On Friday, July 7, 2023 at 10:29:36 AM UTC-4, David Turner wrote:
> https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/
>
> So you have exploits that affect the x86 EFI
> Then you have exploits that hit VMWare
> So before you even run OpenVMS you have two major issues to be concerned about.
>
> Is VSI ever going native X86 OpenVMS (on Proliant DL380 G10?)or it is still a "layered" piece of cheesecake?
>
>
> David

That is what I have been asking them for months ...

On 7/7/2023 2:34 PM, Pizza RAC wrote:
> On Friday, July 7, 2023 at 10:29:36 AM UTC-4, David Turner wrote:
>> https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/
>>
>> So you have exploits that affect the x86 EFI
>> Then you have exploits that hit VMWare
>> So before you even run OpenVMS you have two major issues to be concerned about.
>>
>> Is VSI ever going native X86 OpenVMS (on Proliant DL380 G10?)or it is still a "layered" piece of cheesecake?
>
> That is what I have been asking them for months ...

Answers has been given.

The latest I saw was here:

https://forum.vmssoftware.com/viewtopic.php?f=37&t=8689

<quote>
We have no current plans to support x86 VMS on bare metal. Would we if
someone offered us a very large pile of money? Maybe, but it would have
to be a very unique situation.
</quote>

Which does not sound promising for VMS x86-64 support for
physical server.

I still hope that they eventually will decide to support one server
for those that has a need for physical.

There is also a thread for people that despite it not being supported
actually runs it on physical:

https://forum.vmssoftware.com/viewtopic.php?t=8621

so if support does not matter then it is possible.

Arne

I know that when I sell to Integrity servers and Alphaservers into
sensitive (GOV and Intl GOV) sites,considering  things like VMWARE or
VirtualBox or emulatos- these are considered middleware, and t'is  a
Grand Non Non to GOV customers unless tested and proven for years prior
to purchase.
And even then, I am sure certain sensitive environments would not even
consider something like OPenVMS not running natively.
....  I know some are using emulators in very specific environments, but...

On 7/7/2023 2:49 PM, Arne Vajhøj wrote:
> On 7/7/2023 2:34 PM, Pizza RAC wrote:
>> On Friday, July 7, 2023 at 10:29:36 AM UTC-4, David Turner wrote:
>>> https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/
>>>
>>>
>>> So you have exploits that affect the x86 EFI
>>> Then you have exploits that hit VMWare
>>> So before you even run OpenVMS you have two major issues to be
>>> concerned about.
>>>
>>> Is VSI ever going native X86 OpenVMS (on Proliant DL380 G10?)or it
>>> is still a "layered" piece of cheesecake?
>>
>> That is what I have been asking them for months ...
>
> Answers has been given.
>
> The latest I saw was here:
>
> https://forum.vmssoftware.com/viewtopic.php?f=37&t=8689
>
> <quote>
> We have no current plans to support x86 VMS on bare metal. Would we if
> someone offered us a very large pile of money? Maybe, but it would
> have to be a very unique situation.
> </quote>
>
> Which does not sound promising for VMS x86-64 support for
> physical server.
>
> I still hope that they eventually will decide to support one server
> for those that has a need for physical.
>
> There is also a thread for people that despite it not being supported
> actually runs it on physical:
>
> https://forum.vmssoftware.com/viewtopic.php?t=8621
>
> so if support does not matter then it is possible.
>
> Arne
>

Pls excuse spelling - tired and friday

On 7/7/2023 9:37 PM, David Turner wrote:
> I know that when I sell to Integrity servers and Alphaservers into
> sensitive (GOV and Intl GOV) sites,considering  things like VMWARE or
> VirtualBox or emulatos- these are considered middleware, and t'is  a
> Grand Non Non to GOV customers unless tested and proven for years
> prior to purchase.
> And even then, I am sure certain sensitive environments would not even
> consider something like OPenVMS not running natively.
> ...  I know some are using emulators in very specific environments,
> but...
>
>
>
>
> On 7/7/2023 2:49 PM, Arne Vajhøj wrote:
>> On 7/7/2023 2:34 PM, Pizza RAC wrote:
>>> On Friday, July 7, 2023 at 10:29:36 AM UTC-4, David Turner wrote:
>>>> https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/
>>>>
>>>>
>>>> So you have exploits that affect the x86 EFI
>>>> Then you have exploits that hit VMWare
>>>> So before you even run OpenVMS you have two major issues to be
>>>> concerned about.
>>>>
>>>> Is VSI ever going native X86 OpenVMS (on Proliant DL380 G10?)or it
>>>> is still a "layered" piece of cheesecake?
>>>
>>> That is what I have been asking them for months ...
>>
>> Answers has been given.
>>
>> The latest I saw was here:
>>
>> https://forum.vmssoftware.com/viewtopic.php?f=37&t=8689
>>
>> <quote>
>> We have no current plans to support x86 VMS on bare metal. Would we
>> if someone offered us a very large pile of money? Maybe, but it would
>> have to be a very unique situation.
>> </quote>
>>
>> Which does not sound promising for VMS x86-64 support for
>> physical server.
>>
>> I still hope that they eventually will decide to support one server
>> for those that has a need for physical.
>>
>> There is also a thread for people that despite it not being supported
>> actually runs it on physical:
>>
>> https://forum.vmssoftware.com/viewtopic.php?t=8621
>>
>> so if support does not matter then it is possible.
>>
>> Arne
>>
>

On 7/7/2023 9:37 PM, David Turner wrote:
> I know that when I sell to Integrity servers and Alphaservers into
> sensitive (GOV and Intl GOV) sites,considering  things like VMWARE or
> VirtualBox or emulatos- these are considered middleware, and t'is  a
> Grand Non Non to GOV customers unless tested and proven for years prior
> to purchase.
> And even then, I am sure certain sensitive environments would not even
> consider something like OPenVMS not running natively.
> ...  I know some are using emulators in very specific environments, but...

The usual definition of middleware is as in this model:

application
middleware
OS
HW

Virtualization software does not seem to fit that models
definition of middleware at all.

"tested and proven for years" would not be a problem for
VMWare ESXi. The last 20 years there has probably been more
server OS instances running in a VM on ESXi than on
physical HW.

The majority of Linux and Windows instances are running in VM's.
It seems very likely that the majority of VMS instances would be
running in VM's.

Being able to run in standard VM's like ESXI, Hyper-V or KVM
is probably one of the biggest selling points for VMS x86-64.
Now VMS actually fits into the corporate virtualization
standards.

My concern is that majority <> all. It seems likely to me
that some VMS users may not want to use VM's. Probably a small
share. But to pick a random number 5% is also some users.

I still believe that the strategy from a few years ago about
certifying one server for those that want a physical server
makes sense.

But obviously VSI got a lot of other stuff to get done, so it may not
happen right away. But I hope that it eventually does happen.

Arne

On 7/8/2023 4:45 PM, Arne Vajhøj wrote:
> On 7/7/2023 9:37 PM, David Turner wrote:
>> I know that when I sell to Integrity servers and Alphaservers into sensitive
>> (GOV and Intl GOV) sites,considering things like VMWARE or VirtualBox or
>> emulatos- these are considered middleware, and t'is a Grand Non Non to GOV
>> customers unless tested and proven for years prior to purchase.
>> And even then, I am sure certain sensitive environments would not even
>> consider something like OPenVMS not running natively.
>> ... I know some are using emulators in very specific environments, but...
>
> The usual definition of middleware is as in this model:
>
> application
> middleware
> OS
> HW
>
> Virtualization software does not seem to fit that models
> definition of middleware at all.
>
> "tested and proven for years" would not be a problem for
> VMWare ESXi. The last 20 years there has probably been more
> server OS instances running in a VM on ESXi than on
> physical HW.

If a particular customer has a "problem" using any VM, then for that customer,
it is an issue. Perhaps a "no-go" issue.

> The majority of Linux and Windows instances are running in VM's.
> It seems very likely that the majority of VMS instances would be
> running in VM's.

Meaningless to any specific customer.

> Being able to run in standard VM's like ESXI, Hyper-V or KVM
> is probably one of the biggest selling points for VMS x86-64.
> Now VMS actually fits into the corporate virtualization
> standards.
>
> My concern is that majority <> all. It seems likely to me
> that some VMS users may not want to use VM's. Probably a small
> share. But to pick a random number 5% is also some users.

Ok, why don't I want to use a VM? I don't want to learn how to run a VM. One
more thing than I want to do. I'll use one if I have to. But first choice
would be not to. Don't tell me it's easy. Don't care.

I understand that VSI is listening to the "paying customers", and, I understand
that VSI doesn't need the hassle of writing and supporting a bunch of device
drivers.

Be nice if devices presented a common interface, thus one interface to write to.

--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486

On 7/8/2023 5:13 PM, Dave Froble wrote:
> On 7/8/2023 4:45 PM, Arne Vajhøj wrote:
>> My concern is that majority <> all. It seems likely to me
>> that some VMS users may not want to use VM's. Probably a small
>> share. But to pick a random number 5% is also some users.
>
> Ok, why don't I want to use a VM?  I don't want to learn how to run a
> VM.  One more thing than I want to do.  I'll use one if I have to.  But
> first choice would be not to.  Don't tell me it's easy.  Don't care.

Most places already know how to use VM's.

The developers run VM's on their PC's.

The system administrators learn OS on VM's.

IT operations has a preferred virtualization solution that
they know and are trying to get everything running on.

But most <> all.

There will be some places where for whatever reason (lack of skills,
need for special HW, specific regulation or whatever) they
prefer or require physical.

Arne

On 2023-07-07, Pizza RAC <pizzaracorders@gmail.com> wrote:
> On Friday, July 7, 2023 at 10:29:36?AM UTC-4, David Turner wrote:
>> https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/
>>
>> So you have exploits that affect the x86 EFI

You may want to have a look at the footprint and functionality for the
Itanium firmware. Firmware that isn't probed anywhere near as much as
the x86-64 firmware is, so it could have issues that may have been found
long ago elsewhere.

>> Then you have exploits that hit VMWare

The same problem exists for Alpha emulators, even though it's an emulator
and not virtualisation software. Also not probed anywhere near as much as
the mainstream products.

>> So before you even run OpenVMS you have two major issues to be concerned about.
>>
>> Is VSI ever going native X86 OpenVMS (on Proliant DL380 G10?)or it is still a "layered" piece of cheesecake?
>>
>
> That is what I have been asking them for months ...

What answers did you get ?

Simon.

--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

> >> Then you have exploits that hit VMWare
> The same problem exists for Alpha emulators, even though it's an emulator
> and not virtualisation software. Also not probed anywhere near as much as
> the mainstream products.

I can agree with Simon for a change... :)

Most of the problems I have seen in terms of "break-ins" have been at the host OS level and not problems with the emulators.
I know of one client that has had multiple intrusions with NO impact on the OpenVMS system itself other than being inaccessible because of the network.. OpenVMS itself was not affected at all. I see the same issue with the VMs. OpenVMS is not the problem here, only the underlying host.

Dan

On 7/10/2023 9:04 AM, abrsvc wrote:
>
>>>> Then you have exploits that hit VMWare
>> The same problem exists for Alpha emulators, even though it's an emulator
>> and not virtualisation software. Also not probed anywhere near as much as
>> the mainstream products.
>
> I can agree with Simon for a change... :)
>
> Most of the problems I have seen in terms of "break-ins" have been at the host OS level and not problems with the emulators.
> I know of one client that has had multiple intrusions with NO impact on the OpenVMS system itself other than being inaccessible because of the network. OpenVMS itself was not affected at all. I see the same issue with the VMs. OpenVMS is not the problem here, only the underlying host.
>
> Dan
>

One of our customers got hit with a ransomware attack. Their WEENDOZE systems
were toasted. Their VMS system was not touched.

Now, yeah, lots of business now depends upon WEENDOZE systems. But, VMS ran
their core business, and while annoyed by the loss on the WEENDOZE systems, the
company was able to continue to receive orders and ship product.

Maybe some may see things differently, but, to me, there is a vast difference
between being annoyed, and losing the capability to continue to run the
business. Consider the ramifications of losing all Accounts Receivable data.
Cant collect money is a major hurt.

Not saying VMS cannot be hacked, but, the reality is, they usually are not hacked.

--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486

On Mon, 2023-07-10 at 11:07 -0400, Dave Froble wrote:
> Not saying VMS cannot be hacked, but, the reality is, they usually
> are not hacked.

Is this what they call securiy by obscurity? :-D
--
Tactical Nuclear Kittens

On 2023-07-10, Single Stage to Orbit <alex.buell@munted.eu> wrote:
> On Mon, 2023-07-10 at 11:07 -0400, Dave Froble wrote:
>> Not saying VMS cannot be hacked, but, the reality is, they usually
>> are not hacked.
>
> Is this what they call securiy by obscurity? :-D

Yes, and it can result in you being burned big-time if you are not careful.

Simon.

--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

On Monday, July 10, 2023 at 8:15:38 AM UTC-4, Simon Clubley wrote:
> On 2023-07-07, Pizza RAC <pizzara...@gmail.com> wrote:
> > On Friday, July 7, 2023 at 10:29:36?AM UTC-4, David Turner wrote:
> >> https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/
> >>
> >> So you have exploits that affect the x86 EFI
> You may want to have a look at the footprint and functionality for the
> Itanium firmware. Firmware that isn't probed anywhere near as much as
> the x86-64 firmware is, so it could have issues that may have been found
> long ago elsewhere.
> >> Then you have exploits that hit VMWare
> The same problem exists for Alpha emulators, even though it's an emulator
> and not virtualisation software. Also not probed anywhere near as much as
> the mainstream products.
> >> So before you even run OpenVMS you have two major issues to be concerned about.
> >>
> >> Is VSI ever going native X86 OpenVMS (on Proliant DL380 G10?)or it is still a "layered" piece of cheesecake?
> >>
> >
> > That is what I have been asking them for months ...
> What answers did you get ?
>
> Simon.
>
> --
> Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
> Walking destinations on a map are further away than they appear.

that they will consider customer requests for that after they get the other software left up an running

On Monday, July 10, 2023 at 11:07:04 AM UTC-4, Dave Froble wrote:
> On 7/10/2023 9:04 AM, abrsvc wrote:
> >
> >>>> Then you have exploits that hit VMWare
> >> The same problem exists for Alpha emulators, even though it's an emulator
> >> and not virtualisation software. Also not probed anywhere near as much as
> >> the mainstream products.
> >
> > I can agree with Simon for a change... :)
> >
> > Most of the problems I have seen in terms of "break-ins" have been at the host OS level and not problems with the emulators.
> > I know of one client that has had multiple intrusions with NO impact on the OpenVMS system itself other than being inaccessible because of the network. OpenVMS itself was not affected at all. I see the same issue with the VMs. OpenVMS is not the problem here, only the underlying host.
> >
> > Dan
> >
> One of our customers got hit with a ransomware attack. Their WEENDOZE systems
> were toasted. