I've been struggling with this one for a couple of days now, without making
any headway.
I have a REXX that works through SDSF that is intended to issue 'D R,L'
and retrieve any outstanding console messages. It works fine when I invoke
it from ISPF option 6 with an EXEC... command, but when I invo
Please ignore my previous post.
I've manged to create a solution via a different method.
Using ADDRESS SDSF "ISFLOG READ TYPE(SYSLOG) (WTOR)" gives me what I need
to progress this work.
Regards
Sean
--
For IBM-MAIN subscribe / si
I installed NPF and had it working for my testing. That was about 4
months ago. Now, I it's time to set up the real printers so we can start
using it in production. But, now my original test no longer works. NPF
will no longer pull the print from the JES queue and place it in the
routing queue.
As Shmuel said an application with a trap door is an application
vulnerability.
Ideed, IF you know such trap door, you know z/OS vulnerability, which
proves the platform is not immune. Is it as vulnerable as Windows? No,
because it's still not binary, some systems are still more secure than
oth
In response to "An application with a trap door is an application
vulnerability. If there is a trap door in z/OS itself then that's a
platform vulnerability."
Does it really matter if an application vs z/OS has a trap door
vulnerability? In either case z/OS and the ESM's cannot function
prope
Found it here:
http://www.oocities.org/siliconvalley/peaks/4170/articles/selfdoc.html
On Wed, May 29, 2019 at 11:39 PM Bruce Hewson
wrote:
> Skip,
>
> A long time ago I read :-
>
> Building a Self-Documenting MVS/ESA System
> by Mark S. Hahn
> Reprinted with permission. ©1992 Candle Corp.
>
> Ca
On Wed, May 29, 2019 at 5:10 PM Pommier, Rex
wrote:
> Hello listers,
>
> I'm apparently having a case of brain-drain. Is there an easy way to
> display the currently used master JCL? I know I can look at LINKLIB and
> PARMLIB and see what's there, but is there a way of displaying what's
> actua
This is probably your problem:
KJ56644I NO VALID TSO USERID, DEFAULT USER ATTRIBUTES USED
What RACF ID is the job running under? It must have a TSO segment and be
authorized to use SDSF.
On Thu, May 30, 2019 at 3:14 AM Sean Gleann wrote:
> I've been struggling with this one for a couple of day
On Wed, May 29, 2019 at 1:23 PM Schuffenhauer, Mark
wrote:
> My sales favorite was knowing key functionality is vaporware, talking up
> everything the software would do some day. Then being horrified when you
> realize the 'decision makers' are eating it up. None of them ends up in
> hell when t
Msg IKJ56644I is always issued. Tso batch does not requires tao segment.
However, as John noticed this is not the same user. Has a look at the first
message of the stc job log to see which user associated with your task and
make sure it has permission to command ulog in sdsf resource class.
ITscha
On Thu, May 30, 2019 at 7:48 AM ITschak Mugzach wrote:
> Msg IKJ56644I is always issued. Tso batch does not requires tao segment.
> However, as John noticed this is not the same user. Has a look at the first
> message of the stc job log to see which user associated with your task and
> make sure
Thanks David et al,
I knew system told me somewhere but for the life of me, I couldn't find it.
The confusion on my part came from the fact that I have the IEASYS00 line to
use MSTJCL00. However, member MSTJCL00 doesn't exist in SYS1.PARMLIB but it is
in a concatenated PARMLIB library. Being
For what it's worth, an earlier modification of the REXX featured the use
of the WHO command to retrieve that sort of information.
The user is STCOPER, which doesn't have a TSO segment, it's true, even
though - per Itschak - one isn't necessary.
As part of pursuing this problem, I PERMITted both CO
In response to "Ideed, IF you know such trap door, you know z/OS
vulnerability, which proves the platform is not immune. Is it as
vulnerable as Windows? No, because it's still not binary, some systems
are still more secure than others."
In my opinion (I am biased) z/OS is the most secure-able
Nobody said it was immune and you sell z security which is quite a conflict of
interest.
Sent from Yahoo Mail for iPhone
On Thursday, May 30, 2019, 9:17 AM, Ray Overby wrote:
In response to "Ideed, IF you know such trap door, you know z/OS
vulnerability, which proves the platform is not imm
On Thu, 30 May 2019 06:23:32 -0400, Tony Thigpen wrote:
>I installed NPF and had it working for my testing. That was about 4
>months ago. Now, I it's time to set up the real printers so we can start
>using it in production.
Tony, you and I may be some of the very few members of this list that
Dana,
Below is what PRT7 looks like after I start it.
$Dprt7
$HASP603 PRT7
UNIT=,STATUS=INACTIVE,BURST=NO,CKPTLINE=0,
CKPTMODE=PAGE,CKPTPAGE=100,CKPTSEC=0,CREATOR=,
DEVFCB=,DEVFLASH=,FCB=8X8,FORMS=(WL1,,
,),FSS=FSS1,HONORTRC=YES,JOBNAME=,LAST
Try using PGM=SDSF or Address SDSF "ISFSLASH ("command.") (WAIT)"
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Sean Gleann
Sent: Thursday, May 30, 2019 4:14 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: SDSF & REXX & ULOG problem
I've
Hi,
I have DDDEFs that have volume and unit information coded.
How do I delete that information in batch?
I am using z/OS v2.3
Thanks
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@lis
Read up on the SMPE ZONEEDIT command.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Gadi Ben-Avi
Sent: Thursday, May 30, 2019 9:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: delete volume and unit information form DDDEF
Hi,
I have DDDEFs that have volume and unit inf
I looked at that, but didn't find a way to delete the information
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Allan Staller
Sent: Thursday, May 30, 2019 5:36 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: delete volume and unit information form DDDEF
Read up on the
SET BDY(zonename) .
ZEDIT DDDEF .
CHANGE UNIT(*,*) .
CHANGE VOLUME(*,*) .
ENDZEDIT .
UCLIN .
Carmen Vitullo
- Original Message -
From: "Gadi Ben-Avi"
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Thursday, May 30, 2019 9:37:30 AM
Subject: Re: delete volume and unit information form DDDEF
Thanks
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Carmen Vitullo
Sent: Thursday, May 30, 2019 5:40 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: delete volume and unit information form DDDEF
SET BDY(zonename) .
ZEDIT DDDEF .
CHANGE UNIT(*,*) .
CHANGE VOLUME(*,
Something like this. Now, that being said, I personally, don't catalog the
SMPE target and DLIB datasets, and specifically use UNIT/VOL to point to them
so that there is NO Chance of accidentally updating the wrong set of datasets
(i.e. the running version).
SET BDY(yourzone) .
ZONEED
good Point, I do not use the catalog for any of my SMPE target or DLIB
libraries, I keep these on seperate SMPE volumes
Carmen Vitullo
- Original Message -
From: "David Jousma" <01a0403c5dc1-dmarc-requ...@listserv.ua.edu>
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Thursday, May 30, 201
On Thu, 30 May 2019 09:59:14 -0400, Tony Thigpen wrote:
>Maybe you have a 'better way' to use NPF. Could you give me an example
>of what you are doing?
>
So JES2 never selects output for that printer? You don't ever get $HASP150 ?
What I do is all output for network printers goes to Class C.
Display Filter View Print Options Search Help
SDSF OUTPUT ALL CLASSES ALL FORMSLINES 1,068 LINE 1-8 (8)
NP JOBNAME JobIDOwnerPrty C FormsDest Tot-Rec
TONY JOB224
See Chapter 24 of
https://www-01.ibm.com/servers/resourcelink/svc00100.nsf/pages/zOSV2R3sa232275/$file/gim1000_v2r3.pdf
for the syntax of the DEL DDDEF UCLIN command.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussio
I've seen the acronym ESM a few times in this thread. I'll assume that
means "Enterprise Security Management", and I'll guess it refers to
security processes (not RACF), such as assigning userid's, making sure
people have just the access they need, periodic audits, etc.
Am I even close?
On 5
On Wed, 29 May 2019 22:10:23 +, Pommier, Rex wrote:
>Hello listers,
>
>I'm apparently having a case of brain-rrain. Is there an easy way to display
>the currently used master JCL? I know I can look at LINKLIB and PARMLIB and
>see what's there, but is there a way of displaying what's actua
I have been under the impression it stands for External Security Manager, of
which the "big 3" would be RACF, ACF2, Top Secret.
Rex
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of Tom
Brennan
Sent: Thursday, May 30, 2019 10:21 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject
On Wed, 29 May 2019 23:06:01 +, Jesse 1 Robinson wrote:
>The advertised virtue of RSU is that it represents a well-defined bundle of
>fixes that have been tested together in 'many' shops.
Not exactly. It is a set of PTFs that have been extensively tested together by
IBM.
Then they have been
Are you using NPFVTAM and NPFQMGR? If so, are they running?
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Tony Thigpen
Sent: Thursday, May 30, 2019 9:50 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [External] Re: Need a second set of eyes to look at my NPF settings
> Does it really matter if an application vs z/OS has a trap door vulnerability?
Not if you don't care about security. If you care then you must investigate
both. Please note that an unprivileged application can still have a dangerous
back door that compromises, e.g., privacy, by giving a user a
Classification: Public
> Not exactly. It is a set of PTFs that have been extensively tested together
> by IBM.
> Then they have been adopted as a whole by many shops.
>
> --
> Tom Marchant
Is that true? I thought it was just the CST that was extensively tested; that's
only released quarterly, w
On Thu, 30 May 2019 10:50:09 -0400, Tony Thigpen wrote:
> Display Filter View Print Options Search Help
>
>
>SDSF OUTPUT ALL CLASSES ALL FORMSLINES 1,068 LINE 1-8 (8)
>NP JOBNAME JobIDOwnerPrt
I've never seen a trap door installed by IBM. What I've seen was trap doors
installed by data center staff and trap doors in 3rd party software. In those
cases it's not the platform that is insecure but the installation. Would you
blame the lock if someone leaves their key under the doormat?
d)
Dana Mitchell wrote:
>Tony Thigpen wrote:
>>Maybe you have a 'better way' to use NPF. Could you give me an example of
>>what you are doing?
>So JES2 never selects output for that printer? You don't ever get $HASP150 ?
If that is the case, turn on the debug statement for JES2, something like
Dana Mitchell wrote:
>Your output has PZGWHFL1 as a destination, but your printer is set to
>ROUTECDE=(LOCAL) so it's only going to select printout with *NO* destination
>coded. Thats why the printer isn't selecting that output. Do you have a NPF
>route defined for PZGWHFL1?
>You either n
Just because it has not been brought up and I think it is pertinent to this
discussion.
It is obvious that IBM has vulnerabilities in z/OS. The existence of the
integrity APARs are proof of that. There may not be as many as the fixes
released for Windows or Mac, but they do exist.
Lou
--
Artifi
On Thu, 30 May 2019 14:42:39 +, Jousma, David wrote:
>I personally, don't catalog the SMPE target and DLIB datasets
Not for MVS data sets, but what about ISV products?
--
Tom Marchant
--
For IBM-MAIN subscribe / signof
currently I only support one ISV product, I have my MVS hat on currently, so
yes ,I do use the cataloged version of the datasets for ISV's on my sandbox
LPAR.
Carmen Vitullo
- Original Message -
From: "Tom Marchant" <000a2a8c2020-dmarc-requ...@listserv.ua.edu>
To: IBM-MAIN@LIST
> It is obvious that IBM has vulnerabilities in z/OS.
Water is wet; I've reported one such. But not all vulnerabilities are trap
doors.
Do you know of a trap door installed by IBM?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Main
By setting:
$TPRT7,FORMS=*
I am now getting my print into the NPF queue.
I was just too close to it to see it.
Thanks,
Tony Thigpen
Elardus Engelbrecht wrote on 5/30/19 11:34 AM:
Dana Mitchell wrote:
Tony Thigpen wrote:
Maybe you have a 'better way' to use NPF. Could you give me an examp
We catalog *all* SMP/E data sets including those for z/OS. I don't see how
*not* cataloging data sets increases integrity. At some point you have to
distinguish among different releases by typing something somewhere. I'd rather
do that in the HLQ. We decided long ago to 'preserve' (i.e. avoid de
Yes.
On 5/30/2019 11:01 AM, Seymour J Metz wrote:
It is obvious that IBM has vulnerabilities in z/OS.
Water is wet; I've reported one such. But not all vulnerabilities are trap
doors.
Do you know of a trap door installed by IBM?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
ESM - External Security Manager. I use ESM when I am talking about ACF2,
RACF, and TSS.
On 5/30/2019 10:20 AM, Tom Brennan wrote:
I've seen the acronym ESM a few times in this thread. I'll assume
that means "Enterprise Security Management", and I'll guess it refers
to security processes (not
Thanks!
On 5/30/2019 9:20 AM, Ray Overby wrote:
ESM - External Security Manager. I use ESM when I am talking about ACF2,
RACF, and TSS.
On 5/30/2019 10:20 AM, Tom Brennan wrote:
I've seen the acronym ESM a few times in this thread. I'll assume
that means "Enterprise Security Management", an
Tom,
Our ISV product installs have the VerRelease imbedded into the installation
datasets. We use a cloning process to aggregate the updated product onto a
ISV sysres that then removes the VerRelease from the dataset names. The
"master" ISV sysres contents are not cataloged, but the environ
I prefer to keep the SMP/E targets uncataloged. The prevents inadvertent
updating of any running system. Extremely cheap (but effective) insurance.
The SMP/E targets are used *ONLY* as SMP/E targets and *NEVER* on a running
system.
"Clones" are used by the running system.
My 0.02 USD worth
-
On Thu, 30 May 2019 17:02:44 +, Jousma, David wrote:
>Tom,
>
>Our ISV product installs have the VerRelease imbedded into the installation
>datasets. We use a cloning process to aggregate the updated product onto a
>ISV sysres that then removes the VerRelease from the dataset names. The
when I was contracting Y2K and had some global services folks working with me,
that was the standard, and once I moved on I found this same methodology at
other sites, I adopted this strategy and documented the process in my install
and maintenance process, it works for me very well, (FOR MVS) I
Tom, Everything with ISV installs has version release in the DSN's. I've
personally never liked SYMBOLICRELATE, so I don’t use it.Cloning process is
boiled down to a standard set of batch jobs that just get run. Not much
thought process involved.
In response to "Please note that an unprivileged application can still
have a dangerous back door that compromises, e.g., privacy, by giving a
user authorized to access the application access more data than he is
authorized to see."
As a developer of security interfaces for applications: It is
If the trap door is in an APF authorized library, then by convention it's part
of the operating system, and would be considered a platform issue. Anything
that is APF authorized is expected to adhere to the statement of integrity that
z/OS publishes.
Wayne Driscoll
Rocket Software
Note - All op
It must be Friday somewhere. I put 'against stupidity' into Google. Schiller's
exact quote popped up first. Just sayin'.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@s
On Wed, 29 May 2019 at 13:46, Jesse 1 Robinson
wrote:
> Thank you, that was my point about non-CTC links. When I started here in
> the 90s, BSC links were still in use. First for NJE to VM/XA because our
> implementation did not include VTAM, and for some JES2 connections because
> of a perceptio
Tony, thanks for clearing it up. I was indeed confusing the two issues.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com
-Original Message-
From: IBM Mainf
Tony Harminc wrote:
> In passing, I have no idea why JES2 would no longer support CTCs. Are
> FICON CTCs completely incompatible with Bus&Tag (and 3088) and ESCON
> ones? Where are the FICON ones documented?
Actually, I don't know for sure where the support fails.
1) JES2 requires that the CTCA b
Hi,
I recently added the BNDRY=PAGE parameter to a set of STORAGE OBTAINS which
acquire storage areas of various sizes from several low private subpools. My
intent was a reduction of CPU used by subsequent MVCLE instructions, as ADM
would more likely be employed for MVCLE executes, since the s
60 matches
Mail list logo
