Discussion:
OpenVMS x64 Atom project
Add Reply
John Dallman
2021-06-01 22:46:00 UTC
Reply
Permalink


Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.

John
Mark DeArman
2021-06-02 00:51:12 UTC
Reply
Permalink
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
This is the most exciting news I've seen from VSI in quite a while. I hope there will be a kit like when Be released their x86 port that developers can buy at a reasonable price with the appropriate licenses.
Andy Burns
2021-06-02 05:01:44 UTC
Reply
Permalink
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing,"
Who is that living in the "dirty basement"?
issinoho
2021-06-02 09:04:07 UTC
Reply
Permalink
Post by Andy Burns
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing,"
Who is that living in the "dirty basement"?
There wouldn't be much point in a $300 board if the OS license is $$$'s
plugh
2021-06-02 14:02:38 UTC
Reply
Permalink
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
Congratulations on this work.
This being c.o.v., where would it be w/o a peanut gallery?
o Operating scripts in DCL? It's one tool. I could also sharpen pencils with a cheese grater. "When the only tool you have is a hammer..."
o Security on the GPIO interface? Maybe ACLs? or somesuch to harden that a bit. Security isn't mentioned much in this presentation. Which is a real omission given the zeigeist of insecure IoT .

and finally:
Who will contribute to this effort given the tooling available on OVMS? Knowing what I do about Rust, it's just too painful to contemplate developing system software in C or assembler. See also, the concurrent discussions about other DECset tools.
I have to admit that I haven't been following VMS Software as closely as I should, but I see real a software development boostrapping problem here. I mean this to be apropos of a comment by Mark Mothersbaugh regarding the instruments used by Devo. Something to effect of "Imagine what we'd sound like if we used better instruments..."
Simon Clubley
2021-06-02 18:05:36 UTC
Reply
Permalink
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
Does anyone really think that this is a viable market for VMS ?

How many times more expensive than the US$300 board will VMS be
to run on that board in a commercial environment ?

Why would someone learn VMS for this instead of just using an
established bare metal or RTOS alternative ?

Will you need to renew the VMS licence every year to keep your
embedded application running ?

This is exactly the kind of application use that VAXELN was designed
for a generation ago (ie: VMS didn't cut it even back then) and for
which multiple well-established dedicated RTOS options exist these days
if you need something larger than a bare metal program.

This is an example of the kind of thing that's available for free these days:

https://www.rtems.org/

An example of a technical issue:

If you are doing GPIO operations then you need a dedicated RTOS or
bare metal program which then talks to a larger system unless you
are doing something with very low bandwidth that can tolerate a high
degree of jitter.

What kind of jitter are you going to see if you try driving the GPIO
pins directly from VMS ?

Even ignoring jitter, then at what kind of rate will you be able
to drive the GPIO pins directly from VMS ?

You will not be doing hard realtime with this setup.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
ultr...@gmail.com
2021-06-02 20:27:45 UTC
Reply
Permalink
Post by Simon Clubley
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
Does anyone really think that this is a viable market for VMS ?
How many times more expensive than the US$300 board will VMS be
to run on that board in a commercial environment ?
Why would someone learn VMS for this instead of just using an
established bare metal or RTOS alternative ?
Will you need to renew the VMS licence every year to keep your
embedded application running ?
This is exactly the kind of application use that VAXELN was designed
for a generation ago (ie: VMS didn't cut it even back then) and for
which multiple well-established dedicated RTOS options exist these days
if you need something larger than a bare metal program.
https://www.rtems.org/
If you are doing GPIO operations then you need a dedicated RTOS or
bare metal program which then talks to a larger system unless you
are doing something with very low bandwidth that can tolerate a high
degree of jitter.
What kind of jitter are you going to see if you try driving the GPIO
pins directly from VMS ?
Even ignoring jitter, then at what kind of rate will you be able
to drive the GPIO pins directly from VMS ?
You will not be doing hard realtime with this setup.
Simon.
--
Walking destinations on a map are further away than they appear.
the license can be incorporated into the price as a one time license purchase good for the life of the device
Arne Vajhøj
2021-06-02 22:08:31 UTC
Reply
Permalink
Post by ***@gmail.com
Post by Simon Clubley
Will you need to renew the VMS licence every year to keep your
embedded application running ?
the license can be incorporated into the price as a one time license purchase good for the life of the device
You must have missed a thread here.

Arne
Chris Townley
2021-06-02 22:18:22 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by ***@gmail.com
Post by Simon Clubley
Will you need to renew the VMS licence every year to keep your
embedded application running ?
the license can be incorporated into the price as a one time license
purchase good for the life of the device
You must have missed a thread here.
Arne
They would surely need a different model for the IOT
--
Chris
Simon Clubley
2021-06-03 12:20:38 UTC
Reply
Permalink
Post by Chris Townley
Post by Arne Vajhøj
Post by ***@gmail.com
Post by Simon Clubley
Will you need to renew the VMS licence every year to keep your
embedded application running ?
the license can be incorporated into the price as a one time license
purchase good for the life of the device
You must have missed a thread here.
Arne
They would surely need a different model for the IOT
This is VSI management we are talking about. Based on what has happened
so far, I'm not convinced they will think like that.

They are more likely to worry about people using them for normal data
processing use to try and get around the time-limited licences if they
change the licencing model for the IoT devices.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Dave Froble
2021-06-02 22:16:08 UTC
Reply
Permalink
Post by Simon Clubley
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
Does anyone really think that this is a viable market for VMS ?
Apparently someone thinks it might be.
Post by Simon Clubley
How many times more expensive than the US$300 board will VMS be
to run on that board in a commercial environment ?
Since pricing for such a use doesn't yet exist, how can anyone answer
that question?
Post by Simon Clubley
Why would someone learn VMS for this instead of just using an
established bare metal or RTOS alternative ?
Someone who knows VMS and doesn't know your RTOS ...

Someone who wants to use Basic ...
Post by Simon Clubley
Will you need to renew the VMS licence every year to keep your
embedded application running ?
See above concerning cost ...
Post by Simon Clubley
This is exactly the kind of application use that VAXELN was designed
for a generation ago (ie: VMS didn't cut it even back then) and for
which multiple well-established dedicated RTOS options exist these days
if you need something larger than a bare metal program.
I could imagine a situation where what VMS can do makes a particular
task much easier. It really would depend on several things, including
the task requirements, what VSI has to do the job, and such.
Post by Simon Clubley
https://www.rtems.org/
If you are doing GPIO operations then you need a dedicated RTOS or
bare metal program which then talks to a larger system unless you
are doing something with very low bandwidth that can tolerate a high
degree of jitter.
What kind of jitter are you going to see if you try driving the GPIO
pins directly from VMS ?
Even ignoring jitter, then at what kind of rate will you be able
to drive the GPIO pins directly from VMS ?
You will not be doing hard realtime with this setup.
How often is hard real time actually needed?

How often is a more robust environment needed?
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
ultr...@gmail.com
2021-06-02 20:25:23 UTC
Reply
Permalink
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
who is porting the browser?
Dave Froble
2021-06-02 22:18:59 UTC
Reply
Permalink
Post by ***@gmail.com
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
who is porting the browser?
What makes you think a browser is needed?

There has been a history of VMS running in a closet somewhere, not
looked at for months at a time. Something that doesn't need a lot of
hand holding. Something that doesn't run on "clicks".

Perhaps there are some tasks where VMs would be a good fit.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Jan-Erik Söderholm
2021-06-02 22:42:53 UTC
Reply
Permalink
Post by Dave Froble
Post by ***@gmail.com
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
who is porting the browser?
What makes you think a browser is needed?
There has been a history of VMS running in a closet somewhere, not looked
at for months at a time.  Something that doesn't need a lot of hand
holding.  Something that doesn't run on "clicks".
Perhaps there are some tasks where VMs would be a good fit.
This box would run a web server, not a browser, of course. You use
the box for some embedded thing and access it for support and
configuration using your browser on your standard desktop.
Chris Townley
2021-06-02 22:50:22 UTC
Reply
Permalink
Post by Jan-Erik Söderholm
Post by Dave Froble
Post by ***@gmail.com
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
who is porting the browser?
What makes you think a browser is needed?
There has been a history of VMS running in a closet somewhere, not
looked at for months at a time.  Something that doesn't need a lot of
hand holding.  Something that doesn't run on "clicks".
Perhaps there are some tasks where VMs would be a good fit.
This box would run a web server, not a browser, of course. You use
the box for some embedded thing and access it for support and
configuration using your browser on your standard desktop.
Surely not - it would be ssh and the CLI - DCL!
--
Chris
ultr...@gmail.com
2021-06-02 23:32:44 UTC
Reply
Permalink
Post by Dave Froble
Post by ***@gmail.com
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
who is porting the browser?
What makes you think a browser is needed?
There has been a history of VMS running in a closet somewhere, not
looked at for months at a time. Something that doesn't need a lot of
hand holding. Something that doesn't run on "clicks".
Perhaps there are some tasks where VMs would be a good fit.
--
David Froble Tel: 724-529-0450
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Dave Froble
2021-06-03 04:09:27 UTC
Reply
Permalink
Post by ***@gmail.com
Post by Dave Froble
Post by ***@gmail.com
Post by John Dallman
http://youtu.be/3H6AJigJnNs
Running VMS on small systems for "edge computing," which is given the
clearest explanation I've encountered for that term.
John
who is porting the browser?
What makes you think a browser is needed?
There has been a history of VMS running in a closet somewhere, not
looked at for months at a time. Something that doesn't need a lot of
hand holding. Something that doesn't run on "clicks".
Perhaps there are some tasks where VMs would be a good fit.
--
David Froble Tel: 724-529-0450
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
You are aware that is not the topic of this thread?

Oh, wait, it's Bob, he doesn't care ...

I must observe that at this time, ransomware is a rather good friend to
VMS. Caviets are IT people would need to be aware of VMS, and, it may
someday be a target. But not today.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Stephen Hoffman
2021-06-03 15:58:40 UTC
Reply
Permalink
Post by Dave Froble
I must observe that at this time, ransomware is a rather good friend to
VMS. Caviets are IT people would need to be aware of VMS, and, it may
someday be a target. But not today.
I've been involved in two cases of ransoming on OpenVMS. I expect there
have been others too, handled quietly. Been involved in OpenVMS
security breaches, too. Fun times. Not.

If you're not taking steps to secure your apps and source code and
data—WORM tapes, and/or off-site, and/or whatever—it's time to start
taking a very serious look around your data centers.

That some of these breaches involved the attackers investigating the
computer and network environment for weeks or months—before the data
encryption started—should scare all of us.
--
Pure Personal Opinion | HoffmanLabs LLC
Simon Clubley
2021-06-03 17:31:38 UTC
Reply
Permalink
Post by Stephen Hoffman
Post by Dave Froble
I must observe that at this time, ransomware is a rather good friend to
VMS. Caviets are IT people would need to be aware of VMS, and, it may
someday be a target. But not today.
I've been involved in two cases of ransoming on OpenVMS. I expect there
have been others too, handled quietly. Been involved in OpenVMS
security breaches, too. Fun times. Not.
Thank you for posting this Stephen.

So David, do you still think that VMS doesn't have a problem in this
area ?

VMS doesn't even have the application isolation and security containment
features that are present as standard in some other operating systems
such as Linux.
Post by Stephen Hoffman
If you're not taking steps to secure your apps and source code and
data?WORM tapes, and/or off-site, and/or whatever?it's time to start
taking a very serious look around your data centers.
Stopping the use of unencrypted communication protocols on your internal
networks would be a good idea as well.
Post by Stephen Hoffman
That some of these breaches involved the attackers investigating the
computer and network environment for weeks or months?before the data
encryption started?should scare all of us.
Unfortunately, that doesn't really surprise me given what is considered
to be normal these days when someone is going after a specific target or
a specific set of targets.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Dave Froble
2021-06-03 18:08:00 UTC
Reply
Permalink
Post by Simon Clubley
Post by Stephen Hoffman
Post by Dave Froble
I must observe that at this time, ransomware is a rather good friend to
VMS. Caviets are IT people would need to be aware of VMS, and, it may
someday be a target. But not today.
I've been involved in two cases of ransoming on OpenVMS. I expect there
have been others too, handled quietly. Been involved in OpenVMS
security breaches, too. Fun times. Not.
Thank you for posting this Stephen.
So David, do you still think that VMS doesn't have a problem in this
area ?
I wasn't aware of that, no, but I did read "handled quietly".

"Handled quietly" really doesn't help with the problem. Saving face is
another of those things that just makes problems worse. One might
wonder why there wasn't hollering and screaming for generators when the
Japanese Nuclear station needed them, didn't get them, and things rolled
downhill. Can't convince me that there were no generators in the whole
country, or outside the country, that could not be airlifted in to help
in time.

Regardless, I'm guessing most of the software used in ransomware targets
other than VMS. Would you agree?
Post by Simon Clubley
VMS doesn't even have the application isolation and security containment
features that are present as standard in some other operating systems
such as Linux.
And that has helped prevent the attacks that have taken place?
Post by Simon Clubley
Post by Stephen Hoffman
If you're not taking steps to secure your apps and source code and
data?WORM tapes, and/or off-site, and/or whatever?it's time to start
taking a very serious look around your data centers.
Agree 110% ...
Post by Simon Clubley
Stopping the use of unencrypted communication protocols on your internal
networks would be a good idea as well.
What? Encrypted data cannot be hashed up to make it unusable?
Post by Simon Clubley
Post by Stephen Hoffman
That some of these breaches involved the attackers investigating the
computer and network environment for weeks or months?before the data
encryption started?should scare all of us.
I'm scared ...
Post by Simon Clubley
Unfortunately, that doesn't really surprise me given what is considered
to be normal these days when someone is going after a specific target or
a specific set of targets.
Humans are easily fooled. They always believe it will happen to "the
other guy", and just won't make the effort to be safe. I found that out
long ago.

Remember, it took humans to develop the "game" of "russian roulette".
Doesn't that explain much?
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Simon Clubley
2021-06-03 18:30:46 UTC
Reply
Permalink
Post by Dave Froble
Post by Simon Clubley
So David, do you still think that VMS doesn't have a problem in this
area ?
I wasn't aware of that, no, but I did read "handled quietly".
"Handled quietly" really doesn't help with the problem. Saving face is
another of those things that just makes problems worse. One might
wonder why there wasn't hollering and screaming for generators when the
Japanese Nuclear station needed them, didn't get them, and things rolled
downhill. Can't convince me that there were no generators in the whole
country, or outside the country, that could not be airlifted in to help
in time.
Regardless, I'm guessing most of the software used in ransomware targets
other than VMS. Would you agree?
If VMS is in use at a target site, it will be probed and current VMS
is a softer target than other server operating systems available today.
Post by Dave Froble
Post by Simon Clubley
VMS doesn't even have the application isolation and security containment
features that are present as standard in some other operating systems
such as Linux.
And that has helped prevent the attacks that have taken place?
Yes. It's another barrier that needs to be penetrated to compromise
your target, so used properly it is going to help either stop some
attacks or help keep an attacker contained if they do manage to get
a foothold into a part of your system.

Of course, on operating systems that do have these capabilities they
are still no good unless they are used on the site, but the point is
that other operating systems have tools to help handle this that are
not available in VMS.
Post by Dave Froble
Post by Simon Clubley
Stopping the use of unencrypted communication protocols on your internal
networks would be a good idea as well.
What? Encrypted data cannot be hashed up to make it unusable?
Huh ? How does that relate to my comment about stopping the use of
unencrypted communication protocols on your internal networks ?

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Simon Clubley
2021-06-03 12:11:16 UTC
Reply
Permalink
Post by ***@gmail.com
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Don't go there Bob. Seriously.

VMS is missing the required desktop applications.

VMS is missing security protections common in other operating systems.

Anyone saying the above does not have a clue about what is required
on the desktop or what is standard on other operating systems when
it comes to security.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Jan-Erik Söderholm
2021-06-03 12:17:30 UTC
Reply
Permalink
Post by Simon Clubley
Post by ***@gmail.com
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Don't go there Bob. Seriously.
VMS is missing the required desktop applications.
VMS is missing security protections common in other operating systems.
Anyone saying the above does not have a clue about what is required
on the desktop or what is standard on other operating systems when
it comes to security.
Simon.
Right!

And this new "gadget" is (of course) not even targeted at the "desktop".

It is an embedded/IoT thing that will be managed over a web interface
and othervise just run by itself. Sure, it will have an CLI interface
also, but that is not suitable for beeing in this market segment.
Dave Froble
2021-06-03 13:39:36 UTC
Reply
Permalink
Post by Simon Clubley
Post by ***@gmail.com
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Don't go there Bob. Seriously.
Why not? It might work for some people.
Post by Simon Clubley
VMS is missing the required desktop applications.
"Required" might not be easy to specify. Lots of different
"requirements" out there.
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked,
invaded with ransomware and such. Are those the "common security
protections" you're talking about?

Perhaps I'd rather be not as "secure" ...
Post by Simon Clubley
Anyone saying the above does not have a clue about what is required
on the desktop or what is standard on other operating systems when
it comes to security.
"Standard" as in "known how to hack"? Perhaps it's time for another
direction?

Ok, I'll admit, I don't use VMS on the desktop. Got to have my WEENDOZE
bloatware.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
plugh
2021-06-03 14:45:41 UTC
Reply
Permalink
Post by Dave Froble
Post by Simon Clubley
Post by ***@gmail.com
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Don't go there Bob. Seriously.
Why not? It might work for some people.
Post by Simon Clubley
VMS is missing the required desktop applications.
"Required" might not be easy to specify. Lots of different "requirements" out there.
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked, invaded with ransomware and such. Are those the "common security protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Post by Simon Clubley
Anyone saying the above does not have a clue about what is required
on the desktop or what is standard on other operating systems when
it comes to security.
"Standard" as in "known how to hack"? Perhaps it's time for another direction?
Ok, I'll admit, I don't use VMS on the desktop. Got to have my WEENDOZE bloatware.
Apple turned an also-ran Unix into a global desktop & mobile OS. Remember when the VAX instruction set was designed for VMS? And yet only Apple seems to understand the combination of hardware and software is what drives sales. Other than MacOS, I can't think of a major OS that's been ported to so many different ISA. It's sad that the owners of VMS never understood that sales/engineering dynamic. So many Dilbert cartoons, so little time...
Arne Vajhøj
2021-06-03 15:03:06 UTC
Reply
Permalink
Post by plugh
Apple turned an also-ran Unix into a global desktop & mobile OS.
Remember when the VAX instruction set was designed for VMS? And yet
only Apple seems to understand the combination of hardware and
software is what drives sales. Other than MacOS, I can't think of a
major OS that's been ported to so many different ISA. It's sad that
the owners of VMS never understood that sales/engineering dynamic. So
many Dilbert cartoons, so little time...
I am not sure that I see your point.

Apple exited the server market 10 years ago, because that market
wanted x86-64 and Linux.

Apple is making truckloads of money selling phones with an
OS that deep down has a few Unix things.

So should VSI exit the server OS market, rewrite most of
VMS for phone and start production of phones?

I do not have much faith in that business plan.

Arne
Dave Froble
2021-06-03 15:41:55 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by plugh
Apple turned an also-ran Unix into a global desktop & mobile OS.
Remember when the VAX instruction set was designed for VMS? And yet
only Apple seems to understand the combination of hardware and
software is what drives sales. Other than MacOS, I can't think of a
major OS that's been ported to so many different ISA. It's sad that
the owners of VMS never understood that sales/engineering dynamic. So
many Dilbert cartoons, so little time...
I am not sure that I see your point.
His point is, when narrow minded thinking is not involved, many things
are possible.

"Can't" never accomplished anything ...

Not every "try" is a winner, but not trying is guaranteed to fail.

I know that you're tired of my "stories" by now, or at least you should
be. But brace yourself, here comes another one.

Many years ago I took on a friend to run and grow one of my ventures. I
chose the wrong type of individual. Every time I suggested something
the business might be able to do, he always had reasons why "we can't do
that". The venture did not grow, and eventually I could not carry him
any more.

"Can't" will never accomplish anything.

Should work on a VMS based browser happen? Perhaps, and perhaps not.

Clear thinking on the worth of such a venture would be required. Can it
be done? For sure. Is it worth doing? Best guess is no. I've been
wrong before.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Arne Vajhøj
2021-06-03 16:02:06 UTC
Reply
Permalink
Post by Dave Froble
Post by Arne Vajhøj
Post by plugh
Apple turned an also-ran Unix into a global desktop & mobile OS.
Remember when the VAX instruction set was designed for VMS? And yet
only Apple seems to understand the combination of hardware and
software is what drives sales. Other than MacOS, I can't think of a
major OS that's been ported to so many different ISA. It's sad that
the owners of VMS never understood that sales/engineering dynamic. So
many Dilbert cartoons, so little time...
I am not sure that I see your point.
His point is, when narrow minded thinking is not involved, many things
are possible.
"Can't" never accomplished anything ...
Not every "try" is a winner, but not trying is guaranteed to fail.
I know that you're tired of my "stories" by now, or at least you should
be.  But brace yourself, here comes another one.
Many years ago I took on a friend to run and grow one of my ventures.  I
chose the wrong type of individual.  Every time I suggested something
the business might be able to do, he always had reasons why "we can't do
that".  The venture did not grow, and eventually I could not carry him
any more.
"Can't" will never accomplish anything.
Should work on a VMS based browser happen?  Perhaps, and perhaps not.
Clear thinking on the worth of such a venture would be required.  Can it
be done?  For sure.  Is it worth doing?  Best guess is no.  I've been
wrong before.
I actually agree with that point.

I always liked the well-known quote:

"The greater danger for most of us lies not in setting our aim too high
and falling short; but in setting our aim too low, and achieving our mark."

But it was not obvious to me that was the point of the
Apple story.

Arne
David Goodwin
2021-06-04 05:17:28 UTC
Reply
Permalink
Post by plugh
Post by Simon Clubley
Post by ***@gmail.com
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Don't go there Bob. Seriously.
Why not? It might work for some people.
Post by Simon Clubley
VMS is missing the required desktop applications.
"Required" might not be easy to specify. Lots of different "requirements" out there.
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked, invaded with ransomware and such. Are those the "common security protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Post by Simon Clubley
Anyone saying the above does not have a clue about what is required
on the desktop or what is standard on other operating systems when
it comes to security.
"Standard" as in "known how to hack"? Perhaps it's time for another direction?
Ok, I'll admit, I don't use VMS on the desktop. Got to have my WEENDOZE bloatware.
Other than MacOS, I can't think of a major OS that's been ported to so many different ISA.
Windows NT has been ported to more - x86, MIPS, Alpha, PowerPC, Itanium, ARM. Initial development was done on the i860XP before porting to x86 and MIPS. A Clipper port was publicly demonstrated but possibly not released. A SPARC port was announced but as far as I can tell never publicly demonstrated or released.

NetBSD and Linux easily beat Windows for number of ISA though.
Bill Gunshannon
2021-06-03 17:04:13 UTC
Reply
Permalink
Post by Simon Clubley
Post by ***@gmail.com
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Don't go there Bob. Seriously.
Why not?  It might work for some people.
Post by Simon Clubley
VMS is missing the required desktop applications.
"Required" might not be easy to specify.  Lots of different
"requirements" out there.
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked,
invaded with ransomware and such.  Are those the "common security
protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Either you don;lt understand any of this or you just haven't been paying
attention. The places being hit are, in most of the stated cases, not
using any of the accepted security practices.

Why are critical systems even on the Internet? Why do these people not
have backups to fall back on? (I worked in the CS Dept. of a University.
Not what most people would consider in any way critical.

My backup scheme would have allowed me to resume operations with no
more than a 4 hour loss of data. I did that with no additional budet
and running strictly COTS.)

bill
Dave Froble
2021-06-03 18:25:55 UTC
Reply
Permalink
Post by Bill Gunshannon
Post by Dave Froble
Post by Simon Clubley
Post by ***@gmail.com
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Don't go there Bob. Seriously.
Why not? It might work for some people.
Post by Simon Clubley
VMS is missing the required desktop applications.
"Required" might not be easy to specify. Lots of different
"requirements" out there.
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked,
invaded with ransomware and such. Are those the "common security
protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Either you don;lt understand any of this or you just haven't been paying
attention. The places being hit are, in most of the stated cases, not
using any of the accepted security practices.
I don't remember seeing any details. So I have no idea of the effort,
or lack of effort, in securing targeted systems.

Knowing human nature, and laziness, I figure security is not an issue
for 99% of sites, at least before they get clobbered.

How stupid are people? Their solution to such problems is to pass laws
making it illegal. Useless, and just makes them fat, dumb, and an even
bigger target.
Post by Bill Gunshannon
Why are critical systems even on the Internet?
Why ask me, I think it's crazy.
Post by Bill Gunshannon
Why do these people not
have backups to fall back on?
Most people think "backup" is putting the car in reverse.
Post by Bill Gunshannon
(I worked in the CS Dept. of a University.
Not what most people would consider in any way critical.
My backup scheme would have allowed me to resume operations with no
more than a 4 hour loss of data. I did that with no additional budet
and running strictly COTS.)
I have ideas on how to secure from such internet intrusions.

You really cannot, so, any such systems should be isolated. Take in
data, vet it, and then have a secure method to move vetted data to
really secure (not on the internet) systems to do the actual work.

But who can one convince to actually pay for such security?

Even those already hacked will have bean counters who will just argue
the ransom is just part of doing business, pay it, and move on. I bet
most who have been hacked are still as vulnerable as before.

It's not more security that is needed, it's more intelligence, and,
human intelligence is a myth.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Arne Vajhøj
2021-06-03 18:39:41 UTC
Reply
Permalink
Post by Dave Froble
Post by Bill Gunshannon
Why are critical systems even on the Internet?
Why ask me, I think it's crazy.
Some attacked systems are not on the internet.

But if they are connected to systems that are
connected to systems that are connected to
the internet then ...

Arne
Stephen Hoffman
2021-06-03 19:32:00 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Dave Froble
Post by Bill Gunshannon
Why are critical systems even on the Internet?
They're not. With recent attacks—ransomware stuff is a booming
business—those servers don't need to be.
Post by Arne Vajhøj
Post by Dave Froble
Why ask me, I think it's crazy.
A foothold on the internal networks makes for a Bad Day, as Target and
various others have discovered. As some of us reading here may or will
discover, too.
Post by Arne Vajhøj
Some attacked systems are not on the internet.
Few of the critical systems attacked have been.

And as for other folks, there are already OpenVMS systems hosted, and
there'll be more added as the OpenVMS x86-64 port reaches production.
Post by Arne Vajhøj
But if they are connected to systems that are connected to systems that
are connected to the internet then ...
Approximately nobody maintains their core servers air-gapped, as RSA
discovered with their "air-gapped" servers ~ten years ago and was just
recently reported. RSA's sort-of-airgap got bagged by not having
rate-limited APIs, and not having detection. By something they hadn't
expected to happen, and hadn't detected when it did.

Have a fresh look at your assumptions, and at how you're currently
securing your production apps and data, at how your app security is
designed and implemented, and at how you're going to restart your apps
(and app dependencies including OpenVMS servers) if Bad happens. Have
a fresh look at your apps and servers and your server and network
instrumentation; at how you're going to detect integrity and security
problems when or preferably ahead of when things go bad, too.

Related reading: https://cloud.google.com/security/infrastructure/design

For those of us that don't have to implement and migrate to these
networks and these designs, our apps can still have to function within
these newer designs.
--
Pure Personal Opinion | HoffmanLabs LLC
seasoned_geek
2021-06-06 11:49:50 UTC
Reply
Permalink
Post by Stephen Hoffman
Approximately nobody maintains their core servers air-gapped, as RSA
Last I had any knowledge of it, 100% of the systems controlling nuclear power plants in America were fully air-gapped. No computer allowed to be connected to them that had any kind of outside connection.

Someone with more recent knowledge should chime in though.
Arne Vajhøj
2021-06-04 17:25:51 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Dave Froble
Post by Bill Gunshannon
Why are critical systems even on the Internet?
Why ask me, I think it's crazy.
Some attacked systems are not on the internet.
But if they are connected to systems that are
connected to systems that are connected to
the internet then ...
then what? You can't secure your telnet/ftp/web/data users using vms security standards?
Almost all systems can be secured.

But it can be a bit hard on VMS due to bad defaults, bad traditions and
lack of tools.

Arne
Simon Clubley
2021-06-04 18:00:34 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Arne Vajhøj
Post by Dave Froble
Post by Bill Gunshannon
Why are critical systems even on the Internet?
Why ask me, I think it's crazy.
Some attacked systems are not on the internet.
But if they are connected to systems that are
connected to systems that are connected to
the internet then ...
then what? You can't secure your telnet/ftp/web/data users using vms security standards?
Almost all systems can be secured.
But it can be a bit hard on VMS due to bad defaults, bad traditions and
lack of tools.
Bob also needs to switch to using more secure access methods instead
of using Telnet and FTP.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Jeffrey H. Coffield
2021-06-04 18:15:19 UTC
Reply
Permalink
Let me fix that for you.
Almost all systems can be hacked, given access, enough time, and enough
effort.
A couple of years ago Leslie Stahl on 60 Minutes was interviewing some
supposed security expert who said something like "90% of all systems in
the US are vulnerable". Her response was approximately "Oh, that's
terrible".

I always thought it was idiotic that the response wasn't "So what are
the 10% that are not vulnerable doing?"
Dave Froble
2021-06-04 21:21:02 UTC
Reply
Permalink
Post by Jeffrey H. Coffield
Let me fix that for you.
Almost all systems can be hacked, given access, enough time, and enough
effort.
A couple of years ago Leslie Stahl on 60 Minutes was interviewing some
supposed security expert who said something like "90% of all systems in
the US are vulnerable". Her response was approximately "Oh, that's
terrible".
I always thought it was idiotic that the response wasn't "So what are
the 10% that are not vulnerable doing?"
No power cord ???

:-)
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
seasoned_geek
2021-06-06 11:57:48 UTC
Reply
Permalink
One thing that should work to some extent, is to have a private
communications protocol, and don't run TCP/IP on internal systems. That
probably won't work on many systems, since the capability of designing
and implementing such is beyond most shops.
Like it or not, security by obscurity is the only thing that will work.
If the bad guys don't know how to talk to your system, and you don't
have any known comm protocol, they will have a much harder time.
A full air gap will work. Too many dufuses want to "manage everything from one terminal" and it is the same computer they want to check Facebook from.

I actually talk a lot about this topic in my latest book.

https://www.theminimumyouneedtoknow.com/agile_book.html

*nix did it wrong.
Arne Vajhøj
2021-06-03 19:17:14 UTC
Reply
Permalink
Post by Dave Froble
But who can one convince to actually pay for such security?
There are being invested billions in IT security these years. I think
a lot of senior management have gotten the message by now.

Problem is that:
* it is late - many wrong decisions has already been done
* it is difficult to get qualified IT security people today
* a lot of software, process and people in IT security is
totally snake oil aka worthless
Post by Dave Froble
Even those already hacked will have bean counters who will just argue
the ransom is just part of doing business, pay it, and move on.  I bet
most who have been hacked are still as vulnerable as before.
There are both moral and practical issues with paying in case
of ransomware attacks.

Kaspersky once posted some stats for those paying:

29% got all files back
18% got most files back
32% got some files back
13% got no or almost no files back

(not sure what the missing 8% is)

Arne
Arne Vajhøj
2021-06-03 18:37:51 UTC
Reply
Permalink
Post by Bill Gunshannon
Post by Dave Froble
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked,
invaded with ransomware and such.  Are those the "common security
protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Either you don;lt understand any of this or you just haven't been paying
attention.  The places being hit are, in most of the stated cases, not
using any of the accepted security practices.
The fact that it happened prove that they did something wrong.

But they may have done 99 things right and only missed 1.

That is the underlying problem in this: to protect a system you need to
protect against all attacks - to successfully attack a system you
only need to fine one that is not protected against.
Post by Bill Gunshannon
Why are critical systems even on the Internet?  Why do these people not
have backups to fall back on? (I worked in the CS Dept. of a University.
Not what most people would consider in any way critical.
My backup scheme would  have allowed me to resume operations with no
more than a  4 hour loss of data.  I did that with no additional budet
and running strictly COTS.)
Backup is definitely good.

But it can be a bit more tricky than what you describe:
* if the malware came in a week or a month ago then just restoring
latest backup will also restore the malware
* unless all backups being restored was taken as a snapshot
at the exact same time then restore of backups on multiple systems may
result in inconsistencies
* a total restore of everything may take significant time especially
if not enough people to work on all systems in parallel

Arne
Arne Vajhøj
2021-06-06 15:42:00 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Bill Gunshannon
Post by Dave Froble
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked,
invaded with ransomware and such.  Are those the "common security
protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Either you don;lt understand any of this or you just haven't been paying
attention.  The places being hit are, in most of the stated cases, not
using any of the accepted security practices.
The fact that it happened prove that they did something wrong.
But they may have done 99 things right and only missed 1.
That is the underlying problem in this: to protect a system you need to
protect against all attacks - to successfully attack a system you
only need to fine one that is not protected against.
It has now become public that the pipeline got hit because:
- a user had the same password at another site as for VPN to them
- that other site got compromised and the password database got stolen
and cracked
- MFA not used

Rather trivial, but a lot of breaches are considered trivial - after
the fact.

Arne
Bill Gunshannon
2021-06-07 17:45:10 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Arne Vajhøj
Post by Bill Gunshannon
Post by Dave Froble
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being
hacked, invaded with ransomware and such.  Are those the "common
security protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Either you don;lt understand any of this or you just haven't been paying
attention.  The places being hit are, in most of the stated cases, not
using any of the accepted security practices.
The fact that it happened prove that they did something wrong.
But they may have done 99 things right and only missed 1.
That is the underlying problem in this: to protect a system you need to
protect against all attacks - to successfully attack a system you
only need to fine one that is not protected against.
- a user had the same password at another site as for VPN to them
- that other site got compromised and the password database got stolen
  and cracked
- MFA not used
Rather trivial, but a lot of breaches are considered trivial - after
the fact.
As I have said before, the only breach we had when I was the
administrator of the CS Department was one user account and
that was because he used his department password for a WordPress
account on the Web somewhere and we all know how good their
security is.

Humans are the biggest threat to IT Systems and, so far, no one
has figured out how to patch them fix the problem.

bill
Dave Froble
2021-06-07 18:11:32 UTC
Reply
Permalink
Post by Bill Gunshannon
Post by Arne Vajhøj
Post by Arne Vajhøj
Post by Bill Gunshannon
Post by Dave Froble
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being
hacked, invaded with ransomware and such. Are those the "common
security protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Either you don;lt understand any of this or you just haven't been paying
attention. The places being hit are, in most of the stated cases, not
using any of the accepted security practices.
The fact that it happened prove that they did something wrong.
But they may have done 99 things right and only missed 1.
That is the underlying problem in this: to protect a system you need to
protect against all attacks - to successfully attack a system you
only need to fine one that is not protected against.
- a user had the same password at another site as for VPN to them
- that other site got compromised and the password database got stolen
and cracked
- MFA not used
Rather trivial, but a lot of breaches are considered trivial - after
the fact.
As I have said before, the only breach we had when I was the
administrator of the CS Department was one user account and
that was because he used his department password for a WordPress
account on the Web somewhere and we all know how good their
security is.
Humans are the biggest threat to IT Systems and, so far, no one
has figured out how to patch them fix the problem.
bill
First, do away with passwords. Don't some phones now need a fingerprint
to access? Guess that data could be copied, and used. Remote access is
always an issue, and it just ain't going away.

Then, one must convince the management to cough up the funds for such
things. That ain't gonna happen. At least not before lots of pain.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Bill Gunshannon
2021-06-07 18:53:41 UTC
Reply
Permalink
Post by Bill Gunshannon
Post by Arne Vajhøj
Post by Arne Vajhøj
Post by Bill Gunshannon
Post by Dave Froble
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being
hacked, invaded with ransomware and such.  Are those the "common
security protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Either you don;lt understand any of this or you just haven't been paying
attention.  The places being hit are, in most of the stated cases, not
using any of the accepted security practices.
The fact that it happened prove that they did something wrong.
But they may have done 99 things right and only missed 1.
That is the underlying problem in this: to protect a system you need to
protect against all attacks - to successfully attack a system you
only need to fine one that is not protected against.
- a user had the same password at another site as for VPN to them
- that other site got compromised and the password database got stolen
   and cracked
- MFA not used
Rather trivial, but a lot of breaches are considered trivial - after
the fact.
As I have said before, the only breach we had when I was the
administrator of the CS Department was one user account and
that was because he used his department password for a WordPress
account on the Web somewhere and we all know how good their
security is.
Humans are the biggest threat to IT Systems and, so far, no one
has figured out how to patch them fix the problem.
bill
First, do away with passwords.  Don't some phones now need a fingerprint
to access?  Guess that data could be copied, and used.
A couple of high school kids beat fingerprint scanners several years
ago. I'm sure the pros beat it long before that.
Remote access is
always an issue, and it just ain't going away.
Then, one must convince the management to cough up the funds for such
things.  That ain't gonna happen.  At least not before lots of pain.
And then you have facial recognition. I understand that has already
been beaten with a photograph. (And we don't even need to go into the
serious potential problems with false negatives!!)

bill
Stephen Hoffman
2021-06-07 19:51:03 UTC
Reply
Permalink
Post by Dave Froble
First, do away with passwords. Don't some phones now need a
fingerprint to access?
Various Apple iPad, iPhone, and Mac models use biometrics (Face ID, or
Touch ID) as a means to reduce the frequency of prompting for the
passcode or password.

But not to replace the password.

All of those models do require a passcode or password for access, and
use the passcode or password for access to the key used for data
encryption and decryption; what Apple calls accessing a "keybag".

As for alternatives to passwords, we're getting closer with RFID
proximity tags and other tools. But we're not there yet.

Digital certificates are also effectively gonzo-length passwords with
some extra added math, and certificates aren't going away any time soon.
Post by Dave Froble
Guess that data could be copied, and used.
That storage is part of what the so-called secure enclave is used for
with Apple devices; to make access to biometric data more difficult.

There've been discussions around here about password and certificate
protections and storage for OpenVMS, and about support for SGX and TPM
enclaves for secure computing and secure storage, but that's not (yet?)
on the VSI roadmap.

Biometrics can have pitfalls, too. Face ID can mis-detect close family
members, just to keep things interesting.
Post by Dave Froble
Remote access is always an issue, and it just ain't going away.
Multi-factor authentication somewhat reduces the risk of getting
phished, among other approaches. There are various apps that permit
phones and watches to provide a second factor for a login, too.
Post by Dave Froble
Then, one must convince the management to cough up the funds for such
things. That ain't gonna happen. At least not before lots of pain.
Incremental changes are hopefully typical, for apps that are actively
maintained.

But yes, there are a lot of insecure apps around on OpenVMS, and
insecure OpenVMS configurations.
--
Pure Personal Opinion | HoffmanLabs LLC
Richard Maher
2021-06-08 02:40:21 UTC
Reply
Permalink
Post by Dave Froble
Post by Bill Gunshannon
It has now become public that the pipeline got hit because: - a
user had the same password at another site as for VPN to them -
that other site got compromised and the password database got
stolen and cracked - MFA not used
Rather trivial, but a lot of breaches are considered trivial -
after the fact.
As I have said before, the only breach we had when I was the
administrator of the CS Department was one user account and that
was because he used his department password for a WordPress
account on the Web somewhere and we all know how good their
security is.
Humans are the biggest threat to IT Systems and, so far, no one
has figured out how to patch them fix the problem.
First, do away with passwords. Don't some phones now need a
fingerprint to access? Guess that data could be copied, and used.
Remote access is always an issue, and it just ain't going away.
Finger print check and password check is not the same type of check.
If you sit at your PC and login at a server 1000 miles away, then
finger print may make sense for the PC to verify that you are who you
are because the PC trust itself, but finger print is just a long and
fuzzy password for the server because it does not trust the PC.
FIDO2/Webauthn uses public/private key and not a long and fuzzy password.

It *is* supported by Google,Apple,Microsoft and a shit load of payment
providers.

As Hoff says you still need to start with a username/password but then
you use bio-metrics/pin/yubikey etc.

Unlike JWT session less, you can always force a password change or
cancel an account if the dongle is lost or PIN/password compromised.
I believe current fashion in server side authentication is login with
username + password + some MFA like using your phone (text message
with code, app notification with code, app approval etc.).
Text messages are also being deprecated.
Arne
Arne Vajhøj
2021-06-07 19:14:11 UTC
Reply
Permalink
Post by Bill Gunshannon
Post by Arne Vajhøj
- a user had the same password at another site as for VPN to them
- that other site got compromised and the password database got stolen
   and cracked
- MFA not used
Rather trivial, but a lot of breaches are considered trivial - after
the fact.
As I have said before, the only breach we had when I was the
administrator of the CS Department was one user account and
that was because he used his department password for a WordPress
account on the Web somewhere and we all know how good their
security is.
8 printable character hash approx. equals 48 bit hash and
256 or 8192 rounds of MD5 hash.

Not good per 2021 standards. But worse has been seen in the wild.

Arne
Simon Clubley
2021-06-04 17:49:41 UTC
Reply
Permalink
Post by Bill Gunshannon
My backup scheme would have allowed me to resume operations with no
more than a 4 hour loss of data. I did that with no additional budet
and running strictly COTS.)
What about the data they managed to take a copy of before installing
malware on your systems ?

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Bill Gunshannon
2021-06-04 18:11:39 UTC
Reply
Permalink
Post by Simon Clubley
Post by Bill Gunshannon
My backup scheme would  have allowed me to resume operations with no
more than a  4 hour loss of data.  I did that with no additional budet
and running strictly COTS.)
What about the data they managed to take a copy of before installing
malware on your systems ?
He didn't think of that, huh?
Of course I did. Never happened.
Anybody that stores important data on an internet facing system is just
asking for it to be "shared".
In an academic environment systems facing the Internet are a way
of life. They can be seucred as can the whole environment. But
that doesn't change the fact that systems not needing to face the
Internet shouldn't. And things like SCADA systems controlling
things like gas pipelines, water systems or electrical grids fall
into that category.
Nobody is paranoid enough.
Paranoia doesn't secure systems or networks. Only diligence can
do that.

bill
Arne Vajhøj
2021-06-04 18:35:36 UTC
Reply
Permalink
Post by Bill Gunshannon
Anybody that stores important data on an internet facing system is
just asking for it to be "shared".
In an academic environment systems facing the Internet are a way
of life.  They can be seucred as can the whole environment.  But
that doesn't change the fact that systems not needing to face the
Internet shouldn't.  And things like SCADA systems controlling
things like gas pipelines, water systems or electrical grids fall
into that category.
The problem is that not internet-facing is not the same as
not attackable via internet.

The indirect route is common today.

The Iranian SCADA systems controlling uranium enrichment centrifuges
was not on the internet, but StuxNet got through anyway.

Arne
Bill Gunshannon
2021-06-04 18:40:03 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Bill Gunshannon
Anybody that stores important data on an internet facing system is
just asking for it to be "shared".
In an academic environment systems facing the Internet are a way
of life.  They can be seucred as can the whole environment.  But
that doesn't change the fact that systems not needing to face the
Internet shouldn't.  And things like SCADA systems controlling
things like gas pipelines, water systems or electrical grids fall
into that category.
The problem is that not internet-facing is not the same as
not attackable via internet.
The indirect route is common today.
The Iranian SCADA systems controlling uranium enrichment centrifuges
was not on the internet, but StuxNet got through anyway.
DOD fixed that by putting epoxy in the USB ports.

bill
seasoned_geek
2021-06-06 12:02:55 UTC
Reply
Permalink
Post by Arne Vajhøj
The Iranian SCADA systems controlling uranium enrichment centrifuges
was not on the internet, but StuxNet got through anyway.
Via a sports watch and one scientist who liked to run to stay healthy if you read this story.

https://www.goodreads.com/book/show/20313316-a-dangerous-element

Gotta love the insecure bluetooth days.
Dave Froble
2021-06-04 21:23:11 UTC
Reply
Permalink
Post by Bill Gunshannon
Post by Simon Clubley
Post by Bill Gunshannon
My backup scheme would have allowed me to resume operations with no
more than a 4 hour loss of data. I did that with no additional budet
and running strictly COTS.)
What about the data they managed to take a copy of before installing
malware on your systems ?
He didn't think of that, huh?
Of course I did. Never happened.
Anybody that stores important data on an internet facing system is
just asking for it to be "shared".
In an academic environment systems facing the Internet are a way
of life. They can be seucred as can the whole environment. But
that doesn't change the fact that systems not needing to face the
Internet shouldn't. And things like SCADA systems controlling
things like gas pipelines, water systems or electrical grids fall
into that category.
Nobody is paranoid enough.
Paranoia doesn't secure systems or networks. Only diligence can
do that.
bill
But first one must be paranoid enough to know the systems need to be
secured.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Simon Clubley
2021-06-04 18:41:25 UTC
Reply
Permalink
Post by Simon Clubley
Post by Bill Gunshannon
My backup scheme would have allowed me to resume operations with no
more than a 4 hour loss of data. I did that with no additional budet
and running strictly COTS.)
What about the data they managed to take a copy of before installing
malware on your systems ?
The topic was ransomware not (industrial) espionage.
I know.

An additional twist on ransomware these days is to copy some sensitive
data before encrypting it and then threaten to release the sensitive
data if you do not pay the ransom.

That way, you may still have to pay even if you can recover your
systems from backups.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
John E. Malmberg
2021-06-07 01:15:53 UTC
Reply
Permalink
Post by Simon Clubley
An additional twist on ransomware these days is to copy some sensitive
data before encrypting it and then threaten to release the sensitive
data if you do not pay the ransom.
That way, you may still have to pay even if you can recover your
systems from backups.
Paying such blackmail is useless.

You have to assume that even if you do pay, your stolen data is going to
also be sold to someone that you do not want to see it.

I saw a report that one insurance company is no longer covering business
losses due to ransomware.

Regards,
-John
Dave Froble
2021-06-07 02:33:22 UTC
Reply
Permalink
Post by John E. Malmberg
Post by Simon Clubley
An additional twist on ransomware these days is to copy some sensitive
data before encrypting it and then threaten to release the sensitive
data if you do not pay the ransom.
That way, you may still have to pay even if you can recover your
systems from backups.
Paying such blackmail is useless.
You have to assume that even if you do pay, your stolen data is going to
also be sold to someone that you do not want to see it.
I saw a report that one insurance company is no longer covering business
losses due to ransomware.
Regards,
-John
True fault lies with the first entity that paid any ransom. Without
that the bad guys would not realize what a gold mine they had.

Trusting thieves is the height of folly ...

Ok, a VMS question.

What, other than getting to run a program, could be done by the bad guys
on a VMS system? I confess, I have not studied the issue at all.

If the bad guys need to get access and run a program, would defenses
that check for valid programs running be successful?

So, yeah, if I can get access and run a process on VMS, much can be
done. And possible defenses could be set up. But if there are other
possibilities, one would need to know about them before considering
defenses.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Arne Vajhøj
2021-06-07 12:10:00 UTC
Reply
Permalink
Post by Dave Froble
Ok, a VMS question.
What, other than getting to run a program, could be done by the bad guys
on a VMS system?  I confess, I have not studied the issue at all.
If the bad guys need to get access and run a program, would defenses
that check for valid programs running be successful?
So, yeah, if I can get access and run a process on VMS, much can be
done.  And possible defenses could be set up.  But if there are other
possibilities, one would need to know about them before considering
defenses.
That is a broad question, but some random answers.

There are different purposes of attacks including:
* make the system unusable (sabotage)
* steal sensitive information and sell it (espionage)
* encrypt all data and require a ransom to decrypt (ransomware)
* make small changes to data that will go undetected for a long time
(also sabotage)
* just put up a notice (ego hacking)

Obviously doing any of these require some sort of access.

It can be an interactive login (DECnet, telnet, ssh) or it can
be some network request (DECnet FAL, rsh/rexec, HTTP to unsafe
service, buffer overflow in some custom TCP application etc.).
Or maybe the vulnerability came with some software installed
or maybe some hardware.

It can come from LAN, private WAN or public internet.

It can go directly in to a privileged account or it can go
into an unprivileged account and use some other vulnerability
to get privs or it can go after an account that does not have
SYSPRV but does have full access to a certain application.

It can be a foreign intelligence service, foreign hackers, young
people from your local college or an insider (former or current
unhappy employee).

As soon as you turn the power on then ...

Arne
Simon Clubley
2021-06-07 13:09:26 UTC
Reply
Permalink
Post by Dave Froble
Ok, a VMS question.
What, other than getting to run a program, could be done by the bad guys
on a VMS system? I confess, I have not studied the issue at all.
If _that's_ what you are thinking in terms of, then you need to do some
serious reading.

A common attack vector is to inject code into a running program via
malformed inputs or malformed protocol packets.

Another attack vector is to use malformed protocol packets to get more
access than you should. That's how Heartbleed was able to read more
memory than should have been possible.
Post by Dave Froble
If the bad guys need to get access and run a program, would defenses
that check for valid programs running be successful?
You are thinking at the wrong level. They already have access if
they can get to a program running on a network port. They can then
probe that program to see if they can compromise it in some way.
Post by Dave Froble
So, yeah, if I can get access and run a process on VMS, much can be
done. And possible defenses could be set up. But if there are other
possibilities, one would need to know about them before considering
defenses.
You have already seen this twice on VMS, both from me and from the
DEFCON 16 researchers where we injected code we controlled into a
running interactive process. That's bad enough but think about how
devastating that could be if someone found a way to do that to a
network process.

You need to think a _lot_ wider than you appear to be currently thinking.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Dave Froble
2021-06-07 14:20:59 UTC
Reply
Permalink
Post by Simon Clubley
Post by Dave Froble
Ok, a VMS question.
What, other than getting to run a program, could be done by the bad guys
on a VMS system? I confess, I have not studied the issue at all.
If _that's_ what you are thinking in terms of, then you need to do some
serious reading.
A common attack vector is to inject code into a running program via
malformed inputs or malformed protocol packets.
Another attack vector is to use malformed protocol packets to get more
access than you should. That's how Heartbleed was able to read more
memory than should have been possible.
Post by Dave Froble
If the bad guys need to get access and run a program, would defenses
that check for valid programs running be successful?
You are thinking at the wrong level. They already have access if
they can get to a program running on a network port. They can then
probe that program to see if they can compromise it in some way.
Post by Dave Froble
So, yeah, if I can get access and run a process on VMS, much can be
done. And possible defenses could be set up. But if there are other
possibilities, one would need to know about them before considering
defenses.
You have already seen this twice on VMS, both from me and from the
DEFCON 16 researchers where we injected code we controlled into a
running interactive process. That's bad enough but think about how
devastating that could be if someone found a way to do that to a
network process.
You need to think a _lot_ wider than you appear to be currently thinking.
Simon.
I'm not too sure just how much thinking I want to do. However, it seems
to me that access, while bad, cannot do much by itself. I'm thinking
that if someone with access cannot do anything, that might be a decent
defense.

It seems to me, and no, I don't know, that running various "standard"
software, such as a web server, offers the bad guys some possibilities,
none of which I'm aware of. So not using these standard products might
be some defense.

Opportunity seems to be a part of reported break-ins. Not much anyone
can do from inside to prevent that, disgruntled or dishonest employees,
same password used elsewhere, and such. I'm not thinking about such,
rather what might be possible to deflect internet based probes.

For what I'm looking at, I'm assuming that TCP/IP and sockets is the
path most or all probes might use. I'm not going to attempt to replace
TCP/IP, and it would be worthless anyway, since the entire purpose is to
talk to other computers. However, my custom usage of sockets could be a
fertile ground for looking for ways to prevent internet access. I['m
just not aware of how such could happen. But, where to start?

But, back to actually doing anything. If there was a database, the bad
guys could not get to, (and that itself is an issue), that had a list of
valid users and valid programs, with ways to verify the program was the
intended one, then image activation might be able to determine whether a
program, or process (have to think a bit more on processes) should be
activated.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Arne Vajhøj
2021-06-07 15:24:40 UTC
Reply
Permalink
I'm not too sure just how much thinking I want to do.  However, it seems
to me that access, while bad, cannot do much by itself.  I'm thinking
that if someone with access cannot do anything, that might be a decent
defense.
It seems to me, and no, I don't know, that running various "standard"
software, such as a web server, offers the bad guys some possibilities,
none of which I'm aware of.  So not using these standard products might
be some defense.
Not running a web server will be more secure than running a web server.

But if you have to run a web server for valid business reasons, then
you are likely better off with a standard web server running standard
stuff.

There are frequently found vulnerabilities in such standard stuff, but
chances are that there will be more vulnerabilities in the home made
CGI script written in Fortran.
Opportunity seems to be a part of reported break-ins.  Not much anyone
can do from inside to prevent that, disgruntled or dishonest employees,
same password used elsewhere, and such.  I'm not thinking about such,
rather what might be possible to deflect internet based probes.
You should design for multi layer defense in depth.

Do not think "I create this unbreakable barrier and then I am good".

Think "I create this strong barrier and if by some means the bad guys
come through then I have this other strong barrier and after that I have
another and ...".

Detection is important. It is bad to get hacked, but it is really bad to
get hacked and not know it.
For what I'm looking at, I'm assuming that TCP/IP and sockets is the
path most or all probes might use.  I'm not going to attempt to replace
TCP/IP, and it would be worthless anyway, since the entire purpose is to
talk to other computers.  However, my custom usage of sockets could be a
fertile ground for looking for ways to prevent internet access.  I['m
just not aware of how such could happen.  But, where to start?
TCP/IP is used by almost all network traffic today. Most computers
only have TCP/IP networking. No surprise that attacks comes in that
way.

If you write the socket code then it is up to you to write it safely.
But, back to actually doing anything.  If there was a database, the bad
guys could not get to, (and that itself is an issue), that had a list of
valid users and valid programs, with ways to verify the program was the
intended one, then image activation might be able to determine whether a
program, or process (have to think a bit more on processes) should be
activated.
Most database authenticate requests.

A firewall that only allows nodes that need to connect to the
database to do so can help.

Maybe it is possible to set it up so that connecting applications
need to have a client certificate that the database server knows
to connect.

There are technical possibilities.

Arne
Stephen Hoffman
2021-06-07 14:41:05 UTC
Reply
Permalink
Post by Dave Froble
What, other than getting to run a program, could be done by the bad
guys on a VMS system? I confess, I have not studied the issue at all.
Getting to run an app is pretty much game over.
Post by Dave Froble
If the bad guys need to get access and run a program, would defenses
that check for valid programs running be successful?
That's akin to what's called whitelisting, and it's one approach. It's
fairly common within Microsoft Windows configurations.

Latent flaws can still exist even in the approved apps, and the flaws
can be subtle.
Post by Dave Froble
So, yeah, if I can get access and run a process on VMS, much can be
done. And possible defenses could be set up. But if there are other
possibilities, one would need to know about them before considering
defenses.
There are a couple of discussions on this topic going on elsewhere.

I've been pondering creating a presentation on this topic as the
OpenVMS doc here is grossly inadequate.

Identify your core data, and work to get rid of all of that that you
can, and to protect what you must have and preserve.

Isolate apps with privileges into separate processes.

Avoid installed images with privileges, and avoid privileged shareable
images, and review the internal details of those that you must have.

Subsystem identifiers are your friend.

Isolate parsers to separate and minimally-privileged processes; allow
TMPMBX and/or NETMBX at most.

Implement telemetry in all production apps. Minimally, collect all app
errors, all app crashes, and crash details, as well as
use-of-privileges and manually-triggered app-critical functions and
administrative functions.

Don't try to recover from unrecognized or unexpected errors. Log, exit,
and restart.

Off-host logging; whether syslogd or otherwise. Logs are useful after a
breach, but otherwise too much data to sift.

Automate scans of your configurations, including digital signatures.

PCSI kits for local app installs for faster recovery post-breach.

Find and rate-limit your sensitive APIs within your apps, as some of
your own APIs can potentially be used to brute-force your own
environment—akin to password brute-forcing.

Look for and constrain the directories and files and APIs that your
user interface and your network interface apps can write to, and can
read from.

CAPTIVE is just a start for hardening DCL procedures.

Encrypt your critical data while at rest (and OpenVMS is not good at
this), and encrypt all of your network connections.

Backups and telemetry data and crash data cannot be writeable once
written, and access credentials needed for writing and for reading kept
separate.

All app-critical production functions must be scripted, outside of
exceptional circumstances.

Collect baseline app and user and network activity data, and detect
deviations from same. There are techniques for detecting these
deviations, too.

Etc.
--
Pure Personal Opinion | HoffmanLabs LLC
Phillip Helbig (undress to reply)
2021-06-07 04:46:32 UTC
Reply
Permalink
Post by Dave Froble
True fault lies with the first entity that paid any ransom. Without
that the bad guys would not realize what a gold mine they had.
Indeed.
Post by Dave Froble
What, other than getting to run a program, could be done by the bad guys
on a VMS system? I confess, I have not studied the issue at all.
If that program is DELETE, then that's bad enough.
Post by Dave Froble
If the bad guys need to get access and run a program, would defenses
that check for valid programs running be successful?
DELETE is a valid program.

In many cases the ransom is not to get sensitive data (which, of course,
could be sold by the criminal), but rather just to get access to one's
own data so that normal operations could resume.
Marc Van Dyck
2021-06-05 09:21:30 UTC
Reply
Permalink
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than the
organization's backup rotation schedule. The perpetrator then ransomed the
only remaining good copy of the organization's databases. In recent ransom
attacks on other platforms, the attackers have been active in the target
organization's networks for weeks and months, too.
I suppose that people in this organization never tried restores ? Doing
regular restores to ensure the integrity of your backups is one of the
major recommendations, isn't it ?
--
Marc Van Dyck
Phillip Helbig (undress to reply)
2021-06-05 11:28:25 UTC
Reply
Permalink
Post by Marc Van Dyck
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than the
organization's backup rotation schedule. The perpetrator then ransomed the
only remaining good copy of the organization's databases. In recent ransom
attacks on other platforms, the attackers have been active in the target
organization's networks for weeks and months, too.
I suppose that people in this organization never tried restores ? Doing
regular restores to ensure the integrity of your backups is one of the
major recommendations, isn't it ?
Yes, there is little point in doing a backup if you don't test the
restore. But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt. Yes, checksums and so on will catch some things, but
not all.
Arne Vajhøj
2021-06-05 23:55:19 UTC
Reply
Permalink
Post by Phillip Helbig (undress to reply)
Post by Marc Van Dyck
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than the
organization's backup rotation schedule. The perpetrator then ransomed the
only remaining good copy of the organization's databases. In recent ransom
attacks on other platforms, the attackers have been active in the target
organization's networks for weeks and months, too.
I suppose that people in this organization never tried restores ? Doing
regular restores to ensure the integrity of your backups is one of the
major recommendations, isn't it ?
Yes, there is little point in doing a backup if you don't test the
restore. But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt. Yes, checksums and so on will catch some things, but
not all.
Traditional BACKUP only works good on a system with no activity.
BACKUP/IGNORE=INTERLOCK does not solve the problem.

To get a consistent backup of a large database, without significant
downtime, then one need a snapshot capability where updates after
time T does not change what is being backed up.

I believe modern storage systems can do that easily. Even though
I do not know much about the details - last time I was responsible
for backups then DAT tapes was cool.

Arne
Phillip Helbig (undress to reply)
2021-06-06 06:02:43 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Phillip Helbig (undress to reply)
Yes, there is little point in doing a backup if you don't test the
restore. But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt. Yes, checksums and so on will catch some things, but
not all.
Traditional BACKUP only works good on a system with no activity.
BACKUP/IGNORE=INTERLOCK does not solve the problem.
To get a consistent backup of a large database, without significant
downtime, then one need a snapshot capability where updates after
time T does not change what is being backed up.
Presumably with a database one would do a database backup, e.g.
RMU/BACKUP, which gives a consistent result.
Stephen Hoffman
2021-06-07 13:59:46 UTC
Reply
Permalink
Post by Phillip Helbig (undress to reply)
Post by Arne Vajhøj
Post by Phillip Helbig (undress to reply)
Yes, there is little point in doing a backup if you don't test the
restore. But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt. Yes, checksums and so on will catch some things, but
not all.
At the scale some of our apps are operating at now, silent Ethernet
checksum failures are to be expected.
Post by Phillip Helbig (undress to reply)
Post by Arne Vajhøj
Traditional BACKUP only works good on a system with no activity.
BACKUP/IGNORE=INTERLOCK does not solve the problem.
To get a consistent backup of a large database, without significant
downtime, then one need a snapshot capability where updates after time
T does not change what is being backed up.
Presumably with a database one would do a database backup, e.g.
RMU/BACKUP, which gives a consistent result.
That's an older approach and as is the analogous RMS journaling, and
that does get a consistent backup—at the cost of blocking activity.

Basically, the quiesce function got moved from the app to the database,
and better tuned to app activity. But it's still present.

RMS journaling being a frequent winner of the most-forgotten LP award.

Newer app approaches tend not to use that design, for performance reasons.

Both BACKUP and RMU get into trouble with the amount of data involved,
and how long that task takes, and how much then gets blocked or
deferred.

The BACKUP design has ~reached its theoretical I/O performance limits,
and I'd expect the RMU design is close to those same limits.

For obvious reasons, SSD helps (massively) here. SSDs can mask a whole
lot of latent OS and app algorithm-performance messes.

On OpenVMS, an app quiesce and app cache flush and host-based volume
shadowset split is (vastly) faster than BACKUP or RMU /BACKUP.

Host-based volume shadowing being the all-time winner for LPs
overlooked while searching for distributed software RAID-1 features.

Which then leads to designs with live spare servers directly updated
(RAIS, etc), and to controller-level analogs to HBVS / RAID-1 splits.

Journaling right into a secondary server, which can write a
non-volatile backup for recovery and/or flush to SSD or HDD archives,
or can be live and running and current failover server.

And leads to in-memory designs (with archiving), as more than a few of
our databases fit into server memory—q.v. SAP HANA, etc—and as writing
to SSDs is, well, slow.
--
Pure Personal Opinion | HoffmanLabs LLC
Jan-Erik Söderholm
2021-06-07 14:54:33 UTC
Reply
Permalink
Post by Stephen Hoffman
Post by Phillip Helbig (undress to reply)
Post by Arne Vajhøj
Post by Phillip Helbig (undress to reply)
Yes, there is little point in doing a backup if you don't test the
restore.  But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt.  Yes, checksums and so on will catch some things, but
not all.
At the scale some of our apps are operating at now, silent Ethernet
checksum failures are to be expected.
Post by Phillip Helbig (undress to reply)
Post by Arne Vajhøj
Traditional BACKUP only works good on a system with no activity.
BACKUP/IGNORE=INTERLOCK does not solve the problem.
To get a consistent backup of a large database, without significant
downtime, then one need a snapshot capability where updates after time T
does not change what is being backed up.
Presumably with a database one would do a database backup, e.g.
RMU/BACKUP, which gives a consistent result.
That's an older approach and as is the analogous RMS journaling, and that
does get a consistent backup—at the cost of blocking activity.
What "cost of blocking activity"?
Post by Stephen Hoffman
Basically, the quiesce function got moved from the app to the database, and
better tuned to app activity. But it's still present.
Right, but it is just a short activity (waiting for any running r/w
transaction to end, so it very much depends on the usage profile).
After that, there is no blocking (from the RMU backup activity).
Post by Stephen Hoffman
Both BACKUP and RMU get into trouble with the amount of data involved, and
how long that task takes, and how much then gets blocked or deferred.
BACKUP doesn't have any on-line mode like RMU, so it is hard to compare.
Why should anything get "blocked or deferred"?
Post by Stephen Hoffman
The BACKUP design has ~reached its theoretical I/O performance limits, and
I'd expect the RMU design is close to those same limits.
Maybe, but the limits are far higher for RMU. You can run a multi process
RMU backup operation where differnt processes takes care of differnt parts
of the database in parallel. The limit is how much hardware you give RMU
to work with.
Post by Stephen Hoffman
On OpenVMS, an app quiesce and app cache flush and host-based volume
shadowset split is (vastly) faster than BACKUP or RMU /BACKUP.
Yes, the HBVS split is fast, but you still need to backup your plit
shadow set, don't you?
Jan-Erik Söderholm
2021-06-06 06:55:28 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Phillip Helbig (undress to reply)
Post by Marc Van Dyck
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than the
organization's backup rotation schedule. The perpetrator then ransomed the
only remaining good copy of the organization's databases. In recent ransom
attacks on other platforms, the attackers have been active in the target
organization's networks for weeks and months, too.
I suppose that people in this organization never tried restores ? Doing
regular restores to ensure the integrity of your backups is one of the
major recommendations, isn't it ?
Yes, there is little point in doing a backup if you don't test the
restore.  But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt.  Yes, checksums and so on will catch some things, but
not all.
Traditional BACKUP only works good on a system with no activity.
BACKUP/IGNORE=INTERLOCK does not solve the problem.
To get a consistent backup of a large database, without significant
downtime, then one need a snapshot capability where updates after
time T does not change what is being backed up.
I believe modern storage systems can do that easily. Even though
I do not know much about the details - last time I was responsible
for backups then DAT tapes was cool.
Arne
You let the database tools handle the database backup and then use
your regular filesystem tools to backup the "database backup".

$!
$ RMU/BACKUP/ONLINE/LOG/extend=65535 <DB-ROOT> xxx.RBF
%RMU-I-QUIETPT, waiting for database quiet point at 6-JUN-2021 00:02:08.26
%RMU-I-RELQUIETPT, Database quiet point lock has been released at
6-JUN-2021 00:02:08.28
%RMU-I-BCKTXT_00, Backed up root file xxx
%RMU-I-BCKTXT_02, Starting full backup of storage area (xxx) at
6-JUN-2021 00:02:08.30
%RMU-I-BCKTXT_12, Completed full backup of storage area (xxx) at
6-JUN-2021 00:05:04.72
%RMU-I-BCKTXT_02, Starting full backup of storage area (yyy) at
6-JUN-2021 00:05:04.72
%RMU-I-BCKTXT_12, Completed full backup of storage area (yyy) at
6-JUN-2021 00:06:53.49
%RMU-I-COMPLETED, BACKUP operation completed at 6-JUN-2021 00:06:53.53
$!

Then approx an hour later ABC runs:

Archive Backup Client for TSM on OpenVMS, Version V4.2.0.9
Copyright 1996-2010, Storage Solutions Specialists, Inc.
%ABC-I-SCNPASS, 01:43:47.19 Scanning file system for backup candidates
%ABC-S-BCKOK, saved xxx.RBF

ABC is used very much as BACKUP with similar switches but
stores the backups on the central IBM TSM backup system.

Now, this is not a "large" database, the RBF file is 17 M records.
On a "large" DB you need to do some other steps with incremental backups
or maybe selective backups, if not all your data is critical or not
updated. But RMU has the tools and options to do that.
Arne Vajhøj
2021-06-06 15:36:07 UTC
Reply
Permalink
Post by Jan-Erik Söderholm
Post by Arne Vajhøj
Post by Phillip Helbig (undress to reply)
Post by Marc Van Dyck
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than the
organization's backup rotation schedule. The perpetrator then ransomed the
only remaining good copy of the organization's databases. In recent ransom
attacks on other platforms, the attackers have been active in the target
organization's networks for weeks and months, too.
I suppose that people in this organization never tried restores ? Doing
regular restores to ensure the integrity of your backups is one of the
major recommendations, isn't it ?
Yes, there is little point in doing a backup if you don't test the
restore.  But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt.  Yes, checksums and so on will catch some things, but
not all.
Traditional BACKUP only works good on a system with no activity.
BACKUP/IGNORE=INTERLOCK does not solve the problem.
To get a consistent backup of a large database, without significant
downtime, then one need a snapshot capability where updates after
time T does not change what is being backed up.
I believe modern storage systems can do that easily. Even though
I do not know much about the details - last time I was responsible
for backups then DAT tapes was cool.
You let the database tools handle the database backup and then use
your regular filesystem tools to backup the "database backup".
$!
$ RMU/BACKUP/ONLINE/LOG/extend=65535   <DB-ROOT>  xxx.RBF
%RMU-I-QUIETPT, waiting for database quiet point at  6-JUN-2021 00:02:08.26
%RMU-I-RELQUIETPT, Database quiet point lock has been released at
6-JUN-2021 00:02:08.28
%RMU-I-BCKTXT_00, Backed up root file xxx
%RMU-I-BCKTXT_02, Starting full backup of storage area (xxx)   at
6-JUN-2021 00:02:08.30
%RMU-I-BCKTXT_12, Completed full backup of storage area (xxx)  at
6-JUN-2021 00:05:04.72
%RMU-I-BCKTXT_02, Starting full backup of storage area (yyy)   at
6-JUN-2021 00:05:04.72
%RMU-I-BCKTXT_12, Completed full backup of storage area (yyy)  at
6-JUN-2021 00:06:53.49
%RMU-I-COMPLETED, BACKUP operation completed at  6-JUN-2021 00:06:53.53
$!
Archive Backup Client for TSM on OpenVMS, Version V4.2.0.9
Copyright 1996-2010, Storage Solutions Specialists, Inc.
%ABC-I-SCNPASS, 01:43:47.19 Scanning file system for backup candidates
%ABC-S-BCKOK, saved xxx.RBF
ABC is used very much as BACKUP with similar switches but
stores the backups on the central IBM TSM backup system.
Now, this is not a "large" database, the RBF file is 17 M records.
On a "large" DB you need to do some other steps with incremental backups
or maybe selective backups, if not all your data is critical or not
updated. But RMU has the tools and options to do that.
I believe that is a common model.

But the rule is still that either the database will be unavailable
for significant time or one need a snapshot capability where updates
can be done but the backup sees the snapshot data at the time of the
snapshot.

Storage or file system or database - the basic problem is the same.

Arne
Jan-Erik Söderholm
2021-06-06 16:45:38 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Jan-Erik Söderholm
Post by Arne Vajhøj
Post by Phillip Helbig (undress to reply)
Post by Marc Van Dyck
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than the
organization's backup rotation schedule. The perpetrator then ransomed the
only remaining good copy of the organization's databases. In recent ransom
attacks on other platforms, the attackers have been active in the target
organization's networks for weeks and months, too.
I suppose that people in this organization never tried restores ? Doing
regular restores to ensure the integrity of your backups is one of the
major recommendations, isn't it ?
Yes, there is little point in doing a backup if you don't test the
restore.  But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt.  Yes, checksums and so on will catch some things, but
not all.
Traditional BACKUP only works good on a system with no activity.
BACKUP/IGNORE=INTERLOCK does not solve the problem.
To get a consistent backup of a large database, without significant
downtime, then one need a snapshot capability where updates after
time T does not change what is being backed up.
I believe modern storage systems can do that easily. Even though
I do not know much about the details - last time I was responsible
for backups then DAT tapes was cool.
You let the database tools handle the database backup and then use
your regular filesystem tools to backup the "database backup".
$!
$ RMU/BACKUP/ONLINE/LOG/extend=65535   <DB-ROOT>  xxx.RBF
%RMU-I-QUIETPT, waiting for database quiet point at  6-JUN-2021 00:02:08.26
%RMU-I-RELQUIETPT, Database quiet point lock has been released at
6-JUN-2021 00:02:08.28
%RMU-I-BCKTXT_00, Backed up root file xxx
%RMU-I-BCKTXT_02, Starting full backup of storage area (xxx)   at
6-JUN-2021 00:02:08.30
%RMU-I-BCKTXT_12, Completed full backup of storage area (xxx)  at
6-JUN-2021 00:05:04.72
%RMU-I-BCKTXT_02, Starting full backup of storage area (yyy)   at
6-JUN-2021 00:05:04.72
%RMU-I-BCKTXT_12, Completed full backup of storage area (yyy)  at
6-JUN-2021 00:06:53.49
%RMU-I-COMPLETED, BACKUP operation completed at  6-JUN-2021 00:06:53.53
$!
Archive Backup Client for TSM on OpenVMS, Version V4.2.0.9
Copyright 1996-2010, Storage Solutions Specialists, Inc.
%ABC-I-SCNPASS, 01:43:47.19 Scanning file system for backup candidates
%ABC-S-BCKOK, saved xxx.RBF
ABC is used very much as BACKUP with similar switches but
stores the backups on the central IBM TSM backup system.
Now, this is not a "large" database, the RBF file is 17 M records.
On a "large" DB you need to do some other steps with incremental backups
or maybe selective backups, if not all your data is critical or not
updated. But RMU has the tools and options to do that.
I believe that is a common model.
But the rule is still that either the database will be unavailable
for significant time or one need a snapshot capability where updates
can be done but the backup sees the snapshot data at the time of the
snapshot.
Storage or file system or database - the basic problem is the same.
Arne
Yes. Rdb solves that using a "quiet point". As can be seen from the log
file above, that took 2 sec (freezing and waiting for active transactions
to finish). EFter that 2 sec delay, all update activity are back to normal
while the backup continues to run. The data backed up is the data that
was there at the point in time of the "quiet point lock release".

And any "snapshot" data is only saved to the "snapshot file" in the case
that some process request to update it. If not, there is no reason to
copy any data, of course. 99% of the database will be untouched during
the backup and thus not copied to the snapshot file.

So most of the data backed up is "real" data, not snapshot data.
Arne Vajhøj
2021-06-06 23:57:56 UTC
Reply
Permalink
Post by Jan-Erik Söderholm
Post by Arne Vajhøj
But the rule is still that either the database will be unavailable
for significant time or one need a snapshot capability where updates
can be done but the backup sees the snapshot data at the time of the
snapshot.
Storage or file system or database - the basic problem is the same.
Yes. Rdb solves that using a "quiet point". As can be seen from the log
file above, that took 2 sec (freezing and waiting for active transactions
to finish). EFter that 2 sec delay, all update activity are back to normal
while the backup continues to run. The data backed up is the data that
was there at the point in time of the "quiet point lock release".
And any "snapshot" data is only saved to the "snapshot file" in the case
that some process request to update it. If not, there is no reason to
copy any data, of course. 99% of the database will be untouched during
the backup and thus not copied to the snapshot file.
So most of the data backed up is "real" data, not snapshot data.
Yes.

I think that is common as well.

I believe that SpiraLog would have worked similarly - if anyone
still remembers that.

Arne
Simon Clubley
2021-06-07 12:14:22 UTC
Reply
Permalink
Post by Arne Vajhøj
I believe that SpiraLog would have worked similarly - if anyone
still remembers that.
I remember that you apparently had to restore from backups if the
Spiralog volume ever got full. Oops...

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
John Wallace
2021-06-06 09:56:52 UTC
Reply
Permalink
Post by Arne Vajhøj
Post by Phillip Helbig (undress to reply)
Post by Marc Van Dyck
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than the
organization's backup rotation schedule. The perpetrator then ransomed the
only remaining good copy of the organization's databases. In recent ransom
attacks on other platforms, the attackers have been active in the target
organization's networks for weeks and months, too.
I suppose that people in this organization never tried restores ? Doing
regular restores to ensure the integrity of your backups is one of the
major recommendations, isn't it ?
Yes, there is little point in doing a backup if you don't test the
restore.  But imagine, say, a database of several hundred terabytes.
Even if you can restore it, you can't necessarily tell if the data are
somehow corrupt.  Yes, checksums and so on will catch some things, but
not all.
Traditional BACKUP only works good on a system with no activity.
BACKUP/IGNORE=INTERLOCK does not solve the problem.
To get a consistent backup of a large database, without significant
downtime, then one need a snapshot capability where updates after
time T does not change what is being backed up.
I believe modern storage systems can do that easily. Even though
I do not know much about the details - last time I was responsible
for backups then DAT tapes was cool.
Arne
You don't even need an upmarket storage system to take a snapshot,
depending on particular needs. If the right things are done to quiesce
the applications and their IO before the snapshot is taken, the snapshot
may even contain useful (self-consistent?) data.

One way of doing this is to have a filesystem (or filesystem add on)
which can snapshot the state of a filesystem and then use "copy on
write" technology to preserve the snapshot while allowing updates to
continue to the "original" filesystem. Or some variant on that theme.

DEC/Compaq's StorageWorks Virtual Replicator for Windows NT (which was
pure software) did this in the late 20th century. ZFS or similar seems
to be a popular way of doing it in software in the 21st century.

Or you can do something equivalent in hardware storage controllers.

Or perhaps both, as the two approaches may have different features and
benefits.

Which of these approaches makes most sense in a relatively complex setup
(heavy duty ERP, for example, or even a "simple" ticket reservation and
booking system, or other cases where database contents have to match
realworld values for inventory etc) is a matter for the application
designers as much as it is for the storage and system admin folks.

Obviously not everything's quite that complicated. I'm sure a sufficient
application of virtualisation, DevoPS, and HYPErconverged infrastructure
(maybe with a sprinkling of Industrie 4.0) will make it all work just
fine. Or maybe not, but the salesfolk and CONsultants and the gullible
PHBs will usually be long gone by the time the snags show up.
Simon Clubley
2021-06-07 12:11:16 UTC
Reply
Permalink
Post by Arne Vajhøj
I believe modern storage systems can do that easily. Even though
I do not know much about the details - last time I was responsible
for backups then DAT tapes was cool.
DAT tapes were _never_ cool. :-)

DLT tapes, OTOH...

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Arne Vajhøj
2021-06-07 12:20:11 UTC
Reply
Permalink
Post by Simon Clubley
Post by Arne Vajhøj
I believe modern storage systems can do that easily. Even though
I do not know much about the details - last time I was responsible
for backups then DAT tapes was cool.
DAT tapes were _never_ cool. :-)
DLT tapes, OTOH...
DLT was very reliable but also expensive.

The original DAT (60 m) was not bad. I never had problems.
I think DAT went wrong when they started squeezing longer
tapes into the same size tape cartridge.

Arne
Stephen Hoffman
2021-06-05 17:10:48 UTC
Reply
Permalink
Post by Marc Van Dyck
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than
the organization's backup rotation schedule. The perpetrator then
ransomed the only remaining good copy of the organization's databases.
In recent ransom attacks on other platforms, the attackers have been
active in the target organization's networks for weeks and months, too.
I suppose that people in this organization never tried restores ? Doing
regular restores to ensure the integrity of your backups is one of the
major recommendations, isn't it ?
How many folks here full-path test their restores at all? [hint: less
than all.]

Then how many of that group test those restores more often than their
backup rotation depth?

Then how many of that smaller group verify the database structures?

Then how many of that yet smaller group verify the contents of the
database or the configuration files or other changes against production?

[Compared with some other platforms, OpenVMS is... bad... at
re-installing without requiring manual effort, too. See previous
newsgroup discussions of (the lack of) provisioning, and of migrating
to PCSI kits for ~everything local, among other messes. How many here
install your whole environment repeatedly, and from a kit? Automated
app deployments, with automated app migrations? But I digress.]

Would I have done the backups differently than the sequence they'd been
using, given the software and hardware constraints? Probably not. Which
yes, means I would have gotten caught out, too.

Even if keeping deeper backups, is restoring that old data from prior
to a longer-duration corruption even going to be appropriate and
useful? For many of the apps I've worked with, it'll be a disaster.
Ordering and fulfillment data gets stale fast, for instance.

Flip this around all and ask yourself—knowing what each of you knows
about your own backup or failover implementations—how would you
deliberately corrupt your own backups and your own production data
preservation strategies such that even performing the data recovery
would be more expensive than paying off the ransom, then start looking
at what to do to detect or to avoid that. What can be done deliberately
to cause problems, too. Not what happens when a tape library becomes
unreadable or unavailable, or a backup server drops offline with the
primary, or whatever is appropriate for your particular data
preservation implementation. And related to this, at what can be done
to detect intruders within your network earlier. Then see if you can
fit these changes into what for many is an ever-shrinking budget, just
for added entertainment.
--
Pure Personal Opinion | HoffmanLabs LLC
Jeffrey H. Coffield
2021-06-05 19:36:35 UTC
Reply
Permalink
Post by Stephen Hoffman
Post by Marc Van Dyck
One of the ransom cases I've cleaned up after some years ago had the
perpetrator silently corrupt multiple backups over time, deeper than
the organization's backup rotation schedule. The perpetrator then
ransomed the only remaining good copy of the organization's
databases. In recent ransom attacks on other platforms, the attackers
have been active in the target organization's networks for weeks and
months, too.
I suppose that people in this organization never tried restores ?
Doing regular restores to ensure the integrity of your backups is one
of the major recommendations, isn't it ?
How many folks here full-path test their restores at all? [hint: less
than all.]
Then how many of that group test those restores more often than their
backup rotation depth?
Then how many of that smaller group verify the database structures?
Then how many of that yet smaller group verify the contents of the
database or the configuration files or other changes against production?
At several (not all) sites the backups are automatically restored every
day to a test/backup system which is used for development.
Stephen Hoffman
2021-06-05 20:34:37 UTC
Reply
Permalink
Post by Jeffrey H. Coffield
At several (not all) sites the backups are automatically restored every
day to a test/backup system which is used for development.
Protecting against accidental and incidental corruption is often
familiar ground.

Protecting against malevolent action can require shifting thinking
about risks and vulnerabilities.

In the case I referenced, the data was all valid, but the fields for
different record entries were shuffled.

That backup restoration and particularly that re-use of production data
for testing is also impossible for an increasing number of apps and an
increasing number of sites, as synthetic data is required by local
policy, or by local privacy requirements, or by regulatory requirements.

For those of you that can re-use your production data for testing
purposes, I'd ask whether you've considered whether and when you should
do that, and under what circumstances, and what is done to protect that
data.

Having multiple copies of sensitive data available for an attackers can
be convenient for the attackers, of course. Why pop production, if you
can export the data from a testing server. Particularly one with fewer
restrictions than production.

As I mentioned up-thread, if you've not looked at your whole
environment and its data security and recovery, maybe review what y'all
are doing now, how, and why. And at whether that makes sense, and
whether there are newer or different exposures now.
--
Pure Personal Opinion | HoffmanLabs LLC
Marc Van Dyck
2021-06-06 09:39:35 UTC
Reply
Permalink
At several (not all) sites the backups are automatically restored every day
to a test/backup system which is used for development.
Hum, well... no. With regulations like GDPR and PCI, using production
data, for anything other than true production, specially if they
contain
personal data, is an absolute no-no. I agree that it is a pain in the
*ss, though.
--
Marc Van Dyck
Phillip Helbig (undress to reply)
2021-06-05 20:21:51 UTC
Reply
Permalink
In article <s9gb6o$ip7$***@dont-email.me>, Stephen Hoffman
<***@hoffmanlabs.invalid> writes:

By how much would ransom-ware attacks be reduced if there were no
bitcoin and no anonymous internet?
Stephen Hoffman
2021-06-06 18:47:43 UTC
Reply
Permalink
Post by Phillip Helbig (undress to reply)
By how much would ransom-ware attacks be reduced if there were no
bitcoin and no anonymous internet?
Unclear.

The effects of Deny / Dissemble / Defer / Defend / Defund / Deter /
Destroy and of AML & KYC and other responses to crime and fraud and
particularly ransomware and to varying sorts of espionage are all open
to debate.

Too many organizations deny or defer or dissemble on topics of data
security and privacy and accept the risks and consequences around the
threats of ransomware and data breaches, while others can and do choose
to defend.

Defunding and deterring and destroying are national and international
discussions, and with international requirements or repercussions.

An anonymous internet is valuable to us all, for as long as we might
still have that. If we even still have that in an era of
increasingly-ubiquitous and pervasive surveillance.

Do ask some folks that are not in your relatively charmed social
position about why they either don't post, or why they post
anonymously. If they're willing to answer. Some of us are targets of
harassment, of abuse or of massive abuse, or of threats of violence up
to and legally-sanctioned death sentences.

Cryptocurrencies are speculative investments and regulatory-arbitrage
schemes at best, and self-organizing pyramid schemes and/or massive
frauds at worst, and that all usually doesn't end well for all but the
earliest investors. If it works out at all. Proofs-of-work and
proofs-of-space algorithms are just stupidly-consumptive designs in
general too, as those necessarily must be structured and provisioned to
always detect and defend against 51% "attacks".
--
Pure Personal Opinion | HoffmanLabs LLC
Phillip Helbig (undress to reply)
2021-06-06 20:26:50 UTC
Reply
Permalink
Post by Stephen Hoffman
Post by Phillip Helbig (undress to reply)
By how much would ransom-ware attacks be reduced if there were no
bitcoin and no anonymous internet?
Unclear.
An anonymous internet is valuable to us all, for as long as we might
still have that. If we even still have that in an era of
increasingly-ubiquitous and pervasive surveillance.
Do ask some folks that are not in your relatively charmed social
position about why they either don't post, or why they post
anonymously. If they're willing to answer. Some of us are targets of
harassment, of abuse or of massive abuse, or of threats of violence up
to and legally-sanctioned death sentences.
I certainly understand that an anonymous internet is a boon for many
people. However, it does have a downside in that perfect anonymity and
uncrackable encryption do help criminals as well. One has to weigh up
the risks; neither choice is ideal.
Post by Stephen Hoffman
Cryptocurrencies are speculative investments and regulatory-arbitrage
schemes at best, and self-organizing pyramid schemes and/or massive
frauds at worst, and that all usually doesn't end well for all but the
earliest investors. If it works out at all. Proofs-of-work and
proofs-of-space algorithms are just stupidly-consumptive designs in
general too, as those necessarily must be structured and provisioned to
always detect and defend against 51% "attacks".
I am certainly not a fan of crypto currencies, for several reasons, and
am pleased that Elon Musk has now reduced the corresponding hype since
he realized (late, but still) that they are NOT GOOD for the
environment. However, it is clear that the ability to transfer money
anonymously has greatly aided the extortionists.
Stephen Hoffman
2021-06-07 21:58:45 UTC
Reply
Permalink
Post by Stephen Hoffman
Post by Phillip Helbig (undress to reply)
By how much would ransom-ware attacks be reduced if there were no
bitcoin and no anonymous internet?
Unclear.
In other news, press reports that US DOJ and FBI claim to have acquired
the wallet private key and having seized the server that was allegedly
holding the Colonial Pipeline ransom payment.
--
Pure Personal Opinion | HoffmanLabs LLC
Dave Froble
2021-06-08 00:00:22 UTC
Reply
Permalink
Post by Stephen Hoffman
Post by Stephen Hoffman
Post by Phillip Helbig (undress to reply)
By how much would ransom-ware attacks be reduced if there were no
bitcoin and no anonymous internet?
Unclear.
In other news, press reports that US DOJ and FBI claim to have acquired
the wallet private key and having seized the server that was allegedly
holding the Colonial Pipeline ransom payment.
Be interesting to see the bad guys response to that ...
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Simon Clubley
2021-06-03 17:23:42 UTC
Reply
Permalink
Post by Dave Froble
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked,
invaded with ransomware and such. Are those the "common security
protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Those operating systems are being probed on a daily basis by an entire
army of security researchers who are very good at what they do.

How long do you think VMS would survive if it was exposed to that
level of probing on a daily basis ?
Post by Dave Froble
Post by Simon Clubley
Anyone saying the above does not have a clue about what is required
on the desktop or what is standard on other operating systems when
it comes to security.
"Standard" as in "known how to hack"? Perhaps it's time for another
direction?
Security by obscurity is not real security.

It only gives (wrongly) the illusion of security to some people.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Dave Froble
2021-06-03 18:26:56 UTC
Reply
Permalink
Post by Simon Clubley
Post by Dave Froble
Post by Simon Clubley
VMS is missing security protections common in other operating systems.
You mean all those "secure" systems that are constantly being hacked,
invaded with ransomware and such. Are those the "common security
protections" you're talking about?
Perhaps I'd rather be not as "secure" ...
Those operating systems are being probed on a daily basis by an entire
army of security researchers who are very good at what they do.
How long do you think VMS would survive if it was exposed to that
level of probing on a daily basis ?
Post by Dave Froble
Post by Simon Clubley
Anyone saying the above does not have a clue about what is required
on the desktop or what is standard on other operating systems when
it comes to security.
"Standard" as in "known how to hack"? Perhaps it's time for another
direction?
Security by obscurity is not real security.
It only gives (wrongly) the illusion of security to some people.
Simon.
Not being hacked is usually better than being hacked ...
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
ultr...@gmail.com
2021-06-04 16:39:13 UTC
Reply
Permalink
Post by Simon Clubley
Post by ***@gmail.com
because then OpenVMS becomes available to the common user (desktop) apps
with the ad pitch being "eliminate ransomware, malware and security tools for good"
Don't go there Bob. Seriously.
VMS is missing the required desktop applications.
VMS is missing security protections common in other operating systems.
Anyone saying the above does not have a clue about what is required
on the desktop or what is standard on other operating systems when
it comes to security.
Simon.
--
Walking destinations on a map are further away than they appear.
tell us just what security protections are missing?

OpenVMS layered security, OBJECT SECURITY, UICs, ACLs, privileges, intrusion detection, detailed security auditing and alarms, SSL, SSH

Where has vms gone wrong compared to unix/linux?

Linus is insecure by design and needs additional tools. OpenVMS was designed learning from the mistakes of unix.

Tell us just how according to parsec group the OS that has never gotten a virus lacks in security?

https://www.parsec.com/wwwDocuments/openvmssecurity.pdf
Simon Clubley
2021-06-04 17:58:00 UTC
Reply
Permalink
Post by ***@gmail.com
tell us just what security protections are missing?
OpenVMS layered security, OBJECT SECURITY, UICs, ACLs, privileges, intrusion detection, detailed security auditing and alarms, SSL, SSH
Where has vms gone wrong compared to unix/linux?
VMS was leading in security until like mid 90's.
Then VMS mostly stopped adding new features - security and other.
Other systems evolved. Implemented the same features that VMS had
and added new features.
NX/XD/XN pages, ASLR, kernel IP firewall etc..
Also mandatory access controls and other application isolation and
containment functionality.

Other systems also get heavy probing from security researchers so
issues are found and fixed (and functionality redesigned if it is
found to be weak).

How many such problems would be found in VMS if it got the same
level of attention ?

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Loading...