April 30, 2013
How to Shift a 3000 from FTP to SFTP
I have a script that uses FTP to send files to a site which we open by IP address. We've been asked to change to SFTP (port 22) and use the DNS name instead of an IP address, and I don't believe the 3000 supports that. Does it? If so, how?
Allego's Donna Hofmeister replies:
If you are going to use DNS, you must have your 3000 configured for that. It's easily done.
However, if you've never done anything on your 3000 make it act like a real computer (oh -- that's right, it is a real computer and fully capable of using DNS), this can turn into a can o'worms.
For 'DNS lite', it's probably simplest to:
1. copy hostsamp. net to hosts.net
2. edit hosts.net to make sure it has
184.108.40.206 name <--- where 220.127.116.11 and name are corrected to the system you want to connect to
4. edit nsswitch.net to have this line:
hosts : files[SUCCESS=return NOTFOUND=continue]
With this done, the 3000 sorta kinda acts like it's using DNS (because it's looking the the hosts file for how to translate 'name' into '18.104.22.168')
Tony Summers provides a caveat:
One warning. The upgrade from FTP to sFTP (or SSH FTP etc) can involve more change to your scripts that you expect.
What we do for FTP (originally on the HP 3000, and now on the HP-UX server) is build a text file with the commands (the sample below, edited)
user USERNAME PASSWORD
get /export/002_iccm_extract_1161.csv ICR21161
The file is then presented to the FTP client. On the HP 3000 it was something like....
RUN FTP.ARPA.SYS < FTPT0070 > FTPS0070
Then both the output file, FTPS0070, and any JCWs set by the FTP program were inspected to test the success of the FTP session.
Connected to xxxxxx.co.uk
220 Welcome to FTP service - xxxx.
331 Please specify the password.
230 Login successful.
200 Switching to ASCII mode.
200 PORT command successful. Consider using PASV. 550 Failed to open file.
In particular, the 3-digit status codes were analysed, looking for error codes like "550".If you do something similar in your FTP scripts, then all I can say is welcome to a very different world.
Karsten Brøndum adds:
Here's a completely different approach.
Depending on your skills in the Java area there is a nice LPGL package called ftp4j (which requires Java 1.4 or later) that i have used a couple of times. (By the way, ftp4j will do both SFTP and FTPS). I've found it way easier than to fiddle with files with text files containing commands, especially when it comes to error handling.
April 29, 2013
MB Foster tips hand on hybrid migrations
In a sneak peek of a May 1 general release, MB Foster is announcing a hybrid of solutions aimed at making migrations off the 3000 easier. The company is calling its offering MBF eZ-MPE.
Software for migrating data, entire databases and more has been in the MB Foster stable for several years. Some of the solutions, like the data migration products, have been working in production environments since the late 1980s. Data Express moved corporate 3000 IMAGE data into desktop environments; eventually that product was transformed and expanded into Universal Data Access (UDA) software and solutions. Lately, the company has begun to sell some of its software -- previously used only for services engagements -- to sites for their own use.
Two years ago MB Foster released an MBF Scheduler to replace the job scheduling capabilities of MPE/iX for the Windows environment. More recently, the UDALink tool was migrated to work with HP's Itanium servers in the Unix environment.
Now the collection of this software tool development as well as services is making its debut as eZ-MPE. "The value of MBF eZ-MPE is its collective ability to mimic the HP3000 environment," said a release that's on its way to the rest of the 3000 community by May 1.Windows is the primary target for eZ-MPE users, according to that release.
MBF eZ-MPE is a hybrid solution for HP 3000 customers who have a keen interest in transitioning to a Windows environment while preserving the company's competitive advantage and legacy application.
It manages the nuances of VPlus screens, controls access to applications, and has its own file system library for call management and translation between KSAM and relational databases. Its IMAGE library easily converts TurboImage calls to ODBC calls, and facilitates a move to a native environment as part of a company's long-range plans.
The value of MBF eZ-MPE is more encompassing than screen handling, file systems, and databases. A typical in-house developed business application would include scripting, sorting, merging, logins, Job Control (JCL), FTP services, and scheduling requirements. MBF eZ-MPE includes solutions for all of these as well.
We'll have more details on this hybrid solution for migration as they surface.
April 26, 2013
Ginny Seybold, 1925-2013There will be no regular 3000 Newswire posting today, due to the unexpected death of my mom Ginny Seybold. She passed away this afternoon quietly, in the Franciscan Care Center of my hometown of Toledo. Virginia Seybold was 87, a Depression-era youngster who danced on roller skates as a girl, full of spark and a spirit, Irish to her core, a young woman who became the mother of four Baby Boomer children. I will miss her always. Along with the tomorrows that she no longer can give, generous as a mother's kisses, there will be no extra yesterdays for us as well. She raised us all Catholic, but I hear another prayer today. "She will live on in the hearts and minds of those who loved her."
April 25, 2013
How to Conduct a Security Assessment
Editor's Note: Migrating HP 3000 sites must be responsible for security in more extended detail, once they move operations onto open enterprise environments. In the first of a series of articles, CISSP security expert Steven Hardwick of Oxygen Finance outlines the basic security concepts -- and how security controls fit together to provide an overall protection environment.
By Steven Hardwick
First in a Series
As penalties increase for loss of data, more and more regulations are forcing organizations to protect it. Couple this with new technologies that are moving information into the cloud and a perfect storm is forming -- one that will force IT professionals to regularly evaluate the security status of their infrastructure. To aid this effort, this series will cover
1. Introduction to security controls
2. Overview of security regulations
3. Tips on conducting a security assessment
By understanding how security systems are built as a whole it will be easier to comprehend the myriad of requirements detailed in a security regulation. Sometimes it is difficult for IT professionals to see the woods when they are stood in front of a bunch of trees. Plus, taking a broader view can give a better understanding of the challenge and the potential solution. It is not always as simple as encrypting data or adding another firewall.
Where to Start
The majority of security requirements are focused on protecting information. However, one additional asset that is often overlooked, especially in the commercial sector, is the people.
Once when conducting an audit, I noticed water sprinklers in the computer room. After asking the IT manager where the cut-off switch for the room was, he did not know, nor was it clearly marked. Consequently, if the water came down and someone was in the room, it was not obvious how to turn off the power. Fortunately, it's included in some requirements, but ensuring human safety is not the primary responsibility of the IT department. It's the data that must be protected.
The aspects of protecting data are divided into three areas
• Who/what can view the data (Confidentiality)
• Who/what can change the data (Integrity)
• How can authorized users/applications get to it (Availability)
Security regulations focus on one or maybe two of these categories. For example, PCI (credit card industry regulations) are very focused on confidentiality, whereas SOX (fiscal reporting) is focused on integrity. However, both include some of the other categories.
Another basic concept is that there is no silver bullet that will be a cure-all. Within even a medium-sized organization there may be over 30 different types of security controls. Furthermore, only a portion of them are specified, deployed or maintained by the IT department. Fortunately the security industry has made some sense of this by creating three types of security controls based on the general way they are implemented: Administrative, Technical, Physical.
Each control can be further divided in the way in which it is mitigating the security threat: Preventative, Detective and Corrective.
Our next order of business is to understand the general description of each of these delineations. Bear in mind, I am using a loose classification. Although most security controls clearly fall into one or the other, some are left to interpretation.
It's all in a name
First let's define the three different security control types, and then look how they can be further categorized
Administrative controls are policies and procedures that govern the security infrastructure. In most cases these are written documents that outline the behaviors that are expected. These documents can either be internally generated -- a work at home policy for example -- or an external requirement such as HIPAA.
As well as defining the behavior, in some cases the enforcement of the control is also included. One of the common complaints regarding HIPAA was that it had no enforcement. In the succeeding HITECH Act the US government added enforcement of the security controls it contained.
Here are some general examples of Administrative controls
- Regulations (HIPAA, PCI, SOX)
- Acceptable use policy
- Disaster recovery policy
- Non-disclosure and confidentiality agreements
- Hosting contract (Particularly SLA terms defining availability)
- Employee agreement -- return of all data and equipment
- Equipment logs and maintenance records (includes security equipment such as firewalls)
- Vacation policy
Why is vacation policy considered a security control? Firstly, ask any security professional what is the single weakest link in any security chain. The answer is almost certainly the people. When individuals do not take vacation they can easily burn out. This can cause fundamental mistakes that allow holes to be created in the security environment and put information or people at risk.
Secondly, if an employee goes on vacation, then another employee usually assumes their role. If the original employee is violating security policy, the new person may detected. I have personal experience where a situation of emails were discovered that exposed an employee who was routinely sending sales information to a competitor. The "vacation" in this case was that employee's interview. Another employee assigned to temporarily process the emails noticed that several had been sent to a competitor and notified the security team. Not only was the vacationing employee terminated with cause, but the company receiving the email was threatened with legal action -- and the offer of employment was withdrawn.
Physical controls are generally as they sound, those defined to secure the physical environment they control (sometimes called "Guns, Guards and Gates"). There are few, however, which typically fall into this category that may be overlooked. Here are some examples.
- Building access controls (includes badges, video monitoring, security guards, locks, fire escapes)
- Internal access controls (typically a subset of the overall building controls, but can include addition levels like fingerprint access control)
- Monitoring equipment
- Safety systems for information processing environment
- Disaster recovery equipment (including cooling/heating systems0
- Information disposal (discussed as a specific case)
Over the past several years, information disposal security has grown in terms of what it controls. Originally this type of control was focused on hardcopy data. It included data shredders, for example. However, this has changed in two ways.
First, the bad guys have got more innovative. Most readers will have seen one of the cop shows where the rookie has go through the suspects garbage. Physical controls now include management of waste. Second, disposal of IT equipment is part of physical controls. There are countless stories where someone bought a used computer on eBay only to find tons of information on the hard drive. (I was once given a replacement hard drive for my laptop. It turned out it was an un-erased drive had previously belonged to the CEO. Needless to say, it was returned to the CIO. Why the CIO? He had clearance to receive the data.)
Technical controls are the section most IT guys view as security. (It's sometimes called logical controls.) This includeds firewalls, encryption, IPS, RAID arrays (for availability), and backup. This will be covered in a little more detail during Preventative, Detective and Corrective definitions. (the author has LOTS of examples of this control, but so to have most of the readers)
Going to the next level
Preventative controls, as the name suggests, stop any violation of the security policy. The definition is used to further define a control.
- Administrative Preventative: Training. Most view this as a corrective action as it seems that training is only held after a breach has occurred. However, the training is actually being held to prevent future breaches.
- Physical Preventative: Locks
- Technical Preventative: Encryption
Detective controls are ones that are used to determine if a preventative controls has failed, or breached. They typically sit behind a preventative control and are aligned with its capability.
- Administrative Detective: Log reviews
- Physical Detective: Digital video recorder (This can either be for external or internal cameras)
- Technical Detective: Intrusion Detection System (This is normally a component of an overall system)
Corrective controls come into play to stop a breach that is in process. This class of control works in concert with both preventative and detective to thwart the attack. Typically the detective control will activate the corrective control. The corrective control will then change the behavior of a preventative control to stop the attack.
- Administrative Corrective: Disaster recovery plan
- Physical Corrective: Indecent response team
- Technical Corrective: Intrusion Prevention System (typically linked to a firewall)
What this looks like in practice
Let's consider the deployment of a centrally managed data protection system. The diagram below shows some of the different controls that must be deployed to support it. (Click to see the details.)
In this example, a technical preventative control is being deployed. A technical detective control, the centrally managed policy and log server, will provide alerts if the security is breached. The technical response will be provided by the IPS. The management server will be housed in a datacenter that has physical access control. A video surveillance system can be used to detect unauthorized access and a response team alerted to correct any violations. Once deployed, to prevent misuse, users are trained on how to use the system. The system logs are routinely monitored to detect breaches and the response plan will detail how to respond.
As you can see from this simple example, several different departments (IT, facilities, legal, HR) would be involved in developing the complete set of controls.
April 24, 2013
Program for legacy with a legacy dev tool
Good tools don't always survive bad times. When HP pulled its plug from the 3000 dynamo, popular development tools began to slide. One of our favorite COBOL legends and 3000 consultants, Bruce Hobbs, was looking for ways to connect to the legacy community for such a dev tool, Programmer Studio.
"I have a vague recollection that you published something awhile back regarding the demise of Whisper Technology, and the situation for anyone now interested in using the Programmer Studio product," Hobbs said. "Could you please point me in the right direction?"
The genesis of Programmer Studio comes from the days when HP was still buying print ads for the HP 3000 in the general computer industry trade press. Ads that astounded the installed base -- like the one at left -- because they were so rare, and resonated so well with the established consumers. The 3000 had giant corporations using it, something HP had to admit from time to time while it labored to create a business computing market for Unix. Whisper popped up often when we surveyed the legacy developer community in December. This is unsupported software, but it's still in use at the occassional programmer's bench, such as the one that Michael Anderson operates at J3K Solutions.
I was never much for purchasing tools for development. However, since the late '90s onward, I used Programmer Studio from Whisper Technologies as a "character based" editor. In the latter years of working on MPE, the languages I used also included Java, Perl, and SQL.
(In a bit of circular technology, the Robelle programming tool for the HP 3000, Qedit for Windows, also knows a lot about Suprtool -- since Supertool is also a Robelle product.)
"But today I don't use the HP 3000 much any more, nor Windows," Anderson added. "For years Programmer Studio kept me tethered to Windows as my favored editor. Recently I've started using JEDIT on Linux. JEDIT doesn't know how to access the HP3000, so for that I still use Windows along with Programmer Studio."Authors and creators tend to dig in with their tools. Hobbs asked about Programmer Studio because of its reputation, but he understood the software had not survived the HP purge.
But for that matter, that kind of afterlife is where other 3000 software resides today. The developer of the Programmer Studio has moved on to other things, according to the Whisper Technology founder Graham Wooley. In 2009 he said
Unfortunately Whisper Technology is no more. As the developer, Greg Sharp had looked after Whisper and Programmer Studio by himself for the last three years, but he has now moved on to other things and the company has now closed.
The UK's Whisper built and promoted the Programmer Studio PC-based toolset, then sold it as a development environment which understood exchanges with the 3000, but could also be used to create programs under Windows. Robelle responded promptly with a Windows version of Qedit, and for more than five years the 3000 ecosystem had a lively competition for programming tools.
Survival is one of the better measurements of quality, but good technology sometimes has to succumb to business issues and investment strengths. Such was the case for HP's business with the 3000 and MPE. Like Programmer Studio, MPE is no longer supported by its creators. Unlike Programmer Studio, MPE has third party support, as well as an emulation engine being sold this year. These things are markers of survival.
An experienced 3000 developer like Hobbs probably won't care much about support for a programmer's tool. Wooley's company was a lively bed of 3000 ardor in the 1990s. At one point, he placed a bet with Adager's Alfredo Rego. Wooley was so concerned about HP's treatment of the 3000 in 1993 that he wagered with Rego that HP wouldn't advertise the system -- mostly as a prod for HP to do so. Wooley lost his bet, happily, when Hewlett-Packard put ads in both US and European publications for the 3000 at the 11th hour of that year.
An abandoned but beloved product is usually passed along from one user to another, with each exchange marking another step into the public domain. HP's been vigilant about MPE to keep the OS out of this sort of drift. People admire it in the same way that Programmer Studio advocates praise that product.
The difference is that you'll still be able to buy support for MPE from independent professionals, some of whom have a source code license for the software. Adager is on that source code holder list. So are the indie support firms Pivital Solutions, Allegro Consultants, Beechglen Development and Terix. They are all eating their Wheaties, surviving into our new era.
April 23, 2013
How app portfolios increase career value
Getting an HP 3000 back into discussion at the boardroom level can be tough. In a lot of places still running MPE/iX applications, the programs that drive company computing have become invisible as the grain in a fine piece of wood that makes up a boardroom table. Application Portfolio Management (APM) can be a means to increase the visibility of HP 3000s.
And if that visibility leads to a more energized transition plan — because now the executive management sees how vital the MPE/iX application is to meeting company goals — that's a good thing as well. Retiring out with the HP 3000 is an option for some managers. For many others, outlasting the server is becoming the genuine challenge. Leaving a legacy as an IT pro, instead of the just the 3000 expert, is one way of nurturing a career.
You have to know how to treat applications as assets, to frame software as if it's as essential as cash on hand for a company. APM doesn't get cited much by the 3000 manager who's been a technologist to deliver value to a company. This is the business side of business computing. Learning more about it gives a manager a greater skill set. Best of all, these practices make it easier to justify IT acquisition and expansion and yes, even a migration with its profound expense.
Tomorrow (April 24) at 2PM Eastern Time, MB Foster is leading a 45-minute webinar with time for questions about APM as part of its bi-weekly Wednesday Webinars. "Do you want executive management to understand the condition of IT applications -- built, bought or accumulated through M&A, or acquired for a specific need -- and how they grow the business and how they affect future budgets?" The answer to that would probably be yes, just to ensure that the asset called the HP 3000 applications get their accurate valuation.
APM is a proven concept that can make a manager look more modern at an executive level. Best of all, according to CEO Birket Foster, it can be started with something as straightforward as an inventory. In 2007 when the concept was still gaining traction, he explained the introductory steps.
APM helps managers assess value to application assets. To begin, take an inventory of applications and clearly understand the current business and technology fit for each application. Publish the application portfolio so it can become a budget item visible to the management team.
I know, at first it may not be where you would like it to be, but it is what it is — there is nothing that can be done about the past. But when you start the process of APM, you can start managing a budget with the objective of aligning business needs with IT’s, with options for The Three Rs of Applications – remain, replace, or rehost. This way IT can get included at the management table and get the budget needed to renovate when required.
The APM process can have a profound effect on decision making. "It will clarify existing investments, application lifecycles, and any future investments, upgrades, operations, replacements and budgets related to the applications," Foster said in preparation for this Wednesday Webinar. "This will help the entire company know what IT needs to invest in to support the business, as well as the impact on the applications that are used by every department/business unit."
April 22, 2013
Comparing Costs of Staying for 5-10 Years
Last week's CAMUS online-phone RUG meeting included a comprehensive exam of staying on MANMAN for at least another five years. The proposal, outlined by Terry Floyd of the Support Group, showed a cost exceeding $40,000 a year to keep running an HP 3000 with the ERP application plus crucial support for hardware and all software.
His estimation, for a Series 939 low-end system with 30 users' worth of MANMAN (all numbers are annual)
Hardware support - $5,000
MPE/iX support - $2,000
MANMAN application support - $10,000
Support for vendors of third party software - $10,000, on average
Electric power and cooling - $12,000
Including miscellaneous costs of $3,000 yearly, that's a total of $42,000 to stay on MANMAN each year. "That doesn't even include salaries," Floyd said. "These are costs directly related to MANMAN." One user pushed back on the third party software support costs, saying the estimate was low.
One way to cut back on these costs would be to run MANMAN on the cloud, Floyd said. This development, if it ever emerges for the MANMAN community, would be via the Stromasys emulator, which sits in a Linux cradle. Linux is even supported by the HP Cloud, a newcomer to the virtual server vendor lineup. (HP-UX is not supported). The cloud reduces hardware-related expenses and wipes out electrical, versus a cost of $200 a month per user.
(Stromasys officials on the call said they thought Floyd may have been referring to one of the possible options for people wanting to migrate off the 3000. There's been no testing or instances of the emulator running from a cloud service yet.)
So while looking at the numbers and the state of 3000-based cloud options, one of the larger points that Floyd made in his review is that MANMAN, even today on current 3000 hardware, could remain a viable place to stay with manufacturing IT -- so long as the ERP instance has up to date modifications for interfaces and integration, properly documented so they don't become tribal knowledge. Plenty of MANMAN sites have modified their application. Mods are part of the MANMAN Way.
"Interfaces and integration are certainly the best places to spend dollars on improving MANMAN," Floyd said. But the cloud is not free, just a lot less costly. Estimating a 30-user implementation -- plenty of the remaining MANMAN sites are small -- he still came in at $6,000 a month. That's $72,000 against the $17,000 plus the expense of purchasing the 3000 and its storage devices.
"You're spending a heck of lot less than that just for the electricity," Floyd said of the cloud solution.
Of course, most companies running MANMAN -- or nearly any other application -- have long ago paid off capital costs for hardware. The costs that remain fixed are the OS and application support ($12,000 in Floyd's estimate) plus the third party software support at $10,000.
Let's see, $22,000 plus that $72,000 is $94,000 yearly. You're up in the cloud in this picture, running a virtualized 3000 server. The license for that virtualization software and its support fee varies, but nobody is reporting much under $10,000. It's a big advantage when you consider the emulated 3000 will operate many times faster than a Series 939.
So someone who stays by rising to the cloud will be up in the $100,000 annual range for five years, annually, using the solution with the longest lifespan (virtualized OS, virtualized hardware) with an application that's just about the most senior in your community. Factor in the costs of purchasing MANMAN over 10 years and you'd add $25,000 yearly. (This is, of course, another cost that most MANMAN sites have paid off long ago.)
But even if you're able to do computing from the cloud, "IT costs do not go away," Floyd said. "Even if you're in the cloud, for any manufacturing company, better utilization requires an IT function." That IT function is a programmer for ongoing development of modifications, at the least. FORTRAN programmers might be hard to find in the middle of nowhere, Floyd added. Lots of US-based manufacturers using MANMAN operate in such small towns, to keep labor costs contained.
The counterpoint of all that expense of working to stay on MANMAN? "The biggest cost of leaving MANMAN is data migration and implementation of the new system," Floyd said. You would retain the cloud costs, the OS and vendor support costs in this scenario -- while the MANMAN site must pay for SAP, or Oracle, or some other ERP solution.
When calculated with this much detail, "It's not a crazy idea to think of staying on MANMAN another five or 10 years," Floyd said. Mobile connectivity will demand bandwidth that might not exist. "MANMAN is cheaper to operate than either an on-premises replacement or a cloud-based replacement. Inertia is the driver, especially if you're retiring in the near future."
The companies using MANMAN aren't retiring, of course. They face a cost to select, acquire and implement and migrate data to a replacement ERP system from "hundreds of thousands to millions of dollars," Floyd said. "Why did all those companies leave MANMAN? Ten years or so ago, they might have had management with some high ambitions."
Or did they really leave because their users lacked a basic understanding of MANMAN, so relied on tribal knowledge in the organization -- "and then they forgot the way their were going things the way they were. And then a couple of really key users left. And you wonder how this stuff works, and why it works like it does. If you change the heck out of MANMAN and didn't leave a good trail, there's no way you could keep track of why you did that modification."
But after more than three decades in the field, there just aren't many bugs left in MANMAN. The 3000 sites that tracked their mods, can keep knowledge of their implementation documented, can keep a FORTRAN developer available somehow -- these are the sites that have added up the costs to stay on an app that was first released in the 1970s, even it hasn't been changed in more than 15 years.
April 19, 2013
Where Everybody Knows Your CPUNAME
The iconic TV show Cheers splashed a theme song about the fictional Boston tavern every Thursday, way back in the 1980s. It was a drinking outpost "where everybody knows your name, and they're all so glad you came." If attendance works out well for Stromasys at its HP 3000 Social -- four weeks away -- they're likely to have the same sort of turnout. The Tied House will be a place where everybody knows your name because so many will be familiar to each other. That's what more than three decades of community gives you.
This week the blue and white postcards arrived in mailboxes announcing the combination of Social and Training May 9-10. We found one in our mailbox, but word of the event is spreading beyond the reach of the US post. Vladimir Volokh of VEsoft called to report he'll be at the Tied House. Neil Armstrong, developer and curator of Suprtool, has also been tracking the event closely.
These VIPs of your community will be joined by people experienced in 3000 matters who seek a way around aging HP hardware for MPE. And there will be some stopping by to see the names that they know and meet new ones with something in common. Everybody there will be listening for news about licensing. Right now this is a rare brew that prospects are thirsting for if they want to emulate a production machine.That postcard doesn't share much of the agenda for the meeting, some details of which are revealed at the Stromasys RSVP webpage. (The whole thing is free, by the way, right down to the heavy appetizers where everybody knows your name.) More to the point, it doesn't reveal the strategy that will drive your feet to that bar where everybody will know your name. Your interest in the emulator is assumed. Knowledge and experience and boasting and whining, laced with humor, were always the prime reasons for attending an HP 3000 user group event. In the absence of a user group, this kind of gathering will have to provide those usual incentives. Expect a lot of "we migrated awhile ago, and here's how it went" along with "we don't want to, and here's the license and support issues we need to solve."
The technology is not an issue. The training on May 10 will prove that to anyone who hasn't seen a demo yet, and the take-home freeware A202 version will give attendees an easy way to do a proof of concept.
Will the system administrator who's moving away from Powerhouse -- slower than expected -- be at Tied House, or the Computer History Museum the next day? Stromsays is keeping track of the RSVPs. Such an attendee would be interested in how the licensing is going with IBM, the keepers of the Cognos products. Powerhouse users have recent memories about investigations about their licenses, with demands for upgrade fees.
We've begun the effort to get Charlie Maloney of IBM, formerly of Cognos, to tell us anything about licensing Powerhouse for the emulator. No comment yet, after about a week of attempts. But Charlie is busy being the Software Sales Representative at IBM Software Group, Information Management, so he might need repeated attempts. I'll keep trying.
I anticipate that if the Tied House and CHM are filled with more than tire-kickers who want to talk about an emulator in demonstration, they'll get down to license discussions. An IT analyst up at a higher education institution said if license fees to move to the emulator match the annual HP 3000 hardware maintenance contract, it's a deal-breaker.
The issue that would destroy the cost-neutrality concept would be software licensing fees. To save costs during our migration to the ERP software, we let software maintenance lapse on all of the utilities that were permanently licensed -- that is, all of those that would continue to run without a refreshed license key each year.
It almost sounds like utility vendors on that system haven't earned a dime during the migration. Taking those utilities onto the emulator, sans support, is only even remotely possible if the emulator is stopgap on the way to a migration. We'll leave it to the reader to judge if its fair.
Migrating customers will look at these license vs. support tradeoffs and see the challenge of staying with MPE. They've made the decision to stay with hardware that demands a support contract of significant investment, but at least their software licenses have no surprises. It doesn't mean the software is anything close to free, since the 15-20 percent application support fees are in place. All that IBM, nee Cognos, will charge for its 8.49F Powerhouse is Vintage Support.
The tough part for that analyst is that his Powerhouse license is 8.49E, not F. The F version had all of its platform-upgrade fees removed, we learned. The way from 8.49E to F is as uncharted to me as Maloney's reply.
There's always the possibility that customers who know each other's name could get together to arrange a group negotiation with such upgrade-fee vendors. Stromasys won't do this officially; it's up to the emulator customers. As for those utility support dollars, they ought to be going to the vendors if those utilities are key to keeping a production system online. That's the 3000/MPE tradition: guaranteed uptime.
We hope it's a rich brew of license and support insights at Tied House, blended with the eye-opener of the training that includes a Linux cradle for the emulator the day after.
April 18, 2013
How Ending Support Might Change Things
If the above subject seems obvious, then the story of the HP 3000 and MPE has had moments to refute it, as well as prove it. Hewlett-Packard considered the end of its vendor-priced support to be the ultimate change in 3000 ownership. If HP wouldn't support MPE and the 3000, who'd use it?
That one is filed as a refute -- several thousand companies have relied on 3000s and MPE over the four-plus years since full HP support ended. Even as a government-required archival system, the computer outlasted the end of HP support.
But in proof of ending support as a trigger of change, we offer the case of the disappearing database. No, not IMAGE, still wired to this day with elegance into the MPE filesystem and 3000s. No, we're examining Oracle here. Many IT managers consider Oracle to be the industry leader. So if its support drove off the 3000 cliff, and so dropped off for MPE after Y2K, didn't that deal a crashing blow to the user community?
One manager who wants to remain anonymous, but still tends to a 3000, told us this week that he believes it was true. "I asked HP people at a trade show if they had heard how Oracle, recently in court and in the news, began the demise of MPE -- when in a previous pre-Sun business decision, they announced end of support for Oracle on MPE?"
Yes, the end of this support did change the 3000's future -- at HP. In the early 1990s HP was hoping that IMAGE would become only one of several database options for the servers, and so it tried to unbundle the custom-tailored IMAGE from MPE. This was meant to make room for the likes of high-dollar Oracle, or other databases which had not made the port to the 3000. HP wished they would do so. Hewlett-Packard's 3000 group pined for SQL Server on MPE.
But Oracle never was thrilled to be part of the 3000 ecosystem. There was so much more profit to be had in the Unix world, or up on IBM mainframes. In 1985 I was reporting on rumors that Oracle was moving to what we were still calling MPE V at the time. The Oracle VP I reached had a question for me. "Why in the world would we do that?"About four years of market time changed this approach, but in '85 Oracle wondered why in the world any vendor would offer an MPE-ready database while IMAGE was included with every 3000. How could Oracle compete with that value? It wasn't like HP was reducing the prices for 3000s which shipped with no database. Enter, after Oracle's arrival on the 3000, the scheme to unbundle IMAGE -- and the customers' revolt at a public roundtable over this strategy.
Oracle trod its path away from MPE after many versions of the database were built and rejiggered to try to match the IMAGE advantage: speed, and the compatibility with the catalog of HP 3000 applications and tools. While that latter group of software bled away -- cut back by the vendor's forecast of an ailing 3000 ecosystem -- Oracle updated Oracle/iX less and less frequently.
That might be the same situation HP's other enterprise environment will experience with the loss of Oracle support. Oracle didn't want to continue with the successor to the 3000's hardware architecture, Itanium. The courts forced this otherwise, but the last period of that game is yet to be played.
Will the end of Oracle support for HP-UX change things? Of course. Will it be a fatal blow? More fatal than the Oracle evaporation from MPE. Few applications ever relied on Oracle on 3000s. It didn't force a transition. Oracle never got traction as a database for in-house apps. That is a different situation than the reality for HP's Unix servers. But one third-party software platform like Oracle never sinks an enterprise ship on its own. It takes a vendor to deliver the coup de gras -- and even then, the demise can be years away.
However, for a company migrating to a new application, the existence of Oracle on that platform can be welcome news. Oracle administrators and developers are in rich supply. Replacing one who quits to become a coffee cart owner or gun-shop salesman is easy. Oracle is everywhere, and thousands of applications rely on it. In a 3000 migration situation, the absence of Oracle support is more reason to change an application from something in-house to something else. "We always wanted to walk away from those old apps," a MANMAN manager said in a user group. "HP ending support for the 3000 gave us the opening."
The ruler to measure change by: the critical nature of the element whose support is ending. Oracle isn't MPE, but it might as well be for any company that considers itself an Oracle customer first, with a few HP 3000s as outliers. As we can see today, support for IMAGE has not ended, thanks to independent companies. Oracle on HP-UX support -- like the 3000's, without new development -- might trigger changes.
How HP reacts to the eventual Oracle departure this time around, compared to its reaction in the 1990s, will determine how much support can change things. The greatest change from ending support takes place in vendor-built environments which have receding application ecosystems. What's the trend for application vendor enhancements in your target environment?
April 17, 2013
HP hardware: bargain, but needed now?
It's an interesting time for 3000 hardware these days. Prices have dropped severely for unlicensed HP iron. Meanwhile, there's a no-cost way to use a computer to run MPE/iX, thanks to the Charon HPA/3000 emulator, Model A202, freeware edition. Times are plentiful for ways to run MPE software, if the license is not much of an issue.
The HP-brand hardware is flowing so freely that I had a reseller ask if I wanted to buy an N-Class at an astounding price. Nothing that the rest of the public couldn't get off eBay. However, in that offer anybody would have to come up with their own license for MPE/iX.
Nothing's perfect this year about acquiring an MPE server. On one hand you have the option of real HP iron, power-hungry but the genuine engine. However, the HP-badged boxes need disks and memory and components in reserve for real support, the kind of items that a system manager would scavenge from things like an $1,800 N-Class. A support contract for MPE, as well as the hardware, is part of that equation. If you've got an MPE/iX license, let's just say it's about a $2,000 investment, plus the ultra-important hardware-MPE support contract purchase.
And you need that MPE/iX software support no matter what you're doing, unless you've got enough experience to be selling those services yourself.
The bottom line on an emulated, virtual HP 3000 is higher, unless you're freewaring it. You can expect there are nominal consultants -- retired but available -- who'd use the A202 to discover bug fixes and workarounds. The better ones will have the real HP iron, running tiny, 9GB LDEV 1 disks. The beefiest drive you can put in a 3000 is 146 GB.
But I have to admit, I thought for awhile about that offer of an N-Class for under $2,000. It was a kind of a "get it while you can, the price won't be better than this" sort of decision. For a production or a development shop, it's likely to be different. A manager could figure that a 5-figure cost to acquire Charon emulator software, plus support for it, could be balanced against the cost to maintain a stable parts depot. Emulation installs mean that hardware support goes way down, to about $100 a year for a typical Intel-Linux box. But adding any kind of 3000, emulated or iron, to our offices would be news. Operating my own MPE system has never been a part of my 28 years of working in our community.
People who know MPE very well might say they're not surprised. I have generous readers who correct the flubs in syntax that show up here. But in those decades of writing and reporting about the HP 3000, I have never worked for a company which owned one, including my own company (since 1995). However, that doesn't mean that there haven't been days when I felt I could make use of one. Just the other day, Vladimir Volokh said "you wouldn't have written that, if you'd had a 3000 to use and test that command."
As close as genuine 3000 iron ownership ever came, I think, was when used 9x7s were everywhere and the Newswire was roaring along in the Y2K era. Our net.digest tech editor John Burke bought one of those 9x7s -- for a song -- and since he was an editor of ours at the time, that was enough for me.
My first 3000 publisher, Wilson Publications, used dial-in timesharing access to a Series 42 in 1984 to produce The Chronicle. The terminal access came via PC 2622, the software later known as Reflection. It ran a typesetting program that generated our printed galleys down at Futura Press in Austin. But within four years we worked on the bleeding edge of desktop publishing, using tiny Macs and a LaserWriter and a 5GB shared disk that crashed as often as MPE/XL 1.0. And so the HP 3000 became a subject, rather than a tool we used ourselves.
I am a little surprised that nobody has yet picked up that N-Class 220, even unlicensed, that Cypress Technology offered via eBay. It seems quite the bargain for somebody who wants genuine HP iron. But for a tinkering editor, or someone who wanted to check a command or syntax or filesystem processes, the freeware A202 might do.
We're still here if any owner or reseller wants to spread the word about hardware, via a modest ad. I'd love to hear when that N-Class sells. It's the lowest price I've ever seen for one of these models. Only something free, but without the ability to work in production, could be considered less expensive.
April 16, 2013
Why There are Always Parts Available
Last week on the 3000 newsgroup, HP hardware supplier Cypress Technology was offering an N-Class HP 3000 for $1,800. Cypress was even including an option to custom-configure the server at that price. The 3000 was selling without a license that could be transferred. But even this kind of investment would make an adequate disaster recovery system, given that it has a copy of MPE/iX already loaded on it. Even more useful would be the parts from the server -- a value at $1,800.
The Cypress box is a single 220MHz CPU with a 1.5Mb cache, 4GB total memory, a 9GB boot disk drive (how quaint; just a bit larger than a $7 thumb drive of today) and a 147GB main storage disk drive.
Hewlett-Packard once told the 3000 community that the vendor could provide custom legacy support through 2010, but the offering would depend on parts availability and the age of the HP 3000. But older systems might have parts which are no longer on the HP warehouse shelves.
But no matter how old the HP 3000 might be in your shop, you can be reasonably sure that spare parts will not prevent you from keeping it working. Five years ago this month, Wyell Grunwald offered a "practically free" HP 3000 on that same 3000 newsgroup. All that Grunwald wanted was the cost of shipping to send the 200-pound server onto its new home.
After one quip about this early '90s server making a good bookend, another community member said they could use the system for parts. Imagine, an HP 3000 PA-RISC server built in 1990 — yes, 23 years ago — still has parts available in your community.
The key word in that last sentence is community. Even when HP runs out of HP 3000 parts, the community can carry on the supply. This group got a lot of longevity when it invested in the HP 3000, as well as durability. The word "tank" is part of Grunwald's 922 description.
You can't overlook how underpowered the Series 922 is compared to any other HP 3000. After all, the entire PA-RISC line only started to ship in 1987, and only in significant numbers a couple of years later. Code-named SilverFox Low at its introduction, that Series 922 was a very early model 3000, just three systems off the start of the PA-RISC line.
The harsh numbers: This HP 3000 has just five percent of the horsepower of the smallest Series 979 or HP's smallest N-Class server. And now, there's an N-Class out on the used market, selling for less than a beefy laptop, albeit without license.
While you would not want to carry a lot of computing on a swaybacked steed of a 922, the fact that it remained a parts repository 18 years after it was built might give a homesteader some comfort. HP warned everyone starting out in 2001 that 3000 parts were going to become scarce in five years' time. So long as your community stays connected and communicating, the Hewlett-Packard support expertise in MPE is likely to get scarce long before many 3000 parts disappear altogether.
April 15, 2013
SM for Everyone!
By Bob GreenVladimir Volokh of VEsoft fame called us to pass on an interesting story.
He was doing MPE system and security consulting at a site. One of his regular steps is to run VESOFT’s Veaudit tool on the system. From this he learned that every user in the production account had System Manager (SM) capability!
Giving a regular user SM capability is a really bad thing. It means that the users can purge the entire system, look at any data on the system, insert nasty code into the system, etc. And this site had just passed their Sarbanes-Oxley audit.
Vladimir removed SM capability from the users and sat back to see what would happen. The first problem to occur was a job stream failure. The reason it failed was because the user did not have Read access to the STUSE group, which contained the Suprtool "Use" scripts. So, Suprtool aborted.
“Background Info Break”
For those whose MPE security knowledge is a little rusty, or non-existent, we offer a a helpful excerpt from Vladimir’s son Eugene, from his article Burn Before Reading - HP3000 Security And You – available at www.adager.com/VeSoft/SecurityAndYou.html
When a user tries to open a file, MPE checks the account security matrix, the group security matrix, and the file security matrix to see if the user is allowed to access the file. If he is allowed by all three, the file is opened; if at least one security matrix forbids access by this user, the open fails.
For instance, if we try to open TESTFILE.JOHN.DEV when logged on to an account other than DEV and the security matrix of the group JOHN.DEV forbids access by users of other accounts, the open will fail (even though both TESTFILE’s and DEV’s security matrices permit access by users of other accounts).
Each security matrix describes which of the following classes can READ, WRITE, EXECUTE, APPEND to, and LOCK the file:
• CR - File’s creator
• GU - Any user logged on to the same group as the file is in
• GL - User logged on to the same group as the file is in and having Group Librarian (GL) capability
• AC - Any user logged on to the same account as the file is in
• AL - User logged on to the same account as the file is in and having Account Librarian (AL) capability
• ANY - any user
• Any combination of the above (including none of the above)
Whenever any group is created, access to all its files is restricted to GU (group users only).
As Eugene points out above, account users do NOT have Read access by default to a new group in their account. This was the source of the problem at the site Vladimir was visiting. When the jobs could not read the files in the new STUSE group, the system manager the wielded the MPE equivalent of the medieval broadsword: give all the users SM capability.
ALTUSER PRODCLRK; CAP=SM,IA,BA,SF,...
This did solve the problem, since it certainly allowed them to read the STUSE files, but it also allowed them to read or purge any file on the system, in any account.
What he should have done was an Altgroup command immediately after the Newgroup command:
ALTGROUP stuse; access=(R:any;a,w,x,l: gu)
or specified the correct access when the group was built:
Since the HP 3000 runs in a corner virtually unattended (except for feeding the occasional backup tape), we often forget many of the options on the commands that are used sparingly. Neil Armstrong, my cohort in our Labs, often does a Help commandname to remind himself of some of the pitfalls and options on the lesser-used commands, NEWGROUP being one of them.
April 12, 2013
Stromasys Social meets at historic brewery
The free HP 3000 Social next month on May 9 -- prelude to the first free Stromasys Training Day on May 10 -- will take place in a private section of the Tied House Brewery and Cafe at 954 Villa Street in Mountain View. The official Stromasys webpage for this spring's Social+Training event promises heavy appetizers and free drinks at the Social, starting at 6 PM.
The Tied House website reports that the bistro is the 4th oldest microbrewery in California, and Silicon Valley’s original microbrewery. The cafe and brewery share the same building, with the Clubhouse mug wall on one side and the brewing operation on the other. After pouring 10 million pints since 1988 -- and sending a coaster into space with NASA astronauts -- Tied House beer awards include Gold, Silver, and Bronze medals from the Great American Beer Festival, plaques from the World Beer Cup, and First Place Gold from the California State Fair.
The microbrewery is a 5-minute drive from the Computer History Museum on Shoreline Drive, where the Friday May 10 training takes place. A free lunch will be served during the 10-4 training that day. You can make your reservations for the Social -- as well as the next day's training on the world's only HP 3000 emulator -- at the Stromasys event's webpage, www.stromasys.com/hp3000eventStromasys will give away a signed copy of the MPE/iX Administration Guide by Jon Diercks at the Social, according to the company's webpage. Vladimir Volokh contacted the 3000 Newswire and has offered copies of the classic MPE book by Eugene Volokh, Thoughts and Discourses on HP3000 Software. The book includes a chapter MPE security myths. Those chapters, as well as an article on POSIX System Management with VESOFT's MPEX written by Stromasys product manager Paul Taffel, are online at the Adager website. Training attendees will leave with Personal Freeware copies of the Stromasys emulator. Other prizes and giveaways may appear between now and the next four weeks.
The greatest prize, of course, will be the chance for 3000 community members to see one another in person. These are rare events -- the last one was the HP3000 Reunion in the fall of 2011. I'll be on hand and hope to see you at the Social as well as the Training the next morning.
If you're coming in from outside the Bay Area, it appears that the Hotel Strata and the Hampton Inn and Suites seem to be the nicest hotels that are convenient both to the Tied House and the Museum. If you're planning to avoid using a car -- that's my scheme -- the Mountain View Caltrain Station is less than a mile from Tied House. And for any visitors via air, Caltrain runs trains that end up at San Francisco's Airport (via BART) as well as the San Jose airport (via a 12-minute bus ride.)
April 11, 2013
Fast Text Searches speed new Eloquence
Marxmeier Software AG has announced the Eloquence B.08.20 release candidate is available for downloading from the Eloquence web site. Testing was expanded for this IMAGE-workalike database, after a beta period during 2012, and "and we incorporated customer feedback," said company president Michael Marxmeier. The extra development time yielded some details and improved documentation.
A B.08.20 production release of this replacement database for IMAGE applications migrated to Windows, Unix or Linux, "is expected to be available shortly and should be identical to the release candidate."
As we noted here in our 2012 summertime reports, Eloquence 8.20 introduces new functionality and enhancements in various product components. Most noticeable are
• Database full text search, adding fast and flexible search engine capabilities to the Eloquence database.
• Various database enhancements, including support for protected password files, repacking a database and improvements to replication management.
• Support for converting PCL output of existing applications to PDF documents on the fly.
Eloquence, a software solution more in line with HP 3000 budgets than Oracle or SQL Server, also has its own programming language. The company said that substantial improvements to the language include syntax enhancements, supporting path to access files, class methods, external classes, and on-demand loading of program code.
"Now is the perfect time to familiarize yourself with the new release," Marxmeier said. "Download a copy and try out new features or enhancements. We are happy to provide temporary license keys to try out optional features."
The most sparkling enhancement to this database is its FTS fast indexing power. Last summer, MB Foster led workshops for programmers who wanted to apply these fast indexes to a database.
"They might do database architecture based on the kinds of retrievals they'd want to perform," said CEO Birket Foster at the time. DBFINDs, DBGETs, and DBINFOs in the Eloquence IMAGE compatibility module have extra commands in 8.20. "If you have migrated and have this new database, we can help you take advantage of new features."
Inside the new Eloquence library for IMAGE/3000:
- DBFIND mode 1 may be used to ensure compatibility with existing applications
- New TPI DBGET modes obtain the Fast Text Seach results
- DBGET modes 5 and 6 help you check compatibility with existing applications
- A TPI DBINFO has enhanced 8xx modes to support FTS
- DBCONTROL's mode 800 and 801 specify the FTS DBFIND behavior if no records qualify
MB Foster's UDALink series of connectivity software allows access to Eloquence (and its new fast features) over HP-UX as well as Linux platforms.In the Eloquence design of FTS, text fields, dates and numbers are indexed so they can be found by keywords, have a search narrowed by date range, then just get the high-dollar transactions, for example. FTS also enables queries with just partial information, like "find William or Bill in Atlanta." The searches are qualified in seconds, based on the number of records found.
"If you or your users feel the need for speed, you can do fast retrievals built right into Eloquence, without a table scan," Foster said. Minor changes to architecture can produce big results, he added. One example is speeding the searches which would drive a call center.
The innovation in FTS is that its search engine is implemented in the database. A basic functionality level is included in the base product. Extended FTS is a licensing option.
This kind of fast indexing was once a third-party add-on speciality of companies like DISC, which sold Omnidex to speed TurboIMAGE performance. The 8.20 Eloquence even has a separate library to integrate four of the most common Omnidex ODX calls.
Other features being explored in the new version include database encryption and item masking. The latter masks or blanks sensitive information upon retrieval. Database managers can control user authorization for masking. These enhancements help secure sensitive information to help meet the credit card PCI DSS requirements.
April 10, 2013
HP launches Moonshot, chairman Lane
Ray Lane was brought in to Hewlett-Packard's board to refocus HP on the software marketplace. The company could see that the era of hardware margins was fast declining, and all of the highest hopes were aimed at the non-physical product. The actions to purchase Palm for its WebOS, as well as Autonomy for five times as much as that $2 billion, were the realization of a long-time HP dream.
Back in 1990 I rode a tour boat into San Francisco harbor. As a reporter for The Chronicle, I was being hosted for the HP CIMinar, where the CIM stood for Computer Integrated Manfacturing. Hewlett-Packard had a press liasion, Charlie Preston, who told me that the company pined for a day when it would manufacture little to nothing.
"It's all in software and services, Ron," he said. The boat was having a hardware failure at the time, a total loss of power within sight of the famous San Francisco Embarcadero Pier. While we bobbed and they kept filling our glasses, Charlie explained that the real power of computing was in services, aided by software. "In 10 years we don't want to be manufacturing much, including computers," he said.
One extra decade later, HP seems to be taking steps away from a virtual computer resource. Last week's exit of board director Ray Lane from the HP Chairman's seat seems proof enough that software has had its bumpy road of acquisitions. Hewlett-Packard didn't get its cart in the ditch without some risk-taking leadership. Lane arrived after years of Oracle work, savvy and a kingmaker. He remains on the HP board, but new leadership will be launching about the same time as the newest of HP hardware, the Moonshot servers.These servers are evidence that HP R&D is still alive and striving to boost the company with proprietary advantages. This was the model that let the 3000 help the company get started in business computing.
The Moonshot 1500 -- yeah, half of the numeral used for MPE/iX hardware -- is driven by low-power, smartphone-caliber Atom chips, which usually go into mobile devices. A Moonshot is about the size of an envelope, and HP can pack hundreds of them together into a single system. It's a supercomputer that according to HP uses 89 percent less energy, takes up 80 percent less space, and costs 77 percent less than more traditional server designs. Whatever those are. It doesn't matter. HP is building servers again that don't mimic anything.
The HP Moonshot 1500 can work for the Web and cloud computing companies. Clouds need cheap, powerful hardware systems, and all along in HP's history that's been the golden chariot to carry software and spark services. Yes, applications drive enterprise choices. But app providers aim at platforms. The Moonshot represents HP's re-entry into an orbit that launched its enterprise computing business 40 years ago. Yup, with the HP 3000 and MPE/iX. If only there was software that HP had built itself that would make that hardware reach the stars. Maybe the company has that fuel somewhere in its legendary Labs.
April 09, 2013
Good tools making an impact, then and now
By Brian Edminster
I was always jealous of shops that could afford good tools.
Let me explain. Awhile back, I read about HP's history of trying to launch a successor to IMAGE. It was supposed to be called HPIMAGE. It was supposed to be slicker than... well, it was supposed to have all the ability to dynamically index and/or restructure your data that a modern SQL relational database managment system allows, without losing the speed and robustness that makes TurboIMAGE famous. I can recall a few times that having the ability to dynamically restructure a database (while it's in production!) would have been handy. (See: zero downtime)
Then again, a well designed database in a stable application normally shouldn't need that sort of thing with any sort of regularity. Lately, I'm seeing the need to re-structure/alter indexing as a symptom of not knowing your data's demographics and/or designed usage patterns -- especially as the application's data volumes grow.
This need to restructure is also a side-effect of trying to use a single database both as an operational data store (current data only, for day to day production), as well as for research/reporting data warehousing -- where the data is relatively static, but may go back years. Again, that's lazy design. Don't try to make a sports car have the hauling capacity of a truck. You'll end up with neither.
What changes we did need to make, were done with:
1) DBUNLOAD/DBUTIL, PURGE/DBSCHEMA/DBUTIL, CREATE/DBLOAD -- if we were poor (and couldn't afford Adager or other similar tools), or
2) DICTDBU/DBUTIL, PURGE/DBSCHEMA/DBUTIL, CREATE/DICTDBL. This allowed unloading to a tape or disk file -- so if we had enough free space, we could skip using tape, and it was much faster! Also allowed simple re-structuring of the database.
We could do the adding, moving, deleting, and changing the type of datasets; and adding/removing paths, and/or re-arranging order of items in a set. Unfortunately, this was only present if we were lucky enough to be users of Dictionary/3000, or the HP Customizer technology products like MM or HP's Financial software.
3) Best and fastest of all, Model 2 Adager. This even allows transforming the data types, in addition to adding new elements or sets.
But there are still very useful tools that remain on any HP 3000 which still has Predictive Support. Tools you might not know you’ve got.
The Predictive Support files in the SYS account include two very useful tools. While auditing the content of a system, I found :
PSQUAD.PRED.SYS (yep, that's a March 1992 'CM' version of Quad, the customizable editor credited as being developed by Jim Kramer of Quest Systems and Kenneth Stout of Summit Information Systems). It's no QEDIT, to be sure. But Quad sure beats having to use EDIT/3000.
There’s also PSUNLDDB.PRED.SYS and PSLDDB.PRED.SYS. Believe it or not, these are re-named versions of DICTDBU and DICTDBL!
To use these,
- copy PSUNLDDB.PRED.SYS to DICTDBU.PUB.SYS,
- copy PSLDDB.PRED.SYS to DICTDBL.PUB.SYS, and
- copy DICTCAT.PRED.SYS to DICTCAT.PUB.SYS
Okay, perhaps moving these files is bordering on unintended use, and not considered kosher. In that case, set a file equation for the catalog (file dictcat.pred.sys=dictcat.pub.sys), and alter file and group security so you can run the files as they sit.
Either way, this gives you a tool that beats DBUNLOAD/DBLOAD for database capacity maintenance and manipulation — if should you be unfortunate enough to not have the proper tools like Adager, or even DBGeneral.
April 08, 2013
Stromasys to get social to train for Charon
The creators of the Charon HPA/3000 emulator are rolling out their community carpet in earnest next month. Stromasys is hosting a HP 3000 User Social on Thursday, May 9 -- one month from tomorrow -- and then training at the Computer History Museum the next day, on May 10.
There is a free lunch. In fact, there's a free social on the evening before the training, starting at 6, where refreshments will be on hand, along with 3000 community members. If you couldn't make it to the first HP3000 Reunion in September 2011, this looks like another chance to reconnect in person with your community.
At the HP3000 Reunion in 2011, the event included drawings for copies of Jon Diercks' MPE/iX Administration Handbook. Harris said she's reaching out to Diercks to include his book in the event. It's a rare item. In addition to being the only book devoted to HP 3000 management, the Handbook is listed on Amazon as a $228 item.
Postcard invitations promoting the event are going into the mail within a week, Harris said. You can RSVP at a special webpage www.stromasys.com/hp3000event
It seems likely that a copy of the Personal Freeware Edition of the HPA/3000 emulator will also be available for pickup at the event. A European gathering of emulator prospects included copies of that software, freeware which turns any Intel Core i7 PC/laptop into a 2-user HP 3000, with some help from VMWare and Linux.
We'll have more Social-Training details as they emerge. These odd-numbered years have been good for 3000 events. CAMUS, the ERP-MANMAN users group, is hosting its virtual RUG meeting on April 17 (via phone and webcast). CAMUS' Terri Glendon Lanza also said the group would be glad to consider supporting this Spring's User Social, too.
April 05, 2013
Living a Privileged 3000 Life without SM
By Brian Edminster
After reading the article on the safe and prudent use of privileges from yesterday, the subject touched a nerve with me. I've seen too many HP 3000 sites which have SM (or PM) capabilities assigned to production account users. They don't need it, and it adds risk and insecurity to a 3000. Along the same lines of error, PM is granted on insufficiently secured groups where production programs reside.
That first mistake is usually an instance of using a sledgehammer to kill a fly, usually due to laziness or ignorance. But the latter is a sign of careless security, or ignorance. The misuse of MPE/iX privileges is often triggered because application programmers are too lazy (or ignorant) of ways to properly design their applications. They could use the incredibly powerful and finely granular security provisions that MPE/iX allows to avoid this.
At the least, they could instead have used a lockworded copy of what is commonly known in the 3000 community as the 'GOD' program. This lets the manager who invokes it temporarily gain 'SM' -- much like the 'su' (superuser) command in your favorite flavor of Unix does. If something with finer granularity is needed, perhaps this is an opportunity for someone to port at least the concept of 'sudo' to MPE/iX.
Sudo is a Unix tool that is designed to allow specific non-super-users restricted (and optionally logged) access to commands that normally require 'su'. In MPE/iX parlance, it's a way to allow specific users restricted and logged access to commands requiring more than regular 'vanilla' user capabilities. My take on this is that proper use of MPE/iX's privileges would make a "SuDo/iX" unnecessary, but your mileage may vary.
You might ask, what's the harm of allowing SM to an application user who is normally 'captive' within a logon, no-break UDC that forces the user into the application, and logs them off on exit? How about the admin (who shall remain nameless, even though they're retired now) that accidentally did a 'Purge @.@.@;Yes' -- except they were thinking they were logged into a test server, not one of the production machines.
And as for regularly changing passwords to application databases, auditors are usually talking about "user application access" passwords. From a best practices perspective, these shouldn't be the actual database passwords, but rather should be values stored in a table of authorized application users and their respective privileges.
That said, if you find yourself with a need to regularly change the physical database passwords, put that call to the DBOPEN routine (or retrieval of the password to be used for it) into a XL library. That means recompiling the library, not the application, when the passwords have to change.
And lastly, if your system has to be that tight, you probably shouldn't store user application passwords in clear-text in the database, either. Instead, apply a one-way hash to the value when it's initially stored. Then, any time a user supplies their password, it's run through that hash again and compared with the stored value. If they match, the passwords match.
The folks at Beechglen have a callable 'MD5' hash routine just for this purpose. Look for heading about 'MD5 Checksum' at "http://www.beechglen.com/mpe/data-encryption. In poking around the Freeware section of Beechglen's site, I saw they have a program called 'su' that is essentially a more controlled version of the old 'GOD' program. I haven't used it personally, but anything that allows more granularity of control in granting access and power is a good thing.
April 04, 2013
Privileges litter the path to passed audits
Yesterday we studied the ways that migrated HP 3000 data can become forgotten while making provisions for an audit. Since some HP 3000s work as mission-critical servers, these active, homesteading systems must weather IT and regulatory audits. The 3000 is capable of passing these audits, even in our era of PCI, HIPAA and Sarbanes-Oxley challenges — all more strenuous than audits of the past.
However, establishing and enforcing a database update procedure is a step onto filling the gap in the security of an MPE/iX system. HP 3000 managers should take a hard look at how their users employ System Manager (SM) privileges. (Privileged Mode, PM, and System Supervisor OP should also be watched. Overall, there can be 21 capabilities to each user.) In their most strict definition, those privileges can expose a database. Hundreds of users can be created at Ecometry sites; even seasonal help gets SM users, according to one consultant's report, users which are seldom deleted after the holiday has passed. One site had a script to create new users, and each had PM capability, automatically.
VEAudit from VEsoft, using its LISTUSER @.@ (CAP("SM")) filter, can give you a report of all of the SM users on your HP 3000. You can even ask for the SM users where password="". (Now there's a good list to find: SM users who have no passwords.) There is no MPE command that will do such things, we are reminded by VEsoft co-founder Vladimir Volokh. Even after more than three decades of his business as a 3000 software vendor, he also offers consulting on MPE operations and management, and still travels the US to deliver this.
Privileges are often a neglected aspect of 3000 operations, especially when the system's admin experts have moved on to non-3000 duties, or even to other companies. (Then there's the prospect that nobody knew how to use privileges in the first place.) Some SM users have disturbed the integrity of 3000 databases. It's easy to do accidentally. A creator of a database can also update a 3000 database — a capability that can foul up a manager's ability to pass some audits.
If you are worried about arbitrary access via QUERY, you can "disable subsystem access" via DBUTIL. This will, of course, only disable the access on QUERY.
Some less-adept auditors can also demand that a database's password be changed every 90 days. It's quite impossible to do, considering the database password is built into every application program.
So a database's security might be compromised through SM privileges, but it depends on the meaning of "update." This term can be construed to be as restrictive as using DBUPDATE to change an entry. It can also refer to UPDATE access DBOPEN MODE 2.
To get very specific, an update can mean that the modify date has been changed in the file label of one or more IMAGE-related files. In a very general definition, an SM user can update the database simply by way of a restore from tape. (OP privileges permit this, too.)
Auditors sometimes ask broad questions, the sort of inquiry that fits better with the everyday use of HP 3000s in an enterprise. But for MPE/iX experts, "update" means any kind of modification capability.
So you can answer your auditor's question and say "no, SM privileges don't permit any of our users to update a database in another 3000 account." This answer is true, to the extent that the auditor's concern is about changing data — not just making a minor date change or using DBOPEN MODE 2. For auditors without MPE/iX and IMAGE expertise, well, they might not go so far in their examinations.
As for the SM user's ability to muck up an IMAGE database, it’s a mistake that is not difficult to make. An SM user who obtains a database password can corrupt an IMAGE database just by using the restore command. We’ve heard a story that such a user might explain, "Oops, I thought I was signed onto the test account."
It's important to make a system fool-proof, because as Vladimir says, "fools are us."
April 03, 2013
Decommissioned data forgotten in migration
"It's the most forgotten piece of the migration puzzle," said Birket Foster while he recently led a webinar on best experiences with 3000 transitions. "People are not always remembering that at the end of the day they want to shut off the old 3000."
What Foster means is that even after removing data -- the most essential 3000 and company resource -- project managers need to track what data they must keep to satisfy an auditor. Many companies will still need long term access to historic data. That's either a 3000 and its services that can be outsourced from a third party, or maybe even an emulator virtualization of a 3000, perhaps based in a cloud. Some audits demand that the original 3000 hardware be available, however -- not an Intel-based PC doing a letter-perfect hardware emulation.
After the Great War, the returning soldiers were not welcomed as productive citizens ready to return to work. This kind of veteran was called The Forgotten Man, from Golddiggers of 1933. Perhaps the information in aging 3000s is marching in the same kind of veteran step.
Managers have to consider if they want to move their forgotten 3000 data after a migration, or leave it in a searchable format -- several questions to consider for an auditor's satisfaction. Many 3000 sites we've interviewed have a 3000 running for historical lookups. This is the sort of task that would meet the needs of an audit.
"We often remind people who are migrating that even through the classic steps are assess, plan and execute, there's also decommissioning," Foster said. "So you can shut off the box."
Organizations which must meet extra-stringent requirements -- such as healthcare service providers facing HIPAA, or corporations bound by the Sarbanes-Oxley laws, or even credit card-processing merchants -- bear the greatest burden of auditing. For example, those PCI credit card audits are performed by PCI Qualified Security Assessors. One of the only companies, among the 302 listed as QSAs, which is likely to hold tribal knowledge of HP 3000s is Forsythe Solutions -- which once was a Systems Integrator for the 3000.
Archival 3000s have been an important part of the air travel business, due to the use of credit cards to process transactions. A few years ago, one consultant reported out on the 3000 newsgroup that more than a dozen MPE/iX systems demanded archives for old data.
"We have 21 HP 3000s," said Mark Ranft, "and 18 of them are the largest, fully loaded N4000 4-CPU 750 systems you can get." In 2010, he said, "We have migrations to Windows in various stages, but there is also a very real need for legacy data access after the migration. The alternative is to migrate all the data and all the archival history, and that can be costly."
And perhaps less costly with a good plan for decommissioning data, drawn up by experienced providers of daa migration services. Shadow 3000s run in the community with little to do but wait for an audit from one of those 302 QSAs. There's enough shadow resources needed to demand power, lightweight adminstration, and support contracts for these servers -- the budget that might help to defray the costs to decommission.
On the other hand, shutting off these systems hasn't become urgent in many homesteading sites who are transitioning. What might make it matter more are the systems a responsible 3000 IT manager will leave behind for the next pro who takes the job.
April 02, 2013
CAMUS schedules Spring webinar for April
The ERP and manufacturing user group CAMUS will host its every-springtime user group event on April 17, including discussion about the future of MANMAN led by community advocate and 3000 veteran Terry Floyd of the Support Group.
Terri Glendon Lanza, the founder of the Ask Terri ERP and manufacturing consultancy, has announced the call-in and PowerPoint meeting, which will begin at 10:30 Central US time. After an hour of talk and questions about the upcoming years for one of the oldest MPE applications -- still running in several hundred companies -- 3000 homesteading advice starts at 11:45.
Steve Suraci, owner of support and systems provider Pivital Solutions, talks first about Resources for Homesteading. Tom Bollenbeck of Ideal Computer follows up, on the same topic, at 12:05.
The user group's traditional and lively Talk Soup puts a signature on the meeting, which is free. An open discussion is scheduled to start at 12:25. You sign up at the Sign Up Genius website.
Up for discussion: MANMAN Modifications, and a possible CAMUS give-away. "Help us outline contents, actions, or a submission list for modifications with financial assistance from CAMUS," Lanza said in her April 2 announcement. "We could talk about the emulator during the open discussion if you want. Everyone is welcome."
Details for the webinar phone-in and log-on will be emailed to registrants prior to the meeting. You can send questions to Lanza at firstname.lastname@example.org, or call her at 630.212.4314.
CAMUS is also prepared to help support a springtime in-person 3000 Social and Stromasys Training event. This is allegedly being held in May, but we're waiting on final confirmation from Stromasys. Once again, the Bay Area's Computer History Museum in Mountain View has been proposed as the setting.
"CAMUS would consider helping sponsor events whenever it may happen, spring or fall," Lanza said. The user group was one of the sponsors the HP3000 Reunion, held at the Museum in September, 2011.
April 01, 2013
Pontiff annoints future for old 3000 disciples
Spreading his message of hope for disadvantaged communities, newly-appointed Pope Francis gave an Easter address yesterday that offered promise for computer groups beating back injustices. "This is the age of miracles," the Pontiff said in a special high-band broadcast on the new social network Chirpify. Leaders of the HP 3000 homesteading community seized on the proclamation as proof that almighty forces were now at work to turn back the clock of change.
"We're on a mission from god," said 92-year-old Leonard Frapp, the engineer who coined the phrase minicomputer in 1967 after the miniskirt took the world of fashion by storm. "It's a lot sexier than those damn mainframe togs," he said of that creation that made white lab coats passe within a few seasons. "With this, we're using so little server fabric we don't even need a mini -- just a see-through virtualizer. Best of all, I can buy one of these virtual 3000s on Chirpify with my Galaxy phone." While grabbing a spoon, he added it was easiest to buy using the Jimmies with Whipped Cream Android release.
As the Pontiff launched a worldwide tour to spread the message of living on less, the new Pope booked his own reservations for a trip to Mountain View, California, where Stromasys conceived the immaculate idea of hosting the first HP 3000 Social and Stromasys training seminar in early May. Special Emissary for his Holiness Rev. Duce Scholdaduci said the trip will include air travel between New York and the Bay Area on Jet Blue. The pope will sit in the emergency exit row on the trans-American flight, since he's infallible about the safety of a commercial trip managed by an application created using MPE/iX.
"Hoc genus maxime est via amet," the pope said yesterday from his Twitter account, reaching out to explain why he was breaking with tradition of flying in his own jet in a special visit to the 3000 social. The phrase translates to "This is the most affordable way to go," although it was unclear if the Pontiff was describing the emulator or the coach-class low fares to the Bay Area during May via Jet Blue. The flight will offer a special Vatican Channel on the jet's in-flight entertainment in seat-backs.
Community advocates and professionals nearing retirement hailed the emulator as "special dispensation" from the fate HP predicted in 2004, when it reported "Time's Running Out" in an article from the Interex user group. Time did run out within a year, as the user group expired and cut off the haven for such messages.
The Pontiff alluded to the advent of other miracles among the 3000 faithful in his Easter message, including releasing ownership of MPE to customers and so end license-to-use ploys for abandoned products; creation of an ecosystem including leprechaun-managed cloud providers, compete with pots of gold; and the falling of shackles from the eyes of CIOs who still pray for relief from designing and managing their own datacenters.
"He's made a convert out of me," said Homer Popenoff, CFO of Industrial Malgamated Squid, a fish-substance processor in Florida. "We go our own way here in the Sunshine State. This plan to escape the hardware hostage situation sounds like heaven to us."