Hidden Value

Privileges litter the path to passed audits

Yesterday we studied the ways that migrated HP 3000 data can become forgotten while making provisions for an audit. Since some HP 3000s work as mission-critical servers, these active, homesteading systems must weather IT and regulatory audits. The 3000 is capable of passing these audits, even in our era of PCI, HIPAA and Sarbanes-Oxley challenges — all more strenuous than audits of the past.

However, establishing and enforcing a database update procedure is a step onto filling the gap in the security of an MPE/iX system. HP 3000 managers should take a hard look at how their users employ System Manager (SM) privileges. (Privileged Mode, PM, and System Supervisor OP should also be watched. Overall, there can be 21 capabilities to each user.) In their most strict definition, those privileges can expose a database. Hundreds of users can be created at Ecometry sites; even seasonal help gets SM users, according to one consultant's report, users which are seldom deleted after the holiday has passed. One site had a script to create new users, and each had PM capability, automatically.

VEAudit from VEsoft, using its LISTUSER @[email protected] (CAP("SM")) filter, can give you a report of all of the SM users on your HP 3000. You can even ask for the SM users where password="". (Now there's a good list to find: SM users who have no passwords.) There is no MPE command that will do such things, we are reminded by VEsoft co-founder Vladimir Volokh. Even after more than three decades of his business as a 3000 software vendor, he also offers consulting on MPE operations and management, and still travels the US to deliver this. 

Privileges are often a neglected aspect of 3000 operations, especially when the system's admin experts have moved on to non-3000 duties, or even to other companies. (Then there's the prospect that nobody knew how to use privileges in the first place.) Some SM users have disturbed the integrity of 3000 databases. It's easy to do accidentally. A creator of a database can also update a 3000 database — a capability that can foul up a manager's ability to pass some audits.

 

If you are worried about arbitrary access via QUERY, you can "disable subsystem access" via DBUTIL. This will, of course, only disable the access on QUERY.

Some less-adept auditors can also demand that a database's password be changed every 90 days. It's quite impossible to do, considering the database password is built into every application program.

So a database's security might be compromised through SM privileges, but it depends on the meaning of "update." This term can be construed to be as restrictive as using DBUPDATE to change an entry. It can also refer to UPDATE access DBOPEN MODE 2. 

To get very specific, an update can mean that the modify date has been changed in the file label of one or more IMAGE-related files. In a very general definition, an SM user can update the database simply by way of a restore from tape. (OP privileges permit this, too.)

Auditors sometimes ask broad questions, the sort of inquiry that fits better with the everyday use of HP 3000s in an enterprise. But for MPE/iX experts, "update" means any kind of modification capability.

So you can answer your auditor's question and say "no, SM privileges don't permit any of our users to update a database in another 3000 account." This answer is true, to the extent that the auditor's concern is about changing data — not just making a minor date change or using DBOPEN MODE 2. For auditors without MPE/iX and IMAGE expertise, well, they might not go so far in their examinations.

As for the SM user's ability to muck up an IMAGE database, it’s a mistake that is not difficult to make. An SM user who obtains a database password can corrupt an IMAGE database just by using the restore command. We’ve heard a story that such a user might explain, "Oops, I thought I was signed onto the test  account."

It's important to make a system fool-proof, because as Vladimir says, "fools are us." 


Still Patching After All These Years

PatchesHP solved the problems of the 3000 and MPE with patches, revised software which Hewlett-Packard still distributes today. Probably not as seamlessly as it did while the company supported the system. But just as inexpensively: MPE/iX is one of the only HP operating systems with free patches. The still-engineered and fully-supported OS lineup requires an HP support contract to retrieve patches, even the critical ones.

Patches resurfaced in my reporting this afternoon while I interviewed a consultant to a large site, one where 22 HP 3000s once ran altogether. Today it's a couple of N-Class servers. He was feeling good about the chances for a Stromasys emulator there, partly because the customer is already running on MPE/iX 7.5. The final generation of the OS is required to run the Charon HPA/3000 emulator.

"We got away from using Large Files, too," he added. "I think HP never did fix that corruption bug in those." That would be the >4GB corruptor, discovered in 2006 by Adager and finally fixed in '07 by HP's IMAGE/SQL labs. The repaired software required a millicode patch, the first one HP'd written for the 3000 in 16 years. You can get that patch via HP's Response Center website. But that's not how most 3000 managers are getting these patches today.

Continue reading "Still Patching After All These Years" »


Change your clocks, all the time

ClockgoingforwardThe US will roll its clocks forward by one hour this weekend. That means it's time to anticipate the questions about keeping 3000 clocks in sync, for anyone who hasn't figured this out over the last several years. US law has altered our clock-changing weekends during that time, but the process to do so is proven.

Donna Hofmeister, whose firm Allegro Consultants hosts the free nettime utility, explains how time checks on a regular basis keep your clocks, well, regular.

This Sunday when using SETCLOCK to set the time ahead one hour, should the timezone be advanced one hour as well?

The cure is to run a clock setting job every Sunday and not go running about twice a year. You'll gain the benefit of regular scheduling and a mostly time-sync'd system.

In step a-1 of the job supplied below you'll find the following line:

    !/NTP/CURRENT/bin/ntpdate "-B timesrv.someplace.com"

Clearly, this needs to be changed.

If for some dreadful reason you're not running NTP, you might want to check out 'nettime'. And while you're there, pick up a copy of 'bigdirs' and run it -- please!

Continue reading "Change your clocks, all the time" »


Next weekend, it's all in the 3000's timing

Time-changeEditor's Note: Daylight Saving Time begins at 2AM local time around most of the world next weekend. A lot of HP 3000s run around the clock to serve companies, so a plan to keep the 3000 on time is essential. The founder of the HP 3000 open source repository MPE-OpenSource.org, Brian Edminster, offers a plan, some experience, and a sample jobstream to help get you through our semi-annual time change.

By Brian Edminster

Here's an important implementation note for anyone that wants to put up a 'time synchronization' client on their HP 3000: Do not use it to adjust for spring and fall time-changes!  Use a job that runs on the appropriate dates/times to do a 'setclock timezone=' command.  I have an example below that is a derivative work from something originally posted by Sam Knight of Jacksonville University, way back in April, 2004 on the 3000-L mailing list.

I've updated the job to be more readable, to account for a 'looping' effect that I found in the fall from running on a fast CPU, and to run at 2AM -- the 'official' time that time-changes apply. I have this job set to be intiated by 'SYSSTART.PUB.SYS' on server bootup, and then automatically reschedule itself each Sunday at 2AM.

Continue reading "Next weekend, it's all in the 3000's timing" »


A Thorough Chill of the OS Business

LGFridgeThe consumer product maker LG has announced it's purchasing the webOS team, talent and tech from HP. This means a company whose lineup includes french door refrigerators now owns the most modern mobile OS in the world. As it turns out, great technology like webOS doesn't have much value in the hands of a company which can't create demand for the magic.

There's so little value left in webOS that the joint release about the sale says "HP and LG do not expect this transaction to have a material impact on either company's financial statements." And so, without even a report of what webOS cost, HP froze itself out of another OS product line.

Some operating systems not only have enduring value, but they are also drawing top talent to their community. It happened late last year for RedHat's Linux; Jeff Vance took his next step away from HP's 3000 guru days, when he made his transfer from K-12 vendor QSS to the Hat. Vance arrived at QSS with gusto for newer development environments and got to ply his passion for years there.

But the signals sent by selling off an innovative OS for "no material impact," well, they say a lot about how system makers create their value in 2013. The mobile OS that was going to unseat Apple made its HP departure with the same language as 3000 customers shared about MPE/iX. The end of the line wasn't really the end of the line, was it?

Continue reading "A Thorough Chill of the OS Business" »


How to Make HP's Diagnostics Free on MPE

ComputerdiagnosticMore than two years ago when HP officially closed its formal HP 3000 support, the vendor left its diagnostics software open for use by anybody who ran a 3000. Throughout the years HP sold 3000 support, CSTM needed a password only HP's engineers could supply. But the CSTM diagnostics tools started to run on January 1, 2011 without any HP support-supplied password. 

However, managers need a binary patch to free up the diagnostics. Support providers who've taken over for HP know how to enable CSTM. The community has a former Hewlett-Packard engineer to thank, Gary Robillard, for keeping the door to the diagnostics open. Robillard says he is "the engineer who, last worked on CSTM for MPE/iX when I was still a contractor at HP back in 2008."

A 3000 site must request a patch to get these expert tools working. HP arranged for 3000 sites to get such patches for free at the end of 2010. We tracked the procedure in a Newswire story, just in case that HP link above goes dark.

One such patched version of CSTM needs a binary patch. This month Robillard was revisiting his binary patch fix, which can be a part of using these diagnostics, with the HP patch ODINX19A noted below.

Versions of CSTM [patched] with ODINX19A or ODINX25A allow the expert tools with no licensing, but you still have to issue the HLIC command. 

If you install ODINX25A/B/C (6.5,7.0,7.5) you won't need to do anything except issue the hlic command with any password. The HLIC command might say it was not accepted, but the license is activated anyway.

Continue reading "How to Make HP's Diagnostics Free on MPE" »


Panel producer pursues PDF processes

NorbordNorbord, an international producer of wood-based panels, runs some of its operations on an HP 3000. This $1 billion company with 13 operating sites around the world needed to create PDFs on its 3000, a task assigned to John Pickering of the company. He went to the 3000 newsgroup for advice on how to do this, working to discover free, online resources already stocked away by indie support companies.

Pickering began by pursuing shareware, which is can sometimes be the budget choice for 3000 shops. (There's a superior and tested PDF-creating solution from Hillary Software, byRequest, which does this for 3000s as well as other enterprise systems.) But if a site wanted to bale together shareware like the txt2pdf software, a manager like Pickering needs Perl to run.

I'd be happy to use the shareware txt2pdf, but I don't know where to begin. The Sanface web site indicates that Perl is required, but that isn't on this 3000, either.

Allegro Consultants, supporting 3000s and crafting MPE software even in 2012, ponied up the Perl that Pickering needed to run txt2pdf.

You can get perl from Allegro," said veteran 3000 expert Donna Hofmeister at the company. "You'll want to get a copy of our SFTP PDF whitepaper as well, since it discusses how to install perl."

Continue reading "Panel producer pursues PDF processes" »


Power of File Equations: HP 3000 Flexibility

Editor's Note: HP's George Stachnik spent more than a decade teaching HP 3000 customers how to use the best of the system, back in the days when HP was selling it, and then when the vendor was pushing migration. On the former mission, Stachnik wrote a 33-part series in InterACT magazine, The HP 3000 for Complete Novices. Our archives have revealed a paper copy of Part 14, which included figures you can't find anywhere else. The figures make the article, one of more than 20 available online at the 3k.com website, even more useful. Here's an excerpt of this advanced MPE/iX tutorial.

By George Stachnik

Let’s turn our attention to more advanced characteristics of MPE files: file equations. 

Suppose you were writing a COBOL program to read data from an input file. Let's assume that when this program is placed into production, its input file is called INFILE. In COBOL, you could code the filename right into the file definition. When you run such a program on an HP 3000, it will look for a file called INFILE and attempt to read data from it.

Of course, Murphy's Law dictates that as soon as you have a program that is "locked into" a particular filename, a need will arise to have it read a file with a different name. For this reason, most commercial operating systems provide a way of assigning a temporary alias to a file. Perhaps the best example is the granddaddy of all commercial operating systems: IBM's MVS operating system.

Most mainframe applications refer to files not by their filenames, but by temporary aliases called DDNAMES. On IBM mainframes, DDNAMES are assigned using DD statements in a job control language called (fittingly enough) JCL. JCL is an old (and cryptic) language, but the concept of DDNAMES is a good one. It allows mainframe application programmers a degree of flexibility. 

The HP 3000 provides a similar capability. MPE allows you to assign temporary aliases called "formal file designators" using :FILE commands.

Continue reading "Power of File Equations: HP 3000 Flexibility" »


Voting for Security, Obscurity and Propriety

As I write this the polls have closed in the eastern-most time zone for the US elections. Nearly all of the ballots cast in this election have passed through some kind of electronic device, from a touchpad to a click wheel to other, non-uniform interfaces. You might visit a dozen counties in one state alone and see as many proprietary devices. Proprietary carries a negative vibe, this decade as well as this evening. A troubling report in Forbes related how experimental software patches in Ohio might be on live production voting machines today. Those are likely to produce unintended results, as such beta patches often do on HP 3000s.

But the word proprietary has a root of propriety, and that means proper: according to agreed-upon and accepted processing. You'd never sling out beta patches on an HP 3000 because it's just not proper. Your intention is to produce expected, reproducible and fact-checkable results. The fallout from using a proprietary interface, software or patch is simple: someone who's an insider needs to check it. And in a sinister aspect, knows how to crack it.

EugeneblogDecades ago the steady value of the HP 3000 and MPE was its security, one which flowed from privileged mode code. Then during the '90s it was the system's obscurity, once open-source and open system computers took the IT lead. Few people knew the 3000 well enough organize a serious breach. You were much more likely to be hacked from the inside, according to Eugene Volokh's classic Burn Before Reading. The same might turn out to be true this week, if the worriers from Forbes have conjured up a plausible nightmare about election machines. This evening, the biggest news outlets also fretted about the prospects.

Even during this data revolution, the 3000 is remaining settled in its nest of propriety as it's become ever more proprietary. The solution to the balloting mess is to standardize on devices and open the software. Not because the latter is harder to hack, but because an opened-up system is easier to scan for malware. The HP 3000 didn't need security patches after 2008 because the systems practiced propriety to earn their keep, and they were secure through their obscurity. National election voting systems don't have to meet that bar today. It costs too much, apparently.

Continue reading "Voting for Security, Obscurity and Propriety" »


Marking Time with MPE's TZTAB File

By Gilles Schipper
GSA Associates 

Last in a series

Twelve days from today, Daylight Saving Time ends and will give HP 3000 users a reason to look at their clocks. This week may be an appropriate time to think about implementing some best practices associated with clock maintenance for the HP 3000s that you administer. One special nuance for MPE administrators is the TZTAB file. It's code that turns out to be important to third-party and independent software on your system.

TZTAB file and SETVAR TZ 

In other installments in this series, I mentioned the TZTAB file and TZ variable and their relevance to popular third-party software suites. Although not utilized by MPE, by and large, this file and variable are important for some widely-used software. 

And, due to a relatively recent change to the universal TZTAB file required to accommodate the new Daylight Savings rules effective in 2007, it's useful to understand the quite simple format of the TZTAB file, and the corresponding TZ variable that points to its appropriate location in the file.

Continue reading "Marking Time with MPE's TZTAB File" »


Changing Clocks for Good Maintenance

By Gilles Schipper

Second in a series

Two weeks from this weekend, Daylight Saving Time ends for 2012. It may be an appropriate time to think about implementing some best practices associated with “Clock Maintenance” for the HP 3000s that you administer. For example, there's the task of changing the system clocks for other than trivial or TIMEZONE changes.

Your system clocks can be inaccurate either because they are out of sync with each other (ie. wrong TIMEZONE setting) or they simply contain the wrong time, or both. If your problem is an incorrect TIMEZONE (as shown by the SHOWCLOCK command) you can easily and quickly correct with the SETCLOCK TIMEZONE= command.

Keep in mind that if this command would normally result in a backwards time adjustment, the change will take place gradually such that the system clocks will never go back in time.(This default behaviour can be overridden with the ;NOW option of the SETCLOCK command). If the SETCLOCK command results in a time advancement, the advancement takes place immediately.

Again, you can use the SHOWCLOCK command to see the current time, timezone as well as the pending time correction in seconds. If you are experiencing both a timezone problem and clock accuracy issues, that's another matter.

Continue reading "Changing Clocks for Good Maintenance" »


It's About Time

By Gilles Schipper
GSA Associates

First in a series

NeonClockWith the impending end of Daylight Saving Time (DST) -- just two weeks from this coming Saturday night -- it may be an appropriate time to think about implementing some best practices associated with “Clock Maintenance” for the HP 3000s that you administer.

To refresh your memory, beginning in the year 2007, DST was extended by approximately one month for most time zones in the US and Canada. Consequently, for most locations, DST now begins at 2:00AM the second Sunday every March, and ends at 2:00AM the first Sunday each November.

The rules for specific time zones are contained in a file named TZTAB.LIB.SYS, whose exact format and interpretation will be shown in detail later in this series. Suffice it to say, this file is largely irrelevant for the normal operation of the HP 3000. 

But it is relevant and important for various software products  that are common to the HP 3000 environment, including, among others, products by Nobix, IBM/Cognos, and Speedware -- but surprisingly not by a very useful utility, NTPDATE, which I'll describe in detail.

Continue reading "It's About Time" »


3000 Memoir Project: Wins from Easy Use

The 3000 Memoir Project is a living and growing history of your community, told by the server and its software. There are excepts of the book to be published next year, in paper as well as e-book formats. 2013 will mark the genuine 40-year anniversary of the system, while 1974 marks the start of the user group that integrated community pioneers.

We're looking for your stories of the first time you encountered a 3000. Call me at 512-331-0075, or send an email to the NewsWire's offices.

In this installment, the 3000 tells about relative ease of use versus mainframe standard, stories told to, and told by, Paul Edwards -- a former IBM mainframe manager, US veteran, and director of several user groups. By the HP 3000

I was sold on ease of use, and fun. 

PaulEdwards-atSaltLickI like what Paul Edwards and the others said about working with me, versus those entrenched mainframes. See, HP didn’t think of selling me as a big datacenter computer at the start. I was supposed to be a wheel-it-in computer. Some of my early ads showed people “rolling it up to the side of the desk,” Edwards says. My early models, the Series 30s and 40s, even had me built into desks as if I was part of the office furniture, instead of running the office.

That’s because I was a new idea in computers: something that regular office workers could manage, with the help of people like Edwards at HP.

They had a great database they gave me for good in 1976, IMAGE, and one of the fun examples of it used statistics from the NFL. Orly Larson at HP had cooked up the demo of IMAGE, “and every HP sales site had a copy of it. It was just a six-dataset database. But we’d say to the Systems 3 people, ‘let me show you how you can retrieve something, or update databases. They were amazed. It was fun. IBM systems weren’t fun – they were work.”

Edwards says that back in those early days, you couldn’t take fundamentals for granted. Like just writing a file. Me, I did it like a swimmer just jumping in after years of practice, not even thinking about it. “When I came to the 3000, I didn’t have to worry where on a disk I was going to put a file,” he says. “I just wrote out a file. On the IBMs, I had to specify which sector, which disk platter.” He called it one of the most advanced bits of tech that I had when he first started using me.

Continue reading "3000 Memoir Project: Wins from Easy Use" »


Core memories spark a cold start for 3000s

Editor’s Note: Jon Diercks, the author of the only comprehensive MPE/iX administration book, offered us this story of the 3000’s very first year. It was a time of HP retreat from the minicomputer market: HP staff resigning, others unselling a system touted just months earlier as “a happening,” as the slogans of 1972-73 said in HP labs and offices.

Diercks worked at Anderson University in the 1990s alongside Tom Harbron, who’d been the college’s computer department director during 3000’s first months on the market. Diercks said Harbron was heavily involved in early discussions with HP about MPE and IMAGE. 

The institution began as Anderson College, and its very first HP 3000 was one of the earliest models. Diercks said the bragging line in those days was "Anderson College has the first HP 3000 ever installed anywhere between the Rockies and the Appalachians."

Harbron’s report on the 3000’s 1973 is part of Diercks’ 3000 memories, and so he’s contributed the writing as part of our 3000 Memoir Project — in all of its authentic, human and humbling beginnings. It's the first story I've read that details the 3000's retreat. An HP employee who couldn't look his customers in the eye about the 3000, and so resigned. A man whose job was to unsell the 3000s -- and later would bundle the greatest software HP ever wrote, IMAGE, to the Classic hardware, which not long after, fell behind the state of the art.

By Tom Harbron

Reports of problems with the HP 3000 operating system, MPE, continued to be received in the opening weeks of 1973. While it was not encouraging, I had confidence in the basic soundness of the 3000’s design and the integrity of Hewlett-Packard to ultimately deliver what had been promised.

HP’s Phil Oliver called and scheduled a meeting with me for February 6, 1973.  He brought along Bob Stringer, who had replaced Ed Pulsifer as the District Sales Manager; Ed McCracken, who was now HP's Market Manager for Government, Education, and Medical Markets; and Jay Craig, who was a new HP salesman from Indianapolis. McCracken would tell me, years later when he was the 3000 division manager, that the morning in my office was the most difficult day of his career. The people that HP hired were, mostly, an honorable group of people.

Continue reading "Core memories spark a cold start for 3000s" »


In the Beginning, There Was Tape

By Brian Edminster
Applied Technologies

First in a series 

In the beginning, there was tape. And if you’ve been around awhile, you remember it was on big reels about a foot across, was about a half-inch wide, and could have as much as 2400 feet of it on a reel. Yeah, they were heavy, too.

Data was recorded in parallel ‘tracks’ along the length of the tape. In this case nine of them, hence the name ‘9-track’ tape. At 800 bpi, that yielded a capacity of nearly 20Mb. Later technology allowed higher density, when 1600 bpi upped that capacity to about 120Mb. The last incarnation of 9-track was a whopping 6250 bpi — yielding nearly 1Gb of storage for a single reel of tape.

By comparison, anyone can get USB flash-drives that’ll hold 16Gb for $10 down at Walmart. 

Very few, if any later model 3000’s (those that run MPE/iX vs. MPE/V) will even have a 9-track tape drive on them. And that’s a good thing. These 9-track tapes take up far too much physical storage space, and are far too slow to read and write. They might have been okay, back when disk drives were 50Mb, 120Mb, 404Mb, or even 570Mb (the capacities of the old HP 7920, 7925, 793x, and 7937 disk drives, respectively).

Unfortunately, a 2Gb drive is pretty much the smallest drive you’ll see on a 3000 these days, and larger drives are more common. This presents a problem: What do you do when it takes potentially dozens of tapes — and many hours — to do your daily backups?

Continue reading "In the Beginning, There Was Tape" »


Porting to Posix on the HP 3000

One of the leading lights in HP 3000 development has been researching how to port software to Posix under MPE/iX. David Dummer, who created DataExpress and played a major role in making Transact a genuine language, was looking for help to resolve an error while compiling.

Why would a 3000 homesteader want to port software to Posix? One reason is to ready an application for the journey to one of the *nixes, like HP-UX or Linux. Here's Dummer's dilemma.

I have been trying for some days to port a Unix application to an HP 3000. One of the source files contains calls to the Posix functions of 'tcgetattr' and 'tcsetattr' for terminal handling control. I compile this source under the Posix shell, as the MPE C compiler doesn't appear to be able to find the included 'termios.h' header file. The application program is then created by the MPE linkage editor.

At execution time the loader denotes the two Posix functions as unresolved externals. From my reading of articles on Porting to Posix I would have expected these two functions to be in the relocateable library file '/lib/libc.a' 

I then decided to write a makefile and to perform all of the compile and build functions under the Posix shell. This appears to cure the missing function problem, but the resulting application aborts before reaching the first statement in the mainline program.

Mark Bixby, who wrote that seminal resource on porting to MPE applications to open source, weighed in with some advice for developers.

Continue reading "Porting to Posix on the HP 3000" »


Securely Storing Passwords

Editor's Note: Security is one of the limiting factors in adopting cloud computing. HP, as well as its partners, will tell you that cloud computing and similar remote access is a forward-thinking alternative to HP 3000 centralized on-site computing. But there's that security thing.

More than 30 years ago VEsoft's Eugene Volokh chronicled the fundamentals of security for 3000 owners trying to protect passwords and user IDs. Much of that access hasn't changed at all, and the 3000's security by obscurity has helped it evade things like Denial of Service attacks, routinely reported and then plugged for today's Unix-based systems. Consider these 3000 fundamentals from Eugene's Burn Before Reading, hosted on the Adager website.

Logon security is probably the most important component of your security fence. This is because many of the subsequent security devices (e.g. file security) use information that is established at logon time, such as user ID and account name. Thus, we must not only forbid unauthorized users from logging on, but must also ensure that even an authorized user can only log on to his user ID.

If one and only one user is allowed to use a particular use ID, he may be asked to enter some personal information (his mother's maiden name?) when he is initially added to the system, and then be asked that question (or one of a number of such personal questions) every time he logs on. This general method of determining a user's authorizations by what he knows we will call "knowledge security."

Unfortunately, the knowledge security approach, although one of the best available, has one major flaw -- unlike fingerprints, information is easily transferred, be it revealed voluntarily or involuntarily; thus, someone who is not authorized to use a particular user id may nonetheless find out the user's password. You may say: "Well, we change the passwords every month, so that's not a problem." The very fact that you have to change the passwords every month means that they tend to get out through the grapevine! A good security system does not need to be redone every month, especially since that would mean that -- at least toward the end of the month -- the system is already rather shaky and subject to penetration.

There's a broader range of techniques to store passwords securely, especially important for the 3000 owner who's moving to more popular, less secured IT like cloud computing. We've asked a security pro who manages the pre-payment systems at Oxygen Financial to share these practices for that woolier world out there beyond MPE and the 3000.

By Steve Hardwick, CISSP

There has been a lot in the news recently about password theft and hacking into email accounts. Everything needs a password to access it. One of the side effects of the cloud is the need to be able to separate information from the various users that access a centrally located service. In the case where I have data on my PC, I can create one single password that controls access to all of the apps that reside on the drive plus all of the associated data.

There is a one-to-one physical relationship between the owner and the physical machine that hosts the information. This allows a simpler mechanism to validate the user. In the cloud world it is not as easy. There is no longer a physical relationship with the user. In fact a user may be accessing several different physical locations when running applications or accessing information. This has led to a dramatic increase in the number of passwords and authentication methods that are in use.

Continue reading "Securely Storing Passwords" »


Follow that VSTORE onto other drives

Editor's note: After reading our article on SLT creation and validation yesterday, consultant Brian Edminster adds some notes on how to employ VSTORE in your 3000 management. He's also working on an article that covers backup automation.

By Brian Edminster
Applied Technologies 

If possible, do your VSTOREs on a different (but compatible model) of tape drive than the one the tape was created on. Why? DDS tape drives (especially DDS-2 and DDS-3 models) slowly go out of alignment as they wear.

In other words, it's possible to write a backup tape, and have it successfully VSTORE on the same drive. But if you have to take that same tape to a different server with a new and in-alignment drive, you could have it not be readable! Trust me on this -- I've had it happen.)

If you'll only ever need to read tapes on the same drive as you wrote them, you're still not safe. What happens if you write a tape on a worn drive, have the drive fail at some later date -- and that replacement drive cannot read old backup tapes? Yikes!

Continue reading "Follow that VSTORE onto other drives " »


What You Need to Do and Check for SLTs

At a recent visit to a customer's shop, VEsoft's Vladimir Volokh spread the word about System Load Tapes. The SLTs are a crucial component to making serious backups of HP 3000s. Vladimir saw a commonplace habit at the shop: Skipping the reading of the advice they'd received.

"I don't know exactly what to do about my SLT," the manager told him. "HP built my first one using a CD. Do I need that CD?"

His answer was no, because HP was only using the most stable media to build that 3000's first SLT. But Vladimir had a question in reply. Do you read the NewsWire? "Yes, I get it in my email, and my mailbox," she said. But like other tech resources, ours hadn't been consulted to advise on such procedures, even though we'd run an article about 10 days ago covering CSLTs. That tape's rules are the same as for SLTs. Create one each time something changes in your configuration for your 3000.

Other managers figure they'd better be creating an SLT with every backup. Not needed, but there's one step that gets skipped in the process.

Continue reading "What You Need to Do and Check for SLTs" »


MM/3000 stalwart serves, stocks 3000 docs

We're still thinking about how to organize and capture the wealth of lively links at hp3000links.com. This site has been without an administrator for most of a year, and it's still got more than 100 links on it that lead to useful information.

But the links to HP's documentation on the 3000's software and hardware go nowhere. Most of them were hosted on HP servers that have either been retired -- like the 3000 division's Jazz webserver -- or they point at a baffling HP webpage where somewhere or other there's a way to find documentation.

However, there's another web resource that seems to pop up quickly when we do a search for HP manuals like the MPE/iX 7.5 Maintenance Manual. It seems that one of the stalwarts of the HP Manufacturing Management application, Scott Petersen, has been stockpiling 3000 manuals at his hpmmsupport.com site. MM/3000, as it was called through the '90s, sold a lot of new 3000s -- because in choosing a platform it's all about the application, isn't it?

It is, until you make that choice, and then you're facing system administration like keeping an SLT up to date for your 3000. How to create a CSLT is part of that 7.5 manual. Petersen's site has it and much more.

Continue reading "MM/3000 stalwart serves, stocks 3000 docs" »


Matches of Mountain Lion and MPE/iX

By Brian Edminster
Applied Technologies

Mountain-lionI follow far too many blogs, in my vain attempt to stay informed on the state of technology (software, hardware, and other). When Apple released its state of the art OS today, I kept on researching. As a byproduct of those attempts, I happened on an article from Information Architects, Mountain Lion’s New File System, and found it quite interesting.

In short, it appears that Apple -- in working to move away from a many-leveled folder hierarchy to 'force' a two-level hierarchy in its file-systems (iOS, and now in OSX) -- is now basically moving towards where MPE was from the beginning.

In MPE's case, it's Account and Group, rather than Application, and folder within Application. But the resemblance is striking.

Continue reading "Matches of Mountain Lion and MPE/iX" »


Make backups, but a CSLT is just as vital

Many homesteading HP 3000 shops are working with limited system administration. If you're reading this blog, that probably doesn't apply to your own 3000 shop. But you can pass on advice about backing up to any 3000 site you know. A backup of applications and databases isn't enough.

The CSLT needs to be fresh and available, too. The Custom System Load Tape tells the 3000 how the configuration is set up for devices attached to the system that you're restoring. (The original SLT that was distributed from HP has a generic configuration. This customized SLT reflects your physical configuration of your specifically-built system.) Also referred to as a boot tape, it contains the system load utilities, diagnostic subsystems, base system files, and other HP system files such as IMAGE, FCOPY and EDITOR.

A CSLT is generated with the system generator (SYSGEN) utility. You can build a CSLT for individual systems, each with a different configuration, after updates. These configurations tell the 3000 what other volumes are available to accept data. You can also put a full backup on the end of a CSLT, but it's better to have that backup on separate tapes. (Separating a backup from the CSLT also speeds up creating a CSLT.) Consultant Paul Edwards advises that managers make a CSLT at least every other time during a backup, plus having two tape drives on each system. "Being paranoid makes for a good system manager," he says. "If you're not paranoid enough, you better have a good resume."

Overlooking the CSLT is so common that even some admin pros have done it from time to time. For one such pro, an A-Class 3000 was recently rebuilt and had its apps consolidated. But the rebuilt system didn't have its CSLT freshened, which was discovered when the boot volume failed. 

We lost LDEV1 in the 'system' volume-set. The apps and databases are fine, but I'd neglected to make a fresh CSLT once the rebuild/configure/setup was complete. Fortunately, all the data volumes are protected with Mirror/iX -- but rebuilding the system volume accounts, network config, administration jobs and so on has been a pain.

An honest mistake like this is not one you need to make yourself. Even if, as another 3000 consultant notes, your shop has gone into Frugal Mode while it makes in-house moves. You have the right to be wrong in Frugal Mode. But you really don't want that right, unless you've got plenty of extra time.

Continue reading "Make backups, but a CSLT is just as vital" »


Use MPE Input Files to Create Output Files

Intrinsics are a wonderful thing to power HP 3000 development and enhancement. There was a time when file information was hard to procure on a 3000. "The high point in MPE software was the JOBINFO intrinsic," said Olav Kappert, an MPE pro who started with the 3000 in 1979.

Fast-forward four decades years later and people still ask about adding features to a system. The Obtaining File Information section of a KSAM manual on MPE/iX holds an answer to what seems like an advanced problem. 

I'm still using our old HP 3000, and I have access to the HP COBOL compiler. We haven't migrated and aren't intending to. My problem is how to use the characteristics of an input file as HPFOPEN parameters to create an output file. I want that output file to be essentially an exact replica of the input file (give or take some of the data). I want to do this without knowing anything about the input file until it is opened by the COBOL program. 

I'm using FFILEINFO and FLABELINFO to capture the characteristics of the input file, after I have opened it. After I get the opens/reads/writes working, I want to be able to alter the capacity of the output file.

Francois Desrochers replies

How about calling FFILEINFO on the input file to retrieve all the attributes you may need? Then apply them to the output file HPFOPEN call.

Donna Hofmeister adds 

You might want to get a copy of the "Using KSAM XL and KSAM 64" manual. Chapters 3 and 4 seem to cover the areas you have questions about. Listfile,5 seems to be a rightly nifty thing.

But rather than beat yourself silly trying to get devise a pure COBOL solution, you might be well advised to augment what you're doing with some CI scripts that you call from your program.

Continue reading "Use MPE Input Files to Create Output Files" »


Web console resets, environment rebuilds, dumping form printers lead Hidden Value

I switched from an A400 to an A500 some time back, and I only realized I had not set up the remote web console after the console was down. Where can I configure this? This last time my only access was via VPN, or verbally over the phone. ("What can you see? Okay, so type...") I want to be able fix this myself next time. The console is the built-in one, and not an external box.

Gilles Schipper replies

You can configure your web console from the main console via the GSP interface. Specifically, the command you're looking for is LC (LAN configuration).

This command can be invoked even while the system is up and running by typing ctl-B (control and B together). For more help, at the GSP interface, type HELP, then HELP LC. 

Craig Lalley adds that if you arrive at a password roadblock and need to clear a console back to the default login, "at the physical console, hit the GSP reset in the back of the system, then press P on the keyboard. It will reset the passwords."

I need to rebuild an environment from one HP 3000 system to another. Trouble is, we want to have groups from the same account end up on different user volumes. Is there a way to do this using BULDACCT? 

Keven Miller adds

BULDACCT was made for processing complete accounts. Do BULDACCT  CHC%VSACCT=MEDADV_1. Then edit BULDJOB1 for the other group, changing MEDADV_1 to _2

Continue reading "Web console resets, environment rebuilds, dumping form printers lead Hidden Value" »


Celebrate net printing's anniversary: use it

Seven years ago this week HP's 3000 lab engineers announced that networked printing was ready for beta testing. This was one of the last enhancements first demanded by a wide swath of the 3000 community, then delivered by HP. The venerable Systems Improvement Ballot of 2004 ranked networked printing No. 1 among users' needs.

MPEMXU1A is the patch that enables networked printing, pushed into General Release in Fall, 2005. HP had given the community a OS-level substitute for good third party software from RAC Consulting. It might have been the last time that an independent software tool got nudged away by HP development.

The HP 3000 has the ability to send jobs to non-HP printers over a standard network as a result of the enhancement. The RAC third party package ties printers to 3000 with fewer blind spots than the MPEMXU1A patch. HP's offering won't let Windows-hosted printers participate in the 3000 network printing enhancement. There's a Windows-only, server-based net printing driver by now, of course. The HP Universal Print Driver Series for Windows embraces Windows Server 2008 and 2003.

Networked printing for MPE/iX had the last classic life that we can recall for a 3000 enhancement. The engineering was ready to test less than a year after the request. This software moved out of beta test by November, a relatively brief 5-month jaunt to general release. If you're homesteading on 3000s, and you don't need PCL sequences at the beginning and end of a spool file, you should use it. Commemorate the era when the system's creator was at least building best-effort improvements.

Continue reading "Celebrate net printing's anniversary: use it" »


Open Sourcing Access to Linux or Windows from MPE/iX

DSLINE is a classic networking access service provided for HP 3000s. The software is so classic that HP once charged separately for NS3000/iX Network Services. One user wanted to employ DSLINE to make connections, starting from MPE systems and into remote Linux and Windows servers. Sending commands was the task to be performed.

"I currently use a Reflection script to do the job," said Krikor Gullekian. "However, we are moving away from that and creating a JCL for it. I am using FTP to create a file on the host system which is activating commands to run, and that works, but it's a little cumbersome. That's why I was wondering if there were any other way."

Another community member pointed to using the ssh client included on the HP 3000. In theory, so long as the Linux and Window servers have an ssh server, then Gullekian should be able to run remote commands via ssh. But there's some hurdles to overcome in using ssh on a 3000 for remote command execution.

Brian Edminster of Applied Technologies, who's maintaining a repository of these sorts of open source tools for 3000s, warns that ssh needs some improvements to let it perform the same level of work as Linux or Windows versions of the remote access tool.

Unfortunately, the available ssh client for MPE/iX is none too current, and is essentially 'broken' with regard to remote command execution. As I recall, it has something to do with SELECT being busted on MPE/iX. It works well enough to support scp and sftp though, but that's pretty much it.  

Edminster has created workarounds for anyone who needs password-free invoking of secure remote scripts, however. What's more, it appears that the MPE way of writing such received files to disk is more secure than the other platforms' FTP services.

Continue reading "Open Sourcing Access to Linux or Windows from MPE/iX" »


Paper passes on primers on MPE, and more

Imagine it's your first day managing an HP 3000. You don't have to travel in a time machine to find that kind of event. However, a magic carpet of the past ensures the delivery of time-tested fundamentals. The carpet is paper, where so much MPE lore first unspooled for your community. If not for articles on paper, much of the 3000's wisdom would never have made it to the web.

As for that first day, an IT manager at Disston Tools in South Deerfield, Mass. has had that date arrive just this month. He's a total newbie, taking over for a veteran who's leaving this manufacturer. Everybody's a newbie at something. It's just like publishing news: if it's something you didn't know, then it's news to you.

NewsprintNot many Interweb resources call themselves publishers, but we do. We started with ink on paper, my partner Abby and I, initially for a cross-platform IT publisher before the NewsWire was first delivered from our own offices. This week we delivered our 155th print issue. The May edition will be available to our community newbie, as well as one veteran that community icon Vladimir Volokh scouted out in Los Angeles. Vladimir hand-delivers print issues on his consulting trips, much to our delight.

With all that print heritage, I took note of a retrenchment in printed news this week. The daily newspaper in New Orleans will be daily no more. The Times-Picayune is going to three times weekly in print and everyday online. This is a newspaper that won two Pulitzers for its Katrina reporting. Sadly, the caliber of content doesn't bulwark many publications anymore. Advertisers, like our fine sponsors, determine how often the presses roll.

In the alternative, of course, there's the Interweb. I use the jokey term for online news because it's completely pervasive and so up to date that the future seems like yesterday if you bury your head in links. Knowing where to look, however, becomes a great mission for printed publications. We always hear that people have found our reports for the first time when they get a print issue of the NewsWire. It's nice to have that outpost, and essential to who we are and how we deliver. But for printed pages long gone, it's great to have host sites that preserve things like George Stachnik's instruction about using files in MPE, and much more. It's one of 21 articles in a series he wrote for the now-departed InterACT magazine. All are preserved for the education of newbies, as well as the rest of us.

Continue reading "Paper passes on primers on MPE, and more" »


HP runs ahead and behind, then and now

The iconic entity called Interex emerged this month 28 years ago. HP had announced it would catch up to 32-bit computing with Spectrum. And the vendor whose sales still didn't exceed $7 billion said in 1984 that touchscreens were the most intuitive interface. Being ahead and behind all at once is a sign that you're still developing, making leadership while you catch up your customers

RandomAccessInteract84Hewlett-Packard used the 1980s in your community to push out new ideas. Touch-based personal computing hit the market in the HP 150, one of the Series 100 PCs that transformed the International Association of Hewlett-Packard Computer Users. Before HP cast its seeds of PC innovation, Interex didn't exist. In a May column from executive director Bill Crow in InterACT magazine, the user group renamed itself "to define the association's independence" from HP.

Although that user group has been in the grave more than six years, its members' insights haven't evaporated. An era of ink on paper (click above for detail) has preserved milestones like HP running more than 25 years ahead of the industry with touchscreens. It's easy to forget your community was reaching for a breakthrough office experience even while it was dragging along chips devised a decade earlier.

Ed McCracken, a GM of HP's Business Development Group, announced in early '84 the seven basic principles guiding HP's "office automation strategy:

1. The workstation is the most important component, followed by the distributed data processing system (DDS)
2. All workstations will be personal computers
3. The touchscreen is the most intuitive interface
4. Workstations will not tie directly to mainframes but to an intermediate DDS
5. A pragmatic approach to open architecture is required
6. High quality is essential
7. There must be an intuitive integration linking managers' workstations, secretarial workstations, and the other components of the system.

Number 3 is the most striking of the guides offered by McCracken, the man who drove the genius of bundling the rising DDS of the 3000 with a crack database. But in '84 HP was already considering IMAGE a database that needed a successor. The vendor was following in IBM's wake, right down to a new partnership with a small company built by an IBM ex-pat. Interex also recognized that Alfredo Rego -- "the man behind Adager" -- was on par HP's CEO, John Young. Both gave 1984 user conference speeches, but Rego recognized that IMAGE was to remain the force behind the 3000's success.

It wasn't going to come through a new processor family -- although the Spectrum project's 32 bits were critically overdue. Like today, software mattered more than hardware like Itanium. Oracle's database, built upon the same IBM roots, will determine the fate of the last remaining OS that HP ever built with its own R&D. Databases are lynchpins.

Continue reading "HP runs ahead and behind, then and now" »


Intrinsic Advice: Finding HP's 3000 Savvy

While I fine-tuned (okay, corrected) yesterday's report about the current lifespan for MPE date intrinsics, my associate technical editor Vladimir Volokh suggested we include HP's documentation page for HPCALENDAR. That's the intrinsic HP wrote for the 6.0 and 7.x releases of the 3000's OS, a new tool to solve an old problem. Alas, HPCALENDAR is fresher, but it's only callable in the 3000's Native Mode.

But poking into the online resources for MPE Intrinsics, I stumbled on HP's re-shelving of its 3000 docs. No longer available at the easy-to-recall docs.hp.com, these manuals are at HP's Business Support Center. And just about nowhere else within a 10-minute search across Google's search engine. (Bing did no better.) So where are the guidelines to intrinsics for MPE/iX?

The Intrinsics Manual for MPE/iX 7.x is a PDF file at MMM Support. Independents like that support company help the community in using HP's resources for 3000s these days. It used to be much simpler. In the 1990s the Interex user group ran a collection of well-written white papers by George Stachnik. We're lucky enough to have them with us today, cut loose from ownership and firewalls. One is devoted to the system's intrinsics.

Continue reading "Intrinsic Advice: Finding HP's 3000 Savvy" »


Which bits produce the 3000's stall in 2028?

Vw-egoUpdate: We advise you to read our following day's report about HPCALENDAR and the CALENDAR intrinsic, for a complete view of the future viability of MPE. Also, the first entry in this series, including advice on what to expect from a 3000 running during 2028.

At the risk of beating a dead horse, we will return to the 3000's roadblock in 2028 one last time. We can wrap up our CALENDAR intrinsic discussion with an explanation of the reason for its hold on the 3000's far future. But it might be useful to consider that 2028 is not so far away that engineers aren't already conceiving its technology. When you merge VW and 2028, you can get an image like the one above.

Before the future, though, there's always history. When MPE was created in 1970, it started as a project called Omega. The miracle of this engineering was its use of 32-bit computing, still a novelty at the time. But when HP canceled Omega in favor of a 16-bit 3000 -- a management choice that prompted black armbands among HP staff -- it sealed the server into a 57-year period of service.

That's because, we were reminded by MPEX co-creator Vladimir Volokh, 16-bit 3000s left only enough intrinsic room for 127 years of accurate dates. The intrinsic CALENDAR, written for the eldest MPE Segmented Library (SL), uses only 7 bits to describe which year is in effect. That delivers a maximum number of 127 years which you can express, and MPE was built with 1900 as its base for dates.

From HP's Intrinsics Manual:

CALENDAR
date

16-bit unsigned integer
(assigned functional return)
Returns the calendar date in the following format:
Bits Value/Meaning
7:9
Day of year
0:7
Year since 1900

HP only allotted 7 bits to describe the year for MPE. Who'd expect that the OS would have a lifespan of more than 50 years? Someone who figured newer and better tools would take over by then. It's commonplace to believe in the equivalent of flying cars -- Volkswagen's 2028 model concepts (shown above) are online in the company's German video and Flash site. Maybe cars will fly in some places, maybe not in others. Oh, for one extra bit. But HP ordered 16 extra, just too late to influence the heart of MPE.

Continue reading "Which bits produce the 3000's stall in 2028?" »


RAIDing LDEV1, finding code for migration

What are the solutions for replacing our 4GB internal LDEV1 with something that supports RAID -- or at least disk mirroring? We currently have our production data in 'Jamaica' units, fully mirrored (Mirror/iX), but I've been worried about that ancient LDEV1. We do everything possible to not shut down power. It has reached the point where I have concern that if the drive ever lost its taste for power, it might never spin up again -- and the thought of a RELOAD is not fun.

Mod 20Jack Connor says

There are two fairly low cost solutions which could handle RAID for your 3000. These would be the Mod 10/20 (at left) and Autoraid 12H units, both of which connect via FWD SCSI. A Mod 10/20 would require two FWD cards/connections to be available; the 12H, just one.

Gilles Schipper says

If the HP 3000 is not an A-Class or N-Class, then the best solution would be a Mod 10/20 or an Autoraid 12H. If it is an A-Class or N-Class, the best solutions include any number of fiber-capable devices -- such as a VA7xxx, an XP unit, and others. You could use the Mod 10/20 and Autoraid, but why would you, unless cost is the most important factor?

Craig Lalley says

One problem to consider is the model of HP 3000. The older "NIO" backplanes used in the 9x9s and earlier do not support native Fibre Channel. The N-class boxes do. To boot from a VA7xxx array, you would need the A5814A-003 Fibre to SCSI "brick" if you are not using an A-Class or N-Class.

We have recently begun our migration off the HP 3000. How can I determine what programs reference the data items in our TurboIMAGE databases, since the application vendor we currently use did not provide us with a data dictionary?

Continue reading "RAIDing LDEV1, finding code for migration" »


3000's use in 2028: bug, or feature?

The CALENDAR intrinsic that blocks HP 3000 use in 2028 has been described as a bug. On the first day of that year, dates will not be represented accurately. Some in your community consider that New Year's Day, less than 16 years from now, as the 3000's final barrier. But it depends on how you look at it -- as a veteran, or a voyager.

VladimirNov2010A voyager sees CALENDAR as a deadline for departure. This is a part of MPE that was designed in the 1970s, a period when HP had just scrapped a 32-bit release of the 3000's first OS. And just like the Y2K date design, HP engineers never figured their server's OS had any shot of working by the 21st Century -- let alone 2027. But VEsoft's Vladimir Volokh says, "It's difficult to predict anything, especially the future." An IT pro who's planning to depart the 3000 believes CALENDAR is a bug, but that's not how Vladimir sees it.

"This is not a bug, really," he said. "It's a limitation. The end of 2027 date was as far away as infinity when MPE was created." This is a man who defines the term veteran, the kind of professionals who had to work inside 4K memory spaces to build 3000 programs. Limited and expensive resources like memory and disc were supposed to be extended with newer computers. "Every analyst told us a computer would live five years, at most," Vladimir said.

But as a veteran, you've now come to see the day when MPE's lifespan is reaching eight times that prediction. The veteran who chooses to see CALENDAR as a limitation can refer to HP's own lab response. Engineers during the '90s built HPCALENDAR to start extending the 3000's date limits.

Continue reading "3000's use in 2028: bug, or feature?" »


Migration racks up list of emulated tasks

Some HP 3000s which remain in service are using many MPE nuances to get their jobs accomplished. Each of these tasks needs to be emulated in a migration away from the server. Even as companies embark on migrations to reduce risks, the list of tasks that they hope to replicate from their in-house apps can be surprising.

Such is the case at MM Fab, a fabric manufacturer in LA's South Bay Area. The 3000 shop is now taking its first year of steps off the system, developed and managed by Dave Powell. He shared a list of the things that an emulator must do if it were to succeed at replacing HP's 3000 hardware at his shop. The list also serves as a extensive catalog of the capabilites required of any new operating environment.

"We are thinking about migrating," Powell shared, months before the decision was made. "Which means we have to think about the choice between buying a package vs some form of emulation. Which means I could use some assurance that the [3000 hardware] emulation tools out there would actually work for us."

I can't afford to take this for granted because our system uses some rare features and does unusual things. Lots of them. Example: we do lots of tricky escape-code screen handling (mostly for point-and-shoot, drill down inquiries) that breaks some terminal emulators. Reflection 10.0 works, as does Minisoft WS92 v5.4 and actual terminals from 262x on, but last I checked, Minisoft Secure92 fails big-time. Not trying to make Minisoft look bad, but I need to make the point that software that works elsewhere may not work for us.

"We never cared about portabililty," Powell said, "because we never had any intention of moving to any other platform." From such situations are customers made for the Stromasys virtualization engine. If you're uncertain of whether you're using any MPE nuances in your application, it's a good strategy to get an evaluation of what's in production use today. Even if you're not migrating.

Continue reading "Migration racks up list of emulated tasks" »


Changing IP Addresses for HP 3000s

I need to change the IP address of our HP 3000 in the near future, and it's been over 10 years since I've done anything like this. Here's what I think needs to be done:

NMMGR
Open Config
NS
Guided Config
Put in the network interface, (LAN1), then press Config Network
Enter the new IP address
Save Data
Validate

Tracy Johnson replies:

I would go with Unguided Config. Guided may change things (besides the IP address) to defaults that may have modified over the last 10 years.

Craig Lalley adds:

Depending on the old IP address and the new IP address, you may want to also change the subnet, and the gateway. The gateway can be accessed by hitting F4 for Internet. The gateway is found at the path NETXPORT.NI.LAN.INTERNET

If you are making the change because of a new switch/router, make sure the network guys configure the port for the HP 3000 correctly. In other words, if you have a 100MB card, make sure it is set to 100MB/full duplex and do the same on the HP 3000, and turn off auto negotiate.

Continue reading "Changing IP Addresses for HP 3000s" »


Migrating Data for Extended Homesteading

Update: Added advice from Brian Edminster on using Jeff Vance's free UDC, UDCVOL.

The redoubtable 3000-L mailing list still boasts more than 600 readers, and more than 100 of them answer questions about 3000 operations. The discussion helps homesteaders, or those who are making moves to extend the life of 3000s.

Or replace them with other 3000s. A reseller recently asked for help on data migration of the homestead variety. He got instructions useful for anyone populating a fresh disc with production data.

I'm using MPE/iX 6.5 on a 9x7 3000, and trying to move data from a system volume set to a private volume set. I made a full backup and have created a private volume set, but I'm having problems restoring my data to the private volume set.

Craig Lalley of EchoTech replied:

You need to build the accounts and groups on the private volume before the restore. On the old system, run BULDACCT like this

acct_list%VSACCT=user_set

Purge the old accounts, then STREAM BULDJOB1. This will build the "buckets," the accounts/groups on the private volume. Then do the restore.

Continue reading "Migrating Data for Extended Homesteading" »


Making An HP 3000 More Secure

The Internet includes a wealth of advice, but it also harbors guidelines for IT malice. Not long ago the HP 3000 mailing list and newsgroup included a message that pointed to a pair of documents about hacking into the HP 3000. One expert in the system said these were dated, but still effective.

There's always been a lot in MPE that makes your servers more secure, of course, plus independent software to bolt its doors shut. (Security/3000 from VEsoft comes to mind. User Robert Mills says that "it is well worth the cost and time involved in setting up.") Even MPE's included passwords and permissions usage might be in the dim recesses of your memory, however. Consultant Michael Anderson of J3K Solutions supplied some refresher material.

An easy way into a MPE box is when the default passwords are left unchanged, like the TELESUP account and a few more third-party accounts that are well known. Securing your HP 3000 is simple.

1. Set unique passwords on all user/accounts, and maybe even groups.

2. Use PASSEXEMPT to avoid keeping passwords in job streams, enabling you to change passwords frequently.

3. Make sure ACCESS= & CAPABILTIES are set properly to avoid the use of the RELEASE command.

4. Programatically audit, audit, and then audit some more!

When anyone does log on, there are more options as well.

Continue reading "Making An HP 3000 More Secure" »


Set your 3000 clocks all the time

It's not too late this morning, even if it seems like it when you look at your watch on the first Monday after the time change. There's still time to get your HP 3000 clock set accurately. Last Friday the community was trading tips and technique about how to get on time. Donna Hofmeister, whose firm Allegro Consultants hosts the free nettime utility, explains how time checks on a regular basis keep your clocks, well, regular.

This Sunday when using SETCLOCK to set the time ahead one hour, should the timezone be advanced one hour as well?

The cure is to run a clock setting job every Sunday and not go running about twice a year. You'll gain the benefit of regular scheduling and a mostly time-sync'd system.

In step a-1 of the job supplied below you'll find the following line:

    !/NTP/CURRENT/bin/ntpdate "-B timesrv.someplace.com"

Clearly, this needs to be changed.

If for some dreadful reason you're not running NTP, you might want to check out 'nettime'. And while you're there, pick up a copy of 'bigdirs' and run it -- please!

Continue reading "Set your 3000 clocks all the time" »


Some 3000 time services labor to serve

ClockforwardEditor's Note: Daylight Saving Time takes hold this weekend in most of the world. The 2AM changeover can give a 3000 manager a reason to look at how the server manages timekeeping, including the potential for the open source tool ported to the 3000, XNTP. Our Homesteading Editor Gilles Schipper is working on an article to address some of the laborious steps needed to utilize it. His research took him to a few experts in networking and open source over the Web, Chris Bartram (our first webmaster, and creator of the DeskLink and NetMail apps) and Brian Edminster (operator of the MPE-OpenSource.org website.)

Chris: As I recall, ntp services never worked well on the 3000. It won’t work at all as a server for other clients, I believe. And as a client it seemed a waste; my vague memory says it had issues because you couldn’t set the time with the resolution it wanted. It ended up oscillating.
 
There’s a very simple standalone NTP client, ntpdate, though that you can run from the command line -- that’s what I use on my systems. I simply run it a couple times a day – it pulls the time from whatever NTP server you point it at and sets your local clock. We even shipped a copy with every NetMail tape. Look for ntpdate.sys.threek if you have a NetMail/3000 or DeskLink equipped system available.

Brian: The latest version of XNTP was the 4.1.0 version hosted on Jazz, and ported by Mark Bixby. It includes both ntp client and server functionality. Through the magic of the 'Wayback Machine' there's a link to HP's install instructions and other resources. The bad news is that HP put the actual download link behind a 'freeware agreement' page - and that download link wasn't wasn't saved by the Wayback.  Some community members who 'archived' Jazz that might have that download package.

However, there is an earlier v3.5.90 version from October 2008 hosted on Mark Bixby's site -- and although Mark's took site down after his departure from HP, the 'Wayback Machine' comes to the rescue with a downloadable install file.

Continue reading "Some 3000 time services labor to serve" »


This weekend, it's all about 3000 timing

Time-changeEditor's Note: Daylight Saving Time begins at 2AM local time around most of the world this weekend. A lot of HP 3000s run around the clock to serve companies, so a plan to keep the 3000 on time is essential. The founder of the MPE-OpenSource.org, HP 3000 open source repository, Brian Edminster, offers a plan, experience and a sample jobstream to help get you through our semi-annual time change.

By Brian Edminster

Here's an important implementation note for anyone that wants to put up a 'time synchronization' client on their HP 3000: Do not use it to adjust for spring and fall time-changes!  Use a job that runs on the appropriate dates/times to do a 'setclock timezone=' command.  I have an example below that is a derivative work from something originally posted by Sam Knight of Jacksonville University, way back in April, 2004 on the 3000-L mailing list.

I've updated the job to be more readable, to account for a 'looping' effect that I found in the fall from running on a fast CPU, and to run at 2AM -- the 'official' time that time-changes apply. I have this job set to be intiated by 'SYSSTART.PUB.SYS' on server bootup, and then automatically reschedule itself each Sunday at 2AM.

Continue reading "This weekend, it's all about 3000 timing" »


Respect MPE spooler, even as you replace it

PrintspoolerMigration transitions have an unexpected byproduct: They make managers appreciate the goodness that HP bundled into MPE/iX and the 3000. The included spooler is a great example of functionality which has a extra cost to replace in a new environment. No, not even Unix can supply the same abilities -- and that's the word from one of the HP community's leading Unix gurus.

Bill Hassell spread the word about HP-UX treasures for years from his own consultancy. Now he's working for SourceDirect as a Senior Sysadmin expert and posting to the LinkedIn HP-UX group. A migration project just finishing up drew Hassell's notice, when the project's manager noted Unix tools weren't performing at enterprise levels. Hassell said HP-UX doesn't filter many print jobs.

MPE has an enterprise level print spooler, while HP-UX has very primitive printing subsystem. hpnp (HP Network Printing) is nothing but a network card (JetDirect) configuration program. The ability to control print queues is very basic, and there is almost nothing to monitor or log print activities similar to MPE. HP-UX does not have any print job filters except for some basic PCL escape sequences such as changing the ASCII character size.

While a migrating shop might now be appreciating the MPE spooler more, some of them need a solution to replicate the 3000's built-in level of printing control. One answer to the problem might lie in using a separate Linux server to spool, because Linux supports the classic Unix CUPS print software much better than HP-UX.

Continue reading "Respect MPE spooler, even as you replace it" »


String some perls on a day for love

PerlheartThe HP 3000 has a healthy range of open source tools in its ecosystem. One of the best ways to begin looking at open source software opportunity is to visit the MPE Open Source website operated by Applied Technologies. If you're keeping a 3000 in vital service during the post-HP era, you might find perl a useful tool for interfacing with data via web access.

The 3000 community has chronicled and documented the use of this programming language, with the advice coming from some of the best pedigreed sources. Allegro Consultants has a tar-ball of the compiler available for download from Allegro's website. (You'll find many other useful papers and tools at that Allegro Papers and Books webpage, too.)

Bob Green of Robelle wrote a great primer on the use of perl in the MPE/iX environment. We were fortunate to be the first to publish Bob's paper, run in the 3000 NewsWire when Robelle Tech made a long-running column on our paper pages.

Although you might be dreaming up something to bring to your sweetie tonight, you could grab a little love for your 3000, too. Cast a string of perls starting with the downloads and advice. One of HP's best and brightest -- well, a former HP wizard -- has a detailed slide set on perl, too.

Continue reading "String some perls on a day for love" »


Iconic Kodak product may fade to hobbyists

Zi8Eastman Kodak's filing for bankruptancy yesterday signaled a transformation for an iconic inventor. The leader in film for more than 100 years, Kodak faces a new future this morning, one that will be tied to printing success. The company's been given until February 2013 to produce a reorganization plan, and it will try to get the sale of $2 billion in imaging patents approved by June 30. But Kodak's breakthrough of film won't go away, not any more than an MPE/iX environment will disappear. For Kodak, the expectation is that film imaging will retreat to hobbyist and enthusiast markets.

Like MPE/iX, film photos will become the standard by which successors are judged. And what's possible is the same fate of vinyl recordings: a modest renaissance as lifelong digital picture-takers consider the advantages of older technology. The same thing will be happening to paper books in the future. Companies without a plan for these newer complimentary technologies will suffer. Most of the 3000's customers are using at least a Windows server somewhere in their enterprise.

Kodak's inventions in film and imaging have become its last stronghold, a redoubt the company fell upon while trying to sell off its patent portfolio. The stock was pounded again today, shares which were de-listed from the NYSE in a stunning reversal for a company of its age and reputation. But that reputation is what's likely to leave Kodak's products in a spot where they'll survive well. A later-era entry like the company's pocket video cameras (above) which included novel features like mic inputs might have the same kind of aftermarket that the 3000 has enjoyed. When you build it well to start, the value remains even after the vendor has fled.

Continue reading "Iconic Kodak product may fade to hobbyists" »


Good foundations support 3000 managers

Editor's note: Yesterday we got a call from a company which had read this "Worst Practices" column written in 1999 as if it were brand-new. Scott Hirsh, who's now leading the charge into cloud-based storage solutions at Nirvanix, wrote these columns for the NewsWire after his years of managing an HP 3000 operation for a capital management firm in San Francisco. It's robust advice for anybody new to managing a 3000, and the guidelines are still useful today. If you're inheriting 3000 management, or passing it along to someone younger and newer, account structures are still a great place to get things correct before anything else happens. He called this one "Shaky Foundation."

By Scott Hirsh

As we board the train on our trip through HP 3000 System Management Hell, our first stop, Worst Practice #1, must be Unplanned Account Structure. By account structure I am referring to the organization of accounts, groups, files and users. (To keep this discussion simple — and typical — I will discuss the standard MPE name space, not the Posix name space.) I maintain that the worst of the worst practices is the failure to design an account structure, then put it into practice and stick with it. If instead you wing it, as most system managers seem to do, you ensure more work for yourself now and in the future. In other words, you are trapped in System Management Hell.

What’s the big deal about account structure? The account structure is the foundation of your system, from a management perspective. Account structure touches on a multitude of critical issues: security, capacity planning, performance, and disaster recovery, to name a few. On an HP 3000, with all of two levels to work with (account and group), planning is even more important than in a hierarchical structure where the additional levels allow one to get away with being sloppy (although strictly speaking, not planning your Unix or Windows account structure will ultimately catch up with you, too). In other words, since we have less to work with on MPE, making the most of what we have is compelling.

As system managers, when not dozing off in staff meetings, the vast majority of our time is spent on account structure-related activities: ensuring that files are safely stored in their proper locations, accessible only to authorized users; ensuring there is enough space to accommodate existing file growth as well as the addition of new files; and occasionally, even today, file placement or disk fragmentation can become a performance issue, so we must take note of that.

In the unlikely event of a problem, we must know where everything is and be able to find backup copies if necessary. Periodically we are asked (perhaps with no advance notice) to accommodate new accounts, groups, users and applications. We must respond quickly, but not recklessly, as this collection of files under our management is now ominously referred to as a “corporate asset.”

Continue reading "Good foundations support 3000 managers" »


Emulator query sparks private volume tip

In an example of the newest HP 3000 technology linking to one of the server's oldest, one question about a 2012 product unearthed advice about a feature introducted in 1978. Next year's HPA/3000 emulator received some upgrades to its SCSI periperals support this week, according to the product's vendor Stromasys. These improvements will make it possible to better answer a question about private MPE/iX volumes, and how well HPA/3000 can handle them.

BuiltToLastCraig Lalley, working with Stromasys on the MPE/iX aspects of HPA/3000, said he hasn't tested private volumes yet, "due to an issue with the SCSI interface. But I intend to." At the same time, a question about private volumes' use in the current era prompted some advice from Applied Technologies' Brian Edminster -- who had to miss the Reunion briefing on HPA/3000 due to pressing work to open up the new MPE open source website, MPE-OpenSource.org. (You can track updates to the project through its RSS feed, which can be viewed in Google's RSS Reader, among others.)

The first package Edminster added to site was SFTP quick-start, a bundle "which aims to make installing SFTP easier on MPE/iX systems. It is a std file which includes all the components necessary to install and configure sftp, scp, and keygen under MPE/iX, with links to instructions for the installation process."

Edminster is well-versed in the non-open-source tools for the HP 3000 as well. When Dave Powell of MMFab asked during a HPA/3000 discussion if anyone was even using private volumes on an A400 Class of server, Edminster advised that the 3000 sites where he administers or consults are employing this bedrock MPE tool -- one first introduced 34 years ago in MPE III, on the Series III.

I've always considered it a best practice to divide your disk storage up into several Private Volumes. Why?  When a non-mirrored spindle in a PV dies, it only takes that PV out with it -- allowing the rest of the machine to keep running (unless the PV is the mpe_system_volume_set, in which case you're going to be doing a system install).  If it's only one of the data volumes that goes down, the 'system' is still up, greatly facilitating recovery.

Continue reading "Emulator query sparks private volume tip" »


Zipping Files on Today's HP 3000s

Although the code for compressing files on HP 3000s is more than a decade old, like a lot of things on the system, it continues to work as expected. A customer recently asked how to Zip and Unzip files to move things between the HP 3000 and other servers.

Tracy Johnson, who manages the Invent3K server operated by OpenMPE, noted he's using the MPE/iX Posix shell's compress and uncompress. "It creates a file that ends in capital Z. Seems the compressed format is compatible with both GNU-zip and Winzip programs or any other *nix machine."

Lars Appel, who ported the Samba file sharing tool to MPE, offers a comprehensive answer. He points to software that resides on his own development server, open to the public.

You can pick up the InfoIP zip/unzip programs (in a tar file) at www.editcorp.com/personal/lars_appel/WebKit2 The link in that webpage that contains the zip/unzip programs is

E:\WebKit2\upload\infozip.tar.Z

Transfer it to the 3000 in bytestream or (fixed) binary format and then unpack with :/bin/tar "-xvzopf FILENAME". Place the two programs where you like; I typically have them in /usr/local/bin or (with uppercase filename) in a group or directory that is part of my HPPATH settings.

The web page also contains a tar.Z file with /usr/local/bin/gzip

E:\WebKit2\upload\gnuzip.tar.Z

(gzip -d decompresses; creating a symbolic link gunzip is also useful)

 


Old veteran console tricks for PCs

Got a wheezing PC someplace in your IT shop? Believe it or not, even the creakiest of desktops can still serve your HP 3000: as a console, a la the HP700/92 variety. This is the kind of PC where, as one veteran puts it,"the keyboards have turned to glue."

...Trying to type a coherent instruction (or even worse, trying to talk someone through that task remotely) where random keys require the application of a sledgehammer to make them respond, at which point they auto repeatttttttttttttttt.

It's enough to give a veteran manager a pain in the posterior, but hey -- some HP 3000s (of the 900 Series) demand a physical console as part of their configuration. Can't you just hook up such an antique PC straight to the 3000's special console port and let it work as a console? Yes, you can.

Continue reading "Old veteran console tricks for PCs" »


A Full Day of Free 3000 Networking Advice

In a flurry of under 24 hours, six HP 3000 veterans chipped in advice this week to help a 3000 manager who's weathering poor network response times. All of the consulting was free, offered though the 3000's ultimate community resource, the HP3000-L mailing list and newsgroup.

Kevin Smeltzer, an IT Specialist in MPE Systems at IBM's Global Services group, said he was watching his development N-Class responses slip into unusable measurements. "Today was so bad that test programs could not stay connected to a Quick program," he reported at 4 PM yesterday. "Linkcontrol only shows an issue with Recv dropped: addr on one path. This is a known issue with some enterprise network monitoring software that sends a packet that the HP 3000 cannot handle. Even HP last year had no solutions for that issue."

Donna Hoffmeister, Craig Lalley, Mark Ranft, Tony Summers, Mark Landin and Jeff Kell all came to Smeltzer's aid in less than 24 hours. Hoffmeister, Lalley and Ranft work support and consulting businesses, but nobody wanted to collect any fee. Summers and Landin chimed in from veteran 3000 manager status. And Kell, well, he founded the 3000-L, and headed the System Manager's special interest group for years. Like the others, he's steeped in the nuances of HP 3000 networking.

So long as the 3000-L is running, no one has run out of places to ask for this kind of help. There has been a thread of 16 messages so far, back and forth emails with long dumps of NETTOOL reports, examinations of TCP timer settings (Hoffmeister wrote an article for Allegro about this on its website), and discussion of switch port settings. "Do I need to shutdown and restart JINETD or restart the network," Smeltzer asked this morning, "to have my TCP changes in NMMGR take effect?"

Continue reading "A Full Day of Free 3000 Networking Advice" »


It's time to change your 3000 timers

Allegro Web logo Allegro Consultants has offered a new white paper that deals with an old and common issue of 3000 management: TCP timers. The support company's Donna Hoffmeister, who has posted a passel of tips about 3000 administration on the 3000 newsgroup, wrote A Discussion of MPE TCP Timers. These timers are a management subject every 3000 owner should discuss with their admin folks. They establish how quickly your system responds to network traffic calls.

These values control how a 3000 reacts in the event it needs to re-send (retransmit) a packet ("chunk") of data over a TCP/IP network. These values were established at least in the MPE V days (and possibly before that) – back when only big, important computers were trying to talk to each other. (Unlike today, when even your refrigerator thinks it needs to "yack it up" over the Internet!)

The important thing to understand about these values is that they are perfectly fine and do not need changing because they are never (or rarely) used on an optimally-performing network.  However, given that

1. These days, networks rarely perform optimally, and
2. HP Network Engineers described the above values as "way out of whack"

you should change your TCP values.

Continue reading "It's time to change your 3000 timers" »


Community considers upgrading essentials

Secure transfers of HP 3000 files, as well as the ability to compress and decompress them, remain projects in need of technical help. A Secure FTP functionality (SFTP) is still short of production-grade release by some managers. Using ZIP to squeeze and unsqueeze 3000 data requires a 14-year-old piece of software.

On the FTP front, a decent set of files and documents once was available on the Invent3K server which HP operated until 2008. Ken Hirsh did that work on OpenSSH, which is essential to making SFTP more useful on a 3000. But Invent3K operations and contents were transferred to OpenMPE recently. Hirsh doesn't have an active account on the new version of the server.

ZIP needs help as well. The current version of the industry default for compression has had several updates since 1997, but none have been ported to the HP 3000. Some managers at multi-3000 sites still use ZIP daily, and an upgrade (which by now would really be a port) will help compress and decompress files bigger than 2GB. That's how old the 3000's ZIP is today; IMAGE jumbo datasets to go beyond 4GB arrived in 1995.

System managers of the 3000s report they are willing to develop -- or pay an outside party -- to bring these industry standards in line with more modern verions. Independent developers, or the originators of the older ports, are available in the community to help, too.

Continue reading "Community considers upgrading essentials" »


Must-have firmware, patches for 7.5 install?

We have just started up a new A-class 2-way running 7.5 PP5. This system is configured with 4GB RAM, a VA7410 running off two PCI FC Host Bus Adapters, one DTC 16, and two SureStore DDS-2 tape drives running off the LVD SCSI interface. SUBSYS products consist of NS, COBOL, and FORTRAN. We do use FTP, incoming and outgoing. We will probably start using Sendmail for a few things (as an old Unix admin, I respect Sendmail, but do not fear it!) Our primary use for this system is MANMAN with around 170 users.

Our third party portfolio is the usual: Suprtool, MPEX, Minisoft ODBC, and Adager, plus some other odds and ends. So, for this kind of system, what are the “must have” patches that we should install on top of PP5?

After Gilles Schipper assured the manager that "PowerPatch 5 should be all you need," Jack Connor replied:

You may want to check the PDC firmware level. I believe the Fiber Channel patches found in 43.43 for the N class are in 43.50 for the A. You can see the PDC level at the boot menu.

Do you have an HP-UX or Windows box with Command View set up to monitor the VA? It's very advisable, as you can do a lot of drill down if you have problems and all can be remote to the system. Did you configure High Availability Fail Over (HAFO)? You may want to offload the CIO network interface card with a standalone 100Bt card and leave your DTC on the CIO.

Craig Lalley added:

Yes, MPE can do HAFO. What I do is configure all the odd LUNs down one path and all the even LUNs down the second path. Then SYSGEN IO HA , and then create the secondary path. It works on the VAs because all the LUNs are seen down both paths.

Continue reading "Must-have firmware, patches for 7.5 install?" »