3000 gets HP security alert. What the heck?
October 20, 2011
3000 users who still employ HP's support services got a bit of a jolt this week. The vendor that's still selling MPE support sent an email bulletin about an MPE/iX Security Alert. Even while HP was supporting 3000 customers without caveats, these notices were as rare as rain in a July Texas.
But how can security become an issue with an OS that HP hasn't touched in more than three years? Plainly put, the alert is a mistake. It's got to be, because a drill down into the details doesn't mention the OS by name. Instead, it's a problem with something called HP Data Protector, built for HP's laptops and desktops.
The corrected version of the alert still reads "Content Type: MPE/iX, PRIORITY: Critical." HP's new Support Center website has spewed out problems all summer, but this is the first mess-up marked critical. If you're paying HP to oversee your 3000, even during a migration project, you might take this as a sign that the level of support has fallen fall below classic standards.
Getting BIND updated is a non-trivial exercise -- because the existing version for MPE/iX is several major releases behind (from an effort standpoint, it would be wise consider it a new port). Since it's easy to implement an 'up to the minute' version of BIND on a cheap Linux server, I don't blame HP for not expending the effort to re-do the port. [HP's] Mark Bixby did a fairly good job of documenting what he had to do to get the current version running, but we can't just re-apply the patches he submitted to get the latest versions to run.It's a lot like when car manufacturers do a major model change -- where the car name is the same, but just about everything else changes. When you have a major design change, you often no longer have parts commonality. Same thing with portable software. When a major version change occurs, it's often due to major changes in the software's internal design. Ergo, it's like starting over.
Note: This Security Bulletin was released with the MP (MPE/iX) software product category. It should have been released with the MU (Multi-Platform Software) product category. Please refer to Document ID c03058866 - HPSBMU02716 SSRT100651.
If HP is still the chief competition out there for support dollars on existing 3000s, perhaps this kind of critical alert could serve as evidence. Even the automated parts of HP's database are mis-tuned to the needs of the server. It's bound to be better to work with companies who see a long future in 3000 service.