March 15, 2017
3000 job fills at mainframe's speed
Public listings of HP 3000 positions can be tricky to track. A Web search I run with Google tagged an opening in Pennsylvania last week. Google will track a search term and email results to you. Although "HP3000" returns a lot of pages about 3000-horsepower motors, it sometimes unearths news.
The position looked like a classic one and didn't seem to be related to migration work, although it's hard to verify the latter. The immediate opportunity, posted by David Mortham of staffing firm The Fountain Group was for an "HP 3000 Mainframe Engineer."
We are seeking a HP 3000 Mainframe Engineer for a prominent client of ours. This position is located in Collegeville, PA. Details for the position are as follows:
- Good knowledge in HP3K Mainframe.
- Good Experience with COBOL, Suprtool, Cognos Quiz, QTP and MPEX.
- Able to work on enhancements as per the business requirements.
- Able to troubleshoot issues within HP Mainframe Environment.
- Able to handle the technical production support issues
- Prepare technical documentation for various processes flow applications.
- Able to manage business requirements, writing business requirement documents / technical design documents.
- Excellent design and technical query writing skills.
It's all there: Powerhouse 4GL, aided by top tools MPEX and Suprtool, with the applications in COBOL. It wasn't available less than a week after the March 6 posting. 3000s can not only be as fast as any mainframe, the remaining openings in 2017 move off the market at similar speeds.
There's not much of a clue about where this 3000 job, a full time one at that, was open. But the listing floated up on the Higher Education job board. Ursinus College, an institution nearly 150 years old, is in Collegeville. Universities earn higher regard when they're older. Some business computer systems do as well.
Get e-mail notice when the NewsWire blog gets a new entry. Just say "Blog Me" in a message to firstname.lastname@example.org.
March 13, 2017
3000 friends: Meet in the Valley, or seaside?
An HP 3000 user group meeting has become so rare by 2017 as to be legend. After Interex closed up shop suddenly in 2005, Alan Yeo organized a late-binding gathering in 2005, then another in 2007 and another in 2009, all in Silicon Valley. By 2011, Yeo was working along with me and Marxmeier Software's Michael Marxmeier to put on the HP3000 Reunion at the Computer History Museum. The Reunion provided the debut spot for the only HP 3000 emulator, the Charon HPA from Stromasys.
Then the meetings began to evolve to reconnect us without needing a formal program. The most enjoyable part of the formal meets, after all, was the SIG-BAR gatherings in the hotel lounges. Gossip and speculation were always a key part of SIG-BAR. Lately the meetings have moved exclusively to this Special Interest Group. Last year there was a lunch meeting at the Duke of Edinburgh pub, set up by Birket Foster.
There's something about these leaders that can rouse people to return. The Bay Area in summertime has drawn a rich collective of 3000 veterans and experts. In 2008 the Computer History Museum hosted a seminar on 3000 software history. Another fellow with user group meeting experience is leading this year's charge to the Valley.
Dave Wiseman notified us about a 2017 gathering he's setting up for the Bay Area.
So we used to all be good friends in the community and its about time we met up again for a beer or three. We had a couple of very pleasant meetings in the UK and I am in California early June so I thought that I might organize one in the valley around June 5/6/7th. I am happy to organize a meeting while I'm in San Francisco. Could you tell me if you would be interested in coming? We’d love to see all of our old friends again
Dates: Any preference for Monday June 5th, or Tuesday June 6th?
Location: San Francisco/ SFO airport hotel/ Cupertino, or Santa Cruz (I’d see if we could book the Dream Inn for a Santa Cruz location)
Time: Lunch, afternoon or evening
Please email me, email@example.com, so we can see if there are enough people interested to make it worth everyone's while.
I'd put a vote up for the Dream Inn (above, seaside) since it was a stop on my cross-California 20th wedding anniversary trip with Abby. They're even got a Dream Floor at the top.Stan Sieler has already said he's available for the meeting, even before it's got a firm date and time and location. Stan has to make room for a magic class he teaches on Monday nights. With enough interest, users could make a meeting appear this summer.
Unlike the full-on group meetings of old, today's gatherings feature no Powerpoint slides and plenty of memories—plus updates on what everyone is doing these days that's different.
January 04, 2017
Future Vision: Too complex for the impatient
Seeing the future clearly is not simple, and planning for our tomorrows is a crucial mission for most HP 3000 owners and allies. Changes easily cloud the vision of any futurist—people who dream up scenarios and strategies instead of writing science fiction.
Or as Yoda said, "Difficult to tell; always in motion is the future."
Economics makes every future vision more compelling. A friend who just became a city council member reminded me of this when she talked about taxis and hotel checkouts. These things are the equivalent of COBOL and batch job streaming—just to remind you this post is an IT report. Disruption surrounds them. COBOL, batch, hotels, and taxis still keep our world on its feet. Nearly all of us reach for a legacy solution when we're finished sitting in the bathroom, too.
The new council member forwarded a futurist's article on Facebook—where so many get their news today, alas—an article that pegged so many bits of the economy that are supposed to be going the way of MPE V. (I think we can all agree it's really over for the OS that powered 3000s before PA-RISC.) The Facebook article says we need only to look at Kodak in 1998 when it "had 170,000 employees and sold 85 percent of all photo paper worldwide. Within just a few years, their business model disappeared and they went bankrupt." The timing is wrong, just like the timeframe predicted for total migration of the 3000 base. Was: 2008. Now in 2017: still incomplete.
The futurism you hear predicts things like "What happened to Kodak will happen in a lot of industries in the next 10 years — and most people won't see it coming. Did you think in 1998 that three years later you would never take pictures on film again?" Nobody did, because it wasn't true in 2001 that film disappeared. Neither had MPE disappeared by 2006. These predictions get mangled as they are retold. This year's IT skills must include patience to see the future's interlocking parts—a skill that a 3000 owner and manager can call upon right now. Since it's 2017, in one decade we'll be facing the final year of the date-handling in MPE that works as HP designed it. I'll only be 70 and will be looking for the story on who will fix the ultimate HP 3000 bug.
I love reading futurist predictions. They have to concoct a perfect world to make sense, and the timing is almost always wrong. Kodak took another 14 years after 1998 to file for bankruptcy. But after I disagreed with my friend, she reached for her own success at using disruptive tech to make her point. Even an anecdotal report is better than retelling abstracted stories. The danger with anecdotes is that they can be outliers. We heard them called corner cases in support calls with HP. You don't hear the phrase "corner case" during an independent support call. The independent legacy support company is accountable to a customer in the intense way a hotel operator commits to a guest. A guest is essential to keeping a hotel open. A lodger at an Airbnb is not keeping the doors open, or keeping jobs alive for a staff of housekeepers. There can be unexpected results to disrupting legacies. People demand things change back from a future vision. Ask voters in the US how that turned out last year.
You can call the OS running Amazon an environment, but Linux doesn't much care if you succeed with it or not. Investing in your success was what brought companies to HP's 3000. It's too much to hope for benevolence from a corporation. However, if we can all stop peeling the paint off of future visions, if only we can stick to the details and know that change doesn't come easily, or quickly, we'll be okay. They're still building hotels in spite of Airbnb, just like you're still maintaining COBOL code and modifying those jobstreams first written in the previous century.
It helps to get the facts right. AirbnB isn't a hotel company at all, and faces laws to curtail its business in US states including New York. It has few provisions for safety and fraud that can stand the test of a court matter. Watch out for auto-driving cars, auto industry. Another slice of folly is that this industry is headed for the scrapyard by the time MPE/iX gets to the end of its CALENDAR function. Auto-drive car tech is more decade away if it can evade the non-auto-drive cars that will litter the roads for decades.
Onward the bright future goes, with tech saving the day by saving lives and shutting down medicine as we know it. Who needs so many doctors when you have a Tricorder X? Revised rules for that tech-doctor device contest say the Tricorder X won't have to detect tubercolosis, hepatitis A, or stroke. "Goodbye, medical establishment," so long as you don't need those conditions detected. 3D-printed houses might be built, but who will assemble them: robots that cost no more than today's tradesman labor? You can get a 3D selfie today, and a gun's parts printed 3D. We were promised code that writes itself, weren't we, when object-oriented computing and Java swept in?
A sweep of futurism helped HP put away its 3000 business. The lives that are changed and jobs lost are not a concern of the futurist. Then another change enveloped the futurist who was certain that selling systems was a secure spot. This year there are rumors Hewlett-Packard could sell off its servers business. That one is a piece of data like those ever-present reports of HP splitting up. They were just rumors for years. Then it came true. Economics, not technology, made that come true.
Nothing is impervious to change, and to celebrate the marvel of technology upending legacy leads us astray. The future is a blend, not nonsense like "Facebook now has a pattern recognition software that can recognize faces better than humans." Or, "In 2030, computers will become more intelligent than humans." How many faces, and how many humans? I'm still waiting on the flying cars I was promised at the World's Fair of 1964.
My council member says that while in Amsterdam last spring she was struck by the stark difference between ornate 16th Century architecture downtown and the simple square box apartment buildings in the suburbs. "I asked our Airbnb host about it and suggested this: There has not been a reduction in human creative intelligence. It's just that in the 1500s all that creative energy was being put into architecture, and today it's being put into the digital world. Our host, a bright young Dutch digital engineer, smiled and said he agreed with me." As every good host does.
Then Uber arrived for the ride to the airport, I presume, using a car that the company wasn't invested in, driven by a person who was working a 12-hour day pitted against a fleet of freelancers that keep Uber's business model thriving for the corporation. "And no money changes hands" was my friend's punchline, overlooking the part of the Dutch economy using ATMs and currency, or the fact that you tip your housekeeper in currency unless you don't pay one.
The futurists want you to be wary. If you don't prepare for the future, "you're going down with Kodak, the cable companies, landline phone makers, Macy's, video rental places, printed books and tape backup media." Or you can find a life keeping yourself in the present, the happiness of the now. Making good things last longer is resourceful and sometimes inventive work. If the last 15 years have taught our community anything, it's that the future arrives slowly and looks nothing like we expect. Even my council member knows the value of legacy, asking "If we close down all our paper mills, who will make our toilet paper?"
November 07, 2016
Work of 3000s Helps Preserve Democracy
Tomorrow is a very special day in America. In a land called the United States we're going to elect a President to unite us. The kind of future we work toward will be chosen on that day. I'd like it to be the same kind of future the HP 3000 community has always worked toward.
This computer is called a business server because it works to meet the needs of business. A business relationship is at the heart of manufacturing concerns, insurance organizations, e-commerce companies and more. Business is at the heart of good relations with others in our world. MPE/iX software has always been a part of good relations. Much it serves the processes of business like invoicing. Going Forward Together might as well be a way to say Make Relations Through Documents. Business documents are the bedrock of your community.
In the earliest part of our 21st Century, Wirt Atmar was holding a seat as the conscience of this community. The founder of vendor AICS Research railed at HP's plunder of loyal customers, then proposed a Plan B to resist needless change. It was a time of high passions. The most crass and base expressions of the IT pros in our world were on display in the 3000-L listserver in that era. But since this is a republic with freedom of expression, although that trolling was revolting, it was tolerated. Much of that era's tone seems gentle compared to what's assaulted our ears and our spirits since this year began.
Back in 2004, Atmar was teaching his community how affordable Web-based lecture software could give minds a common ground. His QCShow product followed QCTerm, and both of those sprang from the makers of QueryCalc. In an HP World demo and lecture, Atmar explained his belief about how an HP 3000 was an alternative to war and atomic armageddon. These are real prospects for an American future. It feels like a disturbing misfit that anyone devoted to MPE, and having built a life's work from it, should vote for anything but a diplomatic leader.
Atmar had a fascinating background, including a stretch of his life when he worked to estimate and calculate the effects of annihilation. Nuclear throw weights -- the number of tons of atomic bomb to destroy various numbers of people and structures -- were his everyday work as a scientist in a government defense contract. He said he hated every day of his life that he had to wake and perform that work.
In contrast, when he created business tools that delivered invoices and orders, he felt his work spoke to the very root of human decency. Invoices, he said, were the everyday diplomacy of enterprises and organizations. I agree to purchase these goods and services, each would say. I agree to make and deliver them as you ordered, replied each sales receipt. A world still sending invoices, he said, ensured that war and revolt was a poor choice. Invoices were an expression of peace and a shining light for democracy and capitalism.
Something approaching half of America has already voted in this year's Presidential election. For those who have not, asking if a leader should respect business partners, find allies, and preserve relationships with respect— these all are a guide for anyone who's ever programmed or managed an HP 3000. Nobody is perfect. Anyone who wants to lead us should respect invoices, contracts and agreements. Tearing up a legacy is a poor start toward the future. Every HP 3000 community member should agree on that, and agreement is a good start toward where we need to go. We don't need to migrate away from working together and moving forward. Rather than looking back, we should take a hand in making history. Vote tomorrow and make some.
October 19, 2016
Come together to conference with CAMUS
Admit it. It's been a long time since you talked person to person about your HP 3000 with somebody outside your company. User conferences and one-day meetings for 3000 folk used to be as common as leaf piles in October. That's what happens when you live a long time. You can outlive your community and lose touch.
CAMUS, the Computer Aided Manufacturing User Society, has a way to reconnect. At 11 AM Central Time on Thursday, Nov. 10, the Annual User Group meeting of the organization will form around a conference call. Terri Glendon Lanza of CAMUS is organizing the call. It's free.
The agenda, shared by CAMUS member Ed Stein of MagicAire, is 10 minutes of CAMUS announcements, followed by general discussion with the Board of Directors and everyone on the call. It's manufacturing managers who make up CAMUS, but you might have questions about a certain emulator that earned its stripes in the Digital market before arriving to emulate HP's 3000 systems. Both Digital and MPE managers will be at this conference.
Or you may be interested in the new ERP replacement for MANMAN, Kenandy. Experts from the Support Group -- which is installing Kenandy at Disston Tools this year -- will be on the call. You might just want to know something about MPE management that could take only a minute to answer.
Send an email to Terri at firstname.lastname@example.org, or call her at 630.212.4314, to get your conference call-in phone number. The call runs until 12:30 Central Time. You might learn something, or get to show what you know.
July 27, 2016
Did PCs hold Hewlett-Packard off the pace?
Stock activity is the best-quantified way to assess the strength and prospects for a vendor. Few of the HP 3000 vendors ever reported stock pricing, so we always swung our spotlight on the system creator's stock. The results became entertaining after HP stopped making 3000s—but rarely entertaining in a good way.
Now it appears that shedding its New Money products has pushed Hewlett-Packard Enterprise's stock into fresh territory. HPE hit the low $20s of share price this week. That's a 52-week high, and even higher if factoring in the fact the stock was chopped in two last fall.
Operating systems, software and hardware are only part of the story at HPE. Services were brought across in November, but their performance has skidded. As the break-off firm that reclaimed the HP Old Money business computing that drove enterprises, however, HPE has had a better time since the splitup. HPQ, making a living off the PCs and printers, remained under $14 a share today. The companies started out with equal assets and stock prices. What Enterprise has changed is the company's focus. The vendor is no longer trying to be everything to everybody.
Earlier this summer HPE announced it was getting even leaner. The enterprise services business, which bulked up HP's headcount and revenues as a result of acquiring 144,000 employees from EDS, will now be a separate entity. The move pushes HP closer to the business target it pursued while it was making the HP 3000 soar: sales to IT enterprises of software and hardware. This time around, they want to sell cloud computing too. But the old Apps on Tap program for the 3000 in the late '90s was a lot like that, too.
The extra systems focus, coupled with the stagnant action on the PC-printer side, suggests that straying from enterprise computing was a boat-anchor move. Hewlett-Packard Enterprise has put a new-era spin on the box-and-software pursuit, though. The CEO says putting Services on a separate course makes HPE a company with 100 percent of its revenues channel partner-driven. In effect it means all deals need a third party. This is the course the old HP could never adopt, much to the consternation of 3000 vendors.What does it look like when HPE says it's an all-channel vendor? CEO Meg Whitman explained the enthusiasm in an article for Computer Reseller News.
"The message for the partner community around this spinoff is we now are even more enthusiastic about the partner community -- if that is even possible -- because we are pretty enthusiastic," said Whitman in an interview with CRN at June's Discover conference. "We have got to partner even more aggressively with our partner community to deliver software, to deliver converged infrastructure, to deliver hyper-converged. We have no business now that doesn't go through partners."
The convergence of software vendors with a system vendor got a short-circuit in the 1990s. HP adopted printer-style distribution and reseller strategies for its enterprise products. What was once a company-led salesforce became fractured. Software companies that built their business around an HP they knew and partnered with saw the company's focus tilt away from fine-tuned environments like MPE. Commodity computing ruled and the march toward Somebody Else's OS accelerated.
In the new Hewlett-Packard, commodity belongs on the HP Inc. side of the split-up vendor. All of those bodies selling and providing services will now be part of a mega-support corporation HPE is spinning off to Computer Sciences Corporation. Less commodity, less headcount-driven business—it makes the new entity feel more like the old company of the HP Way. Long gone, but apparently not forgotten at the executive level.
July 22, 2016
3000-free Southwest suffers airline IT crash
Three straight days of system outages cost Southwest Airlines more than $10 million in lost fares this week. The company's COO Mike Van de Ven said that the router crashes which started the meltdown are not uncommon. But then the routers triggered Web server crashes. Finally, the company's disaster recovery plan failed to save the IT operations. Social media posts from customers complained of delayed flight departures and arrivals and an inability to check in for flights on Southwest's website. The running count by Friday morning was 700 canceled flights, with another 1,300 delayed. People could not get to gates without boarding passes.
Customers running 3000s through the 1990s might remember Southwest as a shining star in the MPE/iX galaxy. The system came online with ticketless travel using MPE/iX software developed at Morris Air. When Southwest started to skip the paper, it was one of the very first major airlines to do so. Dispensing with paper tickets was possible because of the 3000's unparalleled reliability.
Stranding an estimate 4,000 customers was never a part of the 3000's history at Southwest. The computer was the dominant ticketing tool in an era before the elaborate security checks in the US. From Wednesday through today, customers on thousands of its flights could not check in at kiosks or via those web servers. The IT failure happened as the Republican National Convention closed out its Cleveland circus.
It's commonplace for a system vendor who's been shown the door, like the 3000 group was in the first decade of this century, to say "It wasn't on our watch" when a crash like this hits. But being commonplace won't recover those millions of dollars of revenues. Maybe they were a small fraction of the overall savings while leaving the 3000. The reliability of an airline is worth a lot more than delivery of a product, though, like an auto. Hertz was a 3000 shop for many years, and their portion of the travel business didn't suffer these woes, either.
Both companies made their IT 3000-free while the worst fact about the system was that HP stopped selling it. They both had plans to expand, strategies MPE/iX wasn't going to be able to handle easily, too. When a vendor ends their business plans for a server, the sweater of coverage unravels one thread at a time. Mission-critical systems are never supposed to leave a publicly traded company naked from the waist up, however.Mission-critical design of air carrier IT architecture failed this week. In the ultra-competitive market for travel Southwest took a black eye that will cost several times more in lost sales than this week's travel refunds. Anxious travelers or crucial flyers will skip a Southwest flight for awhile. Travel has immense mission-critical demands.
The company's CEO Gary Kelly had to tell reporters something that founding CEO Herb Kelleher never was faced with. "We have significant redundancies built into our mission-critical systems, and those redundancies did not work," Kelly said in a conference call. "We need to understand why and make sure that that doesn't happen again." Southwest's chief commercial officer said every customer affected on Wednesday or Thursday would be contacted. The company extended for a week a fare sale scheduled that was supposed to end July 21.
Southwest also had to contact the travelers affected Friday, too. The contacting of vendors involved was not part of the stories this week. This would not be a good week to be the CIO at Southwest. Randy Sloan got the job this year, inheriting decisions like making Southwest 3000-free. Until Wednesday, that decision didn't seem like a risk.
In related news, Southwest extended its July fare sale by one week.
June 10, 2016
What A Newer MPE/iX Could Bring
What would HP 3000 owners do with a new MPE/iX release, anyway? On some IT planning books, the frozen status of the operating system counts as a demerit in 2016. Even still, enterprise system managers in other HP-sold environments face a nearly-glacial pace of OS upgrades today. Even while paying for HP’s support, the VMS system managers are looking at a lull.
HP says it still cares about OpenVMS, but that OS has been moving to a third party. Support from a system maker still looks newer and shiny to some companies than the independent support managers available from third parties like Pivital. As it turns out, though, it’s that frozen-as-stable nature of MPE/iX which makes third party support just as good as HP’s—back when you could get support from HP.
“MPE's so solid,” Doug Smith said in a recent interview, “and these applications have been out there forever. There’s not a huge concern out there in the community about needing to have a new release of MPE.” Smith leads the way for Charon emulator installs at 3000 sites.
OpenVMS roadmaps were updated this week. The map shows how slow OS updating can proceed.HP’s more current Poulson Itanium-based Integrity servers now can run OpenVMS, thanks to a springtime release of OpenVMS 8.4.2. There will still be Kittson-based Integrity servers outside the OpenVMS reach, though. These incremental VMS releases are proving that a third party can assume engineering duty for an OS. Linux showed the way for such duty long ago. That OS, however, was never a trade secret inside a system vendor’s labs.
The most cautious 3000 manager didn’t take updates of MPE/iX, in the years HP released them, unless there were essentials inside the new release. That decision point is no longer an issue with 3000 sites. Instead, MPE/iX is getting its newer-gen speed engineering through the Charon solution. Whenever there is a new Intel chipset that can run Linux, the speed of MPE/iX gets a boost.
A third-party OS lab won’t be the crucial element in driving MPE/iX faster. Charon emulates hardware that is not going to change: PA-RISC and the classic 3000 peripherals. VMS Software Inc. is revising an operating system. There’s much more testing needed to do this revision. It’s the cost of those new OS releases.
The newest OpenVMS will arrive in August, according to the VMS Software roadmap. One major advantage the new release brings will be a modern OpenSSL protocol version. It took awhile, and ultimately a third party, to make it so. Until VMS Software got its hands on VMS, the enterprise OS was working with the 0.9.8 SSL release. After more than seven extra years of HP labs support than MPE/iX had received, VMS was just two minor increments newer than the SSL the 3000s can still run: 0.9.6.
If vendor support for an OS is supposed to be so important, we asked up at the beginning, then why is an enterprise HP system so far behind current protocols as OpenVMS? Rethinking the impact of vendor support led many 3000 sites to independent support arrangements for MPE/iX. With the indie MPE/iX support and static OS status proven as a stable combo, it’s the hardware performance that can make strides. The MPE/iX community doesn’t need an OS lab to boost performance. Support for SSL security needs to be moved along, yes. The 3000 community, however, long ago learned to lean on environments like Unix and Linux for highly-secured functions.
Meanwhile, faster hardware support for OpenVMS turns out to be a feature that MPE/iX gained first. VMS Software says it's now working on an Intel-based release of the OS, with a target shipment sometime in 2018. By that date, the virtualized hardware for MPE/iX will have had two additional years of speed upgrades from Intel. MPE/iX already runs on the x86 family in virtualized mode. Integrity is tied to a chip that's now in maintenance mode at Intel. With the 3000 virtualized hardware speeding up, and the OS hosted in a Linux cradle which sports the latest in security protocol support—remind me again what MPE/iX 8.0 would've brought us?
April 08, 2016
Hardware's emulation puts software at ease
In the earliest days of the 3000's Transition Era, advocates for MPE/iX formed the OpenMPE user group. But the first campaign for these engineers (and a few businesspeople) was for the emulation of MPE itself. The ideal was that if MPE/iX source code could be turned over to the community -- since HP had no real interest in the future of the 3000 -- then the OS and its subsystems would be pushed onto newer hardware.
The ideal was open source for MPE/iX. That campaign assumed plenty of change was in the future of 3000-based software. The reality that formed about compatibility of software is illustrated in the everyday experience of Charon users.
One checked in this month with a summary of how smooth his software slipped into the Charon HPA environment. The emulation that paid off was virtualizing the RISC hardware. The caliber of the solution made things easy for Jeff Elmer.
The report was sparked by a question about whether the Speedware 4GL suite was in production in a Charon site.
I can say that since what is emulated is the PA-RISC hardware and not MPE, it seems unlikely that there would be any software incompatibilities. Everything we use (multiple third-party tools plus in-house COBOL/IMAGE software systems) just worked. It really was true that no one would have noticed a difference unless we told them.
The single item that we had to modify was in our backup job stream. We had a tape rewind command in the job that was no longer needed and which the emulator at that point (in 2013) did not understand. The "fix" took less than 60 seconds when I removed that clause from the job.
In summary, I would expect Speedware to work without incident but I couldn't speak to what combination would provide optimal performance (that is, which class HP 3000 should be emulated or what physical hardware should be under it). We spent a long time testing the emulator without charge before we proceeded with the purchase. I would think the possibility exists that Stromasys would extend a similar courtesy to you so that you could find out first hand with your data in your environment.
In fact, there's a Proof of Concept arrangement that Stromasys uses today to introduce its product for this kind of evaluation.
April 01, 2016
MPE source code ID'ed as key to encryption
In a news item that appeared in our inbox early this morning, the researchers at the website darkstuff.com report they have identified the key algorithm for iPhone cracking software to be code from the 1980 release of Q-MIT, a version of MPE. The iPhone seized as part of an FBI investigation was finally cracked this week. But the US government agency only reported that an outside party provided the needed tool, after Apple refused to build such software.
The specific identity of the third party firm has been clouded in secrecy. But the DarkStuff experts say they've done a reverse trace of the signature packets from the FBI notice uploaded to CERT and found links that identify Software House, a firm incorporated in the 1980s which purchased open market source code for MPE V. The bankruptcy trustee of Software House, when contacted for confirmation, would not admit or deny the company's involvement in the iPhone hack.
A terse statement shared with the NewsWire simply said, "Millions of lines of SPL make up MPE, and this code was sold legally to Software House. The software does many things, including operations far ahead of their time." HP sold MPE V source for $500 for the early part of the 1980s, but 3000 customers could never get the vendor to do the same for MPE/iX.
Lore in the 3000 community points to D. David Brown, an MPE guru who ran a consulting business for clients off the grid and off the books, as the leading light to developing the key. An MPE expert who recently helped in the simh emulation of Classic HP 3000s confirmed that Brown's work used HP engineering of the time in a way the vendor never intended. Simh only creates a virtualized CISC HP 3000 running under Linux, so MPE V is the only OS that can be used in simh.
"Lots of commented-out code in there," said the MPE expert, who didn't want to be named for this story. "Parts of MPE got written during the era of phone hacking. Those guys were true rebels, and I mean in a 2600-style of ethics. It's possible that Brown just stumbled on this while he was looking for DEL/3000 stubs in MPE."
The FBI reported this week that its third party also plans to utilize the iPhone cracker in two other cases that are still under investigation. Air-gapped protocols were apparently needed to make the MPE source able to scour the iPhone's contents, using a NAND overwrite. The air gapping pointed the DarkStuff experts toward the HP 3000, a server whose initial MPE designs were years ahead of state-of-the art engineering. "Heck, the whole HP 3000 was air-gapped for the first half of its MPE life," said Winston Rather at DarkMatter. "It's a clever choice, hiding the key in plain sight."
March 11, 2016
New 3000 simulator looks back, not ahead
Community members on the 3000-L newsgroup have been examining a new entry in the emulation of HP hardware. However, this simulator creates a 3000 under Windows that only runs MPE V. The MPE version of SIMH — a "highly portable, multi-system simulator" — is a Classic 3000 simulation, not something able to run PA-RISC applications or software.
Some 3000 users are embracing this software though, maybe in no small part because it's free. It's been more than 15 years since HP supported MPE V and the CISC-based systems that launched the 3000 line starting in 1972. One of the experts in PA-RISC and MPE/iX computing, Stan Sieler, briefed us on what this freeware simulator can do, and what it cannot — in addition to not running MPE/iX.
Currently only Charon from Stromasys runs PA-RISC. Thus, the SIMH runs only the Classic HP 3000. At the moment, it’s an old version of MPE V (Q-MIT, release E.01.00)
And, the machine probably has no networking support. It probably has some kind of serial datacomm support, but I haven’t looked at that yet (all my use has been via the simulated console, LDEV 20).
I’ve put several hundred CM programs on the “machine” to see which will load and run. Many won’t, because they use newer features (e.g., FLABELINFO intrinsic which came out on the T-MIT with the Mighty Mouse).
So, you ask, can you put a newer version of MPE V on the emulated 3000?
The answer is, I don’t know. If I recall correctly, the machine isn’t emulating (yet) the “Extended Instruction Set,” but the authors claim MPE has a run-time emulator for them, so perhaps that won’t be a problem.
It comes with a version of MPE V, if you download the two packages that the release notes file mentions.
It’s fast. On my Mac, it runs CPU bound stuff about twice as fast as a 400 MHz HP 3000 would.
This is classic software running on classic hardware, so it's strictly for the hobbyist. Or someone who still has MPE V apps running their company. The software is downloadable from Trailing Edge in a pre-compiled .exe file.
The discussion has already generated 40 messages on the 3000-L, easily the biggest discussion of the year.
February 29, 2016
Making the Years Count in One that Leaps
He was once the youngest official member of the 3000 community. And for a few more years, he still has the rare distinction of not being in his 50s or 60s while knowing MPE. Eugene Volokh celebrates his 48th birthday today. The co-creator of MPEX must wait every four years to celebrate on his real day of birth: He was born on Feb. 29 in the Ukraine.
Like the HP 3000 and MPE itself, years do not appear to weigh heavy on the community's first wunderkind.
Although he's no longer the youngest 3000 community member (a rank that sits today with Myles Foster, product manager for MB Foster in this first year after his recent double-degree graduation from Carleton University) Eugene probably ranks as the best-known member outside our humble neighborhood. He built and then improved MPEX, VEAudit/3000 and Security/3000 with his father Vladimir at VEsoft. Then Eugene earned a law degree, clerked at the US 9th Circuit Court, and went on to clerk for now-retired US Supreme Court Justice Sandra Day O'Connor -- all en route to his current place in the public eye as go-to man for all questions concerning intellectual property on the Web and Internet, as well as First and Second Amendment issues across all media.
Eugene's profile has risen enough since his last birthday that the Associated Press included him in its latest "Born on This Day" feature. He's appeared on TV, been quoted in the likes of the Wall Street Journal, plus penned columns for that publication, the New York Times, as well as Harvard, Yale and Georgetown law reviews.
When I last heard Eugene's voice, he was commenting in the middle of a This American Life broadcast. He's a professor of Constitutional law at UCLA, and the father of two sons of his own by now. Online, he makes appearances on The Volokh Conspiracy blog he founded with brother Sasha (also a law professor, at Emory University). Since his last birthday, the Conspiracy has become a feature of the Washington Post.
In the 3000 world, Eugene's star burned with distinction when he was only a teenager. I met him in Orlando at the annual Interex conference in 1988, when he held court at a dinner at the tender age of 20. I was a lad of 31 and people twice his age listened to him wax full on subjects surrounding security -- a natural topic for someone who presented the paper Burn Before Reading, which remains a vital text even more 25 years after it was written. That paper's inception matches with mine in the community -- we both entered in 1984. But Eugene, one of those first-name-only 3000 personalities like Alfredo or Birket, was always way ahead of many of us in 3000 lore and learning.Burn Before Reading is part of a collection of Eugene's Thoughts and Discourses on HP 3000 Software, published by VEsoft long before indie publishing was so much in vogue. (We've got copies of the 4th Edition here at the NewsWire we can share, if you don't have one in your library. Email me.) The book even had the foresight to include advertisements from other members of the 3000 indie software vendor ranks. His father reminded me this month that the Russian tradition of Samizdat was a self-publishing adventure born out of the need to escape USSR censorship. These Russians created an enterprise out of the opportunities America and HP provided in the 1970s, when they emigrated.
Eugene got that early start as a voice for the HP 3000 building software, but his career included a temporary job in Hewlett-Packard's MPE labs at age 14. According to his Wikipedia page
At age 12, he began working as a computer programmer. Three years later, he received a Bachelor of Science degree in Math and Computer Science from UCLA. As a junior at UCLA, he earned $480 a week as a programmer for 20th Century Fox. During this period, his achievements were featured in an episode of OMNI: The New Frontier.
His father Vladimir remains an icon of the 3000 community who still travels to consult in the US, visit some of the VEsoft customers to advise them on securing and exploiting the powers of MPE. The Volokh gift is for languages -- Vladimir speaks five, and Sasha once gave a paper in two languages at a conference, before and then after lunch.
At 37,000 words, a single Q&A article from Eugene -- not included in the book -- called Winning at MPE is about half as big as your average novel. The papers in Thoughts and Discourses, as well as Winning, are included on each product tape that VEsoft ships. But if you're not a customer, you can read them on the Adager website. They're great training on the nuances of this computer you're probably relying upon, nearly three decades after they were written. Happy Birthday, young man. Long may your exacting and entertaining words wave.
January 20, 2016
Pricing, Value, and Emulating Classics
Editor's Note: Yesterday we ran a story about the impact of proprietary software lock-in, as reported from a manager's office where HP 3000s still do their work. Amid that story was a quote about predaceous pricing (love that word), the act of outre increases to the cost of emulator MPE server solutions because of upgrade charges. It's blocked several adoptions of Charon HPA, even among managers who love the ideal of non-HP hardware that keeps MPE apps alive. Tim O'Neill wrote the following editorial, prompted by our article. Although companies do need to generate capital to keep supplying software, the matter of how much to charge for a shift to an emulator remains a flash point.
Editorial by Tim O'Neill
James Byrne brings up important point about proprietary software running proprietary hardware: it enabled predatory pricing, both by HP and by third parties.
At this stage, it appears that Charon could be bought affordably, but the problem is the third parties' still seeing the opportunity to gouge existing customers.
This is why businesses become former customers and change to shareware and open source operating systems and databases, e.g. Linux and open database systems like Postgres. There are still costs as a part of such a change. They might need to hire more in-house staff to do what HP and third parties used to do for that one huge cover-all price. It might not be wise to entrust critical applications to shareware, but are customers avoiding doing so?So the huge predatory prices were not without value. This is not to say I defend them.
That said, it is still shameful that at this point, third parties are unwilling to honor their customers' long history of loyalty, by requiring emulator relicensing. These third parties should realize that they might realize longer-term benefit by keeping their customers, not driving them away.
It would be interesting to compute the price and valuation of HP stock since the point just before they announced the death of its MPE business, through the split in 2014. One might be able to say that the company's value has fallen without MPE. It may fall further when OpenVMS is eliminated and when HP-UX is not marketed, not enhanced, not written for any CPU other than HP's own Itanium, and not licensed at prices that are fair to customers.
January 15, 2016
Competitive upgrading lives on for 3000s
In the 1990s, HP contracted to send its ODBC middleware development to MB Foster. The result was ODBCLink/SE, bundled into MPE/iX from the 5.5 release onward. The software gave the 3000 its first community-wide connection to reporting tools popular on PCs. HP decided that the MB Foster lead in development time was worth licensing, instead of rebuilding inside the 3000 labs. Outside labs had built parts of the 3000's fundamental software before then. But ODBCLink/SE was the first time independent software retained its profile, while it was operating inside of the 3000's FOS. Every 3000 running 5.5 and later now had middleware.
Other ODBC solutions were available in that timeframe. Minisoft still sells and supports its product. That's one reason why MB Foster's running a competitive upgrade offer for users of the Minisoft middleware. The upgrade was announced yesterday. 3000 owners who make the switch from Minisoft for IMAGE ODBC to Foster's software will get a full version of UDALink for the cost of only the annual support payments.
This kind of competitive offer was one of Minisoft's sales tools while it competed with WRQ for terminal emulation seats. There was a period where NS/VT features were not a part of every Reflection package, but were a staple in the Minisoft MS/92.
Foster's ODBC software has been extended to use 64-bit ODBC drivers, embrace Suprtool's Self Describing Files, and more. UDALink was a part of the migration that the Washington State community college consortium pulled off in 2011 when it moved 34 systems to Unix. The vendor has continued to develop to make a state of the art middleware solution.
Almost as notable: seeing MB Foster compete for business like vendors did routinely in the 1990s. The upgrade offer tells us that there are 3000 sites out there still looking to extend their development cycles. UDALink is also built for platforms other than the 3000, but any outreach to capture MPE/iX customers is news here in 2016. Chris Whitehead is fielding the calls and emails for the upgrade offer, which runs through June of this year.
January 14, 2016
HP's 3000 now at $149 until Sunday
Google is happy to trawl the Web for HP 3000 news, a search that I've had in place for the past 10 years. I receive a lot of notices about horsepower of auto engines (the HP) and a few about printers. But today a link showed up that features a computer called the HP 3000, currently selling for $149 plus shipping.
There are a few unique and important qualifiers. To start, this is an HP3000 model with an Intel server, literally a PC powered by an Xeon X3330 CPU at 2.8 MHz. That's a quad-core processor, though, and the box is already loaded with 4GB of memory. (It's a start, but nowhere near enough RAM to power software such as, for instance, the Stromasys Charon HPA emulator.)
In short, this is an HP3000 built by Hewlett-Packard that can run MPE/iX, but does not use PA-RISC. Hewlett-Packard Enterprise has not restricted the use of "3000" to the PA-RISC servers well-loved by the MPE community. Over on the HP Inc. side, there's a large-scale printer also called an HP 3000.
This HP3000 running a Xeon chip has another, less significant qualifier. It's being sold by a New Zealand owner on TradeMe.co.nz, "Where Kiwis Buy and Sell." And the shipping options don't go beyond Auckland, or the North and South Islands.
However, this TradeMe model might be something that could be shipped to the 3000 stalwarts Ken and Jeanette Nutsford. The former chairs of SIGRAPID and SIGCOBOL still live in NZ, when they're not gadding about the globe on their epic cruise calendars. Their total mileage easily runs into the hundreds of thousands. Trans-Pacific flights are embedded in their history. So perhaps the 6,693 miles to the US is not completely out of reach, in a hop. The Nutsfords travel regularly to the US, and this PC looks like it would be cargo-bay ready.
Yes, you could file this article under clickbait. It's an online auction after all, and $149 is only today's price. However, if you consider your systems to be MPE/iX servers by now, rather than the Hewlett-Packard PA-RISC 3000 hardware that hosts that OS, this is technically a server that can run your apps.It will require an installation of the HPA emulator, which at last report started at $9,000 for A-Class power. The combination can be compared to A-Class boxes that sell for under $2,000, but those include few options to increase speed. The A-Class had a 2-CPU model running at 220 MHz. There's genuine, hard limits on RAM.
You don't have to go to New Zealand to get this kind of HP3000, although this one looks ready to boot up and run. This ProLiant blade-caliber box does illustrate how much hardware remains in the world that can run MPE/iX software. If a manager's concern is the reliability of the HP hardware that's at least 12 years old -- the last server was built in 2003 -- this leaps over that hurdle to homesteading.
January 07, 2016
TBT: Client Systems wanted, or missing?
In a routine check of what's available to help 3000 managers, over the holiday break I poked into a few Web locations to see where HP's Jazz papers and software were still hosted. Links from 3k Associates to those papers came up empty when they directed to the Client Systems website in late December. From all reasonable research, it appears the company itself may have gone into the everlasting shadows.
Many 3000 customers never did business directly with Client Systems, but the company had a hand in plenty of official 3000 installations. The vendor rose in community profiles in the late 1990s when HP appointed the firm its lone North American HP 3000 distributor — meaning they stocked and configured systems destined for companies around the continent. Thousands of servers passed through the Denver offices, each assigned the unique HPSUSAN numbers as well as the official HP CPUNAME identifiers that made a 3000 a licensed box.
That official license became a marketing wedge for awhile. We'd call it an edge, but the company's claim that re-sold 3000s from anywhere else could be seized by the FBI was designed to drive used systems away from buyers. There was never anything official about the FBI claims passed along by the company then. But in the era of the late '90s, and up to the point where HP pulled its futures plug, buying a 3000 included a moment like the ones from WW II movies: "Let me see your papers," an HP support official might say.
This was the strike-back that Hewlett-Packard used to respond with after widespread license fraud ran through the marketplace. By 1999 lawsuits claimed that a handful of companies had forged system IDs on PA-RISC hardware. A low-end L-Class box could be tricked up as a high-end 3000, for example. To push back, after the HP lawsuits were settled or had rulings dispensed, Client Systems started Phoenix/3000, something like an automaker's official resale lot.
Client Systems did lots of things for the marketplace much more laudable, operating a good technical services team that was upper-caliber in its depth of hardware knowledge. At its peak, the company provided 3kworld.com, an all-3000 portal in the days when portals were supposed to be important on the Web. The company was a partner with the NewsWire for several years, as we licensed our stories for use on the free 3k World website. 3kworld.com folded up, but the current clientsystems.com site still has Jazz tech information available, at least as of today.
Over the last two weeks we've received email bounces, even while the website is online. The whois information points to one physical address of a personal injury attorney's practice in Seattle. Our phone calls have gone unreturned, and we're not the only ones. Pivital Solutions, one of the last standing official HP resellers in that time when such things existed, still serves 3000 customers with hardware and support. Pivital's president Steve Suraci also has searched to find a light on."I tried back in the September timeframe to get in touch with anyone there that would answer the phone," Suraci said. "I left messages and re-tried for weeks and finally gave up on them." He wondered who might be picking up the pieces of whatever the company was doing at the end."
It can be tricky to confirm a death notice for a company. Unless the principals deliver the news, a demise can be creeping. Suraci said he was reaching out to buy something that only Client Systems ought to be able to sell: a license upgrade, even in 2015.
I had a customer that was looking for some hardware that I was have trouble sourcing. I was also looking into the possibility of purchasing an upgrade license for a customer for TurboStore to the version that included the ONLINE option. When you don't get a call back on something that should be easy money... it probably means a bigger problem!
The website's reappeared recently, so perhaps this is a Mark Twain moment (reports of my death have been exaggerated) for Client Systems. It's the phone calls that look like they confirm the fading lights. One other pertinent address in the whois file lands at a single-family house in Colorado. To be honest, so does the address for the NewsWire, but we've always been a home-based business and never needed warehouse and office space. Stories and papers don't take up that much space.
Things were so much different back in the time of FBI threats. One meeting at that Denver HQ included some arch banter between us about relative size of companies. The NewsWire was, it appeared to one staffer, "just a lifestyle business." Guilty: The NewsWire has been a part of our lifestyle a long time. Hard to think of it any other way when the office is on the other end of your single-family home. We all laughed, some more than others. This week it's looking like lifespan, instead of lifestyle, is what could be measured. Nobody's dancing on a grave yet. We're not a community that embraces loss.
January 04, 2016
Accident claims WRQ founder Doug Walker
Doug Walker, the man whose brilliance and energy helped found the 3000 community's largest connectivity vendor WRQ, died over this past holiday weekend in an accident on a Washington state snowshoe trail on Granite Mountain. Walker, 64, is the first 3000 community member of wide renown to pass away by way of accidental death.
In the early 1980s when Walker — along with Mike Richer and Marty Quinn, the other two WRQ initials — joined forces with co-founder George Hubman, minicomputer access required hardware terminals. The advent of the personal computer had the potential to expand that access. The WRQ purple boxes carrying a manual and floppy disks for PC2622, software named after the HP 3000 terminal the product emulated, became a fixture in HP 3000 shops by the mid-1980s.
Walker was reported missing December 31 while snowshoeing on Granite Mountain. Search-and-rescue volunteers found his body the next day. The Seattle Times reported that Walker had been hiking with friends when winds intensified.
His companions decided to turn back and wait for Walker, who continued climbing. He likely was caught in an avalanche, according to the King County Sheriff’s Office.
“He has done this easily 200 times, he just does it for exercise,” said Karen Daubert, executive director of the Washington Trails Association and a close friend who has climbed the same route with Walker. “I have been up several times with Doug, including in winter.”
Close friends and partners expressed dismay at the loss of a man who'd devoted his life to philanthropy and mentoring after retiring from WRQ.
"Doug's death came as a shock and is a tragedy," said Hubman, who led the company's marketing and sales before retiring late in the 1990s. "It goes without saying that Doug was a genius. I often joked that if anyone could write a program that required no memory and no time to execute, it would be Doug."
Hubman said the success WRQ achieved — it was the largest single vendor of 3000-related software by seat installs, and was selling $100 million in software yearly when he retired — was put to good use in humanitarian causes that Walker continued to support.
Doug was a perfectionist and both demanded and inspired perfection. This was the quality that set our products apart from the competition and made my job so easy. In spite of his being demanding he was committed to a work environment that took into account the needs of our colleagues and their families.
I last saw Doug about a year and a half ago. We had lunch shortly after he had hip replacement surgery. He was anxious to get back to his first love, hiking and climbing. Doug, and his wife Maggie, will be remembered for the wide range of causes they supported.
Walker was at the White House two weeks ago to discuss private philanthropy to boost access to the outdoors for kids, according to the Times report. A quote from US Interior Secretary Sally Jewell said Walker was fond of talking as he hiked with her, ranging from Civil War history (he was a graduate of Vanderbilt) to puzzles in math (his degree) as well as Shakespeare trivia. In that last category, Abby and I saw his passion firsthand in 1993.
Walker had organized a small outing to see King Lear at Stratford-upon-Avon that summer, after a 3000 conference in Birmingham. Before the curtain rose on the show, he'd purchased a copy of the play in the gift shop and was reading it quickly, carrying the book into the theatre. Later, he'd located the Issac Asimov guide to Shakespeare and made it a gift to several of us in the party.
Birket Foster was a close ally of WRQ's, a leading reseller for the company in the Canadian market, as well as integrating its products in customer sites around the world.
"Doug was a brilliant scholar," Foster said. "He was humble and had a southern drawl, one that made him seem like one of the guys, even though he was the leader. Doug was a gentleman and was liked by all his colleagues and staff. Doug was the ultimate outdoorsman, and he hiked, climbed and kayaked with passion."
Doug will be missed by many people, myself included. I had the privilege of working with him closely back in the hay day of Reflection, MBFoster sold millions of dollars of Reflection. MBFoster ran a data communications conference for our customers at Carleton University where multiplexors, modems, and Reflection Scripts were used. We located IMACS (Which we had purchased from David Dummer) in the same complex as WRQ on Lake Union and Doug helped integrate DataExpress to use Host initiated Reflection based file transfer. In another project, team member, Larry Boyd, wrote PCPoll for me for use by a telecommunications manufacturer to poll the plants for orders using Reflection scripts and dialup modems.
Kevin Klustner was the COO of WRQ while Walker was with the company. He noted that passion was at Walker's heart even as he pursued the pastime that led to his demise.
"I was entranced by his broad and deep intellect," Klustner said. "And after 20-plus interviews, I had a good feel for the company he was building. So Maryann and I moved from California to Seattle for WRQ. Throughout my 11 years there, I learned that great companies can be built through thoughtfulness, empathy, inter-personal skills and a disdain for group-think."
Doug taught me that the single greatest asset of a company is its employees. And he proved that everyday with his commitment to spending time with everyone, talking about business, the Civil War, mountain climbing, anything history.
He engaged all of us. We are all lucky to have been influenced by this Renaissance man. One of his many legacies is the community of WRQ'ers who have made friendships, marriages, children, businesses and life experiences through the company that he, Craig, George, Mike and Marty built. Doug, you passed doing something you passionately loved. May we all learn from that.
In our 2005 interview with Walker, as he retired from WRQ, he said "I’m especially interested in the interplay between computing and biotech. We’ve cracked the genome and people are talking about a lot of sci-fi stuff with respect to biotech, but it’s really a compute-bound problem." We asked him about the fate of specialized computer environments in the years to come.
Must it all become Windows and Linux-based?
Single integrated monolithic systems are not the way of the future. The only way is to have differentiation, but it has to be based on some very common interfaces. In that sense, there is a role for things like MPE or VMS. Lots of forms of life have differentiation, but they all seem to have a cell structure. A common programming system, like DNA. You can have differentiation so long as you have integration.
You seem to have a biology example ready for lots of these points.
Biological programming has been going on a few million years longer than software programming. I’m just impressed by how much there is to learn there.
December 30, 2015
3000's '15 was littered with crumbs of news
It's the penultimate day of 2015, a date when summary and roundups prevail in the world of news. The year marked some milestones for the NewsWire, some losses of the community's oldest treasures, and one major breakup of an old flame. Here's a breadcrumb trail of stories of extra note, retold in the final stanza of the 3000's 43d full year serving businesses.
Checks on MPE's subsystems don't happen, do they? — We learned that HP's subsystem software doesn't really get checked by MPE to see if it's on a valid HP 3000 license. "None of HP's MPE/iX software subsystems that I've ever administered had any sort of HPSUSAN checks built into them," reported Brian Edminster, our community's open source software resource. Licensing MPE is a formality.
Virtualized storage earns a node on 3000s — A new SAN-based service uses storage in the cloud to help back up HP 3000s. The HP3000/MPE/iX Fiber SAN doesn't call for shutting off a 3000. It can, however, be an early step to enabling a migration target server to take on IMAGE data.
NewsWire Goes Green — After 20 years of putting ink on paper and the paper into the mails, we retired the print issues of the NewsWire and went all-digital. We also marked the 10th anniversary of service from this blog and waved a proud flag of history to celebrate our founding Fall of two decades ago. We miss the print, but you won't miss the news. Bless the Web.
Patches Are Custom Products in 2015 — HP licensed the MPE source code five years ago, and just a handful of elite support companies are using it to create customized patches and workarounds. If your support provider doesn't have a source license, it may be time to spruce up your provider chain.Still Emulating, After All of These Years — Several sites where the Stromasys Charon HPA emulator is working reported the solution is as stable and steady as ever, while others continued to emerge in the community. Even a 3000 using antique DTCs could be bought over to the light side of Intel-based virtualization.
N-Class 3000 now priced at $3,000 — The bottom-end price on the top of Hewlett-Packard's MPE hardware line approached the same number as the server. A $3,000 N-Class 3000, and later a $2,000 model, both appeared on the used marketplace. A fully-transferred license for a server could lift the prices, of course, for a persnickety auditor.
Big companies still use the HP 3000 — A reader asked for proof that large companies were still relying on the 3000, and we discovered more than you'd expect 12 years after HP stopped making the server. Publicly held companies, too.
Work launches on TurboIMAGE Wiki page — Terry O'Brien of DISC started up a new project to document TurboIMAGE on Wikipedia, an effort that drew summertime attention.
MANMAN vendor wants to run datacenters — Infor is still managing MANMAN support for 3000 sites. The vendor is encouraging all of its customers to turn over their datacenter operations to them.
Hewlett-Packard Enterprise trots out security in opener — The old flame that spurned the 3000's future ran into another kind of split-up when HP cut itself in two at the end of October. Hewlett-Packard Enterprise got custody of business servers and the support websites split up as HPE became the new name for that old flame.
Returning to Software, After Services — The most primal of the HP Platinum Migration partners, MB Foster, started to turn its focus onto data migration software for sale. The future of UDACentral lies in becoming a product that integrators and consultancies can buy, and customers can rent by the month. The CEO says the year to come will mark a rise in the percentage of software revenues for his company, where migration service has been leading sales for years.
December 29, 2015
Choosing antivirus via test sites, cloud AV
Editor's note: 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skills for multi-talented MPE experts.
By Steve Hardwick, CISSP
In an allied article I describe the elements needed for any effective virus attack: motive, means and opportunity. A suitable anti-virus program must provide the following capabilities.
- Be able to detect a vast array of malware
- Be able to update the virus definitions as quickly as possible after the virus signature has been isolated
- Provide the capability to quarantine and remove viruses after infection. This must include the ability to prevent any spread of the virus after contamination.
- Run with minimal load on the operating system. This includes both foreground (interactively scanning files as they are downloaded) and background (scanning existing files and computer activity)
- Have plug-ins for the various methods to download the viruses, via web browsers or email applications
The following websites provide ratings for anti-virus products. Some websites' evaluations are are geared towards a consumer user. Others are more aligned to commercial certification of AV products. I've also included a note on how cloud-base AV is changing antivirus options.
Provides a good set of tests that cover all of the five areas outlined above. Updates their reviews on a monthly basis. Covers Windows, Mac and mobile devices. Includes a special section for home users.AV Comparatives
Provides a good set of testing that covers all of the five areas outlined above. Provides additional, more detailed testing. Only certain tests are updated monthly. Testing is not broken down by operating system.
Only provides the ability to detect viruses and not provide false positives. Only covers Windows and Linux.
Using cloud AV
One approach that minimizes the impact of running an AV program locally is to run the software in two parts, one locally on the machine and one in the cloud. A new set of cloud-based solutions are being offered. These provide a small scanning application running on the operating system and do the heavy lifting in the cloud. Panda, a provider that scored best in the AV Comparatives evaulations, is one example of cloud AV.
The local application scans files and provides file signatures, then uploads them to the cloud counterpart for analysis. This removes the need to update the local definitions on the computer and increases the ability to react to new threats.
This benefit comes at a price. The capabilities are limited by the lightweight application, the services the operating system provides to that application, and connectivity to the Internet. Many of the rating websites are slow to rate these products, especially those focused on consumers. As they become more popular, this cloud AV will be included in the traditional testing suites.
November 30, 2015
Final HP fiscal result toes an enterprise start
HP reported lower sales and profits as a combined company in its final fiscal report of 2015's Q4 and FY '15. Starting with the next report, two companies named HPQ and HPE on the New York Stock Exchange will post individual reports. They'll continue to operate on the same fiscal calendar.
The Q4 that ended on Oct. 31 showed an HP still fighting headwinds, as the company financial management likes to describe falling sales and orders periods. The year had $103 billion in sales, down 7 percent. Earnings for the combined company were $2.48 on the year, off 5 percent. But the final quarter of combined operations permitted HP to toe a starting line with a 4 percent increase for Q4 profits. Profits for the fiscal year were slightly off, dropping 1 percent.
Of course, those numbers reflect a company which won't exist anymore as we've come to know it. The vendor which created the HP 3000 and now sells and supports replacement systems at migrated sites lives on in Hewlett-Packard Enterprise. That company started out with stock prices behind the HP Inc company, the new entity that sells printers and PCs. But the headwinds are much stiffer there, so of late HPE has traded at higher prices than the business spun off on Nov. 1.
The two units supporting 3000 replacements held their own. A drop in Business Critical Systems sales, the home of Integrity and Itanium, continued, but at a slower rate.
Enterprise Group revenue was up 2 percent year over year with a 14.0 percent operating margin. Industry Standard Servers revenue was up 5 percent, Storage revenue was down 7 percent, Business Critical Systems revenue was down 8 percent, Networking revenue was up 35 percent and Technology Services revenue was down 11 percent.
Enterprise Services revenue was down 9 percent year over year with an 8.2 percent operating margin. Application and Business Services revenue was down 5 percent and Infrastructure Technology Outsourcing revenue declined 11 percent.
"Overall, Hewlett Packard Enterprise is off to a very strong start," said Hewlett-Packard Enterprise CEO Meg Whitman. "First and foremost, the segments that comprise HPE have now had two consecutive quarters of constant currency revenue growth and we believe we are in a strong position to deliver on our plans to grow overall in FY 16 in constant currency."
November 25, 2015
3000 community keystone Jeff Kell dies
Jeff Kell, the man who founded the keystone of 3000 help, advice and support that is the 3000-L mailing list, died on Nov. 25 of liver cancer and complications from damage induced by a diabetic coma. He'd battled that illness in hospitals and hospice since 2014. Kell was 57.
"It is a very sad day when a good wizard passes on," said coworker and colleague Richard Gambrell at the University of Tennesee at Chattanoona. "Jeff had a gentle soul and brilliant mind."
Kell was the rare IT professional who could count upon 40 years of experience running HP 3000s, developing for MPE, and especially contributing to the state of the art of networking for the server. He created the ultimate network for the 3000's community by establishing HP3000-L, a LISTSERV mailing list now populated with several hundred thousand messages that trace the business computer's rise, decline, and then revival, rife with enduring high tech value and a thread of humor and humanity.
Kell's obituary notes that he came by his passion for scuba early, having worked for a short time at the Chattanooga Aquarium where he fed the sharks. A key contributor to the development of LISTSERV, Kell was instrumental in UTC’s earning the LISTSERV 25th Anniversary plaque, which lists UTC as the 10th University to deploy LISTSERV.
Kell also served as a volunteer to chair SIG-MPE, SIG-SYSMAN, as well as a 3000 networking SIG, but it's nearly impossible to sum up the range of experience he shared. In the photo at the top of this post, he's switching off the last N-Class system at the university where he worked. Almost 40 years of MPE service flowed off those university 3000s. In the photo above, from the HP3000 Reunion, he's updating attendees on how networking protocols have changed.
In the mid-1980s he was a pioneer in developing Internet Relay Chat, creating a language that made BITNET Relay possible. Relay was the predecessor to IRC. "Jeff was the main force behind RELAY, the Bitnet message and file transfer program," Gambrell said. "It inspired the creation of IRC."
My partner Abby and I are personally indebted to Kell's work, even though we've never owned or managed a 3000. The 3000-L and its rich chest of information was my assurance, as well as insurance, that the fledgling 3000 NewsWire could grow into the world of the 3000. In the postings from that list, I saw a written, living thread of wisdom and advice from experts on "the L," as its readers came to call the mailing list and newsgroup Kell started. Countless stories of ours began as tips from the L, or connections to people posting there who knew mission-critical techniques. At one point we hired columnists to summarize the best of each month's L discussions in net.digest. In the era where the Internet and the Web rose up, Kell was a beacon for people who needed help at digital speed.
He was a humble and soft-spoken man, with a wry sense of humor, but showed passion while defending the value of technical knowledge -- especially details on a product better-loved by its users than the management at its vendor. Kell would say that all he did was set up another Listserver on a university computer, one devoted to becoming crucial to UTC's success. Chattanooga is one of the best-networked towns of its size in the world. Kell did much more than that for his community, tending to the work that helped the L blossom in the 3000's renaissance.
Kell looked forward to an HP which would value the 3000 as much as the HP 9000. In 1997 he kicked off a meeting with HP to promote a campaign called Proposition 3000: Common hardware across both HP 3000s and HP 9000s, sold from an Open Systems Division, with MPE/iX or HP-UX as an option, both with robust APIs to make ISV porting of applications to MPE/iX "as trivial as any other Unix platform."
HP should be stressing the strengths of MPE/iX, "and not its weaknesses," he said. "We don't have to be told anymore what the 3000 can't do, because a lot of the things we were told it can't do, it now can. If we take the limitations of the Posix shell and remove them, we have Proposition 3000," Kell said to HP managers. "I would encourage you to vote yes for this investment in the future."
More than 16 years later, when MPE's fate had been left to experts outside of HP's labs, Kell offered one solution on how to keep the server running beyond MPE's Jan 1, 2028 rollover dating gateway.
"Well, by 2027, we may be used to employing mm/dd/yy with a 27 on the end, and you could always go back to 1927. And the programs that only did two-digit years would be all set. Did you convert all of 'em for Y2K? Did you keep the old source?" Kell's listserver is the keeper of all 3000 lore, history, and wisdom, a database that can be searched from a Web interface -- even though he started the resource before commonplace use of what we were calling the World Wide Web.
Some might dismiss that resource as a museum of old tech. Others were using it this week, to connect newer-age tape devices to old-school 3000s. He retired the last of UTC's 3000 at the end of 2013 (in the photo above). His own help to the community members on tech specifics and the state of this year's networking will outlive him, thanks to his work setting this keystone for the community's exchange.He had a passion for scuba, and could also dive deep into the latest of networking's crises. At the 2011 HP3000 Reunion, he held forth at a luncheon about the nuances that make up a secure network in our era of hack such as 2013's Heartbleed.
Unless you've had your head in the sand, you've heard about Heartbleed. Every freaking security vendor is milking it for all it's worth. It is pretty nasty, but it's essentially "read-only" without some careful follow-up.
Most have focused on SSL/HTTPS over 443, but other services are exposed (SMTP services on 25, 465, 867; LDAP on 636; others). You can scan and it might show up the obvious ones, but local services may have been compiled against "static" SSL libraries, and be vulnerable as well.
We've cleaned up most of ours (we think, still scanning); but that just covers the server side. There are also client-side compromises possible.
And this stuff isn't theoretical, it's been proven third-party.
Lots of folks say replace your certificates, change your passwords, etc. I'd wait until the services you're changing are verified secure.
Most of the IDS/IPS/detections of the exploits are broken in various ways. STARTTLS works by negotiating a connection, establishing keys, and bouncing to an encrypted transport. IDS/IPS can't pick up heartbleed encrypted. They're after the easy pre-authenticated handshake.
It's a mess for sure. But it’s not yet safe to necessarily declare anything safe just yet.
Even on a day when most people in the US are off work, the tributes to his help and spirit have poured in. "He was smart, soft spoken, and likable," said Gilles Schipper from his support company GSA. "He will be deeply missed. My condolences to his wife Kitty and the entire family."
Ed King, whose 3000 time began in the 1990s, said "Jeff was a great guy, full of wisdom and great stories, and he gave me a chance to flex my wings with some very interesting programming assignments, which kickstarted my career. He will be missed."
Developer Rick Gilligan called him "hard working, brilliant and a great communicator." Alfredo Rego said in a salute that "The members of Jeff’s family, and all of Jeff’s friends and colleagues, know that he made a tremendous difference during his life on this Earth."
Rich Corn, creator of the ESPUL printer software for MPE, said "Jeff was always a joy to talk to. So sharp, but at the same time so humble. Jeff made you feel like friend. A true leader in our profession."
The family's obituary for Kell includes a Tribute Wall on his page on the website of the Wilson Funeral Home in Fort Oglethorpe, Georgia.
Personally, I'll miss his questing spirit and marvel in his legacy. What a Master he was.
Here on this evening of Thanksgiving, we're giving thanks for the richness of a world with humble wizards like Jeff. We're taking a few days off to revere our time together. We'll see you with a fresh report on Monday, including analysis of the final fiscal results from Hewlett-Packard as a full entity, unsplit.
November 20, 2015
Multi-threading traces years of MPE service
Yesterday we explored the prospects of multi-threading for HP 3000 sites. It's an aspect of application and software design that can benefit from virtualization. In years past, when much of the 3000 application base was being created, separate hardware CPUs drove this multi-threading. Stan Sieler of Allegro, one of the authors of the textbook on Precision Architecture RISC "Beyond RISC," told us that multi-threading is likely to have made its way into 3000 software via Unix.
