Discussion:
VMS Roadmap - June 2017
(too old to reply)
IanD
2017-06-13 14:34:30 UTC
Permalink
Raw Message
https://www.vmssoftware.com/pdfs/VSI_Roadmap_20170607.pdf

Didn't see it posted but didn't check every post...

Q4 OpenVMS V9.0 x86-64 Early Adopter Release

• Selected HPE Servers (Intel & AMD)

I hope we will see at least one Threadripper CPU in this mix ;-)

Must say I'm somewhat surprised that Python is still listed as 'investigating', since it's pretty well the glue language of choice across a number of platforms now (I don't think the VMS Python folks are planning on Python 3)

What specifically do these mean?

Q1 OpenVMS V8.5

• Enhanced Password Management

and

Q4 OpenVMS V9.0 Itanium General Release
• Stronger Password Encryption
Arne Vajhøj
2017-06-13 14:50:24 UTC
Permalink
Raw Message
Post by IanD
Q4 OpenVMS V9.0 x86-64 Early Adopter Release
Nice.
Post by IanD
• Selected HPE Servers (Intel & AMD)
Obvious question: only supported on HPE server or only running on HPE
servers?
Post by IanD
Must say I'm somewhat surprised that Python is still listed as
'investigating', since it's pretty well the glue language of choice
across a number of platforms now
Varies a bit around. But Python is an important language.
Post by IanD
What specifically do these mean?
Q1 OpenVMS V8.5
• Enhanced Password Management
and
Q4 OpenVMS V9.0 Itanium General Release • Stronger Password
Encryption
The last one seems rather obvious: different algorithm,
more bits, longer salt.

Arne
d***@gmail.com
2017-06-13 15:13:45 UTC
Permalink
Raw Message
Post by Arne Vajhøj
Post by IanD
Q1 OpenVMS V8.5
• Enhanced Password Management
Better phrase might be "Enhanced Password Policy Management."
Post by Arne Vajhøj
Post by IanD
and
Q4 OpenVMS V9.0 Itanium General Release • Stronger Password
Encryption
The last one seems rather obvious: different algorithm,
more bits, longer salt.
Arne
Craig A. Berry
2017-06-13 15:29:33 UTC
Permalink
Raw Message
Post by IanD
Q4 OpenVMS V9.0 x86-64 Early Adopter Release
Nice.
Before you get too excited, it's Q4 of 2018, not 2017.
Richard Maher
2017-06-15 11:38:07 UTC
Permalink
Raw Message
Post by Craig A. Berry
Post by IanD
Q4 OpenVMS V9.0 x86-64 Early Adopter Release
Nice.
Before you get too excited, it's Q4 of 2018, not 2017.
Spewin'

:-(
Stephen Hoffman
2017-06-13 15:48:48 UTC
Permalink
Raw Message
Post by IanD
...
Must say I'm somewhat surprised that Python is still listed as
'investigating', since it's pretty well the glue language of choice
across a number of platforms now...
There's more than enough work to go around and schedule and staff and
budget constraints, there's also the ongoing effort of keeping the kit
current, and I'd also expect there's some interest in moving from the
LD kits over to a more traditional kit if not directly integrated into
the distro as otherwise there's a new way to distribute and update kits
that needs to be implemented and documented and tested.
Post by IanD
What specifically do these mean?
• Enhanced Password Management
...
• Stronger Password Encryption
Guessing: the end of Purdy as the default password hash, save for its
continued availability during upgrades, migrations and related.

Which probably then means that somebody at VSI was either ignorant of
the common terminology, or somebody at VSI was aware of the jargon but
simply reworded the changes into a bullet point in an attempt to
simplify and ended up unintentionally obfuscating the intended changes.
This is (reversible) encryption versus one-way password hashing, and
the former is seldom preferred for password storage.

This conflation of encryption and hashing is a common mistake in
documentation, and also a surprisingly common mistake in password
post-breach notifications, unfortunately. A mistake that's almost
always commented on, too, as there are substantial risks around using
encryption with passwords. Usual next question is some variation of
"so... bcrypt, scrypt, pbkdf2, or?" or some such.

On OpenVMS, this'll involve changes beyond the implementation of the
password hash itself, and the changes will also be user-visible via
certain documented itemcodes on system services. A few apps will need
(minor) source code changes to adopt the new password hash. If this
is indeed a new and more cryptographically-secure password hash.

Some background:
https://medium.com/@mpreziuso/password-hashing-pbkdf2-scrypt-bcrypt-1ef4bb9c19b3

http://web.archive.org/web/20130407190430/http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html

https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords
--
Pure Personal Opinion | HoffmanLabs LLC
IanD
2017-06-13 16:28:56 UTC
Permalink
Raw Message
On Wednesday, June 14, 2017 at 1:48:52 AM UTC+10, Stephen Hoffman wrote:

<snip>
Post by Stephen Hoffman
https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords
--
Pure Personal Opinion | HoffmanLabs LLC
I just glanced over the page referenced in the last link... 8-O

I'm going back to revisit it again after some sleep (It's 2:30 a.m here, well past beauty sleep time)

Thanks once again for your usual in-depth reply

One has got to wonder Hoff, How come your not on the VSI payroll (as an employee? Are you waiting to see if VMS can actually secure itself a future first or is that one of those questions best avoided?...)
David Froble
2017-06-13 16:59:54 UTC
Permalink
Raw Message
Post by IanD
<snip>
Post by Stephen Hoffman
https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords
--
Pure Personal Opinion | HoffmanLabs LLC
I just glanced over the page referenced in the last link... 8-O
I'm going back to revisit it again after some sleep (It's 2:30 a.m here, well past beauty sleep time)
Thanks once again for your usual in-depth reply
One has got to wonder Hoff, How come your not on the VSI payroll (as an employee? Are you waiting to see if VMS can actually secure itself a future first or is that one of those questions best avoided?...)
I cannot speak for Steve, but, I've been in the situation in the past where I've
had commitments to customers which stopped me from accepting some nice offers.
Some people might tell the customers "too bad, you're on your own", and others
figure "a deal is a deal" and live up to their word and commitments.

Sometimes it hurts a bit, but, you got to be able to look in the mirror ..
IanD
2017-06-14 03:44:59 UTC
Permalink
Raw Message
On Wednesday, June 14, 2017 at 2:59:55 AM UTC+10, David Froble wrote:

<snip>
Post by David Froble
Sometimes it hurts a bit, but, you got to be able to look in the mirror ..
Dam straight!!!!
David Froble
2017-06-13 16:53:08 UTC
Permalink
Raw Message
Post by IanD
https://www.vmssoftware.com/pdfs/VSI_Roadmap_20170607.pdf
Didn't see it posted but didn't check every post...
Q4 OpenVMS V9.0 x86-64 Early Adopter Release
• Selected HPE Servers (Intel & AMD)
I hope we will see at least one Threadripper CPU in this mix ;-)
Must say I'm somewhat surprised that Python is still listed as 'investigating', since it's pretty well the glue language of choice across a number of platforms now (I don't think the VMS Python folks are planning on Python 3)
What specifically do these mean?
Q1 OpenVMS V8.5
• Enhanced Password Management
and
Q4 OpenVMS V9.0 Itanium General Release
• Stronger Password Encryption
I think they mean to stifle Steve ...

:-)
Simon Clubley
2017-06-14 18:14:38 UTC
Permalink
Raw Message
Post by David Froble
Post by IanD
Q4 OpenVMS V9.0 Itanium General Release
? Stronger Password Encryption
I think they mean to stifle Steve ...
:-)
$ set response/mode=good_natured

Well, they know what they need to do to quieten Simon... :-)

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
Stephen Hoffman
2017-06-14 19:59:33 UTC
Permalink
Raw Message
Post by Simon Clubley
Post by David Froble
Post by IanD
Q4 OpenVMS V9.0 Itanium General Release
? Stronger Password Encryption
I think they mean to stifle Steve ...
:-)
$ set response/mode=good_natured
Well, they know what they need to do to quieten Simon... :-)
Simon.
VSI has been and continues to be resolving weaknesses and
vulnerabilities, most certainly. Discussions such as fitness for
purpose and pricing and revenue aside, I look forward to the day that I
can support the sorts of OpenVMS security claims that some folks are
fond of making. But I'm not there yet.

Security expectations and requirements and attacks also change, so some
of the benefits of increased platform success — beyond the associated
revenues, hopefully — is more interest and more investigations and more
targeting and more vulnerabilities. This particularly with the value
from targeting the folks using the platform.

The amount and value of security-related knowledge that's accrued
within any platform over time is not to be underestimated, too. The
folks that are working on systemd are re-learning some of that, for
instance. Beyond the various reports that also have applicability to
OpenVMS, that's why I follow security reports on other platforms. The
same has and will continue to happen with OpenVMS, and other rework and
rewrites, too.

And don't clown yourself into thinking attackers aren't flexible in how
they'll attack — an unencrypted network transport containing sensitive
data is a disaster waiting to happen, firewall or otherwise. Attackers
also don't segment the OS and the layered products. They just need to
find an initial ingress, and then zero or more additional
vulnerabilities on the way to that "we got hacked" discussion with
management and stakeholders.

The two-factor authentication (2FA) phishing that's been used against
gmail in recent months can be clever, and SS7 attacks against SMS 2FA
have been successfully used. But then if you're targeted and are not
running 2FA MFA, you're already toast. OpenVMS itself doesn't include
2FA, though it can be added. And we can either have app devs creating
their own 2FA or their own CA checks, or we can work to reduce the
system and third-party and end-user foot-gunning, and use a shared
implementation for networking and encryption and security (hopefully)
with a simple API and better testing and coverage, or we can all
continue to hand-roll these bugs. (Secure Transport — which certainly
has its issues — as an example of dealing with these sorts of details.)

As for lists of topics and issues, I've a long list of details and
references for a potential presentation at the next Bootcamp (as well
as for supporting HoffmanLabs customers), and it'll be a project to
whittle that list down to something that's manageable in the time
allotted.

A very sample of what I've been reading and pondering; of what's in
that aforementioned list...
https://codahale.com/towards-a-safer-footgun/
https://blog.acolyer.org/2017/06/14/system-programming-in-rust-beyond-safety/
https://dnsspy.io
https://www.bellingcat.com/news/mena/2017/06/12/bahamut-pursuing-cyber-espionage-actor-middle-east/

Etc...
--
Pure Personal Opinion | HoffmanLabs LLC
l***@gmail.com
2017-06-15 15:02:55 UTC
Permalink
Raw Message
On Wednesday, June 14, 2017 at 1:59:42 PM UTC-6, Stephen Hoffman wrote:
%<...snip...>%
Post by Stephen Hoffman
As for lists of topics and issues, I've a long list of details and
references for a potential presentation at the next Bootcamp (as well
as for supporting HoffmanLabs customers), and it'll be a project to
whittle that list down to something that's manageable in the time
allotted.
+1, Steve, esp. re 2FA/MFA -- Here's hoping for a full modernization in v9.x, and without a lot of "it's an option/3rd-party" nonsense.

I too have stuck my neck out (I'm not a "security expert", nor do I play one on TV) and submitted a VMS security-related and pragmatic session for 2017 Boot Camp. I' plan to attend any such sessions that you give there, and would love to compare notes and conspire for the good of the order. Happy whittling!
IanD
2017-06-18 12:36:11 UTC
Permalink
Raw Message
On Thursday, June 15, 2017 at 5:59:42 AM UTC+10, Stephen Hoffman wrote:

<snip>
Post by Stephen Hoffman
As for lists of topics and issues, I've a long list of details and
references for a potential presentation at the next Bootcamp (as well
as for supporting HoffmanLabs customers), and it'll be a project to
whittle that list down to something that's manageable in the time
allotted.
Without showing disrespect to others, you understand that security is a deep and involved topic. I get the feeling some others are living on the past cherished notions of VMS and it's security from the days gone by where script-kiddies is about all one had to contend with. Today's attacks can be politically motivated and/or have substantial resources funding the attack programs

For those wanting to get a good taste of security take the time to look at this and even better, enroll - the only cost is your time

https://www.openlearning.com/courses/sec

This course looks at Security from an Engineering discipline approach, quite different but very effective. It's a 360 degree approach and not just an academic computer science approach

If you want to look at security from a pure CS approach, then I recommend the MIT opencoursewear ones. They are also free (slightly dated but highly relevant)

https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/index.htm

OR if you want to cover a few topics, then look into this set from IEEE

http://innovationatwork.ieee.org/3cyberhackingiot_corp?utm_source=IoTBundle&utm_medium=Email&utm_campaign=Message5_IEEEx

The reality is VMS has almost certainly not been scrutinized against the majority of these attacks and/or design recommendations

The point being made is that it is not helpful to endlessly perpetrate the notion that VMS is secure and/or better than anything else out there until it's been proven.
The arrogance of trying to say or imply that because VMS was considered secure yester-year someone extrapolates into the now, is simply foolish and is a disaster waiting to happen

Yes, I am aware that it is not good to run around and say VMS is not secure and I'm not saying we should do that out loud but if people could at least bring their thinking forward to at least admit that VMS needs to re-certify itself against modern attacks and designs it would go a long way towards giving security on VMS the focus and attention needed (attention I believe has been lost over the years)

I counted myself in the camp of security ignorance before I did courses on modern computer security and realized just how sophisticated modern attacks have become

I certainly wish I could attend your lectures Hoff but alas, there is no way I can get there. Of course, if you were to make them available for purchase then I'd be happy to pay :-)
Simon Clubley
2017-06-18 15:46:29 UTC
Permalink
Raw Message
Post by IanD
<snip>
Post by Stephen Hoffman
As for lists of topics and issues, I've a long list of details and
references for a potential presentation at the next Bootcamp (as well
as for supporting HoffmanLabs customers), and it'll be a project to
whittle that list down to something that's manageable in the time
allotted.
Without showing disrespect to others, you understand that security is a
deep and involved topic. I get the feeling some others are living on the
past cherished notions of VMS and it's security from the days gone by where
script-kiddies is about all one had to contend with. Today's attacks can be
politically motivated and/or have substantial resources funding the attack
programs
It also goes deeper than that in some ways.

In the past, access to the actual hardware running VMS was heavily
controlled which is why in the old days it was considered acceptable
to broadcast passwords across the network in plain text.

These days you have far greater access to the hardware and as such you
can probe VMS in ways you could not have done previously.

For example, it is very easy these days to directly inject malformed
network packets into a VMS system. I know as I've done it.
Post by IanD
The reality is VMS has almost certainly not been scrutinized against the
majority of these attacks and/or design recommendations
Agreed.
Post by IanD
The point being made is that it is not helpful to endlessly perpetrate
the notion that VMS is secure and/or better than anything else out there
until it's been proven.
The arrogance of trying to say or imply that because VMS was considered
secure yester-year someone extrapolates into the now, is simply foolish and
is a disaster waiting to happen
VMS security is worse than (say) Linux security in some respects because
the Linux people _know_ they are vulnerable. Knowing this is far better
than allowing yourself to think that the problems of others do not
affect you.
Post by IanD
Yes, I am aware that it is not good to run around and say VMS is not
secure and I'm not saying we should do that out loud but if people could at
least bring their thinking forward to at least admit that VMS needs to
re-certify itself against modern attacks and designs it would go a long way
towards giving security on VMS the focus and attention needed (attention I
believe has been lost over the years)
It's not just VMS that needs to change. The mindset in the VMS community
itself also needs to change.
Post by IanD
I counted myself in the camp of security ignorance before I did courses
on modern computer security and realized just how sophisticated modern
attacks have become
IOW, you looked at this with an open mind. Good for you. (Seriously,
I mean that.)

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
u***@gmail.com
2017-06-19 19:57:46 UTC
Permalink
Raw Message
Post by Simon Clubley
Post by IanD
<snip>
Post by Stephen Hoffman
As for lists of topics and issues, I've a long list of details and
references for a potential presentation at the next Bootcamp (as well
as for supporting HoffmanLabs customers), and it'll be a project to
whittle that list down to something that's manageable in the time
allotted.
Without showing disrespect to others, you understand that security is a
deep and involved topic. I get the feeling some others are living on the
past cherished notions of VMS and it's security from the days gone by where
script-kiddies is about all one had to contend with. Today's attacks can be
politically motivated and/or have substantial resources funding the attack
programs
It also goes deeper than that in some ways.
In the past, access to the actual hardware running VMS was heavily
controlled which is why in the old days it was considered acceptable
to broadcast passwords across the network in plain text.
These days you have far greater access to the hardware and as such you
can probe VMS in ways you could not have done previously.
For example, it is very easy these days to directly inject malformed
network packets into a VMS system. I know as I've done it.
Post by IanD
The reality is VMS has almost certainly not been scrutinized against the
majority of these attacks and/or design recommendations
Agreed.
Post by IanD
The point being made is that it is not helpful to endlessly perpetrate
the notion that VMS is secure and/or better than anything else out there
until it's been proven.
The arrogance of trying to say or imply that because VMS was considered
secure yester-year someone extrapolates into the now, is simply foolish and
is a disaster waiting to happen
VMS security is worse than (say) Linux security in some respects because
the Linux people _know_ they are vulnerable.
--
Microsoft: Bringing you 1980s technology to a 21st century world
That is one of the dumbest things I ever heard. OpenVMS was designed
to correct the mistakes of unix which linux is derived from. There is
a huge difference betwenn vms and linux security design, but because
linux people know they are vunerable you should run linux?
Stephen Hoffman
2017-06-19 20:52:34 UTC
Permalink
Raw Message
Post by u***@gmail.com
Post by Simon Clubley
VMS security is worse than (say) Linux security in some respects
because the Linux people _know_ they are vulnerable.
That is one of the dumbest things I ever heard.
Interesting. Am I to infer that you're not willing to learn both from
the mistakes and from the successes and good ideas of other platforms?

Security environments and threats have changed substantially in the
past forty years, The era you're citing was also known for the
username SYSTEM having password MANAGER, and FIELD having SERVICE, for
instance. ACLs — which you've pointed out are an advantage — are
commonplace on other platforms.
Post by u***@gmail.com
OpenVMS was designed to correct the mistakes of unix which linux is
derived from.
Alas, OpenVMS hasn't particularly kept up with many of the capabilities
and defenses that Microsoft Windows and Unix systems provide. Yes,
there are still some very stupid things in those other platforms, and
there are similarly problematic parts of OpenVMS. What with
application compatibility and customer expectations and profits and
all, there are always compromises.
Post by u***@gmail.com
There is a huge difference betwenn vms and linux security design, but
because linux people know they are vunerable you should run linux?
OpenVMS can most certainly learn more than a little from how Unix is
now designed and managed and patched, and particularly around improving
security. Various Unix systems do rather better than OpenVMS, and in
a number of areas. VSI is making progress here, but has more than a
little work ahead of them to reach parity with many the security
features and capabilities available with various Unix systems.
--
Pure Personal Opinion | HoffmanLabs LLC
Bill Gunshannon
2017-06-19 21:08:46 UTC
Permalink
Raw Message
Post by u***@gmail.com
Post by Simon Clubley
Post by IanD
<snip>
Post by Stephen Hoffman
As for lists of topics and issues, I've a long list of details and
references for a potential presentation at the next Bootcamp (as well
as for supporting HoffmanLabs customers), and it'll be a project to
whittle that list down to something that's manageable in the time
allotted.
Without showing disrespect to others, you understand that security is a
deep and involved topic. I get the feeling some others are living on the
past cherished notions of VMS and it's security from the days gone by where
script-kiddies is about all one had to contend with. Today's attacks can be
politically motivated and/or have substantial resources funding the attack
programs
It also goes deeper than that in some ways.
In the past, access to the actual hardware running VMS was heavily
controlled which is why in the old days it was considered acceptable
to broadcast passwords across the network in plain text.
These days you have far greater access to the hardware and as such you
can probe VMS in ways you could not have done previously.
For example, it is very easy these days to directly inject malformed
network packets into a VMS system. I know as I've done it.
Post by IanD
The reality is VMS has almost certainly not been scrutinized against the
majority of these attacks and/or design recommendations
Agreed.
Post by IanD
The point being made is that it is not helpful to endlessly perpetrate
the notion that VMS is secure and/or better than anything else out there
until it's been proven.
The arrogance of trying to say or imply that because VMS was considered
secure yester-year someone extrapolates into the now, is simply foolish and
is a disaster waiting to happen
VMS security is worse than (say) Linux security in some respects because
the Linux people _know_ they are vulnerable.
--
Microsoft: Bringing you 1980s technology to a 21st century world
That is one of the dumbest things I ever heard. OpenVMS was designed
to correct the mistakes of unix
And that is one of the dumbest things I have ever heard.

bill
Simon Clubley
2017-06-19 21:12:16 UTC
Permalink
Raw Message
Post by u***@gmail.com
Post by Simon Clubley
Post by IanD
The point being made is that it is not helpful to endlessly perpetrate
the notion that VMS is secure and/or better than anything else out there
until it's been proven.
The arrogance of trying to say or imply that because VMS was considered
secure yester-year someone extrapolates into the now, is simply foolish and
is a disaster waiting to happen
VMS security is worse than (say) Linux security in some respects because
the Linux people _know_ they are vulnerable.
That is one of the dumbest things I ever heard. OpenVMS was designed
to correct the mistakes of unix which linux is derived from. There is
a huge difference betwenn vms and linux security design, but because
linux people know they are vunerable you should run linux?
In addition to what Stephen has already said, I suggest you go back
and re-read what I actually said instead of what you think I said.

I didn't say you should run Linux because of that, I said the Linux
people who know they have to deal with vulnerabilities are actually
more secure than the VMS people who think they don't have to worry
about those things because it doesn't apply to their VMS systems.

Both Linux and VMS have vulnerabilities in them and the people who
know this and act accordingly have more secure systems than those
people who dismiss this as a problem which doesn't apply to them.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
Steven Schweda
2017-06-19 23:15:41 UTC
Permalink
Raw Message
Post by u***@gmail.com
Post by Simon Clubley
Post by IanD
<snip>
Post by Stephen Hoffman
As for lists of topics and issues, I've a long list of details and
references for a potential presentation at the next Bootcamp (as well
as for supporting HoffmanLabs customers), and it'll be a project to
whittle that list down to something that's manageable in the time
allotted.
Without showing disrespect to others, you understand that security is a
deep and involved topic. I get the feeling some others are living on the
past cherished notions of VMS and it's security from the days gone by where
script-kiddies is about all one had to contend with. Today's attacks can be
politically motivated and/or have substantial resources funding the attack
programs
It also goes deeper than that in some ways.
In the past, access to the actual hardware running VMS was heavily
controlled which is why in the old days it was considered acceptable
to broadcast passwords across the network in plain text.
These days you have far greater access to the hardware and as such you
can probe VMS in ways you could not have done previously.
For example, it is very easy these days to directly inject malformed
network packets into a VMS system. I know as I've done it.
Post by IanD
The reality is VMS has almost certainly not been scrutinized against the
majority of these attacks and/or design recommendations
Agreed.
Post by IanD
The point being made is that it is not helpful to endlessly perpetrate
the notion that VMS is secure and/or better than anything else out there
until it's been proven.
The arrogance of trying to say or imply that because VMS was considered
secure yester-year someone extrapolates into the now, is simply foolish and
is a disaster waiting to happen
VMS security is worse than (say) Linux security in some respects because
the Linux people _know_ they are vulnerable.
--
Microsoft: Bringing you 1980s technology to a 21st century world
That is one of the dumbest things I ever heard. OpenVMS was designed
to correct the mistakes of unix which linux is derived from. There is
a huge difference betwenn vms and linux security design, but because
linux people know they are vunerable you should run linux?
linux people know they are vunerable you should run linux?
Note that many (most?) folks in the US still pronounce the
"L" in "vulnerable", which makes it easier to spell it
correctly. British English is not always the superior
variety.
Simon Clubley
2017-06-20 00:07:18 UTC
Permalink
Raw Message
Post by Steven Schweda
Post by u***@gmail.com
linux people know they are vunerable you should run linux?
Note that many (most?) folks in the US still pronounce the
"L" in "vulnerable", which makes it easier to spell it
correctly. British English is not always the superior
variety.
I don't know about the US, but sometimes over here it actually works
the other way as we sometimes insert letters into words/names that
you would never know should not be pronounced unless you had local
knowledge.

The number one example around this region which comes to mind is:

https://en.wikipedia.org/wiki/Kirkbymoorside

where the second "k" is silent. (Lovely area for walking BTW).

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
David Froble
2017-06-20 00:16:39 UTC
Permalink
Raw Message
Post by u***@gmail.com
That is one of the dumbest things I ever heard. OpenVMS was designed
to correct the mistakes of unix which linux is derived from. There is
a huge difference betwenn vms and linux security design, but because
linux people know they are vunerable you should run linux?
What alternate reality do you live in?
IanD
2017-06-23 03:06:49 UTC
Permalink
Raw Message
On Monday, June 19, 2017 at 1:50:09 AM UTC+10, Simon Clubley wrote:

<snip>
Post by Simon Clubley
It's not just VMS that needs to change. The mindset in the VMS community
itself also needs to change.
lol, it's what I tried to say without being too obvious. You cut out the 99% BS I added as fluff to disguise it and gave it straight :-). Nice (and I meant that in a respectful way actually)

<snip>
Post by Simon Clubley
IOW, you looked at this with an open mind. Good for you. (Seriously,
I mean that.)
Simon.
Thanks

Yeah, the world is a sophisticated place and constantly on the move forward

Funny thing is that when you decide to let go of cherished VMS notions (like it's secure!) or it's the best OS, you start to appreciate other systems for what they have and then you are objective enough to want those things for VMS too
Loading...