Number 73 (Update of Volume 7, Issue 7)

Secure your 3000 from Denial of Service attacks

If your HP 3000 is directly connected to the Internet, it's at risk of being stuffed with a Denial of Service attack. These are the kinds of hacker probes that brought the likes of Yahoo and other major sites to a standstill. HP has engineered a security fix for the leak, one that all of HP's operating systems share. The problem is detailed on the CERT security advisory Web page that tracks Computer Emergency Response Team activities. Check it out at the CERT Web site.

Your HP 3000 fix for the security vulnerability is a patch for the system's SNMP software. Numerous vulnerabilities have been reported in multiple vendors' SNMP implementations. The vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior.

Customers on support are advised to contact the HP Response Center and request patches for SNMP SR 8606-248966.

For MPE/iX 6.0: SNMGDL9, NMSGDF2, NMCGDF3
For MPE/iX 6.5: SNMGDM0, NMSGDK9, NMCGDM5
For MPE/iX 7.0: SNMGDM1, NMSGDD6, NMCGDM6

Note: The SNMP patches also include the fixes for SNMP denial of service SR 8606-206689. They are in Beta Test status as of early April.

HP's James Hofmeister of the Network Expert Center is also recommending customers consider installing the following General Release network patches for SNMP support of 100-BT & 100-VG links as appropriate:

For MPE/iX 6.0: BT1GD34, VG1GD37, VGFGD40
For MPE/iX 6.5: BT1GD35, VG1GD38, VGFGD41
For MPE/iX 7.0: BT1GD36, VG1GD39, VGFGD42, PBTGD53, ACCGD85

Do a beta test on a needed patch

The Denial of Service (DoS) security patches listed above for the HP 3000 remain in Beta Test status as HP released them, according to HP's James Hofmeister. Patches for the 3000 remain something that managers avoid if they can, so they tend to sit in beta test longer than on some platforms which need plenty of patches. This reluctance to patch can work against the 3000 community in general, because new operating system functionality comes to the 3000 through patches.

Changing a system by patching it can be a process with some risk, but it seems the security patch for D0S merits a quick beta test period to help protect HP 3000s in an Internet-driven world. The beta test period will be determined by customers as much as by HP; the more people who try out the patch, the faster it moves into General Release status. The free Patchman/iX shell script makes managing the installation of patches on the 3000 easier than before, and we recommend you get a copy of Patchman at his Web site and move the D0S patches into the 3000's mainstream.

For more detailed information on patching strategies, subscribers will want to look up net.digest editor John Burke's article on Patchman in our archives: <www.3000newswire.com/subscribers/netdigest-9912.html>

JetBlue takes off with massive IPO

Just before we sent off this issue of the Online Extra we spotted news from Wall Street that amounts to a "good show!" for the HP 3000. JetBlue, the regional airline that's become the darling of US East Coast travellers for its low fares, cushy leather seats and satellite TV in every seat back, pushed back from the US stock exchange gates with a $150 million IPO. The stock (symbol JBLU, if you're inclined to trade) opened at $32 a share and closed at $44 on the day. The company opens each business day with HP 3000s running its reservation operations.

JetBlue's CEO, David Neeleman, started the OpenSkies software company which was once part of HP's high hopes for the platform (along with his partner Dave Evans). Evans stayed with OpenSkies, now part of PRA Solutions when HP sold off the software business which 3000 division manager Harry Sterling had purchased in 1998. Neeleman is an unusual executive for the airline industry, according to an account from last spring in Fortune . But his company has followed the march set up by Southwest Airlines in efficient automation, including the use of HP 3000s in the IT center. Southwest established ticketless fares — a staple at JetBlue — long before the rest of the industry, powered by HP 3000 software which was modeled by Neeleman and Evans from their days at Morris Airlines. The OpenSkies solution looks like it's part of the wind beneath JetBlue's wings after its successful IPO in the airline business -- a sector where only Southwest and JetBlue are flying high.

Merger hardball gets leaked, so HP calls cops

Employees inside HP are still trying to get the truth out about the company's relentless drive to merge with Compaq, so now HP's top management is calling on police help to keep secrets from being leaked. Over at the San Jose Mercury News, Michelle Quinn and Tracy Seipel broke a story about HP's CEO -- in a voicemail, she's asking her CFO Bob Wayman to take "extraordinary measures" to give something to swing Deustche Assets' millions of shares to HP's side on the March 19 merger day. This presentation to Deustche was the one HP apparently was undertaking while it delayed the start of its merger meeting 30 minutes. All that, including the voicemail, is likely to become evidence in former director Walter Hewlett's lawsuit to be tried April 23-26.

These two reporters had a voicemail from inside HP dropped in their laps, one with the CEO's voice which has been confirmed by HP. They got HP to comment, along with some comment from legal experts. Read their story about their efforts yourself at www.siliconvalley.com/mld/siliconvalley/3031960.htm. And check out the HP CEO playing hardball in the transcript at www.siliconvalley.com/mld/siliconvalley/3032968.htm Some are beginning to call this "Walter-gate," as the stakes rise and the secrets surface.

It looks like someone inside HP thought this arm-twisting was bad behavior, and provided the San Jose paper with some evidence. Now HP has filed an e-mail with the SEC which it also sent to its employees, a message warning them that voicemail at HP is company confidential. HP promises to prosecute whoever sent Carly Fiorina's voicemail "to the fullest extent of the law," and it is engaging the help of law enforcement in the Bay Area.

Of course, the law enforcement investigations are going both ways now, with the SEC and the US Attorney's office asking HP in early April for copies of communications between HP and Deustche Assets.

Hewlett continues to get help from HP employees to build a case for his lawsuit, saying he's now gained proof the integration of the two companies was proceeding a lot worse than HP claimed to its investors. He's trying to work out a confidentiality agreement to guard the identity of HP employees ready to testify, but HP has only agreed to keeping the list of whistleblowers inside the files of its in-house counsel.

Here's our opinion. After kicking Hewlett off the HP board, the directors are now doing their best to silence employees about matters important to the company's future, as well as shareholders' investments. HP's board seems to have an inability to get to the heart of what Walter Hewlett believes, perhaps because they struggle to register his differing point of view. Differing points of view are essential in corporations of any size. They make initiatives better, leaner. Shareholders could count on Hewlett raising dissent inside the HP boardroom -- and it looks like the board knew it could count on that dissent, too.

The venue for this dissent apparently became too severe for the rest of HP's board. When Hewlett took his dissent out of the boardroom and into the courtroom, the board balked. Inside the boardroom, they make the rules. Inside a courtroom, the state of Delaware makes the rules. And yes, there are rules in business, in spite of how things may appear today. Getting to the bottom of what happened March 19 is worth the wait. Unlike voters for president in the US, HP shareholders aren't assured of getting another chance in four years to vote on the merger matter. For the moment, the shareholders have lost the ability to elect a dissenting voice.

On the Motley Fool financial Web site, the analysts are saying HP's ouster of Hewlett makes investors want to bolt, too. Carly Fiorina's lack of oversight, they say, is dangerous. Read for yourselves at the Fool's site.

It's a sad thing to watch such a revered company become so focused on a single method of growth. Though HP put "invent" under its logo in 1999, it seems to have lost the ability to invent a growth method other than the merger. HP may well have lost its dissent from its boardroom. The dissent still remains in half of its investors, as well as thousands of HP employees. Lots of good people will leave HP beyond the merger. Their departure will make customers experience changes in the HP they thought they knew. Then a new set of HP customers will begin to experience the dismay that HP 3000 owners have felt over the past five months.

Texas to corral 3000 advice at RUG meeting

Organizer Julie Tereshchuk promises the HP-Compaq merger will provide fodder for the keynote at the Greater Houston Regional Users Group's two-day "All Texas" conference May 13-14 at the Raddison Hotel near the Astrodome. The first day of the conference will concentrate on "Immediate and Near Term Solutions" for the HP 3000 user, including Paul Edwards offering details on the installation and features of MPE/iX 7.0, Lee Tsai talking about migration tools, Craig Lalley offering IMAGE optimization techniques, and a full-day MPE Migration Boot Camp from Birket Foster of MB Foster Associates. You can register at an Early Bird rate of $175 until May 1 at the user group's Web site, www.ghrug.org -- or skip the May 14 migration messages and just go for the May 13 program with MPE/iX 7.0 and IMAGE advice for a paltry $75. Contact the hotel directly for room reservations at 713.748.3221. Sponsors for the conference include Speedware, MB Foster, and IBM's AS/400 and iSeries migration partner Sector 7.

Getting MPE/iX 7.0 right -- and ready for 9x7s, perhaps

Careful reader and prolific contributor Stan Sieler commented on our last Online Extra, assuring us he believes the HP 3000 labs inside CSY will have time enough to make 7.0 and 7.5 production-safe releases. What's even more interesting is that Sieler believes the 7.0 release has a chance to become operable once again on the many 9x7 Series HP 3000s. Sieler writes:

"HP will be supporting MPE and fixing bugs past 2003, thru 2006. Thus, I'm not worried about getting 7.0 or 7.5 (or whatever) "right". I'd recommend every user who *can* run 7.0 be on 7.0. I'll probably be recommending that every user who *can* run 7.5 be on 7.5."

"A number of people are lobbying HP to allow 7.0 (and/or 7.5) to run on 9x7 machines, which would increase the testing base. Also, I've suggested that if the stated reason for not putting 7.0 on 9x7s was a lack of testing resources, then maybe the user community can help HP. The users, or Interex, could run copies of HP's validation suites on 9x7s, and forward the results back to HP. I wish I'd thought of that during the 2001 SIGSoftVend meeting, when HP announced their decision!"

7.0 ran on the 9x7 systems in its VAB Prep version, the one shipped to software vendors to test their products before HP rolled out 7.0 one year ago. Once the customer release surfaced, HP prevented 7.0 from running on the 9x7s with a software instruction that has it look to see if the 3000 is a 9x7.

"At SIGSoftVend," Sieler said, "the [software vendors] pointed out to HP that they aren't happy about having to support some customers on 6.0 (HP-IB), some on 6.5 (9x7), some on 7.0, some on 7.5, etc."

For the moment, the 6.5 release of MPE/iX is the last supported release for 9x7 customers, and the end of its support life from HP is December, 2003. Sieler's company Allegro Consultants, as well as other independent software service providers, offer MPE/iX support for those who can't get it -- or afford it -- from HP.

CAMUS extends early-bird rate for ERP show

You have until April 19 to sign up for the cheap rate at this year's CAMUS manufacturing and ERP conference in Denver, as the manufacturing society extended the deadline for the $700-member, $900-non-member rates. The four-day show in Denver May 19-22 offers intelligence about ERP solutions on many platforms including MANMAN on HP 3000s, and you can get details at www.camus.org.

Patch up 6.0 DNS software

Software support for the 6.0 version of MPE/iX drops off in October of this year, but HP might be surprised how many of its 3000 customers are still using the release. Once HP cuts off 6.0 support, patches will be harder to come by, so it may be useful to catch on those you might have missed. We saw a notice for Domain Name Services (DNS) fixes for 6.0, patches that have already been through beta tests and are General Released. Patch NSRGD65 just went into General Release in late February after being cut last summer. One of the problems it fixes is the flaw where gethostbyaddr does not close a TCP connection. You can download it at www.itresourcecenter.hp.com.