28-Nov-2005

Another try to get in
Log revealed the attempt to retrieve a file - IIS, given the name:

%%%%%%%%%%% OPCOM 28-NOV-2005 15:30:19.73 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 78.21.97-84.rev.gaoland.net Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051128153020p]

%%%%%%%%%%% OPCOM 28-NOV-2005 15:30:20.12 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 78.21.97-84.rev.gaoland.net
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051128153020p]

in FTP log it shows the attempt costed just a few seconds:

28-NOV-2005 15:30:18.29 User:anonymous logged in ident:Ggpuser@home.com from Host:78.21.97-84.rev.gaoland.net
28-NOV-2005 15:30:19.62 User:anonymous ident:Ggpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
28-NOV-2005 15:30:20.02 User:anonymous ident:Ggpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
28-NOV-2005 15:30:23.03 User:anonymous ident:Ggpuser@home.com status:07649912 CWD dir:_vti_sript
28-NOV-2005 15:30:23.09 User:anonymous ident:Ggpuser@home.com status:07649912 CWD dir:_vti_inf_htlm
28-NOV-2005 15:30:23.14 User:anonymous ident:Ggpuser@home.com logged out

Must have been a script, no data in FTP_RUN.LOG. Maybe something needs to be checked because the last entry is of Nov 15th.

Checking gaoland.net:

Registrant:
LDCOM Networks (ldcomn0-org)
LDCOM Networks
1 square Chaptal
F-92309 Levallois Cedex
FR
Registrar....: Nordnet
Web..........: http://www.nordnet.net
Whois........: whois.nordnet.net
Domain Name: gaoland.net

There is no website www.gaoland.net, nordnet has, but they are just the registrar.

27-Nov-2005

Building CVS (continued)
Tried it with GNV.
First to do is configure. It gives some errors:

bash$ configure
%DCL-W-PARMDEL, invalid parameter delimiter - check use of special characters \.SH\
%DCL-W-IVVERB, unrecognized command verb - check validity and spelling \HOSTINFO\
checking for a BSD-compatible install... /gnu/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
%DCL-W-IVVERB, unrecognized command verb - check validity and spelling \CYGPATH\
checking for prefix by checking for cvs... no
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... no
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc...
cp: cannot create regular file `conftest.dir/depcomp': no such file or directory./configure: ./depcomp: no such file or directory
noneup
checking whether gcc and cc understand -c and -o together... yes
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for AIX... no
checking for ANSI C header files...

and there it ends - no activity left anymore. ^T gives:

DIANA::WILLEM 22:36:51 BASH CPU=00:00:02.42 PF=3448 IO=8279 MEM=289
DIANA::WILLEM_56 22:36:51 SH CPU=00:00:06.58 PF=514 IO=76086 MEM=327
DIANA::WILLEM_80 22:36:51 GCC CPU=00:00:00.15 PF=279 IO=2008 MEM=160

and after some time:

DIANA::WILLEM 22:36:58 BASH CPU=00:00:02.42 PF=3448 IO=8280 MEM=289
DIANA::WILLEM_56 22:36:58 SH CPU=00:00:06.58 PF=515 IO=76087 MEM=328
DIANA::WILLEM_80 22:36:58 GCC CPU=00:00:00.16 PF=280 IO=2009 MEM=161

Why is that? Started another session and watched the system:

OpenVMS V7.3-2 on node DIANA 27-NOV-2005 22:38:02.69 Uptime 12 23:36:26
Pid Process Name State Pri I/O CPU Page flts Pages
21400A0A WILLEM HIB 5 8281 0 00:00:02.42 3448 289
21400A45 WILLEM_56 HIB 5 76088 0 00:00:06.58 515 328 S
21400761 WILLEM_80 RWMBX 6 2010 0 00:00:00.17 280 161 S
$

Willem_80 waiting, that is "GCC" or: CC with some options.

Might be a version problem? Current is 1.5-5, and the latest (as on the HP site) seems 1.6. Downloaded that, but no time for installation.

But perhaps waste of time
Got a comment on the issue of Seti on Nov 22nd: - I'm not the only one that is very displeased with Berkeley's way of doning "Open source development". Others are already busy with the port. I'll wait for that (but will still do the CVS code because I may need that for other " Open" products.

26-Nov-2005

Seti code and what's involved
Or: How "Open" (as in "Open source") is abused.
BOINC (Berkeley Open Infrastructure for Network Computing) can be downloaded, as well as the SETI client. But not directly, at least, no longer. Today, the whole code can only be downloaded using CVS - another Unix "standard" (therefore nicknamed " Open source" ) which I of course don't have on the system. Remember, this is OpenVMS, not Unix. However, it does exist, even on Freeware CD 4 - but a newer version is available, so I downloaded the whole stable version (1.11.21). There is indeed VMS support; that is: there is a directory named VMS, and there are files present - commandprocedures and MMS files - to build the product.
Alas, it doesn't work that way.
First of all, one executable : minigzip.exe, is causing trouble, it seems to require an X11 library that does not exist. But it was found that in the commandprocedure that builds straight forward using C, this source is commented out for buiilding, but the DECRIP.MMS file still contains the reference. And DECRIP.MMS is used, since I have MMS installed.
Easy solution: comment these lines out.

Next problem is compiling diff module, since an include file seems to be missing: fnmatch.h. DIFF.C contains this code:

#ifdef HAVE_FNMATCH
# include /* This is supposed to be available on Posix systems */
#else /* HAVE_FNMATCH */
# include "fnmatch.h" /* Our substitute */
#endif /* HAVE_FNMATCH */

and since the list showed "Our substitute", the conclusion is that HAVE_FNMATCH was not defined.
Looking for this file on the exepected location (SYS$LIBRARY) showed it does not exist there, not in any of the text libraries. But I could find it in the GNV environment, one in the [.DIFF] directory. So I copied that to [.DIFF], and now compilation went on but gave warnings:

int link (const char *__existing, const char *__new);
...........^%CC-W-MISMATPARAM, In this declaration, parameter 1 has a different type than specified in an earlier declaration of this function.
at line number 663 in module UNISTD of text library SYS$COMMON:[SYSLIB]DECC$RTLDEF.TLB;2

Nasty, but I choose to leave that for a moment; it's generic, and shows up in a lot of places.

But finally, it ended with:

&& (VMS_filename_classes[(unsigned char) *n1]
...............^
%CC-E-UNDECLARED, In this statement, "VMS_filename_classes" is not declared.
at line number 669 in file DKB600:[cvs_base.CVS-1_11_21.VMS]FILESUBR.C;1

last_component (path)
^
%CC-W-NOTCOMPAT, In this declaration, the type of "last_component" is not compatible with the type of a previous declaration of "last_component" at line number500 in file DKB600:[cvs_base.CVS-1_11_21.SRC]CVS.H;1.
at line number 906 in file DKB600:[cvs_base.CVS-1_11_21.VMS]FILESUBR.C;1

Because of the error, the commandfile stopped....
This is far more serious, I have to dig into the code now. Or perhaps try GNV?

(Who called this "Open" ? Those Unix guys, propably. If it were really open, I wouldn't have this trouble building it)

22-Nov-2005

Yet another attempt
From today's log:

%%%%%%%%%%% OPCOM 22-NOV-2005 03:18:18.26 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: d078101.adsl.hansenet.de
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051122031802p]

The access is logged in TCPIP$FTP_ANONYMOUS.LOG:

22-NOV-2005 03:18:17.01 User:anonymous logged in ident:Ogpuser@home.com from Host:d078101.adsl.hansenet.de
22-NOV-2005 03:18:18.15 User:anonymous ident:Ogpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
22-NOV-2005 03:18:19.38 User:anonymous ident:Ogpuser@home.com logged out

but TCPIP$FTP_RUN.LOG did not show anything.

NO sources
Checked the seti site (http://setiathome.berkeley.edu/) but the whole set of code can only be downloaded using CVS (which I don't have) or file-by-file using a web interface. No VMS code (like they did have for the classic version) When will educational institutes promote the right way of doing things and educate their students to do things properly? I found one third party site for Alpha (Linux and TRU64), downloaded them but I cannot extract the files since it is in yet another UNIX compression format. Not ZIP, not GZ, but BZ2. Both BOINC and SETI...Perhaps I should contact the author.

21-Nov-2005

Apache 2.1 released
Today I learned that Apache 2.1 has been released (finally), together with a new Tomcat version and a new PHP module, so download of these has been initiated, and installation will be done as soon as possible.
Seti-at-Home changes
The currently running classic SetiAtHome client will become unsuable on December 15th because that site shuts down - and the alternative (Seti/BOINC) is only available on Windows and some Unix versions - not on OpenVMS. Stupid guys. I planned tp port it but there was no real drive to do so - why have this junk on the system? But now I will have to...

15-Nov-2005

Weird visit from Japan
Today's logfile showed a vistor from the other side of the globe - must have been around midnight over there:

%%%%%%%%%%% OPCOM 15-NOV-2005 13:07:30.58 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
UserName: anonymous
Source: mail.hiroshige.co.jp
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.web.temp^.3226]

%%%%%%%%%%% OPCOM 15-NOV-2005 13:07:36.06 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: mail.hiroshige.co.jp
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.temp^.3226]

Anonymous - he thinks - but TCPIP$FTP_ANONYMOUS.LOG reveals the host where the attempt was made from:

15-NOV-2005 13:07:14.68 User:anonymous logged in ident:bot@search.net from Host:mail.hiroshige.co.jp
15-NOV-2005 13:07:42.48 User:anonymous ident:bot@search.net logged out

Some bot trying to steal information?

%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from mail.hiroshige.co.jp at 15-NOV-2005 13:07:12.81
%TCPIP-I-FTP_NODE, client host name: mail.hiroshige.co.jp
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object:
-%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00001: insufficient privilege or file protection violation!
18 more of these, then the first failure logged:
%TCPIP-I-FTP_NODE, client host name: mail.hiroshige.co.jp
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.web.temp^.3226]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00001: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
%TCPIP-I-FTP_NODE, client host name: mail.hiroshige.co.jp
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: -
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00001: insufficient privilege or file protection violation!
4 more, and the second failure:
%TCPIP-I-FTP_NODE, client host name: mail.hiroshige.co.jp
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.temp^.3226]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00001: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
%TCPIP-I-FTP_NODE, client host name: mail.hiroshige.co.jp
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: -
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00001: insufficient privilege or file protection violation!
7 more times trying to get up, and that was enough:
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from mail.hiroshige.co.jp at 15-NOV-2005 13:07:42.53
of the script wore out.

mail.hiroshige.co.jp ---- virus? Just tell them.
www.hiroshige.co.jp shows that this company makes all kind of things (as so many Japanese companies), from motor and airco parts to LCD screens and printed circuit boards. Quite likely that their mailserver was hijacked or hacked.

13-Nov-2005

Updates
Downloaded the latest patches for VMS 8.2 and stored them on the 8.2 disk, and the ones for VMS7.3-2. Applied these to Diana, rebooted, stopped and started TPCIP on Io and within 20 munites, Diana was up-to-date again.
Router issues
Got a message from the router guys. I asked
Can the configuration could be stored off the router? No, it cannot with this product
Can I get the log from the router ? (I know it can be viewed on a PC but I would need extra software on that PC and I want it stored on another machine for processing)
Yes, you can (using that sofware, they told me how but I already knew that!), no clue on the way the data is passed
Can I see what traffic is BLOCKED? No, we just show what is accepted.
So rather useless. Of course I can find out about the log transfer, simple enough. But if blocked traffic cannot be tracked down, how to find out about intrusion attempts? I think to sell this one after I got myself one that allows me to offload the configuration (even my wireless routers allow that!) and log blocked content as well. Or install Charon's configuration on a (very low-power) PC?

10-Nov-2005

Router problems solved
At least, part of it.
Updated the firmware, it seems there has been a DHCP vulnerability, so that may have caused the reset to zero.
Found the way to enable my telnet port (not 23, obviously) so I can use telnet to reach the machinery. Good.
But still the porblem of retrieving the log data. The program: Logviewer, seems to exist on Windows only. Doesn't have to be a problem though, if the format is documented, but I doubt it would be. Well, just ask...
Intrusion prevention
The people behind pppool.de have answered and said they have taken precautions to prevent scanning and abuse of Diana. I like these people!

09-Nov-2005

ALL RISE
Time for the OpenVMS community to rise and tell the world this is waste of time and effort:
Microsoft is planning to build "a secure Operating System", named "Singularity".
Router issues
Kim phoned: "I cannot access internet"- for some reason, Cerberus failed again between 10:00 and 11:00, for both incoming and outgoing traffic didn't work. She was instructed to power-cycle the router and after that, is worked again.
I will reset it each morning, just in case, and look into it deeper in the weekend. It may need an update.
The log of Cerberus is another isssue. It shows incoming and outgoing requests, but not clearly what is denied and what is accepted. And keeping the logs for examination is another problem: moving logs off the router requires specific software - running on a PC. If that cannot be moved off that hardware (port it to VMS), the question is why using this router? If a PC is required to pick up the logs, there is no win; I could re-install Charon to do the routing (and firewalling) instead, for the power required would be the same - and I'd have more facilities (at least, I'm used to it, and I'm not bound to a web-interface).
Of course I could switch off logging completely, but that is not what I want.
Later, it was found that resolving addresses outside the network is significantly slower if to be done by Cerberus, or the first access. I removed Charon as resolver in Diana's DNS and DHCP configurations, but when looking to Aphrodite's IP configuration, both Cerberus and Charon are mentioned as gateways. There must be something left in DHCP; DNS is Ok.
3D buildup
Daphne has received the second Ethernet card, and Dido is put close, and I have to do some configuration on both of them, and on Io, to take that one out of the cluster and make her stand-alone.
Next to be done is Diana (removal of KFPSA (DDSI) and addition of Ethernet card and KZPSB (D-SCSI)) , new power and ethernet cables (as system bus), and connecting all to HSZ50. And, of course, configure the disks....
PC updates
Updated Athene and Aphrodite, Hera needs to be done.
One more script kiddy?
Operator.log showed once again somebody trying to get in:

%%%%%%%%%%% OPCOM 9-NOV-2005 06:56:36.03 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: I9cfc.i.pppool.de
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051109065637p]

TCPIP$FTP_ANONYMOUS shows some data - het simply tries to access a number of directories:

9-NOV-2005 06:56:33.43 User:anonymous logged in ident:Vgpuser@home.com from Host:I9cfc.i.pppool.de
9-NOV-2005 06:56:35.83 User:anonymous ident:Vgpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
9-NOV-2005 06:56:38.23 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:tagged
9-NOV-2005 06:56:38.34 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:Tagged
9-NOV-2005 06:56:38.47 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:TaGGeD
9-NOV-2005 06:56:38.61 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:data
9-NOV-2005 06:56:38.72 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:Data
9-NOV-2005 06:56:38.86 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:^%
9-NOV-2005 06:56:38.97 User:anonymous ident:Vgpuser@home.com logged out

I have seen "SYS$POSIX_ROOT" in other (failed) accessed before but I don't know where it comes from. It might be something that comes with GNV but I cannot find it on Diana (GNV is installed), and in sessoin that are valid - there might be software that uses this automatically as a prefix if the target OS is found to be VMS....
What the message means:

$ write sys$output f$message (07649912)
%UETP-W-NOMSG, Message number 0074BA78

$ write sys$output f$message (%x07649912)
%NONAME-E-NOMSG, Message number 07649912

$ write sys$output f$message (%X12)
%SYSTEM-E-BADPARAM, bad parameter value

$ write sys$output f$message (%X912)
%SYSTEM-E-NOSUCHFILE, no such file

The last one seems the right one; no matter what - it wasn't right.

pppool.de seems to be a domain of just connections: searching for pppool.de on google gave me the info I needed on http://www.gulli.com/tools/whois/pppool.de (a link to be remembered)

domain: pppool.de
descr: freenet Cityline GmbH
descr: Willstaetterstrasse 13
descr: D-40549 Duesseldorf
descr: Germany

They even REQUEST to be informed about abuse on abuse@pppool.de. That's good! They got it.
Source of evil?
Gulli.com offer information on how to become a script kiddy or hacker - in German, but nevertheless - on www.gulli.com/hacking/script-kiddy-howto/ and www.gulli.com/hacking/hacker-werden-howto/. Nice stuff, though, showing where you may go wrong in any Linux distribution. Perhaps, some of these backdoors may have been closed already.
But this is OpenVMS, Not Linux or Windows.

07-Nov-2005

A weekend job:
Hardware setup
Created a number of power lines, it's cheaper to create them than bying ready ones - I just needed to buy the plugs since I already got the wire. Three fro now, where I need five (and one spare, in case Charon is needed again) because the machine-side plugs were hard to get.
3D cluster in view...
Dido has now been set up - that is: basically: no network (DECNet/TCPIP), no queues...But all licences have been loaded and Dido is part of the cluster. It's a 144Mb box (2x64 + 4 x 8Mb), so if my spaer memory fits, it might even grow to 256. Still have to see Daphne's memory confuguration, might be similar, or smaller - in either case, update to more memory might be possible. Since the SIMMs were originally for Diana, it might work. Then, I would have a real 3D cluster (Diana, Daphne and Dido, all 256Mb - and all 8.2).
..but needs preparation
Removed the graphics card and installed a DE500B NIC instead (the machine as only 2 PCI slots: One for the Differential SCSI adaptor, and one for the second network card). The on-board 10Mb NIC will be used as a "system bus" to other cluster members), the other to be set to 100Mb Full Duplex for normal communication. The same will be done on Daphne, the opposite to Diana (where an additional DE500x will be set to 10Mb Full, or Half Duplex, as are the ones on the Alphastations - since that one doess not support 100Mb FD, as does the built-in one).
I got the HSZ50 and BA356 reference manuals via ITRC so the next thing to do - after I made a number of extra power cords - is configurating the controller and the disks beyond.
A test of Cerberus
It seems there is no trouble accessing the company's secured POP channel via Cerberus, since the site could be accessed by Diana - and I got the mail on Io. Wait and see, it might have come via another way.
Access to any external resource seems faster, once a name is resolved. It might be the issue that Cerberos cannot be used as a forwarde, perhaps I need to do some extra setup on Cerberus, or have Diana (or another machine) do all DNS - including external. No real problem, I think, when all VMS machines have been updated to 8.2.
Access to Io for mail (the test of Communigate!) is slower, needs a re-load, but that could be caused by attempts to contact Charon first. So Io's configuration needs to be checked.
Telnet access (to Diana, fro now) remains blocked, for some reason. Tried that the weekend but I couldn't find a clue in Cerberos' log whether is was blocked there. This is undesireable, so needs to be solved. Trying to find out why it's is not accepted.
But for the rest, all seems Ok. Not just from Diana, IO or Aphrodite, from Hera as well. The kids will like that!
(did I do somethig else: Of course I did. Saturday I cleaned the computer room and workplace, and sunday I had a 15 mile bike away + 15 mile walk back trip.)
Update: PROBLEMS
During the day the internet connection broke: Not any web was accessable. First thought was "power failure", but it turned out that Diana was just running smoothly. Examinaing Cerberus showed that the external address was zeroed, but the DNS references at the ISP were still correct. Power-cycled the router, and the address was restored.

IO seemes to have trouble also, with disks:

%%%%%%%%%%% OPCOM 7-NOV-2005 13:19:27.01 %%%%%%%%%%%
(from node IO at 7-NOV-2005 12:30:23.72)
Device $2$DKA0: (IO) is offline.
Mount verification is in progress.

%%%%%%%%%%% OPCOM 7-NOV-2005 13:43:20.55 %%%%%%%%%%%
Logfile time stamp

%%%%%%%%%%% OPCOM 7-NOV-2005 14:19:27.01 %%%%%%%%%%%
(from node IO at 7-NOV-2005 13:30:23.73)
Device $2$DKA100: (IO) is offline.
Mount verification is in progress.

%%%%%%%%%%% OPCOM 7-NOV-2005 14:43:20.65 %%%%%%%%%%%
Logfile time stamp

%%%%%%%%%%% OPCOM 7-NOV-2005 15:19:28.05 %%%%%%%%%%%
(from node IO at 7-NOV-2005 14:30:24.79)
Mount verification has aborted for device $2$DKA100: (IO)

and the last has happened a number of times. Nuw it looks Ok - but DKA100 could be broken, and that's the one that holds Communigate.

Not sure what has happened in both cases. Cerberos log doesn't show anything - and there is not time to investigate Io this moment, it's too late. See to that tomorrow.

05-Nov-2005

Charon retired
I retired Charon - because modern hardware requires less power, and should be as good. So I replaced Charon by Cerberos - also Linux based, with less elaborate facilities but doing it's job. I had trouble with accessing Diana by Telnet (you don't have to try, it's a different port) but all the rest seems to work: SMTP, HTTP, HTTPS...to both Diana and IO, and outgoing traffic has no trouble (at least, I found no issues yet).
Charon will be held standby - just in case.
(Update)
Well, there is ONE problem. The company's POP channel (not the default 110) seems unusable; Nothing gets through. But it's hard to check in the weekend. See that on Monday.
But for the rest, it works as far as I can see. Only logging should be transferred.

Hardware
I collected the last hardware yesterday : the remaining 36Gb disks, another 9Gb one, a terminal sercer (that might be broken) and DE500B NICs for the Alphastations, so the clusterinterconnect could be on a separate network; the internal 10Mb NICs for the clusterbus and the 100Mb for the the normal LAN traffic.
(Update)
I had one Alpha left, running NT (3.5), and decided it a good moment for installing VMS on it. First, I had to upgrade teh SRM to the latest version (7.0) by floppy disk, next I could install VMS 7.3-2 from CD. How long THAT takes. HOURS!
Name of the machine to start with "D" to keep in line with the other ones: Dido.

04-Nov-2005

Caught one more
This morning I found one more in yesterday's operator.log:

%%%%%%%%%%% OPCOM 3-NOV-2005 16:18:14.05 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: p50836684.dip.t-dialin.net
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051103170802p]

According TCPIP$ftp_anonymous.log, the access duration was about 1.50 seconds:

3-NOV-2005 16:18:12.64 User:anonymous logged in ident:Ogpuser@home.com from Host:p50836684.dip.t-dialin.net
3-NOV-2005 16:18:13.85 User:anonymous ident:Ogpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
3-NOV-2005 16:18:14.24 User:anonymous ident:Ogpuser@home.com logged out

This one also tried to access (IIS?) directories - of course not present on Diana:

%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from p50836684.dip.t-dialin.net at 3-NOV-2005 16:18:12.35
%TCPIP-I-FTP_NODE, client host name: p50836684.dip.t-dialin.net
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: /pub/
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00002: Failed to set default directory
%SYSTEM-W-BADIRECTORY, bad directory file format

and the same happened for these:

%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /incoming/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/

Trying to push something on them and break in. How pathetic...
Of course, tried to create one, on a READ_ONLY location (but he doesn't know that!):

%TCPIP-I-FTP_NODE, client host name: p50836684.dip.t-dialin.net
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.051103170802p]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00002: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation

I guess it was this UPLOAD directory:

%TCPIP-I-FTP_NODE, client host name: p50836684.dip.t-dialin.net
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: /upload/
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00002: Failed to set default directory
%SYSTEM-W-BADIRECTORY, bad directory file format
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from p50836684.dip.t-dialin.net at 3-NOV-2005 16:18:14.29

and the script broak down because it didn't exist.
I'm happy to have a VMS box.

The attempt was made from a German ISP, when I accessed http://www.t-dialin.net I got to http://www.t-online.de so these will be warned about the attempt.

02-Nov-2005

Updates
of Time...
Change because of Daylight Saving Time setting. No issues on any system. Just Windows asks, as if it's not sure it did it right...
Perhaps, set all systems to GMT - without DST, but that would confuse everyone but me. So no, to keep everybody happy...
of Windows...
The Windows boxes have their VirusScan updates automatically so whenever they start up, it will download and install McAfee updates autoomatically. Matter of minutes (a few, at least). But on Hera the kids (they usually login adn do NOT logout) have no Administrator rights so I still have to login, at least once a week, to get the updates installed.
No windows updates, this time. Not signalled, not downloaded, but I think there must be...
of VMS...
As suggested on the ITRC forum, I chnaged the format of the compressed file:
$ set file/attr=(fm:fix, lrl:512) -
_$ DEC-AXPVMS-TCPIP-V0505-11ECO1-1.PCSI$COMPRESSED;1
and now it could be installed. Since IO is not so fast, it took some time.
In the mean time, downloaded the new verion of SBW (aka Mozilla) that previously failed to install - now it suceeded without problems.
After that was done, IO was rebooted, and, again, CommunigatePro was not started. Found the reason in the logfile (since that part is done in batch, like on Diana): IO_DATA is not known. Obviously, since DKA100 (the disk labeled IO_DATA) is mounted later in the procedure. So moved start of Communigate to after mounting the disk.
The changes still have to be applied to the 8.2 mother disk; the files have been copied on that before using them on IO so the file attributes are still wrong.
Hardware preparations
Added the KZPSB-CY cards (differential SCSI) in both Alphastation 200's and hooked up the HSZ50, in preparation of starting up the machines. But I still have to configure the BA356 IO units, collect the remaining 36GB disks, and get power cords and netwerk connections. Also, the DSSI cards need to be inserted, but one of the Alphastations carries a graphics card, so I'm out of PCI slots there....
Monthly maintenance
As usual at month change, zipped the operator logfiles and cleaned up Diana's system disk.
The backup from the disks hosted by HSD04 (DSSI disk unit) was incorrect so I re-inited USER2 - a 36Gb disk, and created two directies on it: one for DIAo and one for DIA100. Next, I started a backup session for each of the disks to copy all files from these RAID volumes to their own directory on USER2, so that BA356 is now free to be used in combination with the HSZ50. This backup is now correct.

01-Nov-2005

Bad habits emerge...
Read my comments on Google on 25 Oct 2005. I sent them a message and this was their reply:

As you may know, Google finds sites and FTPs for our index when our robots crawl the web, following hyperlinks. To restrict crawling of your ftp server, please disallow anonymous access to the server. This will prevent our robots from crawling it.

I know they do, and therefor I have a robot.txt on each of the webs to prevent them crawling some paths. I think they obey the rules in robot.txt because paths I blocked do not occur in their indexes. I do not know how their bots work, but for what I see in the logs of the firewall and the webserver, the bot accesses port 80, reads robot.txt and fllows allowed links.

But for anonymous FTP sites, I think they use a different approach: just access port 21 and crawl down. Removal of anonymous FTP to prevent the bot accessing the anonymous website in unaccaptable. I told them:

I consider this unacceptable.I can block (I hope) unwanted crawling of the website by specifying accaptable paths in robot.txt. Tne very same method should be used by crawling anonymous FTP sites. I may need anonymous FTP but do not want them crawled.

I will keep a keen eye on google's access to the site.
Besides that: It's not the access that bothered me. It's the access to devices they seem to access (and that failed). So they just missed the point.