IT manager turns to homesteading 3000s
Unix celebrates 40 years of choices

HP releases newest 3000 patch

Hewlett-Packard posted notice of a new patch for the HP 3000 late last month. While the repair covers only an obscure problem, the release indicates the vendor continues to test and post minor engineering for 3000 owners.

HP said it would not be creating this type of software for the HP 3000 starting this year. But MPENX21 was built in response to "an obscure security hole" which was reported by Allegro Consultants co-founder Stan Sieler some time ago. While he's not sure when he requested the fix, he has installed and tested the new code — which seems to be the only way to tell what HP has repaired.

HP released the code with a notice as vague as anything community veterans can recall.

This patch corrects the internal specification of a OS code area. Under certain very specific circumstances this oversight left uncorrected could result in a system crash if a purposely written program were to try to access it.

That description will cover just about any security patch for MPE/iX. "Not only are there no specifics," Sieler reported, "but they seem to never tell the original submitter of security problems that their problem has been fixed."

MPENX21 was not built to plug a data security hole, a mission you might expect to benefit HP's remaining 3000 support customers. "It wasn't a hole I was particularly worried about, because it was extremely obscure, and led to a system abort, not to a data security breach," Sieler said.

Hewlett-Packard operated a complete and impressive patch service for 3000s during the 1990s, a period that support experts still recall well. Especially in comparison to the non-information and lack of notice to those who filed service requests (called SRs in the old parlance).

The company's old Software Status Bulletins gave 3000 owners a way to match Known Problem Reports against a list of what the vendor had fixed. This was so long ago the SSB was a thick document issued in print. HP-UX support still can count on Response Center support engineers who who want to get to the root of some bugs which cause system hangs. They follow up, but requests still descend into a cubbyhole where HP decides whether to repair the bugs. System managers report they must notice on their own that a patch sounds like a problem they've reported.

The open source software model doesn't offer vendor-based support such as this, but the level of open source service seems only a little behind what's on offer today. One developer says that all he needs for open source support is a critical mass of people running the software, investigating problems and maybe correcting them, and posting some of the repairs in a manner that can be searched via the Web.

Searching "MPENX21" doesn't yield any Google hits which relate the HP 3000. This is the best reason of all to have a support company backing up your HP 3000 operations. HP has pared back its notifications about operating system repairs.

Comments