June 10, 2016
What A Newer MPE/iX Could Bring
What would HP 3000 owners do with a new MPE/iX release, anyway? On some IT planning books, the frozen status of the operating system counts as a demerit in 2016. Even still, enterprise system managers in other HP-sold environments face a nearly-glacial pace of OS upgrades today. Even while paying for HP’s support, the VMS system managers are looking at a lull.
HP says it still cares about OpenVMS, but that OS has been moving to a third party. Support from a system maker still looks newer and shiny to some companies than the independent support managers available from third parties like Pivital. As it turns out, though, it’s that frozen-as-stable nature of MPE/iX which makes third party support just as good as HP’s—back when you could get support from HP.
“MPE's so solid,” Doug Smith said in a recent interview, “and these applications have been out there forever. There’s not a huge concern out there in the community about needing to have a new release of MPE.” Smith leads the way for Charon emulator installs at 3000 sites.
OpenVMS roadmaps were updated this week. The map shows how slow OS updating can proceed.HP’s more current Poulson Itanium-based Integrity servers now can run OpenVMS, thanks to a springtime release of OpenVMS 8.4.2. There will still be Kittson-based Integrity servers outside the OpenVMS reach, though. These incremental VMS releases are proving that a third party can assume engineering duty for an OS. Linux showed the way for such duty long ago. That OS, however, was never a trade secret inside a system vendor’s labs.
The most cautious 3000 manager didn’t take updates of MPE/iX, in the years HP released them, unless there were essentials inside the new release. That decision point is no longer an issue with 3000 sites. Instead, MPE/iX is getting its newer-gen speed engineering through the Charon solution. Whenever there is a new Intel chipset that can run Linux, the speed of MPE/iX gets a boost.
A third-party OS lab won’t be the crucial element in driving MPE/iX faster. Charon emulates hardware that is not going to change: PA-RISC and the classic 3000 peripherals. VMS Software Inc. is revising an operating system. There’s much more testing needed to do this revision. It’s the cost of those new OS releases.
The newest OpenVMS will arrive in August, according to the VMS Software roadmap. One major advantage the new release brings will be a modern OpenSSL protocol version. It took awhile, and ultimately a third party, to make it so. Until VMS Software got its hands on VMS, the enterprise OS was working with the 0.9.8 SSL release. After more than seven extra years of HP labs support than MPE/iX had received, VMS was just two minor increments newer than the SSL the 3000s can still run: 0.9.6.
If vendor support for an OS is supposed to be so important, we asked up at the beginning, then why is an enterprise HP system so far behind current protocols as OpenVMS? Rethinking the impact of vendor support led many 3000 sites to independent support arrangements for MPE/iX. With the indie MPE/iX support and static OS status proven as a stable combo, it’s the hardware performance that can make strides. The MPE/iX community doesn’t need an OS lab to boost performance. Support for SSL security needs to be moved along, yes. The 3000 community, however, long ago learned to lean on environments like Unix and Linux for highly-secured functions.
Meanwhile, faster hardware support for OpenVMS turns out to be a feature that MPE/iX gained first. VMS Software says it's now working on an Intel-based release of the OS, with a target shipment sometime in 2018. By that date, the virtualized hardware for MPE/iX will have had two additional years of speed upgrades from Intel. MPE/iX already runs on the x86 family in virtualized mode. Integrity is tied to a chip that's now in maintenance mode at Intel. With the 3000 virtualized hardware speeding up, and the OS hosted in a Linux cradle which sports the latest in security protocol support—remind me again what MPE/iX 8.0 would've brought us?
Get e-mail notice when the NewsWire blog gets a new entry. Just say "Blog Me" in a message to firstname.lastname@example.org.
April 08, 2016
Hardware's emulation puts software at ease
In the earliest days of the 3000's Transition Era, advocates for MPE/iX formed the OpenMPE user group. But the first campaign for these engineers (and a few businesspeople) was for the emulation of MPE itself. The ideal was that if MPE/iX source code could be turned over to the community -- since HP had no real interest in the future of the 3000 -- then the OS and its subsystems would be pushed onto newer hardware.
The ideal was open source for MPE/iX. That campaign assumed plenty of change was in the future of 3000-based software. The reality that formed about compatibility of software is illustrated in the everyday experience of Charon users.
One checked in this month with a summary of how smooth his software slipped into the Charon HPA environment. The emulation that paid off was virtualizing the RISC hardware. The caliber of the solution made things easy for Jeff Elmer.
The report was sparked by a question about whether the Speedware 4GL suite was in production in a Charon site.
I can say that since what is emulated is the PA-RISC hardware and not MPE, it seems unlikely that there would be any software incompatibilities. Everything we use (multiple third-party tools plus in-house COBOL/IMAGE software systems) just worked. It really was true that no one would have noticed a difference unless we told them.
The single item that we had to modify was in our backup job stream. We had a tape rewind command in the job that was no longer needed and which the emulator at that point (in 2013) did not understand. The "fix" took less than 60 seconds when I removed that clause from the job.
In summary, I would expect Speedware to work without incident but I couldn't speak to what combination would provide optimal performance (that is, which class HP 3000 should be emulated or what physical hardware should be under it). We spent a long time testing the emulator without charge before we proceeded with the purchase. I would think the possibility exists that Stromasys would extend a similar courtesy to you so that you could find out first hand with your data in your environment.
In fact, there's a Proof of Concept arrangement that Stromasys uses today to introduce its product for this kind of evaluation.
April 01, 2016
MPE source code ID'ed as key to encryption
In a news item that appeared in our inbox early this morning, the researchers at the website darkstuff.com report they have identified the key algorithm for iPhone cracking software to be code from the 1980 release of Q-MIT, a version of MPE. The iPhone seized as part of an FBI investigation was finally cracked this week. But the US government agency only reported that an outside party provided the needed tool, after Apple refused to build such software.
The specific identity of the third party firm has been clouded in secrecy. But the DarkStuff experts say they've done a reverse trace of the signature packets from the FBI notice uploaded to CERT and found links that identify Software House, a firm incorporated in the 1980s which purchased open market source code for MPE V. The bankruptcy trustee of Software House, when contacted for confirmation, would not admit or deny the company's involvement in the iPhone hack.
A terse statement shared with the NewsWire simply said, "Millions of lines of SPL make up MPE, and this code was sold legally to Software House. The software does many things, including operations far ahead of their time." HP sold MPE V source for $500 for the early part of the 1980s, but 3000 customers could never get the vendor to do the same for MPE/iX.
Lore in the 3000 community points to D. David Brown, an MPE guru who ran a consulting business for clients off the grid and off the books, as the leading light to developing the key. An MPE expert who recently helped in the simh emulation of Classic HP 3000s confirmed that Brown's work used HP engineering of the time in a way the vendor never intended. Simh only creates a virtualized CISC HP 3000 running under Linux, so MPE V is the only OS that can be used in simh.
"Lots of commented-out code in there," said the MPE expert, who didn't want to be named for this story. "Parts of MPE got written during the era of phone hacking. Those guys were true rebels, and I mean in a 2600-style of ethics. It's possible that Brown just stumbled on this while he was looking for DEL/3000 stubs in MPE."
The FBI reported this week that its third party also plans to utilize the iPhone cracker in two other cases that are still under investigation. Air-gapped protocols were apparently needed to make the MPE source able to scour the iPhone's contents, using a NAND overwrite. The air gapping pointed the DarkStuff experts toward the HP 3000, a server whose initial MPE designs were years ahead of state-of-the art engineering. "Heck, the whole HP 3000 was air-gapped for the first half of its MPE life," said Winston Rather at DarkMatter. "It's a clever choice, hiding the key in plain sight."
March 11, 2016
New 3000 simulator looks back, not ahead
Community members on the 3000-L newsgroup have been examining a new entry in the emulation of HP hardware. However, this simulator creates a 3000 under Windows that only runs MPE V. The MPE version of SIMH — a "highly portable, multi-system simulator" — is a Classic 3000 simulation, not something able to run PA-RISC applications or software.
Some 3000 users are embracing this software though, maybe in no small part because it's free. It's been more than 15 years since HP supported MPE V and the CISC-based systems that launched the 3000 line starting in 1972. One of the experts in PA-RISC and MPE/iX computing, Stan Sieler, briefed us on what this freeware simulator can do, and what it cannot — in addition to not running MPE/iX.
Currently only Charon from Stromasys runs PA-RISC. Thus, the SIMH runs only the Classic HP 3000. At the moment, it’s an old version of MPE V (Q-MIT, release E.01.00)
And, the machine probably has no networking support. It probably has some kind of serial datacomm support, but I haven’t looked at that yet (all my use has been via the simulated console, LDEV 20).
I’ve put several hundred CM programs on the “machine” to see which will load and run. Many won’t, because they use newer features (e.g., FLABELINFO intrinsic which came out on the T-MIT with the Mighty Mouse).
So, you ask, can you put a newer version of MPE V on the emulated 3000?
The answer is, I don’t know. If I recall correctly, the machine isn’t emulating (yet) the “Extended Instruction Set,” but the authors claim MPE has a run-time emulator for them, so perhaps that won’t be a problem.
It comes with a version of MPE V, if you download the two packages that the release notes file mentions.
It’s fast. On my Mac, it runs CPU bound stuff about twice as fast as a 400 MHz HP 3000 would.
This is classic software running on classic hardware, so it's strictly for the hobbyist. Or someone who still has MPE V apps running their company. The software is downloadable from Trailing Edge in a pre-compiled .exe file.
The discussion has already generated 40 messages on the 3000-L, easily the biggest discussion of the year.
February 29, 2016
Making the Years Count in One that Leaps
He was once the youngest official member of the 3000 community. And for a few more years, he still has the rare distinction of not being in his 50s or 60s while knowing MPE. Eugene Volokh celebrates his 48th birthday today. The co-creator of MPEX must wait every four years to celebrate on his real day of birth: He was born on Feb. 29 in the Ukraine.
Like the HP 3000 and MPE itself, years do not appear to weigh heavy on the community's first wunderkind.
Although he's no longer the youngest 3000 community member (a rank that sits today with Myles Foster, product manager for MB Foster in this first year after his recent double-degree graduation from Carleton University) Eugene probably ranks as the best-known member outside our humble neighborhood. He built and then improved MPEX, VEAudit/3000 and Security/3000 with his father Vladimir at VEsoft. Then Eugene earned a law degree, clerked at the US 9th Circuit Court, and went on to clerk for now-retired US Supreme Court Justice Sandra Day O'Connor -- all en route to his current place in the public eye as go-to man for all questions concerning intellectual property on the Web and Internet, as well as First and Second Amendment issues across all media.
Eugene's profile has risen enough since his last birthday that the Associated Press included him in its latest "Born on This Day" feature. He's appeared on TV, been quoted in the likes of the Wall Street Journal, plus penned columns for that publication, the New York Times, as well as Harvard, Yale and Georgetown law reviews.
When I last heard Eugene's voice, he was commenting in the middle of a This American Life broadcast. He's a professor of Constitutional law at UCLA, and the father of two sons of his own by now. Online, he makes appearances on The Volokh Conspiracy blog he founded with brother Sasha (also a law professor, at Emory University). Since his last birthday, the Conspiracy has become a feature of the Washington Post.
In the 3000 world, Eugene's star burned with distinction when he was only a teenager. I met him in Orlando at the annual Interex conference in 1988, when he held court at a dinner at the tender age of 20. I was a lad of 31 and people twice his age listened to him wax full on subjects surrounding security -- a natural topic for someone who presented the paper Burn Before Reading, which remains a vital text even more 25 years after it was written. That paper's inception matches with mine in the community -- we both entered in 1984. But Eugene, one of those first-name-only 3000 personalities like Alfredo or Birket, was always way ahead of many of us in 3000 lore and learning.Burn Before Reading is part of a collection of Eugene's Thoughts and Discourses on HP 3000 Software, published by VEsoft long before indie publishing was so much in vogue. (We've got copies of the 4th Edition here at the NewsWire we can share, if you don't have one in your library. Email me.) The book even had the foresight to include advertisements from other members of the 3000 indie software vendor ranks. His father reminded me this month that the Russian tradition of Samizdat was a self-publishing adventure born out of the need to escape USSR censorship. These Russians created an enterprise out of the opportunities America and HP provided in the 1970s, when they emigrated.
Eugene got that early start as a voice for the HP 3000 building software, but his career included a temporary job in Hewlett-Packard's MPE labs at age 14. According to his Wikipedia page
At age 12, he began working as a computer programmer. Three years later, he received a Bachelor of Science degree in Math and Computer Science from UCLA. As a junior at UCLA, he earned $480 a week as a programmer for 20th Century Fox. During this period, his achievements were featured in an episode of OMNI: The New Frontier.
His father Vladimir remains an icon of the 3000 community who still travels to consult in the US, visit some of the VEsoft customers to advise them on securing and exploiting the powers of MPE. The Volokh gift is for languages -- Vladimir speaks five, and Sasha once gave a paper in two languages at a conference, before and then after lunch.
At 37,000 words, a single Q&A article from Eugene -- not included in the book -- called Winning at MPE is about half as big as your average novel. The papers in Thoughts and Discourses, as well as Winning, are included on each product tape that VEsoft ships. But if you're not a customer, you can read them on the Adager website. They're great training on the nuances of this computer you're probably relying upon, nearly three decades after they were written. Happy Birthday, young man. Long may your exacting and entertaining words wave.
January 20, 2016
Pricing, Value, and Emulating Classics
Editor's Note: Yesterday we ran a story about the impact of proprietary software lock-in, as reported from a manager's office where HP 3000s still do their work. Amid that story was a quote about predaceous pricing (love that word), the act of outre increases to the cost of emulator MPE server solutions because of upgrade charges. It's blocked several adoptions of Charon HPA, even among managers who love the ideal of non-HP hardware that keeps MPE apps alive. Tim O'Neill wrote the following editorial, prompted by our article. Although companies do need to generate capital to keep supplying software, the matter of how much to charge for a shift to an emulator remains a flash point.
Editorial by Tim O'Neill
James Byrne brings up important point about proprietary software running proprietary hardware: it enabled predatory pricing, both by HP and by third parties.
At this stage, it appears that Charon could be bought affordably, but the problem is the third parties' still seeing the opportunity to gouge existing customers.
This is why businesses become former customers and change to shareware and open source operating systems and databases, e.g. Linux and open database systems like Postgres. There are still costs as a part of such a change. They might need to hire more in-house staff to do what HP and third parties used to do for that one huge cover-all price. It might not be wise to entrust critical applications to shareware, but are customers avoiding doing so?So the huge predatory prices were not without value. This is not to say I defend them.
That said, it is still shameful that at this point, third parties are unwilling to honor their customers' long history of loyalty, by requiring emulator relicensing. These third parties should realize that they might realize longer-term benefit by keeping their customers, not driving them away.
It would be interesting to compute the price and valuation of HP stock since the point just before they announced the death of its MPE business, through the split in 2014. One might be able to say that the company's value has fallen without MPE. It may fall further when OpenVMS is eliminated and when HP-UX is not marketed, not enhanced, not written for any CPU other than HP's own Itanium, and not licensed at prices that are fair to customers.
January 15, 2016
Competitive upgrading lives on for 3000s
In the 1990s, HP contracted to send its ODBC middleware development to MB Foster. The result was ODBCLink/SE, bundled into MPE/iX from the 5.5 release onward. The software gave the 3000 its first community-wide connection to reporting tools popular on PCs. HP decided that the MB Foster lead in development time was worth licensing, instead of rebuilding inside the 3000 labs. Outside labs had built parts of the 3000's fundamental software before then. But ODBCLink/SE was the first time independent software retained its profile, while it was operating inside of the 3000's FOS. Every 3000 running 5.5 and later now had middleware.
Other ODBC solutions were available in that timeframe. Minisoft still sells and supports its product. That's one reason why MB Foster's running a competitive upgrade offer for users of the Minisoft middleware. The upgrade was announced yesterday. 3000 owners who make the switch from Minisoft for IMAGE ODBC to Foster's software will get a full version of UDALink for the cost of only the annual support payments.
This kind of competitive offer was one of Minisoft's sales tools while it competed with WRQ for terminal emulation seats. There was a period where NS/VT features were not a part of every Reflection package, but were a staple in the Minisoft MS/92.
Foster's ODBC software has been extended to use 64-bit ODBC drivers, embrace Suprtool's Self Describing Files, and more. UDALink was a part of the migration that the Washington State community college consortium pulled off in 2011 when it moved 34 systems to Unix. The vendor has continued to develop to make a state of the art middleware solution.
Almost as notable: seeing MB Foster compete for business like vendors did routinely in the 1990s. The upgrade offer tells us that there are 3000 sites out there still looking to extend their development cycles. UDALink is also built for platforms other than the 3000, but any outreach to capture MPE/iX customers is news here in 2016. Chris Whitehead is fielding the calls and emails for the upgrade offer, which runs through June of this year.
January 14, 2016
HP's 3000 now at $149 until Sunday
Google is happy to trawl the Web for HP 3000 news, a search that I've had in place for the past 10 years. I receive a lot of notices about horsepower of auto engines (the HP) and a few about printers. But today a link showed up that features a computer called the HP 3000, currently selling for $149 plus shipping.
There are a few unique and important qualifiers. To start, this is an HP3000 model with an Intel server, literally a PC powered by an Xeon X3330 CPU at 2.8 MHz. That's a quad-core processor, though, and the box is already loaded with 4GB of memory. (It's a start, but nowhere near enough RAM to power software such as, for instance, the Stromasys Charon HPA emulator.)
In short, this is an HP3000 built by Hewlett-Packard that can run MPE/iX, but does not use PA-RISC. Hewlett-Packard Enterprise has not restricted the use of "3000" to the PA-RISC servers well-loved by the MPE community. Over on the HP Inc. side, there's a large-scale printer also called an HP 3000.
This HP3000 running a Xeon chip has another, less significant qualifier. It's being sold by a New Zealand owner on TradeMe.co.nz, "Where Kiwis Buy and Sell." And the shipping options don't go beyond Auckland, or the North and South Islands.
However, this TradeMe model might be something that could be shipped to the 3000 stalwarts Ken and Jeanette Nutsford. The former chairs of SIGRAPID and SIGCOBOL still live in NZ, when they're not gadding about the globe on their epic cruise calendars. Their total mileage easily runs into the hundreds of thousands. Trans-Pacific flights are embedded in their history. So perhaps the 6,693 miles to the US is not completely out of reach, in a hop. The Nutsfords travel regularly to the US, and this PC looks like it would be cargo-bay ready.
Yes, you could file this article under clickbait. It's an online auction after all, and $149 is only today's price. However, if you consider your systems to be MPE/iX servers by now, rather than the Hewlett-Packard PA-RISC 3000 hardware that hosts that OS, this is technically a server that can run your apps.It will require an installation of the HPA emulator, which at last report started at $9,000 for A-Class power. The combination can be compared to A-Class boxes that sell for under $2,000, but those include few options to increase speed. The A-Class had a 2-CPU model running at 220 MHz. There's genuine, hard limits on RAM.
You don't have to go to New Zealand to get this kind of HP3000, although this one looks ready to boot up and run. This ProLiant blade-caliber box does illustrate how much hardware remains in the world that can run MPE/iX software. If a manager's concern is the reliability of the HP hardware that's at least 12 years old -- the last server was built in 2003 -- this leaps over that hurdle to homesteading.
January 07, 2016
TBT: Client Systems wanted, or missing?
In a routine check of what's available to help 3000 managers, over the holiday break I poked into a few Web locations to see where HP's Jazz papers and software were still hosted. Links from 3k Associates to those papers came up empty when they directed to the Client Systems website in late December. From all reasonable research, it appears the company itself may have gone into the everlasting shadows.
Many 3000 customers never did business directly with Client Systems, but the company had a hand in plenty of official 3000 installations. The vendor rose in community profiles in the late 1990s when HP appointed the firm its lone North American HP 3000 distributor — meaning they stocked and configured systems destined for companies around the continent. Thousands of servers passed through the Denver offices, each assigned the unique HPSUSAN numbers as well as the official HP CPUNAME identifiers that made a 3000 a licensed box.
That official license became a marketing wedge for awhile. We'd call it an edge, but the company's claim that re-sold 3000s from anywhere else could be seized by the FBI was designed to drive used systems away from buyers. There was never anything official about the FBI claims passed along by the company then. But in the era of the late '90s, and up to the point where HP pulled its futures plug, buying a 3000 included a moment like the ones from WW II movies: "Let me see your papers," an HP support official might say.
This was the strike-back that Hewlett-Packard used to respond with after widespread license fraud ran through the marketplace. By 1999 lawsuits claimed that a handful of companies had forged system IDs on PA-RISC hardware. A low-end L-Class box could be tricked up as a high-end 3000, for example. To push back, after the HP lawsuits were settled or had rulings dispensed, Client Systems started Phoenix/3000, something like an automaker's official resale lot.
Client Systems did lots of things for the marketplace much more laudable, operating a good technical services team that was upper-caliber in its depth of hardware knowledge. At its peak, the company provided 3kworld.com, an all-3000 portal in the days when portals were supposed to be important on the Web. The company was a partner with the NewsWire for several years, as we licensed our stories for use on the free 3k World website. 3kworld.com folded up, but the current clientsystems.com site still has Jazz tech information available, at least as of today.
Over the last two weeks we've received email bounces, even while the website is online. The whois information points to one physical address of a personal injury attorney's practice in Seattle. Our phone calls have gone unreturned, and we're not the only ones. Pivital Solutions, one of the last standing official HP resellers in that time when such things existed, still serves 3000 customers with hardware and support. Pivital's president Steve Suraci also has searched to find a light on."I tried back in the September timeframe to get in touch with anyone there that would answer the phone," Suraci said. "I left messages and re-tried for weeks and finally gave up on them." He wondered who might be picking up the pieces of whatever the company was doing at the end."
It can be tricky to confirm a death notice for a company. Unless the principals deliver the news, a demise can be creeping. Suraci said he was reaching out to buy something that only Client Systems ought to be able to sell: a license upgrade, even in 2015.
I had a customer that was looking for some hardware that I was have trouble sourcing. I was also looking into the possibility of purchasing an upgrade license for a customer for TurboStore to the version that included the ONLINE option. When you don't get a call back on something that should be easy money... it probably means a bigger problem!
The website's reappeared recently, so perhaps this is a Mark Twain moment (reports of my death have been exaggerated) for Client Systems. It's the phone calls that look like they confirm the fading lights. One other pertinent address in the whois file lands at a single-family house in Colorado. To be honest, so does the address for the NewsWire, but we've always been a home-based business and never needed warehouse and office space. Stories and papers don't take up that much space.
Things were so much different back in the time of FBI threats. One meeting at that Denver HQ included some arch banter between us about relative size of companies. The NewsWire was, it appeared to one staffer, "just a lifestyle business." Guilty: The NewsWire has been a part of our lifestyle a long time. Hard to think of it any other way when the office is on the other end of your single-family home. We all laughed, some more than others. This week it's looking like lifespan, instead of lifestyle, is what could be measured. Nobody's dancing on a grave yet. We're not a community that embraces loss.
January 04, 2016
Accident claims WRQ founder Doug Walker
Doug Walker, the man whose brilliance and energy helped found the 3000 community's largest connectivity vendor WRQ, died over this past holiday weekend in an accident on a Washington state snowshoe trail on Granite Mountain. Walker, 64, is the first 3000 community member of wide renown to pass away by way of accidental death.
In the early 1980s when Walker — along with Mike Richer and Marty Quinn, the other two WRQ initials — joined forces with co-founder George Hubman, minicomputer access required hardware terminals. The advent of the personal computer had the potential to expand that access. The WRQ purple boxes carrying a manual and floppy disks for PC2622, software named after the HP 3000 terminal the product emulated, became a fixture in HP 3000 shops by the mid-1980s.
Walker was reported missing December 31 while snowshoeing on Granite Mountain. Search-and-rescue volunteers found his body the next day. The Seattle Times reported that Walker had been hiking with friends when winds intensified.
His companions decided to turn back and wait for Walker, who continued climbing. He likely was caught in an avalanche, according to the King County Sheriff’s Office.
“He has done this easily 200 times, he just does it for exercise,” said Karen Daubert, executive director of the Washington Trails Association and a close friend who has climbed the same route with Walker. “I have been up several times with Doug, including in winter.”
Close friends and partners expressed dismay at the loss of a man who'd devoted his life to philanthropy and mentoring after retiring from WRQ.
"Doug's death came as a shock and is a tragedy," said Hubman, who led the company's marketing and sales before retiring late in the 1990s. "It goes without saying that Doug was a genius. I often joked that if anyone could write a program that required no memory and no time to execute, it would be Doug."
Hubman said the success WRQ achieved — it was the largest single vendor of 3000-related software by seat installs, and was selling $100 million in software yearly when he retired — was put to good use in humanitarian causes that Walker continued to support.
Doug was a perfectionist and both demanded and inspired perfection. This was the quality that set our products apart from the competition and made my job so easy. In spite of his being demanding he was committed to a work environment that took into account the needs of our colleagues and their families.
I last saw Doug about a year and a half ago. We had lunch shortly after he had hip replacement surgery. He was anxious to get back to his first love, hiking and climbing. Doug, and his wife Maggie, will be remembered for the wide range of causes they supported.
Walker was at the White House two weeks ago to discuss private philanthropy to boost access to the outdoors for kids, according to the Times report. A quote from US Interior Secretary Sally Jewell said Walker was fond of talking as he hiked with her, ranging from Civil War history (he was a graduate of Vanderbilt) to puzzles in math (his degree) as well as Shakespeare trivia. In that last category, Abby and I saw his passion firsthand in 1993.
Walker had organized a small outing to see King Lear at Stratford-upon-Avon that summer, after a 3000 conference in Birmingham. Before the curtain rose on the show, he'd purchased a copy of the play in the gift shop and was reading it quickly, carrying the book into the theatre. Later, he'd located the Issac Asimov guide to Shakespeare and made it a gift to several of us in the party.
Birket Foster was a close ally of WRQ's, a leading reseller for the company in the Canadian market, as well as integrating its products in customer sites around the world.
"Doug was a brilliant scholar," Foster said. "He was humble and had a southern drawl, one that made him seem like one of the guys, even though he was the leader. Doug was a gentleman and was liked by all his colleagues and staff. Doug was the ultimate outdoorsman, and he hiked, climbed and kayaked with passion."
Doug will be missed by many people, myself included. I had the privilege of working with him closely back in the hay day of Reflection, MBFoster sold millions of dollars of Reflection. MBFoster ran a data communications conference for our customers at Carleton University where multiplexors, modems, and Reflection Scripts were used. We located IMACS (Which we had purchased from David Dummer) in the same complex as WRQ on Lake Union and Doug helped integrate DataExpress to use Host initiated Reflection based file transfer. In another project, team member, Larry Boyd, wrote PCPoll for me for use by a telecommunications manufacturer to poll the plants for orders using Reflection scripts and dialup modems.
Kevin Klustner was the COO of WRQ while Walker was with the company. He noted that passion was at Walker's heart even as he pursued the pastime that led to his demise.
"I was entranced by his broad and deep intellect," Klustner said. "And after 20-plus interviews, I had a good feel for the company he was building. So Maryann and I moved from California to Seattle for WRQ. Throughout my 11 years there, I learned that great companies can be built through thoughtfulness, empathy, inter-personal skills and a disdain for group-think."
Doug taught me that the single greatest asset of a company is its employees. And he proved that everyday with his commitment to spending time with everyone, talking about business, the Civil War, mountain climbing, anything history.
He engaged all of us. We are all lucky to have been influenced by this Renaissance man. One of his many legacies is the community of WRQ'ers who have made friendships, marriages, children, businesses and life experiences through the company that he, Craig, George, Mike and Marty built. Doug, you passed doing something you passionately loved. May we all learn from that.
In our 2005 interview with Walker, as he retired from WRQ, he said "I’m especially interested in the interplay between computing and biotech. We’ve cracked the genome and people are talking about a lot of sci-fi stuff with respect to biotech, but it’s really a compute-bound problem." We asked him about the fate of specialized computer environments in the years to come.
Must it all become Windows and Linux-based?
Single integrated monolithic systems are not the way of the future. The only way is to have differentiation, but it has to be based on some very common interfaces. In that sense, there is a role for things like MPE or VMS. Lots of forms of life have differentiation, but they all seem to have a cell structure. A common programming system, like DNA. You can have differentiation so long as you have integration.
You seem to have a biology example ready for lots of these points.
Biological programming has been going on a few million years longer than software programming. I’m just impressed by how much there is to learn there.
December 30, 2015
3000's '15 was littered with crumbs of news
It's the penultimate day of 2015, a date when summary and roundups prevail in the world of news. The year marked some milestones for the NewsWire, some losses of the community's oldest treasures, and one major breakup of an old flame. Here's a breadcrumb trail of stories of extra note, retold in the final stanza of the 3000's 43d full year serving businesses.
Checks on MPE's subsystems don't happen, do they? — We learned that HP's subsystem software doesn't really get checked by MPE to see if it's on a valid HP 3000 license. "None of HP's MPE/iX software subsystems that I've ever administered had any sort of HPSUSAN checks built into them," reported Brian Edminster, our community's open source software resource. Licensing MPE is a formality.
Virtualized storage earns a node on 3000s — A new SAN-based service uses storage in the cloud to help back up HP 3000s. The HP3000/MPE/iX Fiber SAN doesn't call for shutting off a 3000. It can, however, be an early step to enabling a migration target server to take on IMAGE data.
NewsWire Goes Green — After 20 years of putting ink on paper and the paper into the mails, we retired the print issues of the NewsWire and went all-digital. We also marked the 10th anniversary of service from this blog and waved a proud flag of history to celebrate our founding Fall of two decades ago. We miss the print, but you won't miss the news. Bless the Web.
Patches Are Custom Products in 2015 — HP licensed the MPE source code five years ago, and just a handful of elite support companies are using it to create customized patches and workarounds. If your support provider doesn't have a source license, it may be time to spruce up your provider chain.Still Emulating, After All of These Years — Several sites where the Stromasys Charon HPA emulator is working reported the solution is as stable and steady as ever, while others continued to emerge in the community. Even a 3000 using antique DTCs could be bought over to the light side of Intel-based virtualization.
N-Class 3000 now priced at $3,000 — The bottom-end price on the top of Hewlett-Packard's MPE hardware line approached the same number as the server. A $3,000 N-Class 3000, and later a $2,000 model, both appeared on the used marketplace. A fully-transferred license for a server could lift the prices, of course, for a persnickety auditor.
Big companies still use the HP 3000 — A reader asked for proof that large companies were still relying on the 3000, and we discovered more than you'd expect 12 years after HP stopped making the server. Publicly held companies, too.
Work launches on TurboIMAGE Wiki page — Terry O'Brien of DISC started up a new project to document TurboIMAGE on Wikipedia, an effort that drew summertime attention.
MANMAN vendor wants to run datacenters — Infor is still managing MANMAN support for 3000 sites. The vendor is encouraging all of its customers to turn over their datacenter operations to them.
Hewlett-Packard Enterprise trots out security in opener — The old flame that spurned the 3000's future ran into another kind of split-up when HP cut itself in two at the end of October. Hewlett-Packard Enterprise got custody of business servers and the support websites split up as HPE became the new name for that old flame.
Returning to Software, After Services — The most primal of the HP Platinum Migration partners, MB Foster, started to turn its focus onto data migration software for sale. The future of UDACentral lies in becoming a product that integrators and consultancies can buy, and customers can rent by the month. The CEO says the year to come will mark a rise in the percentage of software revenues for his company, where migration service has been leading sales for years.
December 29, 2015
Choosing antivirus via test sites, cloud AV
Editor's note: 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skills for multi-talented MPE experts.
By Steve Hardwick, CISSP
In an allied article I describe the elements needed for any effective virus attack: motive, means and opportunity. A suitable anti-virus program must provide the following capabilities.
- Be able to detect a vast array of malware
- Be able to update the virus definitions as quickly as possible after the virus signature has been isolated
- Provide the capability to quarantine and remove viruses after infection. This must include the ability to prevent any spread of the virus after contamination.
- Run with minimal load on the operating system. This includes both foreground (interactively scanning files as they are downloaded) and background (scanning existing files and computer activity)
- Have plug-ins for the various methods to download the viruses, via web browsers or email applications
The following websites provide ratings for anti-virus products. Some websites' evaluations are are geared towards a consumer user. Others are more aligned to commercial certification of AV products. I've also included a note on how cloud-base AV is changing antivirus options.
Provides a good set of tests that cover all of the five areas outlined above. Updates their reviews on a monthly basis. Covers Windows, Mac and mobile devices. Includes a special section for home users.AV Comparatives
Provides a good set of testing that covers all of the five areas outlined above. Provides additional, more detailed testing. Only certain tests are updated monthly. Testing is not broken down by operating system.
Only provides the ability to detect viruses and not provide false positives. Only covers Windows and Linux.
Using cloud AV
One approach that minimizes the impact of running an AV program locally is to run the software in two parts, one locally on the machine and one in the cloud. A new set of cloud-based solutions are being offered. These provide a small scanning application running on the operating system and do the heavy lifting in the cloud. Panda, a provider that scored best in the AV Comparatives evaulations, is one example of cloud AV.
The local application scans files and provides file signatures, then uploads them to the cloud counterpart for analysis. This removes the need to update the local definitions on the computer and increases the ability to react to new threats.
This benefit comes at a price. The capabilities are limited by the lightweight application, the services the operating system provides to that application, and connectivity to the Internet. Many of the rating websites are slow to rate these products, especially those focused on consumers. As they become more popular, this cloud AV will be included in the traditional testing suites.
November 30, 2015
Final HP fiscal result toes an enterprise start
HP reported lower sales and profits as a combined company in its final fiscal report of 2015's Q4 and FY '15. Starting with the next report, two companies named HPQ and HPE on the New York Stock Exchange will post individual reports. They'll continue to operate on the same fiscal calendar.
The Q4 that ended on Oct. 31 showed an HP still fighting headwinds, as the company financial management likes to describe falling sales and orders periods. The year had $103 billion in sales, down 7 percent. Earnings for the combined company were $2.48 on the year, off 5 percent. But the final quarter of combined operations permitted HP to toe a starting line with a 4 percent increase for Q4 profits. Profits for the fiscal year were slightly off, dropping 1 percent.
Of course, those numbers reflect a company which won't exist anymore as we've come to know it. The vendor which created the HP 3000 and now sells and supports replacement systems at migrated sites lives on in Hewlett-Packard Enterprise. That company started out with stock prices behind the HP Inc company, the new entity that sells printers and PCs. But the headwinds are much stiffer there, so of late HPE has traded at higher prices than the business spun off on Nov. 1.
The two units supporting 3000 replacements held their own. A drop in Business Critical Systems sales, the home of Integrity and Itanium, continued, but at a slower rate.
Enterprise Group revenue was up 2 percent year over year with a 14.0 percent operating margin. Industry Standard Servers revenue was up 5 percent, Storage revenue was down 7 percent, Business Critical Systems revenue was down 8 percent, Networking revenue was up 35 percent and Technology Services revenue was down 11 percent.
Enterprise Services revenue was down 9 percent year over year with an 8.2 percent operating margin. Application and Business Services revenue was down 5 percent and Infrastructure Technology Outsourcing revenue declined 11 percent.
"Overall, Hewlett Packard Enterprise is off to a very strong start," said Hewlett-Packard Enterprise CEO Meg Whitman. "First and foremost, the segments that comprise HPE have now had two consecutive quarters of constant currency revenue growth and we believe we are in a strong position to deliver on our plans to grow overall in FY 16 in constant currency."
November 25, 2015
3000 community keystone Jeff Kell dies
Jeff Kell, the man who founded the keystone of 3000 help, advice and support that is the 3000-L mailing list, died on Nov. 25 of liver cancer and complications from damage induced by a diabetic coma. He'd battled that illness in hospitals and hospice since 2014. Kell was 57.
"It is a very sad day when a good wizard passes on," said coworker and colleague Richard Gambrell at the University of Tennesee at Chattanoona. "Jeff had a gentle soul and brilliant mind."
Kell was the rare IT professional who could count upon 40 years of experience running HP 3000s, developing for MPE, and especially contributing to the state of the art of networking for the server. He created the ultimate network for the 3000's community by establishing HP3000-L, a LISTSERV mailing list now populated with several hundred thousand messages that trace the business computer's rise, decline, and then revival, rife with enduring high tech value and a thread of humor and humanity.
Kell's obituary notes that he came by his passion for scuba early, having worked for a short time at the Chattanooga Aquarium where he fed the sharks. A key contributor to the development of LISTSERV, Kell was instrumental in UTC’s earning the LISTSERV 25th Anniversary plaque, which lists UTC as the 10th University to deploy LISTSERV.
Kell also served as a volunteer to chair SIG-MPE, SIG-SYSMAN, as well as a 3000 networking SIG, but it's nearly impossible to sum up the range of experience he shared. In the photo at the top of this post, he's switching off the last N-Class system at the university where he worked. Almost 40 years of MPE service flowed off those university 3000s. In the photo above, from the HP3000 Reunion, he's updating attendees on how networking protocols have changed.
In the mid-1980s he was a pioneer in developing Internet Relay Chat, creating a language that made BITNET Relay possible. Relay was the predecessor to IRC. "Jeff was the main force behind RELAY, the Bitnet message and file transfer program," Gambrell said. "It inspired the creation of IRC."
My partner Abby and I are personally indebted to Kell's work, even though we've never owned or managed a 3000. The 3000-L and its rich chest of information was my assurance, as well as insurance, that the fledgling 3000 NewsWire could grow into the world of the 3000. In the postings from that list, I saw a written, living thread of wisdom and advice from experts on "the L," as its readers came to call the mailing list and newsgroup Kell started. Countless stories of ours began as tips from the L, or connections to people posting there who knew mission-critical techniques. At one point we hired columnists to summarize the best of each month's L discussions in net.digest. In the era where the Internet and the Web rose up, Kell was a beacon for people who needed help at digital speed.
He was a humble and soft-spoken man, with a wry sense of humor, but showed passion while defending the value of technical knowledge -- especially details on a product better-loved by its users than the management at its vendor. Kell would say that all he did was set up another Listserver on a university computer, one devoted to becoming crucial to UTC's success. Chattanooga is one of the best-networked towns of its size in the world. Kell did much more than that for his community, tending to the work that helped the L blossom in the 3000's renaissance.
Kell looked forward to an HP which would value the 3000 as much as the HP 9000. In 1997 he kicked off a meeting with HP to promote a campaign called Proposition 3000: Common hardware across both HP 3000s and HP 9000s, sold from an Open Systems Division, with MPE/iX or HP-UX as an option, both with robust APIs to make ISV porting of applications to MPE/iX "as trivial as any other Unix platform."
HP should be stressing the strengths of MPE/iX, "and not its weaknesses," he said. "We don't have to be told anymore what the 3000 can't do, because a lot of the things we were told it can't do, it now can. If we take the limitations of the Posix shell and remove them, we have Proposition 3000," Kell said to HP managers. "I would encourage you to vote yes for this investment in the future."
More than 16 years later, when MPE's fate had been left to experts outside of HP's labs, Kell offered one solution on how to keep the server running beyond MPE's Jan 1, 2028 rollover dating gateway.
"Well, by 2027, we may be used to employing mm/dd/yy with a 27 on the end, and you could always go back to 1927. And the programs that only did two-digit years would be all set. Did you convert all of 'em for Y2K? Did you keep the old source?" Kell's listserver is the keeper of all 3000 lore, history, and wisdom, a database that can be searched from a Web interface -- even though he started the resource before commonplace use of what we were calling the World Wide Web.
Some might dismiss that resource as a museum of old tech. Others were using it this week, to connect newer-age tape devices to old-school 3000s. He retired the last of UTC's 3000 at the end of 2013 (in the photo above). His own help to the community members on tech specifics and the state of this year's networking will outlive him, thanks to his work setting this keystone for the community's exchange.He had a passion for scuba, and could also dive deep into the latest of networking's crises. At the 2011 HP3000 Reunion, he held forth at a luncheon about the nuances that make up a secure network in our era of hack such as 2013's Heartbleed.
Unless you've had your head in the sand, you've heard about Heartbleed. Every freaking security vendor is milking it for all it's worth. It is pretty nasty, but it's essentially "read-only" without some careful follow-up.
Most have focused on SSL/HTTPS over 443, but other services are exposed (SMTP services on 25, 465, 867; LDAP on 636; others). You can scan and it might show up the obvious ones, but local services may have been compiled against "static" SSL libraries, and be vulnerable as well.
We've cleaned up most of ours (we think, still scanning); but that just covers the server side. There are also client-side compromises possible.
And this stuff isn't theoretical, it's been proven third-party.
Lots of folks say replace your certificates, change your passwords, etc. I'd wait until the services you're changing are verified secure.
Most of the IDS/IPS/detections of the exploits are broken in various ways. STARTTLS works by negotiating a connection, establishing keys, and bouncing to an encrypted transport. IDS/IPS can't pick up heartbleed encrypted. They're after the easy pre-authenticated handshake.
It's a mess for sure. But it’s not yet safe to necessarily declare anything safe just yet.
Even on a day when most people in the US are off work, the tributes to his help and spirit have poured in. "He was smart, soft spoken, and likable," said Gilles Schipper from his support company GSA. "He will be deeply missed. My condolences to his wife Kitty and the entire family."
Ed King, whose 3000 time began in the 1990s, said "Jeff was a great guy, full of wisdom and great stories, and he gave me a chance to flex my wings with some very interesting programming assignments, which kickstarted my career. He will be missed."
Developer Rick Gilligan called him "hard working, brilliant and a great communicator." Alfredo Rego said in a salute that "The members of Jeff’s family, and all of Jeff’s friends and colleagues, know that he made a tremendous difference during his life on this Earth."
Rich Corn, creator of the ESPUL printer software for MPE, said "Jeff was always a joy to talk to. So sharp, but at the same time so humble. Jeff made you feel like friend. A true leader in our profession."
The family's obituary for Kell includes a Tribute Wall on his page on the website of the Wilson Funeral Home in Fort Oglethorpe, Georgia.
Personally, I'll miss his questing spirit and marvel in his legacy. What a Master he was.
Here on this evening of Thanksgiving, we're giving thanks for the richness of a world with humble wizards like Jeff. We're taking a few days off to revere our time together. We'll see you with a fresh report on Monday, including analysis of the final fiscal results from Hewlett-Packard as a full entity, unsplit.
November 20, 2015
Multi-threading traces years of MPE service
Yesterday we explored the prospects of multi-threading for HP 3000 sites. It's an aspect of application and software design that can benefit from virtualization. In years past, when much of the 3000 application base was being created, separate hardware CPUs drove this multi-threading. Stan Sieler of Allegro, one of the authors of the textbook on Precision Architecture RISC "Beyond RISC," told us that multi-threading is likely to have made its way into 3000 software via Unix.
It's a concept, through, that's been possible for MPE ever since its beginning. The MP in MPE stands for Multiprogramming, Sieler reminded me, and that "Multi-threading is a form of multiprogramming or multiprocessing."
Sieler adds that "Multi-processing is where you have more than one CPU … each CPU can run a single process at a time (and, with multi-programming, can appear to be running more than one at a time).
Generally, but not always (as words are often abused), “threads” are related to a single process. E.g., my video compression program might work on several parts of the video simultaneously with three or four threads. On some computers, two separate threads of a single process cannot execute at the same time … on others, they can.
On most computers nowadays, threads are implemented at the operating system level. On older systems, threading was sometimes implemented above the operating system, relying on user code to switch threads. (I’ll skip co-routines, which few systems have now, but the Burroughs MCP did.)
Multi-programming is the concept where two (or more) processes (or “programs”) appear to run at the same time, but in reality each gets a short time to run, and then the CPU pays attention to the other process, then back to the first one… or “time slicing.”
On the 3000, few programs use multi-threading, but it is available. It came about the same time as Posix did, perhaps one release later (I can’t recall). In general, if you show me a 3000 program that uses threading, I’ll bet it’s written in C and originated in the Unix/Linux world.
Essentially all computers nowdays have multi-programming. The original HP 3000 (pre-CX) did, too. (The HP 2100 (running RTE) had, IIRC, no multi-programming.)
"So, you could easily have a program — even on the Classic 3000 — that ran multiple copies of itself (assuming, of course, you had a reason for doing it)."
November 04, 2015
HP C-level legacy hubris perplexes women
Now that the Hewlett-Packard spin off is underway — the initial 1970s concept of selling business computing solutions has returned to the fore at Hewlett Packard Enterprise — a review of who steered the bulky HP cart into the ditch seems worth a note. HP engineering culture was targeted by COO Chris Hsu as an impediment to splitting the company up in a year's time. The HP which ran on engineering desires fell to the wayside after current Republican candidate Carly Fiorina mashed up PC business into IT's legacy at HP, including the HP 3000 heritage.
Some insight as well as bafflement is emerging. Meg Whitman, a board director of HP whose primary job is now CEO of the restored HP Enterprise, doubts that Fiorina's best start in political service will be in the White House. According to a report in the San Jose Mercury News
“I think it’s very difficult for your first role in politics to be President of the United States," she said. Whitman has expressed empathy for Fiorina over cutting HP jobs — between the two of them, they’ve slashed tens of thousands of jobs at HP. But the failed California gubernatorial candidate told CNN, “While I think business strengths are important, I also think having worked in government is an important part of the criteria.” Whitman has thrown her support behind New Jersey Gov. Chris Christie.
As a punctuation for that measure of suitability, we stumbled upon another woman with a leadership career. Gloria Steinem, the seminal sparkplug of the feminist revolution of the 1970s and ardent advocate for womens' career ceilings, spoke on The Daily Show this week. Served up a fat pitch by the host that "Carly is a big favorite of yours, right?" Steinem shook her head and smiled. "I’m talking about women who got elected because they represented a popular majority opinion. She got promoted by God-knows-who."
My publisher turned to me and asked, "Who did promote Carly? Do you know?" I wondered how many of our readers, especially those ready to vote in GOP primaries, knew the answer.The short answer to the question is HP executive VP and board member Dick Hackborn. The shadowy giant of the printer empire, who rarely left his Idaho aerie for Silicon Valley, pumped Carly in the advent of Y2K. But the rogue's gallery of HP directors who promoted Fiorina have all been sacked, retired or died.
Resigned: Tom Perkins and Patricia Dunn. Plus George Keyworth, after the board discovered he'd leaked the pre-texting offenses which Dunn dished out to the press. Charges against her were dropped after more than a year of investigation.
Retired: Hackborn, Sam Ginn, Phil Condit, Robert Knowling.
Ousted: The son of one of HP's co-founders, Walter Hewlett. (Hard to imagine Walter voting to hire Fiorina, but esprit de corps counts for something. He even supported Fiorina's overpriced attempt to buy Price Waterhouse Cooper for $18 billion.)
Died: Lew Platt, after voting for his successor.
Eight of the 12 current HP directors have been appointed this year. It's a hopeful sign of change from a vendor which is still responsible for billions in products installed at migrated 3000 sites.
The answer to Steinem's question about who promoted Carly Fiorina is "people who've long since been separated from deciding HP's futures." Only Platt comes in with a clean bill, resigning from HP in 2000, after having the grace to step away from a company whose board no longer believed in him. That says much more about that board, and the ditch it pushed HP into, than it does about Platt.
October 30, 2015
The New HP's Opening Day: What to Expect?
The last business day for Hewlett-Packard as we've come to know it has almost ended. By 5 PM Pacific, only the Hawaiian operations will still be able to count on a vast product and service portfolio offered by a $120 billion firm. Monday means new business for two Hewlett-Packards, HP Inc. and Hewlett Packard Enterprise. It's possible that splitting the company in half could improve things by half. Whether that's enough will take months to tell.
On the horizon is a battle with the bulked-up Dell, which will integrate EMC as well as massive share of VMware in the coming months. The Dell of the future will be a $67 billion entity, larger than HP Enterprise in sales. Dell is a private concern now, while HP is becoming two publicly traded entities. The directions could not be more different, but HP will argue that demand had better be high for a monolith selling everything.
Dell is extending its offerings to a new level of complexity, but the level of product strategy and technology to comprehend has become too great for this week's massive HP. Hewlett-Packard never controlled an operation this large until the last decade. The company that built instruments and business computers and printers added a PC empire from Compaq. But it had just spun off Agilent two years before that PC merger.
But then after loading up with billions of dollars of low-margin desktop and laptop lines, the HP of the early 21st Century blazed forward into services. Headcount rose by more than 140,000 when Carly Fiorina sold the concept of buying EDS for outsourcing and professional services. The printer business swelled into cameras and even an iPod knockoff, built by Apple. HP's TVs made their way into retail outlets. It seemed there was nothing HP could not try to sell. Some of the attempts, like the Palm OS-based tablets or smartphones, shouldn't have been attempted. Their technology advantages couldn't be lifted above entrenched competition.
HP's CEOs since lifer Lew Platt retired — Fiorina, Mark Hurd, Leo Apotheker, and now Meg Whitman — didn't have much chance understanding the nature of so many products. Three years ago, HP started in the public cloud business, yet another branch of IT commerce aimed to take market share from Amazon. Whitman said in the New York Times that outsiders like her who've tried to lead the company have had too broad a beam of corporate ship to steer.
"This is crazy — Carly, Mark, Léo, me — the learning curve is too steep, the technology is too complex for an outsider to have to learn it all," she said in a story about what's next. The most audacious of HP's enterprise efforts was The Machine, technology that was to employ the near-mythical memristor to "change the future of computing as we know it." This summer the company fell back and said it would build that product with more conventional components and assemblies. It doesn't have a target date for releasing The Machine.The New HP, for the purposes of the 3000 customers who have migrated or will sometime soon, aims to do less and try to do it more effectively. Gone is the public cloud, while the EDS headcount is being trimmed. In-house technology like HP-UX and VMS is either going slack (no HP-UX 11.4 will be produced; VMS has been sold to an independent firm) or giving way to standards like Linux, Windows, and Intel servers like the ProLiants. The survival and ascent of ProLiant blade servers is likely to be the hardware backbone for a company that is keen to get customers to consider HP Enterprise as a software and service giant.
HP Enterprise, to be traded as HPE on the NYSE Monday, will sell private clouds that it will build, and staff if customers want HP administration, rather than the retail-level cloud services of AWS. HP Cloud could never host HP-UX customers. The fine-tuning of cloud hosts for Unix apps might be a part of the 2016 offerings. Just about anything to get more Integrity servers installed will have traction at HPE.
Although networking products and mass storage and software like Helion will be parts of the new HP facing the 3000 community, expect this business to be about how servers will drive its fortunes. In a Bloomberg report from this week, Whitman said she spent one full day on the three year plan for HPE's server business. She's been the CEO since 2011, and that was the first full day she concentrated on the business that put HP into business computing.
"There’s a great deal to be said for focus," Whitman said in the article. "You’ve got to be on it. You’ve got to be working on the product road map."
Work on product roadmaps in October used to be commonplace at HP, although it's probably been since Lew Platt's time that the CEO was involved in any way. MPE/iX users who've stayed with the OS, rather than the company, could still benefit from a rise in HP's fortunes. Sales of those allied product lines, as well as research to improve them, have a chance of improving. Homesteading 3000 customers would have to let the HP badge back into their shops. Maybe adding the "Enterprise" to the HP hardware nameplates will help restore the trust.
As for the HP Inc. side of the split-up, it's got less technology to comprehend and more competition with similar products. Some analysts are saying HP Inc. could be a takeover target, given its slim profit margins. HP's combined stock was down 30 percent from the start of this year, as the final day of Hewlett-Packard ended. On Monday HPE will start trading at about $15 a share. What will make the difference will be a fresh share of mind for a company that once specialized in business IT. MPE is gone, HP-UX is fading, and VMS has been sold away. The future will be different, but customers who remember a better HP might hope for a strategy that feels older: focused on how innovation and relationships can deliver success to customers.
October 06, 2015
Essential Skills: Securing Wireless Printing
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for such multi-talented MPE experts.
By Steve Hardwick, CISSP
When you do a security scan of your site, do you consider your printers? It was enough, several years ago, to limit an audit to personal computing devices, servers and routers. But then the era of wireless printing arrived. Printers have become Internet appliances. These now need your security attention, considering some of the risks with printers. But you can protect your appliances just like you're securing your PCs and servers.
Wireless printers can be very easy to set up. They come preconfigured to connect easily, and even a novice user can have something up and running in a matter of minutes. To be able to make this connection simple, however, vendors keep the amount of wireless network configuration to a minimum. Taking the default settings, as always, significantly reduces the amount of security that is applied to the device.
Modern printers are actually computer platforms that have been designed to run printing functions. Inside are a CPU, hard drive, RAM and operating system components. Unfortunately, a system breach can permit these components to be re-purposed to do other things. And those are things you don't want to happen at your site.For example, a BBC article from last year outlined how a programmer was able to hack into a printer and convert it to run the popular game Doom. The interesting part of this article is that the programmer could have had the printer run lots of other programs. Once the printer has been compromised, it is not difficult for a hacker to turn it into a tool to be used for nefarious reasons. Plus, once the machine is hacked, it can make connections from inside of your firewall. This will normally bypass the firewall rules and can transmit network information. Wireless printers can even be a vector for sending spam.
The brute force way to deal with a network penetration is turning off the wireless network. By connecting the printer using a cable, you can run the wireless connections through the router. Unfortunately this is not an ideal solution -- you've probably installed these printers for the express capability of eliminating cables. If that's not your case, and you have deployed a printer with wireless networking capabilities but you're not using them, don't forget to turn off the wireless function.
If you choose to run the printer wirelessly, make sure you set up WPA2 encryption. This will require setting up a printer password. Make sure that your wireless printer password is different from your wireless router password. Having the same password for multiple wireless devices is just asking for trouble. This may involve more work in setting up the printer to run. Its password will have to be loaded into each device that connects. But that's just the cost of security.
A new aspect of printers is that many contain hard drives. It takes a lot more time to print a large document than it does to send it over the network. Instead of requesting blocks of data at a time, the printer will request that the source computer send all the data at once. The printer must then keep a copy of the data locally to do its printing. And what better cheap source of local memory than a hard drive? In many cases the hard drive will keep storing the data as it gets requests, but not remove the data once the printing is complete. This results in a large volumes of data being stored on the drive.
Why does this pose a security risk? An intruder could externally hack the printer. Getting to the locally stored data is a fairly simple step once the machine has been compromised in this way. Then a copy of the information that has been printed can be stolen remotely from the machine.
Moving out older printers might mean you're inadvertantly giving your data away. Donating a working printer to a charity organization or a school can be a common practice. Even if the printer is not working, the data on the drive may be accessible. It is difficult to physically remove a drive from the printer to wipe the data. In many cases it may be impossible, as the drive is not meant to be a removable component. It is very difficult to get software to do the job.
In a lot of cases the printer manufacturer will give you the option to set up encryption on the internal hard drive. Lexmark, for example, outlines this kind of process. Search for “hard disk encryption” with your model number at your vendor's website. Make sure to use a strong encryption method such as AES 256 bit encryption. If the machine is compromised, it may still be possible to get at the data, but is will be difficult to remove it. At a minimum it will make it a harder target and may force the thief to discard it.
If encryption is not an option, some manufacturers will allow you to bypass the drive. This may case usability issues, especially if large documents are being printed. Not only will this cause printer slowdowns, but it also leads to network congestion. Do some research on what is being printed before choosing this strategy
A Man in the Middle attack uses a computer to get in between two machines on your network. If a computer is connecting to the printer, then the rogue machine does the following. First it convinces everyone on the network it is the printer. Then it convinces the printer it is the router. From that point onward, all data going to the printer is now accessible by the rogue machine. From that point is it easy to convert the printer data back to its electronic source, or the data can be forward and printed elsewhere. For more information see our article on Man in the Middle.
To avoid this vulnerability, configure your wireless printers to use a secure protocol over the network. This will employ encryption to accomplish two things. First, it will provide end to end encryption so that the data is encrypted on the source machine before it is transmitted. This will help prevent easy decryption of any intercepted traffic.
Second, by using a secure protocol, the source machine can verify the printer destination using a digital certificate. In fact, some printers do support SSL connectivity across the network. Another technology that was specifically designed for this application is IPSEC. This provides endpoint authentication and end to end encryption. IPSEC is very useful in support of wireless connections. Consult the printer vendor's documentation on how to configure this option. There are also lots of how-to videos on the web.
Installing printers in locations that are physically limited to the printer user community is a must for sensitive information. This may drive managers to keep printers next to a user's machine. Make sure to use a connection that is also secure. On a security audit, I saw a CEO's printer set up wirelessly across the office, because he did not want any wires connecting to his laptop. Needless to say, there was no security protection on the connection. He's still the CEO, but he's learned a bit about wireless printer security.
September 25, 2015
Taking the Measure of HP's Ex-Leaders
We're waiting for more information about the HP 3000s still doing service by working with Apache CGI scripting, as well as an upcoming confluence of CAMUS advice about Stromasys and Kenandy, to help ERP companies to homestead or migrate. So while we wait let's take a break for Friday Funnies. The story is funny in the way a two-headed calf wants to win a blue ribbon at the fair.
The latest news in our election cycle features the prospects of a woman who impacted lives of many of our readers, as well as the direct fortunes of any who work at or have retired from HP. Or any who will be separated from the vendor soon in the latest layoffs.
That would of course be Carly Fiorina, subject of scorn in both Donald Trump's eyes as well as derision from Yale economics professor Jeffrey Sonnenfeld. The professor wrote this week that Fiorina has learned nothing from her failures, or even admitted she's had any. And so, there's a criticism of his column afloat in the bowl of the 3000 world. Sonnenfeld's talks with former CEOs were not first-hand knowledge, the takeaway read.
Here I offer a subjective summary, and that criticism of the professor goes, "Do not measure Carly's impact on HP -- or her ability to lead -- by how other corporations fared during the same period when she was CEO. Or on the valuation of the company before and after. Measure her by how anybody would have fared, given what she took over starting in 1999. Also, understand that whatever you add up, it will be conjecture."
It's a good word. Conjecture is "an opinion or conclusion formed on the basis of incomplete information." By setting up a measurement problem so there is no constant -- to compare against, say, the veteran insider Ann Livermore, who HP passed over so Carly could get her job -- the measure will always be incomplete, clouded in imagination. In Catholic school, we were usually told at this point of our hard questions, "Well son, it's a mystery."
I believe the only way we'll ever see first-hand Carly-era information is an insider other than Carly who was an HP executive would write a book about the era. Say, Chuck House did that, didn't he? For those who don't know him, he was the leader of HP's software management, and that would include MPE. He was the only winner of what Dave Packard called HP's Medal of Defiance, for extraordinary defiance beyond the normal call of engineering duty. In 2009 House wrote "The HP Phenomenon; Innovation and Business Transformations." House has quite a bit to say about Carly's leadership (lordy, pages 403, 427, 443, 460, 471, 477, 480, 497, and 597) her Compaq decisions.
There's also a sheaf of pages indexed as "Vitriolic reaction." You probably would believe House has some first-hand experience of HP management, given that he was an executive manager throughout her HP service. House wasn't CEO, though. The only CEO who's created a book is Carly. She's so certain of her story she had to write two books.Come to think of it, maybe conjecture won't be the best word here.
When you look at the full history of HP's CEOs, it's not a group that's likely to deliver an insider's take on a hopeful story. After Bill and Dave retired from those posts, they died. John Young took the job and still lives, but he has enough sense to keep his head down in these leadership debates. Then there's Lew Platt (also retired and died), Fiorina, Hurd and Apotheker. Meg Whitman has been trying to pull HP's cart out of the ditch for more than four years. The latest tug is to pull away from the albatross PC business Fiorina pushed.
Fiorina's successors were bad, indeed. But no matter how bad any successor is, that doesn't change the mortal wound that the first savage can strike. A CEO who took the names of the founders off the company's logo, then removed one of their children from the board, might be summed up as having savage tactics. The leadership of Haiti comes to mind. Just search for "tontons macoutes" to get a peek at how such people stay in power. Haiti was once visited by cruise liners, before Papa Doc.
I was told a story by a well-loved HP executive who had the opportunity to lunch with his successor after retirement. "What in God's name has happened to HP stock?" he asked his replacement. It was second-hand experience the fellow was seeking, I suppose, to explain the first-hand experience that the retired manager was having over his retirement portfolio. I don't know who paid for lunch.
I continue to look for an HP employee or retiree who's feeling better about their portfolio, in the wake of Carly's ugly business decisions. Of course, once I hear that report, it will still be second-hand information. First-hand information, in case you were wondering, appears in print as "memoir" (business or otherwise) or "autobiography." Sometimes it could be labeled fiction, if its facts are not always so crucial. People do love a story.
I invite you to visit the bit of HP's story that includes choosing such a boat anchor for a CEO. "Perfect Enough" by George Anders includes a section where the author "discloses the role played by a powerful recluse in Idaho: the only person at HP who could bridge the old era and the new." That's the passing-over you read earlier, if I've kept you this far. As for that person's bridge, I think it's out. He's long gone, too.
In business, where Carly claims to have succeeded, the established coin of measurement is valuation. Either that, or love from the customers and employees. You don't need to be a professor of anything, let alone economics, to add up the former. Start your meters at the last HP stock split, in 2000. And for the latter measurement of love — well, you can go to the previous HP spinoff Agilent to find your Atomic Force Microscopes. I bet they still know something about measurement at Agilent.
We can't know if cruise liners will revisit the shores of the American dream in a Fiorina Administration. (My fingers just seized up trying to write those last two words together.) But it's not really conjecture about how HP's shoreline looked once her leadership dredged the company's passions for innovation.
September 22, 2015
Meetings serve futures. Most rely on pasts.
Last week I got a note from Terri Lanza, consultant to MANMAN and ERP users, asking about any forthcoming meetings for 3000 customers. Terri was a big part of the last HP 3000 meeting, the 3000 Reunion meeting that kicked off four years ago today. Lanza also queried ScreenJet's Alan Yeo, since Alan drove the engine of that Reunion while I helped organize and publicize.
Lanza is on the board of CAMUS, the user group devoted to ERP and manufacturing tech. "CAMUS was offered a place in California to gather," she said, "so our board wondered about choosing between San Diego and LA." Alan replied in short order that nothing is being planned for a 3000 meeting, and if anybody would know, it would be him. He kickstarted the meetings in 2005, 2007 and 2011. He even tried to turn the crank on a 2013 meeting. These things need financial support.
There's a great deal less purchasing among 3000 users four years after the Reunion. Purchases drive these tech meetings, but not just the sales pursued on an expo floor. Purchases of the past prop up meetings, as people try to better use the tech they already own.
That's why it's interesting to look at the content for many meetings among seniors like those who were at the Reunion. Tech meetings serve the drive toward futures, with talks about the Internet of Things or the Etch-A-Sketch wisdom on rules for social media. Learn, erase, learn again.
Legacy technology, though, tends to pay the bills for the bright-future meetings we used to attend. CAMUS is the exception, since its futures cover the survival of datacenters and legacy servers. Those are the servers that don't seem to get airtime, because their days of futures are supposedly over. Even HP seems to think so, if you look at what it's talking about at user meetings.HP's not counting on its legacy servers -- and an Integrity box is legacy like the 3000, just further up the road -- to float much of the company boat. Continued support of legacy systems can finance a visit to a sunny-futures meeting, though. The older generation does this support, and it pays for the dreams and foresight around newer technology. Or you hold a reunion, and remember what made you close friends, while you fought the fires of yesterday together.
But these days everybody is looking forward at expected change. Not much is changing about 3000s except for the age of their components. Humans always overestimate the amount of change coming into their lives, though. There's talk about manual driving becoming outlawed as self-driving cabs abound, or signboard ads at Macy's that will work better than an Onion gag about them. Someday we may be living in a world like those of the movies Total Recall or Minority Report. Walk slowly past that signboard. It could be sharing data that might live in an archived IMAGE database, which will be more reliable than split-second smartphone recognition.
Meetings serve a social need, and you never want to slag anything people are still investing time and money in. You can talk about the future with its uncertain changes, or gather survival advice to extend investments past. Maybe Google Hangouts or YouTube will give 3000 users a no-travel meeting option by next year. Since there's nothing under non-disclosure, the cybersecurity won't need to be advanced.
I remember attending a BARUG conference back in the 1980s in Santa Cruz. We enjoyed an expo space that overlooked the beaches and the suntanned pulchritude all a-frolic on the sands. Good times, but there was also talk on how to improve and extend what was still in use. We're betting that's become a mission for today's Web. If there's no travel budget, that'll work — and you won't have keep those bright-future shades trained on the changes that may never wash up on the sands of your datacenter.
September 14, 2015
We keep meaning to shut it down, but...
There's always acquisitions and mergers afoot in business, and the events have triggered some HP 3000 migrations. An entity gets acquired by a larger company that doesn't want to integrate MPE. The next thing you know, Windows is getting its call-up into a batting order where the 3000 used to play. (Sorry, baseball season's heating up as it winds down to the playoffs.)
A transaction that was announced this summer continued the journey of the Open Skies application that began in 1998 in the 3000 division of HP. In that fall, CSY General Manager Harry Sterling purchased the application that had helped to drive the 3000 and MPE into the airline business. "Harry, did you have to buy the company?" HP's next-level execs reportedly asked him. He bought it to show how Software as a Service could work on 3000s. HP called it Apps on Tap at the time.
Roll forward to July and see that the Amadeus Group started the purchase of Navitaire from Accenture. Navitaire became the proud owners of a farm of HP 3000s when the company purchased Open Skies early in the previous decade. By 2008, work was underway to move off those 3000s, a farm of more than two dozen of the N-Class servers. The software tracks mileage revenues and reservations and has been used by airlines including Canada's WestJet.
We got a report last week that a final N-Class server still is in operation, but it's destined for a shutdown. If only the overseas airline customers would stop needing historical reports from MPE/iX.A large-for-its-time array is still connected to a 3000 that's escaped the reaper's scythe so far. Mark Ranft, who's chronicled the transition away from MPE at Navitaire, let us know what's keeping a computer built 12 years ago serving some Navitaire customers.
All the customers have been switched over from HP 3000s. We still run an N-Class connected to an XP128 disk array for historical legacy purposes. It could be shut down soon, but we occasionally have a customer ask for some information from it. I guess other countries have unusually long timeframes for keeping detailed records of airline flights.
Navitaire had plenty of airline data business before it purchased Open Skies, but the reservation revenue-tracking software covered a new niche aimed at small carriers. HP only owned OpenSkies for about two years, then sold it to a subsidiary of Accenture. Within 18 months, HP announced its takedown of its 3000 operations. Accenture began developing a replacement called NewSkies, and by 2005 it started to inject it into spots where OpenSkies had served. Before that time, OpenSkies got upgrades from Navitaire, until HP called its halt to MPE/iX futures.
Open Skies, and its progeny New Skies, was always aimed at the low-cost airlines like RyanAir and WestJet. The 3000 had its introduction to airline reservation systems at what was a low-cost airline at the time, Southwest. Of course, Southwest is now the largest US domestic airline in passengers carried, and is paired with overseas partners. At the end of 1993, it bought tiny Morris Air to acquire 14 new Western US destinations, and discovered it'd bought the Morris "online reservation system," back when paper tickets were the absolute standard for air travel. It was like finding change in sofa cushions, including a rare coin.
The New York Times account of the transaction that brought the 3000 into the airline business makes no mention of the server or the software developed in Utah. Legendary CEO Herb Kelleher of Southwest was sharp enough to know low-cost operations would grow the company he founded, however. Morris was shaped like the Southwest of the 1990s, a company that knew a good server when it found one.
Southwest is more focused than Morris on attracting business travelers and is likely to try to attract more by offering more frequent flights. No Southwest routes overlap those of Morris, which will give Southwest a new presence in the Northwest and West, adding 14 cities to its schedule.
Asked about the Morris acquisition, Delta executives appeared sanguine yesterday. "We really don't see that this is changing anything," said Bill Berry, a Delta spokesman. "If we've got to face a competitor, we would rather face a competitor with costs that are much closer to ours."
Delta's reaction prompted a burst of laughter from Mr. Kelleher during a telephone interview yesterday. The cost structures of Southwest and Morris "are virtually the same," he said.
Southwest's adoption of the reservation software made e-tickets so essential that much larger airlines were forced to take up the service. By now, ordering a paper ticket carries a surcharge. Today's Southwest fleet of 600-plus 737s -- built at 3000-user Boeing -- now average six flights per aircraft per day. Delta had to merge with Northwest Airlines to keep up. Southwest turned off its last 3000 in the previous decade, though.
The deeper you go into the Morris-Southwest story, the better it gets. June Morris built her airline out of a travel agency business she ran in the back room of her husband's photo finishing business. Eventually there was a small fleet of chartered planes. Morris was the only female airline leader in the US at the time of the acquisition. The president of Morris Air at the time of the sale was David Needleman, who after leaving Morris went on to found a little operation called JetBlue. And JetBlue used HP 3000s as well, relying on Open Skies software from the start — the App on Tap that HP booked from Day One of JetBlue's operations. JetBlue and Southwest signaled a victory of midrange servers running TurboIMAGE/SQL over mainframes. JetBlue started up with less than a $1 million yearly IT budget.
Open Skies made its money by charging a fee per ticket booked. At the time JetBlue took off, a Computerworld article reported that flight reservations could be made on the Web "and by Touch-Tone telephone."
More than 500 Navitaire employees will go to Amadeus, a company that did 3.4 billion Euros of business last year. Navitaire's sale price was reported at $380 million in a July announcement, a deal that may close as early as next month. In the meantime there's one N-Class 3000 waiting for its retirement date, flying a route with a terminal destination — if one without an ETA.
September 02, 2015
The Heritage of Enterprise Consumerism
The heritage of your computer marketplace is driven by many more failures than successes. HP attempted to build a multiple operating system technology (MOST) system in 1993, mostly by re-engineering MPE and Unix software for customers who needed both environments.
MOST failed in alpha tests and taught Hewlett-Packard a lesson: do not promise so much flexibility that you kill performance. MOST was too slow to do the work of a single-OS system of the early '90s. The technology for multiple-OS computing was still five more years away, in Superdome. By the time HP polished Superdome, it lost its taste for expanding its MPE business.
That story has been echoed in the market many times. Virtualization and cloud solves such challenges today. But in 1993, NeXT Computer was killing itself by shipping a version of its OS that actually ran slower than the prior release. NeXT was the brainchild of Steve Jobs, who'd been kicked off Apple's throne by a board that was steered by John Sculley. Recent news has Sculley unveiling a new Android smartphone that won't be sold in the US. Aimed at China and emerging markets, this new Obi is, and so it avoids some competition with Apple.
Sculley, the former CEO of Pepsi, had been brought in to Apple by Jobs. The insanely great wunderkind knew he needed help to reach consumers. The move cost Apple momentum that elevated Microsoft and Windows to the top tier of business computing. Jobs tried to rebound with NeXT. Like MOST, the NeXT was way ahead of its time. Consumer-grade Unix was still 12 years away, lurking in the dreams for Mac OS X.
HP 3000 owners care about this because of their computer's heritage. Another consumer whiz, Dick Hackborn, climbed onto another board, HP's, and turned the LaserJet consumer reseller model onto the rest of HP's business. Direct contact with small to midsize customers became a task HP delegated. A 3000 shop that once knew its OS supplier through an SE or a CE had to learn to use resellers. The 3000 division lost track of the majority of its customers, and when the large sites yearned for a Superdome, nobody was able to keep in touch with customers who didn't need such a beast.
Sculley might do well with the Obi, even after a pratfall at Apple. On the other hand, the results might be Obi-Wan. It takes a failure to learn something, most times. MOST taught HP about speed, benefits, and the need for enough brainpower to enable something better (MPE) to drive something popular (Unix). The 3000's heritage flowed even and steady for awhile after Hackborn bent HP to a consumer beat. The loss of focus sealed the 3000's fate at HP, though.Enterprise and consumer computing were distinct entities when Scully and his pratfall pushed Jobs past another failure, NeXT, and into Apple. Now Scully will be competing with the ghost of Jobs, trying to sell a smartphone against the iPhone. But heritage does not mean that fate is cemented. The 3000 was never going to prosper in what HP was on the vanguard of building: enterprise consumerism. As it turns out, HP was not going to succeed at that either. Hackborn's board because erratic and dysfunctional.
While 3000 users plan their futures, they should look at the heritage of replacement candidates. A Scully smartphone will be as popular as Pepsi in emerging companies. It might be just as empty of enterprise sustenance, unless Sculley has learned the lesson HP has embraced: enterprise and consumer computer businesses should be run differently. In 60 days, Hewlett-Packard and HP will mean different things when the company recognizes the differences and splits.
August 26, 2015
Taking a Closer Look at 3000 Emulation
Emulation solutions have pro’s and cons. We caught up with Birket Foster this morning, after his company had suggested that emulation deserves a closer look. In our 8-minute podcast, I talked with him (over speakerphones on short notice, thank you) about how emulation really can be a solution to keep legacy applications vital. Companies, especially the small ones that still rely on MPE environments, want to protect their business investments. After all, investing in emulation solutions that can support your MPE legacy applications — well, it's critical to the future success of your organization. It can also be a key to greater efficiency, innovation and growth.
July 31, 2015
Zero day attacks: reports are dangerous, too
News has started to roil through the Android community about a fresh MMS attack vector for those devices, and last month reports rolled out about a similarly dangerous zero-day malware attack for Apple iOS. But what is zero day, and how can the news of these exploits be as damaging as the malware itself? Our security expert Steve Hardwick explains in this edition of Essential Skills, covering the non-3000 skillset for multi-talented MPE pros.
By Steve Hardwick, CISSP
Many computer users do not understand the term Zero Day and why it is so serious. To understand the term, it is first necessary to understand how an exploit works. In general, there are different types of exploits used on computers
1. Social attacks, phishing for example, which cause a user to unintentionally disclose information to a hacker.
2. Trojan horses, viruses that hide in otherwise legitimate applications. Once the legitimate application is launched, the Trojan horse releases the virus it contains.
3. Web attacks that trick users into divulging personal information using weaknesses in browsers and web server software
4. Application and OS attacks that use errors in the code to exploit the computer's programming
With the exception of the first category, these attacks rely on exploiting weaknesses in the underlying operating system and application code that runs on the computer. To be able to prevent this type of illicit access, the mechanism by which the malware is operating must first be understood. Therefore many researchers will examine operating code and look for these types of flaws. So will thousands of hackers. The challenge becomes how to mitigate such a vulnerability before it becomes a virus in the wild. That's where the Zero Day marker comes into play.The first, obvious response would be to fix the broken code. Although it sounds simple enough, it is not as straightforward as it seems. In order to prevent this type of condition occurring in the first place, software vendors will have development and test cycles that may take days or even weeks to complete. After all, it would not be good to develop a patch for one hole in the code only to create more. So it takes a finite period of time to detect the exploitation method the malware is using and then produce a patch that will fix the hole.
In many cases the research is done behind the scenes, and the security hole is fixed before it ever is exploited by hackers. In other cases a virus is spotted and the failure mechanism is already understood and a patch is in the works. For example, an application is compromised and the developer notices similar conditions can occur in other programs the software vendor produces.
Another response is to use anti-malware to protect against the threat. One of the main ways that anti-malware works is to look for signature patterns in downloaded or executing code. These patters are stored in a virus definition database. The supplier of the anti-malware solution will develop a profile of the malware and then supply a new definition to the database. As in the distribution of software patches, it takes time to define the profile, produce the signature definition, then test and distribute it. Only when the signature profile has been distributed is the computer system protected again
The time at which the malware is detected is called the zero day — as this starts the clock on the time between the detection and the distribution of the remedy. In the case of the software vendor, this would mean a patch for the broken code. In the case of the anti-malware vendor it is the time to provide the signature and deploy it.
The anti-malware vendor has the advantage that they are not supplying software to the machine. In many respects it is quicker to generate the signature and distribute it. For the software vendor there is the task of verifying that any new code does not affect the operation of the product, nor create any new vulnerabilities.
In either case, it is a race against time between the hackers on one side and the anti-malware or software vendor on the other. Furthermore, the end user is also in the fray. Whether it is a signature definition or a patch, the end user must download and install it. In many cases this can be automated, however, end users must have selected this option in the first place.
So when a zero day virus is announced, it means that the vulnerability has been made public and the software community needs to start to respond. There is a lot of debate as to the merits of announcing zero day exploits. There is concern that lower-skilled hackers will take advantage of the free research, and start to deploy viruses that exploit the disclosed vulnerability. The counter concern, as portrayed in the article about iOS cited at the beginning, is that the software vendor will not act on the research. No matter which side your opinion falls, it does not change the fact that a virus without a known cure is a very dangerous beast.
July 24, 2015
3000 world loses a point of technical light
Veteran engineer and developer Jack Connor passed out of worlds including the HP 3000's this month, dying at age 69 after a long career of support, volunteering, and generous aid to MPE users.
In a death notice posted on his local funeral chapel's website, Connor's story included Vietnam era military service, a drag racing record, and playing bass on Yummy, Yummy, Yummy, I Got Love In My Tummy, a single that went to No. 4 on the US charts. He had been the proprietor of a bar in Columbia, Missouri, known as Nasties, and a tea house in Columbus, Ohio, The Venus Fly Trap.
Connor played a role in the volunteer efforts for OpenMPE in the last decade. He was also the worldwide account manager for HP and DuPont in the 1970s and 80s, and the death notice reports he was involved in the first satellite uplink in history for commercial purposes. At the time of his death Connor was working at Abtech Systems and Support from Indiana, and at his own company, InfoWorks, Inc. In the months that followed HP's shutdown of its MPE lab, he created NoWait/iX, software that eliminated the wait for an HP technician to arrive, on a rush-charge time and materials call, to transfer an old HPSUSAN to a new 3000 CPU board.
NoWait/iX was intended for use "until HP can be scheduled on site at both HP and the customer’s convenience -- and not paying the emergency uplift charge," Connor said. "However, if a customer has a third-party tool which is no longer supported, or licensing is no longer available for an upgrade, NoWait/iX can operate indefinitely, returning the old information to that single product."
In the waning months of OpenMPE's activity, he chaired the board of directors and promoted the creation of a new Invent3k shared server. "Making Invent3K a repository for the community is the primary focus," he reported to us in 2011.
Connor was a frequent contributor of free tech savvy to the 3000 community, using the 3000 newsgroup as a favored outlet. Just this spring we relayed his advice about linking a 3000 with existing networks.What do I need to do on our MPE boxes to ensure that they will see new networking hardware? Does MPE cache the MAC address of neighbor gateways anywhere? I was thinking I needed to restart networking services, but I wasn't sure if anything more will be needed.
If you're taking it off the air for the network changes, I'd go ahead and close the network down until the work has completed and then reopen it. MPE will be looking for the IPs as it opens up. I know you can see the MAC addresses in NETTOOL, but I don't think they're of any import other than informational and for DTC traffic.
While serving on the OpenMPE board of directors, he also tracked down a data-at-rest security solution compatible with HP 3000s. 10ZiG's Security Group still sells the Q3 and Q3i appliances, one of which Connor put between a Digital Linear Tape device and a 3000. The results impressed him for a device that costs a few thousand dollars -- and will work with any host.
I tested an encryption box that sits between the DLT and IO card a year or so ago and it worked like a champ. It maintained streaming mode and all. However, it was in the $2,000-$3,000 range — and to be useful for a DR world, it would require two, so I haven't pursued actually recommending it.
He often helped out with IO and storage device questions in the 3000 community. For the Series 927LX, he noted that a DLT tape drive could be installed in the server that was designed in the early 1990s.
"This is not a problem as long as you have a free slot, or an open 28696A fast-wide card," he said. "I believe you need to be on MPE/iX 6.0 or 6.5 to go with a DLT8000. I'm sure a DLT4000 and probably a DLT7000 are okay." (The 28696A is a double-high interface device that permits the 927 to use HVD SCSI DLTs of 4000, 7000 or 8000 models.)
A simple search of the Newswire with "Jack Connor" turns up dozens of tips. Several 3000 veterans offered tributes in the wake of the Gary Robillard's news about Connor's passing. "He was a master at his trade," said Tracy Johnson.
"Jack was a great guy who would always help no matter the problem, time or distance," said Bill Long. "As I moved on to different companies Jack was always there to help. He did consulting work for us when I worked for a small semiconductor company in Newark DE. He wrote the exotic interfaces we needed. Just a few years ago he helped me when I was consulting for Dow Chemical and needed help with my in-home HP 3000."
"My dear friend and colleague, a frequent contributor to this list, passed away peacefully in his sleep after a long illness," Robillard wrote. "Words cannot express how greatly he will be missed by all who knew him."
On the tenth anniversary of HP's pullout notice for the 3000, Connor summed up his philosophy about helping in the MPE community. "I'd say we've all been a pretty good human chain holding the 3000 Community together," he said. "There's indeed life after HP, and a pretty full one so far."
He was laid to rest this past Sunday, and the obituary webpage included a link to the Van Morrison song "Into the Mystic," whose lyrics include these lines.
And when that fog horn blows I will be coming home
And when that fog horn blows I want to hear it
I don't have to fear it
I want to rock your gypsy soul
Just like way back in the days of old
Then magnificently we will float into the mystic
July 21, 2015
User group takes virtual tack for conference
A vendor with ties back to the 1980s of the HP 3000 world took several steps today into the new world of virtual user conferences. The education and outreach at the Virtual Conference & Expo came in part from Fresche Legacy, formerly Speedware, but it was aimed at that company's latest prospects: IBM Series i enterprises. Advances in long-form remote training, with on-demand replays of tech talks, gave the IBM COMMON user group members of today a way to learn about the IBM i without booking time away from workplaces.
The offerings on the day-long agenda included talks about vendors' tools, as well as subjects like "Access your IBM i in the modern world with modern devices." Customer-prepared talks were not a part of today's event; that sort of presentation has become a rare element in the conference experience of 2015. But some of the best HP 3000 talks at the Interex user group meetings came from vendors, lifted up from the ranks of users.
The virtual conference of today won't be mistaken for the full-bore COMMON Fall Conference & Expo of this fall. That's a three-day affair in Fort Lauderdale, complete with opening night reception and conference hotel rates at the Westin. A few days in Florida could be a perk for a hard-working IT manager, even in early October.
But the practices of remotely educating users about enterprise IT have become polished by now. Wednesdays in the 3000 world have often included a webinar from MB Foster, guiding managers in subjects like Application Portfolio Management or data migration. Those are more dynamic opportunities, with individuals on an interactive call using presentation software including a Q&A element. They also cover skills that are more essential to the migration-bound customers — although data migration skills promise great potential payback for any IT pro.But whether it's on-demand talks bolstered by chat requests at the COMMON event, or a phone and demo-slide package at a Wednesday webinar, training doesn't equal travel anymore. A three-day event would've looked small to the HP Interex user group member of the 1990s. Over the final years of that user group's lifespan, though, even a handful of days away to train and network at a conference became an on-the-bubble choice.
Making a migration from a legacy platform like the 3000 opens up the opportunity to increase the level of learning in a career. But even legacy computing like the IBM i can trigger reasons to train and explore fresh features. It's another reminder that what matters to a vendor is not necessarily the strength of a legacy server's ecosystem, but the stickiness and size of the installed base.
IBM's i still counts six figures' worth of installed customers, and many have links to other IBM systems. IBM could afford to take care of an established base of proprietary computer systems. The independent third parties like MB Foster and others that remained after HP exited have been left to care for 3000 users on the move, and otherwise.
July 20, 2015
The Weekend a User Group Went Lights-out
Ten years ago this week, the Interex user group went dark in both a digital and literal way. The organization that was launched 30 years earlier to serve HP 3000 customers took down its website, shuttered its servers, and shut out the lights to lock up its Sunnyvale, Calif. offices. A bankruptcy went into its opening days, one that would take more than two years to make its way into Federal Court. But the immediate impact was the loss of the tent-pole gathering for the 3000 community, that year's annual HP World conference.
Millions of dollars in hotel guarantees, prepaid advertising, and booth exhibitor rents went unpaid or unreturned. It was more than the loss of an event that had a 28-year history of joining experts with customers. The Interex blackout turned off a notable light that might've led to a brighter future for a 3000 community still looking for answers and contact with vendors and expertise.
Looking back from a decade later, signs were already evident for the sudden demise of a multi-million dollar organization with 100,000 members of some pedigree. Tens of thousands of those members were names in a database and not much more, places where the Interex tabloid HP World could be mailed to generate advertising revenues. A core group of users, devoted to volunteering and rich with tribal, contributed knowledge about HP's servers, was far smaller.
Interex was all-in on support and cooperation with the Hewlett-Packard of 2005, but only up to a point on a crucial user group mission. The group was glad to re-label its annual conference after the vendor, as well as that monthly tabloid. HP held the rights to both of those names once the group made that transition. There was an HP liaison to the group's board for decades. The key managers in the 3000 division made their first-person 2002 articles explaining HP's 3000 exit available to the Interex publications. Winston Prather wrote "it was my decision" on pages published by Interex.
But in 2004, HP sowed the seeds of change that Interex watered with a no-collaboration decision. User groups from the Digital VMS community agreed to cooperation with HP on a new user conference, one to be funded by HP. Interex's directors polled the member base and chose to follow an independent route. The Interex board would stick to its plans to exclusively produce the next HP World. Advocacy was at stake, they said, and Interex's leaders believed the group would need its own annual meeting to keep asking HP to do better.
HP began to sell exhibitor space for an HP Technology Forum against the Interex HP World booths. Just before the HP World San Francisco Moscone Center wanted its final payment — and a couple of weeks after exhibitors' payments were in hand — the tune the 3000 world heard was Boom-boom, out go the lights.The user group struggled to maintain a financial balance in the years following the Y2K ramp-up, according to one of its directors, an era when attendance at the group's annual shows fell steadily. Membership figures for the group, inflated to six figures in press releases during 2004, included a very broad definition of members. Hotels were reserved for two years in advance, with payments made by the group and still outstanding for millions of dollars.
One conference sponsor, Acucorp, was told by an Interex ad rep that the staff was led to the door. A user community labored mightily to recover contributed white papers, articles, and software from a company that was selling conference memberships right up to July 17.
Ten years ago on this very date, HP was already at work gathering up the orphaned attendees who held prepaid tickets and registrations as well as exhibitors with no show to attend. HP offered a complimentary, comparable registration to the Technology Forum for paid, registered attendees of HP World 2005. HP also offered discounted exhibition space at its Forum to "non-HP competitors" exhibiting at or sponsoring HP World 2005. If you were IBM, or EMC, and bought a booth at the Interex show, you had no recourse but to write off the loss.
The shutdown was not orchestrated with the cleanest of messages. Interex.org, a website archived hundreds of times by the Internet Wayback Machine since 1996, posted a report that was the equivalent of a busy signal.
It is with great sadness, that after 31 years, we have found it financially necessary to close the doors at Interex. Unfortunately our publications, newsletters, services and conference (HPWorld 2005) will be terminated immediately. We are grateful to the 100,000 members and volunteers of Interex for their contributions, advocacy and support. We dearly wish that we could have continued supporting your needs but it was unavoidable.
Within a week, planning from the 3000 user community was underway to gather together any customers who were going to the HP World venue of San Francisco anyway -- since they were holding those nonrefundable tickets, or had already paid for hotel rooms.
Companies go broke every day, victims of poor management, bad luck, or unavoidable catastrophe. Few organizations can avoid closing, given enough time. But for a founding constituency that based its careers on a server that rarely died, the sudden death of the group that'd been alive as long as the 3000 was striking, sad — and a mark of upcoming struggles for any group built to serve a single vendor's customer base. Even a decade earlier, according to former Interex chair Jane Copeland, a proposal to wrap up the group's mission was offered in an ever-growing heterogenous computing world.
“When I left, I said they ought to have a dissolution plan,” said Copeland, owner of API International. “The former Executive Director of Interex Chuck Piercey and I tried to get the board to do it — because we didn’t see the purpose of a vendor-specific group in an open systems market.”
A change in HP’s CEO post sealed the user group’s fate, she added. The arrival of Carly Fiorina shifted the vendor’s focus away from midrange computer users such as HP 3000 and HP 9000 customers.
“I think HP is probably the cause of this more than anything,” Copeland said. “As soon as [CEO] Lew Platt left HP, that was the end of Interex. Carly Fiorina wasn’t interested in a user group. She just wasn’t user-oriented. Before Fiorina, HP had one of the most loyal customer bases in the industry. She did more to kill the HP brand than anyone. She killed it in such a way that the user group’s demise was guaranteed as soon as her reorganization was in place. She didn’t want midrange systems. All she was interested in was PCs.”
Another HP 3000 community member saw HP's declining interest in the server as a signal the user group was living on borrowed time. Olav Kappert, whose IOMIT International firm has served 3000 customers for nearly 30 years, said HP looked eager to stop spending on 3000-related user group events.
"HP would rather not spend another dime on something that has no future with them,” he said. “It will first be SIG-IMAGE, then other HP 3000 SIGs will follow. Somewhere in-between, maybe even Interex will disappear."
July 16, 2015
Bringing the 3000's Languages Fourth
Documenting the history and roots of IMAGE has squirted out a stream of debate on the 3000 newsgroup. Terry O'Brien's project to make a TurboIMAGE Wikipedia page includes a reference to Fourth Generation Languages. His sentence below that noted 4GLs -- taken as fact by most of the 3000 community -- came in for a lively debate.
Several Fourth Generation Language products (Powerhouse, Transact, Speedware, Protos) became available from third party vendors.
While that seems innocent enough, retired 3000 manager Tom Lang has told the newsgroup there's no such thing as a Fourth Generation of any computer language. "My problem with so-called Fourth Generation Languages is the use of the term 'Language' attached to a commercial product," he wrote. The discussion has become a 59-message thread already, threatening to be the longest discussion on the newsgroup this year.
Although the question doesn't seem to merit debate, it's been like catnip to some very veteran developers who know MPE and the 3000. The 4GL term was probably cooked up by vendors' product managers and marketing experts. But such languages' value did exceed third generations like COBOL. The term has everything to do with advancing developer productivity, and the use of generations was an easy way to explain that benefit.
In fact, Cognos -- the biggest vendor of 4GLs in the 3000 world -- renamed its Powerhouse group the Advanced Development Tools unit, using ADT instead of 4GL. This was largely because of the extra value of a dictionary associated with Powerhouse. The dictionary was offered up as a distinction of a 4GL by Birket Foster. Then Stan Sieler, who's written a few compilers including SPLash!, a refreshed version of the 3000's SPL, weighed in with some essentials.One way to measure a language is to see if it's got a BNF (Backus Normal Form), one of two main notation techniques for context-free grammars. According to Wikipedia -- that resource again -- a BNF "is often used to describe the syntax of languages used in computing, such as programming languages." Sieler said that the refreshed SPLash! had a BNF for awhile. Then it didn't. And really, languages don't need one, he added.
The list of the 3000's 4GLs is not a long one. HP dubbed Allbase as a 4GL at the same time that name signified a 3000 database alternative. It was a tool to develop more rapidly, HP said. Transact appears on some 4GL lists for MPE, but it's more often called a 3.5 GL, as is Protos. Not quite complete in their distinctions, although both have dictionaries. These languages all promised speed of development. They rose up in an era when object-oriented computing, with reusable elements, was mostly experimental.
Foster explained what made a 4GL an advanced tool.
The dictionary made the difference in these languages, allowing default formatting of fields, and enforcing rules on the data entry screens. I am a sure that a good Powerhouse or Speedware programmer can out-code a cut and paste COBOL programmer by about 10 to one. It also means that a junior team member is able to code business rules accurately, since the default edits/values come directly from the dictionary, ensuring consistency.
Sieler outlined what he believes makes up a language.
We all know what a 4GL is, to the extent that there’s a ’cloud’ / ’fuzzy shape’ labelled “4GL” in our minds that we can say “yes or no” for a given product, program, language, 4GL, package, or tarball. And we know that Speedware, etc., fit into that cloud.
Does a language have to have a published grammar? (Much less one published by an international standards organization?) Hell no! It’s better if it does, but that’s not only not necessary, but the grammar is missing and/or incomplete and/or inaccurate for many (probably most) computer languages, as well as almost all human languages (possibly excluding some post-priori languages). I speak as a compiler author of many decades (since about 1973).
Our SPLash! language (similar to HP’s SPL/V) had a BNF — at the start. (Indeed, we think we had the only accurate BNF for SPL/V.) But, as we added things to the language, they may or may not have been reflected in the BNF. We tried to update the manual, but may not have always been successful … if we got the change notice updated, I was happy.
Adding the word "product" behind 4GL seems to set things in perspective. O'Brien offered his summary of the 3000's rapid languages.
Speedware, Powerhouse, and Protos all had components (Powerhouse Quick, Speedware Reactor) that had a proprietary language syntax that offered Assignment, IO, and Conditional Logic. As such, they meet the minimum requirements to be referenced as a computer language. TurboIMAGE has a syntax for specifying the database schema, but does not have any component that meet the IO, Assignment, Conditional Logic, so it does not meet the minimum requirements.
Speedware and Powerhouse have had similar histories, both offered as ADT products. But the companies that control them have diverged in their missions. PowerHouse is now owned by Unicom Systems. Speedware's focus is now on legacy modernization services and tools, although its own 4GL is still a supported product.
There's an even more audacious tier of languages, one that the HP 3000 never saw. Fifth-generation languages, according to Wikipedia, "make the computer solve a given problem without the programmer. This way, the programmer only needs to worry about what problems need to be solved and what conditions need to be met, without worrying about how to implement a routine or algorithm to solve them." Prolog is one example of this fifth generation. But even Wikipedia's editors are wary of bringing forth a fifth generation.
July 15, 2015
How to Keep Cloud Storage Fast and Secure
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In our series of Essential Skills, we cover the non-3000 skillset for multi-talented MPE pros.
By Steve Hardwick, CISSP
One of the many cloud-based offerings is storage. It moves data from the end device to a remote server that hosts massive amounts of hard disk space. While this saves local storage, what are some of the challenges and risks associated with the type of account?
Cloud data storage applications have been compromised through different weaknesses. Firstly, there is the straight hack. The hacker gains administrative access into the server containing the data and then can access multiple user accounts. The second one is obtaining a set of usernames and passwords from another location. Many people use the same usernames and passwords for multiple accounts. So a hack into an email server can reveal passwords for a cloud storage service. What are the ways to defend against this level of attack?
Encryption is always a good option to protect data from unauthorized users. Many service providers will argue that they already provide encryption services. However, in a lot of cases this is what is called bulk encryption. The data from various users is bundled together in a single data store. Then the whole data store is encrypted with the same password. This gives a certain level of protection, for example of the disk is stolen. But, if administrative access is gained, these systems can be compromised. A better solution is to choose a service that offers encryption at the account level.Another option is to encrypt the data before it is stored.This is probably the safest method, as the encryption application is not part of the cloud server, and neither is the password. There is a penalty of performance and time in creating and restoring the file, as it has to be encrypted/decrypted. Today's computer systems normally make short work of this task.
Finally, there is a common misconception that an encrypted file is bigger than the original. For good encryption they should be about the same size. The only challenge with any encryption is to make sure the password is safe.
If you use the same username and password, the best solution is not to do it. But the difficulty is having 20 different usernames and passwords and remembering them all. One option is to let the browser do the remembering. Browsers have the option of remembering passwords for different websites. The browser creates its own local store of the passwords. However, if the computer's hard drive crashes, so does the password storage.
The next option is to use an on-line password account. The bad news is that they have the same weakness as other types of on-line storage. LastPass was recently hacked, so many users were worried that their password lists were compromised. I use a password vault that locally encrypts the vault file. That file can then be stored in online data storage safely. Plus, if you chose the right password application, the vault is shared across multiple devices. This way, different accounts and passwords can be used for each account and still be available from a secure, but available location.
Online storage, offline access
Most of the time many of us have access to the cloud. But there are times when I would like to have access to my data, but I don't have Internet access. The best example of this is on the plane. Although Internet service is available on many planes, not everyone has access. So it is good to choose a service that has a client application to synchronize the data. This will allow copies of the same file to be kept locally and in the cloud. This can be important when looking at mobile solutions.
In many cases, mobile storage is preserved by moving the data into an online storage location. Storing all the music files in the cloud, and then finding that they are not available offline, can be very infuriating on a plane ride.
Compression to be free
Free storage on-line services are limited to a set amount of storage. One way to get around this is to use data compression. Most raw data files can be compressed to some extent. But bear in mind that most media formats, such as mpeg, mp4, or jpeg, have already been created using compression. Many other files, though, can be compressed before they are stored. Some applications — for example back-up apps — will give the user a choice to compress the file before it is stored. Not only does this reduce the amount of space the data takes in the online storage, it is also faster to upload and download.
July 13, 2015
Celebrating a 3000 Celebrity's (im)migration
Eugene Volokh is among the best examples of HP 3000 celebrity. The co-creator of MPEX (along with his father Vladimir) entered America in the 1970s, a Jewish immigrant who left Russia to arrive with his family as a boy of 7, destined for a notable place on America's teeming shores.
Those teeming shores are associated with another American Jew, Anna Lazurus, whose poem including that phrase adorns a wall of the Statue of Liberty. More than 125 years of immigrants have passed by that monument, people who have created some of the best of the US, a fact celebrated in the announcement of this year's Great Immigrants award from the Carnegie Corporation. Eugene is among the 38 Pride of America honorees appearing in a full-page New York Times ad (below, in the top-right corner) from over the Independence Day weekend.
Those named this year include Saturday Night Live's creator Lorne Michaels, Nobel laureate Thomas Sudhof, and Pulitzer Prize novelist Geraldine Brooks, along with Eugene -- who's listed as a professor, legal scholar, and blogger. All are naturalized citizens.
Eugene's first notable achievement came through his work in the fields of MPE, though, computer science that's escaped the notice of the Carnegie awards board. Given that the success of Vesoft (through MPEX and Security/3000) made all else that followed possible, a 3000 user might say that work in MPE brought the rest of the legal, scholarly, and blogging (The Volokh Conspiracy) achievements within his grasp.An entry in the Great Immigrants website sums up what's made him an honoree:
A law professor at the UCLA School of Law, Eugene Volokh is cofounder of the blog, The Volokh Conspiracy, which runs on the Washington Post’s website (which is independent of the newspaper). Before joining UCLA, where he teaches a myriad of subjects, including free speech law and religious freedom law, Volokh clerked for Justice Sandra Day O’Connor on the U.S. Supreme Court. Volokh was born in Kiev, Ukraine, when it was still part of the Soviet Union, and immigrated to the United States at age seven.
It's not difficult to find Eugene in the firmament of the American culture, with articles in the Post, the New York Times op-ed page, and interviews on TV networks and National Public Radio. But each time a 3000 user starts up MPEX, they light up the roots of somebody who migrated long ago, in an era when the 3000 itself was a migration destination, a refuge from the wretched existence of mainframes. We pass on our congratulations.
June 17, 2015
Passwords, MPE, and Security Flaws
Editor's note: in the past 24 hours the world has faced another breach of the LastPass security database, putting hundreds of thousands of passwords at risk. LastPass assures all of its users their passwords are secure after the breach — but change your master password anyway, they add. This makes it a good time to revisit security practices as they relate to the HP 3000 (thanks to Vesoft's Eugene Volokh) as well as our resident security expert Steve Hardwick. Sound advice stays fresh.
More than 30 years ago, VEsoft's Eugene Volokh chronicled the fundamentals of security for 3000 owners trying to protect passwords and user IDs. Much of that access hasn't changed at all, and the 3000's security by obscurity has helped it evade things like Denial of Service attacks, routinely reported and then plugged for today's Unix-based systems. Consider these 3000 fundamentals from Eugene's Burn Before Reading, hosted on the Adager website.
Logon security is probably the most important component of your security fence. This is because many of the subsequent security devices (e.g. file security) use information that is established at logon time, such as user ID and account name. Thus, we must not only forbid unauthorized users from logging on, but must also ensure that even an authorized user can only log on to his user ID.
If one and only one user is allowed to use a particular use ID, he may be asked to enter some personal information (his mother's maiden name?) when he is initially added to the system, and then be asked that question (or one of a number of such personal questions) every time he logs on. This general method of determining a user's authorizations by what he knows we will call "knowledge security."
Unfortunately, the knowledge security approach, although one of the best available, has one major flaw -- unlike fingerprints, information is easily transferred, be it revealed voluntarily or involuntarily; thus, someone who is not authorized to use a particular user id may nonetheless find out the user's password. You may say: "Well, we change the passwords every month, so that's not a problem." The very fact that you have to change the passwords every month means that they tend to get out through the grapevine! A good security system does not need to be redone every month, especially since that would mean that -- at least toward the end of the month -- the system is already rather shaky and subject to penetration.
There's a broader range of techniques to store passwords securely, especially important for the 3000 owner who's moving to more popular, less secured IT like cloud computing. We've asked a security pro who manages the pre-payment systems at Oxygen Financial to share these practices for that woolier world out there beyond MPE and the 3000.
By Steve Hardwick, CISSP
There has been a lot in the news recently about password theft and hacking into email accounts. Everything needs a password to access it. One of the side effects of the cloud is the need to be able to separate information from the various users that access a centrally located service. In the case where I have data on my PC, I can create one single password that controls access to all of the apps that reside on the drive plus all of the associated data.There is a one-to-one physical relationship between the owner and the physical machine that hosts the information. This allows a simpler mechanism to validate the user. In the cloud world it is not as easy. There is no longer a physical relationship with the user. In fact a user may be accessing several different physical locations when running applications or accessing information. This has led to a dramatic increase in the number of passwords and authentication methods that are in use.
I just did a count of my usernames and passwords and I have 37 different accounts (most with unique usernames and password). Plus there are several sites where I use the same usernames and password combinations. You may ask why are some unique and why are some shared. The answer is based on the risk of a username or password be compromised. If I consider an account to have a high value, high degree of loss/impact if hacked, then it gets a unique username or password.
Email accounts are a good example. I have a unique username and password for my five email accounts. However, I do have one email account that is reserved solely for providing a username for other types of access. When I go to a site that requires an email address to set up an account , that is the one I use. Plus, I am not always selecting a unique password. The assumption is that if that username and password is stolen, then the other places it can be used are only other web site access accounts of low value. I also have a second email account that I use to set up more sensitive assess, google drive for example. This allows me to limit the damage if one of the accounts is compromised, and so I don't end up with a daisy chain of hacked accounts.
So the next question is how do you go about generating a bunch of passwords? One easy way is to go into your favorite search engine and type in password generator. You will get a fairly good list of applications that you can use to generate medium to strong passwords. But what if you don't want to download an application -- what is another way?
When I used to teach security this was one trick I would share with my students. Write a list of four or five short words that are easy to remember. Since my first name is Steve we can use that. This of four or five short number 4-5 digits in length 1999 for example. Now pick a word and number combination and intersperse the numbers and letters S1t9e9v9e would be the result of Steve and 1999. Longer words and longer numbers make strong passwords – phone numbers and last names works well. With 5 words and 5 numbers you get 25 passwords. One nice benefit of this approach comes when you need to change your password. Write the number backwards and merge the word and data back together.
Once you have created good passwords, your next challenge is how to remember them all. Some of the passwords I use I tend to remember due to repetitive use. The password for logging into my system is one I tend to remember, even through it is 11 characters long. But many of my passwords I use infrequently -- my router for example, and many have the “remember me” function when I log on.
What happens when I want to recall one of these? Well the first thing is not to write them down unless you absolutely have to. You would be amazed how many times I have seen someone password taped on the underside of their laptop. A better option is to store them on your machine. How do you do that securely?Well, there are several ways.
One easy way is to use a password vault or password manager. This creates a single encrypted file that you can access with a single username and password. Username and password combinations can then be entered into the password vault application together with their corresponding account. The big advantage is that it is now easy to access the access data with one username and password.
The one flaw: what happens if the drive crashes that contains the vault application and data? If you wanted to get started with a password vault application, InfoWorld offered a good article that compares some leading products.
Another option is to roll your own vault services. Create a text file and enter all of your account / username / password combinations. Once you are done, obtain some encryption technology. There are open source products -- truecrypt is the leader -- or you can use the encryption built into your OS. The advantage of using open source is that it runs on multiple operating systems. Encrypt the text file by using your software. Take caution to not use the default file name the application gives you, as it will be based on your text file name.
Once you have created your encrypted file from the text file, open the text file again. Select all the text in the file and delete it. Then copy a large block of text into the file and save it (more then you had with the passwords). Then delete the file. This will make sure that the text file cannot easily be recovered. If you know how to securely delete the file do that instead. Now you can remotely store the encrypted password file in a remote location, cloud storage, another computer, USB drive etc. You will then have a copy of your password file you can recover should you lose access to the one on your main machine.
Now, if you do not want to use encryption, let's look at why not. Well, most programs use specific file extensions for their encrypted file. When auditing, the first thing I would look for is files with encryption extensions. I would then look for any files that were similar in size or name to see if I could discover the source. This includes looking through the deleted file history.
The other option is steganography, or stego for short. The simple definition is the ability to bury information into other data – for example, pictures. Rather than give a detailed description of the technology here, take a look at the Wikipedia page. There is also a page with some stego tools on it . For a long time my work laptop had a screen saver that contained all my passwords. I am thinking of putting a picture up on Facebook next.
Here are a few simple rules on handling multiple passwords
1. Try and use uniques usernames and password for sensitive account. You can use the same username password combination for low sensitive accounts.
2. Run through an exercise and ask yourself, what happens if this account is hacked. So don't use the same username and password for everything.
3. Do not write down your passwords to store them.
4. Make sure you have a secure backup copy of your passwords; use encryption or steganography.
If you want to do some extra credit reading on passwords, there are two good references out there and they are free. The National Institute of Standards and Technologies has a library on security topics that is used by the federal government., a good publication on passwords.
The SP 800-118 DRAFT Guide to Enterprise Password Management focuses on topics such as defining password policy requirements and selecting centralized and local password management solutions.
Steve Hardwick is the Product Manager at Oxygen Financial, which offers advanced payment management solutions. He has over 20 years of worldwide technology experience. He was also a CISSP instructor with Global Knowledge for three years and held security positions at several companies.
June 08, 2015
In 20th year, NewsWire digital turns 10 today
A decade ago today, this blog received its first post. On June 8 of 2005, a death in the 3000's family was in the news. Bruce Toback, creator of several 3000 software products and a man whose intellect was as sharp as his wit, died as suddenly as HP's futures for the HP 3000 did. I wrote a brief tribute, because Toback's writing on the 3000-L made him a popular source of information. His posts signed off with Edna St. Vincent Millay's poem about a candle with both ends alight, which made it burn so bright.
I always thought of Bruce as having bright ends of technical prowess along with a smart cynicism that couldn't help but spark a chuckle. His programming lies at the heart of Formation, a ROC Software product which Bruce created for Tymlabs, an extraordinary HP software company here in Austin during 1980s and early 90s. Toback could demonstrate a sharp wit as well as trenchant insight. From one of his messages in 2004:
HP engineer [about a Webcast to encourage migration]: During the program, we will discuss the value and benefits of Transitioning from the HP e3000 platform to Microsoft's .NET.
Bruce: Oh... a very short program, then.
In the same way Toback's candle burned at both ends, I think of this blog as the second light we fired up, a decade after the fire of the NewsWire's launch. Up to this year we burned them both. Now the blog, with its more than 2,600 articles and almost 400,000 pageviews, holds up the light for those who remain, and lights the way for those who are going. This entry is a thank-you for a decade of the opportunity to blog about the present, the future, and the past.
We always knew we had to do more than give the community a place to connect and read what they believed. We're supposed to carry forward what they know. The NewsWire in all of its forms, printed and digital, is celebrating its 20th year here in 2015. A decade ago our June 2005 blogging included a revival of news that's 20 years old by now. It's news that's still can still have an impact on running a 3000 today.In the blog's first month of 2005, I wrote
"HP 3000 enhancements can travel like distant starlight: They sometimes take years to show up on customer systems. A good example is jumbo datasets for the 3000's database. Jumbos, the 3000's best tool for supporting datasets bigger than 4GB, first surfaced out of HP's labs in 1995, just when the NewsWire was emerging. We put our news online in the months before we'd committed to print, and our report of September 1 had this to say."
HP will make the enhancement available as part of its patch system, bypassing the delay of waiting for another full release of MPE/iX. But there are already discussions from the HP 3000 community that a more thorough change will be needed before long — because 40-gigabyte datasets someday might not be large enough, either.
"Why care about 20- or 10-year-old news? Because the 3000 has such a long lifespan where it's permitted to keep serving. In the conservative timeline of 3000 management, jumbos were the distant starlight, only becoming commonplace on 3000s a decade later. Jumbos are finally going to get eclipsed by LargeFile datasets. HP's engineers say their alpha testing to fix a critical bug in LFDS is going well."
"Like the jumbos before them, LFDS are also going to get a slow embrace. How slowly did jumbos go into production systems? Five years after jumbos first emerged, John Burke wrote in our net.digest column "it is hard to tell about the penetration of jumbo datasets in the user community beyond users of the Amisys application." His column also offered some tips on using jumbos, even while database experts in the community continued to lobby for a way to build larger files."
That reporting in 2005 marked the first time in a decade that 3000 customers could build a dataset as big as they needed. Up until then, LFDS had not been recommended for 3000 customers except in experimental implementations.
The nature of the 3000 community's starlight made a 10-year-old enhancement like jumbos current and vital. Alfredo Rego of Adager once said that his database software was designed like a satellite, something that might be traveling for decades or more and need the reliability of spacecraft to go beyond the reach of support transmissions. HP's signal for 3000s has died by now. We hope to repeat signals, as well as report, for more than another decade, onto the cusp of MPE's calendar reset of 2027. Thanks for receiving these transmissions.
May 20, 2015
Discovering HP's Futures
In a couple of weeks HP computer users will gather for an annual conference in North America. For the past five years, the meeting has been called HP Discover. This year's event is promising to show off visions of the future. Pictures of stalwart enterprise community members will be harder to find.
Among the HP technologies developed as computing environments, only HP's Unix will have a Special Interest Group Forum at the June 2-4 conference. Searching the sessions database for the letters VMS -- pretty special to the Digital customers that HP preferred to serve futures to versus 3000 sites -- yields no hits. If VMS is being discussed at HP Discover, it's likely to be just a topic on the floor.
Stromasys will be on that floor, talking about several platforms whose HP futures have already or will soon enough expire. Charon HPA, emulating the HP 3000 hardware, as well as virtualization products for the Digital systems and even Sun's Solaris computers will be demonstrated. Sarah Smith of Stromasys says it's a regular stop in the company's itinerary.
"At the booth we'll be doing demos of Charon," she said. "We've been going for years. VAX, Alpha, and PDP were all DEC products, so we talk about all of them at Discover."
Meanwhile, HP will be talking about many commodity solutions along with The Machine, its project to deliver six times more power than current computer systems on 1.25 percent of the energy. Its big idea is universal memory, driven by the elusive memristor HP first began discussing in 2008. Universal memory is as inexpensive as DRAM, as speedy as static RAM, as non-volatile as flash memory, and infinitely durable. The Machine is an HP Labs project reputed to have requisitioned 75 percent of the Labs' resources. Its delivery date is far enough out in the future that hearing about its potential is still just about all anybody expects this year, or next.The HP North American shows were once all about users, and then after awhile, all about the products the vendor had delivered and were in use in the field. The HP 3000 slipped out of the session list at HP Discover around 2010, and now the VMS platform hasn't qualified for as much time as The Machine. The conference does gather a nice sheaf of customers to go along with a thicket of HP staff. Even before the show was renamed from the HP Tech Forum, it had tilted toward sales-to-customer events with more than a few NDAs to keep out the riff-raff.
HP Innovation Brought to Life in Film will tell attendees they can "Get a glimpse into some of the revolutionary technologies HP is tackling that address the most complex challenges and opportunities for our customers and our society in the next decade and beyond." There's not much point in setting out session times for an hour on something like improving performance of an HP-specific database, because by now such a thing has dropped off HP's discovery map. That's 20th Century computing, anyway.
But despite the habit of eschewing topics like VMS, MPE, and other HP legacy creations, the company hasn't lost its taste for invention altogether. A panel of HP Labs researchers will offer "a closer look at what it takes to make The Machine change everything we know about computing. This radical new approach will fuse memory and storage, flatten data hierarchies, bring processing closer to data, embed security throughout the hardware and software stacks and enable management of the system at scale."
There was a time when HP's chalk talk about such a product would only have emerged when the product shipped, or at least was priced. When the first HP 3000 Spectrum systems -- the PA-RISC emulated by Charon -- slipped into release, the HP Journal ran tech articles on how they were breaking ground. Aiming at a high bar like "changing everything we know about computing" sounds a lot like a concept film of the 1980s or 1990s HP. Great fun, but perhaps not as immediately useful as the networking within a SIG Forum. At least HP-UX still has that much to count upon in two weeks' time.
May 18, 2015
Portfolios That Make a Path to the Future
Wednesday afternoon (2 PM Eastern time, US) MB Foster is educating IT managers on the business case for using Application Portfolio Management. (Register here for the free event.) APM has gained a lot of traction in boardrooms and the places where analyst reports score points.
Gartner's researchers report that "Application portfolio management is critical to understanding and managing the 40-80 percent of IT budgets devoted to maintaining and enhancing software." HP 3000 managers, and especially those who are on the move to a new computing path, understand how much of their work has always gone into extending and repairing apps that make a difference.
Foster's team says that APM "changes the way you manage IT assets. Without proper visibility, IT executives can never be sure that they are investing appropriately by acquiring enhancing or retiring, the right application at the right time. Without visibility, APM is simply impossible without an ongoing view of IT investments."
In this Wednesday's webinar, Birket Foster will highlight the business case for APM, and outline "where you should start, mapping your portfolio, building a score card, examining business and technical fit, understanding benefit and risks and other subject related content." Foster's been talking about APM for more than 10 years, just about the whole time 3000 migrations have been in play.
APM can begin by delivering a means to increase the visibility of HP 3000 apps. And if that MPE visibility leads to a more energized transition plan — because now the executive management sees how vital the MPE/iX application is to meeting company goals — that's a good thing as well.Retiring out with the HP 3000 has been an option for some managers. But for many others, outlasting the server is becoming a genuine challenge. Leaving a legacy as an IT pro, instead of just the 3000 expert, is a way to revitalize a career.
You have to know how to treat applications as assets, to frame software as if it's as essential as cash on hand for a company. APM doesn't get cited much by the 3000 manager who's worked as a technologist to deliver value to a company. This is the business side of business computing. Learning more about that side gives a manager a greater skill set. Best of all, these practices make it easier to justify IT acquisition and expansion and yes, even a migration with its profound expenses.
Foster says that IT organizations and technology leaders are missing out on an opportunity to reduce IT costs, optimize applications, and deliver value back to the business. "With a bottom-up analysis for top-down decisions, IT departments move from an unclear inventory of applications with limited understanding of each, to a defined inventory with actionable information on the business value and technical condition of each application."
IT wants executive management to understand the condition of applications, built, bought, or accumulated through M&A, as well as how the apps affect and grow the business, and how they affect the bottom line and future budgets. APM can show what skills are required to manage and maintain the portfolio, and where succession planning plays a role.
May 13, 2015
Deciding Which Cloud Cabin To Ride
Trends in IT management are pushing server management into co-located and cloud-based service providers. If a path toward migration seems to lead toward services rather than servers, there are some developments to note while choosing a place to relocate the apps on critical servers.
Amazon is the leader in the cloud computing space with its AWS business. But just until recently, the world didn't know specifics of how well AWS was earning. It turns out that cloud services are one of the few Amazon products making a generous profit. And the existence of profits goes a long way toward protecting the future of any product or service. The 3000 is supposed to have crossed over from profitable to not so during the period after Y2K.
Once the system's projected revenue line dipped below the projected expense line, at that point you could say even those inside HP considered MPE servers a dead product. It didn't happen until after that Year 2000 bubble, though. The HP 3000 owner, having experienced this, will be wary of any single point of solution failure.
AWS is well above such a line. Other companies, such as HP, are not breaking out their cloud business results. But HP is making a point of promoting its latest HP Discover conference around the cloud concept. You can even ride in a cloud, the vendor promises, next month in Vegas.AWS owned more than 25 percent of the cloud infrastructure revenues during 2014, according to the Synergy Research Group. It's such a dominant share that the closest competitor, Microsoft, has only 10 percent, and IBM has 7. Rackspace, a preferred solution for the Charon virtual 3000 solution, comes in at 3 percent. HP's at under 1 percent, one of a host of companies who make up almost half of what's left over.
How big is cloud at AWS? Amazon said it had revenue of $1.57 billion during the first three months of the year. The company said its operating income from AWS was $265 million. Nothing that HP builds returns that kind of profit, except ink and paper.
But at the Discover show in Las Vegas, attendees can win "a VIP ride in the cloud on the High Roller with Connect and Ingram Micro on June 2, 2015. Join us as we journey 550 feet into the cloud over the beautiful Las Vegas landscape while networking and enjoying the ride."
Amazon is going to sell more than $5 billion in cloud services this year, by the company's reports. HP's still calling cloud computing "the new style of IT," and the strategy is pretty new to the IT director who's been managing local and networked servers for several decades. The Hewlett-Packard view from the clouds will include a Special Interest Group meeting for cloud computing during the June 2-4 show.
Hewlett-Packard has announced that it will spend $1 billion by the end of next year to help its customers build private cloud computing. Private clouds will need security, and they'll begin to behave more like the HP 3000 world everybody knows: management of internal resources. The difference will reside in a standard open source stack, OpenStack. It's not aimed at midsize or smaller firms. But aiding OpenStack might help open some minds about why clouds can be simple to build, as well as feature-rich.
May 04, 2015
Candidate Carly looms like 3000 migrations
3000 community pundits and veterans will say Hewlett-Packard's pushing the server off its price lists was inevitable. Today that migration slog seems to hold the same charms as the just-announced candidacy of the HP CEO during that era: Carly Fiorina.
Announcing her run for the presidency will assure Fiorina of much attention, from the requisite Secret Service detail to a raft of coverage about being a female candidate running against another inevitability, Hillary Clinton. The attention will continue to mount upon her term at the HP helm, though, a period that even her fellow Republicans struggle to present as a success.
The similarities between government politics and tech business politics are now in the spotlight, though. Computerworld was writing a story about the intersection today.
Regarding the US presidency, citizens and voters can't go back for more Barack Obama. The 3000 owners couldn't go back for more servers after HP stopped making the computers in 2003, either. Everybody must move on from our current president, just like Fiorina's HP forced the 3000 owners to move away. So very many have moved. But so very few are using any HP product to replace their 3000 operations.
Showing off the hubris that would be echoed in her other attempts, first business and then political, Fiorina's HP alleged in 2002 that more than 4 of 5 customers would be off MPE within four years. Counting the unfinished or un-funded migration projects, close to 4 in 5 customers remained on MPE and the 3000 when that four-year-deadline rolled past. It was more complicated to curtail 3000 computing, just like it'll be complicated for Fiorina to paint her 5-plus HP years as a success.
But that doesn't mean she won't try. However, as the San Jose Mercury News wrote in an editorial, “She takes the Silicon Valley motto that it’s ‘OK to fail’ a tad too literally.” The paper's calling for more women in politics – except Carly Fiorina. The 3000 community only seems to embrace Fiorina's latest political jitney romp as an alternative in the last resort to a Hillary Clinton presidency.
"Killing the HP 3000 was a small pittance compared to the disaster she did to HP," said EchoTech's Craig Lalley today. "No, I would not vote for Carly. But then again, if the two final candidates are Carly and Hillary..."Fiorina has inspired vitriol that remains vivid a decade after she left HP. It's hate for unneeded change coming from her detractors among HP customers. "I'd hate to think of her doing to the country what she did to HP," said Ted Johnson on the 3000 newsgroup this afternoon.
Johnson was one of many around the country today who pointed to a carlyfiorina.org web page that was filled with frowning emoticons. 30,000 of them, the number that Michael Link, assistant director of digital strategy at the Service Employees International Union, says Fiorina laid off at HP. Link adds that Fiorina said she'd only change one thing about those layoffs today: "I would've done them all faster."
A story in the Guardian said the oversight of grabbing such an obvious domain could hurt Fiorina's fundraising.
A campaign team that fails to purchase all permutations of its candidate’s name as even a potential redirected domain is not likely to have repercussions with voters directly, said Peter Shankman, a marketing expert and author of the book Zombie Loyalists. But it might be a more serious problem for backers trying to decide which horse to bankroll in the upcoming election.
“The people who are donating money will look at that as a clear warning sign,” he said. “It’s like spelling something wrong on a cover letter or a resume.”
3000 reseller John Lee said, "If I recall correctly, she didn't kill the 3000, one of her predecessors did. She could have revived it though. Instead, she bought Lear Jets and Compaq. And then tried to follow IBM and Perot Systems by forming a Services group?"
The jets were a sore thumb of a reality, but killing off the 3000 did happen on Fiorina's watch. She joined the company in the summer of 1999, when the vendor was still on the cusp of carrying the 3000 across the Y2K chasm. No killing of 3000s was done deliberately in a period when every customer was shouldering a bigger IT budget, and dot-coms were elevating customer count.
Fiorina claims that HP was a laggard in the computer industry when she arrived, but the company has the ninth-oldest web domain in the world. Where the company lagged was in low-profit computer sales. The Compaq buy-up took care of that lag, even while it drove off those tens of thousands of employees.
Amid the reports on the reality of Fiorina's tenure — a time when HP nearly doubled its revenue but saw its profits drop by one-third, a time when she was sued by both the board of directors as well as the son of HP founder Bill Hewlett — there's some gallows humor afoot, too. HP was big on ending the 3000 while she served, after all.
"I'm ready to know this," said one 3000 manager who didn't want his name used. "When does Carly announce the End of Life for her bid?"
April 22, 2015
Essential Skills: Avoiding A King's Ransom
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for multi-talented MPE pros.
In a recent message on a 3000 developer mailing list, one MPE expert warned of the most common malware attack of 2015: Ransomware. "This is probably the most likely thing to happen to your computer if you click on the wrong thing today," Gavin Scott reports.
It's a nearly perfect criminal scheme.You get the malware on your system and it encrypts all files of value with a randomly generated key, and directs you to send $300 in bitcoin to them in order to get the encryption key to get your files back. It will encrypt every drive it can get access to, so a lot of people get their backups infected in the process of trying to recover. If you pay the $300, then by all reports they do give you the key, you get all your files back, and they don't bother you again. They even direct you to bitcoin ATM companies who reportedly spend much of their time these days providing technical support — to help Grandma operate the bitcoin system to pay her computer ransom.
To explain the fate of having to toss out computers in the IT shop which cannot be ransomed, we call on our security expert Steve Hardwick for some insights.
By Steve Hardwick, CISSP
In a previous article I looked at a Man in the Middle attack using SuperFish. That malware effectively bypassed the encryption built into HTTPS and so allowed Lenovo to inspect secure web traffic. There's another type of encryption hack that's becoming a serious threat: Ransomware.
In standard symmetric encryption, a key — a password — is used to scramble the information to render it undecipherable. The same key is then used to allow a valid user to convert that data back into the original data. Encryption systems ensure that anyone without a key will be unable to reconstitute the original data from encrypted data. Another key component (forgive the pun) is the password used to generate the encrypted data. If a valid user is not able to access the key, then they no longer have access to the data.
In many situations as a security professional, I've been asked how to recover encrypted data after the encryption key has been lost. Despite what TV shows depict, this is not as easy as it looks. Typical recovery of encrypted data is time consuming and costly. The first thing any security professional will say when an encryption key is lost is, "Just recover your data from your backup." But today there's a type of virus out there that uses this weakness, and can compromise backups, too.Ransomware takes data on a machine and encrypts the information, including every data file. The catch to this encyption is that the key is not provided to the user. Typically a message appears telling the user how to get a copy of the decryption key, obviously involving payment. The user is now left with a machine where the data is not accessible unless the encryption key can be obtained. The machine is commonly called a brick. The question now becomes, is there any way to retrieve the data without becoming a victim of extortion?
The actions that can be performed after this attack are very limited. Cracking the encryption itself is going to be difficult at best. Perhaps the one method that can be used is to hope that the virus has been reverse-engineered, so the decryption key is found. There's one common ransomware virus, CryptoLocker, whose code has been cracked and a solution posted for victims to use for free. But you may not be so fortunate. As the time honored saying goes “The best form of defense is a good offense.” Putting provisions in place before the attack is the best way to prevent this extortion.
Here is a list of these measures:
1) Make sure the machine is backed up regularly. It is a good idea to make sure that the backup you are using cannot be compromised by the same virus. For example, some viruses are able to infect the backup as well as the source. That means storing a recent backup offline.
Ed: It's also important that your backup solution does versioning. You don't want to write over a good backup with a bunch of encrypted garbage.
2) Keep your operating system and application software up-to-date with the latest patches.
3) Do not follow unsolicited web links in email
4) Keep your anti-virus software up to date
5) Try to get Windows users not to run with Administrative privileges, which are more prone to attack.
By using these methods, not only will you be less susceptible to ransomware, you will also be less vulnerable to other problems such as other viruses, hard drive failure and loss of your machine.
April 10, 2015
Putting ERP Securely On Your Wrist
HP 3000 ERP solutions are hosted natively on servers, and some of them can be accessed and managed over Apple's mobile tablets. But the Apple Watch that's due in two weeks will bring a new and personal interface for enterprise servers. Indeed, a well-known alternative and migration target for MANMAN and other MPE apps is climbing aboard the Apple Watch bandwagon from the very first tick.
Salesforce has a Watch app coming out on launch day that ties into a business installation of the storied application. Incredible Insights Just At A Glance, the promo copy promises.
Access the most relevant, timely data in seconds. Swipe to see dashboards, explore with lenses or use Handoff to work seamlessly between Apple Watch and iPhone. And use Voice Search to surface a report, view a dashboard, or find other vital information in seconds.
As mobile computing takes a new step with the Watch -- a device that Apple's careful not to call a smartwatch, as it's more of an interface for a smartphone -- security remains a concern. Apple has been addressing it by recognizing the Four Pillars of Mobile Security. A little review can be helpful for any IT pro who's got mobile devices coming into their user base. That's the essence of BYOD: Bring Your Own Device.According to enterprise Mac management software vendor JAMF, securing a mobile system, whether it's a tablet like the TTerm Pro-enabled iPad, a smartphone or a laptop, "requires careful attention to four key areas."
- Data at rest — Securing data on a device
- Data in transit — Securing data as it moves over a network connection to the device
- Application security — Installing trustworthy software from a safe source
- Patching — Keeping software up to date to avoid vulnerabilities
To implement good security reliably throughout an organization, three additional capabilities are crucial:
- Device management — Deployment, application distribution, security policy enforcement
- Reporting — Inventory of all devices and their configuration
- Auditing & remediating — Audit for compliance to security standards and tools to remediate as needed
JAMF sells its Casper Suite as a tool to manage enterprise-grade Apple platform installations. There's bound to be something just as thorough for the Windows-based user community. It's one more thing to ensure is a part of a migration plan, as the 3000's ERP data moves into a fresh generation.
For reference, to help research the caliber of such a Windows-based strategy, here's the breakdown that JAMF provides in a white paper about securing mobile data as well as Apple does.
1. Data at rest — The iPhone and iPad features hardware-based encryption for data at rest that is enabled by default. For Mac, the FileVault whole disk encryption system (a native feature in OS X) protects data with virtually no impact to system performance or battery life.
2. Data in transit — Apple devices can connect via VPN (Virtual Private Network) to secure data in transit. No additional software is required to take advantage of this security feature, and once configured it is transparent to the user.
3. Application security — One of Apple’s best contributions to the IT security field is their App Store ecosystem. Apple reviews all software submitted to the App Store to weed out malware. Each software package is cryptographically signed to prevent any tampering with the files. OS X and iOS are configured to reject any software that lacks a signature. IT staff can sign their own software packages to take advantage of this application security layer.
4. Patching — Since the dawn of computing, all software includes some number of defects or bugs. Some of these defects can be used by malicious attackers to gain access or steal information. The best practice for IT security is to keep all software up to date to eliminate vulnerabilities as they’re discovered. Apple makes this easy with native software patching utilities built-in to the OS. IT staff can host an Apple Software Update Server on the corporate network to speed up patching.
There's a bit of "every problem seen as a nail" with Apple's tools acting as a hammer here. But closed ecosystems have been essential to 3000-grade reliability for decades. Apple controls every aspect of the ecosystem as much as HP did with the 3000, making hardware as well as operating systems. A turnkey solution usually saves time and resources.
April 08, 2015
Essential Skills: Man In The Middle Attacks
Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for such multi-talented MPE experts.
By Steve Hardwick, CISSP
Lenovo recently made news in the security industry, and it was not good news. The PC manufacturer was shipping a copy of the Superfish malware with its machines. The software executes a threat known as “man in the middle.” Once it was discovered, companies were advised to remove it, yes. But what is a man in the middle attack, and why is it so dangerous?
Superfish compromises the HTTPS security protocol. It will intercept HTTPS requests made by a browser. It then uses a program to connect to the target website. At the same time it sends its own public key to the browser, and has it trust it. Instead of data coming back from the website to the browser, it now comes to the Superfish program.
Normally, encryption is viewed as using a password or phrase to generate a key. The key is then used to encrypt a set of data in clear text. The resulting cyphertext is then sent to the recipient, who must have the original key to decode it. This is commonly referred to as symmetric encryption: used just for a session, the same key both encrypts and decrypts the data.
The Superfish malware extracts a symmetric key from the website and passes it on. The browser thinks it has a secure connection to the website, when in fact Superfish is now listening to all of the communication from the PC to and from the website. Superfish was originally used to intercept Web traffic and surreptitiously record where the PC's user went on the Web. In addition, it opens up very nasty holes for hackers to use.What's at stake? Superfish is recording traffic that can include a lot of private information: Social Security numbers, banking details, credit card numbers, or health information. All a hacker has to do is to break into Superfish and take a copy of the data that it stores back to their location. There it can be reviewed and the personal data extracted.
Second, since the Superfish application is the one validating the digital certificates, false certificates can be installed. This allows a hacker to install a false certificate for a banking site. The user would connect to their back, and instead the hacker would use Superfish to connect to their site. The user would feel safe that the HTTPS connection had been made and all of the data was secure. However, the hacker is now collecting all this private information.
This was a bad security hole. Users were initially unaware of the application that was loaded by this PC manufacturer. There are now many sources of instructions on how to remove this piece of malware. How could this have been avoided in the first place? First of all, it is worth checking the installed program list of any new machine. Work through the list of programs and then use a browser to look up ones that do not look like standard applications. Superfish came up as VisualDiscovery for example.
Sometimes programs like this get loaded when other programs are loaded or upgraded. Browser search bars can get in that way. The only certain way to remove Superfish is to completely wipe the hard drive, and then reload the operating system from scratch, only putting in the programs you want. In many corporations, machines are rebuilt like this using an image of a hard drive that was previously configured safely.
But what is a man in the middle attack, and why is it so dangerous? It helps to know how computers encrypt data.
How encryption works
We begin with understanding how computers identify their partners. One of the major challenges of symmetric encryption is how to deliver the symmetric key safely to the recipient.
To overcome this challenge, Whitfield Diffie and Martin Hellman devised a method of exchanging keys called asymmetric encryption. In this approach, one key is used to encrypt the data and a different key is used to decrypt the data. The two keys are created as a pair. The encryption key, since it is not disclosed, is called the Private Key. The second, which can be distributed, is called the Public Key. Additionally, the public key can be used to encrypt data and the private key used to decrypt it. Using the public key to encrypt a symmetric key allows it to be decrypted only by the user that has the corresponding private key.
The next challenge that arises is verifying public keys. For example, Jane sends Bob an email message saying “Attached is my public key.” Bob then sends Jane an email saying “Here is my public key.” So Bob and Jane can now use these asymmetric keys to securely send a symmetric key. The symmetric key can then be used to encrypt and decrypt the file data. However a couple of days later Bob gets another email message from Jane saying ”New public key attached.” What should Bob do? Ironically at the same time Jane has receive an email from Bob saying ”New public key attached.” Let's say they both believe it is real. However, neither sent the keys.
A bad guy, intent on reading their encrypted data, sent these keys out. Jane uses the new Public key from Bob to encrypt the symmetric key and sends it out. The bad guy sees it and uses the fake private key he created for Bob to decrypt the symmetric key from Jane and store it. Then he uses the fake private key for Jane to encrypt the symmetric key and send it to Bob. Bob uses the fake public key from Jane and decodes the symmetric key. Now Jane and Bob think they are the only ones with the symmetric key and start sending encrypted messages. However, the bad guy also has the symmetric key and can also decode the data too.
What was needed was some way of validating that the public key came from the person that claimed it. The concept of a digital certificate resolves this challenge. A company called a Certificate Authority sets up a way to validate user identity. They send out their public key to everyone who trusts them. The users then send their public key to the CA. The CA verifies their identity and encrypts their public key with the CA private key. The resulting file is now sent out in lieu of a public key. When the recipient receives it they decrypt it with the CA public key and get the validated user's public key. The user public key that was encrypted with the CA private key is called a digital certificate. This is used in HTTPS web connections.
A website owner will generate their Public/Private key pair. They will send it, together with the required documentation, to a digital certificate provider. (There are many out there; just search the Internet.) The digital certificate provider, after authentication, sends back the digital certificate. The web site owner can now set up an HTTPS web site. The digital certificate is sent to the web site user. If the public key of the CA is loaded into their browser, then the website Public key is extracted automatically. The website can now use their private key to send symmetric keys to encrypt the data. A secure channel can now be established. Plus, the website user can also use the digital certificate to validate the website address.
April 01, 2015
River cruiser to ferry MPE exokernel mission
An obscure, elite set of EU computer scientists will tackle the looming challenge of slimming down the 3000's operating system this summer, working aboard a cruise ship plying the waters of Europe's river system. The fledgling coalition of seasoned developers will occupy the Norwegian Avignon Passion II on a route between Budapest and Prague, taking on Eastern Bloc developers at Regensburg, Melk, and Roth along the Danube.
The design team's leadership said they were inspired by the Salesforce Dreamforce cruise liner accommodations at this summer's conference. That 135,000-attendee event will handle some needs for lodging and services from the Celebrity Eclipse. The design team will go the next step and cast off its lines in Central Europe, rather than stay tethered to a pier of prior engineering.
"There's nothing we'll want for while we're afloat," said Jean Noosferd, the group's managing director. "It's just us, three million lines of code, and the passion we have to make MPE as popular as Linux." Microkernels for Linux are lifting the popularity for these slimmed-down instances of an OS.
Working from the concept of an exokernel — MIT designs that are much smaller than a normal kernel such as MPE/iX's current monokernel design, and even smaller than a microkernel — the group will leverage the work of open source teams such as the Polish-based Pjotr Mandate. The object is to reduce the installation and management footprint of PA-RISC-ready operating systems. If successful, the development cruise will dock at Prague and release its team of scientists.
"If not, we sail back to Budapest and rework our designs," Noosferd said. When a new version of MPE emerges from the work, the Passion II will remain afloat to preserve the legality of an adapted and enhanced 3000 OS. The software will be sold and distributed using cloud-based Moonraker servers. HP's restrictions on the MPE source code prohibit new versions to be released in any country. "We'll be sailing between countries," Noosferd said. "International law is in force, and so intellectual property ownership will be preserved."Operating in close quarters, the set of scientists will be using small teams, the organizational structure that gave the world the initial breakthrough of MPE. "We all believe in mono-tasking," Noosferd said. "Small teams and small projects are beautiful, and working from staterooms aboard the Passion II will squeeze the best from us. It's like the quote from William Morris, 'Have nothing in your houses that you do not know to be useful, or believe to be beautiful.' We'll have nothing aboard but bytes and brains." Noosferd said that rumors of powering the developers on a steady diet of Beluga caviar are "as outlandish as running a 3000 from an iPhone."
Like an exokernel, which delivers more direct access to a computer system's hardware, the development cruise will remove most distractions. "Unlike that Dreamforce ship, we won't be released to the sea," Noosferd said. "Like MPE's community, we respect boundaries, such as those riverbanks along our path."
The original MPE was designed to operate in a tiny 64KB memory space. If successful, the entire instance of what being called MPE-ExO could fit on an HP Moonshot micro-server. That low-cost hardware has been promoted as a hosting platform for hyperscaled processor computing. Intel's Atom processors — so-named because of their size — are the workhorses of Moonshot.
March 13, 2015
Fiorina campaigning again, against Clinton
Former HP CEO Carly Fiorina pushed herself to the front of news again, as a story in the New York Times chronicled her campaign against former Secretary of State Hillary Clinton. Fiorina has spent the last several years aiming criticism at Clinton, including a recent swipe that attempts to smear Clinton's travels around the world.
"Like Hillary Clinton, I too, have traveled hundreds of thousands of miles around the globe," Fiorina said, "but unlike her, I have actually accomplished something.” The claim recalled memories of Fiorina's most lasting accomplishment from her HP days: hawking a merger that pushed out the values and influence of the Hewlett family.
Thirteen years ago this week, a raucous stockholder showdown in Delaware ended with Fiorina's forces victorious, approving the Compaq merger. Walter Hewlett, son of HP founder Bill Hewlett, contested the vote in a lawsuit. HP directors on Fiorina's team responded by refusing to nominate Hewlett to keep his seat on the HP board.
Many actions of that period were designed to make HP bigger. Low-growth product lines were cut or de-emphasized, most particularly in the HP 3000 world. Despite the efforts to puff up HP, though -- and continue revenue growth to satisfy shareholders -- the plan had no effect on stock value. By the time Fiorina was fired in a board move -- 10 years ago this month -- HP shares sold in the low $20s, just as they did on the day of that Delaware merger victory.
Those inflated accomplishments of her go-go strategy were not misunderstood by the Times writer. "Her business career ended... in one of the more notorious flameouts in modern corporate history," Amy Chozick wrote today. "After orchestrating a merger with Compaq that was then widely seen as a failure, she was ousted in 2005."
The failed merger with Compaq did give HP a product with some foothold in 3000 migration projects, though. The ProLiant servers from Compaq are competitive with Dell and Lenovo systems for installations of Windows Server, the most-chosen alternative to HP 3000s.
Fiorina's tone has been strident, much as it was during her tenure when the 3000 was cut loose by HP. She's most recently tried to assert Clinton has stolen concepts and intellectual property from her.Pushing onward without regard for reality was among the things that got Fiorina fired 10 years ago. HP's board had trouble getting her to relinquish controls that might've tempered her mission to acquire corporations. In her Clinton attacks, Fiorina claims the title of the autobiography she wrote, Tough Choices, was appropriated by Clinton when the former First Lady wrote Hard Choices.
A Twitter image on a Fiorina feed posted the covers of the books side by side. There's also the former CEO's claim that a Clinton speech to female tech professionals, saying that women can "unlock our full potential," is a theft of Fiorina's Unlocking Potential Project.
The Times article, as critical of Fiorina as the former executive has been of Clinton, prodded that claim, too. "Fiorina came in for some derision on The Huffington Post, which recounted the tussle under the headline “Overused Management Bromide Now The Exclusive Property of Carly Fiorina, Apparently.” "
The CEO who led the HP which cut off its 3000 plans has many critics in the community to this day. The impact of a rush to expansion kept HP off its legendary game of R&D, according to HP's former VP of Software Engineering Chuck House. OS marvels of their day like MPE don't flow out of HP labs any longer.
A recent $2.7 billion acquisition of Aruba Networks is the latest HP purchase, buying technology that promises a cutting-edge firewall to enable mobile enterprise computing with the Aruba Mobility-Defined Network. HP says the deal "positions Hewlett-Packard to accelerate enterprise transition to a converged campus network." It's also about 90 percent smaller than the Compaq merger — more in line with the reduced HP of today.
March 10, 2015
Size matters not: Gigaom blog folds fast
News surfaced this morning about the landmark tech blog Gigaom. The New York Times reports that the massive operation switched off its news reporting in a rush sometime yesterday. The halt of news and postings was as swift as the one Interex experienced almost 10 years ago. Like the user group's demise, unpaid bills were Gigaom's undoing.
Gigaom was big enough to produce conferences. It also offered a white-paper research business. And like the NewsWire, it sold advertising. None of that was enough to keep away Gigaom's creditors. In an echo of what happened at the 3000's final user group that focused on the server, big was no protection against borrowing.
The Times story quoted the site's founder Om Malik in a confirmation statement. "Gigaom is winding down and its assets are now controlled by the company’s lenders,” he said. “It is not how you want the story of a company you founded to end."
One commenter asked, "What does this mean for upcoming events like GigaOM Structure Data next week?" Indeed, like the Interex meltdown, GigaOm has many commitments to keep and by now the lenders are taking control of operations. The scope of failure is similar to the HP World show that never opened in August, 2005. More than $300,000 in tickets were sold to this month's GigaOM conference. There's no word on refunds. For the moment there's no announcement of bankruptcy, though.
All-digital was the only platform GigaOM ever used to spread information. One comment suggested that tech journalists are writers who couldn't make it elsewhere in publishing. That's too broad a brush considering the number of online tech writers. But it's easy to fill a digital outpost with opinions and little news.
The caliber of content is important. So is a manageable mission. Being small and profitable has been the watchword for nearly all of the 3000 vendors and companies since I got here, more than 30 years ago. All of us have been managing risk in what's clearly a contracting market. Gigaom's shutdown is the sort of outcome an IT manager might experience if an app vendor went dark overnight.Unlike Interex, the Gigaom site remains online today, filling up with comments from its loyal readers. Some are dancing on the blog's grave. Gigaom opened for business a year after we started the NewsWire's blog. The changes in the Web publishing model have been profound -- and that's in a marketplace with new technology and systems rollouts.
About a year ago, the blog's founder Om Malik announced he'd reeled in a fresh $8 million of funding for his operations. He also joined the venture fund investment company, "and so I'm hanging up my reporter's notebook." It's an interesting image, that hanging up of a notebook. We don't wear hats any longer in the press like reporters did in the Fifties. But really, you file away notebooks, and the research and learning that started in notebooks at GigaOM will remain online for awhile. That's one advantage of being all-digital: what you provide is a legacy that needs little more than a hard drive and a Web address to survive.
Anyone who writes news for a living might see the fatigue in Om's notebook-hanging of one year ago.
Living a 24-hour news life has come at a personal cost. I still wake in middle of the night to check the stream to see if something is breaking, worrying whether I missed some news. It is a unique type of addiction that only a few can understand, and it is time for me to opt out of this non-stop news life.
Malik had a lot in orbit, so the crash will sound large. Smaller blog ventures will create more stories starting today. Yoda's line from the Empire Strikes Back rings out at me this morning. "Size matters not," he told Luke. "Judge me by my size, do you? And well you should not. For my ally is The Force." We can all feel The Force when we feel small -- in markets, in futures, in whatever we would like to dream.
February 27, 2015
Dow hits record while HP shares fall out
On the day the Dow Jones Industrial Average reached a record pinnacle, Hewlett-Packard released quarterly results that pushed the company's stock down 10 percent.
HP is no longer in the Dow, a revision that the New York Stock Exchange made last year. HP is revising its organization this year in preparing to split in two by October. The numbers from HP's Q1 of 2015 indicate the split can't happen soon enough for the maker of servers targeted to replace HP 3000s. The company is marching toward a future more focused on enterprise systems -- but like a trooper on a hard course, HP fell out during the last 90 days.
HP said that the weakness in the US Dollar accounted for its overall 5 percent drop in sales compared to last year's first quarter. Sales would have only fallen 2 percent on a constant-currency basis, the company said. It mentioned the word "currency" 55 times in just its prepared marks of an earnings conference call this week. The 26.8 billion in sales were off by $1.3 billion on the quarter, a period where HP managed to post $1.7 billion in pre-tax earnings.
That $1.7 billion is a far cry from Apple's $18 billion in its latest quarter profits. HP's arch-rival IBM is partnering with Apple on enterprise-caliber deals.
Meanwhile, the still-combined Hewlett-Packard has rolled from stalled to declining over the last 18 months, which represents some of the reason for its bold move to split itself. "Enterprise trends are set to remain lackluster absent a transformative acquisition," said one analyst while speaking to MarketWatch this week. Two-thirds of the $5.5 billion in Printing came from supplies. Ink is still king in the printing group
Industry Standard Systems (Intel-based Windows servers) provided the lone uptick in the report. Sales of products such as the newest Gen9 ProLiants lifted the revenues up 7 percent compared to the Q1 of 2014. HP is ready to take advantage of upcoming rollovers in Windows Server installations.Results from the Enterprise Group delivered another chorus of downbeat numbers for the Business Critical Systems operations. The group where HP's Unix and VMS enterprise servers are created saw its sales fall 9 percent from last year's Q1. Of course, that period showed a revenue drop as well. BCS operations -- where the HP 3000 resided when it was a Hewlett-Packard product -- haven't seen any recovery in more than two years.
BCS results have been so consistently poor that HP considered that 9 percent drop a good sign. "We also saw some recovery in business-critical systems," said CFO Cathie Lesjak, "with revenue down only 7 percent in constant currency or 9 percent as reported."
Lesjak pointed out to the analysts on its conference call that hardware such as the Integrity HP-UX servers are vulnerable to the value of the US Dollar.
Our personal systems and our Enterprise Group hardware businesses have very little in natural hedges, as our component contracts are typically in US dollars. As a result, these businesses are disproportionately impacted by currency movements. However, we do have some ability to increase pricing in response to currency movements, while being mindful of competition and potential negative impacts to customer demand.
HP is expecting all of the 2015 hardware growth in the Enterprise Group to come from its Gen9 lineup of ProLiant systems. Windows Server 2003 has an expiration date for its support coming up in July, an event that HP believes will give it some fresh wind in its enterprise sales.
"I think we are really well positioned to take advantage of Windows 2003 refresh, just as we were from the XP migration and the PC business," said CEO Meg Whitman. "I think we feel really pretty good about that business for the reminder of the year. And I think we are very well positioned .and the Gen9 server was dead-on, from the market perspective."
February 26, 2015
Not a good night to news — a new morning
Last week on this day we announced we're going all-digital with HP 3000 news. So what follows here is not a good night to publishing, but a good morning. Early each day I trek to my Mac and open a digital version of our Austin newspaper. We make coffees and print out the day’s crossword and number puzzles, using the digital American-Statesman. Abby I write on these two pieces of paper, front and back, because it’s the classic way to solve puzzles. But the rest of the day’s news and features arrive digitally. We can even follow our beloved Spurs with a digital version of the San Antonio paper, scanning an app from our iPads.
We discovered that we don’t miss the big, folded pages that landed on our driveway, the often-unread broadsheets that piled up under the coffee table. I hope you won’t miss those mailed pages of ours too much. Paper is holding its own in the book publishing world, yes. The latest numbers show 635 million printed books sold in 2014, a slim 2 percent rise over 2013.
But this is the news, periodical pages whose mailed delivery period is usually measured in days. A tour of publications that quit print in the past year or two is in order. We start with the most recent retirement, Macworld. Its final print issue mailed last fall — now all-digital. It sells what it is calling “digitally-remastered” articles, something aimed at iPad readers. The subscription cost has even increased.
How about some venerable newsweeklies, like US News & World Report and Newsweek? Both still serve stories from lively websites. Their stalwart competitor Time still sits on waiting room tables and newsstands, though. But just 48 pages of print is the norm for that weekly.
Some publications in our own 3000 world pulled their plug too early, or too late, to deliver a digital generation.In our world, Interact magazine and its cousin HP World stayed too long at the fair and collapsed along with the user group Interex. HP Professional, HP Omni, HP User — all made their exit before digital rose up as a vibrant publishing outlet. PC World evolved to digital in 2013, after printing 750,000 copies a month in 2006. That’s a lot of pulped trees being sacrificed for the needs of that publication’s advertisers.
The advertisers, our sponsors, made the NewsWire a success. We began our ongoing journey with the ideal of making subscriptions the biggest part of our business model. But the printed trade journals of the 1990s made short work of that idea. Readers were avid, yes, but unwilling to pay in great numbers.
Sponsors like ours stepped up to tap that readership with support for our pages, whether in print or on the Web. There have been more than 210 companies who have made our 8 million printed pages possible, so far. Our final printed issue, Winter 2015, has pages sponsored by the most stalwart and steady. Others are already all-digital sponsors. Some support us simply to ensure the 3000 has a digital outpost.
More than 19 years of printing and mailing pages is what your community and all those sponsors enabled. There are digital editions in our future and yours. The community continues to require the vantage point of a publication, a place to discover stories about themselves.
Some stout espresso and sharp pencils start most days around my house. Finding what’s new, and chronicling it in a story, remains fun and useful creation. The early morning's spark and the durable magic of email, plus the Web, helped us create the NewsWire’s print. Now it’s our time to spark the rest of our ride using our digital bolt.
February 23, 2015
Rackspace lines up for MPE cloud Charon
Stromasys has started to offer cloud-based versions of its HP 3000 virtualized server, after successful tests using Rackspace as a cloud provider. The software solution’s total ownership cost will drop as a result, according to company officials.
The Charon HPA virtualization system is also being sold at an entry-level price of $9,000, according to Razvan Mazilu, Global Head of Presales and Services. That price point delivers an A400 level of performance with eight simultaneous connections.
“The price range for our solutions goes from $9,000 for the HPA/A408D to $99,000 for the HPA/N4040,” he said.
Deploying that software in a cloud setting is still in early stages, now that the testing was completed in November. Stromasys says customers can use their own cloud providers, or Stromasys can recommend a provider as robust as Rackspace.“This is a brand-new feature that we are implementing,” Mazilu said. “We are talking to a couple of new customers about this, and so it’s on the table, rather than hosting their own systems at their site. Remote sales people, for example, don’t have to go to the office.”
“A customer doesn’t have to create a remote access infrastructure to provide users with access to the systems. This removes the boundaries from the systems. Since the 3000s are usually quite old, they tend to be forgotten when it comes to providing remote access to them.”
By going with a cloud installation, “they do not need to invest in the day-to-day operations and maintenance, either,” said Alexandre Cruz, Stromasys Sales Engineer. Cruz has been in close contact with the HP 3000 customers using Charon. He added that “being on a contract with a cloud provider, they can cancel at any time.”
Implementing the cloud version of Charon on Rackspace showed no decline in performance, Cruz said. “I had a very big pipe, 250 megabits, and that’s not the top of the top-end for systems. We can improve on the network speed if needed.”
February 20, 2015
Turning the Page on Paper News
We always knew that digital delivery was part of The 3000 NewsWire mission. We branded our publication with the word “wire” because that’s what the world understood in 1995 about anything beyond printed information.
Closing in on 20 years later, it’s time to unplug from print. The change has been inevitable, a lot like many changes for the 3000 community’s members. It also mirrors the way information and content moves today: virtually without wires.
In the year that my wife Abby and I started the NewsWire, using wires was essential to staying connected. Our computers were wired to the network, the modem wired to the computer. Our music came to us over a CD player wired up to a stereo receiver, and the receiver was wired to our big honking speakers.
Today it’s all wireless, and starting after this month's Winter issue, just mailed, we’ll be all paperless. Our music and computing has gained flexibility and speed while it shed its wires. Going paperless and wireless amount to the same thing: embracing a new, fluid future for what we need.
When I started writing this news resource, I had to be connected via wires just to make a paper product. Now we can send and receive information with no wires to speak of, except for those in the datacenters where our information is stored and exchanged. The laptop is wireless, tablets and phones are wire-free. So can build on what we’ve shared for close to 20 years using no paper. Even the invoicing has gone all-digital.
We still love paper here. There’s no future that I can see where paper won’t be a special medium for consuming and enjoying some stories. But for news, and things that evolve, digital delivery is the flexible choice for 2015 and beyond.
No, this isn’t our end-of-life notice. But after more than 8 million mailed pages since 1995, we can go farther with digital delivery.The world of the NewsWire beyond print is just as real as the years of 3000 life after the Hewlett-Packard announcement of 2001. We’ve printed far more issues and dispensed more news since the week of that November notice than before it. For 13 years afterward, print issues of the NewsWire have rolled off a press. Instead, this transition for us is a total commitment to what’s been our primary medium for more than nine years.
Our print issue readers have been enjoying and archiving paper copies since before there was Google, Amazon, or Apple’s iPod. We’re just following the lead of countless news outlets who’ve transcended their boundaries of column inches and the limits of page counts that they had to bind within covers.
Print has been important, so crucial to our work that growing into this moment never would have been possible without the many pages mailed across three different decades. By our accounting, we’ve sent more than 8.5 million pages into worldwide postal systems, as well as distributed at shows, since the year when Lew Platt was a new CEO at HP.
When Abby and I launched this venture during the prior century, no digital-only information resource could be taken seriously. A website? You had to be more than that. After more than a generation, the picture has flipped — enough that an evolution to all-digital confirms the view that what’s important is what’s written and shown, regardless of its medium.
It’s a transition that’s akin to what the 3000 is going through this year and beyond, as the aging HP hardware starts to cross over into cloud virtualization. We once needed print as much as MPE needed PA-RISC chips. Now each is a throwback. Your market still wants to look forward.
Even with all of that certain strategy, this was not an easy step to take. Abby and I grew our careers in the era of printed publishing. The smell of fresh ink on crisp paper — whether it was newsprint like the tabloids such as the HP Chronicle where I started, or the 60-pound white stock of the NewsWire — still triggers a rising heartbeat and a tug at heartstrings.
When we rolled off the press in 1995, we loved paper as much as we loved immediacy, the certainty that we offered as much as anyone could know on the day we printed. Just as we shipped off Issue No. 1, we created the FlashPaper, a last-minute roundup of the latest 3000 reports on a stuffed-in, goldenrod-colored sheet. Not long after that, we went to e-mail delivery of other stories in an Online Extra. It’s been a great ride to push the paper this far.
February 19, 2015
NewsWire Goes Green
After almost 20 years of reporting news and technology updates using our printed issues, The 3000 NewsWire goes to an all-digital format following this month's Winter 2015 print issue. It's our 153rd, and this announcement marks our new focus on delivering information exclusively online.
This is not a farewell. We're only saying goodbye to our paper and ink.
The articles and papers published on this blog will continue to update and inform the MPE community. After racking up more than nine years of digital publishing, this blog now has more than 2,500 articles, including video, podcasts, and color digital images from resources around the world. We have immediate response capabilities, and rapid updating. We have a wide array of media to tell the stories going forward from 2015.
It’s the reach of our Web outlet that enables the strategy to take the NewsWire all-digital, also reducing the publication’s eco-footprint. Online resources go back to 1996. We'll take special care to bring forward everything that remains useful.
The first paper issue of The 3000 NewsWire appeared in August of 1995 at that year’s Interex conference in Toronto. We hand-carried a four-page pilot issue to Interex '95. To introduce the fresh newsletter to the marketplace, HP announced our rollout during its TV news broadcast 3K Today.Throughout our publication’s history, the Web has offered a growing option for news distribution. After websites became the primary means for news dissemination, in 2005 this blog took over as our primary outlet for reports. The quarterly print issues across the last two decades have summed up the greatest hits of these reports, each covering the prior three-month period.
The blog now becomes the exclusive source for updated 3000-related news and market updates. But there will continue to be digital editions of the NewsWire, edited and curated for our readers in PDF formats. This new Digital Focus product will offer fine-tuned searching capability. The dizzy array of outside weblinks will fall away in a Digital Focus PDF compilation. And creating PDFs for passing on our articles will be easier, too.
Our daily updates for new articles are available via Twitter by following @3000newswire. We've had an RSS digital feed for almost 10 years by now, too.
We're working on evolving our presentation while we go green in 2015. We'd love to hear from you about our growing digital development, and what you'd like to see in this new year.
February 05, 2015
Getting Chromed, and Bad Calls
The HP 3000 made its bones against IBM's business computers, and the wires are alive this week with the fortunes of Big Blue circa 2015. Starting with meetings yesterday, the company is conducting a Resource Action, its euphemism for layoffs. IBM employees call these RAs, but this year's edition is so special -- and perhaps so deep -- it's got a project name. The cutting is dubbed Project Chrome, and so the IBM'ers call getting laid off Getting Chromed.
Hewlett-Packard has never wanted to call its layoffs by their real name either. The first major HP layoff action during the 3000's watch came in the fall of 1989, when more than 800 of these separations were called "being excessed." Employees had four months to find a new place inside HP, but had to search on their own time. Engineers and support staff were given the option to remain at the company, but jobs at plant guard shacks were among their new career options. Another virulent strain of HP pink slips came in the middle of the last decade, one of the purges in pursuit of better Earnings Per Share that pared away much of the remaining MPE/iX expertise from the vendor.
Aside from bad quarterly reports, these unemployment actions sometimes come in the aftermath of ill-fated corporate acquisitions. This week on CNBC's Squawk Box, analysts identified HP's Compaq merger as one of the worst calls of all time. The subject surfaced after the questionable call that led to a Seattle defeat in Sunday's SuperBowl. A big company's failures in new markets can also be to blame for getting Chromed. IBM has seen its revenues and profits fall over the last year, while mobile and cloud competitors have out-maneuvered Big Blue.
IBM has already shucked off the Cognos development tool PowerHouse as of early last year, but now comes word that other non-IBM software is getting its support pared back in the RA. In the IEEE's digital edition of Spectrum, one commenter made a case for how IBM is sorting out what's getting Chromed.
The digital article on the IEEE website also includes some reports that employees over 40 have been targeted. They then saw the company threaten to withhold severance packages if age-discrimination lawsuits were filed.
I am the last US resource supporting a non-IBM software package, which is in high demand globally -- yet the powers that be seem oblivious to it. Rather than create a dedicated group to go after that business, they cut anyone with that skill, since it is not an IBM product and therefore, "not strategic." Unfortunately the company continues to gamble on their Tivoli products, which clients seem to embrace about as much as Lotus Notes, rabies and bird flu.
HP and IBM have a lot in common in their workforce makeup. Both employ more than 300,000 workers as of last year, and while those numbers lead the industry, neither is among the top 15 employers worldwide in headcount. However, HP and IBM manufacture goods, so they look up at the largest manufacturing worker employer, Volkwagen. There are 555,000 VW employees.
HP's employee count rose into six digits, and then doubled again, as a result of two acquisitions. Compaq drove the headcount to above 140,000, a 65 percent increase. Then in 2008, EDS became an HP operation, and the headcount soared to 349,000. Since 2011, the workforce at the vendor that's still working to sell some HP 3000 replacements has dropped by 15 percent. The current HP layoff plan — a layoff strategy has been in place for more than five year — calls for a total of 55,000 job eliminations by the end of this fiscal year.
These employee cuts are the result of relentless pursuit of EPS growth, so that the numbers reported to shareholders can show an increase in spite of flat to falling revenues. Stock prices at HP have recovered to 2005 levels amid the HP layoff march. But IBM's share price took a 12 percent dive on a single day this fall, is now below its mark when current CEO Ginni Rommety took over, and hovers today around $160 a share.
Rommety was rewarded for her performance in 2014 with a $1.6 million bonus. The tepid stock of IBM made it "the worst performer in the Dow Jones Industrial Average for a second straight year," according to Bloomberg News. The company that once proudly wore the reputation "nobody ever got fired for buying IBM" is doing a lot of firing this week.
January 30, 2015
Where a Freeware Emulator Might Go Next
It was always a little proof of a brighter future, this freeware emulator distributed by Stromasys. The A202 release might be shared with prospects in the months and years to come. But for now the program has been discontinued. One of the most ardent users of the product, Brian Edminster, sent along some ideas for keeping an MPE enthusiast's magic wand in a box that's open to the community.
Edminster was trading ideas with the vendor for improvements to Charon HPA more than a year and a half ago. He's noted that having a public cloud instance used for demonstrations, a bit like HP's Invent3K of a decade-plus ago, would be a great offering for enthusiasts. He's had rewarding experience with the freeware's documentation, too -- an element that might've been an afterthought with another vendor.
By Brian Edminster
As much as I hate it, I can understand Stromasys pulling the plug on the freeware version of Charon. I just hope they can come up with a way to make a version of the emulator available to enthusiasts — even if it's for a small fee. At some time or another, that'll be the only way to run an MPE/iX instance because all hardware will fail, eventually. (This is said by someone that still has a few MPE/V systems that run, and many MPE/iX systems that do).
I guess the real trick is finding something that prevents the freeware version of the emulator from being viable for use by anyone but enthusiasts. I'd have thought that a 2-user license would be enough for that, but apparently not.
I'd imagine that limiting the system to only the system volume (MPEXL_SYSTEM_VOLUME_SET), to only allow one emulated drive, and perhaps limiting the emulated drive-size to 2Gb or less might be enough. But not knowing what kind of applications were being hosted against the license terms makes it hard to say for sure.
The only other thing I can think of might be requiring the emulator to 'phone home' (via Internet connection) whenever it was fired up, and have it 'shut off' within a given time if it couldn't. But even that wouldn't always be definitive as to the 'type' of use occuring.
Seems that trying to avoid paying for something can inspire far more creativity than it should, when truthfully, it's probably cheaper to just “pay the fee.” Perhaps having an Archival licence, where the instance is in-the-cloud and payment is based on amount of resources used, might provide enough incentive for enthusiasts and everybody in the community to do the right thing.Seems that a limited freeware version, and reasonably 'less-limited' cloud versions with a pay-as-you-use-it license, would be the way to go. Perhaps charge a setup fee with a small annual fee to keep the instance present, then charge for the amount of time used (especially when the intended usage is 'archival'). This harkens back to the days of 'time-sharing', back when it was too expensive to own a box of your own.
I know it may not be possible with the Stromasys Charon-HPA product, but the Eloquence DBMS and it's Basic-like development language system has had a 'freeware/evaluation' copy that's limited in a way that makes it unsuitable for any sort of production use. It's done by limiting 'storage' (the total database size) to about 50Mb and just a few users.
Eloquence freeware therefore provides plenty to allow 'personal' use, to learn the tool — but not nearly enough to host any sort of practical production system. It's a unfortunate that Stromasys didn't do something similar with Charon-HPA.
But there’s still a chance to make things different, going forward.
Brian Edminster is the founder of Applied Technologies, a consulting, development, and systems management firm specializing in HP 3000s and the open source freeware that can make them more powerful.
January 27, 2015
Emulator's downloadable free ride ends
Stromasys has discontinued the freeware download distribution of the A202 version of its Charon HPA emulator. According to a company official, "We're ending the freeware distribution due to the unfortunate use of that software in commercial environments."
The A202, just powerful enough to permit two simultaneous users to get A-Class 400 performance, was always tempting to very small sites. Stromasys was generous enough to permit downloading of the software, as well as the bundled release of MPE/iX FOS software, with few restrictions starting in November of 2012. But the instructions were explicit: no use in production environments.
However, A-Class 400 horsepower would be enough for companies putting their 3000s in archival mode. It would also be a workman-grade emulation of a development-class 3000. Some companies may have spoiled the freeware largesse for all. It's unlikely that one customer would report another's commercial use of Charon to emulate 3000s. But there's always the possibility that someone might have, say, contacted the company on a support matter. For a commercial setting.
The virtualization product was pared back to give 3000 sites a way to prove it would match up with the technical requirements of existing 3000s. Indeed, Charon has proven to be a thorough emulation of PA-RISC 3000 hardware. Running it in production requires a paid license and a support contract. The latest information from Stromasys' Alexandre Cruz shows the entry-level price at $9,000.
The Charon HPA freeware that's been installed around the world is still capable of emulating a 3000. But its intended use is for enthusiasts, not working systems managers who administer production machines.The A202 was offered on the honor system. The software required the installer to supply a valid HPSUSAN number upon installation before the software would boot an Intel system as an HP 3000.
There's no mistaking the intention for the freeware, though. From the Version 1.5 Freeware documentation, under the Licensing Restrictions section:
The CHARON-HPA/3000 Freeware Edition is licensed for use in the following environments only:
Enthusiasts: unlimited personal non-commercial use.
Commercial: limited to evaluating the product.
The Freeware Edition may not be integrated into production environments. The CHARON-HPA/3000 Freeware Edition is supplied with a preconfigured HP 3000 disk image that contains a copy of MPE/iX 7.5 FOS. The Freeware Edition will only load after you have configured it with an HPSUSAN number that you are legally entitled to use. You must agree to respect these license restrictions before you will be able to download the Freeware edition installation files from our website.
The freeware will continue to be distributed to prospects who contact the sales force. No other freeware Charon versions -- to be used for the Digital VMS environment, or Sun Solaris -- are available for download from the recently-revamped Stromasys website, either.
Users Guides for the 1.5 release of the freeware, as well as for the older 1.5 release of Charon production-license software, remain online at the Stromasys website.