Emulator Promise, 3000's Security, Invent3K
December 20, 2011
Consultant, developer, and advocate for the HP 3000 and open source software Brian Edminster has combined those last two items into a new resource. MPE-OpenSource.org is collecting public, free-use software that can improve 3000 health and longevity, a single porting contributor’s portfolio at a time. We interviewed Edminster for our latest printed issue of the NewsWire and talked about the promise of a 3000 emulator, OpenMPE’s Invent3k server, and the state of PCI security for the 3000.
What is your understanding of how the Stromasys emulator will help a 3000 site? What’s your hope?
It provides new iron that MPE/iX can run on, potentially long past the point when original peripherals are available. I don’t know for sure, but I suspect that the technology that the Stromasys emulator is built on will have ways of virtualizing disks too – so we won’t always be limited to processor hardware systems that support standard SCSI-2. Some of the newer SATA and iSCSI drives have remarkable performance.
Do you see the emulator as a solution for the migration-bound site, too?
It depends on how long their migration horizon is. If it’s long enough out, or if they’re having reliability issues with their current hardware configuration –- yes, most definitely. Something that few people consider is: What about data archives? Depending on regulatory requirements – it might be necessary to keep the application and it’s data available for review by auditing authorities for many years beyond migration.
For migrations that are really replacements rather than just re-hosting, it could well be much cheaper to keep a emulated instance of the application at time of conversion, rather than try to mothball a server — and hope it’ll come up okay later.
If properly administered — best practices for password changes, no shared login IDs, ‘application’ users for batch job logins, no insecure file transfer protocols, and so on — MPE/iX’s natively-present security features could be enough. They need to be used in conjunction with secure file transfer protocols (sftp or scp), and if the system has credit card data on it, you need third-party encrypted backup tools. Since there’s not currently a working ssh command-line available, I’d recommend that such a machine be segregated in the application domain, so that session user logins aren’t allowed.
I’ve had systems that were technically ‘in’ the CDE (Card Data Environment). But because the actual card data wasn’t handled on the 3000, and because session users were ‘locked’ into the application without ‘CI’ access, FTP and telnet were disabled, and only SFTP was used in machine-to-machine communication, we were able to pass PCI audits.
Something people should be aware of: No two PCI audits are the same, so your mileage may vary. Something sorely lacking is a working ‘ssh’ login capability – so we don’t have clear-text passwords (and application data!) from our workstations traveling the network.
Few people have paid for an annual subscription to the OpenMPE Invent3K server. Why did you?
Two reasons, although only the second one was a conscious choice. 1) Because it’s an inexpensive way to support OpenMPE, and 2) It’s a bargain as a way to ensure I’ve got a fully loaded MPE/iX system to work/play on. Come on, there’s no cheaper way to go! Even with a Series 918 sitting on your desk, you’d spend more in electricity than the $99 costs (and that’s not even considering wait-time: a 918 is painfully slow compared to the multi-CPU 989 System of Invent3K). And on top of that, Invent3K has a full compliment of development tools.
I can't help but wonder why the other 16 Invent3K subscribers can't come up with their $99 subscription fee, even if they're not using their accounts. That's less than 30 cents per day for access to a 9x9 system with a full compliment of development tools! The electricity to run (and AC to cool) a 9x9 system costs more than that, even if you had one of your own. I know first-hand; I have several 3000s of various vintages, but they're rarely online these days, for just that reason.
What’s the most special moment you’ve had in this marketplace since you starting working with 3000s more than 30 years ago?
Actually – there were two standouts. First: During my early days with Gary Green at AIMS, Inc., I got a chance to meet D. David Brown of Nice Corporation and his lovely fiance Nancy. It was on one of our trips through Salt Lake City on our way to Seattle to make a sales visit to Wayerhauser. Little did I know that I’d get to sit in the co-pilot’s seat of his Cessna 310 during the out-and-back trip from SLC to SEA/TAC! I love flying, and this was most awesome.
Second: The 2008 GHRUG Conference, where I presented my first paper at a conference, got to meet some of the remaining big names in 3000-land in person, but mostly — Having the ever so gracious Alfredo Rego be so nice to my fiance at the start of his keynote address. Not being a technical person at all, she was clearly out of her element, and he went out of his way to make her feel more at home. You don’t see that kind of class nearly often enough these days. The memory of that single act of kindness will live with us both for the rest of our days.