[Info-vax] I guess VMS can't lose?

Main, Kerry Kerry.Main at hp.com
Tue Nov 9 09:50:32 EST 2010 

> -----Original Message-----
> From: info-vax-bounces at rbnsn.com [mailto:info-vax-bounces at rbnsn.com]
> On Behalf Of Simon Clubley
> Sent: November-08-10 7:52 AM
> To: info-vax at rbnsn.com
> Subject: Re: [Info-vax] I guess VMS can't lose?
> 
> On 2010-11-07, Main, Kerry <Kerry.Main at hp.com> wrote:
> >> -----Original Message-----
> >> From: info-vax-bounces at rbnsn.com [mailto:info-vax-
> bounces at rbnsn.com]
> >> On Behalf Of Simon Clubley
> >> Sent: November-07-10 5:41 PM
> >> To: info-vax at rbnsn.com
> >> Subject: Re: [Info-vax] I guess VMS can't lose?
> >>
> >> On 2010-11-07, Main, Kerry <Kerry.Main at hp.com> wrote:
> >> >
> >> > Those who say otherwise have no real experience in large Linux shops.
> >> >
> >> > These shops have given up testing important apps before they roll out
> >> > the 5-20+ security patches per month. They have adopted the old
> >> > Wintel strategy of "patch-n-pray".
> >> >
> >>
> >> You may wish to discontinue posting this type of comment until after the
> >> new VMS engineering team gets it's act together.
> >>
> >> Simon.
> >>
> >
> > You missed the point.
> >
> 
> No, Kerry, _you_ don't get it.

I disagree - I do get the point that many on this list are upset over recent patch issues 
with V8.4 (and some patches before that). Hey, if I could wave a magic wand to fix all
these issues, I would.

Having stated this, every major release of OS sw like OpenVMS V8.4 from every vendor 
has some follow-on bugs that get fixed in the 1-6 months following its release.

> 
> There is very real anger about what is happening to VMS as a review of the
> postings in comp.os.vms over the last few months will tell you.
> 

Read many of them. Agree with some postings, not all.

> People see the VMS patch process and general VMS maintenance collapsing
> around them and wonder where it is going to end.
> 

OpenVMS V8.1, V8.2, and V8.3 also had issues (and some were not small) that were 
fixed in the 1-6 months following their releases. 

Hence, while not to belittle the recent issues, let's not perform any revisionist history 
and believe that other major OpenVMS releases were error free either - or, for that
matter - initial major OS releases from any vendor!

As someone mentioned earlier in this thread, best practices for enterprise environments
and major releases from any vendor is to put the major release in Dev/test and then only 
migrate to prod when you are comfortable with your own testing and research.

These issues did not always impact everyone and each Customer has to upgrade based 
on their functional and scheduling requirements as well as their own testing experiences.

> Then, while this is happening, you come along and spout off your usual
> comments about how the VMS process is so much better than everyone
> else.

Get real - where did I say OpenVMS was better than anyone else?

Stick to the facts  - my focus was on all of the security issues associated with
commodity systems which some here try to portray as the way to go.

> This is so out of touch with what is happening at the moment, I have to
> wonder if you realise just how out of touch your comments are.
> 

No, you are angry and implying all sorts of things that are not based on any 
statements I made.

> You talk about VMS as it was in the past, and not how it is at the moment.

> Furthermore, the non-security VMS patches still fix non-security bugs
> in VMS (usually serious ones) and need to work just as well as the security
> patches.
> 

Agree, but you do realize the difference in focus between security patches
and functionality fix patches - right? 

And the difference in impact AND priority that a security patch has over a 
functionality or bug patch?

You do realize that in many cases, enterprise Customers have a choice as to
when to apply functionality patches, but not so with security patches - right?

> This is not about the number of patches released per month especially
> when the majority of those patches refer to products and functionality
> which VMS does not support.
> 
> This is about the quality of the engineering process and I can tell you
> that the vast majority of the Redhat based patches work just fine. I wish
> the same could be said about the current VMS patches.
> 

Ok, so why are there 5-20+ security patches each and EVERY month? 
(see the Red Hat security patch site link provided earlier)

Keep in mind that many of these are kernel security issues which means
server reboots. 

Geeze .. think of what this would mean if all of a sudden, OpenVMS started 
releasing 10-15 or 20+ security patches PER MONTH?

Would this be an enterprise platform to base your future on?

How would enterprise customer retest all their important apps before
rolling out all these new security patches?

> You offer the opinion that customers cannot afford Linux due to the
> maintenance costs. I dispute that, but at the same time, I would ask you
> how long will VMS continue to be a viable option if the current problems
> are not fixed ? All the patches which come out of VMS engineering need
> to work in order for VMS to remain viable and not just the security ones.
> 

Agree and issues that were identified (like the V400 patch changing the 
System_check default value) now have patches available.

Sigh .. and yes, I know the patch access system is a big change for many
Customers, but this decision was not specific to OpenVMS .. for this, be
mad at HP if you will, but do not blame OpenVMS for this decision.

> And while I am at it, just how many security issues are waiting to be
> discovered in recent VMS versions, but are not because no-one cares.
> (The majority of Linux issues are discovered by third parties.)
> Look at what happened when someone briefly looked at VMS a couple of
> years ago. I doubt this has been improved by replacing a experienced
> team with a new one.
> 

Yeah, I guess the Shanghai Stock Exchange that recently (go live last Dec) migrated 
from UNIX to OpenVMS is not concerned about security eh?  They may only
be the future global financial center replacing New York, but according to you,
I guess they are not concerned about security and whether their new platform 
was something to build their future on?

Btw, if you are referring to the issue that I think you are, then that was more 
than a "brief" look that the consultants did. I am glad the issues were found, 
but I prefer to look at the actual number of security incidents.

Let's get real - I have no doubt there are future security issues that will be 
discovered in OpenVMS. When identified, they will be fixed. 

> So like I said, you may wish to discontinue posting this type of comment
> until after the new VMS engineering team gets it's act together and starts
> releasing software with the same quality as the old VMS team.
> 	

Again, while not to belittle the recent issues, and no, I do not agree with all
recent org decisions by HP, but  let's remember that previous major 
OpenVMS releases also had issues which impacted some users (not all) and 
that were fixed in the 1-6 months following their initial release.

[snip..]

Regards,

Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-797-4937
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that simply works

More information about the Info-vax mailing list