate is not deploying technology for the MPE/iX Ecometry version that can meet the 2010 standards. At the conference, MasterCard representative Mike Green outlined the details of PCI compliance, including the PCI Security Standards Web site for a self-assessment of required security practices.
The MB Foster briefing said that
The MB Foster briefing also mentioned an Escalate Migration Service, which the app vendor said "is like a new install," that costs between $96,000 and $413,000, depending on complexity. "The surround code is over and above that," said Birket Foster. "Surround code includes reports, extracts, interfaces to other systems, and any customizations or applications written to interface with the Ecometry system."
The 75 non-migrating Ecometry sites have recently gained an option for PCI compliance in a new software solution for MPE/iX, however. Encryption technology has emerged from a veteran developer that's aimed at making credit card vendors who use 3000s meet PCI compliance. Ecometry won't be issuing any PCI certification for its MPE/iX software, which leaves these sites no option but to follow an independent path, with non-Escalate support for their application in the future.
June 05, 2009
Unix celebrates 40 years of choices
This summer the Unix operating system celebrates its 40th anniversary. The HP 3000's OS won't roll over to its 40th until 2012, but any Unix use back in 1969 would have to be labeled experimental, considering the environment was built for colleges, laboratories and government defense. HP's Unix, HP-UX, came onto Hewlett-Packard's product lineup in 1983. HP built its version upon the System V release from Bell Labs
Unix has survived at HP because of its popularity around the IT world. But being chosen often doesn't always confer superior technology. Unix holds the dubious distinction of having a book written about its shortcomings, The Unix Hater's Handbook, perhaps the only book ever dedicated to deriding an OS. But HP, along with vendors like Sun and IBM, have pumped decades of engineering into Unix to make it a business solution.
HP certainly did not start selling the OS with business in mind. The first versions in 1983 through 1985 were written strictly for engineering workstations, relics such as the HP Integral portable PC (above) and the Series 500 desktops. When HP bought Apollo Computer in 1989, advances such as Unix sockets were being integrated into HP-UX.
HP's Unix got the jump on MPE/iX in the first generation of the Precision RISC hardware releases (Series 800 and 900). In 1986 HP had to double back and revise its MPE port for the new hardware, while HP-UX, created using the same base MODCAL language as MPE XL, was ready first.
HP shipped Series 840 Unix systems to business customers before the HP 3000 Series 930 was ever ready. The 930, underpowered to start, had to be replaced with the Series 950, causing more delay. Some say the 3000 never retained any edge in HP's business computer line ever since.
What is misunderstood is the proprietary nature of Unix versions. Only the more recent distributions of Linux come close to the "open system" promises of those late 1980s rollouts. A look at a detailed family tree of Unix evolution over the last four decades illustrates open, closed and hybrid versions from Sun, HP, IBM and others. There's plenty of red "closed" versions in the chart above, including those being sold today by IBM and HP.
HP-UX was the first Unix to use access control lists for file access permissions rather than the standard Unix permissions system. HP-UX was also among the first Unix systems to include a built-in logical volume manager. In such advances the Unix vendors have given the IT community a way to distinguish between vendors' implementations. There are standards today for Unix implementations, a vast improvement over the Unix Wars of the 1980s, competition between the opposing versions of Unix.
Unix has been rich with choices ever since its inception, being developed by a community of programmers until vendors stepped in to differentiate features. But its glue is the common command set that gives administrators and developers a leg up on one Unix if they know another version. The commonality enjoyed perhaps its brightest moment came in the climax of Jurassic Park. To erase the threat of rogue dinosaurs, one character must take control of the park's computer. "It's a Unix system," says Lex. "I know this!" She then proceeds to navigate the files with the ease of movie computing to save the day.
June 04, 2009
HP releases newest 3000 patch
Hewlett-Packard posted notice of a new patch for the HP 3000 late last month. While the repair covers only an obscure problem, the release indicates the vendor continues to test and post minor engineering for 3000 owners.
HP said it would not be creating this type of software for the HP 3000 starting this year. But MPENX21 was built in response to "an obscure security hole" which was reported by Allegro Consultants co-founder Stan Sieler some time ago. While he's not sure when he requested the fix, he has installed and tested the new code — which seems to be the only way to tell what HP has repaired.
HP released the code with a notice as vague as anything community veterans can recall.
That description will cover just about any security patch for MPE/iX. "Not only are there no specifics," Sieler reported, "but they seem to never tell the original submitter of security problems that their problem has been fixed."
MPENX21 was not built to plug a data security hole, a mission you might expect to benefit HP's remaining 3000 support customers. "It wasn't a hole I was particularly worried about, because it was extremely obscure, and led to a system abort, not to a data security breach," Sieler said.
Hewlett-Packard operated a complete and impressive patch service for 3000s during the 1990s, a period that support experts still recall well. Especially in comparison to the non-information and lack of notice to those who filed service requests (called SRs in the old parlance).
The company's old Software Status Bulletins gave 3000 owners a way to match Known Problem Reports against a list of what the vendor had fixed. This was so long ago the SSB was a thick document issued in print. HP-UX support still can count on Response Center support engineers who who want to get to the root of some bugs which cause system hangs. They follow up, but requests still descend into a cubbyhole where HP decides whether to repair the bugs. System managers report they must notice on their own that a patch sounds like a problem they've reported.
The open source software model doesn't offer vendor-based support such as this, but the level of open source service seems only a little behind what's on offer today. One developer says that all he needs for open source support is a critical mass of people running the software, investigating problems and maybe correcting them, and posting some of the repairs in a manner that can be searched via the Web.
Searching "MPENX21" doesn't yield any Google hits which relate the HP 3000. This is the best reason of all to have a support company backing up your HP 3000 operations. HP has pared back its notifications about operating system repairs.
June 03, 2009
IT manager turns to homesteading 3000s
Independent 3000 support continues to grow as a cottage industry. Hewlett-Packard imagined that commerce in the 3000 community would rise as the vendor fell back from the system. But HP didn't have visions that former chiefs of 3000 shops could turn their skills into dollars the open market.
At least not by 2008, when a raft of small-shop supporters have surfaced. One of the latest to bob onto our charts is John Bawden, running Homestead3000. He's the former IT manager for QualChoice, a third party administrator of health plans in Ohio which ended its business in 2007, selling off 68,000 Medicare subscribers to WellPoint. In addition to a new full-time IT job elsewhere, Bawden continues to do remote management of the remaining QualChoice HP 3000.
Using a signature line of "HP 3000 Forever," Bawden reports he's allied with hardware reseller and service supplier Black River Computer in the Cleveland, Ohio area.
Bawden describes a situation we like to label a "soft retire," a way of ending full time work but keeping options open for 3000 engagements on contracts after those traditional work-weeks wrap up. The 3000 community has a broad field of support experts who run the gamut from hardware and software sales and support (Pivital Solutions) to software support plus backup service with numerous application and utility firms (Allegro Consultants) to the outsourcing and support operations such as the Support Group inc.
Bawden and his Homestead3000 consultancy represent the entry-level tier of MPE/iX and system support. 3000 owners contract with professionals like him when their final MPE expert has left the firm.
Because of the full time job I haven't been looking very hard for any more work, and probably won't until I retire from full time work next year. Then, if there is anything out there...
June 02, 2009
HP, Dell show caution to the winds
Hewlett-Packard is a bellwether for the world's economy, but the vendor won't toll the beginning of a recovery anytime soon. HP's stock is one of the 30 Dow Jones Industrials blue chips, so its fortunes have a direct impact on the world's perception of economic rebound. CEO Mark Hurd expressed caution last week while he briefed financial analysts in HP's semi-annual presentations.
According to the HP chairman, it's been years since the IT marketplace enjoyed a robust round of purchasing. It was sometime in 2005 when the sales flowed for HP's products, including the servers which HP sells to replace migration-bound 3000s.
"The buildup now of four-year-old desktops, four-year-old notebooks, four-year-old servers, this is creating quite a bubble," Hurd said at Sanford C. Bernstein & Co.'s Strategic Decisions conference. "There's going to be a time when there's going to be some real opportunity here."
This kind of bubble has been a steady element of HP 3000 ownership. Five years was the more likely span between major 3000 upgrades, and many customers could push their purchases closer to a decade, so long as business didn't grow too fast. This pace didn't match the churn in PC-based and Unix server sales, so HP retired its 3000 business in favor of the faster-growing IT products.
For now the company's financial and services sectors are providing the majority of HP profits, while ink and printers continue to chip in their 40 percent. Hurd said he's confident HP can hit its profit forecast for fiscal 2009, but he won''t speculate on the timing of a turnaround in tech spending.
HP's chief rival in the Windows-based server arena, Dell, relayed the same kind of caution in the wake of a poor quarterly report last week. The company's CEO Michael Dell said he's "seeing a big deferral of purchases among corporations," while he revealed results for the period that ended May 1. Dell's Q1 earnings dived 63 percent as sales dropped 23 percent.
HP's Q2 report showed the same kind of declining trend as Dell's Q1. Dell posted the second straight quarter of big profit declines. The company doesn't see prospects for improvement. "We don't believe there's enough momentum to call a bottom yet," added Chief Financial Officer Brian Gladden.
June 01, 2009
HP's Unix rebuffs Java security exploit
A new critical patch for the HP-UX operating environment — a key element in many HP 3000 transition plans — has closed the door on the latest security hack.
Java can be forced to execute rogue code on HP's Unix, as well as many other flavors of the OS from other vendors. Versions B.11.11, B.11.23, B.11.31 of HP-UX are affected, running the Java Runtime Engine 6.0.03 or earlier, or RTE 188.8.131.52 or earlier.
The problem's details, scant as they are, are on the HP IT Response Center Web site page dedicated to the security breach. (You'll need a password and user handle to log in. These are free.) The patch is HPSBUX02429; the service number is SSRT090058.
HP says "you could be at risk of a serious recoverable error if action is not taken." The HP 3000 version of Java doesn't use these more recent runtime engines. But Java on the 3000 isn't a fully functional tool, either.
Not all vendors have written a patch to close Java's security holes under Unix. One back door remains open for Apple systems, even after six months of notice about the breach. Apple's OS X is still missing a patch as of this week, much to the dismay of system admins. One developer has actually published a how-to, proof-of-concept exploiting this breach, to nudge along the Apple patch.
The secured versions of Java for HP-UX are available at HP's Java Web site.