[Info-vax] What would you miss if DECnet got the chop? Was: "bad select 38" (OpenSSL on VMS)

Sun Sep 18 10:29:39 EDT 2016

Jan-Erik Soderholm wrote:
> Den 2016-09-18 kl. 14:09, skrev Dirk Munk:
>> johnwallace4 at yahoo.co.uk wrote:
>>> On Sunday, 18 September 2016 11:32:44 UTC+1, Dirk Munk  wrote:
>>>> David Froble wrote:
>>>>> Dirk Munk wrote:
>>>>>> Paul Sture wrote:
>>>>>>> On 2016-09-17, David Froble <davef at tsoft-inc.com> wrote:
>>>>>>>> Stephen Hoffman wrote:
>>>>>>>>>
>>>>>>>>> I'd be seriously tempted to announce the deprecation and eventual
>>>>>>>>> removal of DECnet, for that matter.
>>>>>>>>
>>>>>>>> Booo!  Hisssss!
>>>>>>>>
>>>>>>>> Ok, we know it's not secure.  Run at your own risk.
>>>>>>>>
>>>>>>>> I'm guessing that DECnet users use it only in house, for FAL and
>>>>>>>> such, so if the
>>>>>>>> in house environment is secure, then security isn't an issue for
>>>>>>>> DECnet.
>>>>>>>>
>>>>>>>> If it's not going to take up time and effort, then why kill it off?
>>>>>>>>
>>>>>>>> I personally find it can be useful.
>>>>>>>>
>>>>>>>> It sure is handy when you need to shutdown and re-start TCP/IP on a
>>>>>>>> remote (but
>>>>>>>> in house) system.
>>>>>>>
>>>>>>> I'd certainly miss one or two things that DECnet does:
>>>>>>>
>>>>>>> o - the ability to do a SET HOST 0 /LOG= to get a log / audit trail
>>>>>>> of software
>>>>>>>     installations and configuration sessions.   Yes, many terminal
>>>>>>> emulators can
>>>>>>>     do logging, but those logs aren't on the target system.
>>>>>>>
>>>>>>> o - using DECnet as a means of placing BACKUP savesets on another
>>>>>>> node, and
>>>>>>>     restoring them from other nodes (where 'other' can be either
>>>>>>> local or
>>>>>>>     remote).
>>>>>>>
>>>>>>> o - DECnet tasks.  Useful but I haven't seen many customers use
>>>>>>> these.
>>>>>>>
>>>>>>> o - FAL
>>>>>>>
>>>>>>
>>>>>>
>>>>>> First of all, which DECnet do you mean?  DECnet Phase IV should have
>>>>>> been abandoned years ago, DECnet Phase V has been the successor for
>>>>>> years now, but many DECnet users are just to plain lazy to learn how
>>>>>> it works. They took a look at the UI, concluded that is was very
>>>>>> different from the NCP commands of Phase IV, and just gave up. Or are
>>>>>> they too stupid to understand it?
>>>>>
>>>>> I use IV, which suits my purposes.  Sorry you don't approve.
>>>>> Actually,
>>>>> I don't give a damn what you think.  If you're going to take the
>>>>> attitude that it's your way or the highway, well, good luck, you''ll
>>>>> need it, but I don't think you'll have it.  People are allowed to have
>>>>> differing opinions.  Even stupid people like me.
>>>>>
>>>>>> Has no one ever noticed the analogy between Windows and VMS in this
>>>>>> respect? Windows uses Netbios over IP the same way VMS can use DECnet
>>>>>> Phase V over IP. Or have you ever heard of Microsoft abandoning
>>>>>> Netbios in favour of plane IP stuff like FTP etc. ?
>>>>>>
>>>>>> Besides DECnet we also have cluster traffic. It is also insecure. So
>>>>>> let's just abandon VMS clusters as well???
>>>>>>
>>>>>> DECnet and cluster traffic can both use IP for transport. How to make
>>>>>> that traffic very secure? It is so simple, use IPsec! But when I
>>>>>> proposed that in this forum, it was made very clear that I'm an idiot
>>>>>> to propose the only way to encrypt IP traffic that has an real
>>>>>> architectural idea behind it, instead of the many hobby solutions
>>>>>> like
>>>>>> SSL, SSH etc.
>>>>>>
>>>>>> But again, you must make an afford to implement IPsec, and we don't
>>>>>> want to do that. Quick and dirty solutions that are prone to lots of
>>>>>> maintenance on the application level are much and much better.
>>>>>> Thinking in layers, whereby encryption is part of the network and has
>>>>>> nothing to do with applications, idiotic.
>>>>>>
>>>>>> So yes, you can use all the nice features DECnet has to offer, but no
>>>>>> one cares to deal with these days. And you can use it in a safe
>>>>>> way as
>>>>>> well. Oh yeah, and remember, DECnet is deeply embedded in VMS, VMS
>>>>>> was
>>>>>> build around the idea of networking with DECnet. You do remember how
>>>>>> full VMS file specifications looks?
>>>>>>
>>>>>> node::disk:{directory}file.extension.version
>>>>>
>>>>> Yes, my thoughts also ....
>>>>>
>>>>>> It start with node::
>>>>>>
>>>>>> Try that with plain IP.
>>>>>>
>>>>>> Some one recently wrote a article about the status of IPv6, and about
>>>>>> the status of RFC's . It was shocking to read what an enormous
>>>>>> mess it
>>>>>> is. That is the problem with IP, it is one enormous out of hand hobby
>>>>>> project with lots of overlapping poorly defined 'standards' that are
>>>>>> really no standards at all (!!).  It is exactly what we should not
>>>>>> have in times that well structured security and dependable network
>>>>>> communication is of the utmost importance.
>>>>>
>>>>> In general I agree with what you've written.  I consider DECnet as a
>>>>> part of VMS, and if one really doesn't want VMS, then just go and use
>>>>> something else.
>>>>
>>>> Thanks David.
>>>>
>>>> My ideas about Phase IV are not just opinions. Phase IV is a dead end,
>>>> it won't be long before you can't buy routers for Phase IV. You can't
>>>> make Phase IV traffic secure, you can't use it in a IP-only network
>>>> environment, you can't use it over the internet. Those are facts, not
>>>> opinions.
>>>>
>>>> I will go further then that. By sticking to DECnet Phase IV, you will
>>>> affectively kill DECnet. If DECnet is nothing else then an IP port for
>>>> your network people, then who cares. If it is a completely different
>>>> network environment, it will be all the more reason to kick DECnet and
>>>> even VMS out.
>>>>
>>>> Does this make sense to you?
>>>>
>>>> I'm sure DECnet Phase IV suits your purpose, but the nice thing with
>>>> DECnet is nothing changes on the application level when you go from
>>>> Phase IV to Phase V. Now look at IP, go from IPv4 to IPv6. You have to
>>>> rebuild your application, put two networks stacks in for as long you're
>>>> using dual stack.
>>>>
>>>> So in your case:
>>>> - Go from DECnet Phase IV to DECnet Phase V: you don't have to change
>>>> anything in your application.
>>>> - Go from OSI transport to IPv4 transport: you don't have to change
>>>> anything in your application.
>>>> - Go from IPv4 transport to IPv6 transport: you don't have to change
>>>> anything in your application.
>>>> - Go from insecure to encrypted networking with IPsec: you don't
>>>> have to
>>>> change anything in your application.
>>>
>>> I'm convinced, but then I learned DECnet IV (protocols and
>>> applications), OSI (protocols and applications), and IP4
>>> (protocols and applications) and IP6 (vision - the rest
>>> was still years away) all in the same few years in the
>>> late 1980s (and not just on VMS either).
>>>
>>> Afaict, the thing that did for DECnet/OSI (Phase V, etc)
>>> was the learning curve of its unified management interface.
>>> Its immediate OSI/VMS predecessor, VOTS/OSAK/etc, was
>>> understandable to near-normal human beings. DECnet/OSI
>>> suffered from "Swiss penknife syndrome".
>>>
>>> IPv6 is still barely more than a vision for most folk. It
>>> may be supplied and enabled with every modern Window box
>>> and many/most Linux boxes, but how many people actually
>>> know they've got it, let alone actually use it?
>>
>> Everybody who has an IPv6 internet connection...
>
> Right. But it doesn't help that your Windows/Linux client comes
> with an IPv6 stack built-in when your router and ISP has it
> disabled anyway. And why should *I* care? Google, Youtube and
> everything else works just fine.

I'm sure it doesn't interest you. The fact that there are no more IPv4 
addresses available, who cares. The fact that this way the internet 
can't expand any more, not important. The fact that ISP's have to use 
carrier grade NAS that cripple all kind of network connections, a futility.

I know Sweden is a bit behind with IPv6, but Belgium for instance has 
over 45% IPv6 connectivity. Google notices a steep incline in IPv6 
traffic, and the end of the year it will be 20% on their servers.

It is interesting to see that you claim that IP is the future, and 
DECnet is the past, and then you're not interested in IPv6 what is the 
necessary future for IP.

>
>  You will use it without
>> knowing it. Every Google request, every Netflix film, every Youtube film
>> will be transported over IPv6. Far more people then you may think.
>>
>>>
>>> Do I want DECnet to hang around? I don't think the question
>>> is properly formed: do we mean protocols on the wire,
>>> applications that people use, or what? Though I suspect
>>> the answer might still be "no" to both questions for many
>>> people.
>>>
>>
>> DECnet as an API for applications, and as the always present
>> functionality
>> in VMS. Not as protocol on the wire, no need you can use IP.
>>
>>> I see OMNI and OSAP are still on the latest VSI roadmap
>>> (a pair of related products which started life as ways
>>> to talk in a formally standardised vendor-independent
>>> way to shop floor machines and other stuff too). Built
>>> originally on OSI networking. I would be interested to
>>> know if they still require an underlying OSI network,
>>> or whether minnows like Siemens, GE, etc (and their
>>> customers) have accepted that IP-only networks are the
>>> future for manufacturing networks for everyone,
>>> everywhere.
>>>
>> Using IP as transport protocol is an OSI standard! It is not DECnet
>> Phase V
>> specific. So I don't see any reason that OMNI and OSAP could not be
>> transported over IP. Now of course Siemens, GE etc. must also have
>> implemented the IP transport stack in their OSI networking for this to
>> work.
>