Previous month:
March 2015
Next month:
May 2015

April 2015

TBT: The Legacy of 3000 Creators

Fred White and Ed SharpeIMAGE/3000 creator Fred White (left) and Ed Sharpe pose in 2004 with one of the earliest models of HP 3000 memory boards, at Sharpe's computer museum in Glendale, Ariz.

The creators of some of the 3000's earliest pieces are still with us, most of them. A notable exception is the legendary Fred White, pictured above in a photo taken from the years before his death in 2014. He's holding up his end of a memory board for an early-model 3000. The HP 2000 Access system behind him introduced many people to HP business systems, and they went on to become the computer's first wave of users.

Sharpe in 2014Holding the other side of the board is Ed Sharpe, who created and curated the first networking resource online devoted to the 3000, a bulletin board system he called The Forum. Throughout the first decade of the 3000's life, BBS communication was the only way to exchange information about MPE technical details other than attending user group meetings. HP did not launch its teleconference sessions, broadcast to customers through HP sales offices, until late in the 1980s.

The Forum earned the support of system managers reaching out to connect with each other. The character-based BBS interface was not much less sophisticated than the mailing-list-based HP3000-L of about a decade later. Downloads of contributed software were a big feature of the Forum. It connected users in an era when long-distance was still a serious business expense.

The biggest drawback to the Forum was the long distance charges for the users when downloading Forum CSL files! I am sure I caused some corporate phone bills to increase. Over in Europe, they had greater accessibility to X.25  at that time.

Continue reading "TBT: The Legacy of 3000 Creators" »


Linking Yesterday's Data To Today's Server

Yesterday's dataAnother migration is underway in the world of enterprise computing, one that will transport millions of customers. It's not from one OS to another, or even from one model of computer to something much newer. It's a transition from one Windows Server release to the latest, although the latest Windows Server doesn't bear the name of our current year.

Business is making a shift from Windows Server 2003 to Windows Server 2012, triggered by applications. The apps are making use of a larger computing space, going from 32- to 64-bit software. And in so doing, these IT shops need an upgrade to their data links. HP 3000s that are networked into a Windows Server enterprise have a newer model of connectivity software to handle this migration.

UDALink is the progeny of MB Foster's ODBCLink/SE, the middleware created, maintained and supported by MB Foster for IMAGE/SQL for more than 20 years. This continuous and current support of 3000-ready middleware, as we once called it, is a community marvel. No server that's been off a vendor's price list for 12 years, as the 3000 has, ever had more care lavished upon its remaining users. Now UDALink is getting an enhancement to Java Database Connectivity 3.0 API. It's a type 4 interface, and so it's ready for the Windows Server migration.

The vendor's CEO Birket Foster said that about 20 percent of the customers using Windows Server are still on the 2003 release. "It was a customer who requested we enhance the JDBC2 driver on UDALink," Foster said. "We were pleased to do so. It ensures that this customer and future customers can continue to leverage newer technologies with legacy business-critical applications."

Continue reading "Linking Yesterday's Data To Today's Server" »


Locating Help for 4GL 3000 Projects

A phone call -- how old-school -- to the NewsWire offices today posed an interesting question: Who'd be able to help a site that's got Speedware applications which appear to be layered with Visual Speedware? The list of independent Speedware experts who know MPE isn't a long one. A few months ago we compiled the a collection of 3000 experts into a single webpage here on our website. Only three companies named Speedware skills specifically in their company profiles.

CognosInSpeedware"The Speedware here feels like it's hidden behind high walls," the caller said. "There's an aspect of Windows running in there, and the site doesn't really know where their development server is." Visual Speedware is still a product of Fresche Legacy -- the new name of Speedware since 2012 -- and the software that was created for "Enterprise Client/Server Development" has a presence on the Fresche website. The product's data sheet from 2002 is on the hpmigrations.com wing of the Fresche Web addresses.

Readers here will know there's an opportunity to help with a Speedware installation. It's a skill set in declining supply, this kind of 4GL expertise. PowerHouse users have a mailing-list newsgroup, but there's nothing like that for the Speedware user.

The two brands of 4GL have widely differing early days; Speedware was sometimes white-labeled to create apps sold by other software companies. SoftVoyage is a memorable example. PowerHouse always had its name out front where it was deployed. Later installs of these two 4GLs, through the late 1980s onward, were more similar.

In the ways of the IT world in 2015, both of the vendors of these products consider their 3000 customers to be ready candidates for migrations. The transition arrives in various flavors, but all of it is designed to leave the Hewlett-Packard-branded 3000 hardware behind.

