Wayback: 3000s boot mainframes out of HP
Where to go when the app vendor is gone

Kept Promises for Open Source on MPE/iX

OpensourceOpen source software developed a reputation for keeping HP 3000s online and productive, even in the face of industry requirement changes and new government regulations. Applied Technologies founder Brian Edminster has shared reports of a 3000 installation processing Point of Sale transactions, a customer which faced new PCI compliance demands. He was tasked with finding a solution to the new credit card compliance rules late in one December — with a January deadline.

“What we were struggling with was not that uncommon,” he explained. “The solution of choice was a version of the package OpenSSH, an open source implementation of a secure shell.”

OpenSSH offers publicly exchanged authentication, encrypted communication for secure file transfers, a secure shell command line, port forwarding. “It’s amazing how much you get," Edminster said, "and it’s available for many operating systems.” He's got a website devoted to the open source tools for the 3000.

At first, none of those operating system implementations included MPE/iX. OpenSSH requires a shell for the MPE/iX version; it doesn’t run at the MPE command line. But it’s been ported using OpenSSL for the HP 3000 and Perl/iX, both available from Edminster's MPE open source website.  Perl, another open source tool, “was designed for portability across platforms, and it works nicely,” he said.

OpenSSH protects from “man in the middle” security attacks by using DNS resolution, another open source utility wired into MPE/iX. Edminster recommended “the definitive guide to OpenSSH, commonly known as ‘the snail book’ from O’Reilly Press, Second Edition.”

That 3000 site where Edminster was working on POS security requirements had enabled DNS resolution across its enterprise — so Edminster was able to use a handy MPE/iX script called DNSCHECK. It’s a beautiful piece of scripting that checks, step by step, all the things necessary for name resolution to work on an HP 3000.

OpenSSH uses cryptological software to pad out blocks of data which are being transferred. The HP 3000’s random number generation routines are “not so good” for this, Edminster explained. Random number routines must have a much longer cycle length of repeats than MPE/iX provides. MPE has no random number generation built into its kernel, unlike other operating environments.

The solution is “the Entropy Gathering Daemon, which is already packaged up by Ken Hirsh with his port of OpenSSH,” Edminster reported.