[Info-vax] Whither VMS?

Main, Kerry Kerry.Main at hp.com
Sat Sep 26 12:09:58 EDT 2009 

> -----Original Message-----
> From: info-vax-bounces at rbnsn.com [mailto:info-vax-bounces at rbnsn.com] On
> Behalf Of Richard B. Gilbert
> Sent: September-25-09 9:00 PM
> To: info-vax at rbnsn.com
> Subject: Re: [Info-vax] Whither VMS?
> 
> Bob Koehler wrote:
> > In article <h9i2ib$rnr$3 at gemini.csx.cam.ac.uk>, rf10 at cl.cam.ac.uk
> (Robin Fairbairns) writes:
> >> i never quite saw it, but a colleague who did systems programming
> for
> >> my team on rsx 11-m said the internal structure of rsx "felt" very
> >> similar to those modules of vms "signed" by dave cutler.
> >
> >    Dave Cutler's I/O subsystem design shows up in RSX, VMS, and
> Windows.
> >    Which is the only thing Windows has in common with a real OS.
> >
> >> (wouldn't it be nice if commercial operating systems nowadays
> arrived
> >> with source listings?  vms was the last such that i saw.)
> >
> >    You can get the sources to Linux, and make your own listings.
> >    Problem left to the student of arcane command syntax:  how to get
> >    gcc to produce listings.  Solaris is also supposed to open source,
> >    but I'm not about to get to know Sun's C compiler that well.
> >
> >    The last time I checked, DEC's VMS source listing CD was selling
> at
> >    about the same price as HP's HP-UX source listings.  But for HP-UX
> >    you first had to show you owned a UNIX source licence, which was
> >    somewhat more expensive, and the system you read or stored the
> files
> >    on was not allowed to be connected to any network except electric
> >    power.
> >
> >    With all the holes people find in Windows now, can you imagine
> what
> >    major increase in the insanity would take place if they had the
> >    source listings to help them?
> >
> 
> Keeping bad code a secret in order to prevent hacking is, to say the
> least, a poor way to do business.  Sun has made most of the Solaris
> source code available for comment, criticism, and improvement.  The
> stuff that's still not public belongs in whole or in part to third
> parties and is used by Sun under license.
> _______________________________________________

Yeah, that's why banks put their security and safe plans on the Internet.
They hope that all those who review their plans will do the right things 
and report them to the bank.

:-) :-)

Here is good example of those who feel differently about what they do 
when they find bugs:

http://tinyurl.com/ybqf8t6 which translates to: (watch wrap)

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=208804607 

Imho, should OS's have external security reviews? 

Absolutely. By contracting firms and/or individuals who specialize in 
this and are specialists in latest security tools, technologies and trends.
And this is what banks typically do.

Again, imho, this is far better than dropping everything onto the Internet 
and "hoping" all those that find bugs will do the right thing. 

Heck, while much is made of the wider audience reviewing code & finding 
bugs, the reality is that those who really have the expertise to review 
system, driver and kernel code for bugs also have day jobs and since they 
do not get paid to review all of the freeware stuff, then how really 
incented are they to do this? (yes, there are likely a few exceptions, but 
I suspect that even these numbers of dedicated soles who do code review 
for free after a hard day at the office are dropping)


Regards

Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-797-4937
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that simply works.

More information about the Info-vax mailing list