« March 2014 | Main | May 2014 »

April 30, 2014

Kansas court rings down gavel on its 3000

GavelThe District Court in the capital of Kansas is switching off its HP 3000 this week, a process that's going to pull the district clerk's office competely out of service over the first two days of May. The Topeka court's IT department said the alternative to replacing the 3000 software would be going back to paper and pen. The project will knock all court computing offline -- both old and new systems -- for one work week.

"Anyone who needs to file or pick up documents should do so between 8 AM and noon on Thursday and Friday," the court advised Topeka-area citizens on its website. The Topeka courts have been using HP 3000s since the 1980s. Four years ago the court commissioners voted to spend $207,800 for FullCourt software to replace the 3000 application. The court has been paying for the software -- which will be loaded with data May 5-9 -- over three years at no interest. All court data is being extracted and replaced during the workweek of May, when only jury trials, emergency hearings and essential dockets will be heard.

The court is predicting a go-live date of May 12. The HP 3000 will be shut off Friday, May 2, at 5 PM, according to a schedule "that may fluctuate."

The HP 3000 has "outlived its life expectancy, making it essential that we either move on to another system or we go back to paper and pen," according to a statement on the court's website. Converting data is the crucial part of the migration.

No other district court in the state of Kansas has attempted such a challenge.  This data conversion is one of the most important attributes of this project and is carefully being implemented by continuously and repeatedly checking thousands of data elements to ensure that all data converted is “clean” data which is essential to all users. When we finally “go live,” we would sincerely appreciate your careful review of data as you use the system.

32-year-old Justice Systems of Alberquerque sells FullCourt. The latest marketing materials for the software company's Professional Services include a testimonial from Chief Information Technical Officer Kelly O'Brien of the Kansas Judicial Branch. The court's announcements did not break out the cost of software versus the cost of professional migration services.

Chief Judge Evelyn Wilson said in a statement, “We know this system affects the entire community. There are bound to be some bumps in the road. While the court has tried to take into consideration the different issues that may arise, there is no way we can address all of them. Initially, we anticipate that productivity may be slower as people get accustomed to the new system. We’ll do our best to accommodate you, and we ask you to do the same."

FullCourt is an enterprise grade application that's broad enough in its scope that the Kansas court had to partition the project. According to the Topeka Capital-Journal, "to manage the conversion to FullCourt, the court broke down the project into several components."

The replacement software includes features such as e-filing of documents. Wyoming state courts have also implemented FullCourt, although an HP 3000 wasn't shut down there.

01:09 PM in Migration | Permalink | Comments (0)

April 29, 2014

Foolproof Purges on the HP 3000

Cheshire_catThe software vendors most likely to sell products for a flat rate -- with no license upgrade fees -- have been the system utility and administration providers. Products such as VEsoft's MPEX, Robelle's Suprtool, Adager's product of the same name -- came in one, or perhaps two versions, at most. The software was sold as the start of a relationship, and so it focused on the understanding the product provided for people responsible for HP 3000s.

That kind of understanding might reveal a Lewis Carroll Cheshire Cat's smile inside many an HP 3000. The smile is possible if the 3000 uses UDC files, and the manager uses only MPE to do a file PURGE. There is a more complete way to remove things from a 3000's storage devices. And you take care about this because eliminating UDCs with only MPE can leave a user unable to use the server. That grin is the UDC's filename. 

To begin, we assume your users have User Defined Commands. User Defined Commands are a powerful timesaver for 3000 users, but they have administrative overhead that can become foolproof with the right tools. These UDCs need to be maintained, and as users drop off and come on to the 3000, their UDCs come and go. There's even a chance that a UDC file could be deleted, but that file's name could remain in the filesystem's UDC master catalog. When that happens, any other UDCs associated with the user will fail, too. It might include some crucial commands; you can put a wide range of operations into a UDC.

When you add a third party tool to your administrator's box, you can make a purge of such files foolproof. You can erase the Cheshire Cat's grin as well as the cat. It's important because that grin of a filename, noted above, can keep valid users from getting work done on the server with UDCs. This is not the reputation anybody expects from a 3000.

First you have to find all of your UDCs on a system, and MPE doesn't make that as straightforward as you might think. Using SHOWCATALOG is the standard, included tool for this. But it has its limitations. It can display the system-level UDC files of all users in all accounts. But that's not all the UDCs on a 3000.

MPE, after all, cannot select to show a complete set files by attributes such as program capability. Or for that matter, by last accessed time, or file size, or file security. It's a long list of things that MPE makes an administrator do on their own. Missing something might be the path to looking foolish.

Employing a couple of third party tools from VEsoft, VEAudit and MPEX, lets you root out UDCs and do a foolproof purge, including file names. VEAudit will list all of the UDCs on a server, regardless of user -- not just the ones associated with the user who's logged in and looking for UDCs. The list VEAudit creates can be inverted so the filename is the first item on each line. Then MPEX will go to work to do a PURGE. Not MPE's, but a user-defined purge that looks for attributes, then warns you about which ones you want to delete, or would rather not.

By using MPEX -- the X stands for extended functionality -- you can groom your own PURGE command to look out for files that have been recently used, not just recently created. MPE doesn't check if a purged file is a UDC file. 

Such 3000 utilities provided the server and its managers with abilities that went far beyond what HP had built into MPE and its IMAGE database. Now that MPE is moving on, beyond HP's hardware, knowing these third party tools will transfer without extra upgrade fees is like ensuring that a foolproof MPE will be running on any virtualized HP 3000.

They're an extra-cost item, but how much they're worth depends on a manager's desire to maintain a good reputation.

In the earliest days of the sale of these tools, vendors were known for selling them for the price of the support contract alone. That's usually about 20 percent annually of the purchase price. If a $4,000 package got sold that way, the vendor billed for just $800 at first. It made the purchases easier to pass through a budget, since support at the manager-tool level was an easier sell. Think about it. Such third parties passed up $3,200 per sale in revenues in the earliest days. They also established relationships that were ongoing and growing. They were selling understanding of MPE, not just software.

As we wrote yesterday, this kind of practice would be useful for the community's remaining software vendors. This is not the time to be raising prices to sustain MPE computing, simply because there's a way to extend the life of the hardware that runs MPE. As the number of MPE experts declines, the vendors will be expected to fill in the gaps in understanding. Those who can do this via support fees stand the best chance of moving into the virtualized future of 3000 computing.

04:04 PM in Hidden Value, History, Homesteading | Permalink | Comments (0)

April 28, 2014

Emulator begs, how free should MPE be?

FreebeerAs part of the recent CAMUS conference call meeting, Arnie Kwong of MB Foster mentioned the prospect of additional costs the CHARON emulator might trigger. As an example of one possibility, a user of a Series 900 server could move up to a multiple-processor instance of CHARON that's A-Class or N-Class caliber -- gaining MP ability without needed to plug anything into an HP-built hardware multifunction IO board.

Many vendors in the community wouldn't bother with any fee for increasing MPE horsepower at a customer site. They'd be glad for the extension of life of a support contract. And some companies always sold their MPE utility software on a single-fee basis. Whether you ran an N-Class or a Series 918, the cost was the same, usually in the middle four figures.

Some of the larger vendors, selling applications like Infor's MANMAN or PowerHouse when it was a Cognos product, priced their MPE software much differently. The customer base grew accustomed to those upgrade fees even though they didn't like them. Now that MPE/iX is strictly in the hands of independent companies for support, there's an expectation developing that prices for running the server should be much lower. Approaching free would be a preferred trend, but that strategy won't do the homesteading community as much good as imagined.

"The vendor community wants to keep things alive, and enabling economic success," Kwong said near the end of the conference call. "But part of this sucess is the people thing. Birket [Foster] and I have been participating in parts of this community for onto our fourth decade. There’s just a lot of goodwill on a people-to-people level. That’s one of the things that helps us all see all this through."

The rise of an emulator indicates there's a new possible economic opportunity for MPE and its users. That fact alone ought to show that no-fee upgrades to 3000 licenses aren't likely to appear -- at least not from vendors who've got a heritage of conducting that upgrade-fee business.

Kwong noted that MB Foster has its own set of customers "that have moved to the CHARON environment. We continue to support them, thanks to the Stromasys folks who have been very cooperative about helping us maintain our test environment."

At the moment, there's little evidence out in the community that app vendors are embracing fee-free transfers to CHARON. The emulator has a sterling reputation in the Digital MANMAN marketplace. But in a one-hour CAMUS call with nearly a score of IT pros dialed in, no one spoke up to offer testimony that Infor has allowed an upgrade from 3000-based MANMAN to a CHARON instance. In some cases, a vendor of that size has delivered a price tag for an emulator license upgrade -- and in one example, the installation was then delayed.

Kwong's presentation was meant to shed light on the premise that making a transition to CHARON won't be a magic weekend project, or even one that happens without allied costs which are outside of the Stromasys license fees. This is a familiar arrangement to the 3000 manager. When you'd move from 9x9 to A- or N-Class, you expected software fees to be part of the budget. Testing on the part of the customer wasn't a major part of that sort of move, though. The software vendor had taken care of that.

Foster's company has done that testing for its product and verified it can be used with CHARON. Economic success in this nascent part of the MPE ecosystem will need to be built upon commerce. In specific, testing has got to be funded at vendor labs, either through support contracts or otherwise. It always has been.

OpenMPE wanted to free MPE more than a decade ago, but the prospect of a free MPE was never much more than a beery dream. Linux isn't free, unless it's running in your garage or basement. We're waiting to see how the new owners of PowerHouse handle this fee issue, just as one meaningful barometer mark. At one point in the past, more than 7,000 sites could call on PowerHouse to run on MPE. There's nothing like that left of the PowerHouse customer base, but it's still a good chunk to measure, even today.

09:09 PM in Homesteading | Permalink | Comments (0)

April 24, 2014

RUG talk notes emulator licensing, recovery

Second of two parts

When CAMUS held its recent user group conference call, MB Foster's Arnie Kwong had advice to offer the MANMAN and HP 3000 users about the CHARON emulator for PA-RISC systems like the 3000. A more complex environment than HP's decade-old 3000 hardware is in place to enable things like powerfail recovery while protecting data. And readying licenses for a move to the Stromasys CHARON 3000 emulator means you've got to talk to somebody, he said.

"Everybody is pretty helpful in trying to keep customers in a licensing move," Kwong said. "If anyone tells you that you don't even have to ask, and that you're just running a workalike, that would be a mistake. You have to have an open and fair conversation. Not doing so, and then having a software problem, could be a fairly awkward support conversation. You can't make the assumption you'll be able to make this move without any cost." 

If you create secondary processing capacity through CHARON, you'll have to execute new licenses for those licenses. But most of the third party vendors are going to be pretty reasonable and rational. We've all known each other for decades. People who do lots of IT procurement understand straightforward rules for handling that. 

Kwong said that CHARON prospects should make a catalog of their MPE software applications and utilities, and then talk to vendors about tech compatibility, too.

In manufacturing IT in particular, its cost has been declining recently. "Short of somebody paying $10-15 million to re-engineer around SAP, or Infor's other products, most of the incremental spending in the MANMAN and 3000 environments have been to extend life. People do a lot of stuff now on Excel spreadsheets and SQL Server databases around the ERP system. We look to see if the 3000 is the essential piece, and often it is. We look at what other things are affected if we change that 3000 piece."

Kwong said that MB Foster has not done MANMAN-specific testing against its in-lab CHARON installations yet.

Data integrity questions came up from Mike Hornsby, who wanted to know about comparison in using transactional testing to evaluate possible data loss. Of the HP 3000's powerfail environment,  Kwong said, "it's been one of the key strengths of the 3000 environment in particular." The tests at MB Foster haven't revealed any data loss. Kwong didn't dismiss the possibility, however.

"This is theory, but I'll say this: One of the things you have at risk during the crash recovery process is either in the CHARON emulator, or the underlying infrastructure in the cloud environment that you're running it in." In this meaning of the word cloud, Kwong was referring to the VMware hosting that's common to the 3000 CHARON experience.

"In those instances you could have failures that were never in their wildest imaginations considered by the folks who built this software-hardware combination. I have not seen anything personally in our testing where things have been horrendously corrupted, rolled over and died. But inherently in the environments they're running, there are assumptions of database logfiles, and particularly in certain key files and so forth, where your warmstart processing can be at risk." 

When such failures occur — and they can happen in HP's provided hardware — "You have the same predictability in an emulated environment as you do in the 3000 hardware environment. I don't think I'd lose a lot of sleep over it." However, networking and storage architecture issues are different for the emulated MPE hardware than for HP's native hardware, he added, 

But application expenses take the forefront over hardware and platform issues at the sites where MB Foster has discussed transitions of any kind. "When you take the context where the 3000 is running from a business standpoint, yes, you have licensing issues for maintenance and so forth," Kwong said. "But as a total percentage of the cost to the enterprise, the application's value and the application's cost to change anything, usually begins to predominate. 

"It's not the fact that you have no-cost terminals and low-cost hardware anymore, it's what that application's power brings you. We've seen that newer managers who come in from outside at these sites with stable HP applications have vastly different expectations for what the application's going to deliver — also, different demands for the applications portfolio — than people who've been there for decades running the same architecture. The platform discussions usually aren't major economic drivers. 

"Running a 3000 application in another environment, such as Windows or Linux, is never zero, although it's cheaper to do that in a Stromasys environment. We need to carefully consider the hardware scalability performance availability, and certain kinds of communication and networking interfaces that aren't qualified for use in the Stromasys environment yet."

"We look at how to approach the problem of migration and its processes. In talking to our customers and concerns they have at small one-person shops with boxes running for 20 years, a move will take a year or two years to do. People that we talk to say they're gotten by for a long time without having to pay the kind of money needed to migrate to SAP or Oracle, or FMS or JD Edwards. Those alternatives are on the list of things they look at.

"Few people are talking about development stages for the kinds of complex environments the folks on this call represent. The days of large scale development have pretty much gone by the board. Everybody's talking about what kind of capacity they can buy, and what kind of features can they buy, rather than concentrate on what kinds of things they could move to the new environment.

"For them, the Stromasys approach says they'll leave their software base the same and go to new hardware, essentially. There are a lot of business assumptions and a lot of applications assumptions that might change because you're running in that new hardware environment. Things that were always based on the 7x24 capability, running without a lot of staff expense — all of those things are now open to question and rethink. We encourage people to take a step back and look at their business planning assumptions and business models, because that's the foundation for why they bought the 3000 in the first place".

Kwong he believes most of the users on the call could agree HP didn't do badly by them in the initial offering of high-value, investment-protected systems. Now that the system is into its second decade beyond HP's exit announcement, protecting that value deserves some fresh assessment.

11:38 AM in Homesteading, Migration | Permalink | Comments (0)

April 23, 2014

Emulator's edition earns closer look in call

First of two parts

The recent CAMUS user group meeting, conducted as a conference call, promised some testing and analysis of the Stromasys CHARON HP 3000 emulator -- as done by an outsider. MB Foster is an insider to the HP 3000 community, but the vendor doesn't have an affiliation with Stromasys as a partner. Not at this point, although there are always opportunities for longstanding vendors to join their customers with such a new solution.

CEO Birket Foster said the company's been asked by its customers if MB Foster products would run safely in the CHARON environment. The question not only has been of high interest to 3000 managers. One similar answer lies in the Digital environment, where CHARON has more than 4,000 installations including some CAMUS members who run MANMAN in a VAX system. All's well over there, they report.

CHARON is so much newer in 3000-land. Principal Consultant Arnie Kwong of MB Foster outlined some of the research results from testing on an Intel i7 server with 64GB of memory and SSD storage, as well as a more everyday 8GB capacity box, albeit an AMD-based system. (Both systems can run CHARON for the 3000 emulation.) Wong said using a private VMware cloud, or private backup machines, are common computing-share practices that deserve extra attention with new possibilities of CHARON. "What will it let me do that's different?" he asked.

One of the assumptions of using cloud infrastructure and these new capabilities is whether the fundamental operating characteristics, business processes and business rules embedded in applications like MANMAN are sufficient for what you're doing now. Having talked to lots of MANMAN customers, all of the industry-standard and regulatory practices can be impacted if we do something major like shifting the platform.

Kwong went on to forecast the use of CHARON in a cloud-based implementation and ponder if that use affects regulatory compliance, as well as "the ability to operate on a global basis, and what new opportunities we can do in that mold." He said he'd confine his comments to instances where a cloud-based infrastructure was already in use at MB Foster customer sites. "But our leading candidate to do this kind of thing isn't a VMware kind of architecture." CHARON, Kwong noted, relies heavily on VMware to do its emulation for HP 3000 operations.

Most members of the user group on the call have pieces of their IT infrastructure running in a cloud aspect, such as Google Mail. "They have Internet-based functionalities, global applications that function well. We looked at the HP 3000 applications such as MANMAN that are enabled and helped by having all of that architecture in place." The 3000 is a platform service inside a cloud environment, Kwong said.

Migrating a 3000 to CHARON means "you have to have some systems engineering and systems administration done to bring it up. A key is to look at sizing of the environments and properly sizing data and program sizes and shapes, as far as the size of the application portfolio. You should look at what you are going to be able to effectively maintain."

Testing for such an emulated environment may require more time from technical staff that the time you have available, considering the depth of MPE/3000 knowledge in many sites. "Concurrently, you need to have folks with knowledge of your cloud infrastructure. A key takeaway for this call is you need to pay attention to staff availability of people with a deep technical knowledge, both on the HP side and in your cloud infrastructure."

Kwong said that managers can snapshot production states, to on to things such as a physical inventory cycle. "In a case of global operations, that might not have been easily possible before. Using the virtualization infrastructure offered via CHARON, and storage infrastructure in particular, you can do functions you just weren't able to do in the HP 3000 environment that's tied to physical hardware." 

In an evaluation from MB Foster that could lead to implementing CHARON, the company looks at the business cycle activities that need those kind of functions, "and study how we'd map it; for example, could I give one to three days more production time."

One Stromasys representative on the call checked to see if the MB Foster results were off the limited-use Freeware edition, or a full-production installation. Kwong said it was full-production, and the Stromasys rep said the company didn't have a relationship yet with MB Foster. The two said they'd take that issue offline. Regarding the license movement needed to enable CHARON use, Kwong said it wasn't an automatic assumption that everything could move without a major cost, but "it's fair to say that in a lot of cases you'll be able to move without a tremendous cost in relicensing.

Foster said that slides which summarize its results and planned migration processes for the CHARON testing will be available in a forthcoming MB Foster Webinar Wednesday.

01:55 PM in Homesteading, Newsmakers, User Reports | Permalink | Comments (0)

April 22, 2014

Making the best of an attack

The industry-wide provider for hosting TypePad is up, then down, then up again in the battle being waged with hacker Denial of Service attacks. It's the everyday host of the Newswire's blog, so you'll have some trouble getting onto it to read us. It's been five days, and everybody is getting frustrated. This sort of an outage would be getting a 3000 pro's IT recommendations reviewed. Not even deadly storms have knocked out many a 3000 this long.

This is the genesis of good experience, however. It's giving us a good reason to build out an important new branch of the 3000 Newswire's services. Story for Business, which as of this week is a simple Tumblr blog, is giving our readers stories about MPE-related news.

If you go far enough back, you'll recall an era of our history where we hosted our website from an HP 3000 Series 928. We worked with HP's MPE implementation of Apache/iX, until the lags and differences -- imagine an FTP server which didn't include all protocols -- pushed us onto Linux machines. Those machines at 3k Associates continue to perform.

So we're using the formula this week suggested by MPE veteran Vladimir Volokh. Clearly, this is a bad experience that our sponsors and readers are weathering. Vladimir says, "We get asked, 'how do you come up with so much good experience for us?' Because, good experience comes from bad experiences."

09:50 PM in Newsmakers | Permalink | Comments (0)

April 21, 2014

A week-plus of bleeds, but MPE's hearty

BleedingheartThere are not many aspects of MPE that seem to best the offerings from open source environments. For anyone who's been tracking the OpenSSL hacker-door Heartbleed, though, the news is good on 3000 vulnerability. It's better than more modern platforms, in part because it's more mature. If you're moving away from mature and into migrating to open source computing, then listen up.

Open source savant Brian Edminster of Applied Technologies told us why MPE is in better shape.

I know that it's been covered other places, but don't know if it's been explicitly stated anywhere in MPE-Land: The Heartbleed issue is due to the 'heartbeat' feature, which was added to OpenSSL after any known builds for MPE/iX.

That's a short way of saying: So far, all the versions of OpenSSL for MPE/iX are too old to be affected by the Heartbleed vulnerability. Seems that sometimes, it can be good to not be on the bleeding edge.

However, the 3000 IT manager -- a person who usually has a couple of decades of computing experience -- may be in charge of the more-vulnerable web servers. Linux is used a lot for this kind of thing. Jeff Kell, whose on-the-Web servers deliver news of 3000s via the 3000-L mailing list, outlined repairs needed and advice from his 30-plus years of networking -- in MPE and all other environments.

About 10 days after the news rocked the Web, Kell -- one of the sharpest tools in the drawer of networking -- posted this April 17 summary on the challenges and which ports to watch.

Unless you've had your head in the sand, you've heard about Heartbleed. Every freaking security vendor is milking it for all it's worth. It is pretty nasty, but it's essentially "read-only" without some careful follow-up. 

Most have focused on SSL/HTTPS over 443, but other services are exposed (SMTP services on 25, 465, 867; LDAP on 636; others). You can scan and it might show up the obvious ones, but local services may have been compiled against "static" SSL libraries, and be vulnerable as well.

We've cleaned up most of ours (we think, still scanning); but that just covers the server side.

There are also client-side compromises possible.

And this stuff isn't theoretical, it's been proven third-party... 

https://www.cloudflarechallenge.com/heartbleed

Lots of folks say replace your certificates, change your passwords, etc.  I'd wait until the services you're changing are verified secure.

Most of the IDS/IPS/detections of the exploits are broken in various ways.  STARTTLS works by negotiating a connection, establishing keys, and bouncing to an encrypted transport.  IDS/IPS can't pick up heartbleed encrypted. They're after the easy pre-authenticated handshake.

It's a mess for sure. But it’s not yet safe to necessarily declare anything safe just yet.

Stay tuned, and avoid the advertising noise.

06:45 AM in Migration, Newsmakers, User Reports, Web Resources | Permalink | Comments (0)

April 18, 2014

Denying Interruptions of Service

DDoSFor the last 18 hours, the 3000 Newswire’s regular blog host TypePad has had its outages. (Now that you're reading this, TypePad is back on its feet.) More than once, the web resource for the Newswire has reported it’s been under a Denial of Service attack. I’ve been weathering the interruption of our business services up there, mostly by posting a story on my sister-site, Story for Business.

We also notified the community via Twitter about the outage and alternative site. It was sort of a DR plan in action. The story reminds me of the interruption saga that an MPE customer faces this year. Especially those using the system for manufacturing.

MANMAN users as well as 3000 owners gathered over the phone on Wednesday for what the CAMUS user group calls a RUG meeting. It's really more of an AUG: Applications User Group. During the call, it was mentioned there’s probably more than 100 different manufacturing packages available for business computers which are like the HP 3000. Few of them, however, have a design as ironclad against interruption as the venerable MANMAN software. Not much service could be denied to MANMAN users because of a Web attack, the kind that’s bumped off our TypePad host over the last day. MANMAN only employs the power of the Web if a developer adds that interface.

This is security through obscurity, a backhanded compliment that a legacy computer gets. Why be so condescending? It might be because MPE is overshadowed by computer systems that are so much newer, more nimble, open to a much larger world.

They have their disadvantages, though. Widely-known designs of Linux, or Windows, attract these attempts to deny their services. Taking something like a website host offline has a cost to its residents, like we reside on TypePad. Our sponsors had their messages denied an audience. In the case of a 3000, when it gets denied it’s much more likely to be a failure of hardware, or a fire or flood. Those crises, they’ve got more rapid repairs. But that’s only true if a 3000 owner plans for the crisis. Disaster Recovery is not a skill to learn in-situ, as it were. But practicing the deployment it’s about as popular as filing taxes. And just as necessary.

Another kind of disruption can be one that a customer invites. There are those 100 alternatives to MANMAN out there in the market, software an MPE site might choose to use. Manufacturing software is bedeviled with complexity and nuance, a customized story a company tells itself and its partners about making an object.

There’s a very good chance that the company using MPE now, in the obscurity of 2014, has put a lot of nuance into its storytelling about inventory, receivables, bill of materials and more. Translating that storytelling into new software, one of those 100, is serious work. Like any other ardent challenge, this translation — okay, you might call it a migration — has a chance to fail. That’s a planned failure, though, one which usually won’t cost a company its audience like a website service denial.

The term for making a sweeping translation happen lightning-quick is The Magic Weekend. 48 hours of planned offline transformation, and then you’re back in front of the audience. No journey to the next chapter of the MPE user’s story — whether it’s a jump to an emulator that mimics Hewlett-Packard computers, or the leap to a whole new environment — can be accomplished in a Magic Weekend. Business computers don’t respond to magic incantations.

The latest conference call among MANMAN users invoked that warning about magic. Turning the page on the story where Hewlett-Packard’s hardware was the stage for the software of MANMAN and MPE — that’s an episode with a lot longer running time than any weekend. Even if all you’re doing is changing the stage, you will want to test everything. You don’t want to be in middle of serving hundreds and hundreds of audience members at a time, only to have the lights grow too dim to see the action on the stage.

04:45 PM in Homesteading, Migration | Permalink | Comments (0)

April 16, 2014

How to tell which failed drive is which LDEV

I have someone at a remote site that may need a drive replaced.  How can I tell which drive is a certain LDEV?

Keven Miller, who at 3kRanger.com describes himself as "a software guy with a screwdriver," answers the question -- for those that don't have the benefit of seeing an amber light on a failed drive.

Well, for me, I run SYSINFO.PRVXL.TELESUP first. Then you have a map of LDEV# to SCSI path. Next, you have to follow your SCSI path via SYSINFO.PRVXL.TELESUP.

3kRangerLDEV

From the example above, on my 928, 56/52 is the built-in SCSI path. Each disk has a hardware selection via jumpers to set the address of 0 to 6. (7 is the controller). You would have to inspect each drive, which could be one of the two internal ones, or any external ones.

On an A-Class, you have the two internal drives

0/0/1/1.15 (intscsia.15) (I think top drive)
0/0/2/1.15 (intscsib.15) (I think bottom drive)

Plus an external, Ultra2 wide on 0/0/1/0
Narrow single ended on 0/0/2/0
slot-1 on 0/2/0
slot-2 on 0/4/0
slot-3 on 0/6/2
slot-4 on 0/6/0

Then, depending how the externals are housed, it could be just an address switch on the back of the housing case. Not sure about an N-Class, or a 9x7, or a 9x9. But the processes are the same. If you're running anything more complex, like RAID, a hardware guy will help.

Hardware guy Jack Connor of Abtech adds

There's the 12H, NIKE, VA family, and XP disc frames that are the common arrays.

Or, if it's not an array, but something like a Jamaica disc enclosure, you can look at SYSGEN>IO>LD to determine what all discs should be present, then do a :DSTAT ALL to see who's missing and record that  path including the SCSI address.

You then would go the card that has the major path, such as 0/2/0/0, and then follow that cable to the Jamaica enclosure. Look at the back to determine from the dip switch setting what each slot's SCSI address is.  That would be the failed drive.

Also, often times with a Jamaica enclosure the drive will have either a solid green light on or, alternatively, be totally dark while all the other drives see activity (with flashing green lights).

06:03 PM in Hidden Value, Homesteading | Permalink | Comments (0)

April 15, 2014

Not too late to register for RUG meet

The CAMUS manufacturing app user group has a meeting tomorrow (April 16), starting at 10:30 Central time. An email to organizer and CAMUS RUG officer Terri Lanza will get you a dial-in number for the event. Birket Foster of MB Foster, one of the community's longest-tenured migration and sustainability vendors, will brief attendees on his perspective of the CHARON HPA, the HP 3000 hardware emulator.

CAMUS also has a Talk Soup as part of its dial-in agenda that runs through noontime. They only host their call twice a year, and it's a worthwhile endeavor to check in with others who are running HP 3000s in production mode.

Contact Lanza for your dial-in at askterri@sbcglobal.net.

06:25 PM in Homesteading, Newsmakers | Permalink | Comments (0)

April 14, 2014

HP did keep MPE's CALENDAR up to date

CalendarpagesLast week I lumped a error of omission by users into the basket of Hewlett-Packard's 3000 miscalculations. I made my own mistake by doing that. In part of an article about the 3000 user's longer view, I figured the miscue that sparked programming for the Y2K crisis fell into HP's lap. After all, the date handling in MPE was built to break down in 2028. Surely the valiant reworking of two-digit year representation came from a shortcoming out of HP's labs as well, I reckoned.

Vladimir Volokh called me to correct that concept. There was much work to do in our community to salvage good computing in the years leading up to 2000. But that work was the result of developers repairing their own mis-estimations of the durability of 3000 applications. Four-digit representations of years were possible from the very first month the 3000 went into serious duty. (That month happens to be just about 40 years ago, as of this month.) The users of the system, and commercial developers, just didn't see the need for using precious storage to represent four complete digits during 1974.

Four decades have brought the 3000's dating capability within sight of the end-date of accuracy. In the same way as 2000 was a community-wide roadblock, Volokh said that, just like age 70 is the new 60, "2028 has become the new Y2K."

The year 2028 is notable for customers who don't plan to leave the HP 3000. It's the year when timestamps stop being accurate, because the CALENDAR intrinsic in MPE/iX only uses 7 bits to store year information.

For those HP 3000 applications using CALENDAR, HP has advised you use the newer HPCALENDAR in your apps. The newer intrinsic, polished up in 1998 with version 6.0, extends the 3000 application's date accuracy to more than five decades beyond the 3000's inception. 2027 will be the last year to accurately generate timestamps in the 3000's filesystem. HPCALENDAR goes further, for whatever that's worth.

An HP advisory explained the differences, at least in part:

The original MPE timestamp format was that used by the CALENDAR intrinsic, a 16 bit quantity allowing 9 bits for the day of the year and 7 bits for the year, added to 1900. Since the largest number represented by 7 bits is 127, this format is limited to accurately storing years up to 2027.

The newer HPCALENDAR intrinsic uses a 32 bit quantity, allowing 23 bits for the year, since 1900 and the same 9 bits for the day of the year. This format provides a significantly longer period of timestamp accuracy.

When HP first began to talk about a Posix timestamp function that works on the 3000, the advice needed a bit of explanation from HP's lab engineer Bill Cadier.

If, for example someone needs to store the maturity date for a 30 year mortgage started this month, neither the traditional CALENDAR format nor the time() format will work as they are only accurate to 31 December 2027 and 19 January 2038 respectively. The HPCALENDAR date format provides 23 bits to store the year added to 1900 — and since one can store 8,388,607 in those 23 bits, this format provides the best accuracy for storing future dates on the e3000.

The advisory says in part

Certain Posix applications may use the time() function as the basis for timestamps; and may therefore, store timestamps in the format used by time(), which is a 32 bit quantity representing the number of seconds from the epoch 1 January 1970. This format is limited to accurately storing timestamps up to 19 January 2038.

If your applications have a need to create and store future transaction timestamps, HP recommends using HPCALENDAR, HPDATECONVERT, HPDATEDIFF, HPDATEFORMAT or HPDATEOFFSET to ensure they are created correctly.

HP built MPE to an extraordinary level of durability. Employing MPE/iX on the application level, you can use the invented-in-HP HPCALENDAR intrinsic for apps. Alas, as of this month, the intrinsic for the filesystem, CALENDAR, does have a shorter working lifespan. But I overstepped in thinking that HP wasn't thinking far enough into the future about the 3000. It's just that a reasonable choice about the time-span for filesystem date intrinsics seemed ample, at space enough for 54 years. However, the 3000 is clocking in to begin year Number 41 this month. It may take a village of MPE's experts to reach into 2028 and beyond. 

HP first released 5.5 PowerPatch 4 as a Year 2000-ready release during December of 1997. But a more comprehensive, company-wide definition of Year 2000 compliance resulted in new versions of the date intrinsics, which HP first made available in that 1998 PowerPatch.

At the time, users felt like they were overwhelmed enough with their own repairs, and didn't want to think they'd be waiting on HP to repair application date handling. One healthcare IT manager said, "It seems that what I suspected is correct — Y2K fixes will be forthcoming up to and even after Year 2000 arrives. At some point we must evaluate how bad the problems are, and settle on a base release.”

HP's MPE product manager at the time acknowledged that some customers would need to install a PowerPatch "if they use HP’s date intrinsics in their applications." The statement makes me wonder what else a modern-day programmer would be using in an app. There are other ways that an MPE app could cast the date of a transaction or a file. Perhaps anybody who'd develop this sort of intrinsic magic on their own could help in the village-wide challenge to accurately date in 2028.

09:18 PM in Homesteading | Permalink | Comments (0)

April 11, 2014

Again, the 3000's owners own a longer view

GeorgeBurnsHeartbleed needs a repair immediately. Windows XP will need some attention over the next three years, as the client environment most favored by migrating 3000 sites starts to age and get more expensive. XP is already "off support," for whatever that means. But there's a window of perhaps three years where change is not as critical as a repair to Heartbleed's OpenSSL hacker window.

Then there's MPE. The OS already has gone through more than a decade of no new sales. And this environment that's still propping up some business functions has now had more than five years of no meaningful HP lab support. In spite of those conditions, the 3000's OS is still in use, and by one manager's accounting, even picking up a user in his organization.

"Ending?" Tim O'Neill asks with a rhetorical tone. "Well, maybe MPE/iX will not be around 20 years from now, but today one of our people  contacted me and said they need to use the application that runs on our HP 3000. Isn't that great? Usage is increasing!"

VladimirNov2010GrayPondering if MPE/iX will be around in 20 years, or even 13 when the end of '27 date bug surfaces, just shows the longer view the 3000 owner still owns. Longer than anything the industry's vendors have left for newer, or more promising, products. My favorite avuncular expert Vladimir Volokh called in to leave a message about his long view of how to keep MPE working. Hint: This septuagenarian plans to be part of the solution.

Vladimir is bemused at the short-term plans that he runs across among his clientele. No worries from them about MPE's useful lifespan. "I'll be retired by then," say these managers who've done the good work of IT support since the 1980s. This retirement-as-futures plan is more common than people would like to admit.

Volokh took note of our Fixing 2028 update awhile back. "It's interesting that you say, "We've still got more than 13 years left. Almost every user who I've told you about has said, 'Oh, by then, I'll retire.' My answer is, 'Not me.' I will be just 90 years old. You call me, and we'll work out something.' "

I invite you to listen to his voice, delivering his intention to keep helping and pushing MPE into the future -- a longer one than people might imagine for something like XP.

Why do some 3000 experts say a longer view seems like a good chance? Yes, one obvious reason is that they don't want to say goodbye to the meaningful nature of their expertise, or the community they know. I feel that same way, even though I only tell the stories of this community.

But there's another reason for the long view. MPE has already served in the world for 40 years. HP thought this so unlikely that they didn't even program for a Y2K event. Then the vendor assumed more than 80 percent of sites will be off in four years' time after HP's "we're quitting" notice. Then it figured an extra two years would do the job.

Wrong on all three accounts. Change must prove its value, and right soon, if you intend to begin changing soon. There's another story to tell about that reality, one from the emulator's market, which I'll tell very soon. In the meantime, change your passwords

1. If a website you use is vulnerable to Heartbleed; check here with a free tool, or it has been (list below).

and

2. It has now been repaired.

Here's a list of websites which were vulnerable, from Github. Yahoo is among them, which means that ATT broadband customers have some password-changing to do. That's very-short-view change.

01:46 PM in Homesteading, Migration | Permalink | Comments (0)

April 10, 2014

Heartbleed reminds us all of MPE/iX's age

The most wide-open hole in website security, Heartbleed, might have bypassed the web security tools of the HP 3000. Hewlett-Packard released WebWise/iX in the early 2000's. The software included SSL security that was up to date, back in that year. But Gavin Scott of the MPE and Linux K-12 app vendor QSS reminds us that the "security through antiquity" protection of MPE/iX is a blessing that's not in a disguise.

OldheartWebWise was just too late to the web game already being dominated by Windows at the time -- and even more so, by Linux. However, the software that's in near total obscurity doesn't use the breached OpenSSL 1.0.1 or 1.0.2 beta versions. Nevertheless, older software running a 3000 -- or even an emulated 3000 using CHARON -- presents its own challenges, once you start following the emergency repairs of Heartbleed, Scott says.

It does point out the risks of using a system like MPE/iX, whose software is mostly frozen in time and not receiving security fixes, as a front-line Internet (or even internal) server. Much better to front-end your 3000 information with a more current tier of web servers and the like. And that's actually what most people do anyway, I think.

Indeed, hardly any 3000s are used for external web services. And with the ready availability of low-cost Linux hosts, any intranets at 3000 sites are likely to be handled by that open-sourced OS. The list of compromised Linux distros is long, according to James Byrne of Harte & Lynne, who announced the news of Heartbleed first to the 3000 newsgroup. 

The versions of Linux now in use which are at risk, until each web administrator can supply the security patch, include

Debian Wheezy
Ubuntu 12.04.4 LTS1
CentOS 6.5
Fedora 18
OpenBSD 5.3
FreeBSD 10.0
NetBSD 5.0.2
OpenSUSE 12.2

The PA-RISC architecture of the HP 3000, emulated on CHARON HPA/3000, could also provide a 3000 manager with protection even if somehow an MPE/iX web server had been customized to use OpenSSL 1.0.1, Scott says.

I'm pretty certain that the vulnerable versions of OpenSSL have never been available on MPE/iX. However, it is possible that the much older OpenSSL versions which were ported for MPE/iX may have other SSL vulnerabilities. I haven't looked into it. Secure Apache or another web server dependent on OpenSSL would be the only likely place such a vulnerability could be exposed.

There's also a chance that MPE/iX, even with a vulnerable web server, might have different behavior -- as its PA-RISC architecture has the stack growing in the opposite direction from x86. As such, PA-RISC may do more effective hardware bounds checking in some cases. This checking could mitigate the issues or require MPE/iX-specific knowledge and effort on the part of an attacker in order to exploit vulnerabilities. All the out-of-the-box exploit tools may actually be very dependent on the architecture of the underlying target system.

Security through such obscurity has been a classic defense for the 3000 against the outside world of the web. But as Scott notes, it's a reminder of how old the 3000's web and network tools are -- simply because there's been little to nothing in the way of an update for things like WebWise Apache Server.

But there's still plenty to worry about, even if a migrated site has moved all of its operations away from the 3000. At the website The Register, a report from a white-hat hacker throws the scope of Heartbleed much wider than just web servers. It's hair-raising, because just about any client-side software -- yeah, that browser on any phone, or on any PC or Mac -- can have sensitive data swiped, too.

In a presentation given yesterday, Jake Williams – aka MalwareJake – noted that vulnerable OpenSSL implementations on the client side can be attacked using malicious servers to extract passwords and cryptographic keys.

Williams said the data-leaking bug “is much scarier” than the gotofail in Apple's crypto software, and his opinion is that it will have been known to black hats before its public discovery and disclosure.

11:18 AM in Migration, Newsmakers | Permalink | Comments (0)

April 09, 2014

How SSL's bug is causing security to bleed

HeartbleedComputing's Secure Sockets Layer (SSL) forms part of the bedrock of information security. Companies have built products around SSL, vendors have wired its protocols into operating systems, vendors have applied its encryption to data transport services. Banks, credit card providers, even governments rely on its security. In the oldest days of browser use, SSL displayed that little lock in the bottom corner that assured you a site was secure -- so type away on those passwords, IDs, and sensitive data.

In a matter of days, all of the security legacy from the past two years has virtually evaporated. OpenSSL, the most current generation of SSL, has developed a large wound, big enough to let anyone read secured data who can incorporate a hack of the Heartbeat portion of the standard. A Finnish security firm has dubbed the exposed hack Heartbleed.

OpenSSL has made a slow and as-yet incomplete journey to the HP 3000's MPE/iX. Only an ardent handful of users have made efforts to bring the full package to the 3000's environment. In most cases, when OpenSSL has been needed for a solution involving a 3000, Linux servers supply the required security. Oops. Now Linux implementations of OpenSSL have been exposed. Linux is driving about half of the world's websites, by some tallies, since the Linux version of Apache is often in control.

One of the 3000 community's better-known voices about mixing Linux with MPE posted a note in the 3000 newsgroup over the past 48 hours to alert Linux-using managers. James Byrne of Harte & Lyne Ltd. explained the scope of a security breach that will require a massive tourniquet. To preface his report, the Transport Layer Security (TLS) and SSL in the TCP/IP stack encrypt data of network connections. They have even done this for MPE/iX, but in older, safe versions. Byrne summed up the current threat.

There is an exploit in the wild that permits anyone with TLS network access to any system running the affected version of OpenSSL to systematically read every byte in memory. Among other nastiness, this means that the private keys used for Public Key Infrastructure on those systems are exposed and compromised, as they must be loaded into memory in order to perform their function.

It's something of a groundbreaker, this hack. These exploits are not logged, so there will be no evidence of compromises. It’s possible to trick almost any system running any version of OpenSSL released over the past two years into revealing chunks of data sitting in its system memory.

The official security report on the bug, from OpenSSL.org, does its best to make it seem like there's a ready solution to the problem. No need to panic, right?

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected, including 1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2

For the technically inclined, there's a great video online that explains all aspects of the hack. Webserver owners and hosts have their work to do in order to make their sites secure. That leaves out virtually every HP 3000, the server that was renamed e3000 in its final HP generation to emphasize its integration with the Internet. Hewlett-Packard never got around to implementing OpenSSL security in its web services for MPE/iX. 3000 systems are blameless, but that doesn't matter as much as insisting your secure website providers apply that 1.0.1g upgrade.

The spookiest part of this story is that without the log evidence, nobody knows if Heartbleed has been used over the past two years. Byrne's message is directed at IT managers who have Linux-driven websites in their datacenters. Linux has gathered a lot of co-existence with MPE/iX over the last five years and more. This isn't like a report of a gang shooting that's happened in another part of town. Consider it more of a warning about the water supply.

In a bit of gallows humor, it looks as if the incomplete implementation of OpenSSL, frozen in an earlier edition of the software, puts it back in the same category as un-patched OpenSSL web servers: not quite ready for prime time.

09:50 PM in Homesteading, Migration, Newsmakers, User Reports | Permalink | Comments (0)

April 08, 2014

Here it is: another beginning in an ending

Today's the day that Microsoft gives up its Windows XP business, but just like the HP 3000 exit at Hewlett-Packard, the vendor is conflicted. No more patches for security holes, say the Redmond wizards. But you can still get support, now for a fee, if you're a certain kind of Windows XP user.

New BeginningsIt all recalls the situation of January 2009, when the support caliber for MPE/iX was supposed to become marginal. That might have been true for the typical kind of customer who, like the average business XP user, won't be paying anything to Microsoft for Service Packs that used to be free. But in 2009 the other, bigger sort of user was still paying HP to take 3000 support calls, fix problems, and even engineer patches if needed. 

A lot of those bigger companies would've done better buying support from smaller sources. Yesterday we took note of a problem with MPE/iX and its PAUSE function in jobstreams, uncovered by Tracy Johnson at Measurement Specialties. In less than a day, a patch that seemed to be as missing as that free XP support of April 8 became available -- from an independent support vendor. What's likely to happen for XP users is the same kind of after-market service the 3000 homesteader has enjoyed.

Johnson even pointed us to a view of the XP situation and how closely it seems to mirror the MPE "end of life," as Hewlett-Packard liked to call the end of 2010. "Just substitute HP for Microsoft," Johnson said about a comparison with makers of copiers and makers of operating systems.

Should Microsoft Be Required To Extend Support For Windows XP? The question is being batted around on the Slashdot website today. One commenter said that if the software industry had to stick to the rules for the rest of the office equippers, things would be differerent. Remember, just substiture HP (and MPE) for Microsoft and XP.

If Windows XP were a photocopier, Microsoft would have a duty to deal with competitors who sought to provide aftermarket support. A new article in the Michigan Law Review argues that Microsoft should be held to the same duty, and should be legally obligated to help competitors who wish to continue to provide security updates for the aging operating system, even if that means allowing them to access and use Windows XP's sourcecode.

HP did, given enough time, help in a modest way to preserve the maintainability of MPE/iX. The vendor sold source code licenses for $10,000 each to support companies. In at least one case, the offer of help was proactive. Steve Suraci of Pivital Solutions said he was called by Alvina Nishimoto of HP and asked, "You want to purchase one of these, don't you?" The answer was yes. Nobody knew what good a source code license might do in the after-market. But HP was not likely to make the offer twice, and the companies who got one took on the expense as an investment in support in the future.

But there was a time in the 3000's run-up to that end-of-HP Support when the community wanted to take MPE/iX into open source status. That's why the advocacy group was named OpenMPE. Another XP commenter on Slashdot echoed the situation the 3000 faced during the first years of its afterlife countdown.

(Once again, just substitute HP and MPE for Microsoft and XP. In plenty of places, they'll be used together for years to come.)

XP isn't all that old, as evidenced by the number of users who don't want to get off of it. It makes sense that Microsoft wants to get rid of it -- there's no price for a support contract that would make it mutually beneficial to keep tech support trained on it and developers dedicated to working on it. But at the same time, Microsoft is not the kind of company that is likely to release it to the public domain either. The last thing they would want is an open source community picking it up, keeping it current with security patches and making it work on new hardware. That's the antithesis of the forced upgrade model.

Note: MPE/iX has been made to work with new hardware via the CHARON emulator. Patches are being written, too, even if they are of the binary variety. XP will hope to be so lucky, and it's likely to be. If not, there's the migration to Windows 7 to endure. But to avoid that expense for now, patches are likely to be required. The 3000 community can build many of them. That's what happens when a technology establishes reliability and matures.

06:12 PM in Migration, News Outta HP | Permalink | Comments (1)

April 07, 2014

MPE patches still available, just customized

Last week a 3000 manager was probing for the cause of a Command Interface CI error on a jobstream. In the course of the quest, an MPE expert made an important point: Patches to repair such MPE/iX bugs are still available. Especially from the seven companies which licensed HP's source code for the HP 3000s.

PatchworkThis mention of MPE bug repair was a reminder, actually, that Hewlett-Packard set the internals knowledge of MPE free back in 2010. Read-only rights to the operating system source code went out to seven companies worldwide, including some support providers such as Pivital Solutions and Allegro Consultants.

The latter's Stan Sieler was watching a 3000 newsgroup thread about the error winding up. Tracy Johnson, the curator of the 3000 that hosts the EMPIRE game and a former secretary to OpenMPE, had pointed out that his 3000 sometimes waits longer than expected after a PAUSE in a jobstream.

I nearly always put a CONTINUE statement before a PAUSE in any job.  Over the years I have discovered that sometimes the CPU waits "longer" than the specified pause and fails with an error.

A lively newsgroup discussion of 28 messages ensued. It was by far the biggest exchange of tech advice on the newsgroup in 2014, so far. Sieler took note of what's likely to be broken in MPE/iX 7.5, after an HP engineer had made his analysis of might need a workaround. Patches and workarounds are a continuing part of the 3000 manager's life, even here in the second decade of the 3000's Afterlife. You can get 'em if you want 'em.

A workaround is the more likely of repairs for something that's not operating correctly in MPE, by this year. Patches were a free HP 3000 element, and those that HP created still are free today -- unlike the situation for HP's still-supported servers. The dilemma is that the final round of patches HP built weren't tested to HP's satisfaction. Plus, there's no more vendor work on new repairs.

Enter the third party supporters, the companies I call independent support providers. They know the 3000 as well as anybody left at HP, so long as they're a party to the source code for the operating system. In many cases, a binary patch isn't what a customer wants. Such a thing has to be tested, and a lot of production 3000s are under lockdown today. Changes are not invited.

But in the case of an MPE/iX jobstream PAUSE error, there's always a chance for a fix. HP's Jim Hawkins looked at Johnson's problem and ranked the causes Nos. 1-4. Number 4 was "possible MPE/iX bug."

Sieler said that it looked like this was a genuine MPE/iX flaw. What to do, now that the MPE/iX lab at HP -- which once included Hawkins -- has gone dark? Sieler pointed to patching.

After analyzing hxpause, the executor responsible for implementing the CI PAUSE command, I suspect there is a bug in the MPE/iX internal routine "pausey", which hxpause uses. The bug appears to be triggerable by :BREAKJOB/:RESUMEJOB, but I have not characterized  precisely what triggers it.  It is, however, apparently the result of the equivalent of an uninitialized variable.

I believe Allegro could develop a patch, should a customer be interested in it.

Patches beyond the lifespan of an HP lab are a touchy topic. A binary patch, as Allegro's Steve Cooper describes this kind of assignment, is likely to live its life in just one HP 3000 installation. It's a creation to be tested, like any patch.

And now it seems that patches are not only a for-pay item, but something to be guarded. HP even pressed a lawsuit against an independent company when the vendor observed that its patches were being distributed by the indie. No money changed hands in the suit settlement, but the support company said it would stop redistributing HP's patches.

This kind of protective culture from systems vendors is endemic by now, according to Source Direct's Bill Hassell. "This is a hot topic, both for customers as well as third party support organizations," he reported. "There have been very strong reactions from customers to recent statements about firmware restrictions." Hassell, well-known as an HP-UX expert among former Interex user group members, pointed to a handful of articles from HP's own blog and the industry press such as ZDNet, or one from PC World.

But the first one Hassell pointed at was the message from HP's own Mary McCoy, VP of Support for HP Servers, Technology Services. It's titled Customers for Life. In essence, the February posting says HP's firmware only gets an upgrade for "customers with a valid warranty, Care Pack Service, or support agreement."

We know this is a change from how we’ve done business in the past; however, this aligns with industry best practices and is the right decision for our customers and partners. This decision reinforces our goal to provide access to the latest HP firmware, which is valuable intellectual property, for our customers who have chosen to maximize and protect their IT investments.

In the face of this, and other HP announcements such as ProLiant patch availability, the customers who are commenting at HP's website are not happy. One noted that "the customer segment who will suffer the most from this revision in HP firmware availability will be the small and medium businesses performing their own in-house IT support." Some say the pay-for-patch mandate is only going to drive them to other vendors for small business servers. HP asserts that every vendor is doing this by now.

Enter the indie patching potential for MPE/iX. Binary patches are much more of a possibility when source code is in the hands of a support company. As far as I know, the source for HP-UX, or any other proprietary Unix, isn't in the wild, and the same can be said for Windows. Linux source is always available, of course. Nobody is going to be tagged as a Customer for Life when they choose Linux.

But that's also true of MPE/iX. Enter an indie support relationship and you get the benefits of that vendor's expertise, based upon the level of their understanding of MPE. Leave that relationship and you're not penalized. You're just on the hunt now for another support vendor of equal caliber.

A support company's caliber is measured by the way it conducts its business practices, not just what it knows how to create or fix. This vendor lock-in is something familiar to a 3000 owner. But it was technology, not business decisions, which enforced such lock-in during the 20th Century. The indie companies have a patch for the current era's lock-in error.

07:04 PM in Homesteading, News Outta HP, User Reports | Permalink | Comments (0)

April 04, 2014

Save the date: Apr 16 for webinar, RUG meet

April 16 is going to be a busy day for MB Foster's CEO Birket Foster.

BirketLong known for his company's Wednesday Webinars, Foster will be adding a 90-minute prelude on the same day as his own webinar about Data Migration, Risk Mitigation and Planning. That Wednesday of April 16 kicks off with the semi-annual CAMUS conference-call user group meeting. Foster is the guest speaker, presenting the latest information he's gathered about Stromasys and its CHARON HP 3000 emulator.

The user group meet begins at 10:30 AM Central Time, and Foster is scheduled for a talk -- as well as Q&A from listeners about the topic -- until noon that day. Anyone can attend the CAMUS meeting, even if they're not members of the user group. Send an email to CAMUS leader Terri Lanza at tlanza@camus.org to register, but be sure to do it by April 15. The conference call's phone number will be emailed to registrants. You can phone Lanza with questions about the meeting at 630-212-4314.

Starting at noon, there's an open discussion for attendees about any subject for any MANMAN platform (that would be VMS, as well as MPE). The talk in this soup tends to run to very specific questions about the management and use of MANMAN. Foster is more likely to field questions more general to MPE. The CHARON emulator made its reputation among the MANMAN users in the VMS community, among other spots in the Digital world. You don't have to scratch very deep to find satisfied CHARON users there.

Then beginning at 1 PM Central, Foster leads the Data Migration, Risk Mitigation and Planning webinar, complete with slides and ample Q&A opportunity.

Registration for the webinar is through the MB Foster website. Like all of the Wednesday Webinars, it runs between 1-2 PM. The outline for the briefing, as summed up by the company:

Data migration is the process of moving an organization’s data from one application to another application—preferably without disrupting the business, users or active applications.

Data migration can be a routine part of IT operations in today’s business environment providing service to the whole company – giving users the data they need when they need it, especially for Report, BI (Business Intelligence) or analytics (including Excel spreadsheets) and occasionally for a migration to a new application. How can organizations minimize impacts of data migration downtime, data loss and minimize cost?

In this webinar we outline the best way to develop a data conversion plan that incorporates risk mitigation, and outlines business, operational and technical challenges, methodology and best practices.

The company has been in the data migration business since the 1980s. Data Express was its initial product to extracting and controlling data. It revamped the products after Y2K to create the Universal Data Access (UDA) product line. MBF-UDACentral supports the leading open source databases in PostgreSQL and MySQL, plus Eloquence, Oracle, SQLServer, DB2, and TurboIMAGE, as well as less-common databases such as Progress, Ingres, Sybase and Cache. The software can migrate any of these databases' data between one another.

07:24 PM in Homesteading, Migration, Web Resources | Permalink | Comments (0)

April 03, 2014

Learning to Love Your Legacy

As the next end of days bears down on us -- Windows XP will become a former Microsoft product next Tuesday -- it's worthwhile to remember that the life beyond a vendor's designs can still fulfill. XP will operate in millions of places from next week and onward, but it's going to be a legacy system to many IT planners. That puts it in a similar spot with MPE, as well as IBM's legacy, the Series i systems.

JenFisherYes, they all have differences in their legacy standings. MPE's hardware -- well, the stuff badged with HP on it -- is beyond a decade old. There's nothing new there. Microsoft's hardware is everywhere, but the security essentials are taking a mortal wound starting next week. As for the IBM legacy options, we turned to Fresche Legacy's Jennifer Fisher. The company helped build up the 3000 and MPE worlds as Speedware, before it rebranded itself and expanded its focus to IBM.

Fisher, the VP of Global Sales and Marketing, said that love and IT can and do go together, something the company has experienced while serving both the 3000 and Series i worlds. "When we say 'IT can make you smile' and 'love your legacy,' this is want it's all about," she said. "You need to nurture and care for the legacy. Leverage it, and make it work for you."

Systems_power_i_graphic_60x45The IBM Series i customer has had a ride through rebranding, too, coming out of decades of being known as AS/400 users, to become i Series, then finally IBM i. The computer's using a proprietary chipset IBM's built called POWER, something that IBM put into its Linux, Unix and PC-based servers. Those were once called Series P (for Unix) and Series X (for Linux, and Windows -- even XP). Changes in names come along the line to the legacy user. MPE/iX was MPE/XL, and before that MPE V.

Legacy server systems built in a certain era, like the IBM i and the 3000, or the omnipresent XP -- these still do their duty long after their vendor's interest wanes. IBM i is still a product for sale by the vendor, unlike XP or MPE. IBM's hardware "continues to evolve and is a focus for IBM i," Fisher said. Fresche took a wider look for customers in the enterprise market space when it rebranded.

Our focus has expanded to the larger midrange space, but we are still taking care of our HP 3000 friends. We continue to grow in the space, especially around application support. More and more, we are seeing customers needing legacy expertise in COBOL, Powerhouse and Speedware on the 3000 -- but also RPG, COBOL and Synon in the IBM i space. These two are so similar. Both midrange systems have been the backbone to the organizations they have served, and continue to be in many ways.

Fisher notes, like the other suppliers who continue to reach out to the needs of legacy users, that system developers have built the bones of the legacies.

In both cases, the business analysts and developers who put their blood, sweat and tears into driving the business have created a legacy of their own, and Fresche Legacy is all about helping them to continue that. There is so much value in these systems. We are here to help drive the business value that IT was recognized for in the past. We want to restore that reputation, by bridging the gap between IT and the business.

As an example of what Fresche is doing for its IBM customers, the company rolled out a new release of its X-Analysis, V10. The software performs documentation and design recovery for IBM i environments, and is the flagship product of Fresche Legacy’s Databorough division.

The company says its modernization projects have driven demand for better control and reuse of the business rules embedded in legacy apps. In the IBM environment, those are RPG, COBOL and Synon applications. (That last one is a popular development environment from CA.) This new release provides fresh capabilities for automated analysis, documentation, data modernization, plus consolidation and export of business rules from legacy code. X-Analysis now has annotation and visualization features. This sort of tool gives a legacy IT manager the means to synchronize business, regulatory, and modernization requirements within their software.

"Complexity metrics and maintainability indices are the foundation of any efficient development practice,” says Garry Ciambella, Vice President of R&D. "This release of X-Analysis provides IT organizations and IBM i development managers with a much clearer set of measurable inputs to quantify resource requirements and run development projects. There’s a lot less guesswork and much better results."

07:14 PM in Homesteading, Newsmakers | Permalink | Comments (0)

April 02, 2014

Newest paper-based issue signals Spring

By Ron Seybold

It might feel a bit absurd to think that hand-written forms, some even photocopied, would be essential vehicles of crucial monetary reports. PDF has become old-school, it’s so mainstream now. After all, several current and former Newswire sponsors sell software to eliminate paper. 

“Good luck with that,” my friend says of eliminating the need to extract. We meet for our coffee in the evenings now, while drinking decaf, because his alarm rings at 5:30 every workday and a good night’s sleep makes for an accurate workday. He's breaking open envelopes with springtime government forms, and more lately paper checks and money orders, enclosed. It's a temporary job with lasting benefits.

He tells me, with a look that I envy, that his wife is rousing herself into those wee hours to make his breakfast, pack his lunch. It’s like the Cleavers, June and Ward, I told him. “Yeah, and just like my dad,” he replies, talking about his pop eating eggs in the Sixties before sunup, to make a 7AM shift start. He says those eggs were cooked by his mom, who was just as much on the clock as his dad.

I remember such mornings only dimly, from my own days when I served that government in the US Army. You got used to a workday beginning before sunrise. Coffee of high-test variety was essential. And boy, was that Army of the 1970s ever run on paper. Three part forms and carbon and typewriters, not to mention my job — radio teletype operator, relaying troop strength and mobile armor readiness reports. All printed out on rough newsprint-grade paper in three-inch-thick rolls. Delivered across equipment that was already more than a decade old, and balky on our lucky days.

But those Army days of mine, like my pal’s temporary workdays, have one thing in common. It’s the rare job, he says, “where when you’re not there, you don’t have to care.” The work is important, of course. This agency pumps the lifeblood of revenue into the US. But for a season that’s well-known this time of year, it’s powered by piecework. Like a dance, he tells me, and I furrow my brow because I don’t get it. “We can raise up our desks to stand, and I rock back and forth while I move that mail.” I can just see him in his thick-soled shoes, flexing calves while he funnels all that paper through the mill, a throwback to shift work. There’s even a company cafeteria, he says, and a nurse’s station for paper cuts and sometimes worse.

The careful reader of ours will note that we’re now shifting to calling our paper issues Spring, and so forth. We have printed four per year, like the seasons, ever since 2006. Things do change, like climate or the habits of readers. If it were up to me, there would be a respected place for paper in my life for the rest of it. If I’m lucky, that’ll extend beyond the 3000’s CALENDAR wall of 2028. I’ll only be 71 by then. Just a boy, compared to the sage age of Fred White (beyond 85 now) or Vladimir Volokh (just celebrating number 75 this spring, he tells me.)

While my friend talks of everlasting paper, I think fondly of our newsletter, that name we gave to this Newswire product when we created it back in 1995. It was a time when online usually meant rolling off a PC terminal or a 3000’s 792 hardware. There was no Web when we planned this, but we certainly had to embrace it quickly. We got advice on making a website, but the blog was built out of our own observations. It helped that I’d been telling 3000 stories for a couple of decades before the blog went online.

Where does that leave all the paper we’ve all grown up communicating with, like this newsletter? Like all those forms in my pal’s workday, probably everlasting, but not as common. The ratio of customers using paper is dropping all over the world, not just in his temporary job. Perhaps paper becomes a seasonal tool, something special that is used on demand, just as it does down in that workroom he describes as “a football field’s worth of fluorescent lighting.” 

If a government can be run with decades-old communication technology, something that a serious share of its customers prefer, then that’s an option which ensures everyone can participate. One former Hewlett-Packard competitor, Unisys, now touts its information technology as stealth. “You can’t hack what you can’t see,” says the company. Things have changed a great deal, as well as not much at Unisys — the mash-up of Burroughs and Sperry from the 1980s. BUNCH referred to Burroughs, Univac, NCR, Control Data and Honeywell, all muscling up against IBM. 

HP was nowhere in that picture until its 3000 floated up out of the software labs that created IMAGE and MPE. Burroughs is still trying to catch up to the leaders, even while it calls its products stealthy and itself Unisys.

My friend likes to boast that the security in his temp job makes it a challenge to hack anything so old as paper. Our US government insists on this secure channel, I learned years ago while communicating corporate data on Social Security payments. No email, they said. So one paper document at a time, one issue a season, we continue our polished practices of telling the tales about what we earn, what we’ve bought, our alliances and competitions. In a few short weeks, I’ll see my pal back at the taco breakfasts, while that paper he has touched wearing latex gloves moves along to semi trailers, and eventually warehouses as anonymous as his own temp job.  Maybe that’s the fate for anything inclusive, like a computer that never leaves a program behind no matter how old, or a paper news vehicle still filling envelopes and mailboxes. 

But we do embrace the modern even while we honor the old. One avid reader of ours wondered why stories of migration would ever be printed on our pages. 

The fact that our pages are still in the mails, in their own season, is a testament to how inclusive our work has been here across nearly two decades. E-filing documents or mailing papers, migrating to commodity environments or homesteading, these are apt examples of being inclusive — even while we still practice our exclusive storytelling about the HP 3000. Like that sea of paper in my pal’s mill, heaven knows when that storytelling will ever end.

10:12 AM in History, Newsmakers | Permalink | Comments (0)

April 01, 2014

New MPE 8.0 includes cutting-edge remotes

Almost 10 years after the last update to MPE/iX -- the PowerPatch 2 of release 7.5 -- a new version of the operating system is emerging. What's being called MPE/iX 8.0 by the World OS ID board has begun to surface from the rogue collective of open source coders known as ReBoot.me, which has a website based in Macedonia.

HummingbirdIt's not known as this point how ReBoot.me got its hands on MPE/iX source code, but the modifications to the OS appeared to be demonstrated on an HP L-Class server. The new version was captured in a video released for a few hours on YouTube, but removed from North American, Asian, African, European and all Middle Eastern YouTube users. This 8.0 MPE/iX can still be viewed in a demo from viewers in the Bahamas, or any location that employs the domain .bs.

The secrecy appears to stem from some first-ever features on any operating system. Much like the groundbreaking memory space allocation of MPE/XL, the 8.0 release -- ReBoot.me calls it New MPE -- supports cloud hang time, self-repairing line breaks, and the manipulation of drone clusters. Seynor Blachboxe, the code-named spokesperson for the open sourcers, said the drone support was a late addition, one that helped fund the entire project.

Drone manipulation is a nascent computer science, even in 2014, Blachboxe said. His claims echo those of AeroVironment, a US defense contractor building bird-sized drones to extend government surveillance. With its roots running back to the real-time capabilities of RTE, the MPE DNA made it ready for the surveillance of hundreds of thousands of Drone Jobs simultaneously. ReBoot called these instances Hand Offs.

The cloud hang time feature automates and monitors any service interruptions that may be caused by meterological impacts, according to the ReBoot team. The New MPE does a constant rebuild of its accounts structure while handling intensive IO requests, making the software able to restore to its latest stateless image in a matter of millseconds during an interruption.

"You won't be able to see the downtime, and you won't be able to see the drones, either," Blachboxe said on the YouTube video. "This entire release is really about not seeing anything new that's happening within MPE." Licensing battles look like they may be highly visible, however, since ReBoot was not among the eight licensed owners of the MPE/iX source code released during 2010.

The open sourcers appeared to be unfazed by the prospect of battling Hewlett-Packard over rights to a product it no longer sells or supports. Citing a list of legal projects and management efforts tied to more critical needs for the vendor, the coding group said it doesn't expect a challenge that will be recognized in its sovereign nations.

"Winning that lawsuit wouldn't contribute enough to HP's bottom line to make their investors happy with the legal expense," Blachboxe said.

UTC 530Eager beta testers managed to download a handful of builds for the New MPE during the hours that the YouTube video was first visible. These releases could only be activated -- by use of an HP 792 terminal attached to an HP Cloud partition -- during the rolling 24 hour period of 04-01-14, as recognized in the vicinity of coordinates -49.591071, 69.497378, (click on map at right for detail) using the UTC +5:30 as a base. A beta-test version of 8.0 includes the first access to GPS coordinates, to locate a user's system and authorize the download, Blachboxe explained.

"If a user can't figure that out, they won't be of the caliber of computer professional we'd like to test this release," he said. "It's New MPE, after all."

02:47 AM in Newsmakers, Web Resources | Permalink | Comments (3)