HP points out 3000 security enhancements
April 10, 2006
Some customers might not call them enhancements, but the new security patches to the 3000's OS released last week represent some internal improvements that no company but HP can deliver to the computer. For the next few years, anyway; HP has stopped OpenMPE's source code lab plans until 2008 by announcing a couple more years for the vendor's support to 3000 customers.
Not that there's anything wrong with that, as Jerry Seinfeld might say. But now HP's 3000 group has some new work before it — figure out how to extend the lifespan of MPE expertise in the company. For years, HP's virtual CSY group was estimating its on-time departure from the 3000 space at Dec. 31, 2006. Now these engineers and managers will need to make a couple more years of time in their workloads for MPE/iX. At least you'd hope so, anyway, since support issues with the 3000 could be non-trivial over the next two-plus years. When an OS gets 30 years mature, things that require the vendor's repair are closer to its core. You will want lab-level HP backup for support now; even completing what's on the to-do list is going to need seasoned engineers (think IMAGE LargeFile datasets).
The exceptions are those parts of the 3000 environment built to bring the system into the world of the new decade, or even the 1990s. File Transfer Protocol (FTP) services have lagged behind the rest of the world's FTP for some time. New patches for MPE/iX 7.5, 7.0 and 6.5 (sorry, 6.0-and-earlier users) improve FTP in several areas. HP says it makes SOX compliance easier. HP has engineering resources in place to bring these enhancements to general release, once beta test reports roll in. Get the patches while you can, if you're on HP support.
James Hofmeister, still working on FTP/iX even though much of his time is devoted to other HP environments, posted a message to the community to detail the improvements. He notes that the latest work is still in beta-test status.
The latest security enhancements to FTP/iX are now available as Beta Test in patches FTPHDG9 7.5, FTPHDH0 7.0 and FTPHDH1 6.5.
These patches include:
- deny del, overwrite, rename
- chroot limiting cd, dir, put, get, mput, mget
- new enhanced semantics for 'noretrieve'
Jeff Vance of virtual CSY pointed to documentation on the new features, then extended the call for beta testing:
There is documentation now on Jazz at: jazz.external.hp.com/papers/Communicator
There you’ll find the SIB FTP pages for Phase I and II security enhancements. These enhancements should help with SOX audits. Also, just for reference, the entire FTPDOCS.ARPA.SYS file is available on Jazz too.
We need FTP beta testers. James will run the beta-test program, so please let him or your friendly neighborhood HP support person know if you are interested.
Patch IDs are:
FTPHDH1(A) for 6.5
FTPHDF5(A) for 7.0 ** note, this patch is for some general FTP fixes
FTPHDH0(A) for 7.0
FTPHDG9(A) for 7.5