Continue reading "Locating Help for 4GL 3000 Projects" »


Sendmail, Group Purges, and ACD Removal

Is there a proper or "right" way to shut down sendmail?

Donna Hofmeister replies

• Use the Posix kill signal from SERVER.SENDMAIL or any user with SM capability. (The following can be easily turned into a job!)

kill $(head -n 1 /etc/mail/sendmail.pid)

• Only use :ABORTJOB as a last resort! (This is true for all of the Posix things that got ported to MPE)

If you don't need to run a mail server (e.g. sendmail) on your 3000, you shouldn't. In most cases, using a mail client will be "just the ticket." Point the client at your in-house (SMTP) mail server and enjoy.

How can I easily purge all the files in a group without destroying the group structure?

If GRPNAME is the name of the group then either:

1. chgroup GRPNAME and

purgegroup GRPNAME 

Or, purge @.GRPNAME 

[Ed. note: Vladimir Volokh notes this last command does not purge databases from a group, although it purges everything else. You must be an SM user to purge everything in one account from another account. Of course, MPEX's %purge will purge everything, and will report the list of what is to be purged. %purge(ISPRIV) for a selection of databases only, for example.]

How can I convert an SL to an XL?

Jeff Kell and Gavin Scott reply:

You can OCTCOMP an SL, which will make the code in it run in mostly-Native Mode (though using several times the memory) and with exactly the same limitations as the original CM code. OCTCOMP just adds a pre-translated version of the CM code to the end of the file that will be invoked when you run the program or SL on an MPE/iX system.

Continue reading "Sendmail, Group Purges, and ACD Removal" »


Solutions for Keeping Passwords Fresh

Our management wants our 3000 users to be forced to change their password on a regular basis. Also, certain rules must be applied to the new password. We don’t have VEsoft’s Security/3000, although we do have MPEX. I therefore have two options. 1. Write something myself, or 2. See if there is anything in the Contributed Software Library that will do the job, or can be modified to supply the required solution.

Homegrown and bundled solutions follow. Jeff Vance offered this:

There is a pseudo random password generator available among the Jazz files which knows MPE’s password rules. See RANDNAME. There are also UDCs which force a password to be supplied when using NEWUSER, NEWACCT and NEWGROUP CI commands. These required passwords can be random or user entered with a minimal length enforced. 

Then he added as an afterthought, a strategy to program your own password system:

I haven’t thought about it much, but it seems you could have a password file (maybe a CIRcular file?) for each user on the system. This file would have their last N passwords, and the modified date of the file would be the date their password was most recently changed.

A logon UDC could detect if the password file for that user exists. If not create it and require a new password right then.  If the password file exists then get it’s modified date and compare that to today’s date. If greater than X days then in a loop prompt for a new password. Validate the entered password against previous N passwords and your other rules. Maybe run a dictionary checking program to make sure the password is not common, etc.

Update the user-specific password file with their new password, and then logon the user.

Continue reading "Solutions for Keeping Passwords Fresh" »


TBT: The Rise of Superdome to Blades

Earlier today, a 3000 manager asked if the Moonshot line of HP servers was part of the plans to establish the Charon HPA PA-RISC emulator in the community. "I think it would be great if someone would demonstrate MPE/iX running on HP Moonshot server," said Tim O'Neill. "[Stromasys might be using] Charon to do something like this, but are they doing it on a Moonshot?"

Univ of Utah CloudLabMoonshot is not the best fit for the Stromasys product, because the HP bladed server is aimed at far larger processing needs. The targets for Moonshot are providers of networking services, cloud hosting co-location providers, customers as large as PayPal, and 20th Century Fox. The studio now distributes its movies around the world digitally, movies that are hundreds of gigabytes per file, and it reduced its datacenter footprint by more than 80 percent and sends those files 40 percent faster.

HP SuperdomeIt's not that the movie business didn't ever use MPE; Warner Brothers had a European distribution center for movies that used a 3000, but that was back in the day when canisters of 35mm film were shipped to theaters. Evoking the name Moonshot, however, recalls the hope that the 3000 community held for HP's first massive enterprise server, Superdome,15 years ago.

SuperdomeArticle20150423The first Superdome computers were PA-RISC systems that ran with the same PA-8600 and PA-8700 servers that powered HP 3000s. When HP started to talk about Superdome in the months after Y2K, 3000 customers wondered "Why not us?" as part of the product's target audience.

An IT manager with beta-test experience on Superdome said at HP World that he believes there’s no reason Superdome can’t work with MPE/iX. “It’s PA-RISC hardware,” he said. “I asked our technical contact from HP why it wouldn’t run with MPE. He replied to me, ‘Yes, why wouldn’t it run MPE?’ ” In a future version, the computer will use its advanced partitioning to run more than one operating environment at once, according to HP’s presentations.

Five years ago this week, HP announced at the HP Technology@Work 2010 conference the first server technology that bridged the multiple-processor designs of Superdome into the blade server concept that would become Moonshot. Even more so than the original Superdome, the Superdome 2 had zero chance of becoming an MPE/iX hardware host, because by the Spring of that year HP was counting down the months until it stopped MPE support completely. (Officially, anyway. Right up to this month, rumors are floating that HP is supporting customer 3000s somewhere.)

Continue reading "TBT: The Rise of Superdome to Blades" »


Essential Skills: Avoiding A King's Ransom

Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for multi-talented MPE pros.

In a recent message on a 3000 developer mailing list, one MPE expert warned of the most common malware attack of 2015: Ransomware. "This is probably the most likely thing to happen to your computer if you click on the wrong thing today," Gavin Scott reports.

Piracy keyboardIt's a nearly perfect criminal scheme.You get the malware on your system and it encrypts all files of value with a randomly generated key, and directs you to send $300 in bitcoin to them in order to get the encryption key to get your files back. It will encrypt every drive it can get access to, so a lot of people get their backups infected in the process of trying to recover. If you pay the $300, then by all reports they do give you the key, you get all your files back, and they don't bother you again. They even direct you to bitcoin ATM companies who reportedly spend much of their time these days providing technical support — to help Grandma operate the bitcoin system to pay her computer ransom.

To explain the fate of having to toss out computers in the IT shop which cannot be ransomed, we call on our security expert Steve Hardwick for some insights.

By Steve Hardwick, CISSP

In a previous article I looked at a Man in the Middle attack using SuperFish. That malware effectively bypassed the encryption built into HTTPS and so allowed  Lenovo to inspect secure web traffic. There's another type of encryption hack that's becoming a serious threat: Ransomware.

In standard symmetric encryption, a key — a password — is used to scramble the information to render it undecipherable. The same key is then used to allow a valid user to convert that data back into the original data. Encryption systems ensure that anyone without a key will be unable to reconstitute the original data from encrypted data. Another key component (forgive the pun) is the password used to generate the encrypted data. If a valid user is not able to access the key, then they no longer have access to the data.

In many situations as a security professional, I've been asked how to recover encrypted data after the encryption key has been lost. Despite what TV shows depict, this is not as easy as it looks. Typical recovery of encrypted data is time consuming and costly. The first thing any security professional will say when an encryption key is lost is, "Just recover your data from your backup." But today there's a type of virus out there that uses this weakness, and can compromise backups, too.

Continue reading "Essential Skills: Avoiding A King's Ransom" »


Scheduling Time for Job Management

Starting Wednesday at 2 PM Eastern, MB Foster will demonstrate in a Webinar what Windows-based scheduling software should look like. The template for success comes from a strong jobstream management design: the one on HP 3000s.

3000 managers are making moves to Windows. It's been the most popular migration destination ever since HP announced it was leaving the 3000 space. Going to Linux is popular too, and the older generation of the Linux concept, Unix, had good scheduling software choices. Managers buy their own scheduler for all of these migration platforms, because what's included won't do anything close to what MPE delivers.

MBF Scheduler Webinar at 2 PMOver at the IT operations of Idaho State University, the scheduler that's recommended for the Banner/Ellucian ERP package under Unix has been installed. "We went with Automic's UC 4," said IT analyst John MacLerran. "That is the one recommended for use in Banner and it has worked quite well for us. We are currently on Solaris, with some Windows servers (for our report writer, named Argos), and Linux servers for the Oracle middleware servers. We will be moving the Solaris bits to Linux in the next 12 months or so, as we undergo a hardware refresh on our servers."

That's well and good for Unix or Linux sites, but Windows installations don't have such clean choices. MBF Scheduler is a selection that Measurement Specialties made a few years ago. That 3000 shop added Windows to its IT mix and needed 14,000 3000 jobs managed.

Continue reading "Scheduling Time for Job Management" »


Replacing Apps, and Adding On, to Migrate

At Idaho State University, migration away from HP 3000 operations has been underway since before 2007. The school directed nearly all of its business functions using MPE/iX software, a good deal of it hand-tooled in PowerHouse. Within a couple of years of the migration launch the higher-education application Banner, running on Solaris Unix servers, took over for key parts of the 3000 operations. The last set of applications of the project now has a target for completing by July.

Add-onJohn MacLerran, senior IT analyst, updated us on the work at the university, noting that there are three applications, as well as control of the school's PBX, that must still be replaced from the 3000. The bank reconciliation functionality in Banner (by now renamed Ellucian) splits up accounts payable and payroll, while the MPE/iX app unified both AP and payroll. "I am rewriting that in Oracle PL/SQL as an add-on for Ellucian," he said, "at the same time, adding enhancements to include unclaimed property processing, as mandated by state law."

These revisions are following a strategy that lets the university rely on updates from Sungard, the vendor selling Ellucian. MacLerran said that whenever possible, his department wants to "not to modify Ellucian directly, but to do add-ons instead — and we were able to hold to that in all but a very few cases."

It's a significant choice for any migrating 3000 site that's moved to a replacement suite. (MB Foster calls these migration targets Commercial Off The Shelf apps.) "Having a no-modification policy saved us quite a bit of heartache," MacLerran said, "as Ellucian comes out with patches and updates quite regularly. Since we didn't modify the original code, we don't have to spend too much time making sure it's still in sync."

Ellucian has aspects that are common to wide-ranging replacement applications. There are organizational operations at the university that have been handled by the 3000 which the ERP's inventory module couldn't match, for example. Another bit of replacement software will step in for the existing MPE/iX app.

Continue reading "Replacing Apps, and Adding On, to Migrate" »


Hardware appliance bolsters MPE encryption

Encrypted backupsHP 3000 sites still need to encrypt data, or at least secure it during transfers. Secure FTP protocol was never delivered as an HP-engineered solution for the MPE/iX OS while the Hewlett-Packard labs were building 3000 software. There's a reasonable amount of promise in SFTP of today for MPE/iX, but the solution isn't likely to satisfy security audits.

FluentEdge Technologies encrypts data moving through applications including the Ecometry ecommerce suite, as well as databases themselves, using software solutions that tap into apps and don't require any rewrites.

There's also a hardware solution, one that's been tested with the 3000, that offers a universal method to keeping data secure in transit. The 10ZiG's Security Group offers "data-at-rest" security solutions, including the Q3 and Q3i appliances. A few years ago, Jack Connor put one of these appliances between a Digital Linear Tape device and a 3000. The results impressed him for a device that costs a few thousand dollars -- and will work with any host. Now there's a new version of the device.

Similar to 10ZiG's Q3 appliance, the Q3e is the newest version of this state-of-the-art technology. Providing complete security for backup tapes, the Q3e appliance is designed to be easy-to-use and non-intrusive. Installation takes only minutes and key management is strong, yet simple. For the highest level of security, each Q3e appliance includes a hardware encryption chip that is unique to each customer. The Q3e is available with user selectable AES-128 or AES-256 encryption modes and supports up to four tape drives.

Continue reading "Hardware appliance bolsters MPE encryption" »


TBT: When 3000 Training Went Digital

Twenty-five years ago, HP was making history by integrating CBT for MPE XL on a CD-ROM, running from an IBM PC-AT. Or a Vectra. Ah, what we learned in those years by using acronyms.

CBTAt a user conference in Boston better known for a 3000 database showdown, the mashup of acronyms promised Computer Based Training for the 3000's operating system from a Compact Disc Read Only Memory drive. Here on Throwback Thursday, we're celebrating an industry first that leveraged the HP 3000, something of an anomaly for Hewlett-Packard. CD-based information delivery was still in its first steps in the computer industry, and just ramping up in the music business as well. It would be another 10 years before Apple shipped desktops with built-in CD-ROMs.

An HP official who would later come to lead half the company as executive VP, Ann Livermore, was a humble Product Manager for this combination of HP CD classes and an HP CD-ROM player. "It's the equivalent of having a system expert looking over your shoulder while you work," Livermore said. "The audio on these training product adds significant value to the learning experience." The interactive courses show users a typical HP 3000 console on the PC, accompanied by verbal instructions and explanatory text and graphics.

In an era where Bulletin Board Systems were cutting-edge information channels and web browsers didn't exist, having CD-ROM as a tool for support broke new ground for HP's enterprise business. HP sold about six hours of training on CDs for $950. The breakthrough was being able to use the training repeatedly, instead of putting each new operator or end-user in an HP classroom for a week.

Continue reading "TBT: When 3000 Training Went Digital" »


Patches Are Custom Products in 2015

Last spring we visited the state of HP 3000 patching and found that new work has been making its way into the customer base — one customer at a time. HP Support once created such custom patches, engineered specifically for the configuration at the customer site. Independent support providers who have access to the MPE source code do this today. It's a elite number of support providers. Ask yours if they've got the source.

Tailored workLast year a 3000 manager was probing for the cause of a Command Interface CI error on a jobstream. In the course of the quest, an MPE expert made an important point: Patches to repair such MPE/iX bugs are still available. Especially from the seven companies which licensed HP's source code for the HP 3000s. This mention of MPE bug repair was a reminder, actually, that Hewlett-Packard set the internals knowledge of MPE free back in 2010. Read-only rights to the operating system source code went out to seven companies worldwide, including some support providers such as Pivital Solutions and Allegro Consultants.

The latter's Stan Sieler was watching a 3000 newsgroup thread about the error winding up. Tracy Johnson, the curator of the 3000 that hosts the EMPIRE game and a former secretary to OpenMPE, had pointed out that his 3000 sometimes waits longer than expected after a PAUSE in a jobstream.

I nearly always put a CONTINUE statement before a PAUSE in any job.  Over the years I have discovered that sometimes the CPU waits "longer" than the specified pause and fails with an error.

A lively newsgroup discussion of 28 messages ensued. It was by far the biggest exchange of tech advice on the newsgroup in 2014. Sieler took note of what's likely to be broken in MPE/iX 7.5, after an HP engineer had made his analysis of might need a workaround. Patches and workarounds are a continuing part of the 3000 manager's life, even here in the second decade of the 3000's Afterlife. You can get 'em if you want 'em.

Continue reading "Patches Are Custom Products in 2015" »


Finding Your Level of MPE Patches

PatchworkPatches to the HP 3000 never were a popular item in the base of production servers. Mike Hornsby of Beechglen Development once said that "about three things can happen when you patch a 3000, and two of them are bad." In essence, a static 3000 system is a stable system, and managers give away the promise of better features for the certainty there will be no errors or aborts. At least none that the management has not already seen, logged, and worked around.

However, the years which have rolled by have pushed 3000s into new territory. For example, the ability to see larger LDEV 1 drives -- and by larger we mean bigger than 4GB -- only comes through a series of patches. Drives fail, and then replacing them with something not strictly approved by HP is an obvious option.

It's not obvious to determine what a 3000's patch level is, though, considering most of the systems haven't been patched in years.

One of our editors and sponsors pointed out a tool in the 3000 community that can help. To be clear, of course, maintaining independent third party support is one of the best ways to track patch levels. While they can't say it out loud, many support vendors keep a full complement of MPE/iX patches on hand, too.

Continue reading "Finding Your Level of MPE Patches" »


How MPE Talks to Its Network Neighbors

Our networking team reports they're going to refresh the hardware on our IP gateways. Our Telecom manager says they will 

  • Change the physical gateway, because the hardware is being replaced
  • Not change the IP address and gateway address
  • Change the MAC address of the gateway (because of different gateway hardware)

Network NeighborhoodWhat do I need to do on our MPE boxes to ensure that they will see the new hardware? Does MPE cache the MAC address of neighbor gateways anywhere? I was thinking I needed to restart networking services, but I wasn't sure if anything more will be needed.

Jack Connor replies

If you're taking it off the air for the network changes, I'd go ahead and close the network down until the work has completed and then reopen it. MPE will be looking for the IPs as it opens up. I know you can see the MAC addresses in NETTOOL, but I don't think they're of any import other than informational and for DTC traffic.

Donna Hofmeister adds

Halt the network (even the system if possible -- because it's almost the same thing) while the larger network work is being done. When the new gear is in place and seems stable, "wake up" the 3000 and watch what happens.

Continue reading "How MPE Talks to Its Network Neighbors" »


Putting ERP Securely On Your Wrist

Salesforce Watch AppHP 3000 ERP solutions are hosted natively on servers, and some of them can be accessed and managed over Apple's mobile tablets. But the Apple Watch that's due in two weeks will bring a new and personal interface for enterprise servers. Indeed, a well-known alternative and migration target for MANMAN and other MPE apps is climbing aboard the Apple Watch bandwagon from the very first tick.

Salesforce has a Watch app coming out on launch day that ties into a business installation of the storied application. Incredible Insights Just At A Glance, the promo copy promises.

Access the most relevant, timely data in seconds. Swipe to see dashboards, explore with lenses or use Handoff to work seamlessly between Apple Watch and iPhone. And use Voice Search to surface a report, view a dashboard, or find other vital information in seconds.

As mobile computing takes a new step with the Watch -- a device that Apple's careful not to call a smartwatch, as it's more of an interface for a smartphone -- security remains a concern. Apple has been addressing it by recognizing the Four Pillars of Mobile Security. A little review can be helpful for any IT pro who's got mobile devices coming into their user base. That's the essence of BYOD: Bring Your Own Device.

Continue reading "Putting ERP Securely On Your Wrist" »


Labels leap over legacy support hurdles

DuplexPackSlipAn invention in shipping labels is making headway this year, riding the power and promise of marketing. But DuplexPackSlip, while it's a novel product, still manages to reach back to legacy servers like the HP 3000. One reason the label has gained traction is that it's been shaped around a commerce process rather technology choices.

Minisoft, one of the foundational vendors for HP 3000 connectivity, still sells terminal emulation products to link MPE. But one aspect of its cross-platform support comes from eFORMz, a forms management product that ties into any WMS or WRP system. The labels are an all-in-one duplex label shipping solution that combines a shipping label with a packing slip, using the front and back sides of the same label. The new generation of the solution includes marketing on the reverse of the label.

eFORMz has always been platform-agnostic. The software is driven off PCs that tie into business servers including the HP 3000. But choosing to use eFORMz doesn't lock a company into a particular computing environment. That makes the software something to carry forward during a migration, or choose without being concerned about what environment will come next.

Minisoft says that DuplexPackSlip can streamline warehouse shipping operations and reduce costs by 30 percent. The tie-in with the Minisoft software and the labels lies in eFlex Laser Forms. The multi-use laser forms employ label designs so retailers can incorporate special offers, pre-paid returns, targeted cross-sells, loyalty rewards, or gift cards while fulfilling every customer's order.

First released 15 years ago, eFORMz was created using the ubiquitous platform of Java. That language's promise was write once, run anywhere. Java was developed in an era when the silos of technology were tall and stout. The information industry has mowed down those silos by now, but legacy tech still wants to be included in novel solutions. Cross-platform software that can be implemented into future tech, but used in legacy solutions, presents a great means for looking forward with a flexible view.


Essential Skills: Man In The Middle Attacks

Editor's Note: HP 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skillset for such multi-talented MPE experts.

By Steve Hardwick, CISSP

Lenovo recently made news in the security industry, and it was not good news. The PC manufacturer was shipping a copy of the Superfish malware with its machines. The software executes a threat known as “man in the middle.” Once it was discovered, companies were advised to remove it, yes. But what is a man in the middle attack, and why is it so dangerous? 

Superfish compromises the HTTPS security protocol. It will intercept HTTPS requests made by a browser. It then uses a program to connect to the target website. At the same time it sends its own public key to the browser, and has it trust it. Instead of data coming back from the website to the browser, it now comes to the Superfish program. 

Normally, encryption is viewed as using a password or phrase to generate a key. The key is then used to encrypt a set of data in clear text. The resulting cyphertext is then sent to the recipient, who must have the original key to decode it. This is commonly referred to as symmetric encryption: used just for a session, the same key both encrypts and decrypts the data. 

The Superfish malware extracts a symmetric key from the website and passes it on. The browser thinks it has a secure connection to the website, when in fact Superfish is now listening to all of the communication from the PC to and from the website. Superfish was originally used to intercept Web traffic and surreptitiously record where the PC's user went on the Web. In addition, it opens up very nasty holes for hackers to use.

Continue reading "Essential Skills: Man In The Middle Attacks" »


Operating Systems Of Our Lifetimes

Operating SystemsClick the cartoon for details and the joke

Managers and owners of HP 3000s are the kind of customers who understand what an operating system does. Most of us in the community remember when there were countless OS's out there to run our businesses, if not necessarily our lives.

The HP 3000 stands out in a healthy legacy comparison because its birthdate in the initial generation of minicomputers. Unlike nearly all, its OS remains in business use today. Other OS's which are not in use: MCP from Burroughs (a source of MPE inspiration); Univac's VS/9; NCR's VRX; Control Data's Kronos; and Honeywell's CP-6. 3000 veterans will recognize those as BUNCH companies, whose mini and mainframe products were swept away by IBM's, HP's, and Digital's.

MPE has not yet outlasted the VS minicomputer operating system from Wang Labs, since that mini still has support from its latest third party owner, TransVirtual Systems. There's more than blind loyalty there when an OS can move into the four-decade lifespan. There's commercial value, too. VS still has about a decade to go to get to MPE's 41 years.

For the 3000-savvy, the cartoon above would have a few extra boxes in it. The longest one is likely to be MPE, in its II-V, XL, and iX generations. There are a few others that pre-date DOS, of course. HP tried to sell PCs running CP/M, for example. You could insert the following boxes underneath the fine cartoon from XKCD, the work of brilliant cartoonist Randall Munroe.

MPE timeline

That useful lifespan for MPE will run to 53 years, unless a rolled-over calendar is not a problem for your applications.

Hop over to Munroe's website to enjoy the irony and heart of someone who understands that Gnu (yup, the root of the 3000's iX generation) could be there at the very end, turning out the lights. And who can say for sure that MPE will truly end its days on Dec. 31, 2027 after all? Wang's OS has passed through several third party hands. HP's own VMS will become the property of a third party next year.

In-tribute plug: If you can't find something on the XKCD store to buy, or a cartoon to link to, then all of the above is probably nonsense. For the rest of you, let me know if Gnu could really rule the planet after civilization ends. We're already hearing that embedding a Linux microkernel would make the OS more useful for Digital server users. Something less complex is surely on its way. It might arrive before that fire.


Trail of support leads to indies, or an alt-OS

Independent support companies have been keeping HP 3000s running for decades. At one point the battle for support dollars was so profound HP tried to file lawsuits to restrict fair commerce in the maintenance marketplace. Companies with 3000 experts on tap have held their ground over more than a dozen years of the declining interest from Hewlett-Packard in the server and its OS.

Recently we've seen independent resources marshaling knowledge bases and documentation on the server. Much of the MPE/iX OS manual set is on hpmmsupport.com, a website set up by some of the creators of the MM II/3000 MRP software. It's a good thing that outside resources like this exist, because now there's more evidence that the archives of Hewlett-Packard are closing their MPE doors tighter.

Slamming doorThis retraction of knowledge can lead a 3000 owner in two directions. They can either embrace operating processes that will require an independent expert to field support calls. Or if a company needs another reason to make serious steps to migration, then less vendor information to help fix bugs will be adequate to push the cart down the hill, away from MPE.

Tonight one set of information can be indexed at an HP Support website. There are patch notices and pointers to support documents, but everything is behind a demand for a valid support agreement. And this news about the successor to HP's IT Response Center (ITRC) shutting some MPE doors includes a confusing footnote. Somewhere out in the world, there might be a 3000 site still getting support from HP, deep under the covers of corporate policies.

While the vendor was public about its waning intentions for 3000 futures, it was also eager to preserve such support business. HP's reach for support contracts while advocating migrations slowed the migration business for the community. In the long shadows after two extensions of support deadlines, migration companies and homesteading firms have been finding no vendor help to portray and preserve the state of the 3000. The customers were promised otherwise, years ago, when the information was still fresh on HP's websites.

Continue reading "Trail of support leads to indies, or an alt-OS" »


That final 3000 IO upgrade is still in use

Pass ThroughMore than five years after HP rolled out the ultimate release of MPE/iX, the vendor finished its work on an SCSI Pass-Through driver for the HP 3000. It was an one of the last HP-designed MPE enhancements. Independent support companies have the tech resources to create customized patches for their customers. The HP driver still makes it possible to connect and configure SCSI storage devices which HP has not certified for 3000 use.

Full instructions on how to use the software are on the ManualShelf free website. It's a tool for permitting an application to address SCSI devices without the use of the MPE/iX file system or high-level IO interfaces. But the software itself was built, lab-tested, then placed on the HP software improvements leash: It was only available to the HP support customer who was willing to take SPT, as HP called it, as a beta test version.

Patches MPENX01A, MPENX03A and MPENX04A were beta patches required to make the SPT work on MPE/iX 7.5. HP still makes these patches available to any 3000 customers at no charge. Two years ago, Allegro's Donna Hofmeister said "the magic incantation when dealing with the Response Center folks is to use transfer code 798. That’ll get you to an MPE person." 

Consultants and companies which provide support have many of these patches in their resource bins. The entire patch collection is just 1.27GB, small enough to fit onto a giveaway thumb drive.

Continue reading "That final 3000 IO upgrade is still in use" »


TBT: The Ultimate MPE/iX links big disk, FC

7.5 datasheetHP unveiled the final, ultimate generation of its 3000 operating system 13 years ago this month. On this Throwback Thursday we mark the month that MPE/iX 7.5 made its datasheet debut. It was less than six months after Hewlett-Packard announced an "end-of-life" for the 3000, but the OS was destined to be officially supported for more than eight years.

Independently, 7.5 is still supported by the community's third-party experts, such as Pivital Solutions. The data sheets and lab reports illustrate why the release has had such longevity, a run that rivals the lifespan of Windows XP.

7.5 release headline Feb. 2002When 7.5's data sheets moved into the customer base, the colorful paper was still commonplace as an information delivery device. What was uncommon about the release was its forward-looking view of fast storage support. HP had built in A-Class and N-Class hardware support for Fibre Channel IO connections, the fastest of their day. But it took the arrival of 7.5 to streamline and stabilize FC connections.

Previously, the 3000  could only be connected to FC devices through HP SCSI Fibre Channel router. In selling the benefits of 7.5 -- and with it, the upgrade sales of A- and N-Class servers -- HP admitted this router arrangement "not only added complexity and slowed FC transfer rates, but it also created multiple potential points of failure."

Access to the wide range of Fibre Channel devices was among the benefits, letting customers make the jump from the AutoRAID arrays to the more powerful and flexible VA 7100 series. Just this week, a customer made news in the community while troubleshooting a VA 7100. That storage platform remains in obvious use at 3000 sites.

The ultimate generation of 3000 processors, the PA-8700, got their complete support in 7.5, too. Fibre Channel proved to be a tangible benefit of the new PCI bus on the newest servers. One feature would have a reach even further than that CPU line: the ability to access a boot disk greater than 4GB. 7.5 opened up untold millions of gigabytes across the entire 3000 line.

Continue reading "TBT: The Ultimate MPE/iX links big disk, FC" »


River cruiser to ferry MPE exokernel mission

ExokernelAn obscure, elite set of EU computer scientists will tackle the looming challenge of slimming down the 3000's operating system this summer, working aboard a cruise ship plying the waters of Europe's river system. The fledgling coalition of seasoned developers will occupy the Norwegian Avignon Passion II on a route between Budapest and Prague, taking on Eastern Bloc developers at Regensburg, Melk, and Roth along the Danube.

The design team's leadership said they were inspired by the Salesforce Dreamforce cruise liner accommodations at this summer's conference. That 135,000-attendee event will handle some needs for lodging and services from the Celebrity Eclipse. The design team will go the next step and cast off its lines in Central Europe, rather than stay tethered to a pier of prior engineering.

Deck Plans"There's nothing we'll want for while we're afloat," said Jean Noosferd, the group's managing director. "It's just us, three million lines of code, and the passion we have to make MPE as popular as Linux." Microkernels for Linux are lifting the popularity for these slimmed-down instances of an OS.

Working from the concept of an exokernel — MIT designs that are much smaller than a normal kernel such as MPE/iX's current monokernel design, and even smaller than a microkernel — the group will leverage the work of open source teams such as the Polish-based Pjotr Mandate. The object is to reduce the installation and management footprint of PA-RISC-ready operating systems. If successful, the development cruise will dock at Prague and release its team of scientists.

"If not, we sail back to Budapest and rework our designs," Noosferd said. When a new version of MPE emerges from the work, the Passion II will remain afloat to preserve the legality of an adapted and enhanced 3000 OS. The software will be sold and distributed using cloud-based Moonraker servers. HP's restrictions on the MPE source code prohibit new versions to be released in any country. "We'll be sailing between countries," Noosferd said. "International law is in force, and so intellectual property ownership will be preserved."

Continue reading "River cruiser to ferry MPE exokernel mission" »


File transfer tips flow to move databases

System managers in the 3000 community still want to know how to use FTP to ensure a safe backup of 3000 data. Of special interest is the KSAM XL database, but most managers don't know that FAK files are HP's special Keyed Sequential Access Method database files. What appears to be program files are moved over, but database files get left behind. There's a trick to getting such files over to a Windows server.

One rule of 3000 operations is that database files act differently than all others in transfers. So FTPing them to a Windows 2003 Server won't be a successful way to ensure a safe data recovery. Third party tools can help, but if a customer is stuck on an aging HP system running MPE/IX, it's probably going to have only the budget for the included HP STORE for file backups and transfers.

Donna Hofmeister, who's spent a career helping 3000 users via the community's newsgroup, suggests starting with creating a file called mystd to store the 3000 files to disk -- then transferring that Store To Disk file.

Continue reading "File transfer tips flow to move databases" »