August 30, 2012
In the Beginning, There Was Tape
By Brian Edminster
First in a series
In the beginning, there was tape. And if you’ve been around awhile, you remember it was on big reels about a foot across, was about a half-inch wide, and could have as much as 2400 feet of it on a reel. Yeah, they were heavy, too.
Data was recorded in parallel ‘tracks’ along the length of the tape. In this case nine of them, hence the name ‘9-track’ tape. At 800 bpi, that yielded a capacity of nearly 20Mb. Later technology allowed higher density, when 1600 bpi upped that capacity to about 120Mb. The last incarnation of 9-track was a whopping 6250 bpi — yielding nearly 1Gb of storage for a single reel of tape.
By comparison, anyone can get USB flash-drives that’ll hold 16Gb for $10 down at Walmart.
Very few, if any later model 3000’s (those that run MPE/iX vs. MPE/V) will even have a 9-track tape drive on them. And that’s a good thing. These 9-track tapes take up far too much physical storage space, and are far too slow to read and write. They might have been okay, back when disk drives were 50Mb, 120Mb, 404Mb, or even 570Mb (the capacities of the old HP 7920, 7925, 793x, and 7937 disk drives, respectively).
Unfortunately, a 2Gb drive is pretty much the smallest drive you’ll see on a 3000 these days, and larger drives are more common. This presents a problem: What do you do when it takes potentially dozens of tapes — and many hours — to do your daily backups?
Again, advancing technology comes to the rescue. Instead of further density increases on 9-track tapes, a variant of the digital cartridge tape called DDS (Digital Data Storage) came into common use for backups. For any new managers who haven’t seen one, a DDS cartridge is just a little smaller than a standard pack of cigarettes.
DDS drives and media also progressed in technology over time, growing in both speed and capacity (and generally, in reliability as well) as the table below shows.
As it turns out, transfer speed (how fast the drive can read/write data) also scaled upwards as capacity grew — so that even if you didn’t need the capacity, there’s often a speed advantage to the larger capacity drives. For any system that needs a new or replacement DDS drive, I’d never recommend anything less than a DDS3, unless there was an absolute requirement to write DDS1 tapes.
Also note that once you get to DDS3 and beyond, you’ll likely need a dedicated SCSI channel for the drive, in order to take advantage of the drive’s speed. If you cannot keep the tape drive’s buffers fed, it has to stop and re-position, which slows it down significantly. Note that this can occur while reading tapes as well.
If you have sufficient CPU capacity available, software compression can also speed up reading/writing of backups by reducing the amount of data sent to and from the drive. I’ve also heard from people I trust that you are unlikely to experience the difference in backup time which is implied by read/write speed difference between DDS4 and DDS5 — at least not when attached to a 3000.
As I mentioned in an article covering VSTORE on the NewsWire’s blog, DDS drives slowly lose alignment as they wear. They have a remarkable tolerance for this, all things considered (especially DDS3 and subsequent drives). It’s still something to be on guard for, especially if you’re relying on your backups to be readable when the chips are down.
Regarding media reliability: various sources give differing answers, but as a general guideline DDS tapes will take about 100 passes or so before they wear out. If you use the same tape once a week, expect to get about two years life out of it, before it wears out. You could get more uses, but the longer you go, the farther you’ll get into borrowed time territory. Don’t expect a catastrophic failure, but you’ll have to clean the drive more often. And face possible write failures and/or VSTORE failures.
Failure is not something you want to tempt by scrimping with your backup tapes. Buy the best quality you can, and replace them yearly. Like doing backups in the first place, it’s cheap insurance. Would a rock climber wait until his ropes break before replacing them? I know I wouldn’t.
Next time: New media for a new millennium
August 29, 2012
What's Overlooked or Lost: Test Disciplines
Whether a 3000 customer is hanging in there for good business reasons, or heading off to another platform, they all need testing skills. Retirements and workforce reductions contribute to the loss of those disciplines. One advantage of making a migration is a refreshed demand for testing. After all, changing environments means measuring the effects of those changes.
During a recent online presentation about migration practices, the scope of that underestimation was revealed. Figure on three times the amount of resource for testing, experts say, as you'd initially budget. About a third of the cost and time to make significant changes of applications or an environment should go into testing. The lucky part of that costly equation is that at least on enterprise systems, you can work to replicate bugs.
Touchpad interface developers are not so lucky. Give a user an infinite number of ways to touch a screen, swipe it, pinch it or tap it. Then when an app crashes, try to replicate the exact combination of user interface actions. Testing, says Allegro's co-founder Steve Cooper, is much more complex in that world of BYOD apps.
Complex testing is an artifact of the rising art of systems. Where the HP 3000 can guarantee that programs written in 1978 would run in 2008, the 2010 iPads cannot run software built less than two years later. Testing is costly, and remaining in place on a platform like the 3000, for business reasons, reduces the need to do it. When you do go, an HP 3000 expert might be out of their depth in juggling development tools of Java, Ruby or even iOS -- but some of those veterans know testing disciplines better than any recent graduate, offshore, or near-shore programmer.You have a test which you execute and watch fail before something is fixed, "and then it won't, after it's fixed, and you add that to the regression test suite," Cooper says. "That means you can tell if you ever accidentally introduce that bug back again."
There's a lot to know about testing, and some of the methods don't involve higher technology tools at all. One major 3000 migration at an insurance firm of Fortune 500 size took place because the users' possible interactions were recorded, one screen at a time, using Microsoft Word documents. The magic there was the ability to analyze human behaviors against the potential of each program. That can happen more quickly with someone trained as a programmer-analyst, or a P/A as they were called in the earliest days of the HP 3000.
Analysis skills are not in vogue like creativity skills or the magic of mobile among the tech workforce. Everybody wants to be a creator, and there seems to be no limit to the size of such teams. The number of people involved in creating a program tells a lot about the ability to test it. Cooper estimated that perhaps three people were working on HP's IMAGE team, from what he recalls hearing in the '70s. All of MPE was at first maintained by five people. No more than three developers maintained the 3000's systems language, SPL.
Fewer voices made more robust systems in those legendary times. The accepted wisdom was that three people arguing in a room over how to create a robust program was about the right number. There is certainly a lower number of IT pros who can perform the higher-order thinking of test disciplines. That number will not necessarily improve just because the next systems and programs are more popular. Auditors aren't popular either, but the real money in enterprise computing flows through them and their tests.
August 28, 2012
Porting to Posix on the HP 3000
One of the leading lights in HP 3000 development has been researching how to port software to Posix under MPE/iX. David Dummer, who created DataExpress and played a major role in making Transact a genuine language, was looking for help to resolve an error while compiling.
Why would a 3000 homesteader want to port software to Posix? One reason is to ready an application for the journey to one of the *nixes, like HP-UX or Linux. Here's Dummer's dilemma.
I have been trying for some days to port a Unix application to an HP 3000. One of the source files contains calls to the Posix functions of 'tcgetattr' and 'tcsetattr' for terminal handling control. I compile this source under the Posix shell, as the MPE C compiler doesn't appear to be able to find the included 'termios.h' header file. The application program is then created by the MPE linkage editor.
At execution time the loader denotes the two Posix functions as unresolved externals. From my reading of articles on Porting to Posix I would have expected these two functions to be in the relocateable library file '/lib/libc.a'
I then decided to write a makefile and to perform all of the compile and build functions under the Posix shell. This appears to cure the missing function problem, but the resulting application aborts before reaching the first statement in the mainline program.
Mark Bixby, who wrote that seminal resource on porting to MPE applications to open source, weighed in with some advice for developers.Bixby was cautioning homesteaders as far back as 2002 that they'd need to get comfortable with porting, because crucial 3000 software was certain to be in need of upgrades over the life of a homestead installation. Bixby's now working at K-12 app provider QSS, which is still supporting HP 3000 apps.
Lars Appel, another prodigious porter who moved Samba across to MPE/iX, pointed at repositories of these wrappers which are still online, hosted in the independent community now that HP's closed down that HP 3000 Jazz server.
My extensive MPE Posix porting knowledge has largely been recycled in the eight or so years since I last did substantive MPE work. But if I recall correctly, the libbsd distribution -- or perhaps was it the Posix porting wrappers -- which used to be available from jazz.external.hp.com contained tcgetattr and tcsetattr implementations.
As far as I recall, Steve H's porting wrappers also included those two. The Client Systems main Jazz page leads to http://clientsystems.com/portwrappers650.html
And you can typically only compile and use those few routines that you need -- you don't have to build and link the whole wrappers package.
More advice came about the Posix shell commands cc or cc89, a script with lots of extras added. Reports said it was pretty tricky to replicate that at the MPE command prompt. So the first rule of success would be to compile Posix programs only under the Posix shell.
MPE: run .\testposx;unsat=debug will get a developer to debug, for anything that was called but not available. Otherwise, use MPE: run .\testposx;debug
August 27, 2012
The Security of a Slenderizing Supplier
Over the last three business days, the world's investors and computer customers have watched results of a radical slenderizing program. Hewlett-Packard is taking its early steps on the treadmill to becoming a leaner provider. Its most radical move just resulted in shedding all of its profits for the quarter that ended in July. HP's going to sweat out its extra weight, one 90-day period at a time.
This time around it was HP Services that forced Hewlett-Packard to drop pounds. The vendor had been eager to jump into lucrative outsourcing business since early in the previous decade. After the board of directors killed off Carly Fiorina's plan to acquire Price Waterhouse Cooper, a few years later EDS became a part of HP, at a price of $14 billion. Writing off $8 billion of that outsourcing business as lost goodwill just pushed HP's earnings into the red.
HP's numbers showed that it was the first time in more than a decade that HP put red ink on the bottom of its balance sheet. It was the largest loss HP ever recorded in a single quarter, and only the third in the company's history. But the $4 per share loss was a sign that HP's slenderizing is serious. Its CEO Meg Whitman has said the company needs to do less, in the hopes of doing what remains even better.
But you do want a leaner HP, if you're sticking with this vendor. You just don't want it to lose the muscle of enterprise computing, the datacenter tech business, while it gets smaller. Today HP's stock closed at $17.21. You have to go back more than nine years to find a close that's lower, back in the 2002-03 era when the business world was digging out from 9/11's disasters. HP's market cap has slimmed down to just 5 percent of Apple's, and 15 percent of IBM's.Enterprise numbers from that slenderizing quarter didn't look good. HP's efforts at selling HP-UX, Integrity or other vendor-proprietary products have been on a crash diet. Nothing is dropping faster at HP than sales of the Business Critical Server products, slimming down another 16 percent over the summertime. Despite moves like winning its lawsuit against Oracle to claw back database futures for Unix, or introducing the least-costly NonStop server ever, BCS isn't going to rebound. HP admits it while it talks about futures that include Intel Xeon chips for Unix's best features.
There's going to be some hungry quarters ahead for investors seeking profits off HP. The company has fully embraced the big-picture of its slenderizing by clinging to non-generally accepted accounting practices (non-GAAP) for its 2012 forecasts. There's billions in losses mounting up right now, about $2.55 per share over the year using GAAP results: that's everything that's really going on, and going overboard to reduce the weight of Good Ship HP. But HP's going to focus on the non-GAAP results and point at a $4.05 per share profit over the year.
How's that possible? The company is going to "exclude after-tax costs of approximately $1.80 per share, related primarily to the amortization and impairment of purchased intangible assets, restructuring charges and acquisition-related charges." That's reducing its workforce by eliminating experts in its Business Recovery support centers. That's writing off the value of things like EDS. That's swallowing losses in businesses where the recovery will never surface, like the tablet market that's sent HP's PC growth reeling backwards.
These are single-time events. HP's doing the purge of its businesses which aren't profitable, but that doesn't include consumer products yet. Not as long as ink remains the highest profit item in HP's lineup. There's security in seeing a company slim down to a competitive weight, so it can battle for datacenter dollars in midsize companies. HP's not showing enough of that security yet. The things it's doing well are not always a match for what a classic, datacenter-based customer of that midsize needs.
When you look at our performance during the quarter, there were things that we did well and there were things that we could have done better. Looking at the positives for the quarter, Storage, Networking, IPG and Hyperscale servers delivered solid results.
Whitman's comments last week referred to Hyperscale, a product line that elates customers like Facebook, but doesn't have much connection with a $100-$500 million manufacturer of goods or processes. That's your typical HP 3000 customer. The Storage and Networking successes are muscle to power the bones of a datacenter design. Those IPG improvements are in printers, HP's one consumer business still showing a little growth.
The numbers from Q3 showed "the largest quarterly loss in HP's 73-year history. It will be only the second quarterly loss that HP has suffered during the past 15 years — a mostly rocky stretch for the Silicon Valley pioneer," according to AP business writer Peter Svensson
If you're keeping score, you can count back 13 years to mark the arrival of the first outside hire to lead HP's boardroom, Carly Fiorina. The decisions since then have been designed to make HP the biggest gainer of businesses, rather than business. Now the company is lopping off segments that either stopped producing profits, or never did.
Fifteen years ago HP still operated vendor-specific businesses like PA-RISC servers, MPE, its own Unix and more proprietary tech for the enterprise. It did it at a profit, rather than purchasing customers. Any reducing plan will be fraught with moments where a dieter is hungry but needs real nourishment, instead of the empty calories of a Big Data vendor like Autonomy.
HP can't hope to maintain the number of large servers it sells. Improved efficiency of servers will work against the vendor's revenues, but they can make that leaner HP stronger for its datacenter customers. There's security in knowing that your core purchases are the sales goal of your biggest vendor. You need to buy what they're eager to sell. If that's not coming to pass at HP, then the magic and mystery of cloud computing -- a product so slim you can't even see the servers -- is next on the enteprise diet.
August 24, 2012
HP support veteran joins workforce for hire
In 2012, it's a tougher world out there for an IT pro. We’ve heard from business analysts that the best thing for any of us over 50, upon getting furloughed, laid off, or Work Force Reduced, is to open our own business. For some, it's a better chance to work than to be hired again.
HP’s cutting 27,000 jobs over the next two years. Some extraordinary skill in HP enterprise business servers is leaving the company.
Bob Chase started with MPE in 1987 and came to HP in 1996. He extended his skills to land a place as an HP Business Recovery Specialist, part of HP’s support group out of the Atlanta area. “In 2010 I was offered a position as a hardware BRS for Superdomes, blades, and all the Integrity and PA-RISC platforms,” he says. “It was quite a challenge, as I took 35 internal HP hardware courses over four months and began working calls." But after making a transition to Superdome and HP-UX support, he’s had to leave his employer.
After 16 years at HP, I was Work Force Reduced in early June. I loved supporting the 3000, as my first computer job was as a Computer Operator making $4 per hour at my dad's employer. I was 19 years old. It was a Series 68.
Considering the IT world of today compared to the late 80's, I have great doubt that my career path could be realized today. Off-shoring, consolidation and mergers make it a greater challenge than ever before.
Chase has opened up Chase for Hire, an independent consultancy. He believes that MPE “was an OS that left the enterprise too early.” And regarding prospects for Itanium and HP-UX, an industry-standard path to the future, away from Integrity, seems clear. There's an echo of MPE's later lifespan in the future for Unix. HP has spread more talk of Linux for the enterprise now.
Industry Standard Servers are the future as of 2012. Commonality for the enterprise seems to be paramount, more than a vendor specific/proprietary OS solution. Linux flavors will be the benefactor from this.
Chase believes that "Oracle drives the database enterprise just as well as Microsoft SQL Server, "but I think Oracle is in a better position than most realize. Engineered systems, incorporating Oracle 11g with Oracle "Sun" hardware and their own Linux flavor, makes Oracle in my opinion the dominant player moving forward."
He's been in IT long enough to mix modern Unix and blade experience with acoustic coupler use.
I was learning MPE V in the summer of 87, and had an acoustic-coupler for Predictive Support and a giant line printer for nightly reports and a single-spool tape device. I used four gigantic disk drives whose legs I'd have to anchor down prior to weekly batch processing. I would read the industry trade magazines in our small four-person IT department. I was fascinated with the technology and its cool-sounding names. Offsite backups in this era meant I took the 2400-foot magnetic tapes home in a tape case, all three of them! I'm still in touch via LinkedIn and phone with my original MPE manager, Larry Works, some 25 years later.
He’s also a writer, a practice that for him is “tranquil, never a task to disdain. I write about my youngest son Patrick, age 10, who’s on the Autism Spectrum."
I keep a blog about him. He's an incredible young boy. The site was set up initially to help other parents of Special Needs children with resources and to share our story. I founded some LinkedIn Groups in this area, and also some Facebook groups focusing on county-based Special Needs stories.
At HP I was able to set up a site for other employees who care for Special Needs individuals. An HP ERG (Employee Resource Group) was being formed to further awareness of internal/external resources. With Autism being so prevalent in society today, I knew there were other HP employees facing similar situations that might benefit from this.
August 23, 2012
Remembering Your Secured Passwords
By Steve Hardwick, CISSP
Second of two parts
Once you have created good passwords, your next challenge is how to remember them all. Some of the passwords I use I tend to remember due to repetitive use. The password for logging into my system is one I tend to remember, even through it is 11 characters long. But many of my passwords I use infrequently -- my router for example, and many have the “remember me” function when I log on.
What happens when I want to recall one of these? Well the first thing is not to write them down unless you absolutely have to. You would be amazed how many times I have seen someone password taped on the underside of their laptop. A better option is to store them on your machine. How do you do that securely?Well, there are several ways.
One easy way is to use a password vault or password manager. This creates a single encrypted file that you can access with a single username and password. Username and password combinations can then be entered into the password vault application together with their corresponding account. The big advantage is that it is now easy to access the access data with one username and password.
The one flaw: what happens if the drive crashes that contains the vault application and data? If you wanted to get started with a password vault application, InfoWorld offered a good article that compares some leading products.Another option is to roll your own vault services. Create a text file and enter all of your account / username / password combinations. Once you are done, obtain some encryption technology. There are open source products -- truecrypt is the leader -- or you can use the encryption built into your OS. The advantage of using open source is that it runs on multiple operating systems. Encrypt the text file by using your software. Take caution to not use the default file name the application gives you, as it will be based on your text file name.
Once you have created your encrypted file from the text file, open the text file again. Select all the text in the file and delete it. Then copy a large block of text into the file and save it (more then you had with the passwords). Then delete the file. This will make sure that the text file cannot easily be recovered. If you know how to securely delete the file do that instead. Now you can remotely store the encrypted password file in a remote location, cloud storage, another computer, USB drive etc. You will then have a copy of your password file you can recover should you lose access to the one on your main machine.
Now, if you do not want to use encryption, let's look at why not. Well, most programs use specific file extensions for their encrypted file. When auditing, the first thing I would look for is files with encryption extensions. I would then look for any files that were similar in size or name to see if I could discover the source. This includes looking through the deleted file history.
The other option is steganography, or stego for short. The simple definition is the ability to bury information into other data – for example, pictures. Rather than give a detailed description of the technology here, take a look at the Wikipedia page. There is also a page with some stego tools on it . For a long time my work laptop had a screen saver that contained all my passwords. I am thinking of putting a picture up on Facebook next.
Here are a few simple rules on handling multiple passwords
1. Try and use uniques usernames and password for sensitive account. You can use the same username password combination for low sensitive accounts.
2. Run through an exercise and ask yourself, what happens if this account is hacked. So don't use the same username and password for everything.
3. Do not write down your passwords to store them.
4. Make sure you have a secure backup copy of your passwords; use encryption or steganography.
If you want to do some extra credit reading on passwords, there are two good references out there and they are free. The National Institute of Standards and Technologies has a library on security topics that is used by the federal government., a good publication on passwords.
The SP 800-118 DRAFT Guide to Enterprise Password Management focuses on topics such as defining password policy requirements and selecting centralized and local password management solutions.
Steve Hardwick (CISSP) is the Product Manager at Oxygen Financial, which offers advanced payment management solutions. He has over 20 years of worldwide technology experience. He was also a CISSP instructor with Global Knowledge for three years and held security positions at several companies.
August 22, 2012
Securely Storing Passwords
Editor's Note: Security is one of the limiting factors in adopting cloud computing. HP, as well as its partners, will tell you that cloud computing and similar remote access is a forward-thinking alternative to HP 3000 centralized on-site computing. But there's that security thing.
More than 30 years ago VEsoft's Eugene Volokh chronicled the fundamentals of security for 3000 owners trying to protect passwords and user IDs. Much of that access hasn't changed at all, and the 3000's security by obscurity has helped it evade things like Denial of Service attacks, routinely reported and then plugged for today's Unix-based systems. Consider these 3000 fundamentals from Eugene's Burn Before Reading, hosted on the Adager website.
Logon security is probably the most important component of your security fence. This is because many of the subsequent security devices (e.g. file security) use information that is established at logon time, such as user ID and account name. Thus, we must not only forbid unauthorized users from logging on, but must also ensure that even an authorized user can only log on to his user ID.
If one and only one user is allowed to use a particular use ID, he may be asked to enter some personal information (his mother's maiden name?) when he is initially added to the system, and then be asked that question (or one of a number of such personal questions) every time he logs on. This general method of determining a user's authorizations by what he knows we will call "knowledge security."
Unfortunately, the knowledge security approach, although one of the best available, has one major flaw -- unlike fingerprints, information is easily transferred, be it revealed voluntarily or involuntarily; thus, someone who is not authorized to use a particular user id may nonetheless find out the user's password. You may say: "Well, we change the passwords every month, so that's not a problem." The very fact that you have to change the passwords every month means that they tend to get out through the grapevine! A good security system does not need to be redone every month, especially since that would mean that -- at least toward the end of the month -- the system is already rather shaky and subject to penetration.
There's a broader range of techniques to store passwords securely, especially important for the 3000 owner who's moving to more popular, less secured IT like cloud computing. We've asked a security pro who manages the pre-payment systems at Oxygen Financial to share these practices for that woolier world out there beyond MPE and the 3000.
By Steve Hardwick, CISSP
There has been a lot in the news recently about password theft and hacking into email accounts. Everything needs a password to access it. One of the side effects of the cloud is the need to be able to separate information from the various users that access a centrally located service. In the case where I have data on my PC, I can create one single password that controls access to all of the apps that reside on the drive plus all of the associated data.
There is a one-to-one physical relationship between the owner and the physical machine that hosts the information. This allows a simpler mechanism to validate the user. In the cloud world it is not as easy. There is no longer a physical relationship with the user. In fact a user may be accessing several different physical locations when running applications or accessing information. This has led to a dramatic increase in the number of passwords and authentication methods that are in use.
I just did a count of my usernames and passwords and I have 37 different accounts (most with unique usernames and password). Plus there are several sites where I use the same usernames and password combinations. You may ask why are some unique and why are some shared. The answer is based on the risk of a username or password be compromised. If I consider an account to have a high value, high degree of loss/impact if hacked, then it gets a unique username or password.
Email accounts are a good example. I have a unique username and password for my five email accounts. However, I do have one email account that is reserved solely for providing a username for other types of access. When I go to a site that requires an email address to set up an account , that is the one I use. Plus, I am not always selecting a unique password. The assumption is that if that username and password is stolen, then the other places it can be used are only other web site access accounts of low value. I also have a second email account that I use to set up more sensitive assess, google drive for example. This allows me to limit the damage if one of the accounts is compromised, and so I don't end up with a daisy chain of hacked accounts.
So the next question is how do you go about generating a bunch of passwords? One easy way is to go into your favorite search engine and type in password generator. You will get a fairly good list of applications that you can use to generate medium to strong passwords. But what if you don't want to download an application -- what is another way?
When I used to teach security this was one trick I would share with my students. Write a list of four or five short words that are easy to remember. Since my first name is Steve we can use that. This of four or five short number 4-5 digits in length 1999 for example. Now pick a word and number combination and intersperse the numbers and letters S1t9e9v9e would be the result of Steve and 1999. Longer words and longer numbers make strong passwords – phone numbers and last names works well. With 5 words and 5 numbers you get 25 passwords. One nice benefit of this approach comes when you need to change your password. Write the number backwards and merge the word and data back together.
Next: How to remember all of those passwords.
Steve Hardwick (CISSP) is the Product Manager at Oxygen Financial, which offers advanced payment management solutions. He has over 20 years of worldwide technology experience. He was also a CISSP instructor with Global Knowledge for three years and held security positions at several companies.
August 21, 2012
First 3000 steps: chasing HP's Mighty Mouse
Twenty eight years ago today I took my first steps into the world of Hewlett-Packard. I stepped from the workdays of a small town newspaper editor to the monthly quest for news of bits, segments, and mice. When I walked into the Austin office of Wilson Publications, creators of The Chronicle (we didn't dare to use "HP" in the title) I found wood-paneled walls around a desk with no terminal, no keyboard, and no clue about a new HP 3000 coiled and ready to change the system's reach.
The new Series 37 Mighty Mouse was revealed to me and managing editor John Hastings about two weeks after I'd assumed the reporting and writing for that monthly tabloid, just eight issues old at the time. We opened the mail on September 13 to learn of a minicomputer covered by our arch-rival, the Interex user group's InterACT magazine. We'd never seen a Mighty Mouse, and neither had InterACT's Sharon Fisher. But InterACT got a pre-briefing on the first business computer HP ever built that needed no computer room or operators.
Being scooped in your first issue is a humbling way to start a news job. But as a dewy lad of 27, I chalked it up to the lack of newsroom practices at Wilson and began to lift my wings onto the radar of Hewlett-Packard. HP was a company so small at the time that its total quarterly sales were less than today's profits from 2012's last quarter. The $6.4 billion company had a total of five US PR contacts to cover every product in the lineup. It also had several thousand products and more software than it knew how to nurture and improve. But that Mighty Mouse was a shot across the bow of the fleet of personal computers already riding the waves of change. HP said the Series 37, priced at under $20,000 in bare bones, was an alternative to what we called microcomputers.
It can operate in a normal office environment. It looks like a two drawer filing cabinet sitting beside a desk. No air conditioning, special temperature control, or unusual electrical requirements are needed. It can be placed in carpeted rooms. Moreover, it's very quiet; HP claims it makes even less noise than a typewriter.
Longs Drug, I learned by reading my competition, was going to install more than 150 of these Mighty Mice among its hundreds of stores in the Western US. At that time a microcomputer was strictly a device for personal computing, rarely networked with anything. HP wanted businesses to purchase HPWORD, running on the 3000 for office automation, and HP DeskManager for the 3000 to tie workers together with internal mail and document exchange. Thousands of dollars worth of software, piled on top of that $20 grand.
Just outside the door of my paneled office in Texas, we ran a Columbia PC with a 300-baud modem and WordStar, plus PC 2622 software to make that micro behave like an HP terminal. We dialed up to timeshare with a 3000 at Futura Press, where our stories were set and then delivered back to us in galleys which we waxed up and pasted for tabloid layout. It would be another year before we'd even get Compuserve to link us to the rest of the computing world.
Like a lot of businesses, Wilson and The Chronicle relied more on the steel filing cabinets the Mighty Mouse mimicked in size. We had phones and transcription machines, though, and I had the fortune to mess up editing a story which brought me closer to a preeminent community creator. Mistakes, hubris and getting bested will make a perfectionist spend longer hours trying to learn to avoid subsequent embarrassments.Hewlett-Packard didn't think much of any other environment for its business computing on that August afternoon. Its HP 1000 RTE environment was focused on real-time controller computing. Its HP 9000 Unix servers were workstations serving scientific and research customers, mostly, plus the labs connected to the major manufacturers running HP 3000s. But The Chronicle had me covering it all, from RTE so buried that some customers didn't even know they had one embedded in their systems, to the HP 9000 still running a Unix OS that writers of the day were calling an experiment which needed standards to become significant.
The HP 3000 community was the one I could call upon, literally. I didn't know enough about what we'd call enterprise computer systems to contribute much analysis, but I wanted to earn my keep with interviews and editing. A comprehensive technical paper, printed out on tractor-feed paper, lay in the in-basket, written by Adager's Alfredo Rego. I tore into it with a red pen, thinking I was improving it. But misguided economy of English yanked the paper away from Alfredo's intentions and accuracy. Within six weeks he traveled through Austin and gave the local user group entertainment and enlightenment, all while telling me that leaving good technical work unmarred would have served everyone better.
Alfredo was gracious in his corrections that afternoon, because it seemed important to both of us to get things right from the beginning. Once my ears and cheeks stopped burning I took a closer look at the relations between tech writers and an editor still learning HP 3000 landmarks. HP was fighting hard against the tide of IBM and Compaq micros which were landing in businesses for less than half of what a Mighty Mouse cost. That $20,000 price tag was for a system with 512K of memory and 55 MB of disk. Oh, and "HP's usual 90-day warranty." The cost of support for the system was nowhere to be seen in that InterACT article.
HP dubbed its Mighty Mouse part of "a plan called the Personal Productivity Center that will integrate HP's 3000 and personal computer products." The latter was called HP 150, running a variation of CPM instead of the widely popular MS-DOS. It was a touchscreen computer with little but HP software which could use the touch capabilities. When we got one into the Chronicle offices it was a marvel -- but the KayPro portable micros were where our stories got banged out, doing work that created less noise than the IBM Selectic used when I'd written for that small town paper.
The rich resource I didn't expect on that hot wood-paneled afternoon was the ardor of the 3000's experts, developers and user group leaders. They hadn't been interviewed in newspaper style and were glad to help a cub reporter learn something about MPE/V, enough IMAGE to make his eyes glaze over, and the jungle thicket of peripheral hardware needed to link computers together and get them backed up and printing to dot matrix devices. HP's LaserJet was just out by that summer, but laser printing was a novelty few businesses used at the time.
The Series 37 was new, but scarcely as fast as the Series III which HP had released more than six years earlier. HP went for small and less costly rather than improving power; it had its Series 68 powerhouses to do the high-transaction and forest-of-terminals work. But the Series 37 drew a fraction of a 68's electricity and didn't need raised flooring or special cooling or heavy-load wiring. Whether it needed an operator, as HP claimed it did not, depended on how much a business did with it. At the Longs stores, the 37s were confined inside mesh cabinets with just a slot open for backups to the cartridge tape drive. Administration was taken care of at the Walnut Creek data processing HQ.
What made the Mighty Mouse a breakthough was the way that a large company like Longs could rely upon the uniformity of the 3000's environment. A senior tech analyst Tom Combs told InterACT nothing but a 3000 was going to work to serve what'd eventually be hundreds of stores.
Combs explains that it's difficult to find computers small and cheap enough to run in multiple stores that will also run the same software as larger models. Not all IBM computers, for example, use the same operaing system. Personal computer were not considered for the same reason. When different models all run the same software, he maintains, software development and support becomes easier.
And Longs, like so many large customers using this smallest system, had its own software developed for managing its business. Relying on IMAGE everywhere and MPE/V that was backward compatible eventually became the differences which let those Microsoft-based PCs, then Unix, get into the hearts and minds of cost-sensitive businesses. But the IMAGE and MPE distinctions with industry standards didn't matter in 1984. Getting everything from one vendor working together, reliably, was the miracle that filtered down to that magic $20,000 entry price tag.
At SuperGroup Magazine, an article that best explained the system got itself scooped by my own fledgling story of six months earlier. But D. David Brown reviewed the box as a systems manager would, and he understood that HP had sneaked in a big-style computer inside a compact box with the Mighty Mouse.
This toy-like box is really no toy at all. It's a serious, down-to-business mainframe, and at the same time a painless entry point to the HP 3000 world for a small user. The upward growth path is virually unlimited. HP reports that as of April 1985, 2,000 Mighty Mice had been shipped, beating HP's projections by 20 percent. HP has finally gotten the small business user what he really wanted: A genuine HP 3000!
The fall of 1984 was a time of serious transition for both HP's business computing as well as my own journalism. Like a government reporter just moved into a small town, I had to earn the trust of both luminaries like Alfredo as well as the steady attention from officials at HP. It was like the first weeks of covering a county seat in Texas, where the county clerk and the city clerk become your lifeline to news as well as contacts. The 3000 was scampering into the realm of PCs with the Mighty Mouse, as the vendor assumed that a smaller mini or mainframe would satisfy small businesses.
The Mighty Mouse did satisfy the 3000 customer who wanted affordable models, those with a data processing staff instead of office managers. But orders of magnitude more managers were choosing IBM and Compaq PCs for their offices in the middle '80s. Compaq and ATT, not Hewlett-Packard, got the business for office computing at The Chronicle. We relied on the community's developers, user group leaders, experts and vendors to teach our readers how to automate and administer. Those HP Mighty Mice of 1984 were going to be caught by HP's Spectrum servers in about four years' time -- when I could place a reporter in HP's next press conference which introduced a computer breakthrough that HP wasn't shipping yet.
August 20, 2012
Red-ink hawks circle HP's quarterly news
Somehow, HP expects to manage to take a declining PC business and an $8 billion writedown in the same quarter, pay for early retirement benefits while it cuts jobs, and then report profitability of about about $1 per share. It takes a sharper accountant's head than this business writer's to tote up PC sales reductions plus billions in a writedown and sum up to profitability. If HP hits its marks, the company would register more than $1 billion in profits for the period.
But that's still likely to be the lowest tally of earnings ever since HP purchased EDS for $13 billion and began to call it HP Services. News media company Berzinga published this forecast of HP's Wednesday afternoon numbers.
HP is expected to report that its fiscal third quarter profit fell 10.9 percent year-over-year to $0.98 per share. That EPS estimate inched up a penny per share in the past 30 days. Analysts have underestimated HP's EPS in the past seven quarters. The Palo Alto, California-based company, like Dell, has faced dwindling PC sales, and analysts on average expect revenue for the quarter to total $30.1 billion. That would be a year-over-year decrease of 3.5 percent. The company is scheduled to share its quarterly results late Wednesday.
Whether there will be red ink on HP's balance sheet for the first time in more than three decades, the company's reach into every aspect of computing looks like it's draining the profits pool at a record rate. Decisions to purchase Autonomy at almost $11 billion, plus that abortive entry into tablets with last summer's TouchPad have taken their toll -- all while the concept of selling datacenter-grade hardware into customer shops keeps losing traction. Cloud-sourced IT, or the near-shoring of computing, is sweeping into longer term planning. With its buy-ups and expansions, HP has become the largest IT datacenter company in the world. As one 3000 vendor who believes in the long term view says, "When you're the biggest, the only place you've got to go is down."That's an opinion from MB Foster's CEO Birket Foster, who's happy to weave economic analysis alongside IT planning. While HP's results will certainly show a continued drain of profits, Apple used this week to accomplish a fresh ranking as the highest-valued company in the world. But that $662 share price is not all datacenter business, even if Bring Your Own Device (of the handtop variety, as Foster calls it) has been driving enterprise user business growth. Apple's become a mobile computing company with ideals to tie all of its customers to an iCloud. However, it's got no Big Data or Business Intelligence products, or even a Services Unit like EDS that could bring along massive outsourcing contracts from the likes of Proctor & Gamble or Ford.
Of course, HP's Ford outsourcing business is now disappearing at the hands of departed HP CIO Randy Mott. Now the IT chief at Ford, Mott is bringing all computing back inside Ford's datacenters and away from HP's contract. Mott's mantra was centralization while he steered HP's own IT, consolidating 85 datacenters down to six.
Computer companies juggle complex choices to make while they try to maintain growth in profits and revenues. HP considered spinning off that PC business in the wake of the TouchPad disaster, but turned away. The details for such choices are hidden from even sharp financial analysts, although securities regulations demand some transparency. HP's troubles lie in a decade of poor decisions from its boardroom -- where becoming the largest vendor of IT seemed to be the main goal from Carly Fiorina's arrival through Mark Hurd's reign and even into Leo Apotheker's brief term.
Current CEO Meg Whitman has told the company that while it will shear off 27,000 jobs through 2014, HP's getting into fewer businesses. "My guess is that she's going to take a writeoff before the end of this year, so she can have a great year next year," Foster said. Some of the companies which HP bought, such as Autonomy and EDS, had a lot of services included, and those services have evaporated because there's a conflict. "If you're IBM, will you now buy Autonomy services once HP owns it?" Foster asks. A $5 billion purchase of Cognos in 2009 seems to block buying Big Data services from Autonomy, he suggests.
The Apple community is anticipating the demise of HP's laptop business as a factor in a red-ink quarter. iPads are on track to sell about 70 million units for 2012, while the rest of the industry's PC business has been fading. Dell's PC business has constricted so quickly the company has stopped calling itself a personal computing provider. Buy-ups like Quest hope to move Dell into the services arena.
The Associated Press moved a story today that predicts $9 billion in losses for the period which ended on July 31.
Facing up to its past mistakes is expected to saddle Hewlett-Packard with a quarterly loss of nearly $9 billion, the largest setback in the Silicon Valley pioneer's history.
The sobering results, due out after the stock market closes Wednesday, won't be a surprise. The company telegraphed the loss earlier this month when it disclosed it will absorb massive charges to account for an ill-advised acquisition and the initial costs of a streamlining program that will jettison 27,000 jobs to help boost HP's sagging profits.
Most of the damage stems from HP's $13 billion acquisition of technology consulting service Electronic Data Systems in 2008. The deal hasn't panned out the way that HP envisioned, forcing the company to write down the value of its Enterprise Services division.
HP also will record a charge of $1.5 billion to $1.7 billion to cover the severance payments to workers being pruned from the company payroll. The cuts, which will eliminate about 8 percent of HP's workforce, are being spread over the next two years.
On the other hand, HP has not shifted away from a forecast of August 8 predicting better than first expected profits.
HP is increasing its previously provided third quarter fiscal 2012 non-GAAP earnings per share (EPS) outlook to approximately $1.00 per share, up from a previous range of $0.94 to $0.97. Third quarter fiscal 2012 non-GAAP diluted EPS estimates exclude after-tax costs related primarily to the amortization and impairment of purchased intangible assets, goodwill impairment charges, restructuring charges and acquisition-related charges.
That AP financial writer's forecast which predicts that massive red ink fingers the EDS charges -- not laptop declines -- plus $1.5 billion in early retirement offers accepted that will pool the losses. These EER offers are being accepted at a rate that's surprising HP. What's working to help the HP numbers is reductions in costs.
Cost cutting is the main reason that HP fared slightly better during the latest quarter than management had anticipated. Add it all up, and it's expected to produce a loss of $4.31 to $4.49 per share during the three months ending in July. That translates into a loss of $8.5 billion to $8.9 billion, the worst quarterly showing since HP started out in a garage in 1939.
The AP writer thinks that investors will be more interested in the way Meg is restructuring HP than any single poor quarter.
Not many companies have never reported 51 successive years of black ink. By Wednesday we'll know if HP will maintain its string.
August 17, 2012
NorCal transit will run its 3000 route again
Anybody who wonders where HP 3000s are hanging on can grab a rider strap on the Alameda-Contra Costa transit service. The public entity AC Transit just opened up a one-year contract to maintain its two HP 3000s, along with the applications.
The systems under maintenance are a Series 957 and a Series 987. If you're scoring at home, these are servers built and sold during the 1990s -- still powering a California organization with duties to ferry 191,000 riders daily with a fleet of 584 buses. The District’s service area extends from western Contra Costa County to southern Alameda County, and the organization employs 1,863 employees.
As if that's not enough, this contract -- which is out for bids until Tuesday, Aug. 28 at 10 AM -- has a provision for extension. The district isn't sure when it will be able to stop using those 9x7s.
There are many 9x7s -- well, more than you'd think -- still serving the public or working in private firms. Keeping these two servers online 24x7, including holidays, is going to demand that a winning bidder can prove they know the 3000 and MPE. Things being the way they are in California municipal government, this contract starts its period of performance three days before the bids are due. We'd bet they're going to approve a support supplier pretty quickly.
At the sole discretion of the District, the contract may be extended up to 12 additional months in increments of three months. This is to accommodate the uncertain end date for the District’s use of these HP 3000 computers.
The minimum requirements sound like they could be from any HP four-hour response contract.
- The Contractor will provide a toll-free telephone number, staffed during typical local business hours, to allow one or more AC Transit contacts to report all service requests.
- The Contractor will provide unlimited telephone consultations for both 957SX and 987SX systems during AC Transit business hours.
- The Contractor is responsible for all parts, labor, travel, testing equipment and phone consultations on covered equipment and necessary on-site visits.
- The Contractor shall provide staff to make at least one weekly on-site visit to manage the tape backups and perform a physical systems health check.
- The Contractor must provide staff that can physically attend to these systems and operate independently 24x7x365 with or without a District Information Services escort once an appropriate District security badge has been provided.
- The Contractor is required to demonstrate proficiency in HP 3000 system support by compiling a checklist for AC Transit review and approval. The selected contractor will employ this checklist daily to determine and report on the hardware and software health of both systems.
- The Contractor must have access to a local facility that stocks good-order hardware equipment in a location such that needed parts have been tested and are delivered and installed within four business hours of the incident opening for priority 1 and priority 2 incidents.
Whoever takes on the maintenance "will create and employ a 24 hour/7 day automatic alert system that will alert them to a hardware failure on the Series 957SX and/or the Series 987SX." That's far from commonplace. There are plenty of businesses that don't have auto-alert failure systems.
All this by console “via a dedicated workstation with a serial connection to each of the two HP 3000 computers.” It doesn’t sound like networked remote console access, but that wasn’t a big part of the 9x7 experience anyway. IT at AC Transit calls the shots on application maintenance requests.
It's not a static system, by the looks of the bid. Item 7 calls for a contractor to "Perform ‘software application support’ allowing I.S. staff to make program or application changes. These changes would require that the affected application have no user access while the changes are being made."
There are 37 pages of this RFP, but some of them even do a good job of outlining the base competencies for any 3000's management. Like the 30-item list at left (click for details). It'll be interesting to see what AC Transit eventually replaces those 9x7s with -- and when -- considering that it's got such a customized app suite on its hands. At least there's 12 months of work here, and probably more, for a persistent bidder. Got to keep the buses running in the public's interest. Yeah, buses: as fundamental a transport technology as a Series 9x7.
August 16, 2012
Moving Data in Migrations: the Tools, and Who Uses and Develops Them
Arby's sandwich chain turned off some HP 3000s recently, but moving its data stocked a menu's worth of practices and tools. Based on a report from Paul Edwards, the journey worked smoothest when expertise could be outsourced or tapped.
Edwards described part of the project as a move to Oracle's databases, facilitated by Robelle's Suprtool and Speedware's software. The former supplier has retained its name for 35 years by now. The latter has become Fresche Legacy, but DBMotion as well as AMXW software is still available for data transfers. In the photo at left, the veteran Edwards is in motion himself, flying on a 1968-69 US Navy tour on the USS Hornet. He figures he's been working with 3000s half his life, which would give him enough time in to witness Robelle's entry into the market, as well as the transformation of Infocentre into Speedware, and then to Fresche Legacy.
I'm standing on the right. The two young guys kneeling down are the enlisted operators that ride in the back of the plane. The guy standing on the left is our Crew 13 Aircraft Commander. The aircraft is an S-2E Tracker Carrier Based Anti-Submarine Warfare Navy aircraft. It has a large propeller attached to a 1500hp Wright R1820-82 engine -- one of two on the plane.
Some of the data moves at Arby's went to Oracle, he reports. "They were using Oracle for part of their operations. Using Speedware with Oracle was interesting. Most of that was dumping data with Suprtool or Speedware, then formatting it in the layout they wanted." Suprtool has been guided and developed by Neil Armstrong at Robelle for nearly two decades. He recently marked his 20th year with the vendor, according to the Robelle newsletter.
Arby's also took its payroll application off the 3000, "and it went off to a service bureau. We had the file layouts that bureau wanted, and so it was a lot easier. We just said, 'this field is the one on the HP system, and this field on your layouts is equivalent.' We just matched them all up. We had some where we could say 'forget about that field, we won't need it.' "
But the transition to Oracle, as performed by a team that was supposed to be experienced in the database, was not so easy.The Oracle contractors "had absolutely no clue about how to do migrations," Edwards said. "They'd never done any before."
The migration of data from a well-polished, longtime set of 3000 applications is just as crucial as moving code, selecting a replacement app, or testing what's been moved. And it's not as easy as it might seem to find contractors who've done a migration, especially any who know MPE. Plenty of systems from other vendors haven't been worth the time to migrate. The HP 3000, with its lengthy lifespan, often sports apps that are decades old. Almost as entrenched as Armstrong has been at Robelle.
The avid racing cyclist this summer completed 20 years' worth of "helping to make Qedit and Suprtool great products," Robelle reported in its newsletter.
Neil worked at one of our customers in Ontario, then worked for us in British Colombia, then worked for us in Alberta. At one point Neil moved to Anguilla in the Caribbean to work on Robelle software with Bob Green, our president. Lastly, he moved back to Canada and works on Suprtool and Qedit near Niagara Falls. He is currently our Software Architect, chief systems programmer and a big help for difficult technical support questions.
During his time in Anguilla, Armstrong raced in the 2004 John T Memorial Bike Race. The photo at left shows him with Bob Green cheering him on at the finish. Armstrong has been quick to the pedals for as long as I've known him; as a fellow cyclist, he rides at a rate I can only dream about. But his work in Suprtool -- especially in recent years getting it to Linux, and soon to Windows -- must have been as steady and careful as a rider navigating a busy, two-lane, no shoulders road. That's a tool that began its life in the 1970s, when Edwards was still in the Navy Reserve and working at HP as an SE. Imagine what's been changed in Suprtool over those decades to get it to Suprtool Open.
Sometimes great care to advance a product unveils its rewards when it's compared to other migration methods. It helps if you can call on some military precision during critical transits, too. At Arby's, Edwards and the IT staff seemed to be glad Suprtool was on the migration menu.
August 15, 2012
MB Foster webinar shows best practices on legacy modernization, mitigating risks
Starting today at 2PM US Eastern (11AM Pacific) MB Foster offers another in its series of 45-minute webinars about IT strategies. The latest interactive broadcast (Birket Foster asks for questions throughout) is on legacy modernization. These are skills that can serve both homesteading and migration missions. Sometimes, this kind of modernization serves homesteading, and then modernization.
At times our community members mistake this era -- the second decade after HP's exit announcement -- as a static period. Good management doesn't see it that way. An IT environment should be evolving. Best practices on modernization can deliver ideas as well as field reports. From the MB Foster teaser about the webinar:
Organizations are often challenged to extend IT investments by modernizing legacy applications to both avoid the costs of maintaining legacy environments, and increase the supportability and usability of the applications. Migrations involve high-level planning, low-level detail study and budgets.
Attendees will learn about best practices and proven risk mitigation strategies that will allow you to get started and deliver a thought provoking synopsis to your senior management team.
You register online at the MB Foster website, a painless minute or two. You'll get an email with login directions. We'll follow up with a summary, but the value of being able to ask questions is only available if you log in this afternoon.
August 14, 2012
HP Services takes lumps, posts losses
One element consistent in HP 3000 migrations: the loss of support from the system's maker. HP's support operations include the HP Services unit, the artist formerly known as EDS. A couple of recent news items point at a loss in value when customers hire HP to support their systems.
A report in the Wall Street Journal's blog All Things Digital says that HP's CEO was in Australia last week, apologizing to a major bank about a Windows patching failure. It was serious enough that the mistake will take months to correct, according to another story in the Aussie tech website Delimiter.
One industry source with knowledge of the situation said they had never seen a situation quite like it in Australia. The problem is believed to have affected around a quarter of the bank’s desktop PC machines.
While HP's Meg Whitman was visiting the Commonwealth Bank of Australia, her company announced that the head of HP Services was "leaving the company to pursue other interests." HP also reported it will take an $8 billion charge on its Q3 finances as a result of "the impairment of goodwill within its Services segment."
Customers might wonder if a major bank IT meltdown and the Services charge are related. Whether they are or not, the Services engine that pushes HP profits and growth -- and contributes to some exodus of 3000 sites -- is sputtering this year.
HP appointed Mike Nefkens, currently senior vice president and general manager of HP Enterprise Services EMEA, to lead HP ES on an acting basis. HP also announced that J.J. Charhon, senior VP and CFO of HP ES, was appointed as COO for HP ES. "Charhon will focus on increasing customer satisfaction and improving service delivery efficiency, which will help drive profitable growth," HP promised.
Some analysts say the $8 billion writedown is happening because HP now admits it paid too much for EDS. The price was almost $14 billion in 2008; HP had to take on 144,000 employees, too. This doubled the HP payroll.
Although there is not a lot of activity in the 3000's homesteading group for services and support transfers, the mere fact that HP claims to support its Windows and Unix customers is enough to spark some migrations. Services contracts like the one at Commonwealth are not the same thing as line support from HP's Business Recovery Specialists. Hiring HP to do your IT, via its SE unit, is outsourcing via the vendor.
But this summer as part of its 27,000-employee purge, HP did a "workforce reduction" move on one BRS expert who served HP's Unix and Superdome systems. He'd been with HP for 16 years, and moved to his terminal HP job after supporting HP's 3000 customers. His first exposure to a 3000 was with a Series 68, when he was a $4 hourly operator at his father's employer.
Support, in all of its forms at HP, makes a lot of profit for the company. Shave off $8 billion and you're that much closer to a quarter where there's no profit to mention. HP's first quarterly loss might be in the offing, if not for some clever accounting. Expect to hear a lot of "non-generally accepted accounting practices" numbers in HP's Q3 report Aug. 22.
If your HP support is tied to a company posting a loss, it would be worthwhile to compare that strength to an independent's support of a 3000. That would be especially true if you're facing an exodus from an MPE system which is still running as well or better than any replacement package.
August 13, 2012
Securely Migrating to the Cloud
HP has pushed hard to entice the enterprise to make the cloud a new home for business data. While evaluating the pros and cons of making a cost-saving move from classic HP 3000 datacenters to the cloud, this guide of what's to be managed will help. Our security analyst Steve Hardwick looks closer at the challenges a manager must resolve if their onsite storage and systems can be replaced with remote infrastructure.
By Steve Hardwick, CISSP
There has been a lot of buzz around cloud-based solutions. There is a lot to be said for moving to this architecture, especially the lower operating costs. However, a lot of the press has been sourced by suppliers such as HP -- the same people who provide the cloud solutions. It is no surprise that the picture they paint is very rosy. Fortunately, if done well, a cloud transition can be a very successful endeavor. But what are some of the challenges in embarking on this adventure? Let me give you some background on the type of security challenges you are going to face. I will also offer a set of free resources that are invaluable in tackling this migration.
First of all, a little security 101. In the security world there is a very common acronym, CIA. It is not what you may think. It stands for Confidentiality, Integrity and Availability. Confidentiality is the part of security that is concerned with ensuring that only authorized users can view or copy information. This is the first thing that comes to mind when most people think about security. Integrity is concerned with the accuracy of the data, only authorized users can create and change information. Finally Availability addresses the ability of authorized uses to perform these actions upon the information.
A few examples help illustrate these concepts. Confidentiality: a password protected encrypted file. Only the user with the password can access the data. Integrity: a password protected public web side. Although many people can view the data, only authorized users can create or modify it. Availability: data is backed up to a remote storage service. If there is a drive failure, an authorized user or IT manager can still get access to data by getting a copy of the backup.
Like any journey it is important to understand your point of origin. Let's take a look at some of the inherent security controls in an on-premise solution which is already in place.
First of all there are some physical controls that are normally in place that can be easily overlooked. For example, there is a strong physical relationship between a laptop and the user. Forgetting remote access for a moment, a manager attains a measure of security from the simple fact that the authorized user must be physically present to access the machine. There are also MAC address logs which can track who accesses the network and when.
Secondly, if I am not using my laptop I can physically secure it when not in use and provide physical measures, such as a locked filing cabinet, to further secure the data. Finally, if I want to help prevent unauthorized users from changing the data I can put users in a special area in my facility, HR or accounting for example. The physical separation provides a way of preventing unauthorized access.
Next, there is the capability to monitor who can access the data. This can either by done physically or technically. Physically involves putting in place a badging system to prevent unauthorized access to the facility. Logs are kept of who is allowed in and the failed attempts are recorded. Plus alarms can be added to signal unauthorized entry.
On a technical level, usernames and passwords are a baseline methodology for controlling virtual access to data. Again, logs are kept on authorized and failed access attempts. Logging analysis tools can be used to generate alarms based on failed attempts. To augment the logging systems, you can add intrusion controls to the mix. These solutions can detect intruders as they attempt to gain access and, in many cases, help prevent it.
Finally there is the availability of information. This varies, from the ability to restore an individual file to a user to restoring complete back-ups of the corporate email system. One of the main challenges is the speed at which data can be restored. End users expect data to be recovered in minutes to a couple of hours.
There is also a hidden challenge: How to ensure that the back-up copies are not compromised. In 2011 Science Applications International Corp. said backup computer tapes containing sensitive health information of 4.9 million Military Health Care System TRICARE beneficiaries treated in the San Antonio, Texas, area since 1992 were stolen from an employee's car Sept. 14. This is just one, albeit major, example of what can happen if backup data is not secured physically and encrypted.
In summary, an on-premise solution is a mix of different controls that help preserve confidentiality, integrity and availability. It is very important to take an inventory of these controls prior to beginning any migration to the cloud, for two reasons.
One, and somewhat obviously, the cloud solution must provide the same if not better security controls as the current system. Especially if the organization has to meet regulatory compliance requirements. Two, many controls that are currently in place may be overlooked – how to replace physical security for example. A risk assessment to catalog the security controls is a critical starting point in migrating to the cloud.
If you do not already have a risk assessment methodology -- or even if you do -- the National Institute of Standard and Technology NIST provides a free risk assessment guide “SP800 – 30 Risk Management Guide for Information Technology Systems” (you can download the PDF here). NIST provides these guides as a baseline for federal organizations to build their security programs. Using this document and running through an assessment will give you an idea of what you already have in place and what a cloud based solution will need to meet.
Looking at some these security controls, what sort of challenges occur in the cloud world? Often overlooked is the lack of physical security controls that mimic the ones in the on-premise solution. For example, my data in no longer in my control when not in use. I can't lock my piece of the cloud in my filing cabinet when I go home at night. Cloud solutions must be able to mimic the physical separation of the information by putting in place other types of controls, in this case it's typically encryption.
Similarly, with monitoring and alarms, how do my IT team get access to the logging information that they need to monitor the cloud based system? I also need to know what other systems are in place to detect and prevent unauthorized access to the data, plus let the IT staff know when there has been a security breach.
Finally there is the case of availability. In the cloud world this is handled with Service Level Agreements. Your agreement must specify how users will be assured that their data will be made available when they need it. Suddenly instead of dealing with backup solutions, this is now a contractual agreement and it needs a different skill set.
Fortunately there is one way to start getting ahead of the curve. NIST has a couple of other very useful SP800 series publications that are worth mentioning. Since cloud computing is a relatively new and fact changing technology, it is important to understand the concepts. At its website, csrc.nist.gov/publications, you'' find NIST SP800-145 “The NIST Definition of Cloud Computing.” It gives a good overview of the basic concepts of cloud computing in a few pages (3-4). If you are just getting started, then this is a great primer.
Next is its companion NIST SP800-144 “Guidelines on Security and Privacy in Public Cloud Computing” which goes into great details on how to put together a plan on addressing cloud security needs. It also outlines some of the security controls that should be in place and will be a complement to the assessment exercise I mentioned earlier.
In addition to NIST there is one other organization that is worth a mention. Formed in 2009, the Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing. The organization produces a wealth of free information on the topic of cloud computing security. One CSA initiative is a GRC stack with a set of tools for Governance, Risk Management and Compliance. There are several components in the stack -- let's talk about two of them will be highlighted.
There are several training presentation on the site that give a good overview of the new security challenges that cloud computing brings. For example the original training documentation shows how the security requirements are changed in the cloud Then there is the CSA Cloud Controls Matrix CCM. This tool provides a spreadsheet that maps the CSA security control definitions to several different regulatory requirements (PCI, SOX, GLBA FISMA and so on.) It gives a quick and easy way to generate a checklist of the current controls in your on-premise environment, then map them to a set of requirements for the cloud provider. Furthermore, if you have some other regulatory requirements, or your own internal set, you can easily add these to the mapping.
NIST and CSA have provided a set of tested and freely available tools to help any IT organization in their journey to the cloud world. CSA also has a wealth of information that can help to train IT professionals and get them onto a cloud based way of thinking. In both cases they are independent bodies so they are not trying to highlight a specific solution. Consider adding these organizations in your list of cloud security references.
Moving to the cloud brings with it a new set of security challenges. It is now a world of hack once and expose everywhere. Knowing where you came from is critical to understanding the impact of these challenges as you move forward.
Steve Hardwick manages security for pre-payments provider Oxygen Financial, a Euro-founded company now extending its services to North American IT operations.
August 10, 2012
Community sage tracks HP's historic dream
While I'm researching the meaty bits of the 3000 for its autobiography, I found another rich resource in a chat with Birket Foster. Like few other vendors, he's celebrated 35 years this year of 3000 business. Yesterday he pointed me at a few dreamy links of HP concept videos.
These are the fond wishes of companies looking toward the future. The video of 1995 was broadcast to the press and the public during the year 1988, when the NewWave office communication products were just released. Ideals in this video -- which is full of office drama about winning a big contract -- include interactive agents tracking schedules and taking voice commands to create reports, plus presentation tools automated by spoken commands.
Everything was connected in an "all-in" concept using HP's NewWave foundation. The HP 3000 had a NewWave role, providing the data to make reports from a well-connected database. I thought 1995 was lost to dusty VCR collections, but Birket tracked it down via YouTube. Concept videos can be unintentionally comic. You can tell from this one it was written in the era of suspenders, white shirts and ties in the office. That's just about the time of the start of HP's shift-to-Unix campaign. And the HP 3000 and other product names are never used. Unlikely to be named, the 3000 just works.
This just-works ideal still lives in the 3000's heritage. A couple of interviews from industry veterans like Ron Miller of Amerigroup and Paul Edwards referenced that reliability pledge. Both said that when the 3000 just worked, the computer was demonstrating its strongest asset. Compared to the alternatives at the start of 3000 service, the MPE ideals must've seemed as far forward as a 1995 vison which was devised in 1989.HP has another concept video called Cooltown in the YouTube archives. Cool Town was unveiled in 2000, with a focus on a broader field than just business and enterprise computing. 2000 was the last full year when the HP 3000 had a cogent message delivered by HP about the system's future. "It's not Windows NT or Unix, but it has an essential role," summed up HP's concept about the 3000.
If you search for "concept videos" in YouTube, or just watch the 1995 vison, you'll see suggestions from other vendors' videos. Apple's got a couple including the Knowlege Navigator. The power of smartphones is suggested in both Cool Town and Apple's concepts, although they use PDAs that look a lot more like circa-2000 Palm Treos than the mobile computers Apple pioneered in 2007.
A concept video reminds us of how far a company can reach and dream to encourgage faith in technology futures. Or it proves that some visions didn't have the benefit of real world input. Instead, they're stories and scenarios built out of the labs and marketing focus groups. The HP 3000 is beyond concept videos in all but one place by now. Emulation of HP's MPE/iX hardware, plus a cloud computing potential for such emulators, would make a good concept video. Throw it out four years and no further and you might see hand-computing devices like HP's new business tablet or even smartphones controlling cloud servers, including MPE/iX partitions.
The markets of today need to show respect for individual environments which include things like MPE/iX for the platform to win a part in these fever-dream productions. It's more likely that just as in 1995, specifics of products fall out of the next concept story. Foster believes that cloud computing will continue to move server hardware out of IT datacenters, even more quickly now. "People will buy a server in the sky," he said. "We're at a crucial stage in the marketplace." Sometimes pie-in-the sky visions show a way toward new concepts, too.
August 09, 2012
Finding HP's MPE Patches and Papers
Speedware has become Fresche Legacy this year, but the vendor's still got its storehouse of HP 3000 documents, white papers and even HP patches available online. You just have to poke directly at the pages you want to hit.
When it became Fresche in the spring, the company put a new face on its website. For awhile it was tough to hop into any HP 3000 page from those Speedware days. But a direct link opens the path to documents which are not found many other places on the Web. HP-authored MPE whitepapers, for example.
The company announced this summer that it's just booked five outsourcing agreements with North American companies worth more than $10 million. These are application outsource contracts -- the sort of business resource which Fresche Legacy continues to offer in the 3000 marketplace.
However, there's still a good deal of resource online from the many years when Speedware was an HP Platinum migration partner, as well as a supplier of migration software such as AMXW. That software's still available today. The HP 3000 paper and patch site has a front door of www.speedware.com/HPe3000_resourcesThere's some surprising advice online that seems to retain its value for the 3000 homesteader, too. This kind of customer might be the one holding off on migrations until the budgeting is better. It's been a tough year for the economy in North America, and even tougher in Europe. One way to stretch the 3000's capabilities might be through open source software. That speedware.com address has a Powerpoint presentation on creating ports for open source products to MPE/iX. (Even more information on using existing open source tools on the 3000, right down to Unix fundamentals like tar, is at the mpe-opensource.org website run by Applied Technologies.)
Such HP-written papers used to be hosted on HP's Jazz server, pulled offline in 2008 when the MPE labs closed down. HP once hosted patches online, too -- including some that made it into beta test, but not general release. You can grab these on the speedware.com pages, too.
There's a lengthy EULA agreement that pops up automatically when you drive into the website, something HP's lawyers insisted upon before licensing this content to third party partners such as Client Systems. We clocked it at about 40 pages when we hit the "Agree" button more than three years ago. HP's Jazz never had such a requirement while its contents were hosted inside Hewlett-Packard.
In a way, HP's outsourced these paper and patches by putting them in the hands of Fresche and Client Systems. Outsourcing can be a good arrangement when an entity, either vendor or client, wants to move on to other opportunities -- like Fresche president Andy Kulakowski said about his new North American outsourcing deals.
These new outsourcing contracts further strengthen our legacy management position and further support our vision to make our customers’ businesses run better by making their IT run better. Organizations that outsource, or are considering outsourcing application management functions, are a perfect fit for our complete service offering.
August 08, 2012
HP's advice on passwords: Got C, but no IA
As 3000 users move out of their protected and obscure MPE/iX, they encounter more virulent environmental waters. Never mind the malware and spyware aimed at Windows and Macs. (Yes, Apple systems are targets, although few have been hacked en masse). This weekend's big story from popular blogger Mat Honan revealed he got his Gmail swiped, his Mac and iPad wiped remotely, his Twitter account heisted, and his iPhone hijacked. All in a matter of minutes because one password, off the new Apple iCloud, was stolen.
This kind of perfect storm happened because the blogger had plenty of computing systems protected by a single password. By coincidence of course, HP released an the HP Technology at Work IT business eNewsletter that suggests some good password practices. But it starts out with bad advice.
"Try putting your hands on the keyboard and just typing randomly -- a gibberish password can be very secure." This sort of consumer-grade instruction bypasses two of the three security requirements for passwords in the industry.
"There is an acronym in the security world: CIA," says Steve Hardwick, a CISSP pro whose current mission is security for the pre-payment systems at Oxygen Financial. "That's Confidentiality, Integrity, Availability. So the HP advice is true on one count, but not all of them. This is a very common security mistake."Hardwick, who's also worked security for Dell's Global Systems as part of a 30-year career in IT, says that making up a password out of nonsense works well only the first time you use it: when you apply it to an account which you secure.
"The HP advice addresses Confidentiality only," he says. "Other people would have difficulty guessing this password. However, it is very weak from an Integrity perspective, as it would be difficult to type in reliably without a reference by writing it down. Plus, it would be weak from an Availability perspective, as it would be very easy to forget without a reference -- again, which would require writing it down."
You could always enter the gibberish in an encrypted file, instead of a post-it note on your monitor. But un-encypting a file every time you forgot a gibberish password adds a lot of time to a workday. And to be clear, that Apple blogger had his password cracked after a hacker talked an Apple support staffer into revealing the password. As Bruce Hobbs, who's consulted and worked in 3000 shops for more than 25 years said, "This reminds me of some of the stories that Vladimir [Volokh] and Bruce Schneier tell: the core 'problem' is almost always people."
HP's got far better security options than gibberish passwords, but they'll cost an enterprise customer a lot more than a click on a eNewsletter. Its Enterprise Cloud Security (ECS) products for securing clouds -- such as Apple's iCloud -- include ECS-Continuity. HP says that service includes two-factor authenticated access to priviledged user accounts, along with NIDS/NIPS, firewall and VPN monitoring, OS hardening, physical data center security and SIEM monitoring.
The HP 3000 managers we've interviewed about cloud computing cite security as the top reason they're putting the cloud on a long simmer for migration plans. As for those passwords, Hardwick came up with a better strategy to create a password you're likely to remember.
Pick a number you know well from back in your history. Then devise a word that's not a word, like "mobolanium." Then alternate each letter and numeral to create a password. You may get something like "m9o7b5o3l2a1n4i6u5m" It might not be everything that ECS Continuity offers in its two-factor passworld access schemes. But it's got CIA. However like the other CIA, if you tell it you'll have to kill someone -- or at least a system.
August 07, 2012
Follow that VSTORE onto other drives
Editor's note: After reading our article on SLT creation and validation yesterday, consultant Brian Edminster adds some notes on how to employ VSTORE in your 3000 management. He's also working on an article that covers backup automation.
By Brian Edminster
If possible, do your VSTOREs on a different (but compatible model) of tape drive than the one the tape was created on. Why? DDS tape drives (especially DDS-2 and DDS-3 models) slowly go out of alignment as they wear.
In other words, it's possible to write a backup tape, and have it successfully VSTORE on the same drive. But if you have to take that same tape to a different server with a new and in-alignment drive, you could have it not be readable! Trust me on this -- I've had it happen.)
If you'll only ever need to read tapes on the same drive as you wrote them, you're still not safe. What happens if you write a tape on a worn drive, have the drive fail at some later date -- and that replacement drive cannot read old backup tapes? Yikes!
Using the 'two-drive' method to validate backup (and even SLT) tapes is a very prudent choice, if you have access to that array of hardware. It can also often help identify a drive that's going out of alignment -- before it's too late!
There's another possible media choice, using store-to-disk. which I'll be writing about shortly.
Unfortunately, SLTs have to be written to tape (at least, for non-emulated HP 3000s). However, your drive will last years longer if you only write to it a few times a year.
August 06, 2012
What You Need to Do and Check for SLTs
At a recent visit to a customer's shop, VEsoft's Vladimir Volokh spread the word about System Load Tapes. The SLTs are a crucial component to making serious backups of HP 3000s. Vladimir saw a commonplace habit at the shop: Skipping the reading of the advice they'd received.
"I don't know exactly what to do about my SLT," the manager told him. "HP built my first one using a CD. Do I need that CD?"
His answer was no, because HP was only using the most stable media to build that 3000's first SLT. But Vladimir had a question in reply. Do you read the NewsWire? "Yes, I get it in my email, and my mailbox," she said. But like other tech resources, ours hadn't been consulted to advise on such procedures, even though we'd run an article about 10 days ago covering CSLTs. That tape's rules are the same as for SLTs. Create one each time something changes in your configuration for your 3000.
Other managers figure they'd better be creating an SLT with every backup. Not needed, but there's one step that gets skipped in the process.I always say, "Do and Check," Vladimir reports. The checking of your SLT for an error-free tape can be done with the 3000's included utilities. The venerable TELESUP account, which HP deployed to help its support engineers, has CHECKSLT to run and do the checking.
There's also the VSTORE command of MPE/iX to employ in 3000 checking. If your MPE references come from Google searches instead of reading your NewsWires, you might find it a bit harder to locate HP's documentation for VSTORE. You won't find what you'd expect in a 7.5 manual. HP introduced VSTORE in MPE/iX 5.0, so that edition of the manual is where its details reside for your illumination.
It's also standard practice to include VSTORE in every backup job's command process.
There's another kind of manager wouldn't be doing SLTs. That's the one who knows how, but doesn't do the maintenance. You can't make this kind of administrator do their job, not any more than you can make a subscriber read an article. There's lots to be gained by learning skills that keep that 3000 stable and available, even in the event of a disk crash. Management might not respect the 3000's ability to take on new developments. But a company always respects the 3000's reliability.
CHECKSLT, and care and feeding of SLTs, are well-covered in a NewsWire column written by John Burke almost 13 years ago. His advice still holds today.
HP’s documentation tells us we need to have a current SLT. And that it can be created using the TAPE command within SYSGEN. If you look hard enough you will also find the warning that the CSLT you may have created when doing an update or manage patch is not adequate. That is about it for SLT recommendations.
Is this recommendation correct? Well, in the sense that it is necessary to have an SLT created by the TAPE command, then, yes, it is correct. You can re-install your system in the event you lose a drive in the system volume set using this SLT and appropriate other backups. But is this recommendation complete? I think not.
As has been proven countless times, the people who write manuals (and not just at HP) are not out in the real world. They are not running shops where if you get a six-hour maintenance window once a month you consider yourself lucky. They are not running shops where you have to have procedures that can be understood and followed by someone with only basic training in system operation. They are not running shops where cell phones go off like July 4th fireworks as soon as anything unusual happens.
You can find HP's VSTORE page in that 5.0 command manual online, just like the NewsWire's advice. Vladimir, you find him in your office, if he's traveling your way. But managers also find that he recommends our advice -- perhaps because we first get the instructions to do it, and then have our reports checked. Do and Check are words to live by, not just for managing 3000s.
August 03, 2012
Win for HP-UX's Present No Proof of Future
Over at the headquarters of HP's Business Critical Systems division, the streamers and sighs of relief float in the air this week. A court of California has ruled that Oracle must continue to do business with HP just as it always did. That threat of killing off its database for use on the Itanium systems -- as therefore, HP-UX -- was an empty one if Oracle follows the law and the ruling of a judge.
The HP 3000 had a similar close call more than once in its life. During 1993 and 1994 HP was hammering away at the core of the 3000 customer base. It used R&D managers and GMs to convince leading app vendors they'd be better served by porting to HP-UX. By the spring of '94 Adager organized a Proposition 3000 movement (like the California propositions, all numbered) complete with fine embroidered t-shirts. We wore them to the Interex Computer Management Symposium and lashed at the HP managers on hand.
Soon enough, sense seemed to prevail at HP. A revival of the tech investment began that brought out a better database, moved the system into the open source and Internet world, attracted new customers through the likes of Smith-Gardner ecommerce, and generally swung the sales meter upward. In the middle of this trend we started the NewsWire to spread the word about that year's renaissance.
But HP was a vendor with its own mission. A success in rebooting HP's 3000 business was certified by new sales, right up to the year Hewlett-Packard sounded its swan song for 3000 futures. We had won the battle with HP, but the damage was done with an internal wound. And so goes the same song for Oracle and HP-UX, and probably the future of that operating system inside HP this time. Oracle backs away with this court ruling. But this week's win delivers no proof there's a healthy future for Oracle's HP relationship. You cannot force a company to do business differently, not even if there are tens of thousands of customers who desire the same kind of love they've had for decades.The story chronicled above comes from the HP Chronicle, a newsmonthly which I helped launch in 1984 to cover all things HP. By the time this story surfaced I'd left the Chronicle to "pursue other interests," as they say about anyone who departs from a company with ideas of his own. I didn't leave with an idea about the NewsWire, but it came to my wife Abby, and then to me. I was still writing a guest column for the Chronicle when the above was printed. We saw a focused information opportunity that nobody wanted, and nobody thought would break even. Plus fresh evidence -- like that HP win this week -- that the 3000 was winning respect inside HP. Enough honor to stop the internal assault on the customer base to switch to Unix. Enough admiration to teach the Unix group how to engage with the Customer First in mind.
From the outlook of HP, however, that renaissance didn't have a future. By the late '90s new IA-64 design was becoming an engineering reality instead of swell PowerPoint slides shown to the big customers running 3000s and 9000s. HP had to decide if it would spend tens of millions of dollars to make MPE/iX ready for the latest chip design. It decided no. Then it recanted. Then the inevitable happened -- inevitable if you realize a Compaq-HP merger swung the ax on the necks of some products.
While the 3000 renaissance was rolling, and even after Y2K got beaten as soundly as Oracle did this week, the future looked bright. Especially when, like Oracle's forced march into HP's Itanium, there was a promise to bring what was by then called Itanium to the 3000 world. But forces high inside HP -- indeed, as high as Larry Ellison and Mark Hurd sit at Oracle -- didn't want a 3000 business around to compete with the newly-purchased, just as devoted, and much larger VAX-VMS lineup.
The 3000 left HP's futures. Just as surely, Oracle will leave the realm of HP-UX and Itanium, and take with it many of the very customers pumping billions in profits into HP. Support profits, mostly, since there's not a lot of new Itanium winning its way into companies. What's more, there's plenty of Itanium getting turned off, so HP's BladeServers with Linux will step in. Many blades will have nothing to do with HP.
Those of you who read me regularly on the subject of HP probably know where this is headed. "Oh, HP made a mistake then. They'll make another now. Investing in HP's Unix doesn't have a lengthy upside." I still believe all that, and I'm not alone. Some vendors are glad, however, that the FUD of Oracle and Itanium is going to have to go underground. But it's not going to go away.
It's good to have customers as well as prospects who are using HP-UX and Itanium, if that's the pulse of your profits model. But do not mistake this HP legal win for a renaissance of Itanium at Oracle. There was a time when that might have happened, but that time was back when there was no Internet, when faxes were the fastest, and when the USA Dream Team was making its basketball Olympic splash. Plenty has changed since Oracle and HP could do billions in business together without so much as a signed napkin. One of the biggest changes is that HP's old CEO, given the bum's rush by the Hewlett-Packard board, is now running an operation aimed at killing off Itanium.
Mark Hurd was such a key hire for Oracle that he had a remarkable clause in his employment agreement. We've learned from reading documents that Hurd had a provision for what might happen when Oracle purchased HP in a takeover. There's no need to go all tinpot-despot while sizing up the Oracle management chiefs. But any company that figured they could buy you up while they hired your former CEO isn't going to let one judge's ruling, plus $4 billion in damages, pull them off their windmill-tilting quest.
The drive-by shooting bystander in targeting Itanium is HP-UX, just hanging out on HP's chips and still outselling Solaris. Not Linux, though. Hewlett-Packard knows the enterprise future is Linux, too. So if you're hip-deep in HP's Unix and reading the 43-page victory announcement from the judge, enjoy it. We announced an HP renaissance about the 3000 in 1995, and it lasted six years until HP had to grow up and grow out of the operating system business. It won't take Hurd and Oracle's uber-meister Larry Ellison that long to get Itanium out of the way, even as they're discovering technical problems with new Oracle database releases for Itanium.
Those are the releases that will be court-ordered to run on what HP will call game-changing Itanium designs. However, we've heard from both inside and outside of HP that this FUD campaign of Oracle's has already landed a mortal blow to the Business Critical Systems group. Not even $4 billion in damages will offset what's going unsold, or return the top tech talent that HP's cut in its latest employment purge. The HP-UX and Itanium writing is still out there, but instead of being on the wall it's now it's in legal briefs waved in appellate courtrooms.
These 43 pages from the judge won't be enough to prove anything but Oracle violated an agreement, one struck under pressure when Mark Hurd lept to a rival overnight. Gaudy mistakes like axing the 3000, or kicking a hornet's nest in firing Hurd, come from a boardroom level at HP. The little people working magic in the labs, and the customers trying to protect investments, are the ones getting stung.
August 02, 2012
HP wins lawsuit ruling against Oracle
After more than a year of accusations, secret document dumps, and a glut of suits and countersuits, HP has a victory in its lawsuit against Oracle to save the Itanium servers. Hewlett-Packard didn't paint the suit in the Superior Court of Santa Clara County California as a battle for Itanium's future. But in winning the ruling from Judge James P. Kleinberg, HP will force Oracle to keep selling and porting its database for Itanium servers. Oracle believed that a clause in a lawsuit which settled hiring away Mark Hurd didn't force Oracle to stay in the HP market.
Oracle said it will appeal the ruling immediately. The next step of the lawsuit is to bring the matter in front of a jury to determine damages Oracle must pay HP. Hewlett-Packard estimated it would have lost $4 billion in HP-UX and Integrity business if Oracle had won. Much of it was calculated in support fees.
Legal and industry analysts, as well as members of the 3000 community, are not completely convinced this settles the future for Oracle on Itanium. The judge noted that Oracle and HP were once close partners. Kleinberg noted in his ruling that both companies made a lot of profit for many years working together. It all began to unravel in the spring of 2010, after the former HP CEO Hurd was cleared to take a systems leadership job with HP's rival Sun/Oracle.
Oracle must port its products to Itanium servers without charge, the judge ruled. Oracle said it decided to dump Itanium and HP-UX because it believes the chip is approaching its end of life. Oracle didn't say that about HP-UX. But the operating system only runs on Itanium servers by now, unless a company's got older, PA-RISC-based servers.
Alan Yeo of Screenjet, a provider of tools and services to modernize legacy interfaces on the 3000, believes HP isn't going to extend the HP-UX lifespan very much as a result of a court ruling. "HP don't want to be in the operating systems business anymore," he said yesterday. "That's not where they're going."Some members of the 3000 community are saying that it's very new and untested law to force one company to do business with another. "Forcing parents to stay together for the sake of the kids normally isn't a good idea," Yeo added. "Neither, I suspect, is compelling companies to be business partners." He thinks an exit strategy for Oracle-Itanium users is in order.
On a Wall Street Journalreport about the outcome, several commenters noted that Oracle has other means to keep its database out of Itanium/HP-UX IT centers. "The court may order Oracle to provide software and support, but there is nothing against pooling high-schoolers in Itanium support centre," said Mike Kichton.
"The court may be able to force Oracle to support Itanium," said another commenter, "but they can't make them do it well."
Inside HP, confidence remains high about the prospects for Itanium -- and by extension, HP-UX. Even while HP insisted that Oracle was bound to its promises to support Itanium, HP began to promote Postgres SQL as an alternative. The doubt and battles over the future of the database which is the most often installed on HP-UX have cost HP millions of dollars already. In the quarterly report from this year's Q1, HP's CEO named the Oracle battle as a factor in a 27 percent decline in the Business Critical server business, the group selling servers that run tanium chips. BCS numbers continued to drop in Q2.
The judge's ruling will be of no help for the BCS Q3 sales, which ended the day before the court edict was announced. HP called the ruling "a tremendous win."
Today’s proposed ruling is a tremendous win for HP and its customers. The Superior Court of the State of California, Santa Clara County, has confirmed the existence of a contract between HP and Oracle that requires Oracle to port its software products to HP’s Itanium-based servers. We expect Oracle to comply with its contractual obligation as ordered by the Court.
HP summarized the court's order in a brief statement on its Newsroom website.
August 01, 2012
Just how good were those good old days?
NewsWire subscribers who receive our email updates have heard that I'm collecting stories about the early 3000's days. I'm working on an autobiography of the 3000, written "as told to" me, by the system. I've fielded phone calls and gotten some nice email stories. Today's was great fun to read and instructive, too. That's because the negative experiences in our lives are remembered clearer than the positive ones.
What I mean to say is that war stories are more fun to read, chock-a-block with details. Before I offer an excerpt from today's story, I want to make an observation about the 3000's life. It wasn't always the better time we prefer to remember.
Even the president of the Connect user group falls prey to this memory. In his column in the latest user group magazine, Steve Davidek remembered days when HP was packed with people eager to service a 3000 customer. After a disk head crash in 1984, Davidek recounted three HP employees he knew by name who chipped in to resolve the problem. A different time indeed, when Davidek managed just one Series III HP 3000.
Our HP sales rep would visit every month or so just to see how we were doing. Some months he'd even bring a Systems Engineer along to check on things. It was amazing.
Dave Wiseman, who says that "Most of you will know me as the idiot dragging the alligator at the Orlando conference, or maybe as the guy behind Millware," told us a tale of days even earlier in the 3000's life. Buying a system from HP in 1978 meant investing in a terminal to test your application -- before HP would even fill the system order.One of the first three HP 3000 customers in Southern England, Wiseman was managing at an IBM shop looking for a better system. "I called the HP salesman and asked him in," he says.
What HP never knew is that if the project went well, there was a possibility that they would get on the shortlist for our branch scheme – a machine in every UK branch office. That would be 45 machines when the entire UK installed base of HP 3000s was around 10 at the time.
So the salesman came in and I said that I wanted to buy an HP 3000, to which he replied, “Well I’m not sure about that, as we’ve never done your application before. Why don’t you buy a terminal and an acoustic coupler first and make sure that your application works?"
"Okay," I said. "Where do I buy a coupler from?"
"No idea," he replied “but the 2645A terminal is $5,000."
So he bought the terminal, and then tested against HP's 3000 in a UK office. "I started dialing into the Winnersh office. (I still have the telephone number and address engraved in my heart). On occasion when I needed answers, I would drive over there and work on their machines."
Wiseman goes on in his early history to praise the improvement that the 3000 delivered to Commercial Union Assurance.
I recall our durability test was to unscrew the feet on the 50MB disc drive and push it until the disc drive bounced off its HP-IB cable. On more than one occasion the cable came out and you could just plug it back in and carry on working. Try that with an IBM and you could expect two days of work to get it restarted.
The IBM guys couldn’t understand how we could run so many users on such a small box, but we were always looking for improved performance -- as we already had the largest HP 3000 around. There were no tools available in those days, so we used tricks like putting a saucer of milk on each disc to see which one curdled first. (Okay, that's not really true. But we did spend a long time just standing there touching the drives lightly just to see what got hot.) We did a full system unload and reload every three months, and unloaded and reloaded most databases at the same time.
Davidek recalls his warm feeling of having ample HP support, but he does recognize it as a bygone emotion. "The customer experience today is probably not ever going to return to those days, but I would love to come close," he writes. "HP is working on this issue, and with a little luck, we may get there."
War stories are useful for more than the warnings about potential pitfalls. Even from 30 years ago, they remind us the good old days were not as good as we remember. They also remind us how our initiative made the bad times manageable. That's a confidence builder in these uncertain career times.
A 3000 manager needed a little luck, all the way back to the beginning. I'd like to hear about your lucky and unlucky days. Call me at 512-331-0075 if you want to chat, or email me. By recalling both the good and the bad, we can chronicle the middle path for that autobiography.