Secure transfers of HP 3000 files, as well as the ability to compress and decompress them, remain projects in need of technical help. A Secure FTP functionality (SFTP) is still short of production-grade release by some managers. Using ZIP to squeeze and unsqueeze 3000 data requires a 14-year-old piece of software.
On the FTP front, a decent set of files and documents once was available on the Invent3K server which HP operated until 2008. Ken Hirsh did that work on OpenSSH, which is essential to making SFTP more useful on a 3000. But Invent3K operations and contents were transferred to OpenMPE recently. Hirsh doesn't have an active account on the new version of the server.
ZIP needs help as well. The current version of the industry default for compression has had several updates since 1997, but none have been ported to the HP 3000. Some managers at multi-3000 sites still use ZIP daily, and an upgrade (which by now would really be a port) will help compress and decompress files bigger than 2GB. That's how old the 3000's ZIP is today; IMAGE jumbo datasets to go beyond 4GB arrived in 1995.
System managers of the 3000s report they are willing to develop -- or pay an outside party -- to bring these industry standards in line with more modern verions. Independent developers, or the originators of the older ports, are available in the community to help, too.
FTP issues are more complex, but there is also more on the table to use for the security that can satisfy auditors. Brian Edminster, the community's specialist in open source software for the 3000, said "SFTP clients are available for MPE/iX, and work fine on v7.5. You can contact me if you’d like to discuss how to get a copy of your own. I’ve had extensive experience with the SFTP client, and some with the SCP [network file transfer] client. Both work remarkably well, although there are some quirks it helps to be aware of."
Today's limitation on securing file transfers is that the 3000 must originate the transaction. Edminster explains that "This can make for some process redesigns if your existing applications are used to your 3000 being the server. And no, jinetd doesn’t need to be running for SCP or SFTP to work."
SCP needs OpenSSH on MPE/iX to perform its transfers, but only an initial port was done by Hirsh, who was doing the work for free. Edminster says the ported software runs on MPE/iX 7.0 and 7.5. The port included the ssh command line client, but it had very limited functionality, he added.
It also included the client components SFTP and SCP, as well as a random number generator written in Perl. This last piece is necessary because the random number functions under MPE/iX aren’t very random. At least, not as far as serious cryptography is concerned. This Perl script (modified by Ken to run on MPE) was originally written by others to get round not having a kernel based entropy source for their systems either. Poor quality random number generation is not just a MPE/iX issue.
The 'server' components (sshd, sftpd, and scpd) were never ported for reasons that Ken could possibly explain. It might have been something as simple as he didn’t need them. From my perspective, I’m thankful that Ken did the port in the first place. I have installed his OpenSSH port many times, and even tightly integrated it with legacy applications. SFTP is still in use many times a day with those applications, and since first installed several years go -- has safely and securely transferred terabytes of data, with no clear end-date for this application’s life.
Hewlett-Packard opened the door for this kind of community porting when it included much of the software required for creating an installable version of things like OpenSSH in MPE/iX. It should also be available from non-HP sources by now. That's an issue for OpenMPE to take up. At the moment these volunteers are hosting contributed 3000 software (the CSL) and charging access for development accounts on Invent3K. Locating and hosting the open source work is a mission the community could embrace.