Re: AT-TLS FTP to RedHat 9 wsftp server

2025-01-26 Thread Charles Mills
Hand-editing is the only way I have ever configured AT-TLS, so

a. It's not hard. Anyone with any kind of coding background should find it a 
piece of cake. Consult the documentation. The parameters are not entirely 
intuitive nor consistent.

b. No idea whether the changes would be preserved if you went back to the GUI.

Charles

On Sun, 26 Jan 2025 08:17:11 -0800, Ed Jaffe  
wrote:

>On 1/26/2025 7:54 AM, Ed Jaffe wrote:
>>
>> The "key share group list" described above is being passed by z/OS as
>> the singular value "secp521r1". It would be great if we could figure
>> out how to make it send an actual list of group names that also
>> includes "secp256r1" (the only one supported by the RedHat 9 wsftp
>> server), but so far we haven't been able to figure out how to do that.
>
>I found the part of the policy specification that needs to be expanded,
>but I can't find how to change it using the Network Configuration
>Assistant. "Advanced Settings" under the "Rules" dialog has a tab called
>"Handshake," but it does not offer anything related to the list of
>groups that's offered.
>
>TTLSSignatureParms    sig1~AT-TLS__Platinum_with_TLS1.
>{
>   ClientECurves   secp521r1
>   SignaturePairs TLS_SIGALG_SHA256_WITH_RSASSA_PSS
>   SignaturePairs TLS_SIGALG_SHA384_WITH_RSASSA_PSS
>   SignaturePairs TLS_SIGALG_SHA512_WITH_RSASSA_PSS
>}
>TTLSSignatureParms    sig2~AT-TLS__Platinum_with_TLS1.
>{
>   ClientECurves   secp521r1
>}
>
>Should I hand-edit this file to specify the additional curve? Never did
>that before, but I can try.
>
>Will those settings be preserved if I edit with the NCA later after
>making manual updates? Or will I lose everything?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Mainframe physical tape backup

2025-01-26 Thread Timothy Sipples
There’s some incorrect (or at least out of date) information in this thread. 
(I’ll try again!)

The IBM TS7700 also supports the IBM TS4300 tape library via Feature Code 5995 
(previously via RPQ). Both are available for rack mounted installation. Please 
refer to this whitepaper for details:

https://www.ibm.com/support/pages/node/7008411

—
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity
IBM Z/LinuxONE, Asia-Pacific
sipp...@sg.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Explanation of TCBPFK

2025-01-26 Thread Joseph Reichman
Hi 

I am trying to hunt down a S0C4 pic 4 

So I did a MODESET MODE=SUP,KEY=ZERO

I ended up with the ABEND I stated 

My first question what exactly is TCBPFK used in my situation with executing 
the modeset 
The value of TCBPFK was X’80’

Which the documentation says is user key 

My guess the modeset changed the value of the RBOPSW  is there any way besides 
actually changing storage value of TCBPFK 

To change TCB key or I guess TCBPFK to zero

Thanks 
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: OMVS

2025-01-26 Thread Seymour J Metz
Yes, the company is Kern but the shells are bash, bourne, c, z, not all 
available in the first release; there is no kern shell.

--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר




From: IBM Mainframe Discussion List  on behalf of 
Mike Schwab <05962a42dc49-dmarc-requ...@listserv.ua.edu>
Sent: Sunday, January 26, 2025 3:26 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: OMVS

External Message: Use Caution


IBM
Licensed Material - Property of IBM
5694-A01 Copyright IBM Corp. 1993, 2011
(C) Copyright *Mortice Kern* Systems, Inc., 1985, 1996.
(C) Copyright Software Development Group, University of Waterloo, 1989.

All Rights Reserved.

U.S. Government Users Restricted Rights
Use, duplication or disclosure restricted by
GSA ADP Schedule Contract with IBM Corp.

IBM is a registered trademark of the IBM Corp.


On Sun, Jan 26, 2025 at 12:51 PM Paul Gilmartin <
042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:

> On Sun, 26 Jan 2025 18:12:01 +0100, Radoslaw Skorupka  wrote:
> >...
> >> How does Kern shell compare with Bourne shell and POSIX shell?
> >>
> >> A quick Google search for "Kern shell" returns mostly pages about
> >> psychology or thermal engineering.
> >
> >Obvious typo. Was it funny?
> >
> More than I care to know about heat exchangers.
>
> >https://en.wikipedia.org/wiki/KornShell
> >
> And I doubt that I mistyped.  I copied "Kern shell" with mouse from
> an earlier ply and pasted directly into the query string.
>
> And there seems to be a passing reference in an IBM page:
> <
> https://www.ibm.com/docs/en/zos/3.1.0?topic=procedures-accessing-unix-system-services-zos-unix-shell
> >
>
> -- gil
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CBTView ISPF Dialog - quick survey/question

2025-01-26 Thread Paul Gilmartin
On Sun, 26 Jan 2025 14:30:02 -0600, Lionel B Dyck wrote:

>wget could work for the files but i need to use curl to get the file
>date as wget can't and for getting files there isn't much difference
>so i'm sticking with curl for consistency.
>
In 


Someone contrived to fetch the headers and-output-to-dev-nul.
I didn't notice whether this bypassed the transfer.

But why bother, since curl provides for conditional fetch of
outdated files?

Would you keep the  archive in zFS, PDSE, or other?  For which
of these would timestamp granularity be fine enough for conditional
download?

cbttape.org appears to supply ETag values.  Would those better?

>but thank you as that was a path i did look at.
>
>On Sun, Jan 26, 2025 at 1:36 PM Seymour J Metz wrote:
>>
>> What about wget?

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: z/OS 2.1 & 2.2 on z16?

2025-01-26 Thread Brian Westerman
I got an email from Peter that shows that some users don't get to see the ID, 
so I'll put mine here, but formatted so that AI will ahve a harder time 
scraping it for use

Brian(underscore)Westerman(at)SyzygyInc(dot)com 

I'm sorry that I didn't realize that not all members can see it.

Brian

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Explanation of TCBPFK

2025-01-26 Thread Seymour J Metz
Way back in the dawn of history, IBM did something that appalled me, and you 
are the latest victim. While for other S0Cx ABENDs the last digit identifies 
the program interrupt code, for S0C4 there are multiple possible interrupt 
code, and 0004 is not the most common. Most likely you got a 0010 or 0011, or 
the Z equivalent.

-- 
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר




From: IBM Mainframe Discussion List  on behalf of 
Joseph Reichman <05812645a43c-dmarc-requ...@listserv.ua.edu>
Sent: Sunday, January 26, 2025 8:57 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Explanation of TCBPFK

External Message: Use Caution


Hi

I am trying to hunt down a S0C4 pic 4

So I did a MODESET MODE=SUP,KEY=ZERO

I ended up with the ABEND I stated

My first question what exactly is TCBPFK used in my situation with executing 
the modeset
The value of TCBPFK was X’80’

Which the documentation says is user key

My guess the modeset changed the value of the RBOPSW  is there any way besides 
actually changing storage value of TCBPFK

To change TCB key or I guess TCBPFK to zero

Thanks
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Two related C macro questions

2025-01-26 Thread Andrew Mattingly
I would draw your attention to the __LIBREL__ and __TARGET_LIB__ macros 
(https://www.ibm.com/docs/en/zos/3.1.0?topic=cpm-general-macros) and the 
__librel() library function 
(https://www.ibm.com/docs/en/zos/3.1.0?topic=reference-library-functions).  It 
might be better to use one of these, depending on the effect you want to 
achieve.

I would also note that the ftime() function and timeb structure are deprecated. 
 You are better off using time64(), which has been available since z/OS 2.1 (or 
possibly earlier), then you wouldn't need to test the operating system/library 
level.

Regards
Andrew.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: OMVS

2025-01-26 Thread Seymour J Metz
I looked at  and it doesn't mention  
lern sheell. Further, "InterOpen/XPG4 Posix shell" implies that MKS implemented 
an existing shell (presumably Bourne) rather than a new one.

--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר




From: IBM Mainframe Discussion List  on behalf of 
Attila Fogarasi <05b6fee9abb7-dmarc-requ...@listserv.ua.edu>
Sent: Sunday, January 26, 2025 5:38 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: OMVS

External Message: Use Caution


Kern shell was a Posix shell, here is some detail from 1994 ...  Canadian
Posix and X Open Portability Guide specialist Mortice Kern Systems Inc has
won its third account with IBM Corp. This time Big Blue has licensed *Mortice
Kern’s InterOpen/XPG4 Posix shell (commands) and utilities* for version 2
of the VM/ESA 3090 mainframe operating system released last week. The
standards have already been applied to MVS; an OS/400 implementation is
under way. Meanwhile, Waterloo, Ontario-based Mortice Kern has begun a
standards watch information service to be delivered as and when needed. The
first bulletin notes that US government standards for Posix.2 have
completed their review and comment period with no problems, have passed
from the National Institute of Standards to the US Secretary of Commerce
and are expected to be passed in November. The National Institute is
evaluating Federal Standards Posix.2 test suite providers. The XCUTS test
suites for X/Open Co Ltd’s XPG4 specifications under development at Palo
Alto, California firm Mindcraft Inc have been renamed VSC. Mortice Kern has
also poached former SunSoft Inc Europe manager Doug Miller from Information
Foundation as InterOpen Account Manager, West Coast Division.

On Mon, Jan 27, 2025 at 8:03 AM Seymour J Metz  wrote:

> Yes, the company is Kern but the shells are bash, bourne, c, z, not all
> available in the first release; there is no kern shell.
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
>
>
> 
> From: IBM Mainframe Discussion List  on behalf
> of Mike Schwab <05962a42dc49-dmarc-requ...@listserv.ua.edu>
> Sent: Sunday, January 26, 2025 3:26 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: OMVS
>
> External Message: Use Caution
>
>
> IBM
> Licensed Material - Property of IBM
> 5694-A01 Copyright IBM Corp. 1993, 2011
> (C) Copyright *Mortice Kern* Systems, Inc., 1985, 1996.
> (C) Copyright Software Development Group, University of Waterloo, 1989.
>
> All Rights Reserved.
>
> U.S. Government Users Restricted Rights
> Use, duplication or disclosure restricted by
> GSA ADP Schedule Contract with IBM Corp.
>
> IBM is a registered trademark of the IBM Corp.
>
>
> On Sun, Jan 26, 2025 at 12:51 PM Paul Gilmartin <
> 042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:
>
> > On Sun, 26 Jan 2025 18:12:01 +0100, Radoslaw Skorupka  wrote:
> > >...
> > >> How does Kern shell compare with Bourne shell and POSIX shell?
> > >>
> > >> A quick Google search for "Kern shell" returns mostly pages about
> > >> psychology or thermal engineering.
> > >
> > >Obvious typo. Was it funny?
> > >
> > More than I care to know about heat exchangers.
> >
> > >https://en.wikipedia.org/wiki/KornShell
> > >
> > And I doubt that I mistyped.  I copied "Kern shell" with mouse from
> > an earlier ply and pasted directly into the query string.
> >
> > And there seems to be a passing reference in an IBM page:
> > <
> >
> https://www.ibm.com/docs/en/zos/3.1.0?topic=procedures-accessing-unix-system-services-zos-unix-shell
> > >
> >
> > -- gil
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
>
> --
> Mike A Schwab, Springfield IL USA
> Where do Forest Rangers go to get away from it all?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Mainframe physical tape backup

2025-01-26 Thread Timothy Sipples
Brian Westerman wrote:
>….The advent of VTS systems made all of those problems ( which are
>real and happen all the time), dissolve, and you would be creating
>them all over again.

Radoslaw Skorupka wrote:
>Now the advantage, which can be considered HUGE: tapes can be moved.
>Easily moved. Single case may contain ~500TB of uncompressed data,
>~1.5PB compressed (before encryption). Regular passenger car can move
>multiple petabytes of data, secured with encryption. It is low profile,
>it can be hidden, moved to a vault, the place can be changed anytime, no
>infrastructure is needed, just closed room, etc.
>Maybe it sounds ridiculous, but it is not, when a war is just abroad.
>And yes, we have no war in Poland, but many organisations implemented
>such tape vault. Where? Usually the address is known for very few
>employees. However I'm pretty sure it is on the West, many times abroad.
>An address or addresses.

FWIW I’m sympathetic to both sets of arguments. Fortunately there are lots of 
storage options — including “small” physical tape options (Feature Code 5995!) 
— to address a wide range of concerns. “One size does not fit all.”

Not long ago I worked with a customer in a developing country that incorporated 
physical tape in their storage architecture because it makes sense for them. I 
informally dubbed their data backup/vaulting process "ScooterNet." Because 
that’s what they do, or are supposed to do anyway: backup their data at least 
once per day to encrypted tape (2 copies/2 sets of cartridges), load each tape 
set in the backpack of a scooter driver (with staggered appointments), and then 
one scooter driver rides to their alternate data center and the other rides to 
a data-only vault at a third site. With periodic checks to make sure the tapes 
are received, logged, and readable. Loop, repeat. It’s the most effective and 
discrete way to move lots of data in their operating environment. I’ve also 
worked with another customer in a developed country that currently doesn’t use 
any physical tape, but they have a third “data only” site with periodic IBM 
SafeGuarded Copies taken there. In the unlikely event they lose both their 
“full” data centers they’ll be offline for a while, but at least they’ll have a 
backup. In their environment and for their customers it all makes perfect sense 
because they have relatively small amounts of “lively” data that must be 
extremely well protected. Ongoing data access is reasonably important, but data 
integrity and preservation are much more important for them. So a “2-and-a-half 
site” approach is a good fit. And I can think of a third customer that couldn’t 
afford really anything except a remote physical tape library with WORM tape. If 
(when?) they lose their primary data center they’d be in a world of hurt. But 
at least they’d have a backup, and several days later (after scrambling to find 
an emergency server, etc.) they’d start to come back online. That might be 
called a “1-and-a-half site” approach. Not great, but at least it’s better than 
1.

In all these cases data immutability is important. That is, they don’t want any 
malware or other rogue act to destroy or tamper with their backup data. There 
are several options to render data immutable (albeit still destructible if 
you’re nefarious and get access to the physical storage media):


  1.  Writing to a tape cartridge, then physically disconnecting that tape 
cartridge (ejecting it) and storing it somewhere safe.
  2.  Writing to a WORM tape cartridge, optionally ejected.
  3.  Writing to Logical WORM virtual tape storage, a feature provided with the 
IBM TS7700 virtual tape libraries.
  4.  Writing to IBM DS8000 enterprise storage, then taking an IBM SafeGuarded 
Copy of those volumes.
  5.  Writing to cloud object storage that is technically rendered immutable in 
some reasonable way(s). IBM Z, IBM DS8000, and IBM TS7700 all support cloud 
object storage “backends” when suitably configured. Note that “cloud” can mean 
private cloud (on-premises), public commercial cloud, or some combination.

In all these cases you’d presumably maintain at least 2 copies in 2 physically 
separate locations to mitigate the risk of single site destruction. See the “2 
scooter method” above as one example. Storage devices may or may not be 
physically located near the servers they serve. In all these cases — especially 
(but not only) the physical tape cartridge cases since tape cartridges are 
expressly designed to walk — strong encryption on the storage media is 
important. And that means protecting private encryption keys, of course.

—
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity
IBM Z/LinuxONE, Asia-Pacific
sipp...@sg.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CBTView ISPF Dialog - quick survey/question

2025-01-26 Thread Lionel B Dyck
CBTview does not cache any information so while etag may be good it
isn't something i can use at this time.

On Sun, Jan 26, 2025 at 2:55 PM Paul Gilmartin
<042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:
>
> On Sun, 26 Jan 2025 14:30:02 -0600, Lionel B Dyck wrote:
>
> >wget could work for the files but i need to use curl to get the file
> >date as wget can't and for getting files there isn't much difference
> >so i'm sticking with curl for consistency.
> >
> In 
> 
>
> Someone contrived to fetch the headers and-output-to-dev-nul.
> I didn't notice whether this bypassed the transfer.
>
> But why bother, since curl provides for conditional fetch of
> outdated files?
>
> Would you keep the  archive in zFS, PDSE, or other?  For which
> of these would timestamp granularity be fine enough for conditional
> download?
>
> cbttape.org appears to supply ETag values.  Would those better?
>
> >but thank you as that was a path i did look at.
> >
> >On Sun, Jan 26, 2025 at 1:36 PM Seymour J Metz wrote:
> >>
> >> What about wget?
>
> --
> gil
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Lionel B. Dyck <><
Website:https://github.com/lbdyck

"Worry more about your character than your reputation.  Character is
what you are, reputation merely what others think you are." - John
Wooden

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: OMVS

2025-01-26 Thread Attila Fogarasi
Kern shell was a Posix shell, here is some detail from 1994 ...  Canadian
Posix and X Open Portability Guide specialist Mortice Kern Systems Inc has
won its third account with IBM Corp. This time Big Blue has licensed *Mortice
Kern’s InterOpen/XPG4 Posix shell (commands) and utilities* for version 2
of the VM/ESA 3090 mainframe operating system released last week. The
standards have already been applied to MVS; an OS/400 implementation is
under way. Meanwhile, Waterloo, Ontario-based Mortice Kern has begun a
standards watch information service to be delivered as and when needed. The
first bulletin notes that US government standards for Posix.2 have
completed their review and comment period with no problems, have passed
from the National Institute of Standards to the US Secretary of Commerce
and are expected to be passed in November. The National Institute is
evaluating Federal Standards Posix.2 test suite providers. The XCUTS test
suites for X/Open Co Ltd’s XPG4 specifications under development at Palo
Alto, California firm Mindcraft Inc have been renamed VSC. Mortice Kern has
also poached former SunSoft Inc Europe manager Doug Miller from Information
Foundation as InterOpen Account Manager, West Coast Division.

On Mon, Jan 27, 2025 at 8:03 AM Seymour J Metz  wrote:

> Yes, the company is Kern but the shells are bash, bourne, c, z, not all
> available in the first release; there is no kern shell.
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
>
>
> 
> From: IBM Mainframe Discussion List  on behalf
> of Mike Schwab <05962a42dc49-dmarc-requ...@listserv.ua.edu>
> Sent: Sunday, January 26, 2025 3:26 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: OMVS
>
> External Message: Use Caution
>
>
> IBM
> Licensed Material - Property of IBM
> 5694-A01 Copyright IBM Corp. 1993, 2011
> (C) Copyright *Mortice Kern* Systems, Inc., 1985, 1996.
> (C) Copyright Software Development Group, University of Waterloo, 1989.
>
> All Rights Reserved.
>
> U.S. Government Users Restricted Rights
> Use, duplication or disclosure restricted by
> GSA ADP Schedule Contract with IBM Corp.
>
> IBM is a registered trademark of the IBM Corp.
>
>
> On Sun, Jan 26, 2025 at 12:51 PM Paul Gilmartin <
> 042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:
>
> > On Sun, 26 Jan 2025 18:12:01 +0100, Radoslaw Skorupka  wrote:
> > >...
> > >> How does Kern shell compare with Bourne shell and POSIX shell?
> > >>
> > >> A quick Google search for "Kern shell" returns mostly pages about
> > >> psychology or thermal engineering.
> > >
> > >Obvious typo. Was it funny?
> > >
> > More than I care to know about heat exchangers.
> >
> > >https://en.wikipedia.org/wiki/KornShell
> > >
> > And I doubt that I mistyped.  I copied "Kern shell" with mouse from
> > an earlier ply and pasted directly into the query string.
> >
> > And there seems to be a passing reference in an IBM page:
> > <
> >
> https://www.ibm.com/docs/en/zos/3.1.0?topic=procedures-accessing-unix-system-services-zos-unix-shell
> > >
> >
> > -- gil
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
>
> --
> Mike A Schwab, Springfield IL USA
> Where do Forest Rangers go to get away from it all?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: z/OS 2.1 & 2.2 on z16?

2025-01-26 Thread Farley, Peter
I cannot see your actual email address on the emails I receive from you or from 
Paul Gilmartin or from Colin Paice, but I can see everyone’s email address when 
I browse messages on the listserv website.  I always see Seymour’s full address 
and Charles Mills’ full address when I receive their emails.

Do you post directly from your own email address or from the listserv website?  
I suspect that may be the difference.  I post from my employee email address 
and not from the website, can you see my address when you receive my emails to 
the list?

Peter

From: IBM Mainframe Discussion List  On Behalf Of 
Brian Westerman
Sent: Sunday, January 26, 2025 5:14 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z/OS 2.1 & 2.2 on z16?


I got an email from Peter that shows that some users don't get to see the ID, 
so I'll put mine here, but formatted so that AI will ahve a harder time 
scraping it for use



Brian(underscore)Westerman(at)SyzygyInc(dot)com



I'm sorry that I didn't realize that not all members can see it.



Brian



--

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CBTView ISPF Dialog - quick survey/question

2025-01-26 Thread Seymour J Metz
Some shops require vetting of external software, even if run from personal 
libraries. They are not just being anal retentive; a user can cause damage even 
if he can't edit APF libraries. Security is aout more than preserving the 
integrity of the OS.

-- 
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר




From: IBM Mainframe Discussion List  on behalf of 
Radoslaw Skorupka <0471ebeac275-dmarc-requ...@listserv.ua.edu>
Sent: Sunday, January 26, 2025 7:16 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CBTView ISPF Dialog - quick survey/question

External Message: Use Caution


W dniu 23.01.2025 o 21:52, Paul Gilmartin pisze:
> On Thu, 23 Jan 2025 21:08:48 +0100, Radoslaw Skorupka wrote:
>>
>>> If the concern is malware infiltration, curl, HTTPS, and IND$FILE
>>> from a desktop waystation are all suspect.
>> Not mentioning the reasons or rationales, the FTP traffic in/out company
>> is forbidden.
>>
> Is there a whitelist allowing either mainframe or desktop access to
> cbttape.org?
>
> Is there a pathway by which (suitably privileged) individuals can
> install cbttape content, possibly program objects, on the mainframe?
>
> Is curl available on the mainframe?  Otherwise this discussion is
> academic.  Unless the cbttape repository can be mirrored on a
> desktop.

My observations, based on several shops experience:
1. Cybersecurity dept usually do not touch mainframe. Because they don't
know it and don't understand. Not to mention many of them create "Franz
Kafka - The Trial" world - you are accused, but you don't know of what.
There are bans and prohibitions, but there is no explanation or rationale.
2. Assuming the above you can install anything you uploaded from your
workstation. And the workstation (and user) usually is allowed to
download from cbttape, etc. The reason is obvious: it is https, not ftp.
Note, you can install *anything*. Including APF libraries, SVC, exits,
etc. Of course you have to be a sysprog or other person authorized to
change APF, etc. Formal acceptation process does not exist, however
informal discussions between colleagues usually take a place.
3. Of course the are notable exceptions, where no freeware or RYO tool
can be installed, except simple scripts which do not require any special
authorizations.
4. Sometimes anything from outside is forbidden by default. However,
theoretically you could type your own script. So, printing some useful
script at home and typing/copying it by hand would be acceptable.
5. Fun fact: I tried to download some of Mark Zelden's utilities. It
turned out the webpage is prohibited with category "porn" and my attempt
was recorded, etc. :-)



--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: OMVS

2025-01-26 Thread René Jansen
It’s the Korn shell.

René.

> On 26 Jan 2025, at 16:59, Paul Gilmartin 
> <042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:
> 
> On Sun, 26 Jan 2025 18:01:50 +1100, Attila Fogarasi wrote:
> 
>> OpenEdition was introduced in MVS 4.3 in 1994 but was an almost unusable
>> subset, it only had POSIX support, Kern shell and dbx debugger.   ...
>> 
> How does Kern shell compare with Bourne shell and POSIX shell?
> 
> A quick Google search for "Kern shell" returns mostly pages about
> psychology or thermal engineering.
> 
> --
> gil
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: OMVS

2025-01-26 Thread Radoslaw Skorupka

W dniu 26.01.2025 o 16:53, Paul Gilmartin pisze:

On Sun, 26 Jan 2025 18:01:50 +1100, Attila Fogarasi wrote:


OpenEdition was introduced in MVS 4.3 in 1994 but was an almost unusable
subset, it only had POSIX support, Kern shell and dbx debugger.   ...


How does Kern shell compare with Bourne shell and POSIX shell?

A quick Google search for "Kern shell" returns mostly pages about
psychology or thermal engineering.


Obvious typo. Was it funny?
https://en.wikipedia.org/wiki/KornShell


--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Mainframe physical tape backup

2025-01-26 Thread kekronbekron
Once again, TechDocs is gold. 
Why can't IBM make a simple page of these docs with metadata about them (date 
created/modified).

Make it as flashy as you want, but a simple table isn't hard to create, even 
with the Carbon design?


Sent with Proton Mail secure email.

On Monday, January 27th, 2025 at 05:08, Timothy Sipples  
wrote:

> There’s some incorrect (or at least out of date) information in this thread. 
> (I’ll try again!)
> 
> The IBM TS7700 also supports the IBM TS4300 tape library via Feature Code 
> 5995 (previously via RPQ). Both are available for rack mounted installation. 
> Please refer to this whitepaper for details:
> 
> https://www.ibm.com/support/pages/node/7008411
> 
> —
> Timothy Sipples
> Senior Architect
> Digital Assets, Industry Solutions, and Cybersecurity
> IBM Z/LinuxONE, Asia-Pacific
> sipp...@sg.ibm.com
> 
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Mainframe physical tape backup

2025-01-26 Thread Tom Brennan

"even with the Carbon design"
LOL

On 1/26/2025 7:26 PM, kekronbekron wrote:

Once again, TechDocs is gold.
Why can't IBM make a simple page of these docs with metadata about them (date 
created/modified).

Make it as flashy as you want, but a simple table isn't hard to create, even 
with the Carbon design?


Sent with Proton Mail secure email.

On Monday, January 27th, 2025 at 05:08, Timothy Sipples  
wrote:


There’s some incorrect (or at least out of date) information in this thread. 
(I’ll try again!)

The IBM TS7700 also supports the IBM TS4300 tape library via Feature Code 5995 
(previously via RPQ). Both are available for rack mounted installation. Please 
refer to this whitepaper for details:

https://www.ibm.com/support/pages/node/7008411

—
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity
IBM Z/LinuxONE, Asia-Pacific
sipp...@sg.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Explanation of TCBPFK

2025-01-26 Thread Binyamin Dissen
Well, the PSW at abend should show they key it was in. Does it show zero?

A PSW with key 0 still can get PIC-4 in DAT mode if the page or segment is
protected (for example LPA pages).

A PSW with key 0 can get a PIC 4 in either mode if modifying low storage
without disabling low storage protection.

Finally, your best way to get the TCB key you want is to put the program in
the PPT and invoke it as a job step task. Not at all trivial to change on the
fly.


On Sun, 26 Jan 2025 20:57:47 -0500 Joseph Reichman
<05812645a43c-dmarc-requ...@listserv.ua.edu> wrote:

:>Hi 
:>
:>I am trying to hunt down a S0C4 pic 4 
:>
:>So I did a MODESET MODE=SUP,KEY=ZERO
:>
:>I ended up with the ABEND I stated 
:>
:>My first question what exactly is TCBPFK used in my situation with executing 
the modeset 
:>The value of TCBPFK was X’80’
:>
:>Which the documentation says is user key 
:>
:>My guess the modeset changed the value of the RBOPSW  is there any way 
besides actually changing storage value of TCBPFK 
:>
:>To change TCB key or I guess TCBPFK to zero
:>
:>Thanks 
:>--
:>For IBM-MAIN subscribe / signoff / archive access instructions,
:>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Mainframe physical tape backup

2025-01-26 Thread Peter
Hello Tim,


Are these available as ejectable tape ?



On Mon, 27 Jan 2025, 03:39 Timothy Sipples,  wrote:

> There’s some incorrect (or at least out of date) information in this
> thread. (I’ll try again!)
>
> The IBM TS7700 also supports the IBM TS4300 tape library via Feature Code
> 5995 (previously via RPQ). Both are available for rack mounted
> installation. Please refer to this whitepaper for details:
>
> https://www.ibm.com/support/pages/node/7008411
>
> —
> Timothy Sipples
> Senior Architect
> Digital Assets, Industry Solutions, and Cybersecurity
> IBM Z/LinuxONE, Asia-Pacific
> sipp...@sg.ibm.com
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: AT-TLS FTP to RedHat 9 wsftp server

2025-01-26 Thread Ed Jaffe

On 1/26/2025 8:17 AM, Ed Jaffe wrote:

On 1/26/2025 7:54 AM, Ed Jaffe wrote:


The "key share group list" described above is being passed by z/OS as 
the singular value "secp521r1". It would be great if we could figure 
out how to make it send an actual list of group names that also 
includes "secp256r1" (the only one supported by the RedHat 9 wsftp 
server), but so far we haven't been able to figure out how to do that.


I fell back to TLS 1.2 support only. No more TLS 1.3. This time the 
client sends secp256r1 (0023) for the initial handshake encryption, 
which I found puzzling. My understanding was that only TLS 1.3 encrypted 
the initial handshake, but whatevs. At least the group names should match.


Now I'm seeing something a bit different. The client sends some cipher 
data and then immediately gets a 5003 failure because the response comes 
back as clear text rather than encrypted. The book states this could be 
caused by not having application-level control over the AT-TLS 
encryption (via SIOCTL). I know we have that specified for both z/OS 
client and z/OS server. Of course, it can't be specified for RedHat 
wsftp as it doesn't use AT-TLS. I suppose it's possible the 5003 error 
might be the result of an immediate disconnect from the server due to an 
as-yet-not-understood problem with the cipher.


BPXF024I (OMVS) Jan 26 19:52:53 mvsa0 TTLS[84082999]: 19:52:52 TCPIP 368
  EZD1285I TTLS Data  CONNID: 02BB SEND CIPHER 160303005C01580
30367970315481C8DE945C99307607718DB6A1F6F63840EE2B69DD4305351D91A04000
00400FF0035012B002B00030203030017000D001C001A06010603050105030
40104030402030103030302020102030202 ..
BPXF024I (OMVS) Jan 26 19:52:53 mvsa0 TTLS[84082999]: 19:52:52 TCPIP 369
  EZD1286I TTLS Error GRPID: 000A ENVID: 000A CONNID:
02BB LOCAL: 192.168.10.195..1053 REMOTE: 98.174.153.86..21
JOBNAME: FTPTLPSI USERID: EDJXADM RULE: PSI_FTP-Client~1  RC: 5003
Data Decryption ..

What astonishes me is that no one on this list (or TCPIP-L) seems to 
have any experience connecting AT-TLS-enabled FTP to RedHat Linux. On 
the surface, that would seem to be one of the most common FTP 
configurations in the world right behind z/OS to z/OS. Is what we're 
doing really that bleeding edge???



--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/



This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: z/OS 2.1 & 2.2 on z16?

2025-01-26 Thread Brian Westerman
I can see yours fine.  But I also can't find any entries that I can't see the 
email address on.  

Maybe it's because I always post (and read) from the list website.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Mainframe physical tape backup

2025-01-26 Thread Tomer Zelberzvig
Hello Peter,

I'm not sure about your exact use case, but you can use BMC AMI Cloud with our 
Cloud Data Sets feature to send your tape data directly to cloud object storage.
If you choose the public cloud option, then the storage is already external to 
your site and should meet whatever you're looking for.
Furthermore, object storage enables you to create immutable buckets where you 
output your data.
More information can be found here:
https://www.bmc.com/it-solutions/bmc-ami-cloud.html
https://www.bmc.com/it-solutions/bmc-ami-cloud-data.html

Feel free to reach out if you'd like some more information.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Mainframe physical tape backup

2025-01-26 Thread Peter
Hello Carlos

Right we use DLM8500 and Data Domain to backup the mainframe data.

Is it possible to send mainframe data to LT0 drives from Dell backup
solutions?

Has anyone tried or you have working solutions already?

On Fri, 24 Jan 2025, 22:23 Bodra - Pessoal, <
02eda2bc565a-dmarc-requ...@listserv.ua.edu> wrote:

> Peter,
>
> IBM TS4500 won´t attach to any Z systems. It can have a lot of TS1170 (aka
> 3592-EH8) inside, but just for TS7770/80 data destage from Hydra. IBM
> stopped to produce tape controller with 3592-C07 some years ago. Since
> this, mainframe data is available in physical cartridge passthru TS7770/80.
> This was a marketing/sales orientation to force customers to buy tapes
> (TS4500 and Tape drives (3592-EH8) and storage (TS7770/80) if you want data
> stored in tape cartridge.
>
> Since we use Luminex MVTe solution, we mapped disk storage (via FC) to our
> backup server and uses LTO7 to backup array, then sent to offsite storage.
> Data inside array is compressed and eventually cryptographed (optional
> feature), not usable directly by mainframe since we need to restore array
> to access data via Luminex MVTe. This is a solution for a catastrophic
> event in Data Center.
>
> Maybe this can work for you.
>
>
> Carlos Bodra
> IBM zEnterprise Certified
> São Paulo – SP – Brazil
>
>
> -Mensagem original-
> De: IBM Mainframe Discussion List  Em nome de
> Peter
> Enviada em: sexta-feira, 24 de janeiro de 2025 12:41
> Para: IBM-MAIN@LISTSERV.UA.EDU
> Assunto: Mainframe physical tape backup
>
> Hello
>
> My organization has asked me to explore about the vendors who are still
> providing external physical tape backup.
>
> How many companies are there who are making physical tape Solutions and I
> would like to discuss with them.
>
> Any pointers would be appreciated.
>
> Regards
> Peter
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Mainframe physical tape backup

2025-01-26 Thread Timothy Sipples
Peter wrote:

>Are these available as ejectable tape ?



Yes, you can eject tape cartridges from the IBM TS4500 and TS4300 tape 
libraries then move those tape cartridges wherever you want. Here's the 
information for the TS4500, for example:



https://www.ibm.com/docs/en/ts4500-tape-library?topic=managing-removing-tape-cartridges



The whitepaper I linked to in my previous post includes a section entitled 
"DFSMSrmm Stacked Volume Support" starting on page 13 with a typical scenario 
that assumes physical backup tapes will be ejected/removed from the IBM TS4300 
tape library, stored in a vault somewhere, then (optionally, for non-WORM tape) 
retrieved and reused for new backups as older backups age out. That section 
runs for several pages and describes the various steps in some detail.



If I'm missing the gist of your question, please follow up.

—
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity
IBM Z/LinuxONE, Asia-Pacific
sipp...@sg.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: AT-TLS FTP to RedHat 9 wsftp server

2025-01-26 Thread Ed Jaffe

On 1/25/2025 11:01 PM, Colin Paice wrote:

The client usually sends up a list of acceptable cipher specs, and the
server picks one. Perhaps you need to change the client to add more.
For example from  my definitions


We are specifying many different ciphers and have tried Bronze, Silver, 
Gold and Platinum settings in the Network Configuration Assistant (see 
below for an example). We have observed that none of this matters.



TTLSCipherParms   cipher2~AT-TLS__Platinum_with_TL
{
  V3CipherSuites  TLS_RSA_WITH_AES_256_GCM_SHA384
  V3CipherSuites TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  V3CipherSuites  TLS_RSA_WITH_AES_256_CBC_SHA256
  V3CipherSuites  TLS_RSA_WITH_AES_256_CBC_SHA
  V3CipherSuites  TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  V3CipherSuites  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  V3CipherSuites  TLS_RSA_WITH_AES_128_GCM_SHA256
  V3CipherSuites TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  V3CipherSuites  TLS_RSA_WITH_AES_128_CBC_SHA256
  V3CipherSuites  TLS_RSA_WITH_AES_128_CBC_SHA
  V3CipherSuites  TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  V3CipherSuites  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
}

From the trace, it appears that what's happening is the encryption for 
the *initial* handshake is failing. Once we get past the initial 
handshake, then of course the list of ciphers will matter.


https://www.ibm.com/docs/en/zos/3.1.0?topic=support-key-shares

"One of the security improvements made in TLS V1.3 is that most of the 
handshake is now encrypted. This is done by having the client and server 
sides each specify a key share group list. When the client attempts a 
TLS V1.3 handshake, it generates a public/private key pair for each 
supported group and the generated public value or values are put into 
the client's initial handshake message. The server selects a group in 
common with the client's groups and then generates its own 
public/private key pair for the selected group. The server takes its 
private value and the client's public value to generate a shared secret, 
which is used to generate keys for encrypting and decrypting handshake 
messages. Likewise, the client generates the same shared secret with the 
server's public value that is transmitted in the server's initial 
handshake message."


The "key share group list" described above is being passed by z/OS as 
the singular value "secp521r1". It would be great if we could figure out 
how to make it send an actual list of group names that also includes 
"secp256r1" (the only one supported by the RedHat 9 wsftp server), but 
so far we haven't been able to figure out how to do that.


--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/



This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: OMVS

2025-01-26 Thread Paul Gilmartin
On Sun, 26 Jan 2025 18:01:50 +1100, Attila Fogarasi wrote:

>OpenEdition was introduced in MVS 4.3 in 1994 but was an almost unusable
>subset, it only had POSIX support, Kern shell and dbx debugger.   ...
>
How does Kern shell compare with Bourne shell and POSIX shell?

A quick Google search for "Kern shell" returns mostly pages about
psychology or thermal engineering.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: OMVS

2025-01-26 Thread Paul Gilmartin
On Sun, 26 Jan 2025 18:12:01 +0100, Radoslaw Skorupka  wrote:
>...
>> How does Kern shell compare with Bourne shell and POSIX shell?
>>
>> A quick Google search for "Kern shell" returns mostly pages about
>> psychology or thermal engineering.
>
>Obvious typo. Was it funny?
>
More than I care to know about heat exchangers.

>https://en.wikipedia.org/wiki/KornShell
>
And I doubt that I mistyped.  I copied "Kern shell" with mouse from
an earlier ply and pasted directly into the query string.

And there seems to be a passing reference in an IBM page:


-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CBTView ISPF Dialog - quick survey/question

2025-01-26 Thread Tony Harminc
On Sun, 26 Jan 2025 at 07:47, Seymour J Metz 

Security is a[b]out more than preserving the integrity of the OS.
>

Indeed. Security and Integrity are quite different concepts, but each
depends completely on the other.

And then there's Privacy, which - from the earliest days of the notion of
MVS system integrity in 1972 or so - was kind of assumed to just fall out
of Security as implemented on a system with Integrity. But now it's well
recognized as something quite different.

But we digress more than a little from "CBTView ISPF Dialog - quick
survey/question"...

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CBTView ISPF Dialog - quick survey/question

2025-01-26 Thread Lionel B Dyck
rabbit trails can be interesting but the bottom line is that I have
reviewed the various incarnations of curl usages and have an idea on
how to update CBTView to use it if it is available on tune users
systems. In many ways it is easier than using FTP but in some ways not
so much.

On Sun, Jan 26, 2025 at 1:09 PM Tony Harminc  wrote:
>
> On Sun, 26 Jan 2025 at 07:47, Seymour J Metz 
>
> Security is a[b]out more than preserving the integrity of the OS.
> >
>
> Indeed. Security and Integrity are quite different concepts, but each
> depends completely on the other.
>
> And then there's Privacy, which - from the earliest days of the notion of
> MVS system integrity in 1972 or so - was kind of assumed to just fall out
> of Security as implemented on a system with Integrity. But now it's well
> recognized as something quite different.
>
> But we digress more than a little from "CBTView ISPF Dialog - quick
> survey/question"...
>
> Tony H.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Lionel B. Dyck <><
Website:https://github.com/lbdyck

"Worry more about your character than your reputation.  Character is
what you are, reputation merely what others think you are." - John
Wooden

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: Two related C macro questions

2025-01-26 Thread Charles Mills
@Andrew and @Colin, thank you.

> the __LIBREL__ and __TARGET_LIB__ macros

Agreed, that's a better approach. After I wrote my OP I recalled I had used the 
latter macro a while ago to solve a similar problem. It's better than a unique 
macro because (a.) it is only one thing to change in the options file and (b.) 
it is more or less self-documenting. (And (c.), it actually works!)

> DEF (Y2038_LEV2R3=) is correct syntax, but maybe there is a bug.

Yeah, that was kind of my conclusion. I quit blaming my program errors on 
compiler bugs about forty years ago, but in this case it may be true. In any 
event the syntax is not intuitive. DEF (macro) is equivalent to #define macro 1 
and DEF (macro=) is equivalent to #define macro. I think I am going to use 
__TARGET_LIB__ per the above, and I don't think I have the ambition to try and 
figure out whether there is a compiler bug with DEF, especially since IBM 
probably doesn't care now that there is a whole new C/C++ compiler.

> the ftime() function and timeb structure are deprecated

Well yeah, that's the point of this whole exercise. And deprecated or not, they 
will quit working correctly in less than 13 years. The thing is I have somewhat 
complex, existing, working code that uses ftime64() and timeb64, I need the 
millisecond value that time64() does not provide, and I really don't want to 
re-write the logic and re-debug it. Much of the Y2038 support came along as 
early as z/OS V1R11, but ftime64() does not appear until V2R3. 

Charles

On Sun, 26 Jan 2025 02:51:07 -0600, Andrew Mattingly  
wrote:

>I would draw your attention to the __LIBREL__ and __TARGET_LIB__ macros 
>(https://www.ibm.com/docs/en/zos/3.1.0?topic=cpm-general-macros) and the 
>__librel() library function 
>(https://www.ibm.com/docs/en/zos/3.1.0?topic=reference-library-functions).  It 
>might be better to use one of these, depending on the effect you want to 
>achieve.
>
>I would also note that the ftime() function and timeb structure are 
>deprecated.  You are better off using time64(), which has been available since 
>z/OS 2.1 (or possibly earlier), then you wouldn't need to test the operating 
>system/library level.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CBTView ISPF Dialog - quick survey/question

2025-01-26 Thread Radoslaw Skorupka

W dniu 23.01.2025 o 21:52, Paul Gilmartin pisze:

On Thu, 23 Jan 2025 21:08:48 +0100, Radoslaw Skorupka wrote:



If the concern is malware infiltration, curl, HTTPS, and IND$FILE
from a desktop waystation are all suspect.

Not mentioning the reasons or rationales, the FTP traffic in/out company
is forbidden.


Is there a whitelist allowing either mainframe or desktop access to
cbttape.org?

Is there a pathway by which (suitably privileged) individuals can
install cbttape content, possibly program objects, on the mainframe?

Is curl available on the mainframe?  Otherwise this discussion is
academic.  Unless the cbttape repository can be mirrored on a
desktop.


My observations, based on several shops experience:
1. Cybersecurity dept usually do not touch mainframe. Because they don't 
know it and don't understand. Not to mention many of them create "Franz 
Kafka - The Trial" world - you are accused, but you don't know of what. 
There are bans and prohibitions, but there is no explanation or rationale.
2. Assuming the above you can install anything you uploaded from your 
workstation. And the workstation (and user) usually is allowed to 
download from cbttape, etc. The reason is obvious: it is https, not ftp. 
Note, you can install *anything*. Including APF libraries, SVC, exits, 
etc. Of course you have to be a sysprog or other person authorized to 
change APF, etc. Formal acceptation process does not exist, however 
informal discussions between colleagues usually take a place.
3. Of course the are notable exceptions, where no freeware or RYO tool 
can be installed, except simple scripts which do not require any special 
authorizations.
4. Sometimes anything from outside is forbidden by default. However, 
theoretically you could type your own script. So, printing some useful 
script at home and typing/copying it by hand would be acceptable.
5. Fun fact: I tried to download some of Mark Zelden's utilities. It 
turned out the webpage is prohibited with category "porn" and my attempt 
was recorded, etc. :-)




--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: AT-TLS FTP to RedHat 9 wsftp server

2025-01-26 Thread Ed Jaffe

On 1/26/2025 7:54 AM, Ed Jaffe wrote:


The "key share group list" described above is being passed by z/OS as 
the singular value "secp521r1". It would be great if we could figure 
out how to make it send an actual list of group names that also 
includes "secp256r1" (the only one supported by the RedHat 9 wsftp 
server), but so far we haven't been able to figure out how to do that.


I found the part of the policy specification that needs to be expanded, 
but I can't find how to change it using the Network Configuration 
Assistant. "Advanced Settings" under the "Rules" dialog has a tab called 
"Handshake," but it does not offer anything related to the list of 
groups that's offered.


TTLSSignatureParms    sig1~AT-TLS__Platinum_with_TLS1.
{
  ClientECurves   secp521r1
  SignaturePairs TLS_SIGALG_SHA256_WITH_RSASSA_PSS
  SignaturePairs TLS_SIGALG_SHA384_WITH_RSASSA_PSS
  SignaturePairs TLS_SIGALG_SHA512_WITH_RSASSA_PSS
}
TTLSSignatureParms    sig2~AT-TLS__Platinum_with_TLS1.
{
  ClientECurves   secp521r1
}

Should I hand-edit this file to specify the additional curve? Never did 
that before, but I can try.


Will those settings be preserved if I edit with the NCA later after 
making manual updates? Or will I lose everything?


--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/



This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CBTView ISPF Dialog - quick survey/question

2025-01-26 Thread Seymour J Metz
What about wget?

--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר




From: IBM Mainframe Discussion List  on behalf of 
Lionel B Dyck <057b0ee5a853-dmarc-requ...@listserv.ua.edu>
Sent: Sunday, January 26, 2025 2:12 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CBTView ISPF Dialog - quick survey/question

External Message: Use Caution


rabbit trails can be interesting but the bottom line is that I have
reviewed the various incarnations of curl usages and have an idea on
how to update CBTView to use it if it is available on tune users
systems. In many ways it is easier than using FTP but in some ways not
so much.

On Sun, Jan 26, 2025 at 1:09 PM Tony Harminc  wrote:
>
> On Sun, 26 Jan 2025 at 07:47, Seymour J Metz 
>
> Security is a[b]out more than preserving the integrity of the OS.
> >
>
> Indeed. Security and Integrity are quite different concepts, but each
> depends completely on the other.
>
> And then there's Privacy, which - from the earliest days of the notion of
> MVS system integrity in 1972 or so - was kind of assumed to just fall out
> of Security as implemented on a system with Integrity. But now it's well
> recognized as something quite different.
>
> But we digress more than a little from "CBTView ISPF Dialog - quick
> survey/question"...
>
> Tony H.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
Lionel B. Dyck <><
Website:https://github.com/lbdyck

"Worry more about your character than your reputation.  Character is
what you are, reputation merely what others think you are." - John
Wooden

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: OMVS

2025-01-26 Thread Mike Schwab
IBM
Licensed Material - Property of IBM
5694-A01 Copyright IBM Corp. 1993, 2011
(C) Copyright *Mortice Kern* Systems, Inc., 1985, 1996.
(C) Copyright Software Development Group, University of Waterloo, 1989.

All Rights Reserved.

U.S. Government Users Restricted Rights
Use, duplication or disclosure restricted by
GSA ADP Schedule Contract with IBM Corp.

IBM is a registered trademark of the IBM Corp.


On Sun, Jan 26, 2025 at 12:51 PM Paul Gilmartin <
042bfe9c879d-dmarc-requ...@listserv.ua.edu> wrote:

> On Sun, 26 Jan 2025 18:12:01 +0100, Radoslaw Skorupka  wrote:
> >...
> >> How does Kern shell compare with Bourne shell and POSIX shell?
> >>
> >> A quick Google search for "Kern shell" returns mostly pages about
> >> psychology or thermal engineering.
> >
> >Obvious typo. Was it funny?
> >
> More than I care to know about heat exchangers.
>
> >https://en.wikipedia.org/wiki/KornShell
> >
> And I doubt that I mistyped.  I copied "Kern shell" with mouse from
> an earlier ply and pasted directly into the query string.
>
> And there seems to be a passing reference in an IBM page:
> <
> https://www.ibm.com/docs/en/zos/3.1.0?topic=procedures-accessing-unix-system-services-zos-unix-shell
> >
>
> -- gil
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Re: CBTView ISPF Dialog - quick survey/question

2025-01-26 Thread Lionel B Dyck
wget could work for the files but i need to use curl to get the file
date as wget can't and for getting files there isn't much difference
so i'm sticking with curl for consistency.

but thank you as that was a path i did look at.

On Sun, Jan 26, 2025 at 1:36 PM Seymour J Metz  wrote:
>
> What about wget?
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
> עַם יִשְׂרָאֵל חַי
> נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
>
>
>
> 
> From: IBM Mainframe Discussion List  on behalf of 
> Lionel B Dyck <057b0ee5a853-dmarc-requ...@listserv.ua.edu>
> Sent: Sunday, January 26, 2025 2:12 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: CBTView ISPF Dialog - quick survey/question
>
> External Message: Use Caution
>
>
> rabbit trails can be interesting but the bottom line is that I have
> reviewed the various incarnations of curl usages and have an idea on
> how to update CBTView to use it if it is available on tune users
> systems. In many ways it is easier than using FTP but in some ways not
> so much.
>
> On Sun, Jan 26, 2025 at 1:09 PM Tony Harminc  wrote:
> >
> > On Sun, 26 Jan 2025 at 07:47, Seymour J Metz 
> >
> > Security is a[b]out more than preserving the integrity of the OS.
> > >
> >
> > Indeed. Security and Integrity are quite different concepts, but each
> > depends completely on the other.
> >
> > And then there's Privacy, which - from the earliest days of the notion of
> > MVS system integrity in 1972 or so - was kind of assumed to just fall out
> > of Security as implemented on a system with Integrity. But now it's well
> > recognized as something quite different.
> >
> > But we digress more than a little from "CBTView ISPF Dialog - quick
> > survey/question"...
> >
> > Tony H.
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
> --
> Lionel B. Dyck <><
> Website:https://github.com/lbdyck
>
> "Worry more about your character than your reputation.  Character is
> what you are, reputation merely what others think you are." - John
> Wooden
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Lionel B. Dyck <><
Website:https://github.com/lbdyck

"Worry more about your character than your reputation.  Character is
what you are, reputation merely what others think you are." - John
Wooden

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN