November 20, 2015
Multi-threading traces years of MPE service
Yesterday we explored the prospects of multi-threading for HP 3000 sites. It's an aspect of application and software design that can benefit from virtualization. In years past, when much of the 3000 application base was being created, separate hardware CPUs drove this multi-threading. Stan Sieler of Allegro, one of the authors of the textbook on Precision Architecture RISC "Beyond RISC," told us that multi-threading is likely to have made its way into 3000 software via Unix.
It's a concept, through, that's been possible for MPE ever since its beginning. The MP in MPE stands for Multiprogramming, Sieler reminded me, and that "Multi-threading is a form of multiprogramming or multiprocessing."
Sieler adds that "Multi-processing is where you have more than one CPU … each CPU can run a single process at a time (and, with multi-programming, can appear to be running more than one at a time).
Generally, but not always (as words are often abused), “threads” are related to a single process. E.g., my video compression program might work on several parts of the video simultaneously with three or four threads. On some computers, two separate threads of a single process cannot execute at the same time … on others, they can.
On most computers nowadays, threads are implemented at the operating system level. On older systems, threading was sometimes implemented above the operating system, relying on user code to switch threads. (I’ll skip co-routines, which few systems have now, but the Burroughs MCP did.)
Multi-programming is the concept where two (or more) processes (or “programs”) appear to run at the same time, but in reality each gets a short time to run, and then the CPU pays attention to the other process, then back to the first one… or “time slicing.”
On the 3000, few programs use multi-threading, but it is available. It came about the same time as Posix did, perhaps one release later (I can’t recall). In general, if you show me a 3000 program that uses threading, I’ll bet it’s written in C and originated in the Unix/Linux world.
Essentially all computers nowdays have multi-programming. The original HP 3000 (pre-CX) did, too. (The HP 2100 (running RTE) had, IIRC, no multi-programming.)
"So, you could easily have a program — even on the Classic 3000 — that ran multiple copies of itself (assuming, of course, you had a reason for doing it)."
Get e-mail notice when the NewsWire blog gets a new entry. Just say "Blog Me" in a message to firstname.lastname@example.org.
November 04, 2015
HP C-level legacy hubris perplexes women
Now that the Hewlett-Packard spin off is underway — the initial 1970s concept of selling business computing solutions has returned to the fore at Hewlett Packard Enterprise — a review of who steered the bulky HP cart into the ditch seems worth a note. HP engineering culture was targeted by COO Chris Hsu as an impediment to splitting the company up in a year's time. The HP which ran on engineering desires fell to the wayside after current Republican candidate Carly Fiorina mashed up PC business into IT's legacy at HP, including the HP 3000 heritage.
Some insight as well as bafflement is emerging. Meg Whitman, a board director of HP whose primary job is now CEO of the restored HP Enterprise, doubts that Fiorina's best start in political service will be in the White House. According to a report in the San Jose Mercury News
“I think it’s very difficult for your first role in politics to be President of the United States," she said. Whitman has expressed empathy for Fiorina over cutting HP jobs — between the two of them, they’ve slashed tens of thousands of jobs at HP. But the failed California gubernatorial candidate told CNN, “While I think business strengths are important, I also think having worked in government is an important part of the criteria.” Whitman has thrown her support behind New Jersey Gov. Chris Christie.
As a punctuation for that measure of suitability, we stumbled upon another woman with a leadership career. Gloria Steinem, the seminal sparkplug of the feminist revolution of the 1970s and ardent advocate for womens' career ceilings, spoke on The Daily Show this week. Served up a fat pitch by the host that "Carly is a big favorite of yours, right?" Steinem shook her head and smiled. "I’m talking about women who got elected because they represented a popular majority opinion. She got promoted by God-knows-who."
My publisher turned to me and asked, "Who did promote Carly? Do you know?" I wondered how many of our readers, especially those ready to vote in GOP primaries, knew the answer.The short answer to the question is HP executive VP and board member Dick Hackborn. The shadowy giant of the printer empire, who rarely left his Idaho aerie for Silicon Valley, pumped Carly in the advent of Y2K. But the rogue's gallery of HP directors who promoted Fiorina have all been sacked, retired or died.
Resigned: Tom Perkins and Patricia Dunn. Plus George Keyworth, after the board discovered he'd leaked the pre-texting offenses which Dunn dished out to the press. Charges against her were dropped after more than a year of investigation.
Retired: Hackborn, Sam Ginn, Phil Condit, Robert Knowling.
Ousted: The son of one of HP's co-founders, Walter Hewlett. (Hard to imagine Walter voting to hire Fiorina, but esprit de corps counts for something. He even supported Fiorina's overpriced attempt to buy Price Waterhouse Cooper for $18 billion.)
Died: Lew Platt, after voting for his successor.
Eight of the 12 current HP directors have been appointed this year. It's a hopeful sign of change from a vendor which is still responsible for billions in products installed at migrated 3000 sites.
The answer to Steinem's question about who promoted Carly Fiorina is "people who've long since been separated from deciding HP's futures." Only Platt comes in with a clean bill, resigning from HP in 2000, after having the grace to step away from a company whose board no longer believed in him. That says much more about that board, and the ditch it pushed HP into, than it does about Platt.
October 30, 2015
The New HP's Opening Day: What to Expect?
The last business day for Hewlett-Packard as we've come to know it has almost ended. By 5 PM Pacific, only the Hawaiian operations will still be able to count on a vast product and service portfolio offered by a $120 billion firm. Monday means new business for two Hewlett-Packards, HP Inc. and Hewlett Packard Enterprise. It's possible that splitting the company in half could improve things by half. Whether that's enough will take months to tell.
On the horizon is a battle with the bulked-up Dell, which will integrate EMC as well as massive share of VMware in the coming months. The Dell of the future will be a $67 billion entity, larger than HP Enterprise in sales. Dell is a private concern now, while HP is becoming two publicly traded entities. The directions could not be more different, but HP will argue that demand had better be high for a monolith selling everything.
Dell is extending its offerings to a new level of complexity, but the level of product strategy and technology to comprehend has become too great for this week's massive HP. Hewlett-Packard never controlled an operation this large until the last decade. The company that built instruments and business computers and printers added a PC empire from Compaq. But it had just spun off Agilent two years before that PC merger.
But then after loading up with billions of dollars of low-margin desktop and laptop lines, the HP of the early 21st Century blazed forward into services. Headcount rose by more than 140,000 when Carly Fiorina sold the concept of buying EDS for outsourcing and professional services. The printer business swelled into cameras and even an iPod knockoff, built by Apple. HP's TVs made their way into retail outlets. It seemed there was nothing HP could not try to sell. Some of the attempts, like the Palm OS-based tablets or smartphones, shouldn't have been attempted. Their technology advantages couldn't be lifted above entrenched competition.
HP's CEOs since lifer Lew Platt retired — Fiorina, Mark Hurd, Leo Apotheker, and now Meg Whitman — didn't have much chance understanding the nature of so many products. Three years ago, HP started in the public cloud business, yet another branch of IT commerce aimed to take market share from Amazon. Whitman said in the New York Times that outsiders like her who've tried to lead the company have had too broad a beam of corporate ship to steer.
"This is crazy — Carly, Mark, Léo, me — the learning curve is too steep, the technology is too complex for an outsider to have to learn it all," she said in a story about what's next. The most audacious of HP's enterprise efforts was The Machine, technology that was to employ the near-mythical memristor to "change the future of computing as we know it." This summer the company fell back and said it would build that product with more conventional components and assemblies. It doesn't have a target date for releasing The Machine.The New HP, for the purposes of the 3000 customers who have migrated or will sometime soon, aims to do less and try to do it more effectively. Gone is the public cloud, while the EDS headcount is being trimmed. In-house technology like HP-UX and VMS is either going slack (no HP-UX 11.4 will be produced; VMS has been sold to an independent firm) or giving way to standards like Linux, Windows, and Intel servers like the ProLiants. The survival and ascent of ProLiant blade servers is likely to be the hardware backbone for a company that is keen to get customers to consider HP Enterprise as a software and service giant.
HP Enterprise, to be traded as HPE on the NYSE Monday, will sell private clouds that it will build, and staff if customers want HP administration, rather than the retail-level cloud services of AWS. HP Cloud could never host HP-UX customers. The fine-tuning of cloud hosts for Unix apps might be a part of the 2016 offerings. Just about anything to get more Integrity servers installed will have traction at HPE.
Although networking products and mass storage and software like Helion will be parts of the new HP facing the 3000 community, expect this business to be about how servers will drive its fortunes. In a Bloomberg report from this week, Whitman said she spent one full day on the three year plan for HPE's server business. She's been the CEO since 2011, and that was the first full day she concentrated on the business that put HP into business computing.
"There’s a great deal to be said for focus," Whitman said in the article. "You’ve got to be on it. You’ve got to be working on the product road map."
Work on product roadmaps in October used to be commonplace at HP, although it's probably been since Lew Platt's time that the CEO was involved in any way. MPE/iX users who've stayed with the OS, rather than the company, could still benefit from a rise in HP's fortunes. Sales of those allied product lines, as well as research to improve them, have a chance of improving. Homesteading 3000 customers would have to let the HP badge back into their shops. Maybe adding the "Enterprise" to the HP hardware nameplates will help restore the trust.
As for the HP Inc. side of the split-up, it's got less technology to comprehend and more competition with similar products. Some analysts are saying HP Inc. could be a takeover target, given its slim profit margins. HP's combined stock was down 30 percent from the start of this year, as the final day of Hewlett-Packard ended. On Monday HPE will start trading at about $15 a share. What will make the difference will be a fresh share of mind for a company that once specialized in business IT. MPE is gone, HP-UX is fading, and VMS has been sold away. The future will be different, but customers who remember a better HP might hope for a strategy that feels older: focused on how innovation and relationships can deliver success to customers.
October 06, 2015
Essential Skills: Securing Wireless Printing
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for such multi-talented MPE experts.
By Steve Hardwick, CISSP
When you do a security scan of your site, do you consider your printers? It was enough, several years ago, to limit an audit to personal computing devices, servers and routers. But then the era of wireless printing arrived. Printers have become Internet appliances. These now need your security attention, considering some of the risks with printers. But you can protect your appliances just like you're securing your PCs and servers.
Wireless printers can be very easy to set up. They come preconfigured to connect easily, and even a novice user can have something up and running in a matter of minutes. To be able to make this connection simple, however, vendors keep the amount of wireless network configuration to a minimum. Taking the default settings, as always, significantly reduces the amount of security that is applied to the device.
Modern printers are actually computer platforms that have been designed to run printing functions. Inside are a CPU, hard drive, RAM and operating system components. Unfortunately, a system breach can permit these components to be re-purposed to do other things. And those are things you don't want to happen at your site.For example, a BBC article from last year outlined how a programmer was able to hack into a printer and convert it to run the popular game Doom. The interesting part of this article is that the programmer could have had the printer run lots of other programs. Once the printer has been compromised, it is not difficult for a hacker to turn it into a tool to be used for nefarious reasons. Plus, once the machine is hacked, it can make connections from inside of your firewall. This will normally bypass the firewall rules and can transmit network information. Wireless printers can even be a vector for sending spam.
The brute force way to deal with a network penetration is turning off the wireless network. By connecting the printer using a cable, you can run the wireless connections through the router. Unfortunately this is not an ideal solution -- you've probably installed these printers for the express capability of eliminating cables. If that's not your case, and you have deployed a printer with wireless networking capabilities but you're not using them, don't forget to turn off the wireless function.
If you choose to run the printer wirelessly, make sure you set up WPA2 encryption. This will require setting up a printer password. Make sure that your wireless printer password is different from your wireless router password. Having the same password for multiple wireless devices is just asking for trouble. This may involve more work in setting up the printer to run. Its password will have to be loaded into each device that connects. But that's just the cost of security.
A new aspect of printers is that many contain hard drives. It takes a lot more time to print a large document than it does to send it over the network. Instead of requesting blocks of data at a time, the printer will request that the source computer send all the data at once. The printer must then keep a copy of the data locally to do its printing. And what better cheap source of local memory than a hard drive? In many cases the hard drive will keep storing the data as it gets requests, but not remove the data once the printing is complete. This results in a large volumes of data being stored on the drive.
Why does this pose a security risk? An intruder could externally hack the printer. Getting to the locally stored data is a fairly simple step once the machine has been compromised in this way. Then a copy of the information that has been printed can be stolen remotely from the machine.
Moving out older printers might mean you're inadvertantly giving your data away. Donating a working printer to a charity organization or a school can be a common practice. Even if the printer is not working, the data on the drive may be accessible. It is difficult to physically remove a drive from the printer to wipe the data. In many cases it may be impossible, as the drive is not meant to be a removable component. It is very difficult to get software to do the job.
In a lot of cases the printer manufacturer will give you the option to set up encryption on the internal hard drive. Lexmark, for example, outlines this kind of process. Search for “hard disk encryption” with your model number at your vendor's website. Make sure to use a strong encryption method such as AES 256 bit encryption. If the machine is compromised, it may still be possible to get at the data, but is will be difficult to remove it. At a minimum it will make it a harder target and may force the thief to discard it.
If encryption is not an option, some manufacturers will allow you to bypass the drive. This may case usability issues, especially if large documents are being printed. Not only will this cause printer slowdowns, but it also leads to network congestion. Do some research on what is being printed before choosing this strategy
A Man in the Middle attack uses a computer to get in between two machines on your network. If a computer is connecting to the printer, then the rogue machine does the following. First it convinces everyone on the network it is the printer. Then it convinces the printer it is the router. From that point onward, all data going to the printer is now accessible by the rogue machine. From that point is it easy to convert the printer data back to its electronic source, or the data can be forward and printed elsewhere. For more information see our article on Man in the Middle.
To avoid this vulnerability, configure your wireless printers to use a secure protocol over the network. This will employ encryption to accomplish two things. First, it will provide end to end encryption so that the data is encrypted on the source machine before it is transmitted. This will help prevent easy decryption of any intercepted traffic.
Second, by using a secure protocol, the source machine can verify the printer destination using a digital certificate. In fact, some printers do support SSL connectivity across the network. Another technology that was specifically designed for this application is IPSEC. This provides endpoint authentication and end to end encryption. IPSEC is very useful in support of wireless connections. Consult the printer vendor's documentation on how to configure this option. There are also lots of how-to videos on the web.
Installing printers in locations that are physically limited to the printer user community is a must for sensitive information. This may drive managers to keep printers next to a user's machine. Make sure to use a connection that is also secure. On a security audit, I saw a CEO's printer set up wirelessly across the office, because he did not want any wires connecting to his laptop. Needless to say, there was no security protection on the connection. He's still the CEO, but he's learned a bit about wireless printer security.
September 25, 2015
Taking the Measure of HP's Ex-Leaders
We're waiting for more information about the HP 3000s still doing service by working with Apache CGI scripting, as well as an upcoming confluence of CAMUS advice about Stromasys and Kenandy, to help ERP companies to homestead or migrate. So while we wait let's take a break for Friday Funnies. The story is funny in the way a two-headed calf wants to win a blue ribbon at the fair.
The latest news in our election cycle features the prospects of a woman who impacted lives of many of our readers, as well as the direct fortunes of any who work at or have retired from HP. Or any who will be separated from the vendor soon in the latest layoffs.
That would of course be Carly Fiorina, subject of scorn in both Donald Trump's eyes as well as derision from Yale economics professor Jeffrey Sonnenfeld. The professor wrote this week that Fiorina has learned nothing from her failures, or even admitted she's had any. And so, there's a criticism of his column afloat in the bowl of the 3000 world. Sonnenfeld's talks with former CEOs were not first-hand knowledge, the takeaway read.
Here I offer a subjective summary, and that criticism of the professor goes, "Do not measure Carly's impact on HP -- or her ability to lead -- by how other corporations fared during the same period when she was CEO. Or on the valuation of the company before and after. Measure her by how anybody would have fared, given what she took over starting in 1999. Also, understand that whatever you add up, it will be conjecture."
It's a good word. Conjecture is "an opinion or conclusion formed on the basis of incomplete information." By setting up a measurement problem so there is no constant -- to compare against, say, the veteran insider Ann Livermore, who HP passed over so Carly could get her job -- the measure will always be incomplete, clouded in imagination. In Catholic school, we were usually told at this point of our hard questions, "Well son, it's a mystery."
I believe the only way we'll ever see first-hand Carly-era information is an insider other than Carly who was an HP executive would write a book about the era. Say, Chuck House did that, didn't he? For those who don't know him, he was the leader of HP's software management, and that would include MPE. He was the only winner of what Dave Packard called HP's Medal of Defiance, for extraordinary defiance beyond the normal call of engineering duty. In 2009 House wrote "The HP Phenomenon; Innovation and Business Transformations." House has quite a bit to say about Carly's leadership (lordy, pages 403, 427, 443, 460, 471, 477, 480, 497, and 597) her Compaq decisions.
There's also a sheaf of pages indexed as "Vitriolic reaction." You probably would believe House has some first-hand experience of HP management, given that he was an executive manager throughout her HP service. House wasn't CEO, though. The only CEO who's created a book is Carly. She's so certain of her story she had to write two books.Come to think of it, maybe conjecture won't be the best word here.
When you look at the full history of HP's CEOs, it's not a group that's likely to deliver an insider's take on a hopeful story. After Bill and Dave retired from those posts, they died. John Young took the job and still lives, but he has enough sense to keep his head down in these leadership debates. Then there's Lew Platt (also retired and died), Fiorina, Hurd and Apotheker. Meg Whitman has been trying to pull HP's cart out of the ditch for more than four years. The latest tug is to pull away from the albatross PC business Fiorina pushed.
Fiorina's successors were bad, indeed. But no matter how bad any successor is, that doesn't change the mortal wound that the first savage can strike. A CEO who took the names of the founders off the company's logo, then removed one of their children from the board, might be summed up as having savage tactics. The leadership of Haiti comes to mind. Just search for "tontons macoutes" to get a peek at how such people stay in power. Haiti was once visited by cruise liners, before Papa Doc.
I was told a story by a well-loved HP executive who had the opportunity to lunch with his successor after retirement. "What in God's name has happened to HP stock?" he asked his replacement. It was second-hand experience the fellow was seeking, I suppose, to explain the first-hand experience that the retired manager was having over his retirement portfolio. I don't know who paid for lunch.
I continue to look for an HP employee or retiree who's feeling better about their portfolio, in the wake of Carly's ugly business decisions. Of course, once I hear that report, it will still be second-hand information. First-hand information, in case you were wondering, appears in print as "memoir" (business or otherwise) or "autobiography." Sometimes it could be labeled fiction, if its facts are not always so crucial. People do love a story.
I invite you to visit the bit of HP's story that includes choosing such a boat anchor for a CEO. "Perfect Enough" by George Anders includes a section where the author "discloses the role played by a powerful recluse in Idaho: the only person at HP who could bridge the old era and the new." That's the passing-over you read earlier, if I've kept you this far. As for that person's bridge, I think it's out. He's long gone, too.
In business, where Carly claims to have succeeded, the established coin of measurement is valuation. Either that, or love from the customers and employees. You don't need to be a professor of anything, let alone economics, to add up the former. Start your meters at the last HP stock split, in 2000. And for the latter measurement of love — well, you can go to the previous HP spinoff Agilent to find your Atomic Force Microscopes. I bet they still know something about measurement at Agilent.
We can't know if cruise liners will revisit the shores of the American dream in a Fiorina Administration. (My fingers just seized up trying to write those last two words together.) But it's not really conjecture about how HP's shoreline looked once her leadership dredged the company's passions for innovation.
September 22, 2015
Meetings serve futures. Most rely on pasts.
Last week I got a note from Terri Lanza, consultant to MANMAN and ERP users, asking about any forthcoming meetings for 3000 customers. Terri was a big part of the last HP 3000 meeting, the 3000 Reunion meeting that kicked off four years ago today. Lanza also queried ScreenJet's Alan Yeo, since Alan drove the engine of that Reunion while I helped organize and publicize.
Lanza is on the board of CAMUS, the user group devoted to ERP and manufacturing tech. "CAMUS was offered a place in California to gather," she said, "so our board wondered about choosing between San Diego and LA." Alan replied in short order that nothing is being planned for a 3000 meeting, and if anybody would know, it would be him. He kickstarted the meetings in 2005, 2007 and 2011. He even tried to turn the crank on a 2013 meeting. These things need financial support.
There's a great deal less purchasing among 3000 users four years after the Reunion. Purchases drive these tech meetings, but not just the sales pursued on an expo floor. Purchases of the past prop up meetings, as people try to better use the tech they already own.
That's why it's interesting to look at the content for many meetings among seniors like those who were at the Reunion. Tech meetings serve the drive toward futures, with talks about the Internet of Things or the Etch-A-Sketch wisdom on rules for social media. Learn, erase, learn again.
Legacy technology, though, tends to pay the bills for the bright-future meetings we used to attend. CAMUS is the exception, since its futures cover the survival of datacenters and legacy servers. Those are the servers that don't seem to get airtime, because their days of futures are supposedly over. Even HP seems to think so, if you look at what it's talking about at user meetings.HP's not counting on its legacy servers -- and an Integrity box is legacy like the 3000, just further up the road -- to float much of the company boat. Continued support of legacy systems can finance a visit to a sunny-futures meeting, though. The older generation does this support, and it pays for the dreams and foresight around newer technology. Or you hold a reunion, and remember what made you close friends, while you fought the fires of yesterday together.
But these days everybody is looking forward at expected change. Not much is changing about 3000s except for the age of their components. Humans always overestimate the amount of change coming into their lives, though. There's talk about manual driving becoming outlawed as self-driving cabs abound, or signboard ads at Macy's that will work better than an Onion gag about them. Someday we may be living in a world like those of the movies Total Recall or Minority Report. Walk slowly past that signboard. It could be sharing data that might live in an archived IMAGE database, which will be more reliable than split-second smartphone recognition.
Meetings serve a social need, and you never want to slag anything people are still investing time and money in. You can talk about the future with its uncertain changes, or gather survival advice to extend investments past. Maybe Google Hangouts or YouTube will give 3000 users a no-travel meeting option by next year. Since there's nothing under non-disclosure, the cybersecurity won't need to be advanced.
I remember attending a BARUG conference back in the 1980s in Santa Cruz. We enjoyed an expo space that overlooked the beaches and the suntanned pulchritude all a-frolic on the sands. Good times, but there was also talk on how to improve and extend what was still in use. We're betting that's become a mission for today's Web. If there's no travel budget, that'll work — and you won't have keep those bright-future shades trained on the changes that may never wash up on the sands of your datacenter.
September 14, 2015
We keep meaning to shut it down, but...
There's always acquisitions and mergers afoot in business, and the events have triggered some HP 3000 migrations. An entity gets acquired by a larger company that doesn't want to integrate MPE. The next thing you know, Windows is getting its call-up into a batting order where the 3000 used to play. (Sorry, baseball season's heating up as it winds down to the playoffs.)
A transaction that was announced this summer continued the journey of the Open Skies application that began in 1998 in the 3000 division of HP. In that fall, CSY General Manager Harry Sterling purchased the application that had helped to drive the 3000 and MPE into the airline business. "Harry, did you have to buy the company?" HP's next-level execs reportedly asked him. He bought it to show how Software as a Service could work on 3000s. HP called it Apps on Tap at the time.
Roll forward to July and see that the Amadeus Group started the purchase of Navitaire from Accenture. Navitaire became the proud owners of a farm of HP 3000s when the company purchased Open Skies early in the previous decade. By 2008, work was underway to move off those 3000s, a farm of more than two dozen of the N-Class servers. The software tracks mileage revenues and reservations and has been used by airlines including Canada's WestJet.
We got a report last week that a final N-Class server still is in operation, but it's destined for a shutdown. If only the overseas airline customers would stop needing historical reports from MPE/iX.A large-for-its-time array is still connected to a 3000 that's escaped the reaper's scythe so far. Mark Ranft, who's chronicled the transition away from MPE at Navitaire, let us know what's keeping a computer built 12 years ago serving some Navitaire customers.
All the customers have been switched over from HP 3000s. We still run an N-Class connected to an XP128 disk array for historical legacy purposes. It could be shut down soon, but we occasionally have a customer ask for some information from it. I guess other countries have unusually long timeframes for keeping detailed records of airline flights.
Navitaire had plenty of airline data business before it purchased Open Skies, but the reservation revenue-tracking software covered a new niche aimed at small carriers. HP only owned OpenSkies for about two years, then sold it to a subsidiary of Accenture. Within 18 months, HP announced its takedown of its 3000 operations. Accenture began developing a replacement called NewSkies, and by 2005 it started to inject it into spots where OpenSkies had served. Before that time, OpenSkies got upgrades from Navitaire, until HP called its halt to MPE/iX futures.
Open Skies, and its progeny New Skies, was always aimed at the low-cost airlines like RyanAir and WestJet. The 3000 had its introduction to airline reservation systems at what was a low-cost airline at the time, Southwest. Of course, Southwest is now the largest US domestic airline in passengers carried, and is paired with overseas partners. At the end of 1993, it bought tiny Morris Air to acquire 14 new Western US destinations, and discovered it'd bought the Morris "online reservation system," back when paper tickets were the absolute standard for air travel. It was like finding change in sofa cushions, including a rare coin.
The New York Times account of the transaction that brought the 3000 into the airline business makes no mention of the server or the software developed in Utah. Legendary CEO Herb Kelleher of Southwest was sharp enough to know low-cost operations would grow the company he founded, however. Morris was shaped like the Southwest of the 1990s, a company that knew a good server when it found one.
Southwest is more focused than Morris on attracting business travelers and is likely to try to attract more by offering more frequent flights. No Southwest routes overlap those of Morris, which will give Southwest a new presence in the Northwest and West, adding 14 cities to its schedule.
Asked about the Morris acquisition, Delta executives appeared sanguine yesterday. "We really don't see that this is changing anything," said Bill Berry, a Delta spokesman. "If we've got to face a competitor, we would rather face a competitor with costs that are much closer to ours."
Delta's reaction prompted a burst of laughter from Mr. Kelleher during a telephone interview yesterday. The cost structures of Southwest and Morris "are virtually the same," he said.
Southwest's adoption of the reservation software made e-tickets so essential that much larger airlines were forced to take up the service. By now, ordering a paper ticket carries a surcharge. Today's Southwest fleet of 600-plus 737s -- built at 3000-user Boeing -- now average six flights per aircraft per day. Delta had to merge with Northwest Airlines to keep up. Southwest turned off its last 3000 in the previous decade, though.
The deeper you go into the Morris-Southwest story, the better it gets. June Morris built her airline out of a travel agency business she ran in the back room of her husband's photo finishing business. Eventually there was a small fleet of chartered planes. Morris was the only female airline leader in the US at the time of the acquisition. The president of Morris Air at the time of the sale was David Needleman, who after leaving Morris went on to found a little operation called JetBlue. And JetBlue used HP 3000s as well, relying on Open Skies software from the start — the App on Tap that HP booked from Day One of JetBlue's operations. JetBlue and Southwest signaled a victory of midrange servers running TurboIMAGE/SQL over mainframes. JetBlue started up with less than a $1 million yearly IT budget.
Open Skies made its money by charging a fee per ticket booked. At the time JetBlue took off, a Computerworld article reported that flight reservations could be made on the Web "and by Touch-Tone telephone."
More than 500 Navitaire employees will go to Amadeus, a company that did 3.4 billion Euros of business last year. Navitaire's sale price was reported at $380 million in a July announcement, a deal that may close as early as next month. In the meantime there's one N-Class 3000 waiting for its retirement date, flying a route with a terminal destination — if one without an ETA.
September 02, 2015
The Heritage of Enterprise Consumerism
The heritage of your computer marketplace is driven by many more failures than successes. HP attempted to build a multiple operating system technology (MOST) system in 1993, mostly by re-engineering MPE and Unix software for customers who needed both environments.
MOST failed in alpha tests and taught Hewlett-Packard a lesson: do not promise so much flexibility that you kill performance. MOST was too slow to do the work of a single-OS system of the early '90s. The technology for multiple-OS computing was still five more years away, in Superdome. By the time HP polished Superdome, it lost its taste for expanding its MPE business.
That story has been echoed in the market many times. Virtualization and cloud solves such challenges today. But in 1993, NeXT Computer was killing itself by shipping a version of its OS that actually ran slower than the prior release. NeXT was the brainchild of Steve Jobs, who'd been kicked off Apple's throne by a board that was steered by John Sculley. Recent news has Sculley unveiling a new Android smartphone that won't be sold in the US. Aimed at China and emerging markets, this new Obi is, and so it avoids some competition with Apple.
Sculley, the former CEO of Pepsi, had been brought in to Apple by Jobs. The insanely great wunderkind knew he needed help to reach consumers. The move cost Apple momentum that elevated Microsoft and Windows to the top tier of business computing. Jobs tried to rebound with NeXT. Like MOST, the NeXT was way ahead of its time. Consumer-grade Unix was still 12 years away, lurking in the dreams for Mac OS X.
HP 3000 owners care about this because of their computer's heritage. Another consumer whiz, Dick Hackborn, climbed onto another board, HP's, and turned the LaserJet consumer reseller model onto the rest of HP's business. Direct contact with small to midsize customers became a task HP delegated. A 3000 shop that once knew its OS supplier through an SE or a CE had to learn to use resellers. The 3000 division lost track of the majority of its customers, and when the large sites yearned for a Superdome, nobody was able to keep in touch with customers who didn't need such a beast.
Sculley might do well with the Obi, even after a pratfall at Apple. On the other hand, the results might be Obi-Wan. It takes a failure to learn something, most times. MOST taught HP about speed, benefits, and the need for enough brainpower to enable something better (MPE) to drive something popular (Unix). The 3000's heritage flowed even and steady for awhile after Hackborn bent HP to a consumer beat. The loss of focus sealed the 3000's fate at HP, though.Enterprise and consumer computing were distinct entities when Scully and his pratfall pushed Jobs past another failure, NeXT, and into Apple. Now Scully will be competing with the ghost of Jobs, trying to sell a smartphone against the iPhone. But heritage does not mean that fate is cemented. The 3000 was never going to prosper in what HP was on the vanguard of building: enterprise consumerism. As it turns out, HP was not going to succeed at that either. Hackborn's board because erratic and dysfunctional.
While 3000 users plan their futures, they should look at the heritage of replacement candidates. A Scully smartphone will be as popular as Pepsi in emerging companies. It might be just as empty of enterprise sustenance, unless Sculley has learned the lesson HP has embraced: enterprise and consumer computer businesses should be run differently. In 60 days, Hewlett-Packard and HP will mean different things when the company recognizes the differences and splits.
August 26, 2015
Taking a Closer Look at 3000 Emulation
Emulation solutions have pro’s and cons. We caught up with Birket Foster this morning, after his company had suggested that emulation deserves a closer look. In our 8-minute podcast, I talked with him (over speakerphones on short notice, thank you) about how emulation really can be a solution to keep legacy applications vital. Companies, especially the small ones that still rely on MPE environments, want to protect their business investments. After all, investing in emulation solutions that can support your MPE legacy applications — well, it's critical to the future success of your organization. It can also be a key to greater efficiency, innovation and growth.
July 31, 2015
Zero day attacks: reports are dangerous, too
News has started to roil through the Android community about a fresh MMS attack vector for those devices, and last month reports rolled out about a similarly dangerous zero-day malware attack for Apple iOS. But what is zero day, and how can the news of these exploits be as damaging as the malware itself? Our security expert Steve Hardwick explains in this edition of Essential Skills, covering the non-3000 skillset for multi-talented MPE pros.
By Steve Hardwick, CISSP
Many computer users do not understand the term Zero Day and why it is so serious. To understand the term, it is first necessary to understand how an exploit works. In general, there are different types of exploits used on computers
1. Social attacks, phishing for example, which cause a user to unintentionally disclose information to a hacker.
2. Trojan horses, viruses that hide in otherwise legitimate applications. Once the legitimate application is launched, the Trojan horse releases the virus it contains.
3. Web attacks that trick users into divulging personal information using weaknesses in browsers and web server software
4. Application and OS attacks that use errors in the code to exploit the computer's programming
With the exception of the first category, these attacks rely on exploiting weaknesses in the underlying operating system and application code that runs on the computer. To be able to prevent this type of illicit access, the mechanism by which the malware is operating must first be understood. Therefore many researchers will examine operating code and look for these types of flaws. So will thousands of hackers. The challenge becomes how to mitigate such a vulnerability before it becomes a virus in the wild. That's where the Zero Day marker comes into play.The first, obvious response would be to fix the broken code. Although it sounds simple enough, it is not as straightforward as it seems. In order to prevent this type of condition occurring in the first place, software vendors will have development and test cycles that may take days or even weeks to complete. After all, it would not be good to develop a patch for one hole in the code only to create more. So it takes a finite period of time to detect the exploitation method the malware is using and then produce a patch that will fix the hole.
In many cases the research is done behind the scenes, and the security hole is fixed before it ever is exploited by hackers. In other cases a virus is spotted and the failure mechanism is already understood and a patch is in the works. For example, an application is compromised and the developer notices similar conditions can occur in other programs the software vendor produces.
Another response is to use anti-malware to protect against the threat. One of the main ways that anti-malware works is to look for signature patterns in downloaded or executing code. These patters are stored in a virus definition database. The supplier of the anti-malware solution will develop a profile of the malware and then supply a new definition to the database. As in the distribution of software patches, it takes time to define the profile, produce the signature definition, then test and distribute it. Only when the signature profile has been distributed is the computer system protected again
The time at which the malware is detected is called the zero day — as this starts the clock on the time between the detection and the distribution of the remedy. In the case of the software vendor, this would mean a patch for the broken code. In the case of the anti-malware vendor it is the time to provide the signature and deploy it.
The anti-malware vendor has the advantage that they are not supplying software to the machine. In many respects it is quicker to generate the signature and distribute it. For the software vendor there is the task of verifying that any new code does not affect the operation of the product, nor create any new vulnerabilities.
In either case, it is a race against time between the hackers on one side and the anti-malware or software vendor on the other. Furthermore, the end user is also in the fray. Whether it is a signature definition or a patch, the end user must download and install it. In many cases this can be automated, however, end users must have selected this option in the first place.
So when a zero day virus is announced, it means that the vulnerability has been made public and the software community needs to start to respond. There is a lot of debate as to the merits of announcing zero day exploits. There is concern that lower-skilled hackers will take advantage of the free research, and start to deploy viruses that exploit the disclosed vulnerability. The counter concern, as portrayed in the article about iOS cited at the beginning, is that the software vendor will not act on the research. No matter which side your opinion falls, it does not change the fact that a virus without a known cure is a very dangerous beast.
July 24, 2015
3000 world loses a point of technical light
Veteran engineer and developer Jack Connor passed out of worlds including the HP 3000's this month, dying at age 69 after a long career of support, volunteering, and generous aid to MPE users.
In a death notice posted on his local funeral chapel's website, Connor's story included Vietnam era military service, a drag racing record, and playing bass on Yummy, Yummy, Yummy, I Got Love In My Tummy, a single that went to No. 4 on the US charts. He had been the proprietor of a bar in Columbia, Missouri, known as Nasties, and a tea house in Columbus, Ohio, The Venus Fly Trap.
Connor played a role in the volunteer efforts for OpenMPE in the last decade. He was also the worldwide account manager for HP and DuPont in the 1970s and 80s, and the death notice reports he was involved in the first satellite uplink in history for commercial purposes. At the time of his death Connor was working at Abtech Systems and Support from Indiana, and at his own company, InfoWorks, Inc. In the months that followed HP's shutdown of its MPE lab, he created NoWait/iX, software that eliminated the wait for an HP technician to arrive, on a rush-charge time and materials call, to transfer an old HPSUSAN to a new 3000 CPU board.
NoWait/iX was intended for use "until HP can be scheduled on site at both HP and the customer’s convenience -- and not paying the emergency uplift charge," Connor said. "However, if a customer has a third-party tool which is no longer supported, or licensing is no longer available for an upgrade, NoWait/iX can operate indefinitely, returning the old information to that single product."
In the waning months of OpenMPE's activity, he chaired the board of directors and promoted the creation of a new Invent3k shared server. "Making Invent3K a repository for the community is the primary focus," he reported to us in 2011.
Connor was a frequent contributor of free tech savvy to the 3000 community, using the 3000 newsgroup as a favored outlet. Just this spring we relayed his advice about linking a 3000 with existing networks.What do I need to do on our MPE boxes to ensure that they will see new networking hardware? Does MPE cache the MAC address of neighbor gateways anywhere? I was thinking I needed to restart networking services, but I wasn't sure if anything more will be needed.
If you're taking it off the air for the network changes, I'd go ahead and close the network down until the work has completed and then reopen it. MPE will be looking for the IPs as it opens up. I know you can see the MAC addresses in NETTOOL, but I don't think they're of any import other than informational and for DTC traffic.
While serving on the OpenMPE board of directors, he also tracked down a data-at-rest security solution compatible with HP 3000s. 10ZiG's Security Group still sells the Q3 and Q3i appliances, one of which Connor put between a Digital Linear Tape device and a 3000. The results impressed him for a device that costs a few thousand dollars -- and will work with any host.
I tested an encryption box that sits between the DLT and IO card a year or so ago and it worked like a champ. It maintained streaming mode and all. However, it was in the $2,000-$3,000 range — and to be useful for a DR world, it would require two, so I haven't pursued actually recommending it.
He often helped out with IO and storage device questions in the 3000 community. For the Series 927LX, he noted that a DLT tape drive could be installed in the server that was designed in the early 1990s.
"This is not a problem as long as you have a free slot, or an open 28696A fast-wide card," he said. "I believe you need to be on MPE/iX 6.0 or 6.5 to go with a DLT8000. I'm sure a DLT4000 and probably a DLT7000 are okay." (The 28696A is a double-high interface device that permits the 927 to use HVD SCSI DLTs of 4000, 7000 or 8000 models.)
A simple search of the Newswire with "Jack Connor" turns up dozens of tips. Several 3000 veterans offered tributes in the wake of the Gary Robillard's news about Connor's passing. "He was a master at his trade," said Tracy Johnson.
"Jack was a great guy who would always help no matter the problem, time or distance," said Bill Long. "As I moved on to different companies Jack was always there to help. He did consulting work for us when I worked for a small semiconductor company in Newark DE. He wrote the exotic interfaces we needed. Just a few years ago he helped me when I was consulting for Dow Chemical and needed help with my in-home HP 3000."
"My dear friend and colleague, a frequent contributor to this list, passed away peacefully in his sleep after a long illness," Robillard wrote. "Words cannot express how greatly he will be missed by all who knew him."
On the tenth anniversary of HP's pullout notice for the 3000, Connor summed up his philosophy about helping in the MPE community. "I'd say we've all been a pretty good human chain holding the 3000 Community together," he said. "There's indeed life after HP, and a pretty full one so far."
He was laid to rest this past Sunday, and the obituary webpage included a link to the Van Morrison song "Into the Mystic," whose lyrics include these lines.
And when that fog horn blows I will be coming home
And when that fog horn blows I want to hear it
I don't have to fear it
I want to rock your gypsy soul
Just like way back in the days of old
Then magnificently we will float into the mystic
July 21, 2015
User group takes virtual tack for conference
A vendor with ties back to the 1980s of the HP 3000 world took several steps today into the new world of virtual user conferences. The education and outreach at the Virtual Conference & Expo came in part from Fresche Legacy, formerly Speedware, but it was aimed at that company's latest prospects: IBM Series i enterprises. Advances in long-form remote training, with on-demand replays of tech talks, gave the IBM COMMON user group members of today a way to learn about the IBM i without booking time away from workplaces.
The offerings on the day-long agenda included talks about vendors' tools, as well as subjects like "Access your IBM i in the modern world with modern devices." Customer-prepared talks were not a part of today's event; that sort of presentation has become a rare element in the conference experience of 2015. But some of the best HP 3000 talks at the Interex user group meetings came from vendors, lifted up from the ranks of users.
The virtual conference of today won't be mistaken for the full-bore COMMON Fall Conference & Expo of this fall. That's a three-day affair in Fort Lauderdale, complete with opening night reception and conference hotel rates at the Westin. A few days in Florida could be a perk for a hard-working IT manager, even in early October.
But the practices of remotely educating users about enterprise IT have become polished by now. Wednesdays in the 3000 world have often included a webinar from MB Foster, guiding managers in subjects like Application Portfolio Management or data migration. Those are more dynamic opportunities, with individuals on an interactive call using presentation software including a Q&A element. They also cover skills that are more essential to the migration-bound customers — although data migration skills promise great potential payback for any IT pro.But whether it's on-demand talks bolstered by chat requests at the COMMON event, or a phone and demo-slide package at a Wednesday webinar, training doesn't equal travel anymore. A three-day event would've looked small to the HP Interex user group member of the 1990s. Over the final years of that user group's lifespan, though, even a handful of days away to train and network at a conference became an on-the-bubble choice.
Making a migration from a legacy platform like the 3000 opens up the opportunity to increase the level of learning in a career. But even legacy computing like the IBM i can trigger reasons to train and explore fresh features. It's another reminder that what matters to a vendor is not necessarily the strength of a legacy server's ecosystem, but the stickiness and size of the installed base.
IBM's i still counts six figures' worth of installed customers, and many have links to other IBM systems. IBM could afford to take care of an established base of proprietary computer systems. The independent third parties like MB Foster and others that remained after HP exited have been left to care for 3000 users on the move, and otherwise.
July 20, 2015
The Weekend a User Group Went Lights-out
Ten years ago this week, the Interex user group went dark in both a digital and literal way. The organization that was launched 30 years earlier to serve HP 3000 customers took down its website, shuttered its servers, and shut out the lights to lock up its Sunnyvale, Calif. offices. A bankruptcy went into its opening days, one that would take more than two years to make its way into Federal Court. But the immediate impact was the loss of the tent-pole gathering for the 3000 community, that year's annual HP World conference.
Millions of dollars in hotel guarantees, prepaid advertising, and booth exhibitor rents went unpaid or unreturned. It was more than the loss of an event that had a 28-year history of joining experts with customers. The Interex blackout turned off a notable light that might've led to a brighter future for a 3000 community still looking for answers and contact with vendors and expertise.
Looking back from a decade later, signs were already evident for the sudden demise of a multi-million dollar organization with 100,000 members of some pedigree. Tens of thousands of those members were names in a database and not much more, places where the Interex tabloid HP World could be mailed to generate advertising revenues. A core group of users, devoted to volunteering and rich with tribal, contributed knowledge about HP's servers, was far smaller.
Interex was all-in on support and cooperation with the Hewlett-Packard of 2005, but only up to a point on a crucial user group mission. The group was glad to re-label its annual conference after the vendor, as well as that monthly tabloid. HP held the rights to both of those names once the group made that transition. There was an HP liaison to the group's board for decades. The key managers in the 3000 division made their first-person 2002 articles explaining HP's 3000 exit available to the Interex publications. Winston Prather wrote "it was my decision" on pages published by Interex.
But in 2004, HP sowed the seeds of change that Interex watered with a no-collaboration decision. User groups from the Digital VMS community agreed to cooperation with HP on a new user conference, one to be funded by HP. Interex's directors polled the member base and chose to follow an independent route. The Interex board would stick to its plans to exclusively produce the next HP World. Advocacy was at stake, they said, and Interex's leaders believed the group would need its own annual meeting to keep asking HP to do better.
HP began to sell exhibitor space for an HP Technology Forum against the Interex HP World booths. Just before the HP World San Francisco Moscone Center wanted its final payment — and a couple of weeks after exhibitors' payments were in hand — the tune the 3000 world heard was Boom-boom, out go the lights.The user group struggled to maintain a financial balance in the years following the Y2K ramp-up, according to one of its directors, an era when attendance at the group's annual shows fell steadily. Membership figures for the group, inflated to six figures in press releases during 2004, included a very broad definition of members. Hotels were reserved for two years in advance, with payments made by the group and still outstanding for millions of dollars.
One conference sponsor, Acucorp, was told by an Interex ad rep that the staff was led to the door. A user community labored mightily to recover contributed white papers, articles, and software from a company that was selling conference memberships right up to July 17.
Ten years ago on this very date, HP was already at work gathering up the orphaned attendees who held prepaid tickets and registrations as well as exhibitors with no show to attend. HP offered a complimentary, comparable registration to the Technology Forum for paid, registered attendees of HP World 2005. HP also offered discounted exhibition space at its Forum to "non-HP competitors" exhibiting at or sponsoring HP World 2005. If you were IBM, or EMC, and bought a booth at the Interex show, you had no recourse but to write off the loss.
The shutdown was not orchestrated with the cleanest of messages. Interex.org, a website archived hundreds of times by the Internet Wayback Machine since 1996, posted a report that was the equivalent of a busy signal.
It is with great sadness, that after 31 years, we have found it financially necessary to close the doors at Interex. Unfortunately our publications, newsletters, services and conference (HPWorld 2005) will be terminated immediately. We are grateful to the 100,000 members and volunteers of Interex for their contributions, advocacy and support. We dearly wish that we could have continued supporting your needs but it was unavoidable.
Within a week, planning from the 3000 user community was underway to gather together any customers who were going to the HP World venue of San Francisco anyway -- since they were holding those nonrefundable tickets, or had already paid for hotel rooms.
Companies go broke every day, victims of poor management, bad luck, or unavoidable catastrophe. Few organizations can avoid closing, given enough time. But for a founding constituency that based its careers on a server that rarely died, the sudden death of the group that'd been alive as long as the 3000 was striking, sad — and a mark of upcoming struggles for any group built to serve a single vendor's customer base. Even a decade earlier, according to former Interex chair Jane Copeland, a proposal to wrap up the group's mission was offered in an ever-growing heterogenous computing world.
“When I left, I said they ought to have a dissolution plan,” said Copeland, owner of API International. “The former Executive Director of Interex Chuck Piercey and I tried to get the board to do it — because we didn’t see the purpose of a vendor-specific group in an open systems market.”
A change in HP’s CEO post sealed the user group’s fate, she added. The arrival of Carly Fiorina shifted the vendor’s focus away from midrange computer users such as HP 3000 and HP 9000 customers.
“I think HP is probably the cause of this more than anything,” Copeland said. “As soon as [CEO] Lew Platt left HP, that was the end of Interex. Carly Fiorina wasn’t interested in a user group. She just wasn’t user-oriented. Before Fiorina, HP had one of the most loyal customer bases in the industry. She did more to kill the HP brand than anyone. She killed it in such a way that the user group’s demise was guaranteed as soon as her reorganization was in place. She didn’t want midrange systems. All she was interested in was PCs.”
Another HP 3000 community member saw HP's declining interest in the server as a signal the user group was living on borrowed time. Olav Kappert, whose IOMIT International firm has served 3000 customers for nearly 30 years, said HP looked eager to stop spending on 3000-related user group events.
"HP would rather not spend another dime on something that has no future with them,” he said. “It will first be SIG-IMAGE, then other HP 3000 SIGs will follow. Somewhere in-between, maybe even Interex will disappear."
July 16, 2015
Bringing the 3000's Languages Fourth
Documenting the history and roots of IMAGE has squirted out a stream of debate on the 3000 newsgroup. Terry O'Brien's project to make a TurboIMAGE Wikipedia page includes a reference to Fourth Generation Languages. His sentence below that noted 4GLs -- taken as fact by most of the 3000 community -- came in for a lively debate.
Several Fourth Generation Language products (Powerhouse, Transact, Speedware, Protos) became available from third party vendors.
While that seems innocent enough, retired 3000 manager Tom Lang has told the newsgroup there's no such thing as a Fourth Generation of any computer language. "My problem with so-called Fourth Generation Languages is the use of the term 'Language' attached to a commercial product," he wrote. The discussion has become a 59-message thread already, threatening to be the longest discussion on the newsgroup this year.
Although the question doesn't seem to merit debate, it's been like catnip to some very veteran developers who know MPE and the 3000. The 4GL term was probably cooked up by vendors' product managers and marketing experts. But such languages' value did exceed third generations like COBOL. The term has everything to do with advancing developer productivity, and the use of generations was an easy way to explain that benefit.
In fact, Cognos -- the biggest vendor of 4GLs in the 3000 world -- renamed its Powerhouse group the Advanced Development Tools unit, using ADT instead of 4GL. This was largely because of the extra value of a dictionary associated with Powerhouse. The dictionary was offered up as a distinction of a 4GL by Birket Foster. Then Stan Sieler, who's written a few compilers including SPLash!, a refreshed version of the 3000's SPL, weighed in with some essentials.One way to measure a language is to see if it's got a BNF (Backus Normal Form), one of two main notation techniques for context-free grammars. According to Wikipedia -- that resource again -- a BNF "is often used to describe the syntax of languages used in computing, such as programming languages." Sieler said that the refreshed SPLash! had a BNF for awhile. Then it didn't. And really, languages don't need one, he added.
The list of the 3000's 4GLs is not a long one. HP dubbed Allbase as a 4GL at the same time that name signified a 3000 database alternative. It was a tool to develop more rapidly, HP said. Transact appears on some 4GL lists for MPE, but it's more often called a 3.5 GL, as is Protos. Not quite complete in their distinctions, although both have dictionaries. These languages all promised speed of development. They rose up in an era when object-oriented computing, with reusable elements, was mostly experimental.
Foster explained what made a 4GL an advanced tool.
The dictionary made the difference in these languages, allowing default formatting of fields, and enforcing rules on the data entry screens. I am a sure that a good Powerhouse or Speedware programmer can out-code a cut and paste COBOL programmer by about 10 to one. It also means that a junior team member is able to code business rules accurately, since the default edits/values come directly from the dictionary, ensuring consistency.
Sieler outlined what he believes makes up a language.
We all know what a 4GL is, to the extent that there’s a ’cloud’ / ’fuzzy shape’ labelled “4GL” in our minds that we can say “yes or no” for a given product, program, language, 4GL, package, or tarball. And we know that Speedware, etc., fit into that cloud.
Does a language have to have a published grammar? (Much less one published by an international standards organization?) Hell no! It’s better if it does, but that’s not only not necessary, but the grammar is missing and/or incomplete and/or inaccurate for many (probably most) computer languages, as well as almost all human languages (possibly excluding some post-priori languages). I speak as a compiler author of many decades (since about 1973).
Our SPLash! language (similar to HP’s SPL/V) had a BNF — at the start. (Indeed, we think we had the only accurate BNF for SPL/V.) But, as we added things to the language, they may or may not have been reflected in the BNF. We tried to update the manual, but may not have always been successful … if we got the change notice updated, I was happy.
Adding the word "product" behind 4GL seems to set things in perspective. O'Brien offered his summary of the 3000's rapid languages.
Speedware, Powerhouse, and Protos all had components (Powerhouse Quick, Speedware Reactor) that had a proprietary language syntax that offered Assignment, IO, and Conditional Logic. As such, they meet the minimum requirements to be referenced as a computer language. TurboIMAGE has a syntax for specifying the database schema, but does not have any component that meet the IO, Assignment, Conditional Logic, so it does not meet the minimum requirements.
Speedware and Powerhouse have had similar histories, both offered as ADT products. But the companies that control them have diverged in their missions. PowerHouse is now owned by Unicom Systems. Speedware's focus is now on legacy modernization services and tools, although its own 4GL is still a supported product.
There's an even more audacious tier of languages, one that the HP 3000 never saw. Fifth-generation languages, according to Wikipedia, "make the computer solve a given problem without the programmer. This way, the programmer only needs to worry about what problems need to be solved and what conditions need to be met, without worrying about how to implement a routine or algorithm to solve them." Prolog is one example of this fifth generation. But even Wikipedia's editors are wary of bringing forth a fifth generation.
July 15, 2015
How to Keep Cloud Storage Fast and Secure
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In our series of Essential Skills, we cover the non-3000 skillset for multi-talented MPE pros.
By Steve Hardwick, CISSP
One of the many cloud-based offerings is storage. It moves data from the end device to a remote server that hosts massive amounts of hard disk space. While this saves local storage, what are some of the challenges and risks associated with the type of account?
Cloud data storage applications have been compromised through different weaknesses. Firstly, there is the straight hack. The hacker gains administrative access into the server containing the data and then can access multiple user accounts. The second one is obtaining a set of usernames and passwords from another location. Many people use the same usernames and passwords for multiple accounts. So a hack into an email server can reveal passwords for a cloud storage service. What are the ways to defend against this level of attack?
Encryption is always a good option to protect data from unauthorized users. Many service providers will argue that they already provide encryption services. However, in a lot of cases this is what is called bulk encryption. The data from various users is bundled together in a single data store. Then the whole data store is encrypted with the same password. This gives a certain level of protection, for example of the disk is stolen. But, if administrative access is gained, these systems can be compromised. A better solution is to choose a service that offers encryption at the account level.Another option is to encrypt the data before it is stored.This is probably the safest method, as the encryption application is not part of the cloud server, and neither is the password. There is a penalty of performance and time in creating and restoring the file, as it has to be encrypted/decrypted. Today's computer systems normally make short work of this task.
Finally, there is a common misconception that an encrypted file is bigger than the original. For good encryption they should be about the same size. The only challenge with any encryption is to make sure the password is safe.
If you use the same username and password, the best solution is not to do it. But the difficulty is having 20 different usernames and passwords and remembering them all. One option is to let the browser do the remembering. Browsers have the option of remembering passwords for different websites. The browser creates its own local store of the passwords. However, if the computer's hard drive crashes, so does the password storage.
The next option is to use an on-line password account. The bad news is that they have the same weakness as other types of on-line storage. LastPass was recently hacked, so many users were worried that their password lists were compromised. I use a password vault that locally encrypts the vault file. That file can then be stored in online data storage safely. Plus, if you chose the right password application, the vault is shared across multiple devices. This way, different accounts and passwords can be used for each account and still be available from a secure, but available location.
Online storage, offline access
Most of the time many of us have access to the cloud. But there are times when I would like to have access to my data, but I don't have Internet access. The best example of this is on the plane. Although Internet service is available on many planes, not everyone has access. So it is good to choose a service that has a client application to synchronize the data. This will allow copies of the same file to be kept locally and in the cloud. This can be important when looking at mobile solutions.
In many cases, mobile storage is preserved by moving the data into an online storage location. Storing all the music files in the cloud, and then finding that they are not available offline, can be very infuriating on a plane ride.
Compression to be free
Free storage on-line services are limited to a set amount of storage. One way to get around this is to use data compression. Most raw data files can be compressed to some extent. But bear in mind that most media formats, such as mpeg, mp4, or jpeg, have already been created using compression. Many other files, though, can be compressed before they are stored. Some applications — for example back-up apps — will give the user a choice to compress the file before it is stored. Not only does this reduce the amount of space the data takes in the online storage, it is also faster to upload and download.
July 13, 2015
Celebrating a 3000 Celebrity's (im)migration
Eugene Volokh is among the best examples of HP 3000 celebrity. The co-creator of MPEX (along with his father Vladimir) entered America in the 1970s, a Jewish immigrant who left Russia to arrive with his family as a boy of 7, destined for a notable place on America's teeming shores.
Those teeming shores are associated with another American Jew, Anna Lazurus, whose poem including that phrase adorns a wall of the Statue of Liberty. More than 125 years of immigrants have passed by that monument, people who have created some of the best of the US, a fact celebrated in the announcement of this year's Great Immigrants award from the Carnegie Corporation. Eugene is among the 38 Pride of America honorees appearing in a full-page New York Times ad (below, in the top-right corner) from over the Independence Day weekend.
Those named this year include Saturday Night Live's creator Lorne Michaels, Nobel laureate Thomas Sudhof, and Pulitzer Prize novelist Geraldine Brooks, along with Eugene -- who's listed as a professor, legal scholar, and blogger. All are naturalized citizens.
Eugene's first notable achievement came through his work in the fields of MPE, though, computer science that's escaped the notice of the Carnegie awards board. Given that the success of Vesoft (through MPEX and Security/3000) made all else that followed possible, a 3000 user might say that work in MPE brought the rest of the legal, scholarly, and blogging (The Volokh Conspiracy) achievements within his grasp.An entry in the Great Immigrants website sums up what's made him an honoree:
A law professor at the UCLA School of Law, Eugene Volokh is cofounder of the blog, The Volokh Conspiracy, which runs on the Washington Post’s website (which is independent of the newspaper). Before joining UCLA, where he teaches a myriad of subjects, including free speech law and religious freedom law, Volokh clerked for Justice Sandra Day O’Connor on the U.S. Supreme Court. Volokh was born in Kiev, Ukraine, when it was still part of the Soviet Union, and immigrated to the United States at age seven.
It's not difficult to find Eugene in the firmament of the American culture, with articles in the Post, the New York Times op-ed page, and interviews on TV networks and National Public Radio. But each time a 3000 user starts up MPEX, they light up the roots of somebody who migrated long ago, in an era when the 3000 itself was a migration destination, a refuge from the wretched existence of mainframes. We pass on our congratulations.
June 17, 2015
Passwords, MPE, and Security Flaws
Editor's note: in the past 24 hours the world has faced another breach of the LastPass security database, putting hundreds of thousands of passwords at risk. LastPass assures all of its users their passwords are secure after the breach — but change your master password anyway, they add. This makes it a good time to revisit security practices as they relate to the HP 3000 (thanks to Vesoft's Eugene Volokh) as well as our resident security expert Steve Hardwick. Sound advice stays fresh.
More than 30 years ago, VEsoft's Eugene Volokh chronicled the fundamentals of security for 3000 owners trying to protect passwords and user IDs. Much of that access hasn't changed at all, and the 3000's security by obscurity has helped it evade things like Denial of Service attacks, routinely reported and then plugged for today's Unix-based systems. Consider these 3000 fundamentals from Eugene's Burn Before Reading, hosted on the Adager website.
Logon security is probably the most important component of your security fence. This is because many of the subsequent security devices (e.g. file security) use information that is established at logon time, such as user ID and account name. Thus, we must not only forbid unauthorized users from logging on, but must also ensure that even an authorized user can only log on to his user ID.
If one and only one user is allowed to use a particular use ID, he may be asked to enter some personal information (his mother's maiden name?) when he is initially added to the system, and then be asked that question (or one of a number of such personal questions) every time he logs on. This general method of determining a user's authorizations by what he knows we will call "knowledge security."
Unfortunately, the knowledge security approach, although one of the best available, has one major flaw -- unlike fingerprints, information is easily transferred, be it revealed voluntarily or involuntarily; thus, someone who is not authorized to use a particular user id may nonetheless find out the user's password. You may say: "Well, we change the passwords every month, so that's not a problem." The very fact that you have to change the passwords every month means that they tend to get out through the grapevine! A good security system does not need to be redone every month, especially since that would mean that -- at least toward the end of the month -- the system is already rather shaky and subject to penetration.
There's a broader range of techniques to store passwords securely, especially important for the 3000 owner who's moving to more popular, less secured IT like cloud computing. We've asked a security pro who manages the pre-payment systems at Oxygen Financial to share these practices for that woolier world out there beyond MPE and the 3000.
By Steve Hardwick, CISSP
There has been a lot in the news recently about password theft and hacking into email accounts. Everything needs a password to access it. One of the side effects of the cloud is the need to be able to separate information from the various users that access a centrally located service. In the case where I have data on my PC, I can create one single password that controls access to all of the apps that reside on the drive plus all of the associated data.There is a one-to-one physical relationship between the owner and the physical machine that hosts the information. This allows a simpler mechanism to validate the user. In the cloud world it is not as easy. There is no longer a physical relationship with the user. In fact a user may be accessing several different physical locations when running applications or accessing information. This has led to a dramatic increase in the number of passwords and authentication methods that are in use.
I just did a count of my usernames and passwords and I have 37 different accounts (most with unique usernames and password). Plus there are several sites where I use the same usernames and password combinations. You may ask why are some unique and why are some shared. The answer is based on the risk of a username or password be compromised. If I consider an account to have a high value, high degree of loss/impact if hacked, then it gets a unique username or password.
Email accounts are a good example. I have a unique username and password for my five email accounts. However, I do have one email account that is reserved solely for providing a username for other types of access. When I go to a site that requires an email address to set up an account , that is the one I use. Plus, I am not always selecting a unique password. The assumption is that if that username and password is stolen, then the other places it can be used are only other web site access accounts of low value. I also have a second email account that I use to set up more sensitive assess, google drive for example. This allows me to limit the damage if one of the accounts is compromised, and so I don't end up with a daisy chain of hacked accounts.
So the next question is how do you go about generating a bunch of passwords? One easy way is to go into your favorite search engine and type in password generator. You will get a fairly good list of applications that you can use to generate medium to strong passwords. But what if you don't want to download an application -- what is another way?
When I used to teach security this was one trick I would share with my students. Write a list of four or five short words that are easy to remember. Since my first name is Steve we can use that. This of four or five short number 4-5 digits in length 1999 for example. Now pick a word and number combination and intersperse the numbers and letters S1t9e9v9e would be the result of Steve and 1999. Longer words and longer numbers make strong passwords – phone numbers and last names works well. With 5 words and 5 numbers you get 25 passwords. One nice benefit of this approach comes when you need to change your password. Write the number backwards and merge the word and data back together.
Once you have created good passwords, your next challenge is how to remember them all. Some of the passwords I use I tend to remember due to repetitive use. The password for logging into my system is one I tend to remember, even through it is 11 characters long. But many of my passwords I use infrequently -- my router for example, and many have the “remember me” function when I log on.
What happens when I want to recall one of these? Well the first thing is not to write them down unless you absolutely have to. You would be amazed how many times I have seen someone password taped on the underside of their laptop. A better option is to store them on your machine. How do you do that securely?Well, there are several ways.
One easy way is to use a password vault or password manager. This creates a single encrypted file that you can access with a single username and password. Username and password combinations can then be entered into the password vault application together with their corresponding account. The big advantage is that it is now easy to access the access data with one username and password.
The one flaw: what happens if the drive crashes that contains the vault application and data? If you wanted to get started with a password vault application, InfoWorld offered a good article that compares some leading products.
Another option is to roll your own vault services. Create a text file and enter all of your account / username / password combinations. Once you are done, obtain some encryption technology. There are open source products -- truecrypt is the leader -- or you can use the encryption built into your OS. The advantage of using open source is that it runs on multiple operating systems. Encrypt the text file by using your software. Take caution to not use the default file name the application gives you, as it will be based on your text file name.
Once you have created your encrypted file from the text file, open the text file again. Select all the text in the file and delete it. Then copy a large block of text into the file and save it (more then you had with the passwords). Then delete the file. This will make sure that the text file cannot easily be recovered. If you know how to securely delete the file do that instead. Now you can remotely store the encrypted password file in a remote location, cloud storage, another computer, USB drive etc. You will then have a copy of your password file you can recover should you lose access to the one on your main machine.
Now, if you do not want to use encryption, let's look at why not. Well, most programs use specific file extensions for their encrypted file. When auditing, the first thing I would look for is files with encryption extensions. I would then look for any files that were similar in size or name to see if I could discover the source. This includes looking through the deleted file history.
The other option is steganography, or stego for short. The simple definition is the ability to bury information into other data – for example, pictures. Rather than give a detailed description of the technology here, take a look at the Wikipedia page. There is also a page with some stego tools on it . For a long time my work laptop had a screen saver that contained all my passwords. I am thinking of putting a picture up on Facebook next.
Here are a few simple rules on handling multiple passwords
1. Try and use uniques usernames and password for sensitive account. You can use the same username password combination for low sensitive accounts.
2. Run through an exercise and ask yourself, what happens if this account is hacked. So don't use the same username and password for everything.
3. Do not write down your passwords to store them.
4. Make sure you have a secure backup copy of your passwords; use encryption or steganography.
If you want to do some extra credit reading on passwords, there are two good references out there and they are free. The National Institute of Standards and Technologies has a library on security topics that is used by the federal government., a good publication on passwords.
The SP 800-118 DRAFT Guide to Enterprise Password Management focuses on topics such as defining password policy requirements and selecting centralized and local password management solutions.
Steve Hardwick is the Product Manager at Oxygen Financial, which offers advanced payment management solutions. He has over 20 years of worldwide technology experience. He was also a CISSP instructor with Global Knowledge for three years and held security positions at several companies.
June 08, 2015
In 20th year, NewsWire digital turns 10 today
A decade ago today, this blog received its first post. On June 8 of 2005, a death in the 3000's family was in the news. Bruce Toback, creator of several 3000 software products and a man whose intellect was as sharp as his wit, died as suddenly as HP's futures for the HP 3000 did. I wrote a brief tribute, because Toback's writing on the 3000-L made him a popular source of information. His posts signed off with Edna St. Vincent Millay's poem about a candle with both ends alight, which made it burn so bright.
I always thought of Bruce as having bright ends of technical prowess along with a smart cynicism that couldn't help but spark a chuckle. His programming lies at the heart of Formation, a ROC Software product which Bruce created for Tymlabs, an extraordinary HP software company here in Austin during 1980s and early 90s. Toback could demonstrate a sharp wit as well as trenchant insight. From one of his messages in 2004:
HP engineer [about a Webcast to encourage migration]: During the program, we will discuss the value and benefits of Transitioning from the HP e3000 platform to Microsoft's .NET.
Bruce: Oh... a very short program, then.
In the same way Toback's candle burned at both ends, I think of this blog as the second light we fired up, a decade after the fire of the NewsWire's launch. Up to this year we burned them both. Now the blog, with its more than 2,600 articles and almost 400,000 pageviews, holds up the light for those who remain, and lights the way for those who are going. This entry is a thank-you for a decade of the opportunity to blog about the present, the future, and the past.
We always knew we had to do more than give the community a place to connect and read what they believed. We're supposed to carry forward what they know. The NewsWire in all of its forms, printed and digital, is celebrating its 20th year here in 2015. A decade ago our June 2005 blogging included a revival of news that's 20 years old by now. It's news that's still can still have an impact on running a 3000 today.In the blog's first month of 2005, I wrote
"HP 3000 enhancements can travel like distant starlight: They sometimes take years to show up on customer systems. A good example is jumbo datasets for the 3000's database. Jumbos, the 3000's best tool for supporting datasets bigger than 4GB, first surfaced out of HP's labs in 1995, just when the NewsWire was emerging. We put our news online in the months before we'd committed to print, and our report of September 1 had this to say."
HP will make the enhancement available as part of its patch system, bypassing the delay of waiting for another full release of MPE/iX. But there are already discussions from the HP 3000 community that a more thorough change will be needed before long — because 40-gigabyte datasets someday might not be large enough, either.
"Why care about 20- or 10-year-old news? Because the 3000 has such a long lifespan where it's permitted to keep serving. In the conservative timeline of 3000 management, jumbos were the distant starlight, only becoming commonplace on 3000s a decade later. Jumbos are finally going to get eclipsed by LargeFile datasets. HP's engineers say their alpha testing to fix a critical bug in LFDS is going well."
"Like the jumbos before them, LFDS are also going to get a slow embrace. How slowly did jumbos go into production systems? Five years after jumbos first emerged, John Burke wrote in our net.digest column "it is hard to tell about the penetration of jumbo datasets in the user community beyond users of the Amisys application." His column also offered some tips on using jumbos, even while database experts in the community continued to lobby for a way to build larger files."
That reporting in 2005 marked the first time in a decade that 3000 customers could build a dataset as big as they needed. Up until then, LFDS had not been recommended for 3000 customers except in experimental implementations.
The nature of the 3000 community's starlight made a 10-year-old enhancement like jumbos current and vital. Alfredo Rego of Adager once said that his database software was designed like a satellite, something that might be traveling for decades or more and need the reliability of spacecraft to go beyond the reach of support transmissions. HP's signal for 3000s has died by now. We hope to repeat signals, as well as report, for more than another decade, onto the cusp of MPE's calendar reset of 2027. Thanks for receiving these transmissions.
May 20, 2015
Discovering HP's Futures
In a couple of weeks HP computer users will gather for an annual conference in North America. For the past five years, the meeting has been called HP Discover. This year's event is promising to show off visions of the future. Pictures of stalwart enterprise community members will be harder to find.
Among the HP technologies developed as computing environments, only HP's Unix will have a Special Interest Group Forum at the June 2-4 conference. Searching the sessions database for the letters VMS -- pretty special to the Digital customers that HP preferred to serve futures to versus 3000 sites -- yields no hits. If VMS is being discussed at HP Discover, it's likely to be just a topic on the floor.
Stromasys will be on that floor, talking about several platforms whose HP futures have already or will soon enough expire. Charon HPA, emulating the HP 3000 hardware, as well as virtualization products for the Digital systems and even Sun's Solaris computers will be demonstrated. Sarah Smith of Stromasys says it's a regular stop in the company's itinerary.
"At the booth we'll be doing demos of Charon," she said. "We've been going for years. VAX, Alpha, and PDP were all DEC products, so we talk about all of them at Discover."
Meanwhile, HP will be talking about many commodity solutions along with The Machine, its project to deliver six times more power than current computer systems on 1.25 percent of the energy. Its big idea is universal memory, driven by the elusive memristor HP first began discussing in 2008. Universal memory is as inexpensive as DRAM, as speedy as static RAM, as non-volatile as flash memory, and infinitely durable. The Machine is an HP Labs project reputed to have requisitioned 75 percent of the Labs' resources. Its delivery date is far enough out in the future that hearing about its potential is still just about all anybody expects this year, or next.The HP North American shows were once all about users, and then after awhile, all about the products the vendor had delivered and were in use in the field. The HP 3000 slipped out of the session list at HP Discover around 2010, and now the VMS platform hasn't qualified for as much time as The Machine. The conference does gather a nice sheaf of customers to go along with a thicket of HP staff. Even before the show was renamed from the HP Tech Forum, it had tilted toward sales-to-customer events with more than a few NDAs to keep out the riff-raff.
HP Innovation Brought to Life in Film will tell attendees they can "Get a glimpse into some of the revolutionary technologies HP is tackling that address the most complex challenges and opportunities for our customers and our society in the next decade and beyond." There's not much point in setting out session times for an hour on something like improving performance of an HP-specific database, because by now such a thing has dropped off HP's discovery map. That's 20th Century computing, anyway.
But despite the habit of eschewing topics like VMS, MPE, and other HP legacy creations, the company hasn't lost its taste for invention altogether. A panel of HP Labs researchers will offer "a closer look at what it takes to make The Machine change everything we know about computing. This radical new approach will fuse memory and storage, flatten data hierarchies, bring processing closer to data, embed security throughout the hardware and software stacks and enable management of the system at scale."
There was a time when HP's chalk talk about such a product would only have emerged when the product shipped, or at least was priced. When the first HP 3000 Spectrum systems -- the PA-RISC emulated by Charon -- slipped into release, the HP Journal ran tech articles on how they were breaking ground. Aiming at a high bar like "changing everything we know about computing" sounds a lot like a concept film of the 1980s or 1990s HP. Great fun, but perhaps not as immediately useful as the networking within a SIG Forum. At least HP-UX still has that much to count upon in two weeks' time.
May 18, 2015
Portfolios That Make a Path to the Future
Wednesday afternoon (2 PM Eastern time, US) MB Foster is educating IT managers on the business case for using Application Portfolio Management. (Register here for the free event.) APM has gained a lot of traction in boardrooms and the places where analyst reports score points.
Gartner's researchers report that "Application portfolio management is critical to understanding and managing the 40-80 percent of IT budgets devoted to maintaining and enhancing software." HP 3000 managers, and especially those who are on the move to a new computing path, understand how much of their work has always gone into extending and repairing apps that make a difference.
Foster's team says that APM "changes the way you manage IT assets. Without proper visibility, IT executives can never be sure that they are investing appropriately by acquiring enhancing or retiring, the right application at the right time. Without visibility, APM is simply impossible without an ongoing view of IT investments."
In this Wednesday's webinar, Birket Foster will highlight the business case for APM, and outline "where you should start, mapping your portfolio, building a score card, examining business and technical fit, understanding benefit and risks and other subject related content." Foster's been talking about APM for more than 10 years, just about the whole time 3000 migrations have been in play.
APM can begin by delivering a means to increase the visibility of HP 3000 apps. And if that MPE visibility leads to a more energized transition plan — because now the executive management sees how vital the MPE/iX application is to meeting company goals — that's a good thing as well.Retiring out with the HP 3000 has been an option for some managers. But for many others, outlasting the server is becoming a genuine challenge. Leaving a legacy as an IT pro, instead of just the 3000 expert, is a way to revitalize a career.
You have to know how to treat applications as assets, to frame software as if it's as essential as cash on hand for a company. APM doesn't get cited much by the 3000 manager who's worked as a technologist to deliver value to a company. This is the business side of business computing. Learning more about that side gives a manager a greater skill set. Best of all, these practices make it easier to justify IT acquisition and expansion and yes, even a migration with its profound expenses.
Foster says that IT organizations and technology leaders are missing out on an opportunity to reduce IT costs, optimize applications, and deliver value back to the business. "With a bottom-up analysis for top-down decisions, IT departments move from an unclear inventory of applications with limited understanding of each, to a defined inventory with actionable information on the business value and technical condition of each application."
IT wants executive management to understand the condition of applications, built, bought, or accumulated through M&A, as well as how the apps affect and grow the business, and how they affect the bottom line and future budgets. APM can show what skills are required to manage and maintain the portfolio, and where succession planning plays a role.
May 13, 2015
Deciding Which Cloud Cabin To Ride
Trends in IT management are pushing server management into co-located and cloud-based service providers. If a path toward migration seems to lead toward services rather than servers, there are some developments to note while choosing a place to relocate the apps on critical servers.
Amazon is the leader in the cloud computing space with its AWS business. But just until recently, the world didn't know specifics of how well AWS was earning. It turns out that cloud services are one of the few Amazon products making a generous profit. And the existence of profits goes a long way toward protecting the future of any product or service. The 3000 is supposed to have crossed over from profitable to not so during the period after Y2K.
Once the system's projected revenue line dipped below the projected expense line, at that point you could say even those inside HP considered MPE servers a dead product. It didn't happen until after that Year 2000 bubble, though. The HP 3000 owner, having experienced this, will be wary of any single point of solution failure.
AWS is well above such a line. Other companies, such as HP, are not breaking out their cloud business results. But HP is making a point of promoting its latest HP Discover conference around the cloud concept. You can even ride in a cloud, the vendor promises, next month in Vegas.AWS owned more than 25 percent of the cloud infrastructure revenues during 2014, according to the Synergy Research Group. It's such a dominant share that the closest competitor, Microsoft, has only 10 percent, and IBM has 7. Rackspace, a preferred solution for the Charon virtual 3000 solution, comes in at 3 percent. HP's at under 1 percent, one of a host of companies who make up almost half of what's left over.
How big is cloud at AWS? Amazon said it had revenue of $1.57 billion during the first three months of the year. The company said its operating income from AWS was $265 million. Nothing that HP builds returns that kind of profit, except ink and paper.
But at the Discover show in Las Vegas, attendees can win "a VIP ride in the cloud on the High Roller with Connect and Ingram Micro on June 2, 2015. Join us as we journey 550 feet into the cloud over the beautiful Las Vegas landscape while networking and enjoying the ride."
Amazon is going to sell more than $5 billion in cloud services this year, by the company's reports. HP's still calling cloud computing "the new style of IT," and the strategy is pretty new to the IT director who's been managing local and networked servers for several decades. The Hewlett-Packard view from the clouds will include a Special Interest Group meeting for cloud computing during the June 2-4 show.
Hewlett-Packard has announced that it will spend $1 billion by the end of next year to help its customers build private cloud computing. Private clouds will need security, and they'll begin to behave more like the HP 3000 world everybody knows: management of internal resources. The difference will reside in a standard open source stack, OpenStack. It's not aimed at midsize or smaller firms. But aiding OpenStack might help open some minds about why clouds can be simple to build, as well as feature-rich.
May 04, 2015
Candidate Carly looms like 3000 migrations
3000 community pundits and veterans will say Hewlett-Packard's pushing the server off its price lists was inevitable. Today that migration slog seems to hold the same charms as the just-announced candidacy of the HP CEO during that era: Carly Fiorina.
Announcing her run for the presidency will assure Fiorina of much attention, from the requisite Secret Service detail to a raft of coverage about being a female candidate running against another inevitability, Hillary Clinton. The attention will continue to mount upon her term at the HP helm, though, a period that even her fellow Republicans struggle to present as a success.
The similarities between government politics and tech business politics are now in the spotlight, though. Computerworld was writing a story about the intersection today.
Regarding the US presidency, citizens and voters can't go back for more Barack Obama. The 3000 owners couldn't go back for more servers after HP stopped making the computers in 2003, either. Everybody must move on from our current president, just like Fiorina's HP forced the 3000 owners to move away. So very many have moved. But so very few are using any HP product to replace their 3000 operations.
Showing off the hubris that would be echoed in her other attempts, first business and then political, Fiorina's HP alleged in 2002 that more than 4 of 5 customers would be off MPE within four years. Counting the unfinished or un-funded migration projects, close to 4 in 5 customers remained on MPE and the 3000 when that four-year-deadline rolled past. It was more complicated to curtail 3000 computing, just like it'll be complicated for Fiorina to paint her 5-plus HP years as a success.
But that doesn't mean she won't try. However, as the San Jose Mercury News wrote in an editorial, “She takes the Silicon Valley motto that it’s ‘OK to fail’ a tad too literally.” The paper's calling for more women in politics – except Carly Fiorina. The 3000 community only seems to embrace Fiorina's latest political jitney romp as an alternative in the last resort to a Hillary Clinton presidency.
"Killing the HP 3000 was a small pittance compared to the disaster she did to HP," said EchoTech's Craig Lalley today. "No, I would not vote for Carly. But then again, if the two final candidates are Carly and Hillary..."Fiorina has inspired vitriol that remains vivid a decade after she left HP. It's hate for unneeded change coming from her detractors among HP customers. "I'd hate to think of her doing to the country what she did to HP," said Ted Johnson on the 3000 newsgroup this afternoon.
Johnson was one of many around the country today who pointed to a carlyfiorina.org web page that was filled with frowning emoticons. 30,000 of them, the number that Michael Link, assistant director of digital strategy at the Service Employees International Union, says Fiorina laid off at HP. Link adds that Fiorina said she'd only change one thing about those layoffs today: "I would've done them all faster."
A story in the Guardian said the oversight of grabbing such an obvious domain could hurt Fiorina's fundraising.
A campaign team that fails to purchase all permutations of its candidate’s name as even a potential redirected domain is not likely to have repercussions with voters directly, said Peter Shankman, a marketing expert and author of the book Zombie Loyalists. But it might be a more serious problem for backers trying to decide which horse to bankroll in the upcoming election.
“The people who are donating money will look at that as a clear warning sign,” he said. “It’s like spelling something wrong on a cover letter or a resume.”
3000 reseller John Lee said, "If I recall correctly, she didn't kill the 3000, one of her predecessors did. She could have revived it though. Instead, she bought Lear Jets and Compaq. And then tried to follow IBM and Perot Systems by forming a Services group?"
The jets were a sore thumb of a reality, but killing off the 3000 did happen on Fiorina's watch. She joined the company in the summer of 1999, when the vendor was still on the cusp of carrying the 3000 across the Y2K chasm. No killing of 3000s was done deliberately in a period when every customer was shouldering a bigger IT budget, and dot-coms were elevating customer count.
Fiorina claims that HP was a laggard in the computer industry when she arrived, but the company has the ninth-oldest web domain in the world. Where the company lagged was in low-profit computer sales. The Compaq buy-up took care of that lag, even while it drove off those tens of thousands of employees.
Amid the reports on the reality of Fiorina's tenure — a time when HP nearly doubled its revenue but saw its profits drop by one-third, a time when she was sued by both the board of directors as well as the son of HP founder Bill Hewlett — there's some gallows humor afoot, too. HP was big on ending the 3000 while she served, after all.
"I'm ready to know this," said one 3000 manager who didn't want his name used. "When does Carly announce the End of Life for her bid?"
April 22, 2015
Essential Skills: Avoiding A King's Ransom
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for multi-talented MPE pros.
In a recent message on a 3000 developer mailing list, one MPE expert warned of the most common malware attack of 2015: Ransomware. "This is probably the most likely thing to happen to your computer if you click on the wrong thing today," Gavin Scott reports.
It's a nearly perfect criminal scheme.You get the malware on your system and it encrypts all files of value with a randomly generated key, and directs you to send $300 in bitcoin to them in order to get the encryption key to get your files back. It will encrypt every drive it can get access to, so a lot of people get their backups infected in the process of trying to recover. If you pay the $300, then by all reports they do give you the key, you get all your files back, and they don't bother you again. They even direct you to bitcoin ATM companies who reportedly spend much of their time these days providing technical support — to help Grandma operate the bitcoin system to pay her computer ransom.
To explain the fate of having to toss out computers in the IT shop which cannot be ransomed, we call on our security expert Steve Hardwick for some insights.
By Steve Hardwick, CISSP
In a previous article I looked at a Man in the Middle attack using SuperFish. That malware effectively bypassed the encryption built into HTTPS and so allowed Lenovo to inspect secure web traffic. There's another type of encryption hack that's becoming a serious threat: Ransomware.
In standard symmetric encryption, a key — a password — is used to scramble the information to render it undecipherable. The same key is then used to allow a valid user to convert that data back into the original data. Encryption systems ensure that anyone without a key will be unable to reconstitute the original data from encrypted data. Another key component (forgive the pun) is the password used to generate the encrypted data. If a valid user is not able to access the key, then they no longer have access to the data.
In many situations as a security professional, I've been asked how to recover encrypted data after the encryption key has been lost. Despite what TV shows depict, this is not as easy as it looks. Typical recovery of encrypted data is time consuming and costly. The first thing any security professional will say when an encryption key is lost is, "Just recover your data from your backup." But today there's a type of virus out there that uses this weakness, and can compromise backups, too.Ransomware takes data on a machine and encrypts the information, including every data file. The catch to this encyption is that the key is not provided to the user. Typically a message appears telling the user how to get a copy of the decryption key, obviously involving payment. The user is now left with a machine where the data is not accessible unless the encryption key can be obtained. The machine is commonly called a brick. The question now becomes, is there any way to retrieve the data without becoming a victim of extortion?
The actions that can be performed after this attack are very limited. Cracking the encryption itself is going to be difficult at best. Perhaps the one method that can be used is to hope that the virus has been reverse-engineered, so the decryption key is found. There's one common ransomware virus, CryptoLocker, whose code has been cracked and a solution posted for victims to use for free. But you may not be so fortunate. As the time honored saying goes “The best form of defense is a good offense.” Putting provisions in place before the attack is the best way to prevent this extortion.
Here is a list of these measures:
1) Make sure the machine is backed up regularly. It is a good idea to make sure that the backup you are using cannot be compromised by the same virus. For example, some viruses are able to infect the backup as well as the source. That means storing a recent backup offline.
Ed: It's also important that your backup solution does versioning. You don't want to write over a good backup with a bunch of encrypted garbage.
2) Keep your operating system and application software up-to-date with the latest patches.
3) Do not follow unsolicited web links in email
4) Keep your anti-virus software up to date
5) Try to get Windows users not to run with Administrative privileges, which are more prone to attack.
By using these methods, not only will you be less susceptible to ransomware, you will also be less vulnerable to other problems such as other viruses, hard drive failure and loss of your machine.
April 10, 2015
Putting ERP Securely On Your Wrist
HP 3000 ERP solutions are hosted natively on servers, and some of them can be accessed and managed over Apple's mobile tablets. But the Apple Watch that's due in two weeks will bring a new and personal interface for enterprise servers. Indeed, a well-known alternative and migration target for MANMAN and other MPE apps is climbing aboard the Apple Watch bandwagon from the very first tick.
Salesforce has a Watch app coming out on launch day that ties into a business installation of the storied application. Incredible Insights Just At A Glance, the promo copy promises.
Access the most relevant, timely data in seconds. Swipe to see dashboards, explore with lenses or use Handoff to work seamlessly between Apple Watch and iPhone. And use Voice Search to surface a report, view a dashboard, or find other vital information in seconds.
As mobile computing takes a new step with the Watch -- a device that Apple's careful not to call a smartwatch, as it's more of an interface for a smartphone -- security remains a concern. Apple has been addressing it by recognizing the Four Pillars of Mobile Security. A little review can be helpful for any IT pro who's got mobile devices coming into their user base. That's the essence of BYOD: Bring Your Own Device.According to enterprise Mac management software vendor JAMF, securing a mobile system, whether it's a tablet like the TTerm Pro-enabled iPad, a smartphone or a laptop, "requires careful attention to four key areas."
- Data at rest — Securing data on a device
- Data in transit — Securing data as it moves over a network connection to the device
- Application security — Installing trustworthy software from a safe source
- Patching — Keeping software up to date to avoid vulnerabilities
To implement good security reliably throughout an organization, three additional capabilities are crucial:
- Device management — Deployment, application distribution, security policy enforcement
- Reporting — Inventory of all devices and their configuration
- Auditing & remediating — Audit for compliance to security standards and tools to remediate as needed
JAMF sells its Casper Suite as a tool to manage enterprise-grade Apple platform installations. There's bound to be something just as thorough for the Windows-based user community. It's one more thing to ensure is a part of a migration plan, as the 3000's ERP data moves into a fresh generation.
For reference, to help research the caliber of such a Windows-based strategy, here's the breakdown that JAMF provides in a white paper about securing mobile data as well as Apple does.
1. Data at rest — The iPhone and iPad features hardware-based encryption for data at rest that is enabled by default. For Mac, the FileVault whole disk encryption system (a native feature in OS X) protects data with virtually no impact to system performance or battery life.
2. Data in transit — Apple devices can connect via VPN (Virtual Private Network) to secure data in transit. No additional software is required to take advantage of this security feature, and once configured it is transparent to the user.
3. Application security — One of Apple’s best contributions to the IT security field is their App Store ecosystem. Apple reviews all software submitted to the App Store to weed out malware. Each software package is cryptographically signed to prevent any tampering with the files. OS X and iOS are configured to reject any software that lacks a signature. IT staff can sign their own software packages to take advantage of this application security layer.
4. Patching — Since the dawn of computing, all software includes some number of defects or bugs. Some of these defects can be used by malicious attackers to gain access or steal information. The best practice for IT security is to keep all software up to date to eliminate vulnerabilities as they’re discovered. Apple makes this easy with native software patching utilities built-in to the OS. IT staff can host an Apple Software Update Server on the corporate network to speed up patching.
There's a bit of "every problem seen as a nail" with Apple's tools acting as a hammer here. But closed ecosystems have been essential to 3000-grade reliability for decades. Apple controls every aspect of the ecosystem as much as HP did with the 3000, making hardware as well as operating systems. A turnkey solution usually saves time and resources.
April 08, 2015
Essential Skills: Man In The Middle Attacks
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for such multi-talented MPE experts.
By Steve Hardwick, CISSP
Lenovo recently made news in the security industry, and it was not good news. The PC manufacturer was shipping a copy of the Superfish malware with its machines. The software executes a threat known as “man in the middle.” Once it was discovered, companies were advised to remove it, yes. But what is a man in the middle attack, and why is it so dangerous?
Superfish compromises the HTTPS security protocol. It will intercept HTTPS requests made by a browser. It then uses a program to connect to the target website. At the same time it sends its own public key to the browser, and has it trust it. Instead of data coming back from the website to the browser, it now comes to the Superfish program.
Normally, encryption is viewed as using a password or phrase to generate a key. The key is then used to encrypt a set of data in clear text. The resulting cyphertext is then sent to the recipient, who must have the original key to decode it. This is commonly referred to as symmetric encryption: used just for a session, the same key both encrypts and decrypts the data.
The Superfish malware extracts a symmetric key from the website and passes it on. The browser thinks it has a secure connection to the website, when in fact Superfish is now listening to all of the communication from the PC to and from the website. Superfish was originally used to intercept Web traffic and surreptitiously record where the PC's user went on the Web. In addition, it opens up very nasty holes for hackers to use.What's at stake? Superfish is recording traffic that can include a lot of private information: Social Security numbers, banking details, credit card numbers, or health information. All a hacker has to do is to break into Superfish and take a copy of the data that it stores back to their location. There it can be reviewed and the personal data extracted.
Second, since the Superfish application is the one validating the digital certificates, false certificates can be installed. This allows a hacker to install a false certificate for a banking site. The user would connect to their back, and instead the hacker would use Superfish to connect to their site. The user would feel safe that the HTTPS connection had been made and all of the data was secure. However, the hacker is now collecting all this private information.
This was a bad security hole. Users were initially unaware of the application that was loaded by this PC manufacturer. There are now many sources of instructions on how to remove this piece of malware. How could this have been avoided in the first place? First of all, it is worth checking the installed program list of any new machine. Work through the list of programs and then use a browser to look up ones that do not look like standard applications. Superfish came up as VisualDiscovery for example.
Sometimes programs like this get loaded when other programs are loaded or upgraded. Browser search bars can get in that way. The only certain way to remove Superfish is to completely wipe the hard drive, and then reload the operating system from scratch, only putting in the programs you want. In many corporations, machines are rebuilt like this using an image of a hard drive that was previously configured safely.
But what is a man in the middle attack, and why is it so dangerous? It helps to know how computers encrypt data.
How encryption works
We begin with understanding how computers identify their partners. One of the major challenges of symmetric encryption is how to deliver the symmetric key safely to the recipient.
To overcome this challenge, Whitfield Diffie and Martin Hellman devised a method of exchanging keys called asymmetric encryption. In this approach, one key is used to encrypt the data and a different key is used to decrypt the data. The two keys are created as a pair. The encryption key, since it is not disclosed, is called the Private Key. The second, which can be distributed, is called the Public Key. Additionally, the public key can be used to encrypt data and the private key used to decrypt it. Using the public key to encrypt a symmetric key allows it to be decrypted only by the user that has the corresponding private key.
The next challenge that arises is verifying public keys. For example, Jane sends Bob an email message saying “Attached is my public key.” Bob then sends Jane an email saying “Here is my public key.” So Bob and Jane can now use these asymmetric keys to securely send a symmetric key. The symmetric key can then be used to encrypt and decrypt the file data. However a couple of days later Bob gets another email message from Jane saying ”New public key attached.” What should Bob do? Ironically at the same time Jane has receive an email from Bob saying ”New public key attached.” Let's say they both believe it is real. However, neither sent the keys.
A bad guy, intent on reading their encrypted data, sent these keys out. Jane uses the new Public key from Bob to encrypt the symmetric key and sends it out. The bad guy sees it and uses the fake private key he created for Bob to decrypt the symmetric key from Jane and store it. Then he uses the fake private key for Jane to encrypt the symmetric key and send it to Bob. Bob uses the fake public key from Jane and decodes the symmetric key. Now Jane and Bob think they are the only ones with the symmetric key and start sending encrypted messages. However, the bad guy also has the symmetric key and can also decode the data too.
What was needed was some way of validating that the public key came from the person that claimed it. The concept of a digital certificate resolves this challenge. A company called a Certificate Authority sets up a way to validate user identity. They send out their public key to everyone who trusts them. The users then send their public key to the CA. The CA verifies their identity and encrypts their public key with the CA private key. The resulting file is now sent out in lieu of a public key. When the recipient receives it they decrypt it with the CA public key and get the validated user's public key. The user public key that was encrypted with the CA private key is called a digital certificate. This is used in HTTPS web connections.
A website owner will generate their Public/Private key pair. They will send it, together with the required documentation, to a digital certificate provider. (There are many out there; just search the Internet.) The digital certificate provider, after authentication, sends back the digital certificate. The web site owner can now set up an HTTPS web site. The digital certificate is sent to the web site user. If the public key of the CA is loaded into their browser, then the website Public key is extracted automatically. The website can now use their private key to send symmetric keys to encrypt the data. A secure channel can now be established. Plus, the website user can also use the digital certificate to validate the website address.
April 01, 2015
River cruiser to ferry MPE exokernel mission
An obscure, elite set of EU computer scientists will tackle the looming challenge of slimming down the 3000's operating system this summer, working aboard a cruise ship plying the waters of Europe's river system. The fledgling coalition of seasoned developers will occupy the Norwegian Avignon Passion II on a route between Budapest and Prague, taking on Eastern Bloc developers at Regensburg, Melk, and Roth along the Danube.
The design team's leadership said they were inspired by the Salesforce Dreamforce cruise liner accommodations at this summer's conference. That 135,000-attendee event will handle some needs for lodging and services from the Celebrity Eclipse. The design team will go the next step and cast off its lines in Central Europe, rather than stay tethered to a pier of prior engineering.
"There's nothing we'll want for while we're afloat," said Jean Noosferd, the group's managing director. "It's just us, three million lines of code, and the passion we have to make MPE as popular as Linux." Microkernels for Linux are lifting the popularity for these slimmed-down instances of an OS.
Working from the concept of an exokernel — MIT designs that are much smaller than a normal kernel such as MPE/iX's current monokernel design, and even smaller than a microkernel — the group will leverage the work of open source teams such as the Polish-based Pjotr Mandate. The object is to reduce the installation and management footprint of PA-RISC-ready operating systems. If successful, the development cruise will dock at Prague and release its team of scientists.
"If not, we sail back to Budapest and rework our designs," Noosferd said. When a new version of MPE emerges from the work, the Passion II will remain afloat to preserve the legality of an adapted and enhanced 3000 OS. The software will be sold and distributed using cloud-based Moonraker servers. HP's restrictions on the MPE source code prohibit new versions to be released in any country. "We'll be sailing between countries," Noosferd said. "International law is in force, and so intellectual property ownership will be preserved."Operating in close quarters, the set of scientists will be using small teams, the organizational structure that gave the world the initial breakthrough of MPE. "We all believe in mono-tasking," Noosferd said. "Small teams and small projects are beautiful, and working from staterooms aboard the Passion II will squeeze the best from us. It's like the quote from William Morris, 'Have nothing in your houses that you do not know to be useful, or believe to be beautiful.' We'll have nothing aboard but bytes and brains." Noosferd said that rumors of powering the developers on a steady diet of Beluga caviar are "as outlandish as running a 3000 from an iPhone."
Like an exokernel, which delivers more direct access to a computer system's hardware, the development cruise will remove most distractions. "Unlike that Dreamforce ship, we won't be released to the sea," Noosferd said. "Like MPE's community, we respect boundaries, such as those riverbanks along our path."
The original MPE was designed to operate in a tiny 64KB memory space. If successful, the entire instance of what being called MPE-ExO could fit on an HP Moonshot micro-server. That low-cost hardware has been promoted as a hosting platform for hyperscaled processor computing. Intel's Atom processors — so-named because of their size — are the workhorses of Moonshot.
March 13, 2015
Fiorina campaigning again, against Clinton
Former HP CEO Carly Fiorina pushed herself to the front of news again, as a story in the New York Times chronicled her campaign against former Secretary of State Hillary Clinton. Fiorina has spent the last several years aiming criticism at Clinton, including a recent swipe that attempts to smear Clinton's travels around the world.
"Like Hillary Clinton, I too, have traveled hundreds of thousands of miles around the globe," Fiorina said, "but unlike her, I have actually accomplished something.” The claim recalled memories of Fiorina's most lasting accomplishment from her HP days: hawking a merger that pushed out the values and influence of the Hewlett family.
Thirteen years ago this week, a raucous stockholder showdown in Delaware ended with Fiorina's forces victorious, approving the Compaq merger. Walter Hewlett, son of HP founder Bill Hewlett, contested the vote in a lawsuit. HP directors on Fiorina's team responded by refusing to nominate Hewlett to keep his seat on the HP board.
Many actions of that period were designed to make HP bigger. Low-growth product lines were cut or de-emphasized, most particularly in the HP 3000 world. Despite the efforts to puff up HP, though -- and continue revenue growth to satisfy shareholders -- the plan had no effect on stock value. By the time Fiorina was fired in a board move -- 10 years ago this month -- HP shares sold in the low $20s, just as they did on the day of that Delaware merger victory.
Those inflated accomplishments of her go-go strategy were not misunderstood by the Times writer. "Her business career ended... in one of the more notorious flameouts in modern corporate history," Amy Chozick wrote today. "After orchestrating a merger with Compaq that was then widely seen as a failure, she was ousted in 2005."
The failed merger with Compaq did give HP a product with some foothold in 3000 migration projects, though. The ProLiant servers from Compaq are competitive with Dell and Lenovo systems for installations of Windows Server, the most-chosen alternative to HP 3000s.
Fiorina's tone has been strident, much as it was during her tenure when the 3000 was cut loose by HP. She's most recently tried to assert Clinton has stolen concepts and intellectual property from her.Pushing onward without regard for reality was among the things that got Fiorina fired 10 years ago. HP's board had trouble getting her to relinquish controls that might've tempered her mission to acquire corporations. In her Clinton attacks, Fiorina claims the title of the autobiography she wrote, Tough Choices, was appropriated by Clinton when the former First Lady wrote Hard Choices.
A Twitter image on a Fiorina feed posted the covers of the books side by side. There's also the former CEO's claim that a Clinton speech to female tech professionals, saying that women can "unlock our full potential," is a theft of Fiorina's Unlocking Potential Project.
The Times article, as critical of Fiorina as the former executive has been of Clinton, prodded that claim, too. "Fiorina came in for some derision on The Huffington Post, which recounted the tussle under the headline “Overused Management Bromide Now The Exclusive Property of Carly Fiorina, Apparently.” "
The CEO who led the HP which cut off its 3000 plans has many critics in the community to this day. The impact of a rush to expansion kept HP off its legendary game of R&D, according to HP's former VP of Software Engineering Chuck House. OS marvels of their day like MPE don't flow out of HP labs any longer.
A recent $2.7 billion acquisition of Aruba Networks is the latest HP purchase, buying technology that promises a cutting-edge firewall to enable mobile enterprise computing with the Aruba Mobility-Defined Network. HP says the deal "positions Hewlett-Packard to accelerate enterprise transition to a converged campus network." It's also about 90 percent smaller than the Compaq merger — more in line with the reduced HP of today.
March 10, 2015
Size matters not: Gigaom blog folds fast
News surfaced this morning about the landmark tech blog Gigaom. The New York Times reports that the massive operation switched off its news reporting in a rush sometime yesterday. The halt of news and postings was as swift as the one Interex experienced almost 10 years ago. Like the user group's demise, unpaid bills were Gigaom's undoing.
Gigaom was big enough to produce conferences. It also offered a white-paper research business. And like the NewsWire, it sold advertising. None of that was enough to keep away Gigaom's creditors. In an echo of what happened at the 3000's final user group that focused on the server, big was no protection against borrowing.
The Times story quoted the site's founder Om Malik in a confirmation statement. "Gigaom is winding down and its assets are now controlled by the company’s lenders,” he said. “It is not how you want the story of a company you founded to end."
One commenter asked, "What does this mean for upcoming events like GigaOM Structure Data next week?" Indeed, like the Interex meltdown, GigaOm has many commitments to keep and by now the lenders are taking control of operations. The scope of failure is similar to the HP World show that never opened in August, 2005. More than $300,000 in tickets were sold to this month's GigaOM conference. There's no word on refunds. For the moment there's no announcement of bankruptcy, though.
All-digital was the only platform GigaOM ever used to spread information. One comment suggested that tech journalists are writers who couldn't make it elsewhere in publishing. That's too broad a brush considering the number of online tech writers. But it's easy to fill a digital outpost with opinions and little news.
The caliber of content is important. So is a manageable mission. Being small and profitable has been the watchword for nearly all of the 3000 vendors and companies since I got here, more than 30 years ago. All of us have been managing risk in what's clearly a contracting market. Gigaom's shutdown is the sort of outcome an IT manager might experience if an app vendor went dark overnight.Unlike Interex, the Gigaom site remains online today, filling up with comments from its loyal readers. Some are dancing on the blog's grave. Gigaom opened for business a year after we started the NewsWire's blog. The changes in the Web publishing model have been profound -- and that's in a marketplace with new technology and systems rollouts.
About a year ago, the blog's founder Om Malik announced he'd reeled in a fresh $8 million of funding for his operations. He also joined the venture fund investment company, "and so I'm hanging up my reporter's notebook." It's an interesting image, that hanging up of a notebook. We don't wear hats any longer in the press like reporters did in the Fifties. But really, you file away notebooks, and the research and learning that started in notebooks at GigaOM will remain online for awhile. That's one advantage of being all-digital: what you provide is a legacy that needs little more than a hard drive and a Web address to survive.
Anyone who writes news for a living might see the fatigue in Om's notebook-hanging of one year ago.
Living a 24-hour news life has come at a personal cost. I still wake in middle of the night to check the stream to see if something is breaking, worrying whether I missed some news. It is a unique type of addiction that only a few can understand, and it is time for me to opt out of this non-stop news life.
Malik had a lot in orbit, so the crash will sound large. Smaller blog ventures will create more stories starting today. Yoda's line from the Empire Strikes Back rings out at me this morning. "Size matters not," he told Luke. "Judge me by my size, do you? And well you should not. For my ally is The Force." We can all feel The Force when we feel small -- in markets, in futures, in whatever we would like to dream.
February 27, 2015
Dow hits record while HP shares fall out
On the day the Dow Jones Industrial Average reached a record pinnacle, Hewlett-Packard released quarterly results that pushed the company's stock down 10 percent.
HP is no longer in the Dow, a revision that the New York Stock Exchange made last year. HP is revising its organization this year in preparing to split in two by October. The numbers from HP's Q1 of 2015 indicate the split can't happen soon enough for the maker of servers targeted to replace HP 3000s. The company is marching toward a future more focused on enterprise systems -- but like a trooper on a hard course, HP fell out during the last 90 days.
HP said that the weakness in the US Dollar accounted for its overall 5 percent drop in sales compared to last year's first quarter. Sales would have only fallen 2 percent on a constant-currency basis, the company said. It mentioned the word "currency" 55 times in just its prepared marks of an earnings conference call this week. The 26.8 billion in sales were off by $1.3 billion on the quarter, a period where HP managed to post $1.7 billion in pre-tax earnings.
That $1.7 billion is a far cry from Apple's $18 billion in its latest quarter profits. HP's arch-rival IBM is partnering with Apple on enterprise-caliber deals.
Meanwhile, the still-combined Hewlett-Packard has rolled from stalled to declining over the last 18 months, which represents some of the reason for its bold move to split itself. "Enterprise trends are set to remain lackluster absent a transformative acquisition," said one analyst while speaking to MarketWatch this week. Two-thirds of the $5.5 billion in Printing came from supplies. Ink is still king in the printing group
Industry Standard Systems (Intel-based Windows servers) provided the lone uptick in the report. Sales of products such as the newest Gen9 ProLiants lifted the revenues up 7 percent compared to the Q1 of 2014. HP is ready to take advantage of upcoming rollovers in Windows Server installations.Results from the Enterprise Group delivered another chorus of downbeat numbers for the Business Critical Systems operations. The group where HP's Unix and VMS enterprise servers are created saw its sales fall 9 percent from last year's Q1. Of course, that period showed a revenue drop as well. BCS operations -- where the HP 3000 resided when it was a Hewlett-Packard product -- haven't seen any recovery in more than two years.
BCS results have been so consistently poor that HP considered that 9 percent drop a good sign. "We also saw some recovery in business-critical systems," said CFO Cathie Lesjak, "with revenue down only 7 percent in constant currency or 9 percent as reported."
Lesjak pointed out to the analysts on its conference call that hardware such as the Integrity HP-UX servers are vulnerable to the value of the US Dollar.
Our personal systems and our Enterprise Group hardware businesses have very little in natural hedges, as our component contracts are typically in US dollars. As a result, these businesses are disproportionately impacted by currency movements. However, we do have some ability to increase pricing in response to currency movements, while being mindful of competition and potential negative impacts to customer demand.
HP is expecting all of the 2015 hardware growth in the Enterprise Group to come from its Gen9 lineup of ProLiant systems. Windows Server 2003 has an expiration date for its support coming up in July, an event that HP believes will give it some fresh wind in its enterprise sales.
"I think we are really well positioned to take advantage of Windows 2003 refresh, just as we were from the XP migration and the PC business," said CEO Meg Whitman. "I think we feel really pretty good about that business for the reminder of the year. And I think we are very well positioned .and the Gen9 server was dead-on, from the market perspective."
February 26, 2015
Not a good night to news — a new morning
Last week on this day we announced we're going all-digital with HP 3000 news. So what follows here is not a good night to publishing, but a good morning. Early each day I trek to my Mac and open a digital version of our Austin newspaper. We make coffees and print out the day’s crossword and number puzzles, using the digital American-Statesman. Abby I write on these two pieces of paper, front and back, because it’s the classic way to solve puzzles. But the rest of the day’s news and features arrive digitally. We can even follow our beloved Spurs with a digital version of the San Antonio paper, scanning an app from our iPads.
We discovered that we don’t miss the big, folded pages that landed on our driveway, the often-unread broadsheets that piled up under the coffee table. I hope you won’t miss those mailed pages of ours too much. Paper is holding its own in the book publishing world, yes. The latest numbers show 635 million printed books sold in 2014, a slim 2 percent rise over 2013.
But this is the news, periodical pages whose mailed delivery period is usually measured in days. A tour of publications that quit print in the past year or two is in order. We start with the most recent retirement, Macworld. Its final print issue mailed last fall — now all-digital. It sells what it is calling “digitally-remastered” articles, something aimed at iPad readers. The subscription cost has even increased.
How about some venerable newsweeklies, like US News & World Report and Newsweek? Both still serve stories from lively websites. Their stalwart competitor Time still sits on waiting room tables and newsstands, though. But just 48 pages of print is the norm for that weekly.
Some publications in our own 3000 world pulled their plug too early, or too late, to deliver a digital generation.In our world, Interact magazine and its cousin HP World stayed too long at the fair and collapsed along with the user group Interex. HP Professional, HP Omni, HP User — all made their exit before digital rose up as a vibrant publishing outlet. PC World evolved to digital in 2013, after printing 750,000 copies a month in 2006. That’s a lot of pulped trees being sacrificed for the needs of that publication’s advertisers.
The advertisers, our sponsors, made the NewsWire a success. We began our ongoing journey with the ideal of making subscriptions the biggest part of our business model. But the printed trade journals of the 1990s made short work of that idea. Readers were avid, yes, but unwilling to pay in great numbers.
Sponsors like ours stepped up to tap that readership with support for our pages, whether in print or on the Web. There have been more than 210 companies who have made our 8 million printed pages possible, so far. Our final printed issue, Winter 2015, has pages sponsored by the most stalwart and steady. Others are already all-digital sponsors. Some support us simply to ensure the 3000 has a digital outpost.
More than 19 years of printing and mailing pages is what your community and all those sponsors enabled. There are digital editions in our future and yours. The community continues to require the vantage point of a publication, a place to discover stories about themselves.
Some stout espresso and sharp pencils start most days around my house. Finding what’s new, and chronicling it in a story, remains fun and useful creation. The early morning's spark and the durable magic of email, plus the Web, helped us create the NewsWire’s print. Now it’s our time to spark the rest of our ride using our digital bolt.
February 23, 2015
Rackspace lines up for MPE cloud Charon
Stromasys has started to offer cloud-based versions of its HP 3000 virtualized server, after successful tests using Rackspace as a cloud provider. The software solution’s total ownership cost will drop as a result, according to company officials.
The Charon HPA virtualization system is also being sold at an entry-level price of $9,000, according to Razvan Mazilu, Global Head of Presales and Services. That price point delivers an A400 level of performance with eight simultaneous connections.
“The price range for our solutions goes from $9,000 for the HPA/A408D to $99,000 for the HPA/N4040,” he said.
Deploying that software in a cloud setting is still in early stages, now that the testing was completed in November. Stromasys says customers can use their own cloud providers, or Stromasys can recommend a provider as robust as Rackspace.“This is a brand-new feature that we are implementing,” Mazilu said. “We are talking to a couple of new customers about this, and so it’s on the table, rather than hosting their own systems at their site. Remote sales people, for example, don’t have to go to the office.”
“A customer doesn’t have to create a remote access infrastructure to provide users with access to the systems. This removes the boundaries from the systems. Since the 3000s are usually quite old, they tend to be forgotten when it comes to providing remote access to them.”
By going with a cloud installation, “they do not need to invest in the day-to-day operations and maintenance, either,” said Alexandre Cruz, Stromasys Sales Engineer. Cruz has been in close contact with the HP 3000 customers using Charon. He added that “being on a contract with a cloud provider, they can cancel at any time.”
Implementing the cloud version of Charon on Rackspace showed no decline in performance, Cruz said. “I had a very big pipe, 250 megabits, and that’s not the top of the top-end for systems. We can improve on the network speed if needed.”
February 20, 2015
Turning the Page on Paper News
We always knew that digital delivery was part of The 3000 NewsWire mission. We branded our publication with the word “wire” because that’s what the world understood in 1995 about anything beyond printed information.
Closing in on 20 years later, it’s time to unplug from print. The change has been inevitable, a lot like many changes for the 3000 community’s members. It also mirrors the way information and content moves today: virtually without wires.
In the year that my wife Abby and I started the NewsWire, using wires was essential to staying connected. Our computers were wired to the network, the modem wired to the computer. Our music came to us over a CD player wired up to a stereo receiver, and the receiver was wired to our big honking speakers.
Today it’s all wireless, and starting after this month's Winter issue, just mailed, we’ll be all paperless. Our music and computing has gained flexibility and speed while it shed its wires. Going paperless and wireless amount to the same thing: embracing a new, fluid future for what we need.
When I started writing this news resource, I had to be connected via wires just to make a paper product. Now we can send and receive information with no wires to speak of, except for those in the datacenters where our information is stored and exchanged. The laptop is wireless, tablets and phones are wire-free. So can build on what we’ve shared for close to 20 years using no paper. Even the invoicing has gone all-digital.
We still love paper here. There’s no future that I can see where paper won’t be a special medium for consuming and enjoying some stories. But for news, and things that evolve, digital delivery is the flexible choice for 2015 and beyond.
No, this isn’t our end-of-life notice. But after more than 8 million mailed pages since 1995, we can go farther with digital delivery.The world of the NewsWire beyond print is just as real as the years of 3000 life after the Hewlett-Packard announcement of 2001. We’ve printed far more issues and dispensed more news since the week of that November notice than before it. For 13 years afterward, print issues of the NewsWire have rolled off a press. Instead, this transition for us is a total commitment to what’s been our primary medium for more than nine years.
Our print issue readers have been enjoying and archiving paper copies since before there was Google, Amazon, or Apple’s iPod. We’re just following the lead of countless news outlets who’ve transcended their boundaries of column inches and the limits of page counts that they had to bind within covers.
Print has been important, so crucial to our work that growing into this moment never would have been possible without the many pages mailed across three different decades. By our accounting, we’ve sent more than 8.5 million pages into worldwide postal systems, as well as distributed at shows, since the year when Lew Platt was a new CEO at HP.
When Abby and I launched this venture during the prior century, no digital-only information resource could be taken seriously. A website? You had to be more than that. After more than a generation, the picture has flipped — enough that an evolution to all-digital confirms the view that what’s important is what’s written and shown, regardless of its medium.
It’s a transition that’s akin to what the 3000 is going through this year and beyond, as the aging HP hardware starts to cross over into cloud virtualization. We once needed print as much as MPE needed PA-RISC chips. Now each is a throwback. Your market still wants to look forward.
Even with all of that certain strategy, this was not an easy step to take. Abby and I grew our careers in the era of printed publishing. The smell of fresh ink on crisp paper — whether it was newsprint like the tabloids such as the HP Chronicle where I started, or the 60-pound white stock of the NewsWire — still triggers a rising heartbeat and a tug at heartstrings.
When we rolled off the press in 1995, we loved paper as much as we loved immediacy, the certainty that we offered as much as anyone could know on the day we printed. Just as we shipped off Issue No. 1, we created the FlashPaper, a last-minute roundup of the latest 3000 reports on a stuffed-in, goldenrod-colored sheet. Not long after that, we went to e-mail delivery of other stories in an Online Extra. It’s been a great ride to push the paper this far.
February 19, 2015
NewsWire Goes Green
After almost 20 years of reporting news and technology updates using our printed issues, The 3000 NewsWire goes to an all-digital format following this month's Winter 2015 print issue. It's our 153rd, and this announcement marks our new focus on delivering information exclusively online.
This is not a farewell. We're only saying goodbye to our paper and ink.
The articles and papers published on this blog will continue to update and inform the MPE community. After racking up more than nine years of digital publishing, this blog now has more than 2,500 articles, including video, podcasts, and color digital images from resources around the world. We have immediate response capabilities, and rapid updating. We have a wide array of media to tell the stories going forward from 2015.
It’s the reach of our Web outlet that enables the strategy to take the NewsWire all-digital, also reducing the publication’s eco-footprint. Online resources go back to 1996. We'll take special care to bring forward everything that remains useful.
The first paper issue of The 3000 NewsWire appeared in August of 1995 at that year’s Interex conference in Toronto. We hand-carried a four-page pilot issue to Interex '95. To introduce the fresh newsletter to the marketplace, HP announced our rollout during its TV news broadcast 3K Today.Throughout our publication’s history, the Web has offered a growing option for news distribution. After websites became the primary means for news dissemination, in 2005 this blog took over as our primary outlet for reports. The quarterly print issues across the last two decades have summed up the greatest hits of these reports, each covering the prior three-month period.
The blog now becomes the exclusive source for updated 3000-related news and market updates. But there will continue to be digital editions of the NewsWire, edited and curated for our readers in PDF formats. This new Digital Focus product will offer fine-tuned searching capability. The dizzy array of outside weblinks will fall away in a Digital Focus PDF compilation. And creating PDFs for passing on our articles will be easier, too.
Our daily updates for new articles are available via Twitter by following @3000newswire. We've had an RSS digital feed for almost 10 years by now, too.
We're working on evolving our presentation while we go green in 2015. We'd love to hear from you about our growing digital development, and what you'd like to see in this new year.
February 05, 2015
Getting Chromed, and Bad Calls
The HP 3000 made its bones against IBM's business computers, and the wires are alive this week with the fortunes of Big Blue circa 2015. Starting with meetings yesterday, the company is conducting a Resource Action, its euphemism for layoffs. IBM employees call these RAs, but this year's edition is so special -- and perhaps so deep -- it's got a project name. The cutting is dubbed Project Chrome, and so the IBM'ers call getting laid off Getting Chromed.
Hewlett-Packard has never wanted to call its layoffs by their real name either. The first major HP layoff action during the 3000's watch came in the fall of 1989, when more than 800 of these separations were called "being excessed." Employees had four months to find a new place inside HP, but had to search on their own time. Engineers and support staff were given the option to remain at the company, but jobs at plant guard shacks were among their new career options. Another virulent strain of HP pink slips came in the middle of the last decade, one of the purges in pursuit of better Earnings Per Share that pared away much of the remaining MPE/iX expertise from the vendor.
Aside from bad quarterly reports, these unemployment actions sometimes come in the aftermath of ill-fated corporate acquisitions. This week on CNBC's Squawk Box, analysts identified HP's Compaq merger as one of the worst calls of all time. The subject surfaced after the questionable call that led to a Seattle defeat in Sunday's SuperBowl. A big company's failures in new markets can also be to blame for getting Chromed. IBM has seen its revenues and profits fall over the last year, while mobile and cloud competitors have out-maneuvered Big Blue.
IBM has already shucked off the Cognos development tool PowerHouse as of early last year, but now comes word that other non-IBM software is getting its support pared back in the RA. In the IEEE's digital edition of Spectrum, one commenter made a case for how IBM is sorting out what's getting Chromed.
The digital article on the IEEE website also includes some reports that employees over 40 have been targeted. They then saw the company threaten to withhold severance packages if age-discrimination lawsuits were filed.
I am the last US resource supporting a non-IBM software package, which is in high demand globally -- yet the powers that be seem oblivious to it. Rather than create a dedicated group to go after that business, they cut anyone with that skill, since it is not an IBM product and therefore, "not strategic." Unfortunately the company continues to gamble on their Tivoli products, which clients seem to embrace about as much as Lotus Notes, rabies and bird flu.
HP and IBM have a lot in common in their workforce makeup. Both employ more than 300,000 workers as of last year, and while those numbers lead the industry, neither is among the top 15 employers worldwide in headcount. However, HP and IBM manufacture goods, so they look up at the largest manufacturing worker employer, Volkwagen. There are 555,000 VW employees.
HP's employee count rose into six digits, and then doubled again, as a result of two acquisitions. Compaq drove the headcount to above 140,000, a 65 percent increase. Then in 2008, EDS became an HP operation, and the headcount soared to 349,000. Since 2011, the workforce at the vendor that's still working to sell some HP 3000 replacements has dropped by 15 percent. The current HP layoff plan — a layoff strategy has been in place for more than five year — calls for a total of 55,000 job eliminations by the end of this fiscal year.
These employee cuts are the result of relentless pursuit of EPS growth, so that the numbers reported to shareholders can show an increase in spite of flat to falling revenues. Stock prices at HP have recovered to 2005 levels amid the HP layoff march. But IBM's share price took a 12 percent dive on a single day this fall, is now below its mark when current CEO Ginni Rommety took over, and hovers today around $160 a share.
Rommety was rewarded for her performance in 2014 with a $1.6 million bonus. The tepid stock of IBM made it "the worst performer in the Dow Jones Industrial Average for a second straight year," according to Bloomberg News. The company that once proudly wore the reputation "nobody ever got fired for buying IBM" is doing a lot of firing this week.
January 30, 2015
Where a Freeware Emulator Might Go Next
It was always a little proof of a brighter future, this freeware emulator distributed by Stromasys. The A202 release might be shared with prospects in the months and years to come. But for now the program has been discontinued. One of the most ardent users of the product, Brian Edminster, sent along some ideas for keeping an MPE enthusiast's magic wand in a box that's open to the community.
Edminster was trading ideas with the vendor for improvements to Charon HPA more than a year and a half ago. He's noted that having a public cloud instance used for demonstrations, a bit like HP's Invent3K of a decade-plus ago, would be a great offering for enthusiasts. He's had rewarding experience with the freeware's documentation, too -- an element that might've been an afterthought with another vendor.
By Brian Edminster
As much as I hate it, I can understand Stromasys pulling the plug on the freeware version of Charon. I just hope they can come up with a way to make a version of the emulator available to enthusiasts — even if it's for a small fee. At some time or another, that'll be the only way to run an MPE/iX instance because all hardware will fail, eventually. (This is said by someone that still has a few MPE/V systems that run, and many MPE/iX systems that do).
I guess the real trick is finding something that prevents the freeware version of the emulator from being viable for use by anyone but enthusiasts. I'd have thought that a 2-user license would be enough for that, but apparently not.
I'd imagine that limiting the system to only the system volume (MPEXL_SYSTEM_VOLUME_SET), to only allow one emulated drive, and perhaps limiting the emulated drive-size to 2Gb or less might be enough. But not knowing what kind of applications were being hosted against the license terms makes it hard to say for sure.
The only other thing I can think of might be requiring the emulator to 'phone home' (via Internet connection) whenever it was fired up, and have it 'shut off' within a given time if it couldn't. But even that wouldn't always be definitive as to the 'type' of use occuring.
Seems that trying to avoid paying for something can inspire far more creativity than it should, when truthfully, it's probably cheaper to just “pay the fee.” Perhaps having an Archival licence, where the instance is in-the-cloud and payment is based on amount of resources used, might provide enough incentive for enthusiasts and everybody in the community to do the right thing.Seems that a limited freeware version, and reasonably 'less-limited' cloud versions with a pay-as-you-use-it license, would be the way to go. Perhaps charge a setup fee with a small annual fee to keep the instance present, then charge for the amount of time used (especially when the intended usage is 'archival'). This harkens back to the days of 'time-sharing', back when it was too expensive to own a box of your own.
I know it may not be possible with the Stromasys Charon-HPA product, but the Eloquence DBMS and it's Basic-like development language system has had a 'freeware/evaluation' copy that's limited in a way that makes it unsuitable for any sort of production use. It's done by limiting 'storage' (the total database size) to about 50Mb and just a few users.
Eloquence freeware therefore provides plenty to allow 'personal' use, to learn the tool — but not nearly enough to host any sort of practical production system. It's a unfortunate that Stromasys didn't do something similar with Charon-HPA.
But there’s still a chance to make things different, going forward.
Brian Edminster is the founder of Applied Technologies, a consulting, development, and systems management firm specializing in HP 3000s and the open source freeware that can make them more powerful.
January 27, 2015
Emulator's downloadable free ride ends
Stromasys has discontinued the freeware download distribution of the A202 version of its Charon HPA emulator. According to a company official, "We're ending the freeware distribution due to the unfortunate use of that software in commercial environments."
The A202, just powerful enough to permit two simultaneous users to get A-Class 400 performance, was always tempting to very small sites. Stromasys was generous enough to permit downloading of the software, as well as the bundled release of MPE/iX FOS software, with few restrictions starting in November of 2012. But the instructions were explicit: no use in production environments.
However, A-Class 400 horsepower would be enough for companies putting their 3000s in archival mode. It would also be a workman-grade emulation of a development-class 3000. Some companies may have spoiled the freeware largesse for all. It's unlikely that one customer would report another's commercial use of Charon to emulate 3000s. But there's always the possibility that someone might have, say, contacted the company on a support matter. For a commercial setting.
The virtualization product was pared back to give 3000 sites a way to prove it would match up with the technical requirements of existing 3000s. Indeed, Charon has proven to be a thorough emulation of PA-RISC 3000 hardware. Running it in production requires a paid license and a support contract. The latest information from Stromasys' Alexandre Cruz shows the entry-level price at $9,000.
The Charon HPA freeware that's been installed around the world is still capable of emulating a 3000. But its intended use is for enthusiasts, not working systems managers who administer production machines.The A202 was offered on the honor system. The software required the installer to supply a valid HPSUSAN number upon installation before the software would boot an Intel system as an HP 3000.
There's no mistaking the intention for the freeware, though. From the Version 1.5 Freeware documentation, under the Licensing Restrictions section:
The CHARON-HPA/3000 Freeware Edition is licensed for use in the following environments only:
Enthusiasts: unlimited personal non-commercial use.
Commercial: limited to evaluating the product.
The Freeware Edition may not be integrated into production environments. The CHARON-HPA/3000 Freeware Edition is supplied with a preconfigured HP 3000 disk image that contains a copy of MPE/iX 7.5 FOS. The Freeware Edition will only load after you have configured it with an HPSUSAN number that you are legally entitled to use. You must agree to respect these license restrictions before you will be able to download the Freeware edition installation files from our website.
The freeware will continue to be distributed to prospects who contact the sales force. No other freeware Charon versions -- to be used for the Digital VMS environment, or Sun Solaris -- are available for download from the recently-revamped Stromasys website, either.
Users Guides for the 1.5 release of the freeware, as well as for the older 1.5 release of Charon production-license software, remain online at the Stromasys website.
January 23, 2015
Pending questions about the latest HPA
It often does not take long for reactions to arrive here to NewsWire stories. It's a prime advantage of having a digital delivery system for our news and tech reports. We learn quickly when we've gotten something incorrect, and then can fix it.
But supplemental information sometimes takes longer to fill in. After we posted our article of yesterday about the new 1.6 release of the Stromasys Charon HPA emulator, Brian Edminster of Applied Technologies offered immediate questions. Like us on this very evening, he's seeking more details about the features and updates of 1.6.
I'm especially interested in anything that would make configuring the networking easier, as I found that to be the most difficult part to deal with on my downloadable evaluation copy (However, I've still got the nearly ancient v1.1). [Editor's note: we suspect that the new Network Configuration Utility will simplify this complex configuration task.]
I'd imagine that if these v1.6 updates are available in the evaluation version, I could find all this out myself. But the Stromasys website only has fairly sparse documentation available (compared to their other emulators), and it's for version 1.5, not 1.6.
I tried finding out if this latest version of the freeware edition is downloadable, but I can't find any links on their website to the download link. The website is newly redesigned, and looks a lot fresher, however.
I've looked in the A202 freeware edition's User Guide (v1.5) and it says that the downloadable edition can be found at a particular URL: www.stromasys.com/hp3000_freeware. But try as I might, that URL wouldn't work for me. I kept getting a '404' error, indicating that the link wasn't present.
Is there updated documentation coming? I have to say that those v1.5 docs are light years ahead of what was available when my v1.1 was current.
January 16, 2015
What's ahead for the HPs of 2015?
Last year Hewlett-Packard announced it's going to split up in 2015. Right now it's a combined entity whose stock (HPQ) represents both PC and enterprise business. But by the end of this fiscal year, it will be two companies, one called HP Inc. and another holding the classic Hewlett-Packard name. Any of the enterprise business that HP's managed to migrate from 3000s sits in that Hewlett-Packard future.
Most of time, the things that HP has done to affect your world have been easy to see coming. There's a big exception we all know about from November of 2001. But even the forthcoming split-up of the company was advocated for years by Wall Street analysts. It was a matter of when, some said, not if.
If can be a big word, considering it has just two letters. There was an HP ad campaign from 30 years ago that was themed What If. In things like TV commercials that included shots of HP 3000 terminals, What If sometimes proposed more radical things for its day, like a seamless integration of enterprise mail with the then-nouveau desktop computers.
HP called that NewWave, and by the time it rolled out the product looked a lot like a me-too of Apple and Microsoft interfaces. But What If, rolled forward to 2015, would be genuinely radical if there were either no HP left any more, or Hewlett-Packard leveraged mergers with competitors.
What If: HP's PC and printer business was purchased by Lenovo, a chief competitor in the laptop-desktop arena? Its new CEO of the HP Inc spinoff ran Lenovo before joining HP. On the other hand, what if HP bought Lenovo?
What If: Hewlett-Packard Enterprise became a property of Oracle? That one is a much bigger If, considering that HP's built hardware in massive quantity for a decade-plus along four different product lines: Integrity, PA-RISC (still generating support revenues in HP-UX), ProLiant x86s, and its dizzying array of networking products. You could even label forthcoming dreams like The Machine, or the Moonshot systems, as hardware lines. Oracle's got just Sun systems. As 3000 customers know, hardware is not a firm stake in the ground for business futures.If there's anything that seems certain here in January, it's that the creator of MPE, IMAGE and PA-RISC will continue to pursue enterprise business customers of its competitors. The customers of firms like IBM and Oracle (Sun) are just about all that can be nabbed by a purveyor of enterprise environments that are proprietary — the lame-duck VMS, the NonStop OS, and HP-UX.
The computer industry hasn't had an earthquake of a deal that'd register Oracle+HP tremors since HP bought EDS in 2008 for $13.9 billion. HP bought Compaq in 2002 for $25 billion. That's a lot of simoleons in a computing market that's growing. Dollar-wise, Oracle acquiring HP would've been 40 percent cheaper one year ago. HP's market capitalization today is $70 billion, and it was just $50 billion in January 2014.
That is, of course, the size of the un-divided HP. Hewlett-Packard Enterprise will be valued at half that. But if you could acquire the entire HP at $50 billion one year ago, and in 2015 that money would only buy half the company — and the part that's growing much more slowly — why do it when it costs more?
Oracle is more than twice the size of HP, though, in market capitalization. Right now Oracle is at $189 billion in market cap. Nobody learns about deals of this size between titans like these until the agreement is right under our noses. Everybody's got to convince their shareholders, too. An epic battle was waged over HP's Compaq purchase over just that circumstance. We can't tell, but your community also knows that kind of surprise is also true about lopping off business product lines — ones that are profitable and beloved, too.
January 15, 2015
New service level: personal private webinar
Software and service providers have long used webinars to deliver information and updates to groups. Now one vendor in the HP 3000 market is making the webinar highly focused. MB Foster is scheduling Personal Webinars.
CEO Birket Foster is available for private bookings with customers or prospects who need questions answered on a variety of topics. According to an email sent this week, the list from the company's Wednesday Webinars over the past few years includes
- Application Migrations, Virtualization, Emulation, Re-host, Retire, Replace
- Data Migration, Transformations, Decommissioning
- Big Data
- Bring Your Own Devise (BYOD)
- Data Quality, Governance, MDM (Master Data Management)
- Decision Support, Advanced Analytics, Dashboarding
- User reporting, ad hoc query and analysis
- Using Powerhouse in the 21st Century
- Enterprise Windows Batch Job Scheduling
- ITIL and APM
- Document Management
- Enterprise Data Storage
The vendor says to schedule this one-to-one briefing contact Chris Whitehead at 905-846-3941, or send a request to email@example.com, along with the desired topic and available dates and times.
For the past 3 years MB Foster has hosted Webinars every Wednesday at 11 am PST and 2 pm EST. As not everyone is available on a Wednesday, we are offering "Book a Private Webinar." If you have a topic your organization needs to address we would be pleased to conduct a webinar with your team.
If you have an alternative suggested topic, we would appreciate the feedback. Whatever the topic, we will have the webinar team include a subject matter expert to address your needs.
January 05, 2015
Securing cloud promises hardware freedom
If a 3000 manager or owner had one wish for the new year, it might be to gain hardware assurance. No matter how much expertise or development budget is available in 2015, not much will turn back the clock on the servers -- the newest of which were built not very long after Y2K. The option to escape these aging servers lies in Intel hardware. Some sites will look at putting that hardware out in the cloud.
Say the word cloud to an HP 3000 veteran and they'll ask if you mean time-sharing. At its heart, the strategy of the 1970s that bought MPE into many businesses for the first time feels like cloud computing. The server's outside of the company, users access their programs through a network, and everyday management of peripherals and backups is an outsourced task.
But the cloud of 2015 adds a world of public access, and operates in an era when break-ins happen to banks without defeating a time lock or setting off a security alarm. Time-sharing brought the HP 3000 to Austin companies through the efforts of Bill McAfee. Terry Floyd of the MANMAN support company The Support Group described the earliest days of MPE in Austin.
The first HP 3000 I ever saw was in 1976 at Futura Press on South Congress Avenue in Austin. Bill McAfee owned Futura and was a mentor to many of us in Texas. Futura was an HP reseller, and aside from a wonderful printing company, they wrote their own software and some of the first MPE utilities. Interesting people like Morgan Jones hung out around Futura Press in the late 1970's and I can never thank Bill and Anne McAfee enough for the great times.
Jones went on to found Tymlabs, the creators of one of the bulwark MPE backup products. The HP Chronicle, the first newspaper devoted to the 3000, processed its typesetting using that Futura server. For all practical purposes this was cloud computing, delivered off mid-range HP 3000s such as the Series 42 (above), even deep into 1984. But 30 years later, this category of resource has become even more private and customized. It also relies on co-located hardware. That's where Rackspace comes in. It's the target provider for the new cloud-based installations of Charon. The Rackspace mantra is "One size doesn't fit all." That harkens to the days of time-sharing.While other companies have competitive offerings in cloud services, Rackspace has the advantage of building its business model around extreme customization and significant expertise in VMware. That VMware service forms the bedrock for the virtualization in Stromasys' product.
VMware management may not be tribal knowlege at some 3000 sites which are looking to move away from older hardware. Rackspace touts proactive management "24x7x365 by our VMware Certified Professionals. You get VMware's cloud management platform to build upon, while maintaining control through the vCloud web portal and vCloud API-compatible orchestration tools." Rackspace adds that it's one of the largest VMware-powered service providers in the world.
Security can't be virtual, however. Locking down access is as much a matter of physical security of storage and hardware as it is firewall protections. Just last summer, a survey of IT managers across the industry reported that "executives are not sure they can trust what cloud providers are telling them," according to an IDG-Unisys research paper.
Rackspace offers virtual private networks, Sophos anti-virus software, distributed denial of service (DDoS) protection and something called Alert Logic Threat Management in a Security Plus package. Stromasys technical presale manager Alex Cruz said that Rackspace has the flexibility that the virtualization vendor believes will be needed to host MPE servers in the cloud.
Calculating the capital outlay for moving MPE into virtualization is likely to put managers of 3000s into some advanced spending to master extra security. A cloud service provider like Rackspace can standardize that essential feature, even while it customizes the hardware and storage configuration that Charon for MPE will require. "Integrated vulnerability scanning," says the Rackspace brief on its security, "helps you identify possible points of entry and correct them, and assists you with meeting regulatory compliance requirements."
That survey of IT executives from last year reports that 70 percent of them believe security is the biggest obstacle to hosting from the cloud. HP 3000 sites might not have the most stringent enterprise-level security for their Intel-based systems in place already, so engaging a company that promises "Alert Logic security analysts" is one way to pursue expertise. Rackspace says its security services will help customers pass PCI bank-card and HIPAA healthcare audits. Some HP 3000s are still driving ecommerce companies, even more than four years after HP's support ended for MPE. Rackspace says it's the No. 1 hosting provider to the Top 1,000 Ecommerce websites.
December 31, 2014
Top Stories Lead MPE Into New Year
The remains of 2014 are down to just a few hours by now, a year that saw the virtualization of the system take new wings while migrations proceeded at a slower pace. We reported stories about surprising homesteading sites and new players in the community which counts MPE as a significant piece of history — and for some, a platform into 2015 and beyond.
But no story of the past year would be complete without a passage devoted to the passing of the enterprise torch into a smaller Hewlett-Packard. The company that created MPE and the 3000 passed the total management mantle to CEO Meg Whitman in the summer, making her chair of the full entity. A few months later it divided itself along enterprise IT and consumer lines. The year 2014 will be the last when HP stands for a complete representation of the creations of Bill Hewlett and Dave Packard. By this time next year, a spinoff will be vying for attention of the computing marketplace.
And in one stroke of genius, it became 1984 again at Hewlett-Packard. October brought on a new chorus for an old strategy: sell computers to companies, and leave the personal stuff to others. But one of the others selling personal computers and printers usually connected to PCs is a new generation of the company. The CEO of Hewlett-Packard is calling the split-off company HP Inc. But for purposes of mission and growth, you could call it HP Ink. Genius can be simply a powerful force for good or for ill. Definition 3 of the word in Apple's built-in dictionary on my desktop calls genius "a person regarded as exerting a powerful influence over another for good or evil: He sees Adams as the man's evil genius." It's from Latin meaning an attendant spirit present from one's birth, innate ability, or inclination.
The company to be called Hewlett-Packard will concentrate on a business lineup that harkens back to 1984 a year when the LaserJet joined the product line. CEO Meg Whitman said Hewlett-Packard, devoted to enterprise business, and HP Inc. can focus and be nimble. From a 3000 customer's perspective, that focus would have been useful 13 years ago, when the lust for growth demanded that HP buy Compaq and its PC business for $25 billion on the promise of becoming No. 1.
The San Bernadino County school district in California was working on moving its HP 3000s to deep archival mode, but the computers still have years of production work ahead. The latest deadline was to have all the COBOL HP 3000 applications rewritten by December 2015. That has now been extended to 2017
And with the departure date of those two HP 3000s now more than two years away, the school district steps into another decade beyond HP's original plans for the server line. It is the second decade of beyond-end-of-life service for their 3000.
In another market segment, 3M continues to use its HP 3000s in production. What began as the Minnesota Minining & Manufacturing Company is still using HP 3000s. And according to a departing MPE expert Mike Caplin, the multiple N-Class systems will be in service there "for at least several more years."
In both cases, the 3000 is outlasting the deep expertise of managers who kept it vital for their organizations. It's taking a :BYE before a :SHUTDOWN, this longer lifespan of MPE than experts.
Stromasys took its virtualization of enterprise server message to VMworld's annual conference, where the event was pointing at cloud-based Platform As A Service (PaaS) for the years to come. The CHARON virtualization engine that turns an Intel server into a 3000 operates on the bare metal of an Intel i5 processor or faster, working inside a Linux cradle. Plenty of customers who use CHARON host the software in a virtualized Linux environment -- one where VMware provides the hosting for Linux, which then carries CHARON and its power to transform Intel chips, bus and storage into PA-RISC boxes. VMware is commonplace among HP 3000 sites, so management is no extra work.
In Kansas and in Mountain View, Calif., government organizations stepped off 3000s to move onto replacement applications. At the District Court in Topeka, Kansas, the HP 3000 "has outlived its life expectancy, making it essential that we either move on to another system or we go back to paper and pen," according to a statement on the court's website. Converting data was to be the crucial part of the migration — and will be the crucible of every migration to come. Waiting for a migration to do data cleanup is foolish, according to ScreenJet's Alan Yeo. "Yes, sure you don't want to move crap in a migration," said the CEO. "But you probably should have been doing some housekeeping whilst you lived in the place. Blaming the house when you got it dirty doesn't really wash!"
Even before the end of 2014, plenty of IT shops have closed down changes for the calendar year. Many 2015 development budgets have been wrapped up, too. Among those HP 3000 operations which are still considering a strategy for transition, there's only one assured choice for most of who's left. They'll need to replace their application. Not many can rehost it.
There are still HP 3000 shops out there in manufacturing, even online retail, that are facing decisions about how to migrate off the platform. Plenty of shadow-bound 30000 systems are running aspects of major corporations. For many others, a verbal and white-board commitment to a migration is all that can be mustered for now. Tools out there today, as well as available expertise, take a migration from virtual to reality.
In the concept of virtualization, a server is replaced by another which pretends to be just like the original. There's no new HP 3000 in emulation, for example. Just the idea of one. The essence of the HP 3000, its PA-RISC architecture, is replaced using the Charon product: software that mimics the HP hardware. Virtualization engines use software to eliminate hardware.
Some MPE migrations which have been underway for years look like they may be using up virtual man-months, so the IT group is not forced have to adopt a new application. The plan and lengthy project time eliminates any need to go live with changes.
In a virtual migration, the organization knows its intention. Get onto another environment with mission-critical apps. But the work never gets completed, something like a "forthcoming" novel that's expected but unfinished. Virtualized migrating can very well be the reason any 3000 project still has something like a 2017 target date.
What are the key stories from your chapters of the 3000's 2014? Let us know in the comments below.
December 29, 2014
Moving Pictures of HP's Contribution Origins
HP's Origins video, filmed nearly a decade ago, includes this picture of employees celebrating the shipment of the 10,000th HP 3000, sometime in the 1980s.
You can't find it on the Hewlett-Packard website, but a 2005 movie called "Origins" is still online at a YouTube address. The 25-minute film chronicles what made HP such a groundbreaker in the computing industry, and it includes interviews with the company's founders. Bill and Dave didn't appear much on camera, being businessmen of a different era and engineering managers and inventors at heart.
The link here takes the viewer directly to the Contribution segment of the story. While it is history by now -- the company transformed itself to a consumer and commodity goods provider thanks to the me-too of CEOs Carly Fiorina and Mark Hurd -- the film represents ideals that anybody in the business can set for their own career or decisions. Joel Birnbaum, whose HP Labs leadership helped deliver RISC computing for the business marketplace for the first time in 3000, sings his praise for the love of making a product that could make a difference.
But that contribution era passed away once uniformity became the essential feature of enterprise computing. By the middle '90s, HP was busy selling the 3000 as another tool that could handle open systems (read: Unix) computing. In truth, Unix was no more open than any other environment, including Windows. But Unix had some similarities between versions that could be leveraged by large enough software developers. In the videotape at left, HP offered an interview from an unnamed SAP development executive. He said his application suite had been through a test port to MPE/iX, and he believed the software had 99.5 percent code compatibility from Unix to MPE.
That half percent might have presented a technical challenge, of course. It would be thousands of lines of code, considering SAP's footprint. The MPE version of the application never made it into the vendor's price list, however. One specific client may have used SAP on a 3000 via that test port, but it was never offered as a manufacturing solution by its creators. HP's enterprise execs very much wanted an SAP offering for the 3000. That creation would have been as me-too as any product could get. "You could run that on a 3000 instead of a 9000" would've been the HP account rep's message in 1992.
SAP's exec on the video admired the 3000 customer community for its understanding of enterprise applications. But a level of misunderstanding lay at the heart of the SAP organization, whose speaker in the video said the database for HP-UX and MPE was the same. IMAGE, of course, was nothing like Oracle or even Allbase, and the latter had only a thimble's worth of adoption in the 3000 community. IMAGE gave that community its understanding of what enterprise applications should do.Large manufacturers were using MPE and the 3000 in 1992 when the video was filmed, including General Mills. Making a contribution by exploiting innovations of the computer's environment — well, that's high on the list of essential features. MANMAN, MM II and other apps offered such a contribution from the beginning. At some customer sites, they still do.
The segment that wraps up the video includes a photo of HP employees posing in the shape of the numeral 10,000 to celebrate the sale of the 10,000th HP 3000. Guy Kawasaki, one of Apple's founding braintrust, asserts that HP's DNA was in its people, "and you couldn't kill it if you tried." Any 3000 customer who's migration is headed to HP systems will want that to be true, want it as much as HP wanted a me-too SAP for MPE two decades ago.
December 12, 2014
Essential Skills: Using Password Vaults
Editor's note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for these multi-talented MPE experts.
By Steve Hardwick, CISSP
Passwords are always a challenge for security professionals. Why is creating a secure password so difficult? More importantly, how can a user tell if their password has been stolen? Typically, when all the damage has been done and the password has been used by someone else. At this point in time it is too late. One way to resolve this is to have a password vault such as KeepPass or 1Password.
A vault is a good investment of your time. A security breach that might result from having no vault might be difficult to even detect. It might be that the time the breach is discovered may not be the first time the hacked credentials were used. This might be how many times a stolen credit card is used before the owner gets the bill. Second, the hacker could have hacked the password and is just keeping it for later use or sale. One of the preventative measures for this is to require users to periodically change passwords.
This changing strategy can stem the use of stolen passwords and also prevent the future use of any that have not yet been exploited. From a user's perspective, though, generating multiple passwords every 60-90 days just compounds the passwords nightmare.
As a security professional I have seen several solutions that users concoct to try and get around this issue. One common one is to write them all down and hide the resulting list. It turns out there are not that many good hiding places. Under keyboards, behind pictures, inside speakers, taped to the underside of a drawer or chair, back of a bookcase do not qualify as good locations. Also, many users forget to update the sheet with new passwords. Another approach is to create a text file, e.g. shopping_list.txt, and put everything in there. A quick search of the most frequently used files normally finds those. Plus if the hard drive crashes, and the file is not backed up, new ones have to be set up all over again.
A variation of the last theme is to use a password vault. This is a method where the password information is stored on a file, but the file is encrypted. In this case only one password is needed, to decrypt the vault, and access is granted to all of the other passwords. The most ubiquitous form of encryption is AES - Advance Encryption Standard. AES256 encryption is adequate for most users.
However, one word of caution. If the password used to encrypt the vault is easy to guess, then the contents are at risk.Another challenge is storing the password vault file on the computer hard drive -- it does not mitigate the risk of when the drive crashes. (They all crash eventually.) This can easily be overcome by storing the password vault on a cloud storage location. Since the vault file is encrypted, this significantly reduces the impact if it is stolen from the cloud drive. As long as the master password is strong.
Vaults can also help protect you from key-loggers, a program that runs in background and simply copies all of the keystrokes onto a hidden file. A new variation of the Citadel Trojan virus is specifically targeting password vault applications with a key-logger. A password vault solution has some protection against password loggers. The vault can be built on a different machine and placed in the cloud. Once opened from the cloud on the user's system, the password is cut and pasted into the login screen.
Finally, there is a problem that a key-logger will be targeted at the master vault password. This can be mitigated by using two-factor authentication. In addition to the password, the user is required to provide a digital certificate. This specialized encrypted file can be stored on a removable storage device, USB, and accessed at vault login time. Without the password and the digital certificate file, the person trying to access the vault is thwarted.
A quick search on the Internet for Password Vault or Password Manager will result in a lot of options. Here are some criteria to be considered when choosing a password vault applications.
1) Strong encryption - e.g. AES 256.
2) Can store the vault file in the cloud
3) Runs on multiple platforms. Allows users to get access on desktop or mobile devices
4) Protection elements against keyloggers
5) Allows 2 factor authentication
6) Password generator (Optional -- caution, these normally provides secure but hard to remember passwords)
7) Browser import capability (Optional -- provides a way to import store browser passwords)
8) Password strength indicator (Optional --give a measure of the ease to which the password can be guessed)
Using a password vault will solve a lot of security problems associated with today's Internet world. Taking the storage of passwords to a secure level results in a solution that is easy to use, secure, and readily available. Plus it gets around that common problem, “Honey, what is the password for the banking site again?”
December 11, 2014
Big, unreported computing in MPE's realm
When members gather from the 3000 community, they don't often surprise each other these days with news. The charm and challenge of the computer's status is its steady, static nature. We've written before about how no news is the usual news for a 40-year-old system.
But at a recent outing with 3000 friends I heard two pieces of information that qualify as news. The source of this story would rather not have his name used, but he told me, "This year we actually sold new software to 3000 sites." Any sort of sale would be notable. This one was in excess of $10,000. "They just told us they needed it," my source reported, "and we didn't need to know anything else." A support contract came along with the sale, of course.
The other news item seemed to prove we don't know everything about the potential of MPE and the attraction of the 3000 system. A company was reaching out for an estimate on making a transition to the Charon emulator. They decided not to go forward when they figured it would require $1 million in Intel-based hardware to match the performance of their HP 3000.
"How's that even possible?" I asked. This is Intel-caliber gear being speficied, and even a pricey 3000 configuration shouldn't cost more than a quarter-million dollars to replace. It didn't add up.
"Well, you know they need multiple cores to replace a 3000 CPU," my source explained. Sure, we know that. "And they had a 16-way HP 3000 they were trying to move out."
Somewhere out there in the world there's an HP 3000, installed by Hewlett-Packard, that supports 16 CPUs. Still running an application suite. The value is attractive enough that it's performing at a level twice as powerful as anything HP would admit to, even privately.
A 4-way N-Class was as big as HP would ever quote. Four 500-MHz or 750-MHz PA-8700 CPUs, with 2.25 MB on-chip cache per CPU, topped the official lineup.
Unix got higher horsepower out of the same HP servers. An 8-way version of the same N-Class box was supported on HP-UX; HP would admit such a thing was possible in the labs, and not supported in the field. But a 16-way? HP won't admit it exists today, and the customer wouldn't want to talk about it either. Sometimes things go unreported because they're too big to admit. It made me wonder how much business HP might've sustained if they'd allowed MPE to run as fast and as far as HP-UX ran, when both of those environments were hosted on the same iron.
November 20, 2014
TBT: When Joy of Tech Was Necessary
The cover above of the SuperGroup Association magazine from January, 1985 came to mind here on ThrowBack Thursday. Fred White passed away this week, and it's been a delightful trek down the lane of memories to recall his gusto about the art of technology.
The cover above shows some of that gusto which is not easy to describe. SuperGroup understood the MPE and IMAGE technology of the '80s as well or better than any magazine of the day. But that 3000 publication edited by D. David Brown had a sense of humor and whimsy about it no other publication has been able to eclipse. (Even on my best day as HP Chronicle editor I was only cooking up editorial cartoons about PA-RISC that somebody else would illustrate, and there have been those Ken-Do strips from the NewsWire. But nothing as savvy as what was staged above.)
The players in the little romp were, from left, White, Adager's Alfredo Rego, and Robelle's Bob Green. The photo was a teaser into a great technical paper about a perceived need to acknowledge that databases needed "uncomfortable Procrustean designs... [using] methodologies associated wth normalizing and relating."
Like the paper that Eugene Volokh wrote in the following year, the technical report put relational databases in their place -- capable of permitting multiple views of data, but with a steep performance price to pay compared to IMAGE/3000. The article was on the vanguard of unmasking the shortcomings of relational databases of that era, as I read it. Also clever and playful, two words not often associated with technical writing. The paper was authored by more than the three in the picture; Allegro's Stan Sieler and Steve Cooper got credits, as did Leslie Keffer de Rego for editing.Two of the actors in that photo represented a database that had to be filled out for length, and one that needed to be chopped short. Procrustes would kill travelers by placing them in "beds of various sizes, and when he lighted on a traveler who was tall, he consigned him to one of his short beds, lopping off so much of him as exceeded the length of the stead; but if his guest were short, a long bed was provided him, and his limbs, by help of a machine, were stretched out to its length."
This kind of super-wizard comedy was essential to the period when White was spreading his wings. He was a consultant to Adager at the time and sometimes graced the speaker lists on that day's then-crowded user group meeting calendar. At one show in Southern California, held in the halls of the converted Queen Mary, I watched White expound on the exactitude of writing files to tape, an amazing talk that ran more than a quarter-hour over its 90 minutes allotted. White had more to say, too, even as the organizers had to turn over the room.
The 1980s of the HP 3000 were a time when the Joy of Tech was necessary to overcome the growing pains of the 3000's success. Users were outstripping the processing power of the CISC-based systems, and the competing databases of the era needed serious integration skills to maintain their value to their owners. That integration had been wired into the 3000 by the IMAGE work of White and others. Experts like him, Rego, and Green not only wielded the know-how, they made complex topics entertaining. In SuperGroup they found a wry editorial staff which knew how to showcase gusto.
November 19, 2014
Fred White, 1924-2014
Courtesy of his long-time collaborator and partner Alfredo Rego, this picture of Fred White was taken in 2004, when Fred was 80 and several years into retirement. The legendary co-creator of IMAGE and the SPL expert in Adager's Labs, White was a Marine Corps veteran. Rego said while offering this portrait, "I took this photo with my Olympus E-1 on October 26, 2004 (just a bit over 10 years ago!) in Cedar City, Utah, where he and Judy lived for a while. Fred invited Judy and me to lunch, and I snapped this image across the table. I loved everything there: The warm light, the delicious food, the stimulating conversation, the young college students rushing about..."
The creator of the heartbeat of the HP 3000, Fred White, passed away on November 18, 2014 at the age of 90. White died peacefully in the presence of his wife Judy and family members, of natural causes. He had relocated to Arizona after retiring from Adager in the year after Y2K. His work in building the essential database for MPE, alongside Jon Bale, was the keystone of the 3000 experience. Rego took note of a key identifier inside the IMAGE internals, one that signified a database was sound and accurate. The flag was FW, or as Rego said in a short tribute to his partner, "%043127, the octal representation of “FW” — the flag for a normal IMAGE/3000 database (and TurboIMAGE, and IMAGE/SQL)."
White's work for the 3000 community came in two stages. The first was his innovations while working for HP, building a network database which won awards until HP stopped selling IMAGE and included it with the HP 3000. (Bundled software would not be considered for prizes like the Datamation award bestowed on IMAGE in 1976.) IMAGE, integrated at a foolproof level with the MPE intrinsics and filesystem, delivered a ready field for a small army of developers to plant applications and tools. Without White's work, the 3000 would have been just a footnote in HP's attempts to enter the computer business.
The second stage of White's gifts to the community began when HP had infuriated him for the last time. Never a fan of large organizations, he left Hewlett-Packard when it became clear the vendor had no interest in enhancing IMAGE. But before he departed HP, White met with Rego when the latter was visiting HP in an effort to learn more about IMAGE from the vendor, in preparation for a forthcoming database manager he'd create. As the legend is told, White decided he'd try to help Rego just to ensure that the creation to be called Adager could emerge a little easier.
"He hoped we would answer his questions," White said in a post-retirement interview. His partner Jon Bale "said that kind of help would be contrary to HP company policy. I said to him, 'Jon, this guy’s going to get this done whether we help him or not. All we’re doing is helping a fellow human. Whatever it takes, Alfredo’s going to do it anyway.' "
"At that point, Jon said it was up to me, but he couldn’t do it because it wasn’t HP company policy. He wished Alfredo the best of luck and left. So I answered his questions, and even told him things he couldn’t possibly have thought of, such as privileged mode intrinsic calling and negative DBOPEN modes, things peculiar to the software rather than the database. We chatted for an hour and a half or so."
The exchange in 1977 pointed toward the door to the Adager segment of White's career. The years between 1980 and 2001 allowed Fred to make up for his reticence inside corporations by becoming the conscience of accuracy and fairness. Innovations for IMAGE finally arrived in the middle 1990s. But White's most saucy moment of advocacy came in Boston when HP was trying to make IMAGE a separate product once again.The battle raged in a conference hall on the scene of the Interex user group meeting in 1990. Unbundling was an HP strategy designed to make it easier to buy an Oracle database for the 3000, reducing the price of the hardware modestly while making room for an add-on product. HP's database would be on a footing with all other offerings, but White and others knew that a 3000 without IMAGE was not the product the community trusted with its loyalties.
It was an era when users offered advocacy in a tone of angst. This sometimes was not the exchange that HP desired to air in public. But it was good for the capability of the system. HP had to watch the international computer press listen to a rumbling roar of revolution from 3000 users. A meeting of the IMAGE Special Interest Group came to be known as your community's Boston Tea Party. Rego recalled the moment of highest revolt.
Fred White (co-author of IMAGE and at the time Senior Scientist at Adager Labs) addressed Bill Murphy (HP’s Director of Marketing) from the floor and complimented Bill on his tie. Fred then explained how stupid it was for HP to unbundle IMAGE. Fred continued by describing the negative effects in products that depended on having IMAGE on the HP 3000. Fred also provided some historic background by relating how Ed McCracken (a previous 3000 General Manager) had made a success of the HP 3000 by bundling IMAGE in the mid '70s. Fred was firm but courteous. No tomatoes (err, tea bags) were thrown. Perhaps the whole “Boston Tea Party” legend started because Fred used the word “stupid” in public, applying it to HP’s management, with no apologies.
The crucial work needed to support a dizzy array of date types was near the apex of White's work at Adager, details scrutinized and attended to during the advent of Y2K. After his retirement, White remained visible in both online communities and at gatherings of the 3000 community's most formidable minds.
His computer career crossed five decades, starting in 1957 when programmer degrees didn’t exist and math experts did the heavy lifting to create file systems, operating environments and applications. In the beginning of his work for HP, he was creating the first file system for the 3000. He was then transferred to another project that grew into the creation of IMAGE.
He came to his HP work from 12 years of positions at Sylvania Electronic Defense Lab, United Technology Center and IBM. White had prepared for his more than 43 years of programming by work and study in forestry, engineering, Japanese, criminology and math. He joined Sylvania two months before Sputnik was launched by the Russians. By 1969 he’d responded to HP’s entreaties and followed some UTC colleagues to HP Cupertino, where he headed up the File System Project for the Omega System, which evolved to MPE.
Never a fan of large organizations, White eventually left HP in 1981 after he had been moved away from IMAGE and onto other projects. He first met Rego when the latter traveled to HP Cupertino to meet the IMAGE creators and learn more about IMAGE and its data structures. White took a post which Rego offered as a consultant to Adager in 1981, and became a senior research engineer for that company in 1989.
During the 1980s and 1990s, the tall, silver-haired programmer cut a notable swath through the HP 3000 community, especially at the annual Interex user group meetings. Always ready to level with HP’s management about what the HP 3000 needed, White’s comments and criticisms in those meetings represented the same unflinching focus required for his SPL programming on the 3000’s internals.
White always wanted to stay busy at his work. In 1946 he worked on Okinawa as a Japanese interpreter for a construction company and applied for a decrease in pay when he thought the company hadn’t given him enough to do. His 19-plus years with Adager made up the biggest single stay in a career in which he said “I quit a lot of jobs. That’s what I’m prone to do when management screws up.”
In his retirement White was active with family members, traveling, hiking and bird watching. The subject of the watches was mostly raptors, he added. "We like our place in Clarkdale (desert plants and critters) with great views of Mingus Mountain and the red rock area of Sedona," he said in 2003. "I like keeping in touch with many of my old friends and enemies on the Internet and mailing lists."
When we asked him about the single biggest mistake HP made with the HP 3000, White was ready with
"at least five I can think of. 1. Not having the development teams being the support teams. 2. Getting in bed with Oracle. 3. Not being aware that there are no relational databases, just relational access to databases. 4. Following the Unix pied piper. 5. Not marketing the HP 3000. For example, they never bothered to tell the world that the computers they used at corporate headquarters were HP 3000s."
As to what kept him so productive for so long, he mentioned his single-language focus on SPL, as well as still being interested in his work. But he also said, "Having a boss who was more interested in quality than quantity." The community poured out good wishes to a special email address, firstname.lastname@example.org, in his final days. One developer who heard of his passing said, "Let's hope that when Fred gets upstairs, his entry permit to Heaven is stamped 'Automatic, Master'."
October 29, 2014
Security experts try to rein in POODLE
Sometimes names can be disarming ways of identifying high-risk exploits. That's the case with POODLE, a new SSL-based security threat that comes after the IT community's efforts to contain Heartbleed, and then the Shellshock vulnerability of the bash shell program. HP 3000s are capable of deploying SSL security protocols in Web services. Few do, in the field; most companies assign this kind of service to a Linux server, or sometimes to Windows.
The acronym stands for Padding Oracle on Downgraded Legacy Encryption. This oracle has nothing to do with the database giant. A Wikipedia article reports that such an attack "is performed on the padding of a cryptographic message. The plain text message often has to be padded (expanded) to be compatible with the underlying cryptographic primitive. Leakage of information about the padding may occur mainly during decryption of the ciphertext."
The attack can also be performed on HP's Next Generation Firewall (NGFW), a security appliance that is in place protecting thousands of networks around the world. Other firewalls are at risk. Just this week HP released a security patch to help the NGFW appliances withstand the attack. External firewalls are a typical element in modern web service architectures.
A POODLE attack takes a bite out of SSL protections by fooling a server into falling back to an older SSLv3 protocol. HP reported that its Local Security Manager (LSM) software on the NGFW is at risk. But a software update is available at the HP TippingPoint website, the home of the TippingPoint software that HP acquired when it bought 3Com in 2010. TippingPoint rolled out the first HP NGFW firewalls last year.The TippingPoint experts seem to understand that older protocols -- a bit like the older network apps installed in servers like the 3000 -- are going to be indelibile.
The most effective mitigation is to completely disable the SSLv3 protocol. If this is not possible because of business requirements, alternately the TLS_FALLBACK_SCSV flag can be enabled so that attackers can no longer force the downgrade of protocols to SSLv3.
What's at risk in your data pool? HP says it likely to be sensitive, short strings of data such as session IDs and cookie values, "which can then be used to hijack the users' sessions, etc."
Et cetera indeed. The added challenge which enterprise managers assume once they move into open networks are the POODLEs, shocks to a shell and the bleeding hearts of newer operating environments. The security expertise to meet these challenges is a well-spent investment -- whether it's through a 3000-savvy services provider, or the vendor of the migration target system that's just replaced a 3000.
Basic information on these threats is always provided for free. Implementation savvy can be a valuable extra expense. For example, HP adds this nuance about disabling protocols.
An important note: both the client and server must be updated to support that TLS_FALLBACK_SCSV flag. If both allow for SSLv3 and one of them has not been updated to support the flag, the attack will remain possible.
October 24, 2014
Legacy Management: More than Rehosting
Speedware became Freshe Legacy several years ago, and in 2012 the company's business crossed the watershed from Hewlett-Packard sites to those running IBM's AS/400 servers. The latter is now called IBM i, and in one interview Fresche CEO Andy Kulakowski said the company's customers are now 85 percent IBM users.
The world of IBM i is still populated with product releases, vendor support, and the challenges of keeping a legacy line of computing looking current. Last month Fresche purchased the assets, intellectual property and customer base of looksoftware (yes, all lowercase and all one word.) Next week the newest tool in the Fresche belt goes on display in one of the oldest of enterprise venues: a $949 user conference, COMMON.
COMMON has served IBM users since before there was an Interex. The first meetings of the group surrounded the IBM Series 1800, a data acquisition and control system which was similar to the 3000 in that it used a Multi Programming Executive (MPX) operating system. COMMON meetings began in the 1960s, and the 1800 was used in product for more than 50 years. Even though COMMON attendance has dropped and the gatherings have gotten shorter, the group still assembles the experts and the faithful once a year for a classic expo and education event. This year's is in Indianapolis, following the model that Interex used for HP 3000 customers: a moveable feast taking place in cities both great and, well, common. One forgettable year the Interex show was held in Detroit. In the Midwest, however, a great number of manufacturers and distributors have always used business systems like the 3000 and the i.
Drill into the looksoftware website and you'll find mention of the HP 3000 in the Modernization Solutions section. Along with methodologies such as cloud enablement, database modernization and automated code conversion, MPE/iX customers can find a relevant line, "Re-hosting (HP e3000)." COMMON attendees could very easily hear about rehosting at the conference. After decades of serving just the AS/400 family, it's now an expo that embraces Unix and Linux computing from IBM, too.There are other methods to revitalize an HP 3000, but moving those business applications onto a new host is the classic strategy. Business Rules Extraction, Consolidation and Export is also among the solutions listed in the looksoftware services stable. Taking a customer's business rules along during any transition is a must. A "lift and shift" is what Fresche called the move onto non-3000 hardware back when the firm was called Speedware.
There's not much of that kind of business left in the 3000 customer base by now -- certainly not compared to the number of modernization opportunities for the AS/400 crowd. IBM has a strategy book that's released every year for IT planners called the Redbook. The latest edition, the largest ever in the history of the publication, is Modernizing IBM i Applications from the Database up to the User Interface and Everything in Between. Over at the IT Jungle website, the editors are calling the current Fresche strategy of acquistions "a page right out of the Redbook." The book's 687 pages are summed up thusly by the website.
It refers to modernization as "a sequence of actions" and "a process of rethinking how to approach the creation and maintenance of applications." Much of the focus is on application structure, user interface, data access, and the database. There's a lot of out with the old and in with the new here.
Adding new companies isn't new to the Speedware/Fresche history. The company acquired Neartek for the latter's AMXW software, for example, once the migrations were in full play in the 3000 market. Databorough is a similar acquisition, a database software firm whose products are useful tools in the mission Fresche calls legacy modernization. User interfaces get a rejuvenation, data access and pathways to more current data resources, and usually newer hardware arrives. Not hardware from a vendor other than IBM, however. For that kind of modernization, you have to look to the HP 3000 community. Yes, Fresche Legacy will rehost your MPE/iX apps, using a different methodology than any virtualization supplier. The new technology goes beyond hardware and IO and chip-level environments. It includes a new operating system, databases, and surround code.
One of the other significant throwbacks in legacy enterprise arenas are languages. MPE's got COBOL, and the IBM i has RPG. The RPG langauge was once so central to IBM enterprise computing that HP built an RPG compiler to run on the 3000. Its goal was to steal away Series 38 IBM shops. Next week at COMMON, Kulakowski will be spreading the message that in the IBM world, "There are lots of tools and services that support the move from RPG to more modern environments."
Kulakowski sees the age of the engineer and developer as a factor in modernization. Quoted in IT Jungle, he said
Generations X and Y are coming. They are very big part of population and will be far more demanding than we were. I think it would be a losing battle to try to convince them to use RPG as a development platform. It's up to us to set the table for the generation to come. We have the tools and technology to do that. That's the revolution I would fight for.
Fighting for refreshed MPE/iX hardware is a campaign for the non-migrating 3000 customer -- managers and owners with no conferences left to attend, and nothing like a 678-page Redbook playbook to follow. There's only one virtualization vendor for PA-RISC hardware, so at least the vetting of the suppliers won't take as long. There's not much choice, and that can have its downsides. But it might be a good thing to have no reason to visit Detroit or Indianapolis this fall, just to keep an IT operation modernized. Late-generation hardware is about as modernized as an MPE homesteader will be able to get.
Of course swapping out hosting hardware, by using a Linux cradle for MPE/iX, is a different level of churn than turning out the operating environment. For that sort of change, a trip to a city to ask questions face to face might well be a good business process.
October 21, 2014
Macworlds expire. Apple soars. Not linked.
You can file this report under Types of End of Life. The HP 3000 had an alleged end of life. HP announced it about 13 years ago, but that was the vendor's report about its 3000 activities. There can be a demise in classic support structures for a system once it wanes. But those structures, like information and community events, might be wobbly all by themselves. Things do change.
Everything called Macworld has now gone away. There was a print magazine, roaring through the '80s, the '90s, and even until about 10 years ago. Printed publications about computer lines, focused on one vendor, built this industry. IDG owned Macworld, owns PC World, owns Computerworld. Only the last publication still prints news on paper and sends magazines into the mail. Things change. There's this invention called the Internet.
In another post I pointed to the HP publications no longer in print. All of them, except for the Newswire. HP Professional, InterACT, HP Omni. Long ago, SuperGroup, and HP User. Interex Press, HP World. Every one of them exited. The departure for some was the trigger of that HP end of life announcement. Others rolled over when something bigger died: their parent company, or interest in Hewlett-Packard's products. One of the last executive directors of the Interex user group asked a big question: "How do you make a vendor-specific user group relevant in a cross-platform world?" said Chuck Piercey.
Another way to go out of the show business: tell your partners nothing about the departure, and market as if it's all going fine. This, from a web page less than four weeks before the final, canceled HP World conference -- a page still online on the day before the user group's demise.
IDG's expo division has asked the same stay-relevant question about the 30-year-old Macworld conference. And answered it. The expo is now on hiatus, and unlikely to emerge again. Macworld Expo added a sister expo called iWorld to embrace the rocketing mobile products from Apple. More than one third of Macworld/iWorld exhibitors bought booth spots in a bullpen called the Appalooza. More important, though, was the exodus of tens of thousands of square feet of show space, once purchased by the industry's giants. Adobe. HP. Canon. Microsoft. Little vendors in little booths were not enough to counter big changes in our industry's communication.
Apple reported a record profit yesterday, and its stock is trading at $716 a share (corrected for the 7:1 split of the springtime). Apple announced an end of life of its user show exhibitions four years ago. Macworld Expo never was the same. The vendor got healthier and bigger, so why did the magazine and show founder? Things change. Customers, always the prize for a conference or a magazine, found better ways to learn about owning products. And what to purchase.Purchasing is not a big part of the HP 3000 experience anymore. Not like it was when there were seven Hewlett-Packard-focused publications, or even where there were just four left in the world. Purchases for HP 3000s involve replacement systems, virtualized alternatives, support, and migration services. Some software makes its way into the commerce chain. But a replacement package for another system is most likely to be a line item on a budget. Training will be on the new platform, in nearly every encounter.
HP's fortunes have been rocky over the last four years, ever since the company cut loose its majordomo Mark Hurd. That decline hasn't affected trade shows for the vendor -- it runs the only genuine meeting it calls HP Discover. The days and nights of Discover are likely to continue for many years. HP sells at that conference and trains customers and its staff. Education isn't the point of a trade show visit anymore. Seeing products and asking questions about them -- that's done over the Web.
The printed publication, the trade conference: these are artifacts of a world where you needed paper and pacing an expo floor to learn the most important things about a computer you love. I attended seven of the last Macworld Expos, including a couple of memorable Steve Jobs speeches about embracing Intel chips, and yes, the iPhone debut. Special mornings, those were, seeing Intel's CEO emerge in a clean room suit onstage. Or watching the faithful crowd seven-deep around the initial iPhone, rotating in a Gorilla Glass case. As it happens, that iPhone debut was a watershed. More than half of Apple's business now comes from mobile products.
The last six mobile rollouts have been press-only by invitation -- and a short list at that. The events were webcast live, with video and audio ever-better on each rollout day. PR has shifted from in-person, or by-phone, to texts and emails and webinars and live demos. You don't need to be someplace to learn a certain amount about a computer. That certain amount is enough for most customers and partners. Enthusiasts want more. In the Apple world, they'll have to go to their laptop screens or iPhones to get it.
In truth, they're already there. In the HP world, the customers are reading webpages and watching webinars. One of those two vendors, Apple, has its afterburners on full throttle. Hewlett-Packard separated from the 3000's orbit four years ago. HP Enterprise customers will see a new world of a company next year after the vendor's split, but there won't be an HP World again. Not in print, not in an expo hall. Those are legacy means of communication and exchange. The expos hosted community, but newer generations of customers find community on mobile screens. Everything changes, and everything ends.
Here's to you, partner-based expos. You were wondrous fun and a rocket-sled ride while you lasted. The depth of any vendor's ride into the customer's heart will be determined by vessels on other trajectories.
October 17, 2014
Tracking MPE/iX Vulnerability to Shellshock
Security experts have said that the Shellshock bug in the bash shell program is serious. So much so that they're comparing it to the Heartbleed breach of earlier this year. Many are saying Shellshock is even more of a threat.
Once again, this has some impact on HP 3000s, just like Heartbleed did. But you'll need to be managing a 3000 that's exposed to the Internet to see some risks to address as part of system administration. Web servers, domain name servers, and other net-ready services provide the opportunity for this malware. There's not a lot of that running in the customer base today, but the software is still sitting on the 3000 systems, programs that could enable it.
Authorities fear a deluge of attacks could emerge. The US government has rated the security flaw 10 out of 10 for severity.
Bash is open source software, and our expert on that subject Brian Edminster is working on a specific report about the vulnerabilities. Hewlett-Packard posted a security bulletin that points to a safer version of the bash shell utility. But that version won't help HP 3000s.
It's not that HP doesn't know about the 3000 any longer. The patching menu above shows that MPE is still in the security lexicon at Hewlett-Packard. But Edminster thinks the only way to make bash safe again on MPE might be to port it a-fresh. "The 3000's bash is version 2.04, but the version that's considered 'current' is 4.x (depending on what target system you're on)," he said. "So if v2.04 is broken, the code-diffs being generated to fix the issues [by HP] in late-model bash software won't be of much (if any) use."One report in a UK newspaper suggested that "if online retailers use older, mainframe-style computing systems, they are likely to be vulnerable." That sounds like one way to describe the Ecometry sites still selling online with MPE versions of that software. Many of those customers do not have the 3000 directly exposed to the Internet, though.
The bug allows hackers to send commands to a computer without having admin status, letting them plant malicious software within systems.
HP has released a software update to resolve the vulnerability in HP Next Generation Firewall (NGFW) running Bash Shell. Version NGFW v22.214.171.12453 will fix the breach in that that product. But NGFW doesn't run on MPE/iX.
Edminster forwards this advice while he's working on his report.
It's most likely to be an issue for web services that use bash scripts to process web-page input for example, such as machines exposed to the Internet, and those that have services that can accept input from the 'net. I'll work to round up as many examples of potential places this can be felt on a 3000, so that folks know where to look.
Yep — this one is messy, because it's not quite so cut-and-dried as HeartBleed was.