[Info-vax] VSI and Process Software announcement

Sat Sep 24 09:38:05 EDT 2016

On 2016-09-24 00:11:09 +0000, IanD said:

> I ended up having to redo a number of the installs too, partly because 
> I didn't know what I was doing and partly because it's just too easy to 
> make mistakes or miss something

I work with servers that are trivial to reinstall, while preserving 
add-on applications, users, and settings.  Sure, you can wipe and 
reinstall, or you can install the OS over itself if there's been a disk 
error or an accidental or malicious file corruption somewhere, or other 
oddity.

> Security and stability is enhanced by boiler plating what is known to 
> work rather than choosing from a myriad of options

Leading folks to proper choices, and making it harder to make bad 
choices, and scheduling and deprecating and then entirely removing 
known-insecure mechanisms and implementations.

Sitting on broken code or broken designs for reasons of compatibility 
is a Really Bad Idea.  But I'm being polite.

> I'd eventually like to see standard hardware with options selected as a 
> ready-made package install with all the configuration already done - 
> like what you can buy on Amazon when you buy a pre-configured OS + 
> package install. Much much easier to do when OpenVMS will be on a VM 
> host because hardware options will be more uniform

That's system and application profiles, and provisioning portals.  
That's something I've commented on and requested before, but too far 
out of scope for an IP overhaul.  I work with other platforms that 
support these capabilities, and the ability to tailor an install or a 
user environment is exceedingly useful.   To see just the tip of what's 
available here on other platforms, search for MDM; mobile device 
management.   This is rapidly spreading beyond mobile devices and 
client computers into servers and application management, too.

> We might even get to the stage where OpenVMS is run from a single 
> distribution file and unpacked and run in memory as a turn-key. No more 
> having to update EXE's or code in myriads of directories and scan for 
> security breaches and/or corruption. Updates would be simply a matter 
> of download a single file. Checksumming an entire system then becomes 
> much easier as it's just one single file. We could then finally move 
> towards separating the OS from user data totally and could then lock 
> down the OS even further. It's much easier to ring-fence a static or 
> near static area than a dynamic one

There's still going to need to be an incremental update mechanism, at 
least until the trade-off between update size and network bandwidth 
tilts.

> OpenVMS needs to pick up the security mantle it once had and forge 
> ahead with new ideas to attract people back to it - security going 
> forward is going to become a major issue. Performance gains will slow, 
> storage will get faster but security IMO will become more important 
> than ever and a big diffirentitor

That also includes application security — OpenVMS stinks at that, in 
terms of what's offered, in terms of how the applications are isolated, 
and in terms of the application security I've encountered — and better 
and faster handling of patches and crashes.

Again, there's more than a little work here.

-- 
Pure Personal Opinion | HoffmanLabs LLC 