[Info-vax] What would you miss if DECnet got the chop? Was: "bad select 38" (OpenSSL on VMS)

[David Froble]

Dirk Munk wrote:
> Paul Sture wrote:
>> On 2016-09-17, David Froble <davef at tsoft-inc.com> wrote:
>>> Stephen Hoffman wrote:
>>>>
>>>> I'd be seriously tempted to announce the deprecation and eventual
>>>> removal of DECnet, for that matter.
>>>
>>> Booo!  Hisssss!
>>>
>>> Ok, we know it's not secure.  Run at your own risk.
>>>
>>> I'm guessing that DECnet users use it only in house, for FAL and 
>>> such, so if the
>>> in house environment is secure, then security isn't an issue for DECnet.
>>>
>>> If it's not going to take up time and effort, then why kill it off?
>>>
>>> I personally find it can be useful.
>>>
>>> It sure is handy when you need to shutdown and re-start TCP/IP on a 
>>> remote (but
>>> in house) system.
>>
>> I'd certainly miss one or two things that DECnet does:
>>
>> o - the ability to do a SET HOST 0 /LOG= to get a log / audit trail of 
>> software
>>     installations and configuration sessions.   Yes, many terminal 
>> emulators can
>>     do logging, but those logs aren't on the target system.
>>
>> o - using DECnet as a means of placing BACKUP savesets on another 
>> node, and
>>     restoring them from other nodes (where 'other' can be either local or
>>     remote).
>>
>> o - DECnet tasks.  Useful but I haven't seen many customers use these.
>>
>> o - FAL
>>
> 
> 
> First of all, which DECnet do you mean?  DECnet Phase IV should have 
> been abandoned years ago, DECnet Phase V has been the successor for 
> years now, but many DECnet users are just to plain lazy to learn how it 
> works. They took a look at the UI, concluded that is was very different 
> from the NCP commands of Phase IV, and just gave up. Or are they too 
> stupid to understand it?

I use IV, which suits my purposes.  Sorry you don't approve.  Actually, I don't 
give a damn what you think.  If you're going to take the attitude that it's your 
way or the highway, well, good luck, you''ll need it, but I don't think you'll 
have it.  People are allowed to have differing opinions.  Even stupid people 
like me.

> Has no one ever noticed the analogy between Windows and VMS in this 
> respect? Windows uses Netbios over IP the same way VMS can use DECnet 
> Phase V over IP. Or have you ever heard of Microsoft abandoning Netbios 
> in favour of plane IP stuff like FTP etc. ?
> 
> Besides DECnet we also have cluster traffic. It is also insecure. So 
> let's just abandon VMS clusters as well???
> 
> DECnet and cluster traffic can both use IP for transport. How to make 
> that traffic very secure? It is so simple, use IPsec! But when I 
> proposed that in this forum, it was made very clear that I'm an idiot to 
> propose the only way to encrypt IP traffic that has an real 
> architectural idea behind it, instead of the many hobby solutions like 
> SSL, SSH etc.
> 
> But again, you must make an afford to implement IPsec, and we don't want 
> to do that. Quick and dirty solutions that are prone to lots of 
> maintenance on the application level are much and much better. Thinking 
> in layers, whereby encryption is part of the network and has nothing to 
> do with applications, idiotic.
> 
> So yes, you can use all the nice features DECnet has to offer, but no 
> one cares to deal with these days. And you can use it in a safe way as 
> well. Oh yeah, and remember, DECnet is deeply embedded in VMS, VMS was 
> build around the idea of networking with DECnet. You do remember how 
> full VMS file specifications looks?
> 
> node::disk:{directory}file.extension.version

Yes, my thoughts also ....

> It start with node::
> 
> Try that with plain IP.
> 
> Some one recently wrote a article about the status of IPv6, and about 
> the status of RFC's . It was shocking to read what an enormous mess it 
> is. That is the problem with IP, it is one enormous out of hand hobby 
> project with lots of overlapping poorly defined 'standards' that are 
> really no standards at all (!!).  It is exactly what we should not have 
> in times that well structured security and dependable network 
> communication is of the utmost importance.

In general I agree with what you've written.  I consider DECnet as a part of 
VMS, and if one really doesn't want VMS, then just go and use something else.