[Info-vax] "Shanghai Stock Exchange" and OpenVMS

[AEF]

On Jan 22, 8:41 pm, billg... at cs.uofs.edu (Bill Gunshannon) wrote:
> In article <abd32391-46d6-49e4-aa1c-58d74dcc7... at p2g2000prn.googlegroups.com>,
>         AEF <spamsink2... at yahoo.com> writes:
> > On Jan 22, 3:31 pm, billg... at cs.uofs.edu (Bill Gunshannon) wrote:
> >> In article <CKqdnel_5rWYS-XUnZ2dnUVZ_v_in... at giganews.com>,
> >>         "Richard B. Gilbert" <rgilber... at comcast.net> writes:
>
> >> > Bill Gunshannon wrote:
> >> >> In article <0005d0dd$0$2088$c3e8... at news.astraweb.com>,
> >> >>        JF Mezei <jfmezei.spam... at vaxination.ca> writes:
> >> >>> Richard B. Gilbert wrote:
>
> >> >>>> You can safely plug them in and turn them on.  It's when you connect
> >> >>>> them to a network that you have to worry about "electronic organisms"
> >> >>>> infecting your Windows systems.
> >> >>> This week's virus can be transmitted when you plug in an USB key.
>
> >> >>> Sony managed to infect Windows machines when the user inserted a MUSIC
> >> >>> CD into the machines (that rootkit thing).
>
> >> >>> So leaving a Windows box unconnected to a network is not a garantee that
> >> >>>  it won't be infected.
>
> >> >> And all of these exploits can be prevented by proper configuration of
> >> >> Windows.
>
> >> >> bill
>
> >> > And how many people know how to "properly configure Windows"???
>
> >> How many know how to "properly configure VMS"?
>
> >> > Where is this "proper configuration" documented?  The last time I looked
> >> > Windows was shipping without any "documentation".
>
> >> Well, you can get docs from NIST specifically covering security.  And then
> >> there are the checklists from DISA that are publicly available.  And, being
> >> as we are talking about supposed professionals in major corporations and
> >> not your momma's PC,  if they don't already know where to find this stuff
> >> they certainly should know how to go out and find it.  Even Google finds
> >> piles of references including the stuff from NIST.
>
> >> bill
>
> >> --
> >> Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
> >> billg... at cs.scranton.edu |  and a sheep voting on what's for dinner.
> >> University of Scranton   |
> >> Scranton, Pennsylvania   |         #include <std.disclaimer.h>  - Hide quoted text -
>
> >> - Show quoted text -
>
> > Hi Bill,
>
> > Well, it sounds like Windows PC's/servers come seriously misconfigured
> > right out of the box! And it appears to be a rather big deal to
> > configure them properly.
>
> Yes, they are misconfigured badly right out of the box and no, it is
> not a big deal to fix that.  Especially for someone claiming to be a
> professional.
>
> >                           Is this true for other OSes?
>
> Depends on who you ask.  The OpenBSD folks think all the others come
> misconfigured.  :-)
>
> >                                                        Is VMS seriously
> > misconfigured right out of the box?
>
> Who would know?  Most of the VMS systems I have seen are pretty much
> useless (from a user standpoint) right out of the box.  You have to
> do a lot that is not needed on other systems before a user can do
> anything with it.

Wait a minute. Are you limiting this discussion to front-end and home
use? What about VMS as a back-end?

> > With VMS you can get security info right out of the manuals that come
> > with it!
>
> What manuals?  Oh, you mean on the CD.  And how does the user get at those?
> They are locked in the sysmanager desk.  :-)  And, to be quite honest, I
> have never found the VMS manuals to be all that readable or easy to
> locate things in.  Guess it depends on the style of manuals you are used
> to.

Well, I thought the User Manuals were pretty good (except for logical
name access modes and that stuff about SPAWN and "non-record-oriented
process-permament files (NRO PPFs)". I found the Manager manuals a
little worse and was not happy with the Programmer manuals, but only
because they one I used -- the one that described system services,
like translating a DCL symbol or logical name in Fortran or other
languauge of that level -- doesn't tell you which modules you have to
include! If you're lucky, there's an example to show you. Maybe the
other P manuals are better.

>
> >           No hunting down stuff at NIST and such.
>
> It might interest you to know that DISA has (had) a checklist for VMS.
> Of course, when I asked if there was interest in updating it I was told
> that wasn't necessary as they were dropping any interest in VMS.
>
> >                                                   OK, they may not have
> > the exact details for various pre-defined levels of security, but you
> > can go through the Security Manual and do a lot more than what comes
> > with Windows servers. And do these NIST documents explain how to
> > actually do any of this in Windows? (Well, maybe some manuals like
> > that do come with it -- do tell.)
>
> Yes, they do.  As do the DISA STIG's and Checklists.

OK.

> > This reminds me of one of my main gripes about Windows: no
> > documentation to browse. What I mean by "browse" is not to look for
> > help on fixing a particular problem you happen to have, but to just
> > read something like the VMS User's manual and just learn what the OS
> > can do and how to do it. For example, with Windows' Outlook Advanced
> > Find, you can put semicolons between search words and it changes the
> > Boolean logic from AND to OR. How do I know this? I happened to
> > stumble across it in a document written by someone who has nothing to
> > do with Microsoft and was writing about some other particular topic
> > (It might have been "Escape from the Mousetrap. I'll hunt it down
> > later . . . maybe.) Who knows what other cool features we don't know
> > about? What secret Microsoft doc even mentions this and if there is
> > such, why should I have to, and how would I know to, hunt for it? And
> > where's the secret documentation for all the MS-DOS commands, esp. the
> > MS-DOS commands I don't even know exist until a Windows Admin tells me
> > in response to a question I have for which I don't even know that the
> > answer is to run some secret MS-DOS command (not to mention the fact
> > that I need to use the MS-DOS command window in the first place!)?
>
> Funny, I have the same resources as everyone else and I haven't
> had any problem finding answers.  Sure, they don't come with

What answers are you talking about? I gave a specific example of the
secret semicolon operator in Adavanced Find. Just which Windows
manual, be it a Web page, CD, barn door, or what have you, can you
learn this secret in? How did you even know there was such a secret to
know?! I'm not talking about troubleshooting. I'm talking about
learning about features that aren't obvious, such as the semicolon
operator.

With the VMS CD or the docs on the Net, you can at least peruse them
and learn all the commands and utilities and such and what they do.
Can you do this with Windows? What can I read (and where) that
documents all the secrets such as the semicolon operator, the NET
STATISTICS command, e.g.? What other features like the semicolon are
most of us missing because we have to hope we stumble across them? I'm
talking about a reference or manual -- such as the DCL Dictionary or
the User's Manual -- that documents all these features . . . for
USERs, not system admins.

 > real books.  That's nothing new.  AT&T stopped delivering books
> with Unix at SYS V.  You bought your documentation from Prentice-
> Hall.  Same is tru of Windows.  Therea re a lot of sources for
> books if you really want them.  I guess it's a matter of keeping
> the cost down.  VMS used to ship with real books but no longer does.
> Now it comes with one set of documentation CD's which are seldom,
> if ever, available outside the datacenter.  And the one real big
> difference is there are no third party books on VMS available at
> places like Barnes & Noble.

OK, what book would I have to buy to have learn about the semicolon
operator; the fact that there *is* such an operator (otherwise how
would I even know to hunt it down); and other well-kept, possibly
useful, secret comands, operators, and what have you?

> > Even OS X has this problem. That's why you need the David Pogue books
> > (well, at least one of them). I guess home computers just don't come
> > with docs like VMS (and I'm sure other OSes) has -- stuff you can just
> > sit down and read and learn all the features about all the commands
> > (well, mostly).
>
> How do you "just sit down and read"?  I last set of actual VMS books I
> are at least 10 years old.  Now, if you can afford the tomer and paper
> I suppose you could print your own, but it wan't that long ago even
> these only came in bookreader format and could not be printed.

You can read the manuals on the Net. OK, it's not as comfrotable as
reading them in print. But I actually did this once at a physics lab I
was visiting. I had to copy a whole bunch of tapes. And each took
about 10 min. So I had nothing to do between tapes. So, to take
advantage of this waiting time I read everything that looked useful or
interesting in the DCL dictionary and the EDT reference manual. I made
a big step forward that day.

> A lot of this stuff does not look nearly as rosy to outsiders as people
> here seem to think.

Whatever.

AEF