It's a concept, through, that's been possible for MPE ever since its beginning. The MP in MPE stands for Multiprogramming, Sieler reminded me, and that "Multi-threading is a form of multiprogramming or multiprocessing."
Sieler adds that "Multi-processing is where you have more than one CPU … each CPU can run a single process at a time (and, with multi-programming, can appear to be running more than one at a time).
Generally, but not always (as words are often abused), “threads” are related to a single process. E.g., my video compression program might work on several parts of the video simultaneously with three or four threads. On some computers, two separate threads of a single process cannot execute at the same time … on others, they can.
On most computers nowadays, threads are implemented at the operating system level. On older systems, threading was sometimes implemented above the operating system, relying on user code to switch threads. (I’ll skip co-routines, which few systems have now, but the Burroughs MCP did.)
Multi-programming is the concept where two (or more) processes (or “programs”) appear to run at the same time, but in reality each gets a short time to run, and then the CPU pays attention to the other process, then back to the first one… or “time slicing.”
On the 3000, few programs use multi-threading, but it is available. It came about the same time as Posix did, perhaps one release later (I can’t recall). In general, if you show me a 3000 program that uses threading, I’ll bet it’s written in C and originated in the Unix/Linux world.
Essentially all computers nowdays have multi-programming. The original HP 3000 (pre-CX) did, too. (The HP 2100 (running RTE) had, IIRC, no multi-programming.)
"So, you could easily have a program — even on the Classic 3000 — that ran multiple copies of itself (assuming, of course, you had a reason for doing it)."
November 04, 2015
HP C-level legacy hubris perplexes women
Now that the Hewlett-Packard spin off is underway — the initial 1970s concept of selling business computing solutions has returned to the fore at Hewlett Packard Enterprise — a review of who steered the bulky HP cart into the ditch seems worth a note. HP engineering culture was targeted by COO Chris Hsu as an impediment to splitting the company up in a year's time. The HP which ran on engineering desires fell to the wayside after current Republican candidate Carly Fiorina mashed up PC business into IT's legacy at HP, including the HP 3000 heritage.
Some insight as well as bafflement is emerging. Meg Whitman, a board director of HP whose primary job is now CEO of the restored HP Enterprise, doubts that Fiorina's best start in political service will be in the White House. According to a report in the San Jose Mercury News
“I think it’s very difficult for your first role in politics to be President of the United States," she said. Whitman has expressed empathy for Fiorina over cutting HP jobs — between the two of them, they’ve slashed tens of thousands of jobs at HP. But the failed California gubernatorial candidate told CNN, “While I think business strengths are important, I also think having worked in government is an important part of the criteria.” Whitman has thrown her support behind New Jersey Gov. Chris Christie.
As a punctuation for that measure of suitability, we stumbled upon another woman with a leadership career. Gloria Steinem, the seminal sparkplug of the feminist revolution of the 1970s and ardent advocate for womens' career ceilings, spoke on The Daily Show this week. Served up a fat pitch by the host that "Carly is a big favorite of yours, right?" Steinem shook her head and smiled. "I’m talking about women who got elected because they represented a popular majority opinion. She got promoted by God-knows-who."
My publisher turned to me and asked, "Who did promote Carly? Do you know?" I wondered how many of our readers, especially those ready to vote in GOP primaries, knew the answer.The short answer to the question is HP executive VP and board member Dick Hackborn. The shadowy giant of the printer empire, who rarely left his Idaho aerie for Silicon Valley, pumped Carly in the advent of Y2K. But the rogue's gallery of HP directors who promoted Fiorina have all been sacked, retired or died.
Resigned: Tom Perkins and Patricia Dunn. Plus George Keyworth, after the board discovered he'd leaked the pre-texting offenses which Dunn dished out to the press. Charges against her were dropped after more than a year of investigation.
Retired: Hackborn, Sam Ginn, Phil Condit, Robert Knowling.
Ousted: The son of one of HP's co-founders, Walter Hewlett. (Hard to imagine Walter voting to hire Fiorina, but esprit de corps counts for something. He even supported Fiorina's overpriced attempt to buy Price Waterhouse Cooper for $18 billion.)
Died: Lew Platt, after voting for his successor.
Eight of the 12 current HP directors have been appointed this year. It's a hopeful sign of change from a vendor which is still responsible for billions in products installed at migrated 3000 sites.
The answer to Steinem's question about who promoted Carly Fiorina is "people who've long since been separated from deciding HP's futures." Only Platt comes in with a clean bill, resigning from HP in 2000, after having the grace to step away from a company whose board no longer believed in him. That says much more about that board, and the ditch it pushed HP into, than it does about Platt.
October 30, 2015
The New HP's Opening Day: What to Expect?
The last business day for Hewlett-Packard as we've come to know it has almost ended. By 5 PM Pacific, only the Hawaiian operations will still be able to count on a vast product and service portfolio offered by a $120 billion firm. Monday means new business for two Hewlett-Packards, HP Inc. and Hewlett Packard Enterprise. It's possible that splitting the company in half could improve things by half. Whether that's enough will take months to tell.
On the horizon is a battle with the bulked-up Dell, which will integrate EMC as well as massive share of VMware in the coming months. The Dell of the future will be a $67 billion entity, larger than HP Enterprise in sales. Dell is a private concern now, while HP is becoming two publicly traded entities. The directions could not be more different, but HP will argue that demand had better be high for a monolith selling everything.
Dell is extending its offerings to a new level of complexity, but the level of product strategy and technology to comprehend has become too great for this week's massive HP. Hewlett-Packard never controlled an operation this large until the last decade. The company that built instruments and business computers and printers added a PC empire from Compaq. But it had just spun off Agilent two years before that PC merger.
But then after loading up with billions of dollars of low-margin desktop and laptop lines, the HP of the early 21st Century blazed forward into services. Headcount rose by more than 140,000 when Carly Fiorina sold the concept of buying EDS for outsourcing and professional services. The printer business swelled into cameras and even an iPod knockoff, built by Apple. HP's TVs made their way into retail outlets. It seemed there was nothing HP could not try to sell. Some of the attempts, like the Palm OS-based tablets or smartphones, shouldn't have been attempted. Their technology advantages couldn't be lifted above entrenched competition.
HP's CEOs since lifer Lew Platt retired — Fiorina, Mark Hurd, Leo Apotheker, and now Meg Whitman — didn't have much chance understanding the nature of so many products. Three years ago, HP started in the public cloud business, yet another branch of IT commerce aimed to take market share from Amazon. Whitman said in the New York Times that outsiders like her who've tried to lead the company have had too broad a beam of corporate ship to steer.
"This is crazy — Carly, Mark, Léo, me — the learning curve is too steep, the technology is too complex for an outsider to have to learn it all," she said in a story about what's next. The most audacious of HP's enterprise efforts was The Machine, technology that was to employ the near-mythical memristor to "change the future of computing as we know it." This summer the company fell back and said it would build that product with more conventional components and assemblies. It doesn't have a target date for releasing The Machine.The New HP, for the purposes of the 3000 customers who have migrated or will sometime soon, aims to do less and try to do it more effectively. Gone is the public cloud, while the EDS headcount is being trimmed. In-house technology like HP-UX and VMS is either going slack (no HP-UX 11.4 will be produced; VMS has been sold to an independent firm) or giving way to standards like Linux, Windows, and Intel servers like the ProLiants. The survival and ascent of ProLiant blade servers is likely to be the hardware backbone for a company that is keen to get customers to consider HP Enterprise as a software and service giant.
HP Enterprise, to be traded as HPE on the NYSE Monday, will sell private clouds that it will build, and staff if customers want HP administration, rather than the retail-level cloud services of AWS. HP Cloud could never host HP-UX customers. The fine-tuning of cloud hosts for Unix apps might be a part of the 2016 offerings. Just about anything to get more Integrity servers installed will have traction at HPE.
Although networking products and mass storage and software like Helion will be parts of the new HP facing the 3000 community, expect this business to be about how servers will drive its fortunes. In a Bloomberg report from this week, Whitman said she spent one full day on the three year plan for HPE's server business. She's been the CEO since 2011, and that was the first full day she concentrated on the business that put HP into business computing.
"There’s a great deal to be said for focus," Whitman said in the article. "You’ve got to be on it. You’ve got to be working on the product road map."
Work on product roadmaps in October used to be commonplace at HP, although it's probably been since Lew Platt's time that the CEO was involved in any way. MPE/iX users who've stayed with the OS, rather than the company, could still benefit from a rise in HP's fortunes. Sales of those allied product lines, as well as research to improve them, have a chance of improving. Homesteading 3000 customers would have to let the HP badge back into their shops. Maybe adding the "Enterprise" to the HP hardware nameplates will help restore the trust.
As for the HP Inc. side of the split-up, it's got less technology to comprehend and more competition with similar products. Some analysts are saying HP Inc. could be a takeover target, given its slim profit margins. HP's combined stock was down 30 percent from the start of this year, as the final day of Hewlett-Packard ended. On Monday HPE will start trading at about $15 a share. What will make the difference will be a fresh share of mind for a company that once specialized in business IT. MPE is gone, HP-UX is fading, and VMS has been sold away. The future will be different, but customers who remember a better HP might hope for a strategy that feels older: focused on how innovation and relationships can deliver success to customers.
October 06, 2015
Essential Skills: Securing Wireless Printing
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for such multi-talented MPE experts.
By Steve Hardwick, CISSP
When you do a security scan of your site, do you consider your printers? It was enough, several years ago, to limit an audit to personal computing devices, servers and routers. But then the era of wireless printing arrived. Printers have become Internet appliances. These now need your security attention, considering some of the risks with printers. But you can protect your appliances just like you're securing your PCs and servers.
Wireless printers can be very easy to set up. They come preconfigured to connect easily, and even a novice user can have something up and running in a matter of minutes. To be able to make this connection simple, however, vendors keep the amount of wireless network configuration to a minimum. Taking the default settings, as always, significantly reduces the amount of security that is applied to the device.
Modern printers are actually computer platforms that have been designed to run printing functions. Inside are a CPU, hard drive, RAM and operating system components. Unfortunately, a system breach can permit these components to be re-purposed to do other things. And those are things you don't want to happen at your site.For example, a BBC article from last year outlined how a programmer was able to hack into a printer and convert it to run the popular game Doom. The interesting part of this article is that the programmer could have had the printer run lots of other programs. Once the printer has been compromised, it is not difficult for a hacker to turn it into a tool to be used for nefarious reasons. Plus, once the machine is hacked, it can make connections from inside of your firewall. This will normally bypass the firewall rules and can transmit network information. Wireless printers can even be a vector for sending spam.
The brute force way to deal with a network penetration is turning off the wireless network. By connecting the printer using a cable, you can run the wireless connections through the router. Unfortunately this is not an ideal solution -- you've probably installed these printers for the express capability of eliminating cables. If that's not your case, and you have deployed a printer with wireless networking capabilities but you're not using them, don't forget to turn off the wireless function.
If you choose to run the printer wirelessly, make sure you set up WPA2 encryption. This will require setting up a printer password. Make sure that your wireless printer password is different from your wireless router password. Having the same password for multiple wireless devices is just asking for trouble. This may involve more work in setting up the printer to run. Its password will have to be loaded into each device that connects. But that's just the cost of security.
A new aspect of printers is that many contain hard drives. It takes a lot more time to print a large document than it does to send it over the network. Instead of requesting blocks of data at a time, the printer will request that the source computer send all the data at once. The printer must then keep a copy of the data locally to do its printing. And what better cheap source of local memory than a hard drive? In many cases the hard drive will keep storing the data as it gets requests, but not remove the data once the printing is complete. This results in a large volumes of data being stored on the drive.
Why does this pose a security risk? An intruder could externally hack the printer. Getting to the locally stored data is a fairly simple step once the machine has been compromised in this way. Then a copy of the information that has been printed can be stolen remotely from the machine.
Moving out older printers might mean you're inadvertantly giving your data away. Donating a working printer to a charity organization or a school can be a common practice. Even if the printer is not working, the data on the drive may be accessible. It is difficult to physically remove a drive from the printer to wipe the data. In many cases it may be impossible, as the drive is not meant to be a removable component. It is very difficult to get software to do the job.
In a lot of cases the printer manufacturer will give you the option to set up encryption on the internal hard drive. Lexmark, for example, outlines this kind of process. Search for “hard disk encryption” with your model number at your vendor's website. Make sure to use a strong encryption method such as AES 256 bit encryption. If the machine is compromised, it may still be possible to get at the data, but is will be difficult to remove it. At a minimum it will make it a harder target and may force the thief to discard it.
If encryption is not an option, some manufacturers will allow you to bypass the drive. This may case usability issues, especially if large documents are being printed. Not only will this cause printer slowdowns, but it also leads to network congestion. Do some research on what is being printed before choosing this strategy
A Man in the Middle attack uses a computer to get in between two machines on your network. If a computer is connecting to the printer, then the rogue machine does the following. First it convinces everyone on the network it is the printer. Then it convinces the printer it is the router. From that point onward, all data going to the printer is now accessible by the rogue machine. From that point is it easy to convert the printer data back to its electronic source, or the data can be forward and printed elsewhere. For more information see our article on Man in the Middle.
To avoid this vulnerability, configure your wireless printers to use a secure protocol over the network. This will employ encryption to accomplish two things. First, it will provide end to end encryption so that the data is encrypted on the source machine before it is transmitted. This will help prevent easy decryption of any intercepted traffic.
Second, by using a secure protocol, the source machine can verify the printer destination using a digital certificate. In fact, some printers do support SSL connectivity across the network. Another technology that was specifically designed for this application is IPSEC. This provides endpoint authentication and end to end encryption. IPSEC is very useful in support of wireless connections. Consult the printer vendor's documentation on how to configure this option. There are also lots of how-to videos on the web.
Installing printers in locations that are physically limited to the printer user community is a must for sensitive information. This may drive managers to keep printers next to a user's machine. Make sure to use a connection that is also secure. On a security audit, I saw a CEO's printer set up wirelessly across the office, because he did not want any wires connecting to his laptop. Needless to say, there was no security protection on the connection. He's still the CEO, but he's learned a bit about wireless printer security.
September 25, 2015
Taking the Measure of HP's Ex-Leaders
We're waiting for more information about the HP 3000s still doing service by working with Apache CGI scripting, as well as an upcoming confluence of CAMUS advice about Stromasys and Kenandy, to help ERP companies to homestead or migrate. So while we wait let's take a break for Friday Funnies. The story is funny in the way a two-headed calf wants to win a blue ribbon at the fair.
The latest news in our election cycle features the prospects of a woman who impacted lives of many of our readers, as well as the direct fortunes of any who work at or have retired from HP. Or any who will be separated from the vendor soon in the latest layoffs.
That would of course be Carly Fiorina, subject of scorn in both Donald Trump's eyes as well as derision from Yale economics professor Jeffrey Sonnenfeld. The professor wrote this week that Fiorina has learned nothing from her failures, or even admitted she's had any. And so, there's a criticism of his column afloat in the bowl of the 3000 world. Sonnenfeld's talks with former CEOs were not first-hand knowledge, the takeaway read.
Here I offer a subjective summary, and that criticism of the professor goes, "Do not measure Carly's impact on HP -- or her ability to lead -- by how other corporations fared during the same period when she was CEO. Or on the valuation of the company before and after. Measure her by how anybody would have fared, given what she took over starting in 1999. Also, understand that whatever you add up, it will be conjecture."
It's a good word. Conjecture is "an opinion or conclusion formed on the basis of incomplete information." By setting up a measurement problem so there is no constant -- to compare against, say, the veteran insider Ann Livermore, who HP passed over so Carly could get her job -- the measure will always be incomplete, clouded in imagination. In Catholic school, we were usually told at this point of our hard questions, "Well son, it's a mystery."
I believe the only way we'll ever see first-hand Carly-era information is an insider other than Carly who was an HP executive would write a book about the era. Say, Chuck House did that, didn't he? For those who don't know him, he was the leader of HP's software management, and that would include MPE. He was the only winner of what Dave Packard called HP's Medal of Defiance, for extraordinary defiance beyond the normal call of engineering duty. In 2009 House wrote "The HP Phenomenon; Innovation and Business Transformations." House has quite a bit to say about Carly's leadership (lordy, pages 403, 427, 443, 460, 471, 477, 480, 497, and 597) her Compaq decisions.
There's also a sheaf of pages indexed as "Vitriolic reaction." You probably would believe House has some first-hand experience of HP management, given that he was an executive manager throughout her HP service. House wasn't CEO, though. The only CEO who's created a book is Carly. She's so certain of her story she had to write two books.Come to think of it, maybe conjecture won't be the best word here.
When you look at the full history of HP's CEOs, it's not a group that's likely to deliver an insider's take on a hopeful story. After Bill and Dave retired from those posts, they died. John Young took the job and still lives, but he has enough sense to keep his head down in these leadership debates. Then there's Lew Platt (also retired and died), Fiorina, Hurd and Apotheker. Meg Whitman has been trying to pull HP's cart out of the ditch for more than four years. The latest tug is to pull away from the albatross PC business Fiorina pushed.
Fiorina's successors were bad, indeed. But no matter how bad any successor is, that doesn't change the mortal wound that the first savage can strike. A CEO who took the names of the founders off the company's logo, then removed one of their children from the board, might be summed up as having savage tactics. The leadership of Haiti comes to mind. Just search for "tontons macoutes" to get a peek at how such people stay in power. Haiti was once visited by cruise liners, before Papa Doc.
I was told a story by a well-loved HP executive who had the opportunity to lunch with his successor after retirement. "What in God's name has happened to HP stock?" he asked his replacement. It was second-hand experience the fellow was seeking, I suppose, to explain the first-hand experience that the retired manager was having over his retirement portfolio. I don't know who paid for lunch.
I continue to look for an HP employee or retiree who's feeling better about their portfolio, in the wake of Carly's ugly business decisions. Of course, once I hear that report, it will still be second-hand information. First-hand information, in case you were wondering, appears in print as "memoir" (business or otherwise) or "autobiography." Sometimes it could be labeled fiction, if its facts are not always so crucial. People do love a story.
I invite you to visit the bit of HP's story that includes choosing such a boat anchor for a CEO. "Perfect Enough" by George Anders includes a section where the author "discloses the role played by a powerful recluse in Idaho: the only person at HP who could bridge the old era and the new." That's the passing-over you read earlier, if I've kept you this far. As for that person's bridge, I think it's out. He's long gone, too.
In business, where Carly claims to have succeeded, the established coin of measurement is valuation. Either that, or love from the customers and employees. You don't need to be a professor of anything, let alone economics, to add up the former. Start your meters at the last HP stock split, in 2000. And for the latter measurement of love — well, you can go to the previous HP spinoff Agilent to find your Atomic Force Microscopes. I bet they still know something about measurement at Agilent.
We can't know if cruise liners will revisit the shores of the American dream in a Fiorina Administration. (My fingers just seized up trying to write those last two words together.) But it's not really conjecture about how HP's shoreline looked once her leadership dredged the company's passions for innovation.
September 22, 2015
Meetings serve futures. Most rely on pasts.
Last week I got a note from Terri Lanza, consultant to MANMAN and ERP users, asking about any forthcoming meetings for 3000 customers. Terri was a big part of the last HP 3000 meeting, the 3000 Reunion meeting that kicked off four years ago today. Lanza also queried ScreenJet's Alan Yeo, since Alan drove the engine of that Reunion while I helped organize and publicize.
Lanza is on the board of CAMUS, the user group devoted to ERP and manufacturing tech. "CAMUS was offered a place in California to gather," she said, "so our board wondered about choosing between San Diego and LA." Alan replied in short order that nothing is being planned for a 3000 meeting, and if anybody would know, it would be him. He kickstarted the meetings in 2005, 2007 and 2011. He even tried to turn the crank on a 2013 meeting. These things need financial support.
There's a great deal less purchasing among 3000 users four years after the Reunion. Purchases drive these tech meetings, but not just the sales pursued on an expo floor. Purchases of the past prop up meetings, as people try to better use the tech they already own.
That's why it's interesting to look at the content for many meetings among seniors like those who were at the Reunion. Tech meetings serve the drive toward futures, with talks about the Internet of Things or the Etch-A-Sketch wisdom on rules for social media. Learn, erase, learn again.
Legacy technology, though, tends to pay the bills for the bright-future meetings we used to attend. CAMUS is the exception, since its futures cover the survival of datacenters and legacy servers. Those are the servers that don't seem to get airtime, because their days of futures are supposedly over. Even HP seems to think so, if you look at what it's talking about at user meetings.HP's not counting on its legacy servers -- and an Integrity box is legacy like the 3000, just further up the road -- to float much of the company boat. Continued support of legacy systems can finance a visit to a sunny-futures meeting, though. The older generation does this support, and it pays for the dreams and foresight around newer technology. Or you hold a reunion, and remember what made you close friends, while you fought the fires of yesterday together.
But these days everybody is looking forward at expected change. Not much is changing about 3000s except for the age of their components. Humans always overestimate the amount of change coming into their lives, though. There's talk about manual driving becoming outlawed as self-driving cabs abound, or signboard ads at Macy's that will work better than an Onion gag about them. Someday we may be living in a world like those of the movies Total Recall or Minority Report. Walk slowly past that signboard. It could be sharing data that might live in an archived IMAGE database, which will be more reliable than split-second smartphone recognition.
Meetings serve a social need, and you never want to slag anything people are still investing time and money in. You can talk about the future with its uncertain changes, or gather survival advice to extend investments past. Maybe Google Hangouts or YouTube will give 3000 users a no-travel meeting option by next year. Since there's nothing under non-disclosure, the cybersecurity won't need to be advanced.
I remember attending a BARUG conference back in the 1980s in Santa Cruz. We enjoyed an expo space that overlooked the beaches and the suntanned pulchritude all a-frolic on the sands. Good times, but there was also talk on how to improve and extend what was still in use. We're betting that's become a mission for today's Web. If there's no travel budget, that'll work — and you won't have keep those bright-future shades trained on the changes that may never wash up on the sands of your datacenter.
September 14, 2015
We keep meaning to shut it down, but...
There's always acquisitions and mergers afoot in business, and the events have triggered some HP 3000 migrations. An entity gets acquired by a larger company that doesn't want to integrate MPE. The next thing you know, Windows is getting its call-up into a batting order where the 3000 used to play. (Sorry, baseball season's heating up as it winds down to the playoffs.)
A transaction that was announced this summer continued the journey of the Open Skies application that began in 1998 in the 3000 division of HP. In that fall, CSY General Manager Harry Sterling purchased the application that had helped to drive the 3000 and MPE into the airline business. "Harry, did you have to buy the company?" HP's next-level execs reportedly asked him. He bought it to show how Software as a Service could work on 3000s. HP called it Apps on Tap at the time.
Roll forward to July and see that the Amadeus Group started the purchase of Navitaire from Accenture. Navitaire became the proud owners of a farm of HP 3000s when the company purchased Open Skies early in the previous decade. By 2008, work was underway to move off those 3000s, a farm of more than two dozen of the N-Class servers. The software tracks mileage revenues and reservations and has been used by airlines including Canada's WestJet.
We got a report last week that a final N-Class server still is in operation, but it's destined for a shutdown. If only the overseas airline customers would stop needing historical reports from MPE/iX.A large-for-its-time array is still connected to a 3000 that's escaped the reaper's scythe so far. Mark Ranft, who's chronicled the transition away from MPE at Navitaire, let us know what's keeping a computer built 12 years ago serving some Navitaire customers.
All the customers have been switched over from HP 3000s. We still run an N-Class connected to an XP128 disk array for historical legacy purposes. It could be shut down soon, but we occasionally have a customer ask for some information from it. I guess other countries have unusually long timeframes for keeping detailed records of airline flights.
Navitaire had plenty of airline data business before it purchased Open Skies, but the reservation revenue-tracking software covered a new niche aimed at small carriers. HP only owned OpenSkies for about two years, then sold it to a subsidiary of Accenture. Within 18 months, HP announced its takedown of its 3000 operations. Accenture began developing a replacement called NewSkies, and by 2005 it started to inject it into spots where OpenSkies had served. Before that time, OpenSkies got upgrades from Navitaire, until HP called its halt to MPE/iX futures.
Open Skies, and its progeny New Skies, was always aimed at the low-cost airlines like RyanAir and WestJet. The 3000 had its introduction to airline reservation systems at what was a low-cost airline at the time, Southwest. Of course, Southwest is now the largest US domestic airline in passengers carried, and is paired with overseas partners. At the end of 1993, it bought tiny Morris Air to acquire 14 new Western US destinations, and discovered it'd bought the Morris "online reservation system," back when paper tickets were the absolute standard for air travel. It was like finding change in sofa cushions, including a rare coin.
The New York Times account of the transaction that brought the 3000 into the airline business makes no mention of the server or the software developed in Utah. Legendary CEO Herb Kelleher of Southwest was sharp enough to know low-cost operations would grow the company he founded, however. Morris was shaped like the Southwest of the 1990s, a company that knew a good server when it found one.
Southwest is more focused than Morris on attracting business travelers and is likely to try to attract more by offering more frequent flights. No Southwest routes overlap those of Morris, which will give Southwest a new presence in the Northwest and West, adding 14 cities to its schedule.
Asked about the Morris acquisition, Delta executives appeared sanguine yesterday. "We really don't see that this is changing anything," said Bill Berry, a Delta spokesman. "If we've got to face a competitor, we would rather face a competitor with costs that are much closer to ours."
Delta's reaction prompted a burst of laughter from Mr. Kelleher during a telephone interview yesterday. The cost structures of Southwest and Morris "are virtually the same," he said.
Southwest's adoption of the reservation software made e-tickets so essential that much larger airlines were forced to take up the service. By now, ordering a paper ticket carries a surcharge. Today's Southwest fleet of 600-plus 737s -- built at 3000-user Boeing -- now average six flights per aircraft per day. Delta had to merge with Northwest Airlines to keep up. Southwest turned off its last 3000 in the previous decade, though.
The deeper you go into the Morris-Southwest story, the better it gets. June Morris built her airline out of a travel agency business she ran in the back room of her husband's photo finishing business. Eventually there was a small fleet of chartered planes. Morris was the only female airline leader in the US at the time of the acquisition. The president of Morris Air at the time of the sale was David Needleman, who after leaving Morris went on to found a little operation called JetBlue. And JetBlue used HP 3000s as well, relying on Open Skies software from the start — the App on Tap that HP booked from Day One of JetBlue's operations. JetBlue and Southwest signaled a victory of midrange servers running TurboIMAGE/SQL over mainframes. JetBlue started up with less than a $1 million yearly IT budget.
Open Skies made its money by charging a fee per ticket booked. At the time JetBlue took off, a Computerworld article reported that flight reservations could be made on the Web "and by Touch-Tone telephone."
More than 500 Navitaire employees will go to Amadeus, a company that did 3.4 billion Euros of business last year. Navitaire's sale price was reported at $380 million in a July announcement, a deal that may close as early as next month. In the meantime there's one N-Class 3000 waiting for its retirement date, flying a route with a terminal destination — if one without an ETA.
September 02, 2015
The Heritage of Enterprise Consumerism
The heritage of your computer marketplace is driven by many more failures than successes. HP attempted to build a multiple operating system technology (MOST) system in 1993, mostly by re-engineering MPE and Unix software for customers who needed both environments.
MOST failed in alpha tests and taught Hewlett-Packard a lesson: do not promise so much flexibility that you kill performance. MOST was too slow to do the work of a single-OS system of the early '90s. The technology for multiple-OS computing was still five more years away, in Superdome. By the time HP polished Superdome, it lost its taste for expanding its MPE business.
That story has been echoed in the market many times. Virtualization and cloud solves such challenges today. But in 1993, NeXT Computer was killing itself by shipping a version of its OS that actually ran slower than the prior release. NeXT was the brainchild of Steve Jobs, who'd been kicked off Apple's throne by a board that was steered by John Sculley. Recent news has Sculley unveiling a new Android smartphone that won't be sold in the US. Aimed at China and emerging markets, this new Obi is, and so it avoids some competition with Apple.
Sculley, the former CEO of Pepsi, had been brought in to Apple by Jobs. The insanely great wunderkind knew he needed help to reach consumers. The move cost Apple momentum that elevated Microsoft and Windows to the top tier of business computing. Jobs tried to rebound with NeXT. Like MOST, the NeXT was way ahead of its time. Consumer-grade Unix was still 12 years away, lurking in the dreams for Mac OS X.
HP 3000 owners care about this because of their computer's heritage. Another consumer whiz, Dick Hackborn, climbed onto another board, HP's, and turned the LaserJet consumer reseller model onto the rest of HP's business. Direct contact with small to midsize customers became a task HP delegated. A 3000 shop that once knew its OS supplier through an SE or a CE had to learn to use resellers. The 3000 division lost track of the majority of its customers, and when the large sites yearned for a Superdome, nobody was able to keep in touch with customers who didn't need such a beast.
Sculley might do well with the Obi, even after a pratfall at Apple. On the other hand, the results might be Obi-Wan. It takes a failure to learn something, most times. MOST taught HP about speed, benefits, and the need for enough brainpower to enable something better (MPE) to drive something popular (Unix). The 3000's heritage flowed even and steady for awhile after Hackborn bent HP to a consumer beat. The loss of focus sealed the 3000's fate at HP, though.Enterprise and consumer computing were distinct entities when Scully and his pratfall pushed Jobs past another failure, NeXT, and into Apple. Now Scully will be competing with the ghost of Jobs, trying to sell a smartphone against the iPhone. But heritage does not mean that fate is cemented. The 3000 was never going to prosper in what HP was on the vanguard of building: enterprise consumerism. As it turns out, HP was not going to succeed at that either. Hackborn's board because erratic and dysfunctional.
While 3000 users plan their futures, they should look at the heritage of replacement candidates. A Scully smartphone will be as popular as Pepsi in emerging companies. It might be just as empty of enterprise sustenance, unless Sculley has learned the lesson HP has embraced: enterprise and consumer computer businesses should be run differently. In 60 days, Hewlett-Packard and HP will mean different things when the company recognizes the differences and splits.
August 26, 2015
Taking a Closer Look at 3000 Emulation
Emulation solutions have pro’s and cons. We caught up with Birket Foster this morning, after his company had suggested that emulation deserves a closer look. In our 8-minute podcast, I talked with him (over speakerphones on short notice, thank you) about how emulation really can be a solution to keep legacy applications vital. Companies, especially the small ones that still rely on MPE environments, want to protect their business investments. After all, investing in emulation solutions that can support your MPE legacy applications — well, it's critical to the future success of your organization. It can also be a key to greater efficiency, innovation and growth.
July 31, 2015
Zero day attacks: reports are dangerous, too
News has started to roil through the Android community about a fresh MMS attack vector for those devices, and last month reports rolled out about a similarly dangerous zero-day malware attack for Apple iOS. But what is zero day, and how can the news of these exploits be as damaging as the malware itself? Our security expert Steve Hardwick explains in this edition of Essential Skills, covering the non-3000 skillset for multi-talented MPE pros.
By Steve Hardwick, CISSP
Many computer users do not understand the term Zero Day and why it is so serious. To understand the term, it is first necessary to understand how an exploit works. In general, there are different types of exploits used on computers
1. Social attacks, phishing for example, which cause a user to unintentionally disclose information to a hacker.
2. Trojan horses, viruses that hide in otherwise legitimate applications. Once the legitimate application is launched, the Trojan horse releases the virus it contains.
3. Web attacks that trick users into divulging personal information using weaknesses in browsers and web server software
4. Application and OS attacks that use errors in the code to exploit the computer's programming
With the exception of the first category, these attacks rely on exploiting weaknesses in the underlying operating system and application code that runs on the computer. To be able to prevent this type of illicit access, the mechanism by which the malware is operating must first be understood. Therefore many researchers will examine operating code and look for these types of flaws. So will thousands of hackers. The challenge becomes how to mitigate such a vulnerability before it becomes a virus in the wild. That's where the Zero Day marker comes into play.The first, obvious response would be to fix the broken code. Although it sounds simple enough, it is not as straightforward as it seems. In order to prevent this type of condition occurring in the first place, software vendors will have development and test cycles that may take days or even weeks to complete. After all, it would not be good to develop a patch for one hole in the code only to create more. So it takes a finite period of time to detect the exploitation method the malware is using and then produce a patch that will fix the hole.
In many cases the research is done behind the scenes, and the security hole is fixed before it ever is exploited by hackers. In other cases a virus is spotted and the failure mechanism is already understood and a patch is in the works. For example, an application is compromised and the developer notices similar conditions can occur in other programs the software vendor produces.
Another response is to use anti-malware to protect against the threat. One of the main ways that anti-malware works is to look for signature patterns in downloaded or executing code. These patters are stored in a virus definition database. The supplier of the anti-malware solution will develop a profile of the malware and then supply a new definition to the database. As in the distribution of software patches, it takes time to define the profile, produce the signature definition, then test and distribute it. Only when the signature profile has been distributed is the computer system protected again
The time at which the malware is detected is called the zero day — as this starts the clock on the time between the detection and the distribution of the remedy. In the case of the software vendor, this would mean a patch for the broken code. In the case of the anti-malware vendor it is the time to provide the signature and deploy it.
The anti-malware vendor has the advantage that they are not supplying software to the machine. In many respects it is quicker to generate the signature and distribute it. For the software vendor there is the task of verifying that any new code does not affect the operation of the product, nor create any new vulnerabilities.
In either case, it is a race against time between the hackers on one side and the anti-malware or software vendor on the other. Furthermore, the end user is also in the fray. Whether it is a signature definition or a patch, the end user must download and install it. In many cases this can be automated, however, end users must have selected this option in the first place.
So when a zero day virus is announced, it means that the vulnerability has been made public and the software community needs to start to respond. There is a lot of debate as to the merits of announcing zero day exploits. There is concern that lower-skilled hackers will take advantage of the free research, and start to deploy viruses that exploit the disclosed vulnerability. The counter concern, as portrayed in the article about iOS cited at the beginning, is that the software vendor will not act on the research. No matter which side your opinion falls, it does not change the fact that a virus without a known cure is a very dangerous beast.
July 24, 2015
3000 world loses a point of technical light
Veteran engineer and developer Jack Connor passed out of worlds including the HP 3000's this month, dying at age 69 after a long career of support, volunteering, and generous aid to MPE users.
In a death notice posted on his local funeral chapel's website, Connor's story included Vietnam era military service, a drag racing record, and playing bass on Yummy, Yummy, Yummy, I Got Love In My Tummy, a single that went to No. 4 on the US charts. He had been the proprietor of a bar in Columbia, Missouri, known as Nasties, and a tea house in Columbus, Ohio, The Venus Fly Trap.
Connor played a role in the volunteer efforts for OpenMPE in the last decade. He was also the worldwide account manager for HP and DuPont in the 1970s and 80s, and the death notice reports he was involved in the first satellite uplink in history for commercial purposes. At the time of his death Connor was working at Abtech Systems and Support from Indiana, and at his own company, InfoWorks, Inc. In the months that followed HP's shutdown of its MPE lab, he created NoWait/iX, software that eliminated the wait for an HP technician to arrive, on a rush-charge time and materials call, to transfer an old HPSUSAN to a new 3000 CPU board.
NoWait/iX was intended for use "until HP can be scheduled on site at both HP and the customer’s convenience -- and not paying the emergency uplift charge," Connor said. "However, if a customer has a third-party tool which is no longer supported, or licensing is no longer available for an upgrade, NoWait/iX can operate indefinitely, returning the old information to that single product."
In the waning months of OpenMPE's activity, he chaired the board of directors and promoted the creation of a new Invent3k shared server. "Making Invent3K a repository for the community is the primary focus," he reported to us in 2011.
Connor was a frequent contributor of free tech savvy to the 3000 community, using the 3000 newsgroup as a favored outlet. Just this spring we relayed his advice about linking a 3000 with existing networks.What do I need to do on our MPE boxes to ensure that they will see new networking hardware? Does MPE cache the MAC address of neighbor gateways anywhere? I was thinking I needed to restart networking services, but I wasn't sure if anything more will be needed.
If you're taking it off the air for the network changes, I'd go ahead and close the network down until the work has completed and then reopen it. MPE will be looking for the IPs as it opens up. I know you can see the MAC addresses in NETTOOL, but I don't think they're of any import other than informational and for DTC traffic.
While serving on the OpenMPE board of directors, he also tracked down a data-at-rest security solution compatible with HP 3000s. 10ZiG's Security Group still sells the Q3 and Q3i appliances, one of which Connor put between a Digital Linear Tape device and a 3000. The results impressed him for a device that costs a few thousand dollars -- and will work with any host.
I tested an encryption box that sits between the DLT and IO card a year or so ago and it worked like a champ. It maintained streaming mode and all. However, it was in the $2,000-$3,000 range — and to be useful for a DR world, it would require two, so I haven't pursued actually recommending it.
He often helped out with IO and storage device questions in the 3000 community. For the Series 927LX, he noted that a DLT tape drive could be installed in the server that was designed in the early 1990s.
"This is not a problem as long as you have a free slot, or an open 28696A fast-wide card," he said. "I believe you need to be on MPE/iX 6.0 or 6.5 to go with a DLT8000. I'm sure a DLT4000 and probably a DLT7000 are okay." (The 28696A is a double-high interface device that permits the 927 to use HVD SCSI DLTs of 4000, 7000 or 8000 models.)
A simple search of the Newswire with "Jack Connor" turns up dozens of tips. Several 3000 veterans offered tributes in the wake of the Gary Robillard's news about Connor's passing. "He was a master at his trade," said Tracy Johnson.
"Jack was a great guy who would always help no matter the problem, time or distance," said Bill Long. "As I moved on to different companies Jack was always there to help. He did consulting work for us when I worked for a small semiconductor company in Newark DE. He wrote the exotic interfaces we needed. Just a few years ago he helped me when I was consulting for Dow Chemical and needed help with my in-home HP 3000."
"My dear friend and colleague, a frequent contributor to this list, passed away peacefully in his sleep after a long illness," Robillard wrote. "Words cannot express how greatly he will be missed by all who knew him."
On the tenth anniversary of HP's pullout notice for the 3000, Connor summed up his philosophy about helping in the MPE community. "I'd say we've all been a pretty good human chain holding the 3000 Community together," he said. "There's indeed life after HP, and a pretty full one so far."
He was laid to rest this past Sunday, and the obituary webpage included a link to the Van Morrison song "Into the Mystic," whose lyrics include these lines.
And when that fog horn blows I will be coming home
And when that fog horn blows I want to hear it
I don't have to fear it
I want to rock your gypsy soul
Just like way back in the days of old
Then magnificently we will float into the mystic
July 21, 2015
User group takes virtual tack for conference
A vendor with ties back to the 1980s of the HP 3000 world took several steps today into the new world of virtual user conferences. The education and outreach at the Virtual Conference & Expo came in part from Fresche Legacy, formerly Speedware, but it was aimed at that company's latest prospects: IBM Series i enterprises. Advances in long-form remote training, with on-demand replays of tech talks, gave the IBM COMMON user group members of today a way to learn about the IBM i without booking time away from workplaces.
The offerings on the day-long agenda included talks about vendors' tools, as well as subjects like "Access your IBM i in the modern world with modern devices." Customer-prepared talks were not a part of today's event; that sort of presentation has become a rare element in the conference experience of 2015. But some of the best HP 3000 talks at the Interex user group meetings came from vendors, lifted up from the ranks of users.
The virtual conference of today won't be mistaken for the full-bore COMMON Fall Conference & Expo of this fall. That's a three-day affair in Fort Lauderdale, complete with opening night reception and conference hotel rates at the Westin. A few days in Florida could be a perk for a hard-working IT manager, even in early October.
But the practices of remotely educating users about enterprise IT have become polished by now. Wednesdays in the 3000 world have often included a webinar from MB Foster, guiding managers in subjects like Application Portfolio Management or data migration. Those are more dynamic opportunities, with individuals on an interactive call using presentation software including a Q&A element. They also cover skills that are more essential to the migration-bound customers — although data migration skills promise great potential payback for any IT pro.But whether it's on-demand talks bolstered by chat requests at the COMMON event, or a phone and demo-slide package at a Wednesday webinar, training doesn't equal travel anymore. A three-day event would've looked small to the HP Interex user group member of the 1990s. Over the final years of that user group's lifespan, though, even a handful of days away to train and network at a conference became an on-the-bubble choice.
Making a migration from a legacy platform like the 3000 opens up the opportunity to increase the level of learning in a career. But even legacy computing like the IBM i can trigger reasons to train and explore fresh features. It's another reminder that what matters to a vendor is not necessarily the strength of a legacy server's ecosystem, but the stickiness and size of the installed base.
IBM's i still counts six figures' worth of installed customers, and many have links to other IBM systems. IBM could afford to take care of an established base of proprietary computer systems. The independent third parties like MB Foster and others that remained after HP exited have been left to care for 3000 users on the move, and otherwise.
July 20, 2015
The Weekend a User Group Went Lights-out
Ten years ago this week, the Interex user group went dark in both a digital and literal way. The organization that was launched 30 years earlier to serve HP 3000 customers took down its website, shuttered its servers, and shut out the lights to lock up its Sunnyvale, Calif. offices. A bankruptcy went into its opening days, one that would take more than two years to make its way into Federal Court. But the immediate impact was the loss of the tent-pole gathering for the 3000 community, that year's annual HP World conference.
Millions of dollars in hotel guarantees, prepaid advertising, and booth exhibitor rents went unpaid or unreturned. It was more than the loss of an event that had a 28-year history of joining experts with customers. The Interex blackout turned off a notable light that might've led to a brighter future for a 3000 community still looking for answers and contact with vendors and expertise.
Looking back from a decade later, signs were already evident for the sudden demise of a multi-million dollar organization with 100,000 members of some pedigree. Tens of thousands of those members were names in a database and not much more, places where the Interex tabloid HP World could be mailed to generate advertising revenues. A core group of users, devoted to volunteering and rich with tribal, contributed knowledge about HP's servers, was far smaller.
Interex was all-in on support and cooperation with the Hewlett-Packard of 2005, but only up to a point on a crucial user group mission. The group was glad to re-label its annual conference after the vendor, as well as that monthly tabloid. HP held the rights to both of those names once the group made that transition. There was an HP liaison to the group's board for decades. The key managers in the 3000 division made their first-person 2002 articles explaining HP's 3000 exit available to the Interex publications. Winston Prather wrote "it was my decision" on pages published by Interex.
But in 2004, HP sowed the seeds of change that Interex watered with a no-collaboration decision. User groups from the Digital VMS community agreed to cooperation with HP on a new user conference, one to be funded by HP. Interex's directors polled the member base and chose to follow an independent route. The Interex board would stick to its plans to exclusively produce the next HP World. Advocacy was at stake, they said, and Interex's leaders believed the group would need its own annual meeting to keep asking HP to do better.
HP began to sell exhibitor space for an HP Technology Forum against the Interex HP World booths. Just before the HP World San Francisco Moscone Center wanted its final payment — and a couple of weeks after exhibitors' payments were in hand — the tune the 3000 world heard was Boom-boom, out go the lights.The user group struggled to maintain a financial balance in the years following the Y2K ramp-up, according to one of its directors, an era when attendance at the group's annual shows fell steadily. Membership figures for the group, inflated to six figures in press releases during 2004, included a very broad definition of members. Hotels were reserved for two years in advance, with payments made by the group and still outstanding for millions of dollars.
One conference sponsor, Acucorp, was told by an Interex ad rep that the staff was led to the door. A user community labored mightily to recover contributed white papers, articles, and software from a company that was selling conference memberships right up to July 17.
Ten years ago on this very date, HP was already at work gathering up the orphaned attendees who held prepaid tickets and registrations as well as exhibitors with no show to attend. HP offered a complimentary, comparable registration to the Technology Forum for paid, registered attendees of HP World 2005. HP also offered discounted exhibition space at its Forum to "non-HP competitors" exhibiting at or sponsoring HP World 2005. If you were IBM, or EMC, and bought a booth at the Interex show, you had no recourse but to write off the loss.
The shutdown was not orchestrated with the cleanest of messages. Interex.org, a website archived hundreds of times by the Internet Wayback Machine since 1996, posted a report that was the equivalent of a busy signal.
It is with great sadness, that after 31 years, we have found it financially necessary to close the doors at Interex. Unfortunately our publications, newsletters, services and conference (HPWorld 2005) will be terminated immediately. We are grateful to the 100,000 members and volunteers of Interex for their contributions, advocacy and support. We dearly wish that we could have continued supporting your needs but it was unavoidable.
Within a week, planning from the 3000 user community was underway to gather together any customers who were going to the HP World venue of San Francisco anyway -- since they were holding those nonrefundable tickets, or had already paid for hotel rooms.
Companies go broke every day, victims of poor management, bad luck, or unavoidable catastrophe. Few organizations can avoid closing, given enough time. But for a founding constituency that based its careers on a server that rarely died, the sudden death of the group that'd been alive as long as the 3000 was striking, sad — and a mark of upcoming struggles for any group built to serve a single vendor's customer base. Even a decade earlier, according to former Interex chair Jane Copeland, a proposal to wrap up the group's mission was offered in an ever-growing heterogenous computing world.
“When I left, I said they ought to have a dissolution plan,” said Copeland, owner of API International. “The former Executive Director of Interex Chuck Piercey and I tried to get the board to do it — because we didn’t see the purpose of a vendor-specific group in an open systems market.”
A change in HP’s CEO post sealed the user group’s fate, she added. The arrival of Carly Fiorina shifted the vendor’s focus away from midrange computer users such as HP 3000 and HP 9000 customers.
“I think HP is probably the cause of this more than anything,” Copeland said. “As soon as [CEO] Lew Platt left HP, that was the end of Interex. Carly Fiorina wasn’t interested in a user group. She just wasn’t user-oriented. Before Fiorina, HP had one of the most loyal customer bases in the industry. She did more to kill the HP brand than anyone. She killed it in such a way that the user group’s demise was guaranteed as soon as her reorganization was in place. She didn’t want midrange systems. All she was interested in was PCs.”
Another HP 3000 community member saw HP's declining interest in the server as a signal the user group was living on borrowed time. Olav Kappert, whose IOMIT International firm has served 3000 customers for nearly 30 years, said HP looked eager to stop spending on 3000-related user group events.
"HP would rather not spend another dime on something that has no future with them,” he said. “It will first be SIG-IMAGE, then other HP 3000 SIGs will follow. Somewhere in-between, maybe even Interex will disappear."
July 16, 2015
Bringing the 3000's Languages Fourth
Documenting the history and roots of IMAGE has squirted out a stream of debate on the 3000 newsgroup. Terry O'Brien's project to make a TurboIMAGE Wikipedia page includes a reference to Fourth Generation Languages. His sentence below that noted 4GLs -- taken as fact by most of the 3000 community -- came in for a lively debate.
Several Fourth Generation Language products (Powerhouse, Transact, Speedware, Protos) became available from third party vendors.
While that seems innocent enough, retired 3000 manager Tom Lang has told the newsgroup there's no such thing as a Fourth Generation of any computer language. "My problem with so-called Fourth Generation Languages is the use of the term 'Language' attached to a commercial product," he wrote. The discussion has become a 59-message thread already, threatening to be the longest discussion on the newsgroup this year.
Although the question doesn't seem to merit debate, it's been like catnip to some very veteran developers who know MPE and the 3000. The 4GL term was probably cooked up by vendors' product managers and marketing experts. But such languages' value did exceed third generations like COBOL. The term has everything to do with advancing developer productivity, and the use of generations was an easy way to explain that benefit.
In fact, Cognos -- the biggest vendor of 4GLs in the 3000 world -- renamed its Powerhouse group the Advanced Development Tools unit, using ADT instead of 4GL. This was largely because of the extra value of a dictionary associated with Powerhouse. The dictionary was offered up as a distinction of a 4GL by Birket Foster. Then Stan Sieler, who's written a few compilers including SPLash!, a refreshed version of the 3000's SPL, weighed in with some essentials.One way to measure a language is to see if it's got a BNF (Backus Normal Form), one of two main notation techniques for context-free grammars. According to Wikipedia -- that resource again -- a BNF "is often used to describe the syntax of languages used in computing, such as programming languages." Sieler said that the refreshed SPLash! had a BNF for awhile. Then it didn't. And really, languages don't need one, he added.
The list of the 3000's 4GLs is not a long one. HP dubbed Allbase as a 4GL at the same time that name signified a 3000 database alternative. It was a tool to develop more rapidly, HP said. Transact appears on some 4GL lists for MPE, but it's more often called a 3.5 GL, as is Protos. Not quite complete in their distinctions, although both have dictionaries. These languages all promised speed of development. They rose up in an era when object-oriented computing, with reusable elements, was mostly experimental.
Foster explained what made a 4GL an advanced tool.
The dictionary made the difference in these languages, allowing default formatting of fields, and enforcing rules on the data entry screens. I am a sure that a good Powerhouse or Speedware programmer can out-code a cut and paste COBOL programmer by about 10 to one. It also means that a junior team member is able to code business rules accurately, since the default edits/values come directly from the dictionary, ensuring consistency.
Sieler outlined what he believes makes up a language.
We all know what a 4GL is, to the extent that there’s a ’cloud’ / ’fuzzy shape’ labelled “4GL” in our minds that we can say “yes or no” for a given product, program, language, 4GL, package, or tarball. And we know that Speedware, etc., fit into that cloud.
Does a language have to have a published grammar? (Much less one published by an international standards organization?) Hell no! It’s better if it does, but that’s not only not necessary, but the grammar is missing and/or incomplete and/or inaccurate for many (probably most) computer languages, as well as almost all human languages (possibly excluding some post-priori languages). I speak as a compiler author of many decades (since about 1973).
Our SPLash! language (similar to HP’s SPL/V) had a BNF — at the start. (Indeed, we think we had the only accurate BNF for SPL/V.) But, as we added things to the language, they may or may not have been reflected in the BNF. We tried to update the manual, but may not have always been successful … if we got the change notice updated, I was happy.
Adding the word "product" behind 4GL seems to set things in perspective. O'Brien offered his summary of the 3000's rapid languages.
Speedware, Powerhouse, and Protos all had components (Powerhouse Quick, Speedware Reactor) that had a proprietary language syntax that offered Assignment, IO, and Conditional Logic. As such, they meet the minimum requirements to be referenced as a computer language. TurboIMAGE has a syntax for specifying the database schema, but does not have any component that meet the IO, Assignment, Conditional Logic, so it does not meet the minimum requirements.
Speedware and Powerhouse have had similar histories, both offered as ADT products. But the companies that control them have diverged in their missions. PowerHouse is now owned by Unicom Systems. Speedware's focus is now on legacy modernization services and tools, although its own 4GL is still a supported product.
There's an even more audacious tier of languages, one that the HP 3000 never saw. Fifth-generation languages, according to Wikipedia, "make the computer solve a given problem without the programmer. This way, the programmer only needs to worry about what problems need to be solved and what conditions need to be met, without worrying about how to implement a routine or algorithm to solve them." Prolog is one example of this fifth generation. But even Wikipedia's editors are wary of bringing forth a fifth generation.
July 15, 2015
How to Keep Cloud Storage Fast and Secure
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In our series of Essential Skills, we cover the non-3000 skillset for multi-talented MPE pros.
By Steve Hardwick, CISSP
One of the many cloud-based offerings is storage. It moves data from the end device to a remote server that hosts massive amounts of hard disk space. While this saves local storage, what are some of the challenges and risks associated with the type of account?
Cloud data storage applications have been compromised through different weaknesses. Firstly, there is the straight hack. The hacker gains administrative access into the server containing the data and then can access multiple user accounts. The second one is obtaining a set of usernames and passwords from another location. Many people use the same usernames and passwords for multiple accounts. So a hack into an email server can reveal passwords for a cloud storage service. What are the ways to defend against this level of attack?
Encryption is always a good option to protect data from unauthorized users. Many service providers will argue that they already provide encryption services. However, in a lot of cases this is what is called bulk encryption. The data from various users is bundled together in a single data store. Then the whole data store is encrypted with the same password. This gives a certain level of protection, for example of the disk is stolen. But, if administrative access is gained, these systems can be compromised. A better solution is to choose a service that offers encryption at the account level.Another option is to encrypt the data before it is stored.This is probably the safest method, as the encryption application is not part of the cloud server, and neither is the password. There is a penalty of performance and time in creating and restoring the file, as it has to be encrypted/decrypted. Today's computer systems normally make short work of this task.
Finally, there is a common misconception that an encrypted file is bigger than the original. For good encryption they should be about the same size. The only challenge with any encryption is to make sure the password is safe.
If you use the same username and password, the best solution is not to do it. But the difficulty is having 20 different usernames and passwords and remembering them all. One option is to let the browser do the remembering. Browsers have the option of remembering passwords for different websites. The browser creates its own local store of the passwords. However, if the computer's hard drive crashes, so does the password storage.
The next option is to use an on-line password account. The bad news is that they have the same weakness as other types of on-line storage. LastPass was recently hacked, so many users were worried that their password lists were compromised. I use a password vault that locally encrypts the vault file. That file can then be stored in online data storage safely. Plus, if you chose the right password application, the vault is shared across multiple devices. This way, different accounts and passwords can be used for each account and still be available from a secure, but available location.
Online storage, offline access
Most of the time many of us have access to the cloud. But there are times when I would like to have access to my data, but I don't have Internet access. The best example of this is on the plane. Although Internet service is available on many planes, not everyone has access. So it is good to choose a service that has a client application to synchronize the data. This will allow copies of the same file to be kept locally and in the cloud. This can be important when looking at mobile solutions.
In many cases, mobile storage is preserved by moving the data into an online storage location. Storing all the music files in the cloud, and then finding that they are not available offline, can be very infuriating on a plane ride.
Compression to be free
Free storage on-line services are limited to a set amount of storage. One way to get around this is to use data compression. Most raw data files can be compressed to some extent. But bear in mind that most media formats, such as mpeg, mp4, or jpeg, have already been created using compression. Many other files, though, can be compressed before they are stored. Some applications — for example back-up apps — will give the user a choice to compress the file before it is stored. Not only does this reduce the amount of space the data takes in the online storage, it is also faster to upload and download.
July 13, 2015
Celebrating a 3000 Celebrity's (im)migration
Eugene Volokh is among the best examples of HP 3000 celebrity. The co-creator of MPEX (along with his father Vladimir) entered America in the 1970s, a Jewish immigrant who left Russia to arrive with his family as a boy of 7, destined for a notable place on America's teeming shores.
Those teeming shores are associated with another American Jew, Anna Lazurus, whose poem including that phrase adorns a wall of the Statue of Liberty. More than 125 years of immigrants have passed by that monument, people who have created some of the best of the US, a fact celebrated in the announcement of this year's Great Immigrants award from the Carnegie Corporation. Eugene is among the 38 Pride of America honorees appearing in a full-page New York Times ad (below, in the top-right corner) from over the Independence Day weekend.
Those named this year include Saturday Night Live's creator Lorne Michaels, Nobel laureate Thomas Sudhof, and Pulitzer Prize novelist Geraldine Brooks, along with Eugene -- who's listed as a professor, legal scholar, and blogger. All are naturalized citizens.
Eugene's first notable achievement came through his work in the fields of MPE, though, computer science that's escaped the notice of the Carnegie awards board. Given that the success of Vesoft (through MPEX and Security/3000) made all else that followed possible, a 3000 user might say that work in MPE brought the rest of the legal, scholarly, and blogging (The Volokh Conspiracy) achievements within his grasp.An entry in the Great Immigrants website sums up what's made him an honoree:
A law professor at the UCLA School of Law, Eugene Volokh is cofounder of the blog, The Volokh Conspiracy, which runs on the Washington Post’s website (which is independent of the newspaper). Before joining UCLA, where he teaches a myriad of subjects, including free speech law and religious freedom law, Volokh clerked for Justice Sandra Day O’Connor on the U.S. Supreme Court. Volokh was born in Kiev, Ukraine, when it was still part of the Soviet Union, and immigrated to the United States at age seven.
It's not difficult to find Eugene in the firmament of the American culture, with articles in the Post, the New York Times op-ed page, and interviews on TV networks and National Public Radio. But each time a 3000 user starts up MPEX, they light up the roots of somebody who migrated long ago, in an era when the 3000 itself was a migration destination, a refuge from the wretched existence of mainframes. We pass on our congratulations.
June 17, 2015
Passwords, MPE, and Security Flaws
Editor's note: in the past 24 hours the world has faced another breach of the LastPass security database, putting hundreds of thousands of passwords at risk. LastPass assures all of its users their passwords are secure after the breach — but change your master password anyway, they add. This makes it a good time to revisit security practices as they relate to the HP 3000 (thanks to Vesoft's Eugene Volokh) as well as our resident security expert Steve Hardwick. Sound advice stays fresh.
More than 30 years ago, VEsoft's Eugene Volokh chronicled the fundamentals of security for 3000 owners trying to protect passwords and user IDs. Much of that access hasn't changed at all, and the 3000's security by obscurity has helped it evade things like Denial of Service attacks, routinely reported and then plugged for today's Unix-based systems. Consider these 3000 fundamentals from Eugene's Burn Before Reading, hosted on the Adager website.
Logon security is probably the most important component of your security fence. This is because many of the subsequent security devices (e.g. file security) use information that is established at logon time, such as user ID and account name. Thus, we must not only forbid unauthorized users from logging on, but must also ensure that even an authorized user can only log on to his user ID.
If one and only one user is allowed to use a particular use ID, he may be asked to enter some personal information (his mother's maiden name?) when he is initially added to the system, and then be asked that question (or one of a number of such personal questions) every time he logs on. This general method of determining a user's authorizations by what he knows we will call "knowledge security."
Unfortunately, the knowledge security approach, although one of the best available, has one major flaw -- unlike fingerprints, information is easily transferred, be it revealed voluntarily or involuntarily; thus, someone who is not authorized to use a particular user id may nonetheless find out the user's password. You may say: "Well, we change the passwords every month, so that's not a problem." The very fact that you have to change the passwords every month means that they tend to get out through the grapevine! A good security system does not need to be redone every month, especially since that would mean that -- at least toward the end of the month -- the system is already rather shaky and subject to penetration.
There's a broader range of techniques to store passwords securely, especially important for the 3000 owner who's moving to more popular, less secured IT like cloud computing. We've asked a security pro who manages the pre-payment systems at Oxygen Financial to share these practices for that woolier world out there beyond MPE and the 3000.
By Steve Hardwick, CISSP
There has been a lot in the news recently about password theft and hacking into email accounts. Everything needs a password to access it. One of the side effects of the cloud is the need to be able to separate information from the various users that access a centrally located service. In the case where I have data on my PC, I can create one single password that controls access to all of the apps that reside on the drive plus all of the associated data.There is a one-to-one physical relationship between the owner and the physical machine that hosts the information. This allows a simpler mechanism to validate the user. In the cloud world it is not as easy. There is no longer a physical relationship with the user. In fact a user may be accessing several different physical locations when running applications or accessing information. This has led to a dramatic increase in the number of passwords and authentication methods that are in use.
I just did a count of my usernames and passwords and I have 37 different accounts (most with unique usernames and password). Plus there are several sites where I use the same usernames and password combinations. You may ask why are some unique and why are some shared. The answer is based on the risk of a username or password be compromised. If I consider an account to have a high value, high degree of loss/impact if hacked, then it gets a unique username or password.
Email accounts are a good example. I have a unique username and password for my five email accounts. However, I do have one email account that is reserved solely for providing a username for other types of access. When I go to a site that requires an email address to set up an account , that is the one I use. Plus, I am not always selecting a unique password. The assumption is that if that username and password is stolen, then the other places it can be used are only other web site access accounts of low value. I also have a second email account that I use to set up more sensitive assess, google drive for example. This allows me to limit the damage if one of the accounts is compromised, and so I don't end up with a daisy chain of hacked accounts.
So the next question is how do you go about generating a bunch of passwords? One easy way is to go into your favorite search engine and type in password generator. You will get a fairly good list of applications that you can use to generate medium to strong passwords. But what if you don't want to download an application -- what is another way?
When I used to teach security this was one trick I would share with my students. Write a list of four or five short words that are easy to remember. Since my first name is Steve we can use that. This of four or five short number 4-5 digits in length 1999 for example. Now pick a word and number combination and intersperse the numbers and letters S1t9e9v9e would be the result of Steve and 1999. Longer words and longer numbers make strong passwords – phone numbers and last names works well. With 5 words and 5 numbers you get 25 passwords. One nice benefit of this approach comes when you need to change your password. Write the number backwards and merge the word and data back together.
Once you have created good passwords, your next challenge is how to remember them all. Some of the passwords I use I tend to remember due to repetitive use. The password for logging into my system is one I tend to remember, even through it is 11 characters long. But many of my passwords I use infrequently -- my router for example, and many have the “remember me” function when I log on.
What happens when I want to recall one of these? Well the first thing is not to write them down unless you absolutely have to. You would be amazed how many times I have seen someone password taped on the underside of their laptop. A better option is to store them on your machine. How do you do that securely?Well, there are several ways.
One easy way is to use a password vault or password manager. This creates a single encrypted file that you can access with a single username and password. Username and password combinations can then be entered into the password vault application together with their corresponding account. The big advantage is that it is now easy to access the access data with one username and password.
The one flaw: what happens if the drive crashes that contains the vault application and data? If you wanted to get started with a password vault application, InfoWorld offered a good article that compares some leading products.
Another option is to roll your own vault services. Create a text file and enter all of your account / username / password combinations. Once you are done, obtain some encryption technology. There are open source products -- truecrypt is the leader -- or you can use the encryption built into your OS. The advantage of using open source is that it runs on multiple operating systems. Encrypt the text file by using your software. Take caution to not use the default file name the application gives you, as it will be based on your text file name.
Once you have created your encrypted file from the text file, open the text file again. Select all the text in the file and delete it. Then copy a large block of text into the file and save it (more then you had with the passwords). Then delete the file. This will make sure that the text file cannot easily be recovered. If you know how to securely delete the file do that instead. Now you can remotely store the encrypted password file in a remote location, cloud storage, another computer, USB drive etc. You will then have a copy of your password file you can recover should you lose access to the one on your main machine.
Now, if you do not want to use encryption, let's look at why not. Well, most programs use specific file extensions for their encrypted file. When auditing, the first thing I would look for is files with encryption extensions. I would then look for any files that were similar in size or name to see if I could discover the source. This includes looking through the deleted file history.
The other option is steganography, or stego for short. The simple definition is the ability to bury information into other data – for example, pictures. Rather than give a detailed description of the technology here, take a look at the Wikipedia page. There is also a page with some stego tools on it . For a long time my work laptop had a screen saver that contained all my passwords. I am thinking of putting a picture up on Facebook next.
Here are a few simple rules on handling multiple passwords
1. Try and use uniques usernames and password for sensitive account. You can use the same username password combination for low sensitive accounts.
2. Run through an exercise and ask yourself, what happens if this account is hacked. So don't use the same username and password for everything.
3. Do not write down your passwords to store them.
4. Make sure you have a secure backup copy of your passwords; use encryption or steganography.
If you want to do some extra credit reading on passwords, there are two good references out there and they are free. The National Institute of Standards and Technologies has a library on security topics that is used by the federal government., a good publication on passwords.
The SP 800-118 DRAFT Guide to Enterprise Password Management focuses on topics such as defining password policy requirements and selecting centralized and local password management solutions.
Steve Hardwick is the Product Manager at Oxygen Financial, which offers advanced payment management solutions. He has over 20 years of worldwide technology experience. He was also a CISSP instructor with Global Knowledge for three years and held security positions at several companies.
June 08, 2015
In 20th year, NewsWire digital turns 10 today
A decade ago today, this blog received its first post. On June 8 of 2005, a death in the 3000's family was in the news. Bruce Toback, creator of several 3000 software products and a man whose intellect was as sharp as his wit, died as suddenly as HP's futures for the HP 3000 did. I wrote a brief tribute, because Toback's writing on the 3000-L made him a popular source of information. His posts signed off with Edna St. Vincent Millay's poem about a candle with both ends alight, which made it burn so bright.
I always thought of Bruce as having bright ends of technical prowess along with a smart cynicism that couldn't help but spark a chuckle. His programming lies at the heart of Formation, a ROC Software product which Bruce created for Tymlabs, an extraordinary HP software company here in Austin during 1980s and early 90s. Toback could demonstrate a sharp wit as well as trenchant insight. From one of his messages in 2004:
HP engineer [about a Webcast to encourage migration]: During the program, we will discuss the value and benefits of Transitioning from the HP e3000 platform to Microsoft's .NET.
Bruce: Oh... a very short program, then.
In the same way Toback's candle burned at both ends, I think of this blog as the second light we fired up, a decade after the fire of the NewsWire's launch. Up to this year we burned them both. Now the blog, with its more than 2,600 articles and almost 400,000 pageviews, holds up the light for those who remain, and lights the way for those who are going. This entry is a thank-you for a decade of the opportunity to blog about the present, the future, and the past.
We always knew we had to do more than give the community a place to connect and read what they believed. We're supposed to carry forward what they know. The NewsWire in all of its forms, printed and digital, is celebrating its 20th year here in 2015. A decade ago our June 2005 blogging included a revival of news that's 20 years old by now. It's news that's still can still have an impact on running a 3000 today.In the blog's first month of 2005, I wrote
"HP 3000 enhancements can travel like distant starlight: They sometimes take years to show up on customer systems. A good example is jumbo datasets for the 3000's database. Jumbos, the 3000's best tool for supporting datasets bigger than 4GB, first surfaced out of HP's labs in 1995, just when the NewsWire was emerging. We put our news online in the months before we'd committed to print, and our report of September 1 had this to say."
HP will make the enhancement available as part of its patch system, bypassing the delay of waiting for another full release of MPE/iX. But there are already discussions from the HP 3000 community that a more thorough change will be needed before long — because 40-gigabyte datasets someday might not be large enough, either.
"Why care about 20- or 10-year-old news? Because the 3000 has such a long lifespan where it's permitted to keep serving. In the conservative timeline of 3000 management, jumbos were the distant starlight, only becoming commonplace on 3000s a decade later. Jumbos are finally going to get eclipsed by LargeFile datasets. HP's engineers say their alpha testing to fix a critical bug in LFDS is going well."
"Like the jumbos before them, LFDS are also going to get a slow embrace. How slowly did jumbos go into production systems? Five years after jumbos first emerged, John Burke wrote in our net.digest column "it is hard to tell about the penetration of jumbo datasets in the user community beyond users of the Amisys application." His column also offered some tips on using jumbos, even while database experts in the community continued to lobby for a way to build larger files."
That reporting in 2005 marked the first time in a decade that 3000 customers could build a dataset as big as they needed. Up until then, LFDS had not been recommended for 3000 customers except in experimental implementations.
The nature of the 3000 community's starlight made a 10-year-old enhancement like jumbos current and vital. Alfredo Rego of Adager once said that his database software was designed like a satellite, something that might be traveling for decades or more and need the reliability of spacecraft to go beyond the reach of support transmissions. HP's signal for 3000s has died by now. We hope to repeat signals, as well as report, for more than another decade, onto the cusp of MPE's calendar reset of 2027. Thanks for receiving these transmissions.
May 20, 2015
Discovering HP's Futures
In a couple of weeks HP computer users will gather for an annual conference in North America. For the past five years, the meeting has been called HP Discover. This year's event is promising to show off visions of the future. Pictures of stalwart enterprise community members will be harder to find.
Among the HP technologies developed as computing environments, only HP's Unix will have a Special Interest Group Forum at the June 2-4 conference. Searching the sessions database for the letters VMS -- pretty special to the Digital customers that HP preferred to serve futures to versus 3000 sites -- yields no hits. If VMS is being discussed at HP Discover, it's likely to be just a topic on the floor.
Stromasys will be on that floor, talking about several platforms whose HP futures have already or will soon enough expire. Charon HPA, emulating the HP 3000 hardware, as well as virtualization products for the Digital systems and even Sun's Solaris computers will be demonstrated. Sarah Smith of Stromasys says it's a regular stop in the company's itinerary.
"At the booth we'll be doing demos of Charon," she said. "We've been going for years. VAX, Alpha, and PDP were all DEC products, so we talk about all of them at Discover."
Meanwhile, HP will be talking about many commodity solutions along with The Machine, its project to deliver six times more power than current computer systems on 1.25 percent of the energy. Its big idea is universal memory, driven by the elusive memristor HP first began discussing in 2008. Universal memory is as inexpensive as DRAM, as speedy as static RAM, as non-volatile as flash memory, and infinitely durable. The Machine is an HP Labs project reputed to have requisitioned 75 percent of the Labs' resources. Its delivery date is far enough out in the future that hearing about its potential is still just about all anybody expects this year, or next.The HP North American shows were once all about users, and then after awhile, all about the products the vendor had delivered and were in use in the field. The HP 3000 slipped out of the session list at HP Discover around 2010, and now the VMS platform hasn't qualified for as much time as The Machine. The conference does gather a nice sheaf of customers to go along with a thicket of HP staff. Even before the show was renamed from the HP Tech Forum, it had tilted toward sales-to-customer events with more than a few NDAs to keep out the riff-raff.
HP Innovation Brought to Life in Film will tell attendees they can "Get a glimpse into some of the revolutionary technologies HP is tackling that address the most complex challenges and opportunities for our customers and our society in the next decade and beyond." There's not much point in setting out session times for an hour on something like improving performance of an HP-specific database, because by now such a thing has dropped off HP's discovery map. That's 20th Century computing, anyway.
But despite the habit of eschewing topics like VMS, MPE, and other HP legacy creations, the company hasn't lost its taste for invention altogether. A panel of HP Labs researchers will offer "a closer look at what it takes to make The Machine change everything we know about computing. This radical new approach will fuse memory and storage, flatten data hierarchies, bring processing closer to data, embed security throughout the hardware and software stacks and enable management of the system at scale."
There was a time when HP's chalk talk about such a product would only have emerged when the product shipped, or at least was priced. When the first HP 3000 Spectrum systems -- the PA-RISC emulated by Charon -- slipped into release, the HP Journal ran tech articles on how they were breaking ground. Aiming at a high bar like "changing everything we know about computing" sounds a lot like a concept film of the 1980s or 1990s HP. Great fun, but perhaps not as immediately useful as the networking within a SIG Forum. At least HP-UX still has that much to count upon in two weeks' time.
May 18, 2015
Portfolios That Make a Path to the Future
Wednesday afternoon (2 PM Eastern time, US) MB Foster is educating IT managers on the business case for using Application Portfolio Management. (Register here for the free event.) APM has gained a lot of traction in boardrooms and the places where analyst reports score points.
Gartner's researchers report that "Application portfolio management is critical to understanding and managing the 40-80 percent of IT budgets devoted to maintaining and enhancing software." HP 3000 managers, and especially those who are on the move to a new computing path, understand how much of their work has always gone into extending and repairing apps that make a difference.
Foster's team says that APM "changes the way you manage IT assets. Without proper visibility, IT executives can never be sure that they are investing appropriately by acquiring enhancing or retiring, the right application at the right time. Without visibility, APM is simply impossible without an ongoing view of IT investments."
In this Wednesday's webinar, Birket Foster will highlight the business case for APM, and outline "where you should start, mapping your portfolio, building a score card, examining business and technical fit, understanding benefit and risks and other subject related content." Foster's been talking about APM for more than 10 years, just about the whole time 3000 migrations have been in play.
APM can begin by delivering a means to increase the visibility of HP 3000 apps. And if that MPE visibility leads to a more energized transition plan — because now the executive management sees how vital the MPE/iX application is to meeting company goals — that's a good thing as well.Retiring out with the HP 3000 has been an option for some managers. But for many others, outlasting the server is becoming a genuine challenge. Leaving a legacy as an IT pro, instead of just the 3000 expert, is a way to revitalize a career.
You have to know how to treat applications as assets, to frame software as if it's as essential as cash on hand for a company. APM doesn't get cited much by the 3000 manager who's worked as a technologist to deliver value to a company. This is the business side of business computing. Learning more about that side gives a manager a greater skill set. Best of all, these practices make it easier to justify IT acquisition and expansion and yes, even a migration with its profound expenses.
Foster says that IT organizations and technology leaders are missing out on an opportunity to reduce IT costs, optimize applications, and deliver value back to the business. "With a bottom-up analysis for top-down decisions, IT departments move from an unclear inventory of applications with limited understanding of each, to a defined inventory with actionable information on the business value and technical condition of each application."
IT wants executive management to understand the condition of applications, built, bought, or accumulated through M&A, as well as how the apps affect and grow the business, and how they affect the bottom line and future budgets. APM can show what skills are required to manage and maintain the portfolio, and where succession planning plays a role.
May 13, 2015
Deciding Which Cloud Cabin To Ride
Trends in IT management are pushing server management into co-located and cloud-based service providers. If a path toward migration seems to lead toward services rather than servers, there are some developments to note while choosing a place to relocate the apps on critical servers.
Amazon is the leader in the cloud computing space with its AWS business. But just until recently, the world didn't know specifics of how well AWS was earning. It turns out that cloud services are one of the few Amazon products making a generous profit. And the existence of profits goes a long way toward protecting the future of any product or service. The 3000 is supposed to have crossed over from profitable to not so during the period after Y2K.
Once the system's projected revenue line dipped below the projected expense line, at that point you could say even those inside HP considered MPE servers a dead product. It didn't happen until after that Year 2000 bubble, though. The HP 3000 owner, having experienced this, will be wary of any single point of solution failure.
AWS is well above such a line. Other companies, such as HP, are not breaking out their cloud business results. But HP is making a point of promoting its latest HP Discover conference around the cloud concept. You can even ride in a cloud, the vendor promises, next month in Vegas.AWS owned more than 25 percent of the cloud infrastructure revenues during 2014, according to the Synergy Research Group. It's such a dominant share that the closest competitor, Microsoft, has only 10 percent, and IBM has 7. Rackspace, a preferred solution for the Charon virtual 3000 solution, comes in at 3 percent. HP's at under 1 percent, one of a host of companies who make up almost half of what's left over.
How big is cloud at AWS? Amazon said it had revenue of $1.57 billion during the first three months of the year. The company said its operating income from AWS was $265 million. Nothing that HP builds returns that kind of profit, except ink and paper.
But at the Discover show in Las Vegas, attendees can win "a VIP ride in the cloud on the High Roller with Connect and Ingram Micro on June 2, 2015. Join us as we journey 550 feet into the cloud over the beautiful Las Vegas landscape while networking and enjoying the ride."
Amazon is going to sell more than $5 billion in cloud services this year, by the company's reports. HP's still calling cloud computing "the new style of IT," and the strategy is pretty new to the IT director who's been managing local and networked servers for several decades. The Hewlett-Packard view from the clouds will include a Special Interest Group meeting for cloud computing during the June 2-4 show.
Hewlett-Packard has announced that it will spend $1 billion by the end of next year to help its customers build private cloud computing. Private clouds will need security, and they'll begin to behave more like the HP 3000 world everybody knows: management of internal resources. The difference will reside in a standard open source stack, OpenStack. It's not aimed at midsize or smaller firms. But aiding OpenStack might help open some minds about why clouds can be simple to build, as well as feature-rich.
May 04, 2015
Candidate Carly looms like 3000 migrations
3000 community pundits and veterans will say Hewlett-Packard's pushing the server off its price lists was inevitable. Today that migration slog seems to hold the same charms as the just-announced candidacy of the HP CEO during that era: Carly Fiorina.
Announcing her run for the presidency will assure Fiorina of much attention, from the requisite Secret Service detail to a raft of coverage about being a female candidate running against another inevitability, Hillary Clinton. The attention will continue to mount upon her term at the HP helm, though, a period that even her fellow Republicans struggle to present as a success.
The similarities between government politics and tech business politics are now in the spotlight, though. Computerworld was writing a story about the intersection today.
Regarding the US presidency, citizens and voters can't go back for more Barack Obama. The 3000 owners couldn't go back for more servers after HP stopped making the computers in 2003, either. Everybody must move on from our current president, just like Fiorina's HP forced the 3000 owners to move away. So very many have moved. But so very few are using any HP product to replace their 3000 operations.
Showing off the hubris that would be echoed in her other attempts, first business and then political, Fiorina's HP alleged in 2002 that more than 4 of 5 customers would be off MPE within four years. Counting the unfinished or un-funded migration projects, close to 4 in 5 customers remained on MPE and the 3000 when that four-year-deadline rolled past. It was more complicated to curtail 3000 computing, just like it'll be complicated for Fiorina to paint her 5-plus HP years as a success.
But that doesn't mean she won't try. However, as the San Jose Mercury News wrote in an editorial, “She takes the Silicon Valley motto that it’s ‘OK to fail’ a tad too literally.” The paper's calling for more women in politics – except Carly Fiorina. The 3000 community only seems to embrace Fiorina's latest political jitney romp as an alternative in the last resort to a Hillary Clinton presidency.
"Killing the HP 3000 was a small pittance compared to the disaster she did to HP," said EchoTech's Craig Lalley today. "No, I would not vote for Carly. But then again, if the two final candidates are Carly and Hillary..."Fiorina has inspired vitriol that remains vivid a decade after she left HP. It's hate for unneeded change coming from her detractors among HP customers. "I'd hate to think of her doing to the country what she did to HP," said Ted Johnson on the 3000 newsgroup this afternoon.
Johnson was one of many around the country today who pointed to a carlyfiorina.org web page that was filled with frowning emoticons. 30,000 of them, the number that Michael Link, assistant director of digital strategy at the Service Employees International Union, says Fiorina laid off at HP. Link adds that Fiorina said she'd only change one thing about those layoffs today: "I would've done them all faster."
A story in the Guardian said the oversight of grabbing such an obvious domain could hurt Fiorina's fundraising.
A campaign team that fails to purchase all permutations of its candidate’s name as even a potential redirected domain is not likely to have repercussions with voters directly, said Peter Shankman, a marketing expert and author of the book Zombie Loyalists. But it might be a more serious problem for backers trying to decide which horse to bankroll in the upcoming election.
“The people who are donating money will look at that as a clear warning sign,” he said. “It’s like spelling something wrong on a cover letter or a resume.”
3000 reseller John Lee said, "If I recall correctly, she didn't kill the 3000, one of her predecessors did. She could have revived it though. Instead, she bought Lear Jets and Compaq. And then tried to follow IBM and Perot Systems by forming a Services group?"
The jets were a sore thumb of a reality, but killing off the 3000 did happen on Fiorina's watch. She joined the company in the summer of 1999, when the vendor was still on the cusp of carrying the 3000 across the Y2K chasm. No killing of 3000s was done deliberately in a period when every customer was shouldering a bigger IT budget, and dot-coms were elevating customer count.
Fiorina claims that HP was a laggard in the computer industry when she arrived, but the company has the ninth-oldest web domain in the world. Where the company lagged was in low-profit computer sales. The Compaq buy-up took care of that lag, even while it drove off those tens of thousands of employees.
Amid the reports on the reality of Fiorina's tenure — a time when HP nearly doubled its revenue but saw its profits drop by one-third, a time when she was sued by both the board of directors as well as the son of HP founder Bill Hewlett — there's some gallows humor afoot, too. HP was big on ending the 3000 while she served, after all.
"I'm ready to know this," said one 3000 manager who didn't want his name used. "When does Carly announce the End of Life for her bid?"
April 22, 2015
Essential Skills: Avoiding A King's Ransom
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for multi-talented MPE pros.
In a recent message on a 3000 developer mailing list, one MPE expert warned of the most common malware attack of 2015: Ransomware. "This is probably the most likely thing to happen to your computer if you click on the wrong thing today," Gavin Scott reports.
It's a nearly perfect criminal scheme.You get the malware on your system and it encrypts all files of value with a randomly generated key, and directs you to send $300 in bitcoin to them in order to get the encryption key to get your files back. It will encrypt every drive it can get access to, so a lot of people get their backups infected in the process of trying to recover. If you pay the $300, then by all reports they do give you the key, you get all your files back, and they don't bother you again. They even direct you to bitcoin ATM companies who reportedly spend much of their time these days providing technical support — to help Grandma operate the bitcoin system to pay her computer ransom.
To explain the fate of having to toss out computers in the IT shop which cannot be ransomed, we call on our security expert Steve Hardwick for some insights.
By Steve Hardwick, CISSP
In a previous article I looked at a Man in the Middle attack using SuperFish. That malware effectively bypassed the encryption built into HTTPS and so allowed Lenovo to inspect secure web traffic. There's another type of encryption hack that's becoming a serious threat: Ransomware.
In standard symmetric encryption, a key — a password — is used to scramble the information to render it undecipherable. The same key is then used to allow a valid user to convert that data back into the original data. Encryption systems ensure that anyone without a key will be unable to reconstitute the original data from encrypted data. Another key component (forgive the pun) is the password used to generate the encrypted data. If a valid user is not able to access the key, then they no longer have access to the data.
In many situations as a security professional, I've been asked how to recover encrypted data after the encryption key has been lost. Despite what TV shows depict, this is not as easy as it looks. Typical recovery of encrypted data is time consuming and costly. The first thing any security professional will say when an encryption key is lost is, "Just recover your data from your backup." But today there's a type of virus out there that uses this weakness, and can compromise backups, too.Ransomware takes data on a machine and encrypts the information, including every data file. The catch to this encyption is that the key is not provided to the user. Typically a message appears telling the user how to get a copy of the decryption key, obviously involving payment. The user is now left with a machine where the data is not accessible unless the encryption key can be obtained. The machine is commonly called a brick. The question now becomes, is there any way to retrieve the data without becoming a victim of extortion?
The actions that can be performed after this attack are very limited. Cracking the encryption itself is going to be difficult at best. Perhaps the one method that can be used is to hope that the virus has been reverse-engineered, so the decryption key is found. There's one common ransomware virus, CryptoLocker, whose code has been cracked and a solution posted for victims to use for free. But you may not be so fortunate. As the time honored saying goes “The best form of defense is a good offense.” Putting provisions in place before the attack is the best way to prevent this extortion.
Here is a list of these measures:
1) Make sure the machine is backed up regularly. It is a good idea to make sure that the backup you are using cannot be compromised by the same virus. For example, some viruses are able to infect the backup as well as the source. That means storing a recent backup offline.
Ed: It's also important that your backup solution does versioning. You don't want to write over a good backup with a bunch of encrypted garbage.
2) Keep your operating system and application software up-to-date with the latest patches.
3) Do not follow unsolicited web links in email
4) Keep your anti-virus software up to date
5) Try to get Windows users not to run with Administrative privileges, which are more prone to attack.
By using these methods, not only will you be less susceptible to ransomware, you will also be less vulnerable to other problems such as other viruses, hard drive failure and loss of your machine.
April 10, 2015
Putting ERP Securely On Your Wrist
HP 3000 ERP solutions are hosted natively on servers, and some of them can be accessed and managed over Apple's mobile tablets. But the Apple Watch that's due in two weeks will bring a new and personal interface for enterprise servers. Indeed, a well-known alternative and migration target for MANMAN and other MPE apps is climbing aboard the Apple Watch bandwagon from the very first tick.
Salesforce has a Watch app coming out on launch day that ties into a business installation of the storied application. Incredible Insights Just At A Glance, the promo copy promises.
Access the most relevant, timely data in seconds. Swipe to see dashboards, explore with lenses or use Handoff to work seamlessly between Apple Watch and iPhone. And use Voice Search to surface a report, view a dashboard, or find other vital information in seconds.
As mobile computing takes a new step with the Watch -- a device that Apple's careful not to call a smartwatch, as it's more of an interface for a smartphone -- security remains a concern. Apple has been addressing it by recognizing the Four Pillars of Mobile Security. A little review can be helpful for any IT pro who's got mobile devices coming into their user base. That's the essence of BYOD: Bring Your Own Device.According to enterprise Mac management software vendor JAMF, securing a mobile system, whether it's a tablet like the TTerm Pro-enabled iPad, a smartphone or a laptop, "requires careful attention to four key areas."
- Data at rest — Securing data on a device
- Data in transit — Securing data as it moves over a network connection to the device
- Application security — Installing trustworthy software from a safe source
- Patching — Keeping software up to date to avoid vulnerabilities
To implement good security reliably throughout an organization, three additional capabilities are crucial:
- Device management — Deployment, application distribution, security policy enforcement
- Reporting — Inventory of all devices and their configuration
- Auditing & remediating — Audit for compliance to security standards and tools to remediate as needed
JAMF sells its Casper Suite as a tool to manage enterprise-grade Apple platform installations. There's bound to be something just as thorough for the Windows-based user community. It's one more thing to ensure is a part of a migration plan, as the 3000's ERP data moves into a fresh generation.
For reference, to help research the caliber of such a Windows-based strategy, here's the breakdown that JAMF provides in a white paper about securing mobile data as well as Apple does.
1. Data at rest — The iPhone and iPad features hardware-based encryption for data at rest that is enabled by default. For Mac, the FileVault whole disk encryption system (a native feature in OS X) protects data with virtually no impact to system performance or battery life.
2. Data in transit — Apple devices can connect via VPN (Virtual Private Network) to secure data in transit. No additional software is required to take advantage of this security feature, and once configured it is transparent to the user.
3. Application security — One of Apple’s best contributions to the IT security field is their App Store ecosystem. Apple reviews all software submitted to the App Store to weed out malware. Each software package is cryptographically signed to prevent any tampering with the files. OS X and iOS are configured to reject any software that lacks a signature. IT staff can sign their own software packages to take advantage of this application security layer.
4. Patching — Since the dawn of computing, all software includes some number of defects or bugs. Some of these defects can be used by malicious attackers to gain access or steal information. The best practice for IT security is to keep all software up to date to eliminate vulnerabilities as they’re discovered. Apple makes this easy with native software patching utilities built-in to the OS. IT staff can host an Apple Software Update Server on the corporate network to speed up patching.
There's a bit of "every problem seen as a nail" with Apple's tools acting as a hammer here. But closed ecosystems have been essential to 3000-grade reliability for decades. Apple controls every aspect of the ecosystem as much as HP did with the 3000, making hardware as well as operating systems. A turnkey solution usually saves time and resources.
April 08, 2015
Essential Skills: Man In The Middle Attacks
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for such multi-talented MPE experts.
By Steve Hardwick, CISSP
Lenovo recently made news in the security industry, and it was not good news. The PC manufacturer was shipping a copy of the Superfish malware with its machines. The software executes a threat known as “man in the middle.” Once it was discovered, companies were advised to remove it, yes. But what is a man in the middle attack, and why is it so dangerous?
Superfish compromises the HTTPS security protocol. It will intercept HTTPS requests made by a browser. It then uses a program to connect to the target website. At the same time it sends its own public key to the browser, and has it trust it. Instead of data coming back from the website to the browser, it now comes to the Superfish program.
Normally, encryption is viewed as using a password or phrase to generate a key. The key is then used to encrypt a set of data in clear text. The resulting cyphertext is then sent to the recipient, who must have the original key to decode it. This is commonly referred to as symmetric encryption: used just for a session, the same key both encrypts and decrypts the data.
The Superfish malware extracts a symmetric key from the website and passes it on. The browser thinks it has a secure connection to the website, when in fact Superfish is now listening to all of the communication from the PC to and from the website. Superfish was originally used to intercept Web traffic and surreptitiously record where the PC's user went on the Web. In addition, it opens up very nasty holes for hackers to use.What's at stake? Superfish is recording traffic that can include a lot of private information: Social Security numbers, banking details, credit card numbers, or health information. All a hacker has to do is to break into Superfish and take a copy of the data that it stores back to their location. There it can be reviewed and the personal data extracted.
Second, since the Superfish application is the one validating the digital certificates, false certificates can be installed. This allows a hacker to install a false certificate for a banking site. The user would connect to their back, and instead the hacker would use Superfish to connect to their site. The user would feel safe that the HTTPS connection had been made and all of the data was secure. However, the hacker is now collecting all this private information.
This was a bad security hole. Users were initially unaware of the application that was loaded by this PC manufacturer. There are now many sources of instructions on how to remove this piece of malware. How could this have been avoided in the first place? First of all, it is worth checking the installed program list of any new machine. Work through the list of programs and then use a browser to look up ones that do not look like standard applications. Superfish came up as VisualDiscovery for example.
Sometimes programs like this get loaded when other programs are loaded or upgraded. Browser search bars can get in that way. The only certain way to remove Superfish is to completely wipe the hard drive, and then reload the operating system from scratch, only putting in the programs you want. In many corporations, machines are rebuilt like this using an image of a hard drive that was previously configured safely.
But what is a man in the middle attack, and why is it so dangerous? It helps to know how computers encrypt data.
How encryption works
We begin with understanding how computers identify their partners. One of the major challenges of symmetric encryption is how to deliver the symmetric key safely to the recipient.
To overcome this challenge, Whitfield Diffie and Martin Hellman devised a method of exchanging keys called asymmetric encryption. In this approach, one key is used to encrypt the data and a different key is used to decrypt the data. The two keys are created as a pair. The encryption key, since it is not disclosed, is called the Private Key. The second, which can be distributed, is called the Public Key. Additionally, the public key can be used to encrypt data and the private key used to decrypt it. Using the public key to encrypt a symmetric key allows it to be decrypted only by the user that has the corresponding private key.
The next challenge that arises is verifying public keys. For example, Jane sends Bob an email message saying “Attached is my public key.” Bob then sends Jane an email saying “Here is my public key.” So Bob and Jane can now use these asymmetric keys to securely send a symmetric key. The symmetric key can then be used to encrypt and decrypt the file data. However a couple of days later Bob gets another email message from Jane saying ”New public key attached.” What should Bob do? Ironically at the same time Jane has receive an email from Bob saying ”New public key attached.” Let's say they both believe it is real. However, neither sent the keys.
A bad guy, intent on reading their encrypted data, sent these keys out. Jane uses the new Public key from Bob to encrypt the symmetric key and sends it out. The bad guy sees it and uses the fake private key he created for Bob to decrypt the symmetric key from Jane and store it. Then he uses the fake private key for Jane to encrypt the symmetric key and send it to Bob. Bob uses the fake public key from Jane and decodes the symmetric key. Now Jane and Bob think they are the only ones with the symmetric key and start sending encrypted messages. However, the bad guy also has the symmetric key and can also decode the data too.
What was needed was some way of validating that the public key came from the person that claimed it. The concept of a digital certificate resolves this challenge. A company called a Certificate Authority sets up a way to validate user identity. They send out their public key to everyone who trusts them. The users then send their public key to the CA. The CA verifies their identity and encrypts their public key with the CA private key. The resulting file is now sent out in lieu of a public key. When the recipient receives it they decrypt it with the CA public key and get the validated user's public key. The user public key that was encrypted with the CA private key is called a digital certificate. This is used in HTTPS web connections.
A website owner will generate their Public/Private key pair. They will send it, together with the required documentation, to a digital certificate provider. (There are many out there; just search the Internet.) The digital certificate provider, after authentication, sends back the digital certificate. The web site owner can now set up an HTTPS web site. The digital certificate is sent to the web site user. If the public key of the CA is loaded into their browser, then the website Public key is extracted automatically. The website can now use their private key to send symmetric keys to encrypt the data. A secure channel can now be established. Plus, the website user can also use the digital certificate to validate the website address.
April 01, 2015
River cruiser to ferry MPE exokernel mission
An obscure, elite set of EU computer scientists will tackle the looming challenge of slimming down the 3000's operating system this summer, working aboard a cruise ship plying the waters of Europe's river system. The fledgling coalition of seasoned developers will occupy the Norwegian Avignon Passion II on a route between Budapest and Prague, taking on Eastern Bloc developers at Regensburg, Melk, and Roth along the Danube.
The design team's leadership said they were inspired by the Salesforce Dreamforce cruise liner accommodations at this summer's conference. That 135,000-attendee event will handle some needs for lodging and services from the Celebrity Eclipse. The design team will go the next step and cast off its lines in Central Europe, rather than stay tethered to a pier of prior engineering.
"There's nothing we'll want for while we're afloat," said Jean Noosferd, the group's managing director. "It's just us, three million lines of code, and the passion we have to make MPE as popular as Linux." Microkernels for Linux are lifting the popularity for these slimmed-down instances of an OS.
Working from the concept of an exokernel — MIT designs that are much smaller than a normal kernel such as MPE/iX's current monokernel design, and even smaller than a microkernel — the group will leverage the work of open source teams such as the Polish-based Pjotr Mandate. The object is to reduce the installation and management footprint of PA-RISC-ready operating systems. If successful, the development cruise will dock at Prague and release its team of scientists.
"If not, we sail back to Budapest and rework our designs," Noosferd said. When a new version of MPE emerges from the work, the Passion II will remain afloat to preserve the legality of an adapted and enhanced 3000 OS. The software will be sold and distributed using cloud-based Moonraker servers. HP's restrictions on the MPE source code prohibit new versions to be released in any country. "We'll be sailing between countries," Noosferd said. "International law is in force, and so intellectual property ownership will be preserved."Operating in close quarters, the set of scientists will be using small teams, the organizational structure that gave the world the initial breakthrough of MPE. "We all believe in mono-tasking," Noosferd said. "Small teams and small projects are beautiful, and working from staterooms aboard the Passion II will squeeze the best from us. It's like the quote from William Morris, 'Have nothing in your houses that you do not know to be useful, or believe to be beautiful.' We'll have nothing aboard but bytes and brains." Noosferd said that rumors of powering the developers on a steady diet of Beluga caviar are "as outlandish as running a 3000 from an iPhone."
Like an exokernel, which delivers more direct access to a computer system's hardware, the development cruise will remove most distractions. "Unlike that Dreamforce ship, we won't be released to the sea," Noosferd said. "Like MPE's community, we respect boundaries, such as those riverbanks along our path."
The original MPE was designed to operate in a tiny 64KB memory space. If successful, the entire instance of what being called MPE-ExO could fit on an HP Moonshot micro-server. That low-cost hardware has been promoted as a hosting platform for hyperscaled processor computing. Intel's Atom processors — so-named because of their size — are the workhorses of Moonshot.
March 13, 2015
Fiorina campaigning again, against Clinton
Former HP CEO Carly Fiorina pushed herself to the front of news again, as a story in the New York Times chronicled her campaign against former Secretary of State Hillary Clinton. Fiorina has spent the last several years aiming criticism at Clinton, including a recent swipe that attempts to smear Clinton's travels around the world.
"Like Hillary Clinton, I too, have traveled hundreds of thousands of miles around the globe," Fiorina said, "but unlike her, I have actually accomplished something.” The claim recalled memories of Fiorina's most lasting accomplishment from her HP days: hawking a merger that pushed out the values and influence of the Hewlett family.
Thirteen years ago this week, a raucous stockholder showdown in Delaware ended with Fiorina's forces victorious, approving the Compaq merger. Walter Hewlett, son of HP founder Bill Hewlett, contested the vote in a lawsuit. HP directors on Fiorina's team responded by refusing to nominate Hewlett to keep his seat on the HP board.
Many actions of that period were designed to make HP bigger. Low-growth product lines were cut or de-emphasized, most particularly in the HP 3000 world. Despite the efforts to puff up HP, though -- and continue revenue growth to satisfy shareholders -- the plan had no effect on stock value. By the time Fiorina was fired in a board move -- 10 years ago this month -- HP shares sold in the low $20s, just as they did on the day of that Delaware merger victory.
Those inflated accomplishments of her go-go strategy were not misunderstood by the Times writer. "Her business career ended... in one of the more notorious flameouts in modern corporate history," Amy Chozick wrote today. "After orchestrating a merger with Compaq that was then widely seen as a failure, she was ousted in 2005."
The failed merger with Compaq did give HP a product with some foothold in 3000 migration projects, though. The ProLiant servers from Compaq are competitive with Dell and Lenovo systems for installations of Windows Server, the most-chosen alternative to HP 3000s.
Fiorina's tone has been strident, much as it was during her tenure when the 3000 was cut loose by HP. She's most recently tried to assert Clinton has stolen concepts and intellectual property from her.Pushing onward without regard for reality was among the things that got Fiorina fired 10 years ago. HP's board had trouble getting her to relinquish controls that might've tempered her mission to acquire corporations. In her Clinton attacks, Fiorina claims the title of the autobiography she wrote, Tough Choices, was appropriated by Clinton when the former First Lady wrote Hard Choices.
A Twitter image on a Fiorina feed posted the covers of the books side by side. There's also the former CEO's claim that a Clinton speech to female tech professionals, saying that women can "unlock our full potential," is a theft of Fiorina's Unlocking Potential Project.
The Times article, as critical of Fiorina as the former executive has been of Clinton, prodded that claim, too. "Fiorina came in for some derision on The Huffington Post, which recounted the tussle under the headline “Overused Management Bromide Now The Exclusive Property of Carly Fiorina, Apparently.” "
The CEO who led the HP which cut off its 3000 plans has many critics in the community to this day. The impact of a rush to expansion kept HP off its legendary game of R&D, according to HP's former VP of Software Engineering Chuck House. OS marvels of their day like MPE don't flow out of HP labs any longer.
A recent $2.7 billion acquisition of Aruba Networks is the latest HP purchase, buying technology that promises a cutting-edge firewall to enable mobile enterprise computing with the Aruba Mobility-Defined Network. HP says the deal "positions Hewlett-Packard to accelerate enterprise transition to a converged campus network." It's also about 90 percent smaller than the Compaq merger — more in line with the reduced HP of today.
March 10, 2015
Size matters not: Gigaom blog folds fast
News surfaced this morning about the landmark tech blog Gigaom. The New York Times reports that the massive operation switched off its news reporting in a rush sometime yesterday. The halt of news and postings was as swift as the one Interex experienced almost 10 years ago. Like the user group's demise, unpaid bills were Gigaom's undoing.
Gigaom was big enough to produce conferences. It also offered a white-paper research business. And like the NewsWire, it sold advertising. None of that was enough to keep away Gigaom's creditors. In an echo of what happened at the 3000's final user group that focused on the server, big was no protection against borrowing.
The Times story quoted the site's founder Om Malik in a confirmation statement. "Gigaom is winding down and its assets are now controlled by the company’s lenders,” he said. “It is not how you want the story of a company you founded to end."
One commenter asked, "What does this mean for upcoming events like GigaOM Structure Data next week?" Indeed, like the Interex meltdown, GigaOm has many commitments to keep and by now the lenders are taking control of operations. The scope of failure is similar to the HP World show that never opened in August, 2005. More than $300,000 in tickets were sold to this month's GigaOM conference. There's no word on refunds. For the moment there's no announcement of bankruptcy, though.
All-digital was the only platform GigaOM ever used to spread information. One comment suggested that tech journalists are writers who couldn't make it elsewhere in publishing. That's too broad a brush considering the number of online tech writers. But it's easy to fill a digital outpost with opinions and little news.
The caliber of content is important. So is a manageable mission. Being small and profitable has been the watchword for nearly all of the 3000 vendors and companies since I got here, more than 30 years ago. All of us have been managing risk in what's clearly a contracting market. Gigaom's shutdown is the sort of outcome an IT manager might experience if an app vendor went dark overnight.Unlike Interex, the Gigaom site remains online today, filling up with comments from its loyal readers. Some are dancing on the blog's grave. Gigaom opened for business a year after we started the NewsWire's blog. The changes in the Web publishing model have been profound -- and that's in a marketplace with new technology and systems rollouts.
About a year ago, the blog's founder Om Malik announced he'd reeled in a fresh $8 million of funding for his operations. He also joined the venture fund investment company, "and so I'm hanging up my reporter's notebook." It's an interesting image, that hanging up of a notebook. We don't wear hats any longer in the press like reporters did in the Fifties. But really, you file away notebooks, and the research and learning that started in notebooks at GigaOM will remain online for awhile. That's one advantage of being all-digital: what you provide is a legacy that needs little more than a hard drive and a Web address to survive.
Anyone who writes news for a living might see the fatigue in Om's notebook-hanging of one year ago.
Living a 24-hour news life has come at a personal cost. I still wake in middle of the night to check the stream to see if something is breaking, worrying whether I missed some news. It is a unique type of addiction that only a few can understand, and it is time for me to opt out of this non-stop news life.
Malik had a lot in orbit, so the crash will sound large. Smaller blog ventures will create more stories starting today. Yoda's line from the Empire Strikes Back rings out at me this morning. "Size matters not," he told Luke. "Judge me by my size, do you? And well you should not. For my ally is The Force." We can all feel The Force when we feel small -- in markets, in futures, in whatever we would like to dream.
February 27, 2015
Dow hits record while HP shares fall out
On the day the Dow Jones Industrial Average reached a record pinnacle, Hewlett-Packard released quarterly results that pushed the company's stock down 10 percent.
HP is no longer in the Dow, a revision that the New York Stock Exchange made last year. HP is revising its organization this year in preparing to split in two by October. The numbers from HP's Q1 of 2015 indicate the split can't happen soon enough for the maker of servers targeted to replace HP 3000s. The company is marching toward a future more focused on enterprise systems -- but like a trooper on a hard course, HP fell out during the last 90 days.
HP said that the weakness in the US Dollar accounted for its overall 5 percent drop in sales compared to last year's first quarter. Sales would have only fallen 2 percent on a constant-currency basis, the company said. It mentioned the word "currency" 55 times in just its prepared marks of an earnings conference call this week. The 26.8 billion in sales were off by $1.3 billion on the quarter, a period where HP managed to post $1.7 billion in pre-tax earnings.
That $1.7 billion is a far cry from Apple's $18 billion in its latest quarter profits. HP's arch-rival IBM is partnering with Apple on enterprise-caliber deals.
Meanwhile, the still-combined Hewlett-Packard has rolled from stalled to declining over the last 18 months, which represents some of the reason for its bold move to split itself. "Enterprise trends are set to remain lackluster absent a transformative acquisition," said one analyst while speaking to MarketWatch this week. Two-thirds of the $5.5 billion in Printing came from supplies. Ink is still king in the printing group
Industry Standard Systems (Intel-based Windows servers) provided the lone uptick in the report. Sales of products such as the newest Gen9 ProLiants lifted the revenues up 7 percent compared to the Q1 of 2014. HP is ready to take advantage of upcoming rollovers in Windows Server installations.Results from the Enterprise Group delivered another chorus of downbeat numbers for the Business Critical Systems operations. The group where HP's Unix and VMS enterprise servers are created saw its sales fall 9 percent from last year's Q1. Of course, that period showed a revenue drop as well. BCS operations -- where the HP 3000 resided when it was a Hewlett-Packard product -- haven't seen any recovery in more than two years.
BCS results have been so consistently poor that HP considered that 9 percent drop a good sign. "We also saw some recovery in business-critical systems," said CFO Cathie Lesjak, "with revenue down only 7 percent in constant currency or 9 percent as reported."
Lesjak pointed out to the analysts on its conference call that hardware such as the Integrity HP-UX servers are vulnerable to the value of the US Dollar.
Our personal systems and our Enterprise Group hardware businesses have very little in natural hedges, as our component contracts are typically in US dollars. As a result, these businesses are disproportionately impacted by currency movements. However, we do have some ability to increase pricing in response to currency movements, while being mindful of competition and potential negative impacts to customer demand.
HP is expecting all of the 2015 hardware growth in the Enterprise Group to come from its Gen9 lineup of ProLiant systems. Windows Server 2003 has an expiration date for its support coming up in July, an event that HP believes will give it some fresh wind in its enterprise sales.
"I think we are really well positioned to take advantage of Windows 2003 refresh, just as we were from the XP migration and the PC business," said CEO Meg Whitman. "I think we feel really pretty good about that business for the reminder of the year. And I think we are very well positioned .and the Gen9 server was dead-on, from the market perspective."