[Info-vax] What would you miss if DECnet got the chop? Was: "bad select 38" (OpenSSL on VMS)

Sun Sep 18 10:31:15 EDT 2016

Dirk Munk wrote:
> Jan-Erik Soderholm wrote:
>> Den 2016-09-18 kl. 14:09, skrev Dirk Munk:
>>> johnwallace4 at yahoo.co.uk wrote:
>>>> On Sunday, 18 September 2016 11:32:44 UTC+1, Dirk Munk  wrote:
>>>>> David Froble wrote:
>>>>>> Dirk Munk wrote:
>>>>>>> Paul Sture wrote:
>>>>>>>> On 2016-09-17, David Froble <davef at tsoft-inc.com> wrote:
>>>>>>>>> Stephen Hoffman wrote:
>>>>>>>>>>
>>>>>>>>>> I'd be seriously tempted to announce the deprecation and eventual
>>>>>>>>>> removal of DECnet, for that matter.
>>>>>>>>>
>>>>>>>>> Booo!  Hisssss!
>>>>>>>>>
>>>>>>>>> Ok, we know it's not secure.  Run at your own risk.
>>>>>>>>>
>>>>>>>>> I'm guessing that DECnet users use it only in house, for FAL and
>>>>>>>>> such, so if the
>>>>>>>>> in house environment is secure, then security isn't an issue for
>>>>>>>>> DECnet.
>>>>>>>>>
>>>>>>>>> If it's not going to take up time and effort, then why kill it
>>>>>>>>> off?
>>>>>>>>>
>>>>>>>>> I personally find it can be useful.
>>>>>>>>>
>>>>>>>>> It sure is handy when you need to shutdown and re-start TCP/IP
>>>>>>>>> on a
>>>>>>>>> remote (but
>>>>>>>>> in house) system.
>>>>>>>>
>>>>>>>> I'd certainly miss one or two things that DECnet does:
>>>>>>>>
>>>>>>>> o - the ability to do a SET HOST 0 /LOG= to get a log / audit trail
>>>>>>>> of software
>>>>>>>>     installations and configuration sessions.   Yes, many terminal
>>>>>>>> emulators can
>>>>>>>>     do logging, but those logs aren't on the target system.
>>>>>>>>
>>>>>>>> o - using DECnet as a means of placing BACKUP savesets on another
>>>>>>>> node, and
>>>>>>>>     restoring them from other nodes (where 'other' can be either
>>>>>>>> local or
>>>>>>>>     remote).
>>>>>>>>
>>>>>>>> o - DECnet tasks.  Useful but I haven't seen many customers use
>>>>>>>> these.
>>>>>>>>
>>>>>>>> o - FAL
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> First of all, which DECnet do you mean?  DECnet Phase IV should have
>>>>>>> been abandoned years ago, DECnet Phase V has been the successor for
>>>>>>> years now, but many DECnet users are just to plain lazy to learn how
>>>>>>> it works. They took a look at the UI, concluded that is was very
>>>>>>> different from the NCP commands of Phase IV, and just gave up. Or
>>>>>>> are
>>>>>>> they too stupid to understand it?
>>>>>>
>>>>>> I use IV, which suits my purposes.  Sorry you don't approve.
>>>>>> Actually,
>>>>>> I don't give a damn what you think.  If you're going to take the
>>>>>> attitude that it's your way or the highway, well, good luck, you''ll
>>>>>> need it, but I don't think you'll have it.  People are allowed to
>>>>>> have
>>>>>> differing opinions.  Even stupid people like me.
>>>>>>
>>>>>>> Has no one ever noticed the analogy between Windows and VMS in this
>>>>>>> respect? Windows uses Netbios over IP the same way VMS can use
>>>>>>> DECnet
>>>>>>> Phase V over IP. Or have you ever heard of Microsoft abandoning
>>>>>>> Netbios in favour of plane IP stuff like FTP etc. ?
>>>>>>>
>>>>>>> Besides DECnet we also have cluster traffic. It is also insecure. So
>>>>>>> let's just abandon VMS clusters as well???
>>>>>>>
>>>>>>> DECnet and cluster traffic can both use IP for transport. How to
>>>>>>> make
>>>>>>> that traffic very secure? It is so simple, use IPsec! But when I
>>>>>>> proposed that in this forum, it was made very clear that I'm an
>>>>>>> idiot
>>>>>>> to propose the only way to encrypt IP traffic that has an real
>>>>>>> architectural idea behind it, instead of the many hobby solutions
>>>>>>> like
>>>>>>> SSL, SSH etc.
>>>>>>>
>>>>>>> But again, you must make an afford to implement IPsec, and we don't
>>>>>>> want to do that. Quick and dirty solutions that are prone to lots of
>>>>>>> maintenance on the application level are much and much better.
>>>>>>> Thinking in layers, whereby encryption is part of the network and
>>>>>>> has
>>>>>>> nothing to do with applications, idiotic.
>>>>>>>
>>>>>>> So yes, you can use all the nice features DECnet has to offer,
>>>>>>> but no
>>>>>>> one cares to deal with these days. And you can use it in a safe
>>>>>>> way as
>>>>>>> well. Oh yeah, and remember, DECnet is deeply embedded in VMS, VMS
>>>>>>> was
>>>>>>> build around the idea of networking with DECnet. You do remember how
>>>>>>> full VMS file specifications looks?
>>>>>>>
>>>>>>> node::disk:{directory}file.extension.version
>>>>>>
>>>>>> Yes, my thoughts also ....
>>>>>>
>>>>>>> It start with node::
>>>>>>>
>>>>>>> Try that with plain IP.
>>>>>>>
>>>>>>> Some one recently wrote a article about the status of IPv6, and
>>>>>>> about
>>>>>>> the status of RFC's . It was shocking to read what an enormous
>>>>>>> mess it
>>>>>>> is. That is the problem with IP, it is one enormous out of hand
>>>>>>> hobby
>>>>>>> project with lots of overlapping poorly defined 'standards' that are
>>>>>>> really no standards at all (!!).  It is exactly what we should not
>>>>>>> have in times that well structured security and dependable network
>>>>>>> communication is of the utmost importance.
>>>>>>
>>>>>> In general I agree with what you've written.  I consider DECnet as a
>>>>>> part of VMS, and if one really doesn't want VMS, then just go and use
>>>>>> something else.
>>>>>
>>>>> Thanks David.
>>>>>
>>>>> My ideas about Phase IV are not just opinions. Phase IV is a dead end,
>>>>> it won't be long before you can't buy routers for Phase IV. You can't
>>>>> make Phase IV traffic secure, you can't use it in a IP-only network
>>>>> environment, you can't use it over the internet. Those are facts, not
>>>>> opinions.
>>>>>
>>>>> I will go further then that. By sticking to DECnet Phase IV, you will
>>>>> affectively kill DECnet. If DECnet is nothing else then an IP port for
>>>>> your network people, then who cares. If it is a completely different
>>>>> network environment, it will be all the more reason to kick DECnet and
>>>>> even VMS out.
>>>>>
>>>>> Does this make sense to you?
>>>>>
>>>>> I'm sure DECnet Phase IV suits your purpose, but the nice thing with
>>>>> DECnet is nothing changes on the application level when you go from
>>>>> Phase IV to Phase V. Now look at IP, go from IPv4 to IPv6. You have to
>>>>> rebuild your application, put two networks stacks in for as long
>>>>> you're
>>>>> using dual stack.
>>>>>
>>>>> So in your case:
>>>>> - Go from DECnet Phase IV to DECnet Phase V: you don't have to change
>>>>> anything in your application.
>>>>> - Go from OSI transport to IPv4 transport: you don't have to change
>>>>> anything in your application.
>>>>> - Go from IPv4 transport to IPv6 transport: you don't have to change
>>>>> anything in your application.
>>>>> - Go from insecure to encrypted networking with IPsec: you don't
>>>>> have to
>>>>> change anything in your application.
>>>>
>>>> I'm convinced, but then I learned DECnet IV (protocols and
>>>> applications), OSI (protocols and applications), and IP4
>>>> (protocols and applications) and IP6 (vision - the rest
>>>> was still years away) all in the same few years in the
>>>> late 1980s (and not just on VMS either).
>>>>
>>>> Afaict, the thing that did for DECnet/OSI (Phase V, etc)
>>>> was the learning curve of its unified management interface.
>>>> Its immediate OSI/VMS predecessor, VOTS/OSAK/etc, was
>>>> understandable to near-normal human beings. DECnet/OSI
>>>> suffered from "Swiss penknife syndrome".
>>>>
>>>> IPv6 is still barely more than a vision for most folk. It
>>>> may be supplied and enabled with every modern Window box
>>>> and many/most Linux boxes, but how many people actually
>>>> know they've got it, let alone actually use it?
>>>
>>> Everybody who has an IPv6 internet connection...
>>
>> Right. But it doesn't help that your Windows/Linux client comes
>> with an IPv6 stack built-in when your router and ISP has it
>> disabled anyway. And why should *I* care? Google, Youtube and
>> everything else works just fine.
>
> I'm sure it doesn't interest you. The fact that there are no more IPv4
> addresses available, who cares. The fact that this way the internet
> can't expand any more, not important. The fact that ISP's have to use
> carrier grade NAS that cripple all kind of network connections, a
> futility.

Carrier grade NAT of course, not NAS.

>
> I know Sweden is a bit behind with IPv6, but Belgium for instance has
> over 45% IPv6 connectivity. Google notices a steep incline in IPv6
> traffic, and the end of the year it will be 20% on their servers.
>
> It is interesting to see that you claim that IP is the future, and
> DECnet is the past, and then you're not interested in IPv6 what is the
> necessary future for IP.
>
>>
>>  You will use it without
>>> knowing it. Every Google request, every Netflix film, every Youtube film
>>> will be transported over IPv6. Far more people then you may think.
>>>
>>>>
>>>> Do I want DECnet to hang around? I don't think the question
>>>> is properly formed: do we mean protocols on the wire,
>>>> applications that people use, or what? Though I suspect
>>>> the answer might still be "no" to both questions for many
>>>> people.
>>>>
>>>
>>> DECnet as an API for applications, and as the always present
>>> functionality
>>> in VMS. Not as protocol on the wire, no need you can use IP.
>>>
>>>> I see OMNI and OSAP are still on the latest VSI roadmap
>>>> (a pair of related products which started life as ways
>>>> to talk in a formally standardised vendor-independent
>>>> way to shop floor machines and other stuff too). Built
>>>> originally on OSI networking. I would be interested to
>>>> know if they still require an underlying OSI network,
>>>> or whether minnows like Siemens, GE, etc (and their
>>>> customers) have accepted that IP-only networks are the
>>>> future for manufacturing networks for everyone,
>>>> everywhere.
>>>>
>>> Using IP as transport protocol is an OSI standard! It is not DECnet
>>> Phase V
>>> specific. So I don't see any reason that OMNI and OSAP could not be
>>> transported over IP. Now of course Siemens, GE etc. must also have
>>> implemented the IP transport stack in their OSI networking for this to
>>> work.
>>
>