Re: SAP Processor Utilization

[Horst Sinram]

On z/OS, you can use SMF78.3 and the RMF IOQ report. Plus, there are some 
related overview conditions.

Horst Sinram - STSM, IBM z/OS Workload and Capacity Management

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SAP Processor Utilization

[Richards, Robert B.]

Thank you, Horst.

My colleague ran reports on them over a 60 day period for two different CPCs. 
Are there any benchmarks in use that would indicate the necessity for more (or 
less) SAPs?

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Horst Sinram
Sent: Tuesday, June 04, 2019 4:13 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

On z/OS, you can use SMF78.3 and the RMF IOQ report. Plus, there are some 
related overview conditions.

Horst Sinram - STSM, IBM z/OS Workload and Capacity Management


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Richards, Robert B.]

*PLONK*

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Bill Johnson
Sent: Monday, June 03, 2019 8:01 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

Lol, yeah, because the more someone posts, the smarter they are!!! I’ve got 
more experience than him, in all facets of the mainframe. In many industries. I 
couldn’t care less who you believe or trust. I don’t sell security, he does. In 
my experience on this site, the IBMers are the ones I pay attention to. The 
rest is noise and plenty of it.


Sent from Yahoo Mail for iPhone


On Monday, June 3, 2019, 9:02 AM, Richards, Robert B. 
<01c91f408b9e-dmarc-requ...@listserv.ua.edu> wrote:

The only one selling here is you. You are selling BS and we are not buying it. 
Remember, according to you, we known it all. So why do you continue?

I'll take Ray's intentions over yours *every single time*. He has earned it 
from this industry many times over. Just because he has had security products 
that sell over the decades does not mean he can't be a trusted source for 
answers relating to security, ACF2, Pen testing, etc.

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Bill Johnson
Sent: Sunday, June 02, 2019 10:11 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

He’s selling plain and simple. So is Mugzak. Some laboratory bs that he will 
even show you in application code. Then no doubt analyze your application code 
for a small (large) fee. Nobody is saying the mainframe is fool proof. But, it 
is inherently (by design) more secure than any other platform. And, a major 
reason why almost every bank, insurance company, and major retailers still have 
them.
Sent from Yahoo Mail for iPhone


On Sunday, June 2, 2019, 9:57 PM, Clark Morris  wrote:

[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>He’s trying to sell his company’s security services. Something I thought was 
>not allowed on this list.
>
Whether or not he is selling something and I don't read his posts that
way, he is making some valid points. As a retired MVS (I was back in
applications by the time z/OS was available) systems programmer, I am
far more skeptical about the invulnerability of z/OS.  It is too easy
to have decades old stuff still in a system in part because people
don't know why it is there or are unaware of its existence.  How much
effort is required for an installation to achieve even 95 percent of
the invulnerability that is theoretically possible and keep that up.
How many holes are left in the average shop  because people don't
understand the implications of all of both IBM and vendor defaults
where I will almost guarantee that there are at some defaults that
leave a system open to hacking.  I think that it is difficult to
understand all of the implications of an action.  Many shops may be
running exits or other systems modifications that have worked for
decades and because they work, no one has checked them to see if they
have an unintended vulnerability.  I hope that none of my code that is
on file 432 of the CBT Tape (Philips light mods) has any vulnerability
but the thing that scares me is that I might not be smart enough to
find it even if I was looking for it.  Good security isn't cheap. Z/OS
may be the most secure starting base but it requires real effort to
actually implement it with both good security and good usability. How
much vulnerability is there in the test systems?  How much are the
systems programmer sandboxes exposed to the outside world?  What
uncertainties exist in systems vendor code?  Are organizations willing
or able to periodically test their systems' vulnerabilities?  Can be
secure does not mean is secure?

Clark Morris    
>
>Sent from Yahoo Mail for iPhone
>
>
>On Sunday, June 2, 2019, 4:04 PM, Seymour J Metz  wrote:
>
>>  * As part of a APF authorized product there is a SVC or PC routine
>>    that when called will turn on the JSBCAUTH bit
>
>Ouch!
>
>If it's APF authorized then why does it need to do that? And why would you 
>allow such a vendor in the door?
>
>Did you have a tool that discovered that the vendor's SVC turned on JSCBAUTH, 
>or did you have to read the code like the rest of us?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists

Re: Just how secure are mainframes? | Trevor Eddolls

[Rob Scott]

 "40 years on numerous mainframes at more than a dozen companies and we’ve 
 never been hacked and never had any need for penetration testing."

...said King Priam to Cassandra

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: Tuesday, June 4, 2019 1:04 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

40 years on numerous mainframes at more than a dozen companies and we’ve never 
been hacked and never had any need for penetration testing.


Sent from Yahoo Mail for iPhone


On Monday, June 3, 2019, 11:54 AM, Clark Morris  wrote:

[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main 
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>He’s selling plain and simple. So is Mugzak. Some laboratory bs that he will 
>even show you in application code. Then no doubt analyze your application code 
>for a small (large) fee. Nobody is saying the mainframe is fool proof. But, it 
>is inherently (by design) more secure than any other platform. And, a major 
>reason why almost every bank, insurance company, and major retailers still 
>have them.
>Sent from Yahoo Mail for iPhone
>
As a retired systems programmer whose only computer related investments are 
Microsoft, IBM and HPE my belief is that if your organization's computer system 
is connected to the Internet (including from PC's using TN3270 emulation), your 
organization is subject to attack.  If it does not have a group or outside 
organization such as IBM, Trevor's organization or ITschak's organization doing 
periodic ongoing penetration testing, your organization won't know what 
vulnerabilities exist.  Since I don't know enough about the Unisys mainframes 
to comment on how well they can be secured, I can't comment on how secure they 
can be made but I do know it is a major effort to take advantage of all the 
tools on any system in making it secure and keeping it that way.  If I knew of 
any major mainframe user that does not continually check their systems for 
vulnerabilities, I would be tempted to short sell their stock because they 
probably either have been breached or will be in the near future.

Clark Morris
>
>On Sunday, June 2, 2019, 9:57 PM, Clark Morris  wrote:
>
>[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main
>0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
>>He’s trying to sell his company’s security services. Something I thought was 
>>not allowed on this list.
>>
>Whether or not he is selling something and I don't read his posts that
>way, he is making some valid points. As a retired MVS (I was back in
>applications by the time z/OS was available) systems programmer, I am
>far more skeptical about the invulnerability of z/OS.  It is too easy
>to have decades old stuff still in a system in part because people
>don't know why it is there or are unaware of its existence.  How much
>effort is required for an installation to achieve even 95 percent of
>the invulnerability that is theoretically possible and keep that up.
>How many holes are left in the average shop  because people don't
>understand the implications of all of both IBM and vendor defaults
>where I will almost guarantee that there are at some defaults that
>leave a system open to hacking.  I think that it is difficult to
>understand all of the implications of an action.  Many shops may be
>running exits or other systems modifications that have worked for
>decades and because they work, no one has checked them to see if they
>have an unintended vulnerability.  I hope that none of my code that is
>on file 432 of the CBT Tape (Philips light mods) has any vulnerability
>but the thing that scares me is that I might not be smart enough to
>find it even if I was looking for it.  Good security isn't cheap. Z/OS
>may be the most secure starting base but it requires real effort to
>actually implement it with both good security and good usability. How
>much vulnerability is there in the test systems?  How much are the
>systems programmer sandboxes exposed to the outside world?  What
>uncertainties exist in systems vendor code?  Are organizations willing
>or able to periodically test their systems' vulnerabilities?  Can be
>secure does not mean is secure?
>
>Clark Morris
>>
>>Sent from Yahoo Mail for iPhone
>>
>>
>>On Sunday, June 2, 2019, 4:04 PM, Seymour J Metz  wrote:
>>
>>>  * As part of a APF authorized product there is a SVC or PC routine
>>>that when called will turn on the JSBCAUTH bit
>>
>>Ouch!
>>
>>If it's APF authorized then why does it need to do that? And why would you 
>>allow such a vendor in the door?
>>
>>Did you have a tool that discovered that the vendor's SVC turned on JSCBAUTH, 
>>or did you have to read the code like the rest of us?
>
>--
>For IBM-MAIN subscribe / signoff / archive access instructions, send
>email to lists...@listse

Re: Just how secure are mainframes? | Trevor Eddolls

[Richards, Robert B.]

Well said! I had forgotten Cassandra's prophecy. Good analogy, Rob. :-)

I wish my shop had done pen testing a few years ago. :-(

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Rob Scott
Sent: Tuesday, June 04, 2019 5:17 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

 "40 years on numerous mainframes at more than a dozen companies and we’ve 
 never been hacked and never had any need for penetration testing."

...said King Priam to Cassandra

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: Tuesday, June 4, 2019 1:04 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

40 years on numerous mainframes at more than a dozen companies and we’ve never 
been hacked and never had any need for penetration testing.


Sent from Yahoo Mail for iPhone


On Monday, June 3, 2019, 11:54 AM, Clark Morris  wrote:

[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main 
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>He’s selling plain and simple. So is Mugzak. Some laboratory bs that he will 
>even show you in application code. Then no doubt analyze your application code 
>for a small (large) fee. Nobody is saying the mainframe is fool proof. But, it 
>is inherently (by design) more secure than any other platform. And, a major 
>reason why almost every bank, insurance company, and major retailers still 
>have them.
>Sent from Yahoo Mail for iPhone
>
As a retired systems programmer whose only computer related investments are 
Microsoft, IBM and HPE my belief is that if your organization's computer system 
is connected to the Internet (including from PC's using TN3270 emulation), your 
organization is subject to attack.  If it does not have a group or outside 
organization such as IBM, Trevor's organization or ITschak's organization doing 
periodic ongoing penetration testing, your organization won't know what 
vulnerabilities exist.  Since I don't know enough about the Unisys mainframes 
to comment on how well they can be secured, I can't comment on how secure they 
can be made but I do know it is a major effort to take advantage of all the 
tools on any system in making it secure and keeping it that way.  If I knew of 
any major mainframe user that does not continually check their systems for 
vulnerabilities, I would be tempted to short sell their stock because they 
probably either have been breached or will be in the near future.

Clark Morris
>
>On Sunday, June 2, 2019, 9:57 PM, Clark Morris  wrote:
>
>[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main
>0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
>>He’s trying to sell his company’s security services. Something I thought was 
>>not allowed on this list.
>>
>Whether or not he is selling something and I don't read his posts that
>way, he is making some valid points. As a retired MVS (I was back in
>applications by the time z/OS was available) systems programmer, I am
>far more skeptical about the invulnerability of z/OS.  It is too easy
>to have decades old stuff still in a system in part because people
>don't know why it is there or are unaware of its existence.  How much
>effort is required for an installation to achieve even 95 percent of
>the invulnerability that is theoretically possible and keep that up.
>How many holes are left in the average shop  because people don't
>understand the implications of all of both IBM and vendor defaults
>where I will almost guarantee that there are at some defaults that
>leave a system open to hacking.  I think that it is difficult to
>understand all of the implications of an action.  Many shops may be
>running exits or other systems modifications that have worked for
>decades and because they work, no one has checked them to see if they
>have an unintended vulnerability.  I hope that none of my code that is
>on file 432 of the CBT Tape (Philips light mods) has any vulnerability
>but the thing that scares me is that I might not be smart enough to
>find it even if I was looking for it.  Good security isn't cheap. Z/OS
>may be the most secure starting base but it requires real effort to
>actually implement it with both good security and good usability. How
>much vulnerability is there in the test systems?  How much are the
>systems programmer sandboxes exposed to the outside world?  What
>uncertainties exist in systems vendor code?  Are organizations willing
>or able to periodically test their systems' vulnerabilities?  Can be
>secure does not mean is secure?
>
>Clark Morris
>>
>>Sent from Yahoo Mail for iPhone
>>
>>
>>On Sunday, June 2, 2019, 4:04 PM, Seymour J Metz  wrote:
>>
>>>  * As part of a APF authorized product there is a SVC or PC routine
>>>that when called will turn on the JSBCAUTH bit
>>
>>Ouch!
>>
>>If it's APF authorized then why does it

Re: SAP Processor Utilization

[Parwez Hamid]

Doesn't answer your Q. However, unless you have a very I/O intensive workload 
e.g. TPF system, normally there is sufficient SAP capacity for Z servers. The 
other point to note is SAPs on z14 servers also support SMT (Simultaneous
Threading) as standard..

Regards

Parwez Hamid​


From: IBM Mainframe Discussion List  on behalf of 
Richards, Robert B. <01c91f408b9e-dmarc-requ...@listserv.ua.edu>
Sent: 04 June 2019 09:39
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Thank you, Horst.

My colleague ran reports on them over a 60 day period for two different CPCs. 
Are there any benchmarks in use that would indicate the necessity for more (or 
less) SAPs?

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Horst Sinram
Sent: Tuesday, June 04, 2019 4:13 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

On z/OS, you can use SMF78.3 and the RMF IOQ report. Plus, there are some 
related overview conditions.

Horst Sinram - STSM, IBM z/OS Workload and Capacity Management


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SAP Processor Utilization

[Martin Packer]

Right; I don't see adequate instrumentation to answer the question.

Cheers, Martin

Martin Packer

zChampion, Systems Investigator & Performance Troubleshooter, IBM

+44-7802-245-584

email: martin_pac...@uk.ibm.com

Twitter / Facebook IDs: MartinPacker

Blog: 
https://www.ibm.com/developerworks/mydeveloperworks/blogs/MartinPacker

Podcast Series (With Marna Walle): https://developer.ibm.com/tv/mpt/or 
  
https://itunes.apple.com/gb/podcast/mainframe-performance-topics/id1127943573?mt=2


Youtube channel: https://www.youtube.com/channel/UCu_65HaYgksbF6Q8SQ4oOvA



From:   Parwez Hamid 
To: IBM-MAIN@LISTSERV.UA.EDU
Date:   04/06/2019 10:46
Subject:Re: SAP Processor Utilization
Sent by:IBM Mainframe Discussion List 



Doesn't answer your Q. However, unless you have a very I/O intensive 
workload e.g. TPF system, normally there is sufficient SAP capacity for Z 
servers. The other point to note is SAPs on z14 servers also support SMT 
(Simultaneous
Threading) as standard..

Regards

Parwez Hamid​


From: IBM Mainframe Discussion List  on behalf 
of Richards, Robert B. <01c91f408b9e-dmarc-requ...@listserv.ua.edu>
Sent: 04 June 2019 09:39
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Thank you, Horst.

My colleague ran reports on them over a 60 day period for two different 
CPCs. Are there any benchmarks in use that would indicate the necessity 
for more (or less) SAPs?

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On 
Behalf Of Horst Sinram
Sent: Tuesday, June 04, 2019 4:13 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

On z/OS, you can use SMF78.3 and the RMF IOQ report. Plus, there are some 
related overview conditions.

Horst Sinram - STSM, IBM z/OS Workload and Capacity Management


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SAP Processor Utilization

[Richards, Robert B.]

Is SMT a good thing for a SAP invocation?

Speaking of z14 servers, would you consider the default number of SAPs on a ZR1 
sufficient most of the time?

What do you consider "very I/O intensive"?

Bob 

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Parwez Hamid
Sent: Tuesday, June 04, 2019 5:46 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Doesn't answer your Q. However, unless you have a very I/O intensive workload 
e.g. TPF system, normally there is sufficient SAP capacity for Z servers. The 
other point to note is SAPs on z14 servers also support SMT (Simultaneous
Threading) as standard..

Regards

Parwez Hamid​


From: IBM Mainframe Discussion List  on behalf of 
Richards, Robert B. <01c91f408b9e-dmarc-requ...@listserv.ua.edu>
Sent: 04 June 2019 09:39
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Thank you, Horst.

My colleague ran reports on them over a 60 day period for two different CPCs. 
Are there any benchmarks in use that would indicate the necessity for more (or 
less) SAPs?

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Horst Sinram
Sent: Tuesday, June 04, 2019 4:13 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

On z/OS, you can use SMF78.3 and the RMF IOQ report. Plus, there are some 
related overview conditions.

Horst Sinram - STSM, IBM z/OS Workload and Capacity Management


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Lennie Dymoke-Bradshaw]

How do you demonstrate that you have never been hacked?

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd  
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 01:04
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

40 years on numerous mainframes at more than a dozen companies and we’ve never 
been hacked and never had any need for penetration testing.


Sent from Yahoo Mail for iPhone


On Monday, June 3, 2019, 11:54 AM, Clark Morris  wrote:

[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main 
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>He’s selling plain and simple. So is Mugzak. Some laboratory bs that he will 
>even show you in application code. Then no doubt analyze your application code 
>for a small (large) fee. Nobody is saying the mainframe is fool proof. But, it 
>is inherently (by design) more secure than any other platform. And, a major 
>reason why almost every bank, insurance company, and major retailers still 
>have them.
>Sent from Yahoo Mail for iPhone
>
As a retired systems programmer whose only computer related investments are 
Microsoft, IBM and HPE my belief is that if your organization's computer system 
is connected to the Internet (including from PC's using TN3270 emulation), your 
organization is subject to attack.  If it does not have a group or outside 
organization such as IBM, Trevor's organization or ITschak's organization doing 
periodic ongoing penetration testing, your organization won't know what 
vulnerabilities exist.  Since I don't know enough about the Unisys mainframes 
to comment on how well they can be secured, I can't comment on how secure they 
can be made but I do know it is a major effort to take advantage of all the 
tools on any system in making it secure and keeping it that way.  If I knew of 
any major mainframe user that does not continually check their systems for 
vulnerabilities, I would be tempted to short sell their stock because they 
probably either have been breached or will be in the near future.

Clark Morris  
>
>On Sunday, June 2, 2019, 9:57 PM, Clark Morris  wrote:
>
>[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main 
>0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
>>He’s trying to sell his company’s security services. Something I thought was 
>>not allowed on this list.
>>
>Whether or not he is selling something and I don't read his posts that 
>way, he is making some valid points. As a retired MVS (I was back in 
>applications by the time z/OS was available) systems programmer, I am 
>far more skeptical about the invulnerability of z/OS.  It is too easy 
>to have decades old stuff still in a system in part because people 
>don't know why it is there or are unaware of its existence.  How much 
>effort is required for an installation to achieve even 95 percent of 
>the invulnerability that is theoretically possible and keep that up.
>How many holes are left in the average shop  because people don't 
>understand the implications of all of both IBM and vendor defaults 
>where I will almost guarantee that there are at some defaults that 
>leave a system open to hacking.  I think that it is difficult to 
>understand all of the implications of an action.  Many shops may be 
>running exits or other systems modifications that have worked for 
>decades and because they work, no one has checked them to see if they 
>have an unintended vulnerability.  I hope that none of my code that is 
>on file 432 of the CBT Tape (Philips light mods) has any vulnerability 
>but the thing that scares me is that I might not be smart enough to 
>find it even if I was looking for it.  Good security isn't cheap. Z/OS 
>may be the most secure starting base but it requires real effort to 
>actually implement it with both good security and good usability. How 
>much vulnerability is there in the test systems?  How much are the 
>systems programmer sandboxes exposed to the outside world?  What 
>uncertainties exist in systems vendor code?  Are organizations willing 
>or able to periodically test their systems' vulnerabilities?  Can be 
>secure does not mean is secure?
>
>Clark Morris
>>
>>Sent from Yahoo Mail for iPhone
>>
>>
>>On Sunday, June 2, 2019, 4:04 PM, Seymour J Metz  wrote:
>>
>>>  * As part of a APF authorized product there is a SVC or PC routine
>>>    that when called will turn on the JSBCAUTH bit
>>
>>Ouch!
>>
>>If it's APF authorized then why does it need to do that? And why would you 
>>allow such a vendor in the door?
>>
>>Did you have a tool that discovered that the vendor's SVC turned on JSCBAUTH, 
>>or did you have to read the code like the rest of us?
>
>--
>For IBM-MAIN subscribe / signoff / arc

Re: SAP Processor Utilization

[Richards, Robert B.]

I suspected that, but was asking to verify my assumption. Thanks to you, Horst 
and Parwez.

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Martin Packer
Sent: Tuesday, June 04, 2019 5:55 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Right; I don't see adequate instrumentation to answer the question.

Cheers, Martin

Martin Packer

zChampion, Systems Investigator & Performance Troubleshooter, IBM

+44-7802-245-584

email: martin_pac...@uk.ibm.com

Twitter / Facebook IDs: MartinPacker

Blog: 
https://www.ibm.com/developerworks/mydeveloperworks/blogs/MartinPacker

Podcast Series (With Marna Walle): https://developer.ibm.com/tv/mpt/or 
  
https://itunes.apple.com/gb/podcast/mainframe-performance-topics/id1127943573?mt=2


Youtube channel: https://www.youtube.com/channel/UCu_65HaYgksbF6Q8SQ4oOvA



From:   Parwez Hamid 
To: IBM-MAIN@LISTSERV.UA.EDU
Date:   04/06/2019 10:46
Subject:Re: SAP Processor Utilization
Sent by:IBM Mainframe Discussion List 



Doesn't answer your Q. However, unless you have a very I/O intensive 
workload e.g. TPF system, normally there is sufficient SAP capacity for Z 
servers. The other point to note is SAPs on z14 servers also support SMT 
(Simultaneous
Threading) as standard..

Regards

Parwez Hamid​


From: IBM Mainframe Discussion List  on behalf 
of Richards, Robert B. <01c91f408b9e-dmarc-requ...@listserv.ua.edu>
Sent: 04 June 2019 09:39
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Thank you, Horst.

My colleague ran reports on them over a 60 day period for two different 
CPCs. Are there any benchmarks in use that would indicate the necessity 
for more (or less) SAPs?

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On 
Behalf Of Horst Sinram
Sent: Tuesday, June 04, 2019 4:13 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

On z/OS, you can use SMF78.3 and the RMF IOQ report. Plus, there are some 
related overview conditions.

Horst Sinram - STSM, IBM z/OS Workload and Capacity Management



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

How do you demonstrate something that hasn’t happened? LOL 
I see your company sells security services too.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw 
 wrote:

How do you demonstrate that you have never been hacked?

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd  
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 01:04
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

40 years on numerous mainframes at more than a dozen companies and we’ve never 
been hacked and never had any need for penetration testing.


Sent from Yahoo Mail for iPhone


On Monday, June 3, 2019, 11:54 AM, Clark Morris  wrote:

[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main 
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>He’s selling plain and simple. So is Mugzak. Some laboratory bs that he will 
>even show you in application code. Then no doubt analyze your application code 
>for a small (large) fee. Nobody is saying the mainframe is fool proof. But, it 
>is inherently (by design) more secure than any other platform. And, a major 
>reason why almost every bank, insurance company, and major retailers still 
>have them.
>Sent from Yahoo Mail for iPhone
>
As a retired systems programmer whose only computer related investments are 
Microsoft, IBM and HPE my belief is that if your organization's computer system 
is connected to the Internet (including from PC's using TN3270 emulation), your 
organization is subject to attack.  If it does not have a group or outside 
organization such as IBM, Trevor's organization or ITschak's organization doing 
periodic ongoing penetration testing, your organization won't know what 
vulnerabilities exist.  Since I don't know enough about the Unisys mainframes 
to comment on how well they can be secured, I can't comment on how secure they 
can be made but I do know it is a major effort to take advantage of all the 
tools on any system in making it secure and keeping it that way.  If I knew of 
any major mainframe user that does not continually check their systems for 
vulnerabilities, I would be tempted to short sell their stock because they 
probably either have been breached or will be in the near future.

Clark Morris  
>
>On Sunday, June 2, 2019, 9:57 PM, Clark Morris  wrote:
>
>[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main 
>0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
>>He’s trying to sell his company’s security services. Something I thought was 
>>not allowed on this list.
>>
>Whether or not he is selling something and I don't read his posts that 
>way, he is making some valid points. As a retired MVS (I was back in 
>applications by the time z/OS was available) systems programmer, I am 
>far more skeptical about the invulnerability of z/OS.  It is too easy 
>to have decades old stuff still in a system in part because people 
>don't know why it is there or are unaware of its existence.  How much 
>effort is required for an installation to achieve even 95 percent of 
>the invulnerability that is theoretically possible and keep that up.
>How many holes are left in the average shop  because people don't 
>understand the implications of all of both IBM and vendor defaults 
>where I will almost guarantee that there are at some defaults that 
>leave a system open to hacking.  I think that it is difficult to 
>understand all of the implications of an action.  Many shops may be 
>running exits or other systems modifications that have worked for 
>decades and because they work, no one has checked them to see if they 
>have an unintended vulnerability.  I hope that none of my code that is 
>on file 432 of the CBT Tape (Philips light mods) has any vulnerability 
>but the thing that scares me is that I might not be smart enough to 
>find it even if I was looking for it.  Good security isn't cheap. Z/OS 
>may be the most secure starting base but it requires real effort to 
>actually implement it with both good security and good usability. How 
>much vulnerability is there in the test systems?  How much are the 
>systems programmer sandboxes exposed to the outside world?  What 
>uncertainties exist in systems vendor code?  Are organizations willing 
>or able to periodically test their systems' vulnerabilities?  Can be 
>secure does not mean is secure?
>
>Clark Morris
>>
>>Sent from Yahoo Mail for iPhone
>>
>>
>>On Sunday, June 2, 2019, 4:04 PM, Seymour J Metz  wrote:
>>
>>>  * As part of a APF authorized product there is a SVC or PC routine
>>>    that when called will turn on the JSBCAUTH bit
>>
>>Ouch!
>>
>>If it's APF authorized then why does it need to do that? And why would you 
>>allow such a vendor in the door?
>>
>>Did you have a tool that discovered 

Re: Just how secure are mainframes? | Trevor Eddolls

[Lou Losee]

So does IBM

Lou

On Tue, Jun 4, 2019 at 6:38 AM Bill Johnson <
0047540adefe-dmarc-requ...@listserv.ua.edu> wrote:

> How do you demonstrate something that hasn’t happened? LOL
> I see your company sells security services too.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw <
> lenni...@rsmpartners.com> wrote:
>
> How do you demonstrate that you have never been hacked?
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:  www.rsmpartners.com
> ‘Dance like no one is watching. Encrypt like everyone is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Bill Johnson
> Sent: 04 June 2019 01:04
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls
>
> 40 years on numerous mainframes at more than a dozen companies and we’ve
> never been hacked and never had any need for penetration testing.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday, June 3, 2019, 11:54 AM, Clark Morris 
> wrote:
>
> [Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main
> 0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
> >He’s selling plain and simple. So is Mugzak. Some laboratory bs that he
> will even show you in application code. Then no doubt analyze your
> application code for a small (large) fee. Nobody is saying the mainframe is
> fool proof. But, it is inherently (by design) more secure than any other
> platform. And, a major reason why almost every bank, insurance company, and
> major retailers still have them.
> >Sent from Yahoo Mail for iPhone
> >
> As a retired systems programmer whose only computer related investments
> are Microsoft, IBM and HPE my belief is that if your organization's
> computer system is connected to the Internet (including from PC's using
> TN3270 emulation), your organization is subject to attack.  If it does not
> have a group or outside organization such as IBM, Trevor's organization or
> ITschak's organization doing periodic ongoing penetration testing, your
> organization won't know what vulnerabilities exist.  Since I don't know
> enough about the Unisys mainframes to comment on how well they can be
> secured, I can't comment on how secure they can be made but I do know it is
> a major effort to take advantage of all the tools on any system in making
> it secure and keeping it that way.  If I knew of any major mainframe user
> that does not continually check their systems for vulnerabilities, I would
> be tempted to short sell their stock because they probably either have been
> breached or will be in the near future.
>
> Clark Morris
> >
> >On Sunday, June 2, 2019, 9:57 PM, Clark Morris 
> wrote:
> >
> >[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main
> >0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
> >
> >>He’s trying to sell his company’s security services. Something I thought
> was not allowed on this list.
> >>
> >Whether or not he is selling something and I don't read his posts that
> >way, he is making some valid points. As a retired MVS (I was back in
> >applications by the time z/OS was available) systems programmer, I am
> >far more skeptical about the invulnerability of z/OS.  It is too easy
> >to have decades old stuff still in a system in part because people
> >don't know why it is there or are unaware of its existence.  How much
> >effort is required for an installation to achieve even 95 percent of
> >the invulnerability that is theoretically possible and keep that up.
> >How many holes are left in the average shop  because people don't
> >understand the implications of all of both IBM and vendor defaults
> >where I will almost guarantee that there are at some defaults that
> >leave a system open to hacking.  I think that it is difficult to
> >understand all of the implications of an action.  Many shops may be
> >running exits or other systems modifications that have worked for
> >decades and because they work, no one has checked them to see if they
> >have an unintended vulnerability.  I hope that none of my code that is
> >on file 432 of the CBT Tape (Philips light mods) has any vulnerability
> >but the thing that scares me is that I might not be smart enough to
> >find it even if I was looking for it.  Good security isn't cheap. Z/OS
> >may be the most secure starting base but it requires real effort to
> >actually implement it with both good security and good usability. How
> >much vulnerability is there in the test systems?  How much are the
> >systems programmer sandboxes exposed to the outside world?  What
> >uncertainties exist in systems vendor code?  Are organizations willing
> >or able to periodically test their systems' vulnerabilities?  Can be
> >secure does not mean is secure?
> >
> >Clark Morris
> >>
> >>Sent from Yahoo Mail for iPhone
> >>
> >>
> >>On Sunday, June 2, 2019, 4:04 PM, Seymour J Metz  wrote:
> >>
> >>>  * As p

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

Quite different. The sell the security as part of the OS. They don’t then bash 
the security (their own product) and try to sell you additional products.
IBM actually tells you how great mainframe security is and use it as a selling 
point to industries where security is paramount.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 7:46 AM, Lou Losee  wrote:

So does IBM

Lou

On Tue, Jun 4, 2019 at 6:38 AM Bill Johnson <
0047540adefe-dmarc-requ...@listserv.ua.edu> wrote:

> How do you demonstrate something that hasn’t happened? LOL
> I see your company sells security services too.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw <
> lenni...@rsmpartners.com> wrote:
>
> How do you demonstrate that you have never been hacked?
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:              www.rsmpartners.com
> ‘Dance like no one is watching. Encrypt like everyone is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Bill Johnson
> Sent: 04 June 2019 01:04
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls
>
> 40 years on numerous mainframes at more than a dozen companies and we’ve
> never been hacked and never had any need for penetration testing.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday, June 3, 2019, 11:54 AM, Clark Morris 
> wrote:
>
> [Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main
> 0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
> >He’s selling plain and simple. So is Mugzak. Some laboratory bs that he
> will even show you in application code. Then no doubt analyze your
> application code for a small (large) fee. Nobody is saying the mainframe is
> fool proof. But, it is inherently (by design) more secure than any other
> platform. And, a major reason why almost every bank, insurance company, and
> major retailers still have them.
> >Sent from Yahoo Mail for iPhone
> >
> As a retired systems programmer whose only computer related investments
> are Microsoft, IBM and HPE my belief is that if your organization's
> computer system is connected to the Internet (including from PC's using
> TN3270 emulation), your organization is subject to attack.  If it does not
> have a group or outside organization such as IBM, Trevor's organization or
> ITschak's organization doing periodic ongoing penetration testing, your
> organization won't know what vulnerabilities exist.  Since I don't know
> enough about the Unisys mainframes to comment on how well they can be
> secured, I can't comment on how secure they can be made but I do know it is
> a major effort to take advantage of all the tools on any system in making
> it secure and keeping it that way.  If I knew of any major mainframe user
> that does not continually check their systems for vulnerabilities, I would
> be tempted to short sell their stock because they probably either have been
> breached or will be in the near future.
>
> Clark Morris
> >
> >On Sunday, June 2, 2019, 9:57 PM, Clark Morris 
> wrote:
> >
> >[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main
> >0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
> >
> >>He’s trying to sell his company’s security services. Something I thought
> was not allowed on this list.
> >>
> >Whether or not he is selling something and I don't read his posts that
> >way, he is making some valid points. As a retired MVS (I was back in
> >applications by the time z/OS was available) systems programmer, I am
> >far more skeptical about the invulnerability of z/OS.  It is too easy
> >to have decades old stuff still in a system in part because people
> >don't know why it is there or are unaware of its existence.  How much
> >effort is required for an installation to achieve even 95 percent of
> >the invulnerability that is theoretically possible and keep that up.
> >How many holes are left in the average shop  because people don't
> >understand the implications of all of both IBM and vendor defaults
> >where I will almost guarantee that there are at some defaults that
> >leave a system open to hacking.  I think that it is difficult to
> >understand all of the implications of an action.  Many shops may be
> >running exits or other systems modifications that have worked for
> >decades and because they work, no one has checked them to see if they
> >have an unintended vulnerability.  I hope that none of my code that is
> >on file 432 of the CBT Tape (Philips light mods) has any vulnerability
> >but the thing that scares me is that I might not be smart enough to
> >find it even if I was looking for it.  Good security isn't cheap. Z/OS
> >may be the most secure starting base but it requires real effort to
> >actually implement it with both good security and good usability. How
> >much vulnerability is there in the test systems?  How much are the
> >systems programmer sand

Re: SAP Processor Utilization

[Parwez Hamid]

Bob,

You might want to refer to this White Paper. Not specific to SAPs, but does 
mention numbers for the z13 SAP plus there is additional info about FICON I/O 
etc.

http://www-01.ibm.com/support/docview.wss?mhq=Z%20System%20SAP%20performance&mhsrc=ibmsearch_a&uid=tss1wp102586
IBM System z13 I/O and High Performance FICON for System z Channel 
Performance
IBM z13 and FICON Express16S Channel Performance Whitepaper
www-01.ibm.com

Regards

Parwez Hamid​


From: IBM Mainframe Discussion List  on behalf of 
Richards, Robert B. <01c91f408b9e-dmarc-requ...@listserv.ua.edu>
Sent: 04 June 2019 11:02
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

I suspected that, but was asking to verify my assumption. Thanks to you, Horst 
and Parwez.

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Martin Packer
Sent: Tuesday, June 04, 2019 5:55 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Right; I don't see adequate instrumentation to answer the question.

Cheers, Martin

Martin Packer

zChampion, Systems Investigator & Performance Troubleshooter, IBM

+44-7802-245-584

email: martin_pac...@uk.ibm.com

Twitter / Facebook IDs: MartinPacker

Blog:
https://www.ibm.com/developerworks/mydeveloperworks/blogs/MartinPacker

Podcast Series (With Marna Walle): https://developer.ibm.com/tv/mpt/or

https://itunes.apple.com/gb/podcast/mainframe-performance-topics/id1127943573?mt=2


Youtube channel: https://www.youtube.com/channel/UCu_65HaYgksbF6Q8SQ4oOvA



From:   Parwez Hamid 
To: IBM-MAIN@LISTSERV.UA.EDU
Date:   04/06/2019 10:46
Subject:Re: SAP Processor Utilization
Sent by:IBM Mainframe Discussion List 



Doesn't answer your Q. However, unless you have a very I/O intensive
workload e.g. TPF system, normally there is sufficient SAP capacity for Z
servers. The other point to note is SAPs on z14 servers also support SMT
(Simultaneous
Threading) as standard..

Regards

Parwez Hamid​


From: IBM Mainframe Discussion List  on behalf
of Richards, Robert B. <01c91f408b9e-dmarc-requ...@listserv.ua.edu>
Sent: 04 June 2019 09:39
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Thank you, Horst.

My colleague ran reports on them over a 60 day period for two different
CPCs. Are there any benchmarks in use that would indicate the necessity
for more (or less) SAPs?

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Horst Sinram
Sent: Tuesday, June 04, 2019 4:13 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

On z/OS, you can use SMF78.3 and the RMF IOQ report. Plus, there are some
related overview conditions.

Horst Sinram - STSM, IBM z/OS Workload and Capacity Management



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SAP Processor Utilization

[Richards, Robert B.]

Parwez,

Are there z14 and/or z14 ZR1 equivalent white papers or SAP numbers as stated 
in the summary of these documents?  :-)

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Parwez Hamid
Sent: Tuesday, June 04, 2019 7:53 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Bob,

You might want to refer to this White Paper. Not specific to SAPs, but does 
mention numbers for the z13 SAP plus there is additional info about FICON I/O 
etc.

http://www-01.ibm.com/support/docview.wss?mhq=Z%20System%20SAP%20performance&mhsrc=ibmsearch_a&uid=tss1wp102586
IBM System z13 I/O and High Performance FICON for System z Channel 
Performance
IBM z13 and FICON Express16S Channel Performance Whitepaper
www-01.ibm.com

Regards

Parwez Hamid​


From: IBM Mainframe Discussion List  on behalf of 
Richards, Robert B. <01c91f408b9e-dmarc-requ...@listserv.ua.edu>
Sent: 04 June 2019 11:02
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

I suspected that, but was asking to verify my assumption. Thanks to you, Horst 
and Parwez.

Bob

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Martin Packer
Sent: Tuesday, June 04, 2019 5:55 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Right; I don't see adequate instrumentation to answer the question.

Cheers, Martin

Martin Packer

zChampion, Systems Investigator & Performance Troubleshooter, IBM

+44-7802-245-584

email: martin_pac...@uk.ibm.com

Twitter / Facebook IDs: MartinPacker

Blog:
https://www.ibm.com/developerworks/mydeveloperworks/blogs/MartinPacker

Podcast Series (With Marna Walle): https://developer.ibm.com/tv/mpt/or

https://itunes.apple.com/gb/podcast/mainframe-performance-topics/id1127943573?mt=2


Youtube channel: https://www.youtube.com/channel/UCu_65HaYgksbF6Q8SQ4oOvA



From:   Parwez Hamid 
To: IBM-MAIN@LISTSERV.UA.EDU
Date:   04/06/2019 10:46
Subject:Re: SAP Processor Utilization
Sent by:IBM Mainframe Discussion List 



Doesn't answer your Q. However, unless you have a very I/O intensive
workload e.g. TPF system, normally there is sufficient SAP capacity for Z
servers. The other point to note is SAPs on z14 servers also support SMT
(Simultaneous
Threading) as standard..

Regards

Parwez Hamid​


From: IBM Mainframe Discussion List  on behalf
of Richards, Robert B. <01c91f408b9e-dmarc-requ...@listserv.ua.edu>
Sent: 04 June 2019 09:39
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

Thank you, Horst.

My colleague ran reports on them over a 60 day period for two different
CPCs. Are there any benchmarks in use that would indicate the necessity
for more (or less) SAPs?

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Horst Sinram
Sent: Tuesday, June 04, 2019 4:13 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SAP Processor Utilization

On z/OS, you can use SMF78.3 and the RMF IOQ report. Plus, there are some
related overview conditions.

Horst Sinram - STSM, IBM z/OS Workload and Capacity Management



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: MVSCPCMD in batch

[John McKown]

On Mon, Jun 3, 2019 at 5:23 PM Tony Thigpen  wrote:

> I would not convert it to LE.
>
> I have strong feelings that any system tool like this must be able to
> run in a crippled system with as little support from the OS as possible.
>

Hum. I hadn't thought of running this in a "crippled" environment. I would
have imagined that I would be logged into the z/VM "console" for the z/OS
guest to interactively issue CP commands, rather than via TSO or batch.



>
> As an opinion, I think that simple programs like this should not be
> converted to base-less programming either. One, there is no need and
> second, I believe that abend fixing is easier with a base address.
>
> KISS rules. :-)
>

True. I think that baseless programming is actually simpler. But in a very
short routine like this one, it doesn't really make much of a difference.
Almost all of the "application" code that I write now is baseless, with R&I
instructions as well as LE enabled. Why LE? Because I can then use a lot of
LE routines as well a C language subroutines, such as "snprintf" (which is
wonderful to make nicely formatted messages). There are some nice ones. I
know that many still hate LE, but I have learned to love the pain.



>
> I have no real opinion about making a unix command as I don't really use
> unix that much, but personally I would prefer that a unix user not have
> access to VM commands.
>

I do a _LOT_ of z/OS UNIX shell scripting. I can do a UNIX shell script and
get an answer faster than writing a TSO REXX program. Why should a TSO user
have access, but not a UNIX user? I, personally, don't see any difference.
I like what I read from Mr. Elliot about using RACF to restrict access to
this program. Of course, this can be done implicitly done by putting the
code in a place where unauthorized user cannot access it. I.e. no access to
the STEPLIB or UNIX directory which contains the program.


Of course, for me, all of this is theoretical because I don't have access
to a z/VM system.



>
> Tony Thigpen
>
>
-- 
This is clearly another case of too many mad scientists, and not enough
hunchbacks.


Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Lennie Dymoke-Bradshaw]

Bill,

It is very difficult to prove the negative. Hence, your claim that your system 
has never been hacked is difficult to prove. I think it is possible that your 
system has been "hacked" and your data has been exfiltrated. There is no reason 
for the hacker to call attention to that fact that you have been hacked. 

However, by maintaining that you have not been hacked, and also maintaining 
that it is very unlikely that you would ever be hacked, I fear you are doing 
your employers a disservice.

Actually, I work through RSM partners as an independent contractor. Yes, they 
sell security services. Yes, I am sometimes called upon to deliver such 
services. Nothing to hide here. Most people have to work for a living. I 
imagine you do too. Just because one works in an industry does not mean one's 
opinion of the industry is invalid; in fact, the opposite is frequently true.

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd  
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 12:37
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

How do you demonstrate something that hasn’t happened? LOL I see your company 
sells security services too.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw 
 wrote:

How do you demonstrate that you have never been hacked?

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd  
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 01:04
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

40 years on numerous mainframes at more than a dozen companies and we’ve never 
been hacked and never had any need for penetration testing.


Sent from Yahoo Mail for iPhone


On Monday, June 3, 2019, 11:54 AM, Clark Morris  wrote:

[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main 
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>He’s selling plain and simple. So is Mugzak. Some laboratory bs that he will 
>even show you in application code. Then no doubt analyze your application code 
>for a small (large) fee. Nobody is saying the mainframe is fool proof. But, it 
>is inherently (by design) more secure than any other platform. And, a major 
>reason why almost every bank, insurance company, and major retailers still 
>have them.
>Sent from Yahoo Mail for iPhone
>
As a retired systems programmer whose only computer related investments are 
Microsoft, IBM and HPE my belief is that if your organization's computer system 
is connected to the Internet (including from PC's using TN3270 emulation), your 
organization is subject to attack.  If it does not have a group or outside 
organization such as IBM, Trevor's organization or ITschak's organization doing 
periodic ongoing penetration testing, your organization won't know what 
vulnerabilities exist.  Since I don't know enough about the Unisys mainframes 
to comment on how well they can be secured, I can't comment on how secure they 
can be made but I do know it is a major effort to take advantage of all the 
tools on any system in making it secure and keeping it that way.  If I knew of 
any major mainframe user that does not continually check their systems for 
vulnerabilities, I would be tempted to short sell their stock because they 
probably either have been breached or will be in the near future.

Clark Morris  
>
>On Sunday, June 2, 2019, 9:57 PM, Clark Morris  wrote:
>
>[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main 
>0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
>>He’s trying to sell his company’s security services. Something I thought was 
>>not allowed on this list.
>>
>Whether or not he is selling something and I don't read his posts that 
>way, he is making some valid points. As a retired MVS (I was back in 
>applications by the time z/OS was available) systems programmer, I am 
>far more skeptical about the invulnerability of z/OS.  It is too easy 
>to have decades old stuff still in a system in part because people 
>don't know why it is there or are unaware of its existence.  How much 
>effort is required for an installation to achieve even 95 percent of 
>the invulnerability that is theoretically possible and keep that up.
>How many holes are left in the average shop  because people don't 
>understand the implications of all of both IBM and vendor defaults 
>where I will almost guarantee that there are at some defaults that 
>leave a system open to hacking.  I think that it is difficult to 
>understand all of the implications of an action.  Many shops may be 
>running exits or other systems

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

In 40 years, I’ve never seen any company I’ve worked for have their mainframe 
hacked or compromised. Including a bank and multiple insurance companies. Plus, 
I was in positions to know.
I have seen numerous hacks and compromises of non mainframe platforms at those 
companies.

As Warren Buffett says: Never ask your barber if you need a haircut.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 8:44 AM, Lennie Dymoke-Bradshaw 
 wrote:

Bill,

It is very difficult to prove the negative. Hence, your claim that your system 
has never been hacked is difficult to prove. I think it is possible that your 
system has been "hacked" and your data has been exfiltrated. There is no reason 
for the hacker to call attention to that fact that you have been hacked. 

However, by maintaining that you have not been hacked, and also maintaining 
that it is very unlikely that you would ever be hacked, I fear you are doing 
your employers a disservice.

Actually, I work through RSM partners as an independent contractor. Yes, they 
sell security services. Yes, I am sometimes called upon to deliver such 
services. Nothing to hide here. Most people have to work for a living. I 
imagine you do too. Just because one works in an industry does not mean one's 
opinion of the industry is invalid; in fact, the opposite is frequently true.

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd  
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 12:37
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

How do you demonstrate something that hasn’t happened? LOL I see your company 
sells security services too.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw 
 wrote:

How do you demonstrate that you have never been hacked?

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd  
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 01:04
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

40 years on numerous mainframes at more than a dozen companies and we’ve never 
been hacked and never had any need for penetration testing.


Sent from Yahoo Mail for iPhone


On Monday, June 3, 2019, 11:54 AM, Clark Morris  wrote:

[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main 
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>He’s selling plain and simple. So is Mugzak. Some laboratory bs that he will 
>even show you in application code. Then no doubt analyze your application code 
>for a small (large) fee. Nobody is saying the mainframe is fool proof. But, it 
>is inherently (by design) more secure than any other platform. And, a major 
>reason why almost every bank, insurance company, and major retailers still 
>have them.
>Sent from Yahoo Mail for iPhone
>
As a retired systems programmer whose only computer related investments are 
Microsoft, IBM and HPE my belief is that if your organization's computer system 
is connected to the Internet (including from PC's using TN3270 emulation), your 
organization is subject to attack.  If it does not have a group or outside 
organization such as IBM, Trevor's organization or ITschak's organization doing 
periodic ongoing penetration testing, your organization won't know what 
vulnerabilities exist.  Since I don't know enough about the Unisys mainframes 
to comment on how well they can be secured, I can't comment on how secure they 
can be made but I do know it is a major effort to take advantage of all the 
tools on any system in making it secure and keeping it that way.  If I knew of 
any major mainframe user that does not continually check their systems for 
vulnerabilities, I would be tempted to short sell their stock because they 
probably either have been breached or will be in the near future.

Clark Morris  
>
>On Sunday, June 2, 2019, 9:57 PM, Clark Morris  wrote:
>
>[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main 
>0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
>>He’s trying to sell his company’s security services. Something I thought was 
>>not allowed on this list.
>>
>Whether or not he is selling something and I don't read his posts that 
>way, he is making some valid points. As a retired MVS (I was back in 
>applications by the time z/OS was available) systems programmer, I am 
>far more skeptical about the invulnerability of z/OS.  It is too easy 
>to have decades old stuff still in a system in part because people 
>don't know why it is there or are unaware of its existence.  How much 
>effort is required for an installation to achieve even 95 per

Re: Just how secure are mainframes? | Trevor Eddolls

[ITschak Mugzach]

Lennie,

You are inviting 'he tries to sell his product / services' ...

ITschak

On Tue, Jun 4, 2019 at 3:45 PM Lennie Dymoke-Bradshaw <
lenni...@rsmpartners.com> wrote:

> Bill,
>
> It is very difficult to prove the negative. Hence, your claim that your
> system has never been hacked is difficult to prove. I think it is possible
> that your system has been "hacked" and your data has been exfiltrated.
> There is no reason for the hacker to call attention to that fact that you
> have been hacked.
>
> However, by maintaining that you have not been hacked, and also
> maintaining that it is very unlikely that you would ever be hacked, I fear
> you are doing your employers a disservice.
>
> Actually, I work through RSM partners as an independent contractor. Yes,
> they sell security services. Yes, I am sometimes called upon to deliver
> such services. Nothing to hide here. Most people have to work for a living.
> I imagine you do too. Just because one works in an industry does not mean
> one's opinion of the industry is invalid; in fact, the opposite is
> frequently true.
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:  www.rsmpartners.com
> ‘Dance like no one is watching. Encrypt like everyone is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Bill Johnson
> Sent: 04 June 2019 12:37
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls
>
> How do you demonstrate something that hasn’t happened? LOL I see your
> company sells security services too.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw <
> lenni...@rsmpartners.com> wrote:
>
> How do you demonstrate that you have never been hacked?
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:  www.rsmpartners.com
> ‘Dance like no one is watching. Encrypt like everyone is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Bill Johnson
> Sent: 04 June 2019 01:04
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls
>
> 40 years on numerous mainframes at more than a dozen companies and we’ve
> never been hacked and never had any need for penetration testing.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday, June 3, 2019, 11:54 AM, Clark Morris 
> wrote:
>
> [Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main
> 0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
> >He’s selling plain and simple. So is Mugzak. Some laboratory bs that he
> will even show you in application code. Then no doubt analyze your
> application code for a small (large) fee. Nobody is saying the mainframe is
> fool proof. But, it is inherently (by design) more secure than any other
> platform. And, a major reason why almost every bank, insurance company, and
> major retailers still have them.
> >Sent from Yahoo Mail for iPhone
> >
> As a retired systems programmer whose only computer related investments
> are Microsoft, IBM and HPE my belief is that if your organization's
> computer system is connected to the Internet (including from PC's using
> TN3270 emulation), your organization is subject to attack.  If it does not
> have a group or outside organization such as IBM, Trevor's organization or
> ITschak's organization doing periodic ongoing penetration testing, your
> organization won't know what vulnerabilities exist.  Since I don't know
> enough about the Unisys mainframes to comment on how well they can be
> secured, I can't comment on how secure they can be made but I do know it is
> a major effort to take advantage of all the tools on any system in making
> it secure and keeping it that way.  If I knew of any major mainframe user
> that does not continually check their systems for vulnerabilities, I would
> be tempted to short sell their stock because they probably either have been
> breached or will be in the near future.
>
> Clark Morris
> >
> >On Sunday, June 2, 2019, 9:57 PM, Clark Morris 
> wrote:
> >
> >[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main
> >0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
> >
> >>He’s trying to sell his company’s security services. Something I thought
> was not allowed on this list.
> >>
> >Whether or not he is selling something and I don't read his posts that
> >way, he is making some valid points. As a retired MVS (I was back in
> >applications by the time z/OS was available) systems programmer, I am
> >far more skeptical about the invulnerability of z/OS.  It is too easy
> >to have decades old stuff still in a system in part because people
> >don't know why it is there or are unaware of its existence.  How much
> >effort is required for an installation to achieve even 95 percent of
> >the invulnerability that is theoretically possible and keep that up.
> >How many holes are left in the a

Re: Just how secure are mainframes? | Trevor Eddolls

[Lennie Dymoke-Bradshaw]

Bill,

So you have not seen these things. Others have. Please accept their word for 
this.

If you were as rich as Warren Buffet then you could afford to employ others to 
work out if you need a haircut. Maybe you could teach yourself those skills. 
Your logic takes us down a path of only taking advice from those who have no 
experience. Your choice.

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd  
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 13:52
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

In 40 years, I’ve never seen any company I’ve worked for have their mainframe 
hacked or compromised. Including a bank and multiple insurance companies. Plus, 
I was in positions to know.
I have seen numerous hacks and compromises of non mainframe platforms at those 
companies.

As Warren Buffett says: Never ask your barber if you need a haircut.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 8:44 AM, Lennie Dymoke-Bradshaw 
 wrote:

Bill,

It is very difficult to prove the negative. Hence, your claim that your system 
has never been hacked is difficult to prove. I think it is possible that your 
system has been "hacked" and your data has been exfiltrated. There is no reason 
for the hacker to call attention to that fact that you have been hacked. 

However, by maintaining that you have not been hacked, and also maintaining 
that it is very unlikely that you would ever be hacked, I fear you are doing 
your employers a disservice.

Actually, I work through RSM partners as an independent contractor. Yes, they 
sell security services. Yes, I am sometimes called upon to deliver such 
services. Nothing to hide here. Most people have to work for a living. I 
imagine you do too. Just because one works in an industry does not mean one's 
opinion of the industry is invalid; in fact, the opposite is frequently true.

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 12:37
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

How do you demonstrate something that hasn’t happened? LOL I see your company 
sells security services too.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw 
 wrote:

How do you demonstrate that you have never been hacked?

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 01:04
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

40 years on numerous mainframes at more than a dozen companies and we’ve never 
been hacked and never had any need for penetration testing.


Sent from Yahoo Mail for iPhone


On Monday, June 3, 2019, 11:54 AM, Clark Morris  wrote:

[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main 
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>He’s selling plain and simple. So is Mugzak. Some laboratory bs that he will 
>even show you in application code. Then no doubt analyze your application code 
>for a small (large) fee. Nobody is saying the mainframe is fool proof. But, it 
>is inherently (by design) more secure than any other platform. And, a major 
>reason why almost every bank, insurance company, and major retailers still 
>have them.
>Sent from Yahoo Mail for iPhone
>
As a retired systems programmer whose only computer related investments are 
Microsoft, IBM and HPE my belief is that if your organization's computer system 
is connected to the Internet (including from PC's using TN3270 emulation), your 
organization is subject to attack.  If it does not have a group or outside 
organization such as IBM, Trevor's organization or ITschak's organization doing 
periodic ongoing penetration testing, your organization won't know what 
vulnerabilities exist.  Since I don't know enough about the Unisys mainframes 
to comment on how well they can be secured, I can't comment on how secure they 
can be made but I do know it is a major effort to take advantage of all the 
tools on any system in making it secure and keeping it that way.  If I knew of 
any major mainframe user that does not continually check their systems for 
vulnerabilities, I would be tempted to short sell their stock because they 
probably either have been breached or will be in the near future.

Clark Morris  
>
>On Sunday, June 2, 2019, 9:57 PM, Clark Morris  wrote:
>
>[Default] On 

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

It’s a little more than coincidence that 3 of the most vociferous posters who 
claim the mainframe is not secure, all sell mainframe security services.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 8:59 AM, ITschak Mugzach  wrote:

Lennie,

You are inviting 'he tries to sell his product / services' ...

ITschak

On Tue, Jun 4, 2019 at 3:45 PM Lennie Dymoke-Bradshaw <
lenni...@rsmpartners.com> wrote:

> Bill,
>
> It is very difficult to prove the negative. Hence, your claim that your
> system has never been hacked is difficult to prove. I think it is possible
> that your system has been "hacked" and your data has been exfiltrated.
> There is no reason for the hacker to call attention to that fact that you
> have been hacked.
>
> However, by maintaining that you have not been hacked, and also
> maintaining that it is very unlikely that you would ever be hacked, I fear
> you are doing your employers a disservice.
>
> Actually, I work through RSM partners as an independent contractor. Yes,
> they sell security services. Yes, I am sometimes called upon to deliver
> such services. Nothing to hide here. Most people have to work for a living.
> I imagine you do too. Just because one works in an industry does not mean
> one's opinion of the industry is invalid; in fact, the opposite is
> frequently true.
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:              www.rsmpartners.com
> ‘Dance like no one is watching. Encrypt like everyone is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Bill Johnson
> Sent: 04 June 2019 12:37
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls
>
> How do you demonstrate something that hasn’t happened? LOL I see your
> company sells security services too.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw <
> lenni...@rsmpartners.com> wrote:
>
> How do you demonstrate that you have never been hacked?
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:              www.rsmpartners.com
> ‘Dance like no one is watching. Encrypt like everyone is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf
> Of Bill Johnson
> Sent: 04 June 2019 01:04
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls
>
> 40 years on numerous mainframes at more than a dozen companies and we’ve
> never been hacked and never had any need for penetration testing.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday, June 3, 2019, 11:54 AM, Clark Morris 
> wrote:
>
> [Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main
> 0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
> >He’s selling plain and simple. So is Mugzak. Some laboratory bs that he
> will even show you in application code. Then no doubt analyze your
> application code for a small (large) fee. Nobody is saying the mainframe is
> fool proof. But, it is inherently (by design) more secure than any other
> platform. And, a major reason why almost every bank, insurance company, and
> major retailers still have them.
> >Sent from Yahoo Mail for iPhone
> >
> As a retired systems programmer whose only computer related investments
> are Microsoft, IBM and HPE my belief is that if your organization's
> computer system is connected to the Internet (including from PC's using
> TN3270 emulation), your organization is subject to attack.  If it does not
> have a group or outside organization such as IBM, Trevor's organization or
> ITschak's organization doing periodic ongoing penetration testing, your
> organization won't know what vulnerabilities exist.  Since I don't know
> enough about the Unisys mainframes to comment on how well they can be
> secured, I can't comment on how secure they can be made but I do know it is
> a major effort to take advantage of all the tools on any system in making
> it secure and keeping it that way.  If I knew of any major mainframe user
> that does not continually check their systems for vulnerabilities, I would
> be tempted to short sell their stock because they probably either have been
> breached or will be in the near future.
>
> Clark Morris
> >
> >On Sunday, June 2, 2019, 9:57 PM, Clark Morris 
> wrote:
> >
> >[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main
> >0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
> >
> >>He’s trying to sell his company’s security services. Something I thought
> was not allowed on this list.
> >>
> >Whether or not he is selling something and I don't read his posts that
> >way, he is making some valid points. As a retired MVS (I was back in
> >applications by the time z/OS was available) systems programmer, I am
> >far more skeptical about the invulnerability of z/OS.  It is too easy
> >to have decades old stuff still in a system in part because people
> >d

Re: Just how secure are mainframes? | Trevor Eddolls

[Lennie Dymoke-Bradshaw]

Just maybe, they are the ones who understand the problems, as they spend time 
focussed on them.

Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd  
Web:  www.rsmpartners.com
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: 04 June 2019 14:09
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor Eddolls

It’s a little more than coincidence that 3 of the most vociferous posters who 
claim the mainframe is not secure, all sell mainframe security services.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 8:59 AM, ITschak Mugzach  wrote:

Lennie,

You are inviting 'he tries to sell his product / services' ...

ITschak

On Tue, Jun 4, 2019 at 3:45 PM Lennie Dymoke-Bradshaw < 
lenni...@rsmpartners.com> wrote:

> Bill,
>
> It is very difficult to prove the negative. Hence, your claim that 
> your system has never been hacked is difficult to prove. I think it is 
> possible that your system has been "hacked" and your data has been 
> exfiltrated.
> There is no reason for the hacker to call attention to that fact that 
> you have been hacked.
>
> However, by maintaining that you have not been hacked, and also 
> maintaining that it is very unlikely that you would ever be hacked, I 
> fear you are doing your employers a disservice.
>
> Actually, I work through RSM partners as an independent contractor. 
> Yes, they sell security services. Yes, I am sometimes called upon to 
> deliver such services. Nothing to hide here. Most people have to work for a 
> living.
> I imagine you do too. Just because one works in an industry does not 
> mean one's opinion of the industry is invalid; in fact, the opposite 
> is frequently true.
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:              www.rsmpartners.com
> ‘Dance like no one is watching. Encrypt like everyone is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of Bill Johnson
> Sent: 04 June 2019 12:37
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor 
> Eddolls
>
> How do you demonstrate something that hasn’t happened? LOL I see your 
> company sells security services too.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw < 
> lenni...@rsmpartners.com> wrote:
>
> How do you demonstrate that you have never been hacked?
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:              www.rsmpartners.com
> ‘Dance like no one is watching. Encrypt like everyone is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of Bill Johnson
> Sent: 04 June 2019 01:04
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor 
> Eddolls
>
> 40 years on numerous mainframes at more than a dozen companies and 
> we’ve never been hacked and never had any need for penetration testing.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday, June 3, 2019, 11:54 AM, Clark Morris 
> wrote:
>
> [Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main 
> 0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
> >He’s selling plain and simple. So is Mugzak. Some laboratory bs that 
> >he
> will even show you in application code. Then no doubt analyze your 
> application code for a small (large) fee. Nobody is saying the 
> mainframe is fool proof. But, it is inherently (by design) more secure 
> than any other platform. And, a major reason why almost every bank, 
> insurance company, and major retailers still have them.
> >Sent from Yahoo Mail for iPhone
> >
> As a retired systems programmer whose only computer related 
> investments are Microsoft, IBM and HPE my belief is that if your 
> organization's computer system is connected to the Internet (including 
> from PC's using
> TN3270 emulation), your organization is subject to attack.  If it does 
> not have a group or outside organization such as IBM, Trevor's 
> organization or ITschak's organization doing periodic ongoing 
> penetration testing, your organization won't know what vulnerabilities 
> exist.  Since I don't know enough about the Unisys mainframes to 
> comment on how well they can be secured, I can't comment on how secure 
> they can be made but I do know it is a major effort to take advantage 
> of all the tools on any system in making it secure and keeping it that 
> way.  If I knew of any major mainframe user that does not continually 
> check their systems for vulnerabilities, I would be tempted to short 
> sell their stock because they probably either have been breached or will be 
> in the near future.
>
> Clark Morris
> >
> >On Sunday, June 2, 2019, 9:57 PM, Clark Morris 
> wrote:
> >
> >[Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main 
> >0047540adefe-dmarc-

Out of heap space while invoking a jar java8 but works fine when invoke the jar when run in java7 using Ent Cobol 4.2

[Nazih Noujaim]

HI  Everyone

I have an OO Cobol program that invokes a jar on USS using java v1.8, 31 bit.  
When I run over 250K calls, it runs out of memory. If the jar is created in 
java 7 and I compile/link/run the OO cobol pgm in Java 731, it runs fine.

I saw that there was some problems back in java 5 in the IBM sdk with OOM and 
was fixed but nothing recent. Is anyone aware of any similar issues with java 
1.8? Is there any update to the JNI copy book whether you use v7 or v8? Any 
different options in the JVM setup/Installation that I should ask about?

Here is my calling order:
NewStringPlatform
Invoke
GetStringPlatform
2 DeleteLocalRef  calls for the input and return string.


I haven't been able to find any links on diffs between 7 and 8?

TIA
Naz




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: MVSCPCMD in batch

[Tony Thigpen]

By "crippled", it could be during early IPL or late shutdown.

Tony Thigpen

John McKown wrote on 6/4/19 8:20 AM:

On Mon, Jun 3, 2019 at 5:23 PM Tony Thigpen  wrote:


I would not convert it to LE.

I have strong feelings that any system tool like this must be able to
run in a crippled system with as little support from the OS as possible.



Hum. I hadn't thought of running this in a "crippled" environment. I would
have imagined that I would be logged into the z/VM "console" for the z/OS
guest to interactively issue CP commands, rather than via TSO or batch.





As an opinion, I think that simple programs like this should not be
converted to base-less programming either. One, there is no need and
second, I believe that abend fixing is easier with a base address.

KISS rules. :-)



True. I think that baseless programming is actually simpler. But in a very
short routine like this one, it doesn't really make much of a difference.
Almost all of the "application" code that I write now is baseless, with R&I
instructions as well as LE enabled. Why LE? Because I can then use a lot of
LE routines as well a C language subroutines, such as "snprintf" (which is
wonderful to make nicely formatted messages). There are some nice ones. I
know that many still hate LE, but I have learned to love the pain.





I have no real opinion about making a unix command as I don't really use
unix that much, but personally I would prefer that a unix user not have
access to VM commands.



I do a _LOT_ of z/OS UNIX shell scripting. I can do a UNIX shell script and
get an answer faster than writing a TSO REXX program. Why should a TSO user
have access, but not a UNIX user? I, personally, don't see any difference.
I like what I read from Mr. Elliot about using RACF to restrict access to
this program. Of course, this can be done implicitly done by putting the
code in a place where unauthorized user cannot access it. I.e. no access to
the STEPLIB or UNIX directory which contains the program.


Of course, for me, all of this is theoretical because I don't have access
to a z/VM system.





Tony Thigpen




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Rob Scott]

Bill

Do you believe :

(o) That there have never been any "magic" or "auth on" SVCs or PC routines?

(o) That there is no such thing as a Sec/Int APAR?

(o) That Karl Schmitz has just been wasting his breath for the last 20 years?

(o) That IBM's Secure Engineering department just sit around eating doughnuts 
and drinking coffee?

(o) User key common storage never existed?

(o) That every ISV developer is as good as the very best IBM Poughkeepsie z/OS 
developer you can find?

(o) That in-house sysprogs who tinker with their own or public domain 
authorized code are as good as the very best IBM Poughkeepsie z/OS developer 
you can find?

(o) That pentest software has never found an exposure at a large mainframe site 
- including financial institutions?

z/OS is a extremely robust and well-engineered operating system, but to claim 
it to be 100% secure in all deployments would be naive.

Rob Scott
Rocket Software


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: Tuesday, June 4, 2019 2:09 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

It’s a little more than coincidence that 3 of the most vociferous posters who 
claim the mainframe is not secure, all sell mainframe security services.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 8:59 AM, ITschak Mugzach  wrote:

Lennie,

You are inviting 'he tries to sell his product / services' ...

ITschak

On Tue, Jun 4, 2019 at 3:45 PM Lennie Dymoke-Bradshaw < 
lenni...@rsmpartners.com> wrote:

> Bill,
>
> It is very difficult to prove the negative. Hence, your claim that
> your system has never been hacked is difficult to prove. I think it is
> possible that your system has been "hacked" and your data has been 
> exfiltrated.
> There is no reason for the hacker to call attention to that fact that
> you have been hacked.
>
> However, by maintaining that you have not been hacked, and also
> maintaining that it is very unlikely that you would ever be hacked, I
> fear you are doing your employers a disservice.
>
> Actually, I work through RSM partners as an independent contractor.
> Yes, they sell security services. Yes, I am sometimes called upon to
> deliver such services. Nothing to hide here. Most people have to work for a 
> living.
> I imagine you do too. Just because one works in an industry does not
> mean one's opinion of the industry is invalid; in fact, the opposite
> is frequently true.
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:
> https://nam01.safelinks.protection.outlook.com/?url=www.rsmpartners.co
> m&data=02%7C01%7CRScott%40ROCKETSOFTWARE.COM%7Cccae2809339a4bc9de9
> 008d6e8ede103%7C79544c1eed224879a082b67a9a672aae%7C0%7C0%7C63695250572
> 5186342&sdata=79Mc6duyUK9psstxyH%2FfJq%2BVaSed9R17yT4fGdCK8oE%3D&a
> mp;reserved=0 ‘Dance like no one is watching. Encrypt like everyone
> is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of Bill Johnson
> Sent: 04 June 2019 12:37
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor
> Eddolls
>
> How do you demonstrate something that hasn’t happened? LOL I see your
> company sells security services too.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw <
> lenni...@rsmpartners.com> wrote:
>
> How do you demonstrate that you have never been hacked?
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:
> https://nam01.safelinks.protection.outlook.com/?url=www.rsmpartners.co
> m&data=02%7C01%7CRScott%40ROCKETSOFTWARE.COM%7Cccae2809339a4bc9de9
> 008d6e8ede103%7C79544c1eed224879a082b67a9a672aae%7C0%7C0%7C63695250572
> 5186342&sdata=79Mc6duyUK9psstxyH%2FfJq%2BVaSed9R17yT4fGdCK8oE%3D&a
> mp;reserved=0 ‘Dance like no one is watching. Encrypt like everyone
> is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of Bill Johnson
> Sent: 04 June 2019 01:04
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor
> Eddolls
>
> 40 years on numerous mainframes at more than a dozen companies and
> we’ve never been hacked and never had any need for penetration testing.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday, June 3, 2019, 11:54 AM, Clark Morris 
> wrote:
>
> [Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main
> 0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
> >He’s selling plain and simple. So is Mugzak. Some laboratory bs that
> >he
> will even show you in application code. Then no doubt analyze your
> application code for a small (large) fee. Nobody is saying the
> mainframe is fool proof. But, it is inherently (by design) more secure
> than any other platform. And, a major reason why almost every bank,
> insurance company, and major retailers still have them.
> >Sent from Yahoo Mail for iPhone
> >
> As a retired systems programme

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

Why do you people keep saying I said it was 100% secure? I never said that, 
ever. Nothing is 100% secure. I’m well aware of sec/int APARS and well aware of 
the rest.
All I said was the MF is the most secure platform on the planet (by design) and 
security is one of the main reasons banks, insurers, and large retailers stay 
on it. And, I provided 3-4 articles saying exactly that. Plus, I’ve worked at a 
bank and multiple insurers and know that’s the case.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 9:53 AM, Rob Scott  wrote:

Bill

Do you believe :

(o) That there have never been any "magic" or "auth on" SVCs or PC routines?

(o) That there is no such thing as a Sec/Int APAR?

(o) That Karl Schmitz has just been wasting his breath for the last 20 years?

(o) That IBM's Secure Engineering department just sit around eating doughnuts 
and drinking coffee?

(o) User key common storage never existed?

(o) That every ISV developer is as good as the very best IBM Poughkeepsie z/OS 
developer you can find?

(o) That in-house sysprogs who tinker with their own or public domain 
authorized code are as good as the very best IBM Poughkeepsie z/OS developer 
you can find?

(o) That pentest software has never found an exposure at a large mainframe site 
- including financial institutions?

z/OS is a extremely robust and well-engineered operating system, but to claim 
it to be 100% secure in all deployments would be naive.

Rob Scott
Rocket Software


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Bill Johnson
Sent: Tuesday, June 4, 2019 2:09 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

It’s a little more than coincidence that 3 of the most vociferous posters who 
claim the mainframe is not secure, all sell mainframe security services.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 8:59 AM, ITschak Mugzach  wrote:

Lennie,

You are inviting 'he tries to sell his product / services' ...

ITschak

On Tue, Jun 4, 2019 at 3:45 PM Lennie Dymoke-Bradshaw < 
lenni...@rsmpartners.com> wrote:

> Bill,
>
> It is very difficult to prove the negative. Hence, your claim that
> your system has never been hacked is difficult to prove. I think it is
> possible that your system has been "hacked" and your data has been 
> exfiltrated.
> There is no reason for the hacker to call attention to that fact that
> you have been hacked.
>
> However, by maintaining that you have not been hacked, and also
> maintaining that it is very unlikely that you would ever be hacked, I
> fear you are doing your employers a disservice.
>
> Actually, I work through RSM partners as an independent contractor.
> Yes, they sell security services. Yes, I am sometimes called upon to
> deliver such services. Nothing to hide here. Most people have to work for a 
> living.
> I imagine you do too. Just because one works in an industry does not
> mean one's opinion of the industry is invalid; in fact, the opposite
> is frequently true.
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:
> https://nam01.safelinks.protection.outlook.com/?url=www.rsmpartners.co
> m&data=02%7C01%7CRScott%40ROCKETSOFTWARE.COM%7Cccae2809339a4bc9de9
> 008d6e8ede103%7C79544c1eed224879a082b67a9a672aae%7C0%7C0%7C63695250572
> 5186342&sdata=79Mc6duyUK9psstxyH%2FfJq%2BVaSed9R17yT4fGdCK8oE%3D&a
> mp;reserved=0 ‘Dance like no one is watching. Encrypt like everyone
> is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of Bill Johnson
> Sent: 04 June 2019 12:37
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor
> Eddolls
>
> How do you demonstrate something that hasn’t happened? LOL I see your
> company sells security services too.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Tuesday, June 4, 2019, 5:59 AM, Lennie Dymoke-Bradshaw <
> lenni...@rsmpartners.com> wrote:
>
> How do you demonstrate that you have never been hacked?
>
> Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd
> Web:
> https://nam01.safelinks.protection.outlook.com/?url=www.rsmpartners.co
> m&data=02%7C01%7CRScott%40ROCKETSOFTWARE.COM%7Cccae2809339a4bc9de9
> 008d6e8ede103%7C79544c1eed224879a082b67a9a672aae%7C0%7C0%7C63695250572
> 5186342&sdata=79Mc6duyUK9psstxyH%2FfJq%2BVaSed9R17yT4fGdCK8oE%3D&a
> mp;reserved=0 ‘Dance like no one is watching. Encrypt like everyone
> is.’
>
> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of Bill Johnson
> Sent: 04 June 2019 01:04
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [IBM-MAIN] Just how secure are mainframes? | Trevor
> Eddolls
>
> 40 years on numerous mainframes at more than a dozen companies and
> we’ve never been hacked and never had any need for penetration testing.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday, June 3, 2019, 11:54 AM, Clark Morris 
> wrote:
>
> [Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main
> 000

Re: Out of heap space while invoking a jar java8 but works fine when invoke the jar when run in java7 using Ent Cobol 4.2

[Mark Hiscock]

Hi Naz,

Out of memory errors in Java on Z can happen for a number of reasons. It 
could really be that you've run out of heap space but it could also be 
that LE has hit a problem with a z/OS limit.

Please can you provide more details about the exception message you get? 
For instance here's an OOM exception which actually means the MEMLIMIT of 
the address space is not large enough.

java.lang.OutOfMemoryError: Failed to create a thread: retVal -1073741830, 
errno 132 (0x84), errno2 -1055784930  (0xc112001e) 

Kind Regards, 

Mark
---
Mark Hiscock
z/OS Connect 
Phone: (+44)1962 818662
Email: mark.hisc...@uk.ibm.com
---



From:   Nazih Noujaim 
To: IBM-MAIN@LISTSERV.UA.EDU
Date:   04/06/2019 14:27
Subject:Out of heap  space while invoking a jar java8 but works 
fine when invoke the jar when run in java7 using Ent Cobol 4.2
Sent by:IBM Mainframe Discussion List 



HI  Everyone

I have an OO Cobol program that invokes a jar on USS using java v1.8, 31 
bit.  When I run over 250K calls, it runs out of memory. If the jar is 
created in java 7 and I compile/link/run the OO cobol pgm in Java 731, it 
runs fine.

I saw that there was some problems back in java 5 in the IBM sdk with OOM 
and was fixed but nothing recent. Is anyone aware of any similar issues 
with java 1.8? Is there any update to the JNI copy book whether you use v7 
or v8? Any different options in the JVM setup/Installation that I should 
ask about?

Here is my calling order:
NewStringPlatform
Invoke
GetStringPlatform
2 DeleteLocalRef  calls for the input and return string.


I haven't been able to find any links on diffs between 7 and 8?

TIA
Naz




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Single phase power connector to z114

[Christian Svensson]

Hi,

This may be an odd question. I bought an z114 and I'm trying to figure out
how to power it.
I've arrived that the single-configuration BPR I have should happily accept
any AC between 200V-600V, and I managed to buy two 41U0108 (one per A/B
power). The power consumption should come out to less than 3kW of power, so
16A 230V should be perfect.

The connector to the frame seems to be 3W+PE - i.e. no neutral, so my
thinking is that this is a delta-system.

Adding these facts together my thinking is that I should be able to route
my 230V mains like this:

   - PH-1: Mains L
   - PH-2: Mains N
   - PH-3: Unconnected
   - GND: Mains GND
   - Wire shield: Mains GND

This should emulate pretty closely a 3-phase US system with only one
working phase is my thinking, so should not be that unconventional from the
eyes of the BPR.

My question is: does this match the single phase cables that IBM provide to
these systems?
I am mostly interested in what the recommendation is to connect PH-3 to,
but leaving it unconnected seems to be the least risky.

Thanks!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: MVSCPCMD in batch

[John McKown]

On Tue, Jun 4, 2019 at 8:28 AM Tony Thigpen  wrote:

> By "crippled", it could be during early IPL or late shutdown.
>

It's been too long since I actually worked on VM (VM/XA actually!). I
remember setting up the MVS guest ID to IPL CMS and set things up using the
PROFILE EXEC. But there wasn't anything available for shutdown. I monitor
this forum mainly because I loved VM and still miss it.



>
> Tony Thigpen
>
> John McKown wrote on 6/4/19 8:20 AM:
> > On Mon, Jun 3, 2019 at 5:23 PM Tony Thigpen  wrote:
> >
> >> I would not convert it to LE.
> >>
> >> I have strong feelings that any system tool like this must be able to
> >> run in a crippled system with as little support from the OS as possible.
> >>
> >
> > Hum. I hadn't thought of running this in a "crippled" environment. I
> would
> > have imagined that I would be logged into the z/VM "console" for the z/OS
> > guest to interactively issue CP commands, rather than via TSO or batch.
> >
> >
> >
> >>
> >> As an opinion, I think that simple programs like this should not be
> >> converted to base-less programming either. One, there is no need and
> >> second, I believe that abend fixing is easier with a base address.
> >>
> >> KISS rules. :-)
> >>
> >
> > True. I think that baseless programming is actually simpler. But in a
> very
> > short routine like this one, it doesn't really make much of a difference.
> > Almost all of the "application" code that I write now is baseless, with
> R&I
> > instructions as well as LE enabled. Why LE? Because I can then use a lot
> of
> > LE routines as well a C language subroutines, such as "snprintf" (which
> is
> > wonderful to make nicely formatted messages). There are some nice ones. I
> > know that many still hate LE, but I have learned to love the pain.
> >
> >
> >
> >>
> >> I have no real opinion about making a unix command as I don't really use
> >> unix that much, but personally I would prefer that a unix user not have
> >> access to VM commands.
> >>
> >
> > I do a _LOT_ of z/OS UNIX shell scripting. I can do a UNIX shell script
> and
> > get an answer faster than writing a TSO REXX program. Why should a TSO
> user
> > have access, but not a UNIX user? I, personally, don't see any
> difference.
> > I like what I read from Mr. Elliot about using RACF to restrict access to
> > this program. Of course, this can be done implicitly done by putting the
> > code in a place where unauthorized user cannot access it. I.e. no access
> to
> > the STEPLIB or UNIX directory which contains the program.
> >
> >
> > Of course, for me, all of this is theoretical because I don't have access
> > to a z/VM system.
> >
> >
> >
> >>
> >> Tony Thigpen
> >>
> >>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


-- 
This is clearly another case of too many mad scientists, and not enough
hunchbacks.


Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Single phase power connector to z114

[Tony Thigpen]

We have done exactly what you are thinking using 30amp twist plugs.

Tony Thigpen

Christian Svensson wrote on 6/4/19 10:32 AM:

Hi,

This may be an odd question. I bought an z114 and I'm trying to figure out
how to power it.
I've arrived that the single-configuration BPR I have should happily accept
any AC between 200V-600V, and I managed to buy two 41U0108 (one per A/B
power). The power consumption should come out to less than 3kW of power, so
16A 230V should be perfect.

The connector to the frame seems to be 3W+PE - i.e. no neutral, so my
thinking is that this is a delta-system.

Adding these facts together my thinking is that I should be able to route
my 230V mains like this:

- PH-1: Mains L
- PH-2: Mains N
- PH-3: Unconnected
- GND: Mains GND
- Wire shield: Mains GND

This should emulate pretty closely a 3-phase US system with only one
working phase is my thinking, so should not be that unconventional from the
eyes of the BPR.

My question is: does this match the single phase cables that IBM provide to
these systems?
I am mostly interested in what the recommendation is to connect PH-3 to,
but leaving it unconnected seems to be the least risky.

Thanks!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Tom Marchant]

On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:

>noise and plenty of it.

PKB.

You have posted more to this thread than anyone else.

You have claimed that security is the main reason people stay on the 
mainframe, and posted a few articles that do not say what you claimed 
they say.

You have insisted several times that your MVS systems have never been 
hacked without providing any evidence or serious reasoning as to how 
you could know that. "40 years of experience" is not evidence. It's called 
appeal to authority, and it is a logical fallacy.

When your assertions are questioned, your response is to attack those 
who question you rather than provide evidence. Another logical fallacy.

-- 
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: MVSCPCMD in batch

[Tony Thigpen]

All my VSE systems are under VM, but all my z/OS systems run native. 
But, with VSE, there are some things I don't want to do before the "CP 
IPL xxx' statement in the profile exec, so I do them as early as 
possible in the VSE IPLs


Tony Thigpen

John McKown wrote on 6/4/19 10:43 AM:

On Tue, Jun 4, 2019 at 8:28 AM Tony Thigpen  wrote:


By "crippled", it could be during early IPL or late shutdown.



It's been too long since I actually worked on VM (VM/XA actually!). I
remember setting up the MVS guest ID to IPL CMS and set things up using the
PROFILE EXEC. But there wasn't anything available for shutdown. I monitor
this forum mainly because I loved VM and still miss it.





Tony Thigpen

John McKown wrote on 6/4/19 8:20 AM:

On Mon, Jun 3, 2019 at 5:23 PM Tony Thigpen  wrote:


I would not convert it to LE.

I have strong feelings that any system tool like this must be able to
run in a crippled system with as little support from the OS as possible.



Hum. I hadn't thought of running this in a "crippled" environment. I

would

have imagined that I would be logged into the z/VM "console" for the z/OS
guest to interactively issue CP commands, rather than via TSO or batch.





As an opinion, I think that simple programs like this should not be
converted to base-less programming either. One, there is no need and
second, I believe that abend fixing is easier with a base address.

KISS rules. :-)



True. I think that baseless programming is actually simpler. But in a

very

short routine like this one, it doesn't really make much of a difference.
Almost all of the "application" code that I write now is baseless, with

R&I

instructions as well as LE enabled. Why LE? Because I can then use a lot

of

LE routines as well a C language subroutines, such as "snprintf" (which

is

wonderful to make nicely formatted messages). There are some nice ones. I
know that many still hate LE, but I have learned to love the pain.





I have no real opinion about making a unix command as I don't really use
unix that much, but personally I would prefer that a unix user not have
access to VM commands.



I do a _LOT_ of z/OS UNIX shell scripting. I can do a UNIX shell script

and

get an answer faster than writing a TSO REXX program. Why should a TSO

user

have access, but not a UNIX user? I, personally, don't see any

difference.

I like what I read from Mr. Elliot about using RACF to restrict access to
this program. Of course, this can be done implicitly done by putting the
code in a place where unauthorized user cannot access it. I.e. no access

to

the STEPLIB or UNIX directory which contains the program.


Of course, for me, all of this is theoretical because I don't have access
to a z/VM system.





Tony Thigpen




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN






--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

You have posted more to this thread than anyone else.
False 
You have claimed that security is the main reason people stay on the 
mainframe, and posted a few articles that do not say what you claimed 
they say.
False, they all stated flatly security was a top 3 reason for staying on the 
platform.
You have insisted several times that your MVS systems have never been 
hacked without providing any evidence or serious reasoning as to how 
you could know that. "40 years of experience" is not evidence. It's called 
appeal to authority, and it is a logical fallacy.
Proving something that did not happen is simply impossible. YOU prove it did 
since you claim it has.
When your assertions are questioned, your response is to attack those 
who question you rather than provide evidence. Another logical fallacy.
I have been attacked numerous times.

Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
<000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:

On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:

>noise and plenty of it.

PKB.

You have posted more to this thread than anyone else.

You have claimed that security is the main reason people stay on the 
mainframe, and posted a few articles that do not say what you claimed 
they say.

You have insisted several times that your MVS systems have never been 
hacked without providing any evidence or serious reasoning as to how 
you could know that. "40 years of experience" is not evidence. It's called 
appeal to authority, and it is a logical fallacy.

When your assertions are questioned, your response is to attack those 
who question you rather than provide evidence. Another logical fallacy.

-- 
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Carmen Vitullo]

where are the forum monitors when you need them, I have nothing positive or 
negative to add the this run out thread, ok - NO ONE is 100% secure, is the 
IBM-MAIN or FACEBOOK - 
lets move this on PLEASE ! 



Carmen Vitullo 

- Original Message -

From: "Bill Johnson" <0047540adefe-dmarc-requ...@listserv.ua.edu> 
To: IBM-MAIN@LISTSERV.UA.EDU 
Sent: Tuesday, June 4, 2019 10:45:31 AM 
Subject: Re: Just how secure are mainframes? | Trevor Eddolls 

You have posted more to this thread than anyone else. 
False 
You have claimed that security is the main reason people stay on the 
mainframe, and posted a few articles that do not say what you claimed 
they say. 
False, they all stated flatly security was a top 3 reason for staying on the 
platform. 
You have insisted several times that your MVS systems have never been 
hacked without providing any evidence or serious reasoning as to how 
you could know that. "40 years of experience" is not evidence. It's called 
appeal to authority, and it is a logical fallacy. 
Proving something that did not happen is simply impossible. YOU prove it did 
since you claim it has. 
When your assertions are questioned, your response is to attack those 
who question you rather than provide evidence. Another logical fallacy. 
I have been attacked numerous times. 

Sent from Yahoo Mail for iPhone 


On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
<000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote: 

On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote: 

>noise and plenty of it. 

PKB. 

You have posted more to this thread than anyone else. 

You have claimed that security is the main reason people stay on the 
mainframe, and posted a few articles that do not say what you claimed 
they say. 

You have insisted several times that your MVS systems have never been 
hacked without providing any evidence or serious reasoning as to how 
you could know that. "40 years of experience" is not evidence. It's called 
appeal to authority, and it is a logical fallacy. 

When your assertions are questioned, your response is to attack those 
who question you rather than provide evidence. Another logical fallacy. 

-- 
Tom Marchant 

-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 



-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

>From the you can’t make this up department. Mr. Marchant agrees with me.

https://www.compuware.com/proving-z13-modern/

 

Talk of “modernization” of mainframe systems is often code for redesigning 
mainframe-based applications and implementing them to run on Windows, or less 
frequently, on Unix or Linux. None of these systems can match the security 
capabilities of modern mainframe operating systems.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
<000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:

On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:

>noise and plenty of it.

PKB.

You have posted more to this thread than anyone else.

You have claimed that security is the main reason people stay on the 
mainframe, and posted a few articles that do not say what you claimed 
they say.

You have insisted several times that your MVS systems have never been 
hacked without providing any evidence or serious reasoning as to how 
you could know that. "40 years of experience" is not evidence. It's called 
appeal to authority, and it is a logical fallacy.

When your assertions are questioned, your response is to attack those 
who question you rather than provide evidence. Another logical fallacy.

-- 
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

I agree. I’m out.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 11:50 AM, Carmen Vitullo  wrote:

where are the forum monitors when you need them, I have nothing positive or 
negative to add the this run out thread, ok - NO ONE is 100% secure, is the 
IBM-MAIN or FACEBOOK - 
lets move this on PLEASE ! 



Carmen Vitullo 

- Original Message -

From: "Bill Johnson" <0047540adefe-dmarc-requ...@listserv.ua.edu> 
To: IBM-MAIN@LISTSERV.UA.EDU 
Sent: Tuesday, June 4, 2019 10:45:31 AM 
Subject: Re: Just how secure are mainframes? | Trevor Eddolls 

You have posted more to this thread than anyone else. 
False 
You have claimed that security is the main reason people stay on the 
mainframe, and posted a few articles that do not say what you claimed 
they say. 
False, they all stated flatly security was a top 3 reason for staying on the 
platform. 
You have insisted several times that your MVS systems have never been 
hacked without providing any evidence or serious reasoning as to how 
you could know that. "40 years of experience" is not evidence. It's called 
appeal to authority, and it is a logical fallacy. 
Proving something that did not happen is simply impossible. YOU prove it did 
since you claim it has. 
When your assertions are questioned, your response is to attack those 
who question you rather than provide evidence. Another logical fallacy. 
I have been attacked numerous times. 

Sent from Yahoo Mail for iPhone 


On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
<000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote: 

On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote: 

>noise and plenty of it. 

PKB. 

You have posted more to this thread than anyone else. 

You have claimed that security is the main reason people stay on the 
mainframe, and posted a few articles that do not say what you claimed 
they say. 

You have insisted several times that your MVS systems have never been 
hacked without providing any evidence or serious reasoning as to how 
you could know that. "40 years of experience" is not evidence. It's called 
appeal to authority, and it is a logical fallacy. 

When your assertions are questioned, your response is to attack those 
who question you rather than provide evidence. Another logical fallacy. 

-- 
Tom Marchant 

-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 



-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Seymour J Metz]

Well, it's important to replace all of that COBOL code using a language like C 
that came out this decade. Oh, wait, it didn't. 

But didn't Multics have B1 before MVS did?

Reading the transcript I would have to assume that either the government is in 
the process of upgrading its 360/65 fleet to ES/9000 or that the author is 
inventing hisfacts out of the whole cloth. Tom was too kind.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
Bill Johnson <0047540adefe-dmarc-requ...@listserv.ua.edu>
Sent: Tuesday, June 4, 2019 11:55 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

>From the you can’t make this up department. Mr. Marchant agrees with me.

https://secure-web.cisco.com/1yL63m40iBCeQbG1WvmNZsrKa4FxGrXYc1ASKMXpNVzdwtqEkgBeRY3ZdRhqcYpE8x1EGH2oYCOAOaZ2bO_7UCfP3tVCijeenqLOIOeq4mRO5gAjMFyrW655_OndDRRXv6odsUjGx8U63qP3bZTyag1OE4FZs-eJeOB23r82elSblLxXJiu2Fh_IHTw21XRKd28yHEMzSPfBuKtUVSiyFfuGeaGjvjHHoXDdIpUQDoKoNszOoMM3Ar533ngeRAZ6trUZxEHPPYiskU5HZF_GQqM-hEUDOJDMBGXFyLw3zKUGwb_hECp5TXhm7GT2n576H_0c98_THsaujOvUko7S4PpkfbD9ZkQaxNo4pf6l9gFUTkzD-Mx19UmKzIMfs0HAbM4gr_mr1K2Ay7i-N7A-BtF1h8JktxkkDKEIiQ4yaS7ooLyoQlRDwtipt90OA9DNHxHsFGI0ASBqXUhnRS_pB1g/https%3A%2F%2Fwww.compuware.com%2Fproving-z13-modern%2F



Talk of “modernization” of mainframe systems is often code for redesigning 
mainframe-based applications and implementing them to run on Windows, or less 
frequently, on Unix or Linux. None of these systems can match the security 
capabilities of modern mainframe operating systems.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
<000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:

On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:

>noise and plenty of it.

PKB.

You have posted more to this thread than anyone else.

You have claimed that security is the main reason people stay on the
mainframe, and posted a few articles that do not say what you claimed
they say.

You have insisted several times that your MVS systems have never been
hacked without providing any evidence or serious reasoning as to how
you could know that. "40 years of experience" is not evidence. It's called
appeal to authority, and it is a logical fallacy.

When your assertions are questioned, your response is to attack those
who question you rather than provide evidence. Another logical fallacy.

--
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[Seymour J Metz]

What you're talking about is a COBOL interface to a REXX script, not a COBOL 
interface to SDSF. You've always been able to call REXX from COBOL, and there's 
no need to make the interface so complicated. What you can't do is to call SDSF 
directly with functionality equivalent to what you have from REXX.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
Mike Schwab 
Sent: Monday, June 3, 2019 4:49 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SDSF API question -- why only REXX & Java?

So, what I see that needs to be done to get this work done is:
Cobol program does its processing, calls a paragraph in itself.
This paragraph strings the needed information to a large character
data area in XML format.
variable1-name variable1-value
variable2-name variable2-value

etc.
It calls a program named CBL2REXX, written in C, with the REXX program
name and the data area as parameters.

Program CBL2REXX
Parses the XML area character by character.
When it gets to the end of variable1-name and variable1-value,
it creates the C variable named variable1-name with the value variable1-value.
Loops back to repeat for variable2-name and variable2-value until it
runs out of data.
Then it calls the REXX program name with the variables it has created.

The REXX program reads these variables and returns.

The CBL2REXX program then reads the updated variables and moves them
back to the large character area with the XML data and returns.

The calling program then parses the area to update the cobol
variables.  The paragraph ends and the work is done.

On Mon, Jun 3, 2019 at 7:33 PM Paul Gilmartin
<000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
>
> On Mon, 3 Jun 2019 17:23:35 +, Seymour J Metz wrote:
>
> >No, I mean that SDSF would have to accept a parameter for the associative 
> >array and have some way to update it. Only after IBM implements can can they 
> >provide for calling SDSF from COBOL. The hard part is updating SDSF.
> >
> Or bridge code to invoke SDSF with the (documented) Rexx interface;
> use IRXEXCOM to extract the values it sets and either set the corresponding
> COBOL variables or return a canonical form such as XML that COBOL could
> parse to populate an associative array.  SMOP, but no update to SDSF.
>
> I did something like that decades ago on CMS: I simulated a call from Rexx
> to SQL/DS; extracted values with EXECCOMM; and populated values in a
> Mainsail main program.  Mainsail was very friendly -- compiled in debug
> mode it made its symbol table (and compiler!) available to its foreign
> language, making it easy to use source language constructs to set host
> variables.
>
> Alas, when I last looked, Mainsail's domain name was for sale.
>
> 
> >From:  Clark Morris
> >Sent: Sunday, June 2, 2019 5:12 PM
> >
> >I assume you mean that a COBOL has to be able to CALL 'X' with a USING
> >or RETURNING phrase that has the right pointers to a associative array
> >and that COBOL has to be able to set up that array for either the
> >USING phrase of the call or the RETURNING phrase of the CALL.  ...
>
> -- gil
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[John McKown]

On Tue, Jun 4, 2019 at 11:15 AM Seymour J Metz  wrote:

> What you're talking about is a COBOL interface to a REXX script, not a
> COBOL interface to SDSF. You've always been able to call REXX from COBOL,
> and there's no need to make the interface so complicated. What you can't do
> is to call SDSF directly with functionality equivalent to what you have
> from REXX.
>

Which goes all the way back to my original question (I'm the OP). Why
doesn't IBM allow HLL access to SDSF functions like it does REXX and Java?
The only reason that I can think of is that REXX is closely associated with
TSO & ISPF. And Java is closely associated with "web applications", in
particular Websphere Application System (or whatever it's called now). So
IBM likely did not consider the development effort to make an LE compliant
set of routines available to be cost effective.


>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>
>
-- 
This is clearly another case of too many mad scientists, and not enough
hunchbacks.


Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Seymour J Metz]

Sounds like a combination of improper RACF configuration and vulnerabilities in 
various Unix components, both standard (FTP) and IBM (WebSphere). What's really 
disturbing is the total lack of cooperation from LE for nearly two weeks.

This sounds like a case where pen testing might have saved their bacon.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
Mike Schwab 
Sent: Monday, June 3, 2019 4:24 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

How was a mainframe breach detected?  A TSOID trying to access a ton
of files they didn't have access too.

(link to Share PDF 'how hackers breached a government (and a bank)' by
Soldier of Fortran below.)

https://secure-web.cisco.com/1diIq2WmycO9mehmrGwTzmCLbt_KnBvFyhZUCpwxPn1IJCNukCY1aIACm935ADVtNgQ9BnGX9-_ZdmbGpOW-TcEPkRJhzeWPGoSbE6hh0eyPTYszGh-l5PACE5jfh3KLIEM92oz5MCfblU9gLwz9KOrNzu4rB-BJiZOp1XgXRTyOp44a8f0Gw62Ko_399a6NHmu18r7MWMYFDYHTNIplgVtjRSyXA5P_actNC5qVVYdcyYw884CcRvKP2nm-uGgtNoh1YrZLN-0JFynfHDxhITKkKkxUu2KHzqoudEoI_Gh2277euHi3tQuHRVTaQDAppTa7sG9znc8p-gzGCtyFV8IdblA9wVXYVA7b-jG_EC8JUULO5R9q_IpGiE44_F95v8pJTpOBXDv-ZXkmlUMNgFV31lPRBO2M94sqX5PlH5svWBkyD-Ai0BeCBaNk5gys7/https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26cad%3Drja%26uact%3D8%26ved%3D2ahUKEwj9qtK9kc7iAhUN-6wKHaMpAewQFjAAegQIABAC%26url%3Dhttps%253A%252F%252Fshare.confex.com%252Fshare%252F124%252Fwebprogram%252FHandout%252FSession16982%252FHow%252520Hackers%252520Breached%252520a%252520Government%252520%28and%252520a%252520Bank%29.pdf%26usg%3DAOvVaw1lvSNyZEIct1DU7WLqm4hY

On Mon, Jun 3, 2019 at 4:42 PM Seymour J Metz  wrote:
>
> This whole thread has consistently confused several very different issues:
>
>  1. How secure is z/OS itself?
>
>  2. How secure is 3rd party software?
>
>  3. How secure is the typical shop running z/OS?
>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>
> 
> From: IBM Mainframe Discussion List  on behalf of 
> Clark Morris 
> Sent: Sunday, June 2, 2019 9:57 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Just how secure are mainframes? | Trevor Eddolls
>
> [Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main
> 0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>
> >He’s trying to sell his company’s security services. Something I thought was 
> >not allowed on this list.
> >
> Whether or not he is selling something and I don't read his posts that
> way, he is making some valid points. As a retired MVS (I was back in
> applications by the time z/OS was available) systems programmer, I am
> far more skeptical about the invulnerability of z/OS.  It is too easy
> to have decades old stuff still in a system in part because people
> don't know why it is there or are unaware of its existence.  How much
> effort is required for an installation to achieve even 95 percent of
> the invulnerability that is theoretically possible and keep that up.
> How many holes are left in the average shop  because people don't
> understand the implications of all of both IBM and vendor defaults
> where I will almost guarantee that there are at some defaults that
> leave a system open to hacking.  I think that it is difficult to
> understand all of the implications of an action.  Many shops may be
> running exits or other systems modifications that have worked for
> decades and because they work, no one has checked them to see if they
> have an unintended vulnerability.  I hope that none of my code that is
> on file 432 of the CBT Tape (Philips light mods) has any vulnerability
> but the thing that scares me is that I might not be smart enough to
> find it even if I was looking for it.  Good security isn't cheap. Z/OS
> may be the most secure starting base but it requires real effort to
> actually implement it with both good security and good usability. How
> much vulnerability is there in the test systems?  How much are the
> systems programmer sandboxes exposed to the outside world?  What
> uncertainties exist in systems vendor code?  Are organizations willing
> or able to periodically test their systems' vulnerabilities?  Can be
> secure does not mean is secure?
>
> Clark Morris
> >
> >Sent from Yahoo Mail for iPhone
> >
> >
> >On Sunday, June 2, 2019, 4:04 PM, Seymour J Metz  wrote:
> >
> >>  * As part of a APF authorized product there is a SVC or PC routine
> >>that when called will turn on the JSBCAUTH bit
> >
> >Ouch!
> >
> >If it's APF authorized then why does it need to do that? And why would you 
> >allow such a vendor in the door?
> >
> >Did you have a tool that discovered that the vendor's SVC turned on 
> >JSCBAUTH, or did you have to read the code like the rest of us?
>
> --
> For IBM-MAIN subscribe / signoff / archive access inst

Re: SDSF API question -- why only REXX & Java?

[Seymour J Metz]

> Can a program knowing none of this except that unknown members of X.
> have been manipulated discover with IRXEXCOM that:

Yes.

> IRXEXCOM can set Rexx variables.  Can't it create new ones simply by setting 
> them:

Of course. But you have to be running a REXX script in order to use IRXEXCOM.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu>
Sent: Monday, June 3, 2019 3:47 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SDSF API question -- why only REXX & Java?

On Mon, 3 Jun 2019 16:52:14 +, Seymour J Metz wrote:

>> I know of no documented interface, not even including EXECOM,
>>to extract a complete description of the data represented by a Rexx compound 
>>symbol.
>
>What's wrong with IRXEXCOM and IKJCT441?
>

Imagine that a black box, possibly Rexx, possibly a host command
interface has set unknown members of compound symbol X. in
unknown ways.  It might have done:
X. = 'Blanket'
X.PI = 3.14
Empty = ''
X.Empty = 'Vacuum'
drop X.WEIRD

Can a program knowing none of this except that unknown members of X.
have been manipulated discover with IRXEXCOM that:
There is a tail, 'PI' such that X.PI has value 3.14
There is a tail, null-string, such that the corresponding value of X. is 
'Vacuum'
There is a tail, 'WEIRD', such that the corresponding value of X. is 
undefined
For any other tail, the corresponding value of X. is 'Blanket'.

A similar question applies to STEMPUSH/STEMPULL.


>OTOH, there is no documented interface for a REXX variable pool not created by 
>REXX.
>
IRXEXCOM can set Rexx variables.  Can't it create new ones simply by setting 
them:

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Clark Morris]

[Default] On 4 Jun 2019 08:56:03 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>From the you can’t make this up department. Mr. Marchant agrees with me.
>
>https://www.compuware.com/proving-z13-modern/
>
Considering that he is writing for a mainframe systems software vendor
that provides APF authorized code, he has some interest in
perpetuating the mainframe.  Also RACF is a separately priced add-on
item>  Does IBM require that you license RACF or approved third party
equivalent as a condition of running z/OS?  Is there a mechanism for
third party vendors that provide software that runs APF authorized to
be somehow included in the statement of integrity or have recognized
equivalents?


I suspect that the data that was involved in the famous Target
retailer breach was residing on a mainframe and was gotten by using
credentials that were stolen from a supplier that had valid access to
the data.  I think the initial breach was at the supplier that was
probably not running a mainframe system.

Clark Morris 
>
>Talk of “modernization” of mainframe systems is often code for redesigning 
>mainframe-based applications and implementing them to run on Windows, or less 
>frequently, on Unix or Linux. None of these systems can match the security 
>capabilities of modern mainframe operating systems.
>
>
>Sent from Yahoo Mail for iPhone
>
>
>On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
><000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:
>
>On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:
>
>>noise and plenty of it.
>
>PKB.
>
>You have posted more to this thread than anyone else.
>
>You have claimed that security is the main reason people stay on the 
>mainframe, and posted a few articles that do not say what you claimed 
>they say.
>
>You have insisted several times that your MVS systems have never been 
>hacked without providing any evidence or serious reasoning as to how 
>you could know that. "40 years of experience" is not evidence. It's called 
>appeal to authority, and it is a logical fallacy.
>
>When your assertions are questioned, your response is to attack those 
>who question you rather than provide evidence. Another logical fallacy.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[John McKown]

On Tue, Jun 4, 2019 at 11:41 AM Seymour J Metz  wrote:

> > Can a program knowing none of this except that unknown members of X.
> > have been manipulated discover with IRXEXCOM that:
>
> Yes.
>
> > IRXEXCOM can set Rexx variables.  Can't it create new ones simply by
> setting them:
>
> Of course. But you have to be running a REXX script in order to use
> IRXEXCOM.
>

Hum, couldn't the program set up a REXX environment by using IRXINIT? Then
use IRXEXCOM to run an in-memory REXX program which uses the SDSF API. Use
IRXEXCOM to get & set the REXX variables. Finish up with IRXTERM. I'm just
asking, not saying it's possible.

https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.ikja300/dup0047.htm

https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.ikja300/execrtn.htm

https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.ikja300/varacc.htm

https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.ikja300/irxterm.htm




>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>

-- 
This is clearly another case of too many mad scientists, and not enough
hunchbacks.


Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[John McKown]

On Tue, Jun 4, 2019 at 11:53 AM John McKown 
wrote:

> On Tue, Jun 4, 2019 at 11:41 AM Seymour J Metz  wrote:
>
>> > Can a program knowing none of this except that unknown members of X.
>> > have been manipulated discover with IRXEXCOM that:
>>
>> Yes.
>>
>> > IRXEXCOM can set Rexx variables.  Can't it create new ones simply by
>> setting them:
>>
>> Of course. But you have to be running a REXX script in order to use
>> IRXEXCOM.
>>
>
> Hum, couldn't the program set up a REXX environment by using IRXINIT? Then
> use IRXEXEC to run an in-memory REXX program which uses the SDSF API. Use
> IRXEXCOM to get & set the REXX variables. Finish up with IRXTERM. I'm just
> asking, not saying it's possible.
>
>
> https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.ikja300/dup0047.htm
>
>
> https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.ikja300/execrtn.htm
>
>
> https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.ikja300/varacc.htm
>
>
> https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.ikja300/irxterm.htm
>
>
>
>
>>
>>
>> --
>> Shmuel (Seymour J.) Metz
>> http://mason.gmu.edu/~smetz3
>>
>
> --
> This is clearly another case of too many mad scientists, and not enough
> hunchbacks.
>
>
> Maranatha! <><
> John McKown
>


-- 
This is clearly another case of too many mad scientists, and not enough
hunchbacks.


Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

RACF comes with the OS. You turn it on and pay for it ONLY if you don’t have 
ACF2 or TSS. And RACF has approx 80% market share.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 12:52 PM, Clark Morris  wrote:

[Default] On 4 Jun 2019 08:56:03 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>From the you can’t make this up department. Mr. Marchant agrees with me.
>
>https://www.compuware.com/proving-z13-modern/
>
Considering that he is writing for a mainframe systems software vendor
that provides APF authorized code, he has some interest in
perpetuating the mainframe.  Also RACF is a separately priced add-on
item>  Does IBM require that you license RACF or approved third party
equivalent as a condition of running z/OS?  Is there a mechanism for
third party vendors that provide software that runs APF authorized to
be somehow included in the statement of integrity or have recognized
equivalents?


I suspect that the data that was involved in the famous Target
retailer breach was residing on a mainframe and was gotten by using
credentials that were stolen from a supplier that had valid access to
the data.  I think the initial breach was at the supplier that was
probably not running a mainframe system.

Clark Morris 
>
>Talk of “modernization” of mainframe systems is often code for redesigning 
>mainframe-based applications and implementing them to run on Windows, or less 
>frequently, on Unix or Linux. None of these systems can match the security 
>capabilities of modern mainframe operating systems.
>
>
>Sent from Yahoo Mail for iPhone
>
>
>On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
><000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:
>
>On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:
>
>>noise and plenty of it.
>
>PKB.
>
>You have posted more to this thread than anyone else.
>
>You have claimed that security is the main reason people stay on the 
>mainframe, and posted a few articles that do not say what you claimed 
>they say.
>
>You have insisted several times that your MVS systems have never been 
>hacked without providing any evidence or serious reasoning as to how 
>you could know that. "40 years of experience" is not evidence. It's called 
>appeal to authority, and it is a logical fallacy.
>
>When your assertions are questioned, your response is to attack those 
>who question you rather than provide evidence. Another logical fallacy.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

Not according to Target or any write ups I’ve read on it.


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 12:52 PM, Clark Morris  wrote:

[Default] On 4 Jun 2019 08:56:03 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>From the you can’t make this up department. Mr. Marchant agrees with me.
>
>https://www.compuware.com/proving-z13-modern/
>
Considering that he is writing for a mainframe systems software vendor
that provides APF authorized code, he has some interest in
perpetuating the mainframe.  Also RACF is a separately priced add-on
item>  Does IBM require that you license RACF or approved third party
equivalent as a condition of running z/OS?  Is there a mechanism for
third party vendors that provide software that runs APF authorized to
be somehow included in the statement of integrity or have recognized
equivalents?


I suspect that the data that was involved in the famous Target
retailer breach was residing on a mainframe and was gotten by using
credentials that were stolen from a supplier that had valid access to
the data.  I think the initial breach was at the supplier that was
probably not running a mainframe system.

Clark Morris 
>
>Talk of “modernization” of mainframe systems is often code for redesigning 
>mainframe-based applications and implementing them to run on Windows, or less 
>frequently, on Unix or Linux. None of these systems can match the security 
>capabilities of modern mainframe operating systems.
>
>
>Sent from Yahoo Mail for iPhone
>
>
>On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
><000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:
>
>On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:
>
>>noise and plenty of it.
>
>PKB.
>
>You have posted more to this thread than anyone else.
>
>You have claimed that security is the main reason people stay on the 
>mainframe, and posted a few articles that do not say what you claimed 
>they say.
>
>You have insisted several times that your MVS systems have never been 
>hacked without providing any evidence or serious reasoning as to how 
>you could know that. "40 years of experience" is not evidence. It's called 
>appeal to authority, and it is a logical fallacy.
>
>When your assertions are questioned, your response is to attack those 
>who question you rather than provide evidence. Another logical fallacy.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Seymour J Metz]

Well, the vendor could submit z/OS with their software installed for a security 
certification, but as I understand it that's very expensive and time consuming.

As for an ESM, there are a lot of facilities that won't work at all without one.

BTW, just because an application isn't APF authorized and therefore doesn't 
have an integrity vulnerability doesn't mean that it doesn't have a security 
vulnerability. If it has multiple users and allows one user unauthorized access 
to the data of another, ...


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
Clark Morris 
Sent: Tuesday, June 4, 2019 12:52 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

[Default] On 4 Jun 2019 08:56:03 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>From the you can’t make this up department. Mr. Marchant agrees with me.
>
>https://secure-web.cisco.com/1-whmwv7ULNYR1Hukwy-H5Q9Q_4xxNp8kYaDWfQ_GoMFseGBxwIbMwKs0Rrl3jVK6OBpw-WYyZ1DTl6RV2xyK9yJCovsG-dNbqIg9MfqXdV2KiPKR3uYau79LHXCF-Nlgif0qWny0y-5PPH78itFajSf0D4z9XPR_j98gYPV7f54LfqOplIiFdoIWHcjisX6FjYJwbr5vx-cQqOuqZ2mLaAMEvPvINJsmmpb8y3aO-5oTSLdgkJ1FTPeky66f4xtwpBr_sAsFYPYJWf-zdA0rKGzFmfub4Uk8u2tQ5hCnKwcwe-nd4194giBemlc5fxp9ZhDMwUeUYBPRVnYX-wEFF2aQ-FiHbP_uDuQbwAs-3kOE1PadBdfq_GC3vPqUVOhSzB4jLwb7bkAAdmDVs7hRAqJYH6HZqI5F1zVEdsss6CNcwwI1PYaI3qkTyxmEqOXjNU6W9fckIIXxrEHy2expkw/https%3A%2F%2Fwww.compuware.com%2Fproving-z13-modern%2F
>
Considering that he is writing for a mainframe systems software vendor
that provides APF authorized code, he has some interest in
perpetuating the mainframe.  Also RACF is a separately priced add-on
item>  Does IBM require that you license RACF or approved third party
equivalent as a condition of running z/OS?  Is there a mechanism for
third party vendors that provide software that runs APF authorized to
be somehow included in the statement of integrity or have recognized
equivalents?


I suspect that the data that was involved in the famous Target
retailer breach was residing on a mainframe and was gotten by using
credentials that were stolen from a supplier that had valid access to
the data.  I think the initial breach was at the supplier that was
probably not running a mainframe system.

Clark Morris
>
>Talk of “modernization” of mainframe systems is often code for redesigning 
>mainframe-based applications and implementing them to run on Windows, or less 
>frequently, on Unix or Linux. None of these systems can match the security 
>capabilities of modern mainframe operating systems.
>
>
>Sent from Yahoo Mail for iPhone
>
>
>On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
><000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:
>
>On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:
>
>>noise and plenty of it.
>
>PKB.
>
>You have posted more to this thread than anyone else.
>
>You have claimed that security is the main reason people stay on the
>mainframe, and posted a few articles that do not say what you claimed
>they say.
>
>You have insisted several times that your MVS systems have never been
>hacked without providing any evidence or serious reasoning as to how
>you could know that. "40 years of experience" is not evidence. It's called
>appeal to authority, and it is a logical fallacy.
>
>When your assertions are questioned, your response is to attack those
>who question you rather than provide evidence. Another logical fallacy.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

How target was hacked.
https://www.computerworld.com/article/2487425/target-breach-happened-because-of-a-basic-network-segmentation-error.html
 


Sent from Yahoo Mail for iPhone


On Tuesday, June 4, 2019, 12:52 PM, Clark Morris  wrote:

[Default] On 4 Jun 2019 08:56:03 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>From the you can’t make this up department. Mr. Marchant agrees with me.
>
>https://www.compuware.com/proving-z13-modern/
>
Considering that he is writing for a mainframe systems software vendor
that provides APF authorized code, he has some interest in
perpetuating the mainframe.  Also RACF is a separately priced add-on
item>  Does IBM require that you license RACF or approved third party
equivalent as a condition of running z/OS?  Is there a mechanism for
third party vendors that provide software that runs APF authorized to
be somehow included in the statement of integrity or have recognized
equivalents?


I suspect that the data that was involved in the famous Target
retailer breach was residing on a mainframe and was gotten by using
credentials that were stolen from a supplier that had valid access to
the data.  I think the initial breach was at the supplier that was
probably not running a mainframe system.

Clark Morris 
>
>Talk of “modernization” of mainframe systems is often code for redesigning 
>mainframe-based applications and implementing them to run on Windows, or less 
>frequently, on Unix or Linux. None of these systems can match the security 
>capabilities of modern mainframe operating systems.
>
>
>Sent from Yahoo Mail for iPhone
>
>
>On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
><000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:
>
>On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:
>
>>noise and plenty of it.
>
>PKB.
>
>You have posted more to this thread than anyone else.
>
>You have claimed that security is the main reason people stay on the 
>mainframe, and posted a few articles that do not say what you claimed 
>they say.
>
>You have insisted several times that your MVS systems have never been 
>hacked without providing any evidence or serious reasoning as to how 
>you could know that. "40 years of experience" is not evidence. It's called 
>appeal to authority, and it is a logical fallacy.
>
>When your assertions are questioned, your response is to attack those 
>who question you rather than provide evidence. Another logical fallacy.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[Seymour J Metz]

> Hum, couldn't the program set up a REXX environment by using IRXINIT? Then
> use IRXEXCOM to run an in-memory REXX program which uses the SDSF API. 

Of course. But, again, that's not a direct call from the COBOL code to SDSF.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
John McKown 
Sent: Tuesday, June 4, 2019 12:53 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SDSF API question -- why only REXX & Java?

On Tue, Jun 4, 2019 at 11:41 AM Seymour J Metz  wrote:

> > Can a program knowing none of this except that unknown members of X.
> > have been manipulated discover with IRXEXCOM that:
>
> Yes.
>
> > IRXEXCOM can set Rexx variables.  Can't it create new ones simply by
> setting them:
>
> Of course. But you have to be running a REXX script in order to use
> IRXEXCOM.
>

Hum, couldn't the program set up a REXX environment by using IRXINIT? Then
use IRXEXCOM to run an in-memory REXX program which uses the SDSF API. Use
IRXEXCOM to get & set the REXX variables. Finish up with IRXTERM. I'm just
asking, not saying it's possible.

https://secure-web.cisco.com/1mUUSj5JYl1bHqMOIcaK2IlHndRUtbXXCyUH10MDkmvVqQLxwfVgF0p65NATnsRAE3eS0BAC1xCQgucWAfVCiEzT8rWfQdpzdlhJPYhEw46R3HV0FPZ2hyW_h1gMKqZZyRpIIxTZR_Ww96sfALHbmsPPQXk2DD56nmFShhEh7wf3e3lBEfCh6UkfllzilsDWWTBfrf5niHZ0fNKq97KVBNEMyOodUvbzAO7dxABjwuRHuPg6eatbIFrLsUGgOAP97e9RFjXzJFnUBqor7hb6fLakUEw26XmVHXSi5eJceJ5oUGbrBFQFxlc1Vs1A_Zz6VEG4PP3wqMowHk3PzQfZSSOX-rJDfjGrRrILjiIZw9C3XCuXoJKusb8-u23-TgQlraGnDfaeG46BU3aXHCECz9EaB2f_Vaav5XPKZlIDLCYLhxXi4seKFoWQnbTJU8GZS/https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%2Fen%2FSSLTBW_2.3.0%2Fcom.ibm.zos.v2r3.ikja300%2Fdup0047.htm

https://secure-web.cisco.com/1K_JNC7FyByOJYCDhXVgHU5rLpUHluE1IpcMiOKOdlWM9oNsUSxecVuCB74CCEz9fwzTMSD4C4P-brAnjKMTMDabJAzr58NonbiXbSo5N4v2aTvGaRL3v6m1Fe1fGWt86qulsFbJzy278dWPvpmmsp7C03BEfiDfxiHkZnx-jzTuTEFFCMFxIxjTn7jnDzUkungeD4kKMtlHjm8DwIwHJeWqZot5lCfGRNvjaVl7PAAHkbK8WkPIK1vWRBDAGDwvZ0opmJR7Sf2TsVRValdltgr_5baKT3FQss3fePqe7suowRc3IPJpdnU4-uyITLSQF2XyKVMuTuH7HzJX6YV3coN2AMhQTFueetX2F9WBAkQwVx_PBsH_GhuLKGGVao2UuK2aWvOm2XIzG445EqeMnhoRlKp5T4GEIIXhUFbrR5-trdpfkUcRko8zQHeiY_9nC/https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%2Fen%2FSSLTBW_2.3.0%2Fcom.ibm.zos.v2r3.ikja300%2Fexecrtn.htm

https://secure-web.cisco.com/1zWTF6qwnKkfty31DqNGabYJTR5i-khdxqJPZYo49AqYQ5EWP9pU-1TAWXrRYEBObKtsFbCqFqPvSTNl9f_Vox35IisQX0-8O0gGz_NkK3ewn4S4VN6xOB3HHZoq79Gvx0O8lNoQXplAI0iKhyRuMlMvYw09aOH-XNPE6VidYTBWg1kSiv7RTzVDKMWQKIys5QOlB2lAFtgLMhUDmKafa3kLG43z7hd0xNGxe6u4yoLRjDIJNt_d1nDSedMUgIPwU7nKYAWx2jTWKuW4GXfyeCDsTpbmb_Nx1aBZj0W6BwbwxCDNO2748MtO9g6tdb_bNo8lwV1PK8S-je6OBSzhcr-zj9G1yVGTaN2W6dAk69HrsKdfRSZfR_mhFby91V4ATQcwQgyQ3uNZTsV_gI2rRh2ouN64L_z-s_0mjoqULxJT5jd7n8MVsQRmTO_mn59RQ/https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%2Fen%2FSSLTBW_2.3.0%2Fcom.ibm.zos.v2r3.ikja300%2Fvaracc.htm

https://secure-web.cisco.com/1eNWfob2tSq3fqh5qHbwM-y8qUMEwLkxfocRMnQ_URoNt-ICHZNPl3joz2pfBnFdRmtqwN9QnbC38GXaw0P27ABk6UM4faJUrQcIiZb-iImQDUktqAGCZtmdimxVKLBTN8sb3kORc8oT16D5uUEpOaghSfo30LnFrjP2amKWmkOXuWB9UCnOTvax_uipBR8GWjhHPwJvzjHxLSh6knBJjF4sJGCRpbD1HwvVMTAOJ7ruvYVpKaOm2YbBCBTUdzHQO_pKD4BDJ0iJsAV2zH8PaWnwEUx_DZornQh7Fm8pJE2SRfy5Wrl_M6OmZUZaAMCnM-DfUVe8mOlk9hfKRxBEsV71CNLcLe7cgI3SBfSWXQ625Teh4vHjws38zM6egsvI_CZXTQpQV2K6RxbEeqiij0pWR8vc99HMVtfzzoBHALBKktgo6MSHj9seHT1VgdCR6/https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%2Fen%2FSSLTBW_2.3.0%2Fcom.ibm.zos.v2r3.ikja300%2Firxterm.htm




>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>

--
This is clearly another case of too many mad scientists, and not enough
hunchbacks.


Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[Paul Gilmartin]

On Tue, 4 Jun 2019 16:40:47 +, Seymour J Metz wrote:

>> Can a program knowing none of this except that unknown members of X.
>> have been manipulated discover with IRXEXCOM that:
> 
>Yes.
>
How, after "... a stem is used as the target of an assignment [and] all 
possible compound variables
whose names begin with that stem receive the new value ..." (TSO Rexx 
reference) and a random
symbol with that stem is then dropped, does IRXEXCOM report the otherwise 
unidentified tail?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Bill Johnson]

 Bad link
https://www.computerworld.com/article/2487425/target-breach-happened-because-of-a-basic-network-segmentation-error.html


On Tuesday, June 4, 2019, 12:53:11 PM EDT, Clark Morris 
 wrote:  
 
 [Default] On 4 Jun 2019 08:56:03 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:

>From the you can’t make this up department. Mr. Marchant agrees with me.
>
>https://www.compuware.com/proving-z13-modern/
>
Considering that he is writing for a mainframe systems software vendor
that provides APF authorized code, he has some interest in
perpetuating the mainframe.  Also RACF is a separately priced add-on
item>  Does IBM require that you license RACF or approved third party
equivalent as a condition of running z/OS?  Is there a mechanism for
third party vendors that provide software that runs APF authorized to
be somehow included in the statement of integrity or have recognized
equivalents?


I suspect that the data that was involved in the famous Target
retailer breach was residing on a mainframe and was gotten by using
credentials that were stolen from a supplier that had valid access to
the data.  I think the initial breach was at the supplier that was
probably not running a mainframe system.

Clark Morris 
>
>Talk of “modernization” of mainframe systems is often code for redesigning 
>mainframe-based applications and implementing them to run on Windows, or less 
>frequently, on Unix or Linux. None of these systems can match the security 
>capabilities of modern mainframe operating systems.
>
>
>Sent from Yahoo Mail for iPhone
>
>
>On Tuesday, June 4, 2019, 10:45 AM, Tom Marchant 
><000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:
>
>On Tue, 4 Jun 2019 00:01:01 +, Bill Johnson wrote:
>
>>noise and plenty of it.
>
>PKB.
>
>You have posted more to this thread than anyone else.
>
>You have claimed that security is the main reason people stay on the 
>mainframe, and posted a few articles that do not say what you claimed 
>they say.
>
>You have insisted several times that your MVS systems have never been 
>hacked without providing any evidence or serious reasoning as to how 
>you could know that. "40 years of experience" is not evidence. It's called 
>appeal to authority, and it is a logical fallacy.
>
>When your assertions are questioned, your response is to attack those 
>who question you rather than provide evidence. Another logical fallacy.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[Seymour J Metz]

If you drop foo. and don't set any new values for, e.g., foo.bar, then a 
request for N (next) will return only foo. I wouldn't expect drop foo.baz to 
change that.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu>
Sent: Tuesday, June 4, 2019 1:04 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SDSF API question -- why only REXX & Java?

On Tue, 4 Jun 2019 16:40:47 +, Seymour J Metz wrote:

>> Can a program knowing none of this except that unknown members of X.
>> have been manipulated discover with IRXEXCOM that:
>
>Yes.
>
How, after "... a stem is used as the target of an assignment [and] all 
possible compound variables
whose names begin with that stem receive the new value ..." (TSO Rexx 
reference) and a random
symbol with that stem is then dropped, does IRXEXCOM report the otherwise 
unidentified tail?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Seymour J Metz]

Agile: doing the wrong thing quickly


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
ITschak Mugzach 
Sent: Monday, June 3, 2019 2:59 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Just how secure are mainframes? | Trevor Eddolls

Have no idea about MultiCS, but can comment on 2 & 3 as I've seen many
installations here and in EU.

   1. The best way is to check the product after it was installed by the
   sysprog. I noticed that some of them skip installation steps. When it comes
   to products that depend on USS, it can be a vendor issue as well. for
   example, many vendors, including IBM, set wrong UMASK. almost all new
   products i examined, usually in a pre-prod assessment, depend on USS.
   2. many organizations has a single source for distributing software,
   usually the system's sandbox. that mean, that you must protect the sandbox
   at last as production clones, because if someone can access your SMP and
   target libraries, a zero day (not zero, but one you haven't applied fix for
   yet) can be exploit in production.
   3. BTW, I am seeing move to agile development, but usually there is no
   security expert between the team members. these people are rare...


Don't buy anything from me!
ITschak

On Mon, Jun 3, 2019 at 9:29 PM Clark Morris  wrote:

> [Default] On 3 Jun 2019 09:41:54 -0700, in bit.listserv.ibm-main
> sme...@gmu.edu (Seymour J Metz) wrote:
>
> >This whole thread has consistently confused several very different issues:
>
> I agree and have questions in each of the areas.
> >
> > 1. How secure is z/OS itself?
>
> I recall reading that Multics was more secure than the concurrent MVS
> was at the time and wonder if that would have been a better base going
> forward.  Does the design of z/OS and the tools for implementation
> make it more difficult to create and maintain a secure system?  How
> secure are VM and TPF relative to z/OS? Does anyone have a feel for
> how secure and securable the Unisys and any other mainframe operating
> systems are relative to z/OS?
> >
> > 2. How secure is 3rd party software?
>
> 30 years ago people were complain about some of the holes in CA
> software.  While much has changed and I assume those holes were
> plugged long ago, the question remains as to how we evaluate 3rd party
> software that by its nature has to have system hooks and run APF
> authorized and / or key zero (system monitors, tape management
> systems, etc.)?  Could and should changes to z/OS be made that would
> allow some of this software run unauthorized and key 8? How much
> vulnerability do we introduce by having such things as monitors,
> report management systems, etc?  How much security and vulnerability
> is at the application level where it is the application that has to
> determine whether access is authorized (online banking anyone)?
> >
> > 3. How secure is the typical shop running z/OS?
>
> Given the need to consider security at not only the operating system
> level but also the application level and the number of things that
> have to be controlled, I suspect that most organizations are less
> secure than they think they are.  The problem starts with keeping the
> authorities that people have current as they change roles in an
> organization and leave that organization.  Are the test system as
> secure as the production systems?  Have all of the people involved
> including operators, people doing report distribution, application
> developers and maintainers etc. been properly vetted?  How do we
> monitor to make sure people haveen't been compromised?  The list goes
> on.
>
> Clark Morris
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **|  *

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[John McKown]

On Tue, Jun 4, 2019 at 12:03 PM Seymour J Metz  wrote:

> > Hum, couldn't the program set up a REXX environment by using IRXINIT?
> Then
> > use IRXEXCOM to run an in-memory REXX program which uses the SDSF API.
>
> Of course. But, again, that's not a direct call from the COBOL code to
> SDSF.
>

Very true. Workable, but a bit of a pain in the posterior.


>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>

-- 
This is clearly another case of too many mad scientists, and not enough
hunchbacks.


Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[Paul Gilmartin]

On Tue, 4 Jun 2019 17:14:17 +, Seymour J Metz wrote:

>If you drop foo. and don't set any new values for, e.g., foo.bar, then a 
>request for N (next) will return only foo. I wouldn't expect drop foo.baz to 
>change that.
>
I am wondering about the case where e.g. I:
foo. = 'Blanket'
drop foo.baz

How does IRXEXCOM report to a caller that foo.baz has been dropped?

I might embellish this with:
foo. = 'Blanket'
moth = random( 1, 9 )
drop foo.moth
drop moth

Now I no longer know which compound symbol I dropped.  How does IRXEXCOM
tell me a hole has been eaten in my blanket?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[Seymour J Metz]

IREXCOM has no interface for reporting that a variable has been dropped. All 
that it can do is to return the variables that are still known. The statement   
  foo. = 'Blanket' does not create any variable other than foo., even though 
requesting the value of foo.baz will give you Blanket.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu>
Sent: Tuesday, June 4, 2019 1:32 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SDSF API question -- why only REXX & Java?

On Tue, 4 Jun 2019 17:14:17 +, Seymour J Metz wrote:

>If you drop foo. and don't set any new values for, e.g., foo.bar, then a 
>request for N (next) will return only foo. I wouldn't expect drop foo.baz to 
>change that.
>
I am wondering about the case where e.g. I:
foo. = 'Blanket'
drop foo.baz

How does IRXEXCOM report to a caller that foo.baz has been dropped?

I might embellish this with:
foo. = 'Blanket'
moth = random( 1, 9 )
drop foo.moth
drop moth

Now I no longer know which compound symbol I dropped.  How does IRXEXCOM
tell me a hole has been eaten in my blanket?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Tech Forums for Adabas ?

[Peter]

Hi

Is there a technical discussion forum for Adabas(Mainframe).

Please share the link if possible.


Regards
Peter

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[Paul Gilmartin]

On Tue, 4 Jun 2019 17:48:18 +, Seymour J Metz wrote:

>IREXCOM has no interface for reporting that a variable has been dropped. All 
>that it can do is to return the variables that are still known. The statement  
>   foo. = 'Blanket' does not create any variable other than foo., even though 
>requesting the value of foo.baz will give you Blanket.
> 
IOW, IRXEXCOM can not report fully the state of all compound symbols
having a given stem.  I consider this notionally a deficiency in a facility
which is otherwise useful for enumeration of an associative array.  Yes,
I know it obeys its own documentation (WAD).  The design is incomplete.

I suspect STEMPUSH and STEMPULL employ IRXEXCOM, so the pair can
not exactly copy one stem to another.

>foo. = 'Blanket' does not create any variable other than foo. ...
>
I'll disagree with that.  From the Ref.:
Further, when a stem is used as the target of an assignment, all possible
compound variables whose names begin with that stem receive the new value, 
...
So, foo. = "Blanket" does create foo.baz assigning it the value 'Blanket'.

Note that the Ref. avoids mentioning "default" which is commonly and
incorrectly used in informal discourse.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tech Forums for Adabas ?

[Carmen Vitullo]

I think there's a forum on 
http://www.ibmmainframeforum.com/ 





Carmen Vitullo 

- Original Message -

From: "Peter"  
To: IBM-MAIN@LISTSERV.UA.EDU 
Sent: Tuesday, June 4, 2019 12:59:14 PM 
Subject: Tech Forums for Adabas ? 

Hi 

Is there a technical discussion forum for Adabas(Mainframe). 

Please share the link if possible. 


Regards 
Peter 

-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Just how secure are mainframes? | Trevor Eddolls

[Tom Marchant]

On Tue, 4 Jun 2019 13:52:27 -0300, Clark Morris wrote:

>Is there a mechanism for
>third party vendors that provide software that runs APF authorized to
>be somehow included in the statement of integrity or have recognized
>equivalents?

Other vendors are free to issue their own statements of integrity. 
IBM makes no statements about other vendors commitments to 
system integrity. The IBM statement for z/OS can be found at
https://www.ibm.com/downloads/cas/OWGOKG40 

It is up to customers to evaluate all of their vendors' commitments to 
system integrity. 

-- 
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Tech Forums for Adabas ?

[Bruce Lightsey]

Software AG Discussion List 



Bruce Lightsey
Database Manager
MS Department of Information Technology Services
601-432-8144 | www.its.ms.gov

DISCLAIMER: This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed. If you have received this email in error please notify the system 
manager. This message contains confidential information and is intended only 
for the individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Carmen Vitullo
Sent: Tuesday, June 4, 2019 1:14 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Tech Forums for Adabas ?

I think there's a forum on 
http://www.ibmmainframeforum.com/ 





Carmen Vitullo 

- Original Message -

From: "Peter"  
To: IBM-MAIN@LISTSERV.UA.EDU 
Sent: Tuesday, June 4, 2019 12:59:14 PM 
Subject: Tech Forums for Adabas ? 

Hi 

Is there a technical discussion forum for Adabas(Mainframe). 

Please share the link if possible. 


Regards 
Peter 

-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SDSF API question -- why only REXX & Java?

[Seymour J Metz]

> IOW, IRXEXCOM can not report fully the state of all compound 
> symbols having a given stem. 

Not even close: in fact, the exact opposite of what you wrote. IREXCOM with the 
N option reports fully on all variables that have been set and not dropped. 
You're misreading the text, and "default value" is indeed how it works. 
Otherwise the largest machine in existence wouldn't have enough memory to hold 
the symbol table.

Now, if you want an interface to report on all compound variable with a given 
stem that you could set, the sun will go nova before it completes.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List  on behalf of 
Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu>
Sent: Tuesday, June 4, 2019 2:11 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SDSF API question -- why only REXX & Java?

On Tue, 4 Jun 2019 17:48:18 +, Seymour J Metz wrote:

>IREXCOM has no interface for reporting that a variable has been dropped. All 
>that it can do is to return the variables that are still known. The statement  
>   foo. = 'Blanket' does not create any variable other than foo., even though 
>requesting the value of foo.baz will give you Blanket.
>
IOW, IRXEXCOM can not report fully the state of all compound symbols
having a given stem.  I consider this notionally a deficiency in a facility
which is otherwise useful for enumeration of an associative array.  Yes,
I know it obeys its own documentation (WAD).  The design is incomplete.

I suspect STEMPUSH and STEMPULL employ IRXEXCOM, so the pair can
not exactly copy one stem to another.

>foo. = 'Blanket' does not create any variable other than foo. ...
>
I'll disagree with that.  From the Ref.:
Further, when a stem is used as the target of an assignment, all possible
compound variables whose names begin with that stem receive the new value, 
...
So, foo. = "Blanket" does create foo.baz assigning it the value 'Blanket'.

Note that the Ref. avoids mentioning "default" which is commonly and
incorrectly used in informal discourse.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

LHH oddity

[Peter Bishop]

This may be better posted elsewhere but I thought I'd start here.

Here's the code running on a model 2828, hopefully it formats OK.  This is just 
a very basic test and not intended for production, just to try and experiment 
with some new instructions.

BASR 12,0  
USING *,12 
   open  (sysprint,OUTPUT)  open the dump file 
   snap  dcb=sysprint,id=1,  + 
 PDATA=(REGS,PSW)  
   lhi   7,256 
   llihf 8,256 
   sr9,9   
   lhh   9,2   
   snap  dcb=sysprint,id=2,  + 
 PDATA=(REGS,PSW)  
   close sysprint  
   BR14 return 
drop 12
  SYSPRINT dcb   ddname=SYSPRINT,+ 
 dsorg=PS,recfm=VBA,macrf=(W),blksize=1632,lrecl=125   


The question is:  why does the LHH never get executed?  I tried using 
MACHINE(ZS-6) but it still somehow goes from the SR straight to the SNAP.  I 
was expecting an operation exception if the opcode was invalid, or an access 
exception if I didn't have addressability to the second operand.  I even 
single-stepped with Xpediter, which stepped right past the LHH as if it wasn't 
there.

The SNAPs before and after show registers 7 and 8 as expected, but not 9 which 
remains all zeroes.  Obviously I've failed to understand something very basic.  
Here's the snap after the LHH

  64-BIT GPR VALUES 
   
  0-3   0048 80007044 0040
 009D3D6C
  4-7   009D3D48 009F8588 009BCFC8
 0100
  8-11 0100   
 
 12-15  7002 6008 80FD76C0
 

Would love to know why the LHH isn't working as expected.  My reading of POps 
leads me to think that R9 should be 0002  but I must be reading it 
wrong.

I was trying to find which document says which facilities are on which machine, 
but the POps wasn't really helpful:  although it describes the facilities in 
detail it is not clear which models have which facility, in particular which 
have the "high-word facility" that provides LHH and its ilk.

Thanks in advance for any insight you can offer.

best regards,
Peter

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: LHH oddity

[Mikael Nystrom]

The format of LHH is LHH  R1,D2(X2,B2). What you get is the halfword at address 
2.

Mikael Nyström 
Core Ledger
SEB
Phone: +46 70 739 48 55
Switchboard: +46 771 62 10 00
Postal Address: A-B9, SE-106 40 Stockholm, Sweden 
Office Address: Stjarntorget 4 
E-mail: mikael.nyst...@seb.se 
www.seb.se 
 Please consider the environment before printing this e-mail
CONFIDENTIALITY NOTICE
This e-mail is confidential and may contain legally privileged information. If 
you have received it by mistake, please inform us by reply e-mail and then 
delete it (including any attachments) from your system; you should not copy it 
or in any other way disclose its content to anyone. E-mail is susceptible to 
data corruption, interception, unauthorised amendment, tampering and virus. We 
do not accept liability for any such actions or the consequences thereof. 

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Peter Bishop
Sent: den 5 juni 2019 06:30
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: LHH oddity

This may be better posted elsewhere but I thought I'd start here.

Here's the code running on a model 2828, hopefully it formats OK.  This is just 
a very basic test and not intended for production, just to try and experiment 
with some new instructions.

BASR 12,0  
USING *,12 
   open  (sysprint,OUTPUT)  open the dump file 
   snap  dcb=sysprint,id=1,  + 
 PDATA=(REGS,PSW)  
   lhi   7,256 
   llihf 8,256 
   sr9,9   
   lhh   9,2   
   snap  dcb=sysprint,id=2,  + 
 PDATA=(REGS,PSW)  
   close sysprint  
   BR14 return 
drop 12
  SYSPRINT dcb   ddname=SYSPRINT,+ 
 dsorg=PS,recfm=VBA,macrf=(W),blksize=1632,lrecl=125   


The question is:  why does the LHH never get executed?  I tried using 
MACHINE(ZS-6) but it still somehow goes from the SR straight to the SNAP.  I 
was expecting an operation exception if the opcode was invalid, or an access 
exception if I didn't have addressability to the second operand.  I even 
single-stepped with Xpediter, which stepped right past the LHH as if it wasn't 
there.

The SNAPs before and after show registers 7 and 8 as expected, but not 9 which 
remains all zeroes.  Obviously I've failed to understand something very basic.  
Here's the snap after the LHH

  64-BIT GPR VALUES 
   
  0-3   0048 80007044 0040
 009D3D6C
  4-7   009D3D48 009F8588 009BCFC8
 0100
  8-11 0100   
 
 12-15  7002 6008 80FD76C0
 

Would love to know why the LHH isn't working as expected.  My reading of POps 
leads me to think that R9 should be 0002  but I must be reading it 
wrong.

I was trying to find which document says which facilities are on which machine, 
but the POps wasn't really helpful:  although it describes the facilities in 
detail it is not clear which models have which facility, in particular which 
have the "high-word facility" that provides LHH and its ilk.

Thanks in advance for any insight you can offer.

best regards,
Peter

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: LHH oddity

[Peter Bishop]

Thanks Mikael,

I changed the code to 

   lhh   9,h2  

and

H2   dch'2'


And now can see the expected value 0002  in R9, at least from SNAP, 
so I'm happy enough.

Still odd that Xpediter appears to "step over" it without executing it, but 
without Xpediter I get the results I expect so I'm good to go in spite of this 
doubt.  Very rusty on Xpediter, may have to RTFM some more...

cheers,
Peter

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN