× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2005

RE: PTF SI0301

>When IBM detects a problem that jeopardizes the integrity of your
>application, they don't want to advertise how to break in, which makes
>sense. 

But, but, but, I thought OS/400 was the perfect system without any
problems! <G>

Seriously, I don't buy the argument. This has been beaten to death in
the IT community as a whole, for all kinds of systems. I for one come
down on the side that says they (IBM) have a responsibility to report
what the issue was and how it was resolved. I may have many systems out
there, and I may not be able to/want to apply this PTF tonight! What's
my exposure? Can I prevent the problem another way? 

If this is a hole that leads to a hack, what kind of hack? Does it leave
a footprint? Can I examine my network/OS/400 logs for anything to see if
I've been exposed? Can I change/tighten a firewall setting? Change a
honeypot entry? Etc.

If this isn't a hacking hole, but a serious system integrity problem,
can I change a process or avoid doing something until I apply this PTF
to avoid the problem? For example, if it's a SQL problem that crashes
the machine, maybe I'll avoid SQL until I apply the PTF.

IBM makes a lot of noise about the stability and integrity of OS/400
compared to other platforms (as do many others on this list) and then
they silently release "integrity PTFs" without explaining the problem
addressed. Not a very tenable position in my view. How many "Integrity
PTFs" have there been? And what's been fixed by them. Let's say there
have been 50 of them -- does each one fix one problem? Ten problems? 100
problems? Without the data we're just taking IBM's word that this is a
stable platform.

The fact that others are willing to accept IBMs word that this is an
important PTF, but "don't worry about why" also disturbs me. We all have
a responsibility for the stability, integrity and security of our
machine and the data/process on them. We can't simply hand this
responsibility off to IBM.

<OFF SOAPBOX>

-Walden


------------
Walden H Leverich III
Tech Software
(516) 627-3800 x11
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)


-----Original Message-----
From: midrange-l-bounces+waldenl=techsoftinc.com@xxxxxxxxxxxx
[mailto:midrange-l-bounces+waldenl=techsoftinc.com@xxxxxxxxxxxx] On
Behalf Of Al Barsa
Sent: Wednesday, October 12, 2005 11:53 AM
To: Midrange Systems Technical Discussion
Subject: RE: PTF SI0301


When IBM detects a problem that jeopardizes the integrity of your
application, they don't want to advertise how to break in, which makes
sense.

Al

Al Barsa, Jr.
Barsa Consulting Group, LLC

400>390

"i" comes before "p", "x" and "z"
e gads

Our system's had more names than Elizabeth Taylor!

914-251-1234
914-251-9406 fax

http://www.barsaconsulting.com
http://www.taatool.com
http://www.as400connection.com



 

             "Jeff Crosby"

             <jlcrosby@dilgard

             foods.com>
To 
             Sent by:                  "'Midrange Systems Technical

             midrange-l-bounce         Discussion'"

             s@xxxxxxxxxxxx            <midrange-l@xxxxxxxxxxxx>

 
cc 
 

             10/12/2005 10:02
Subject 
             AM                        RE: PTF SI0301

 

 

             Please respond to

             Midrange Systems

                 Technical

                Discussion

             <midrange-l@midra

                 nge.com>

 

 





> I'm stunned by the level of detail provided in the cover
> letter of this PTF

Actually I've seen dozens upon dozens of PTFs where all it says is
'Integrity Problem'.  Might even be in the hundreds.  Have to admit, it
surprised me the first time I saw it.

--
Jeff Crosby
Dilgard Frozen Foods, Inc.
P.O. Box 13369
Ft. Wayne, IN 46868-3369
260-422-7531

The opinions expressed are my own and not necessarily the opinion of my
company.  Unless I say so.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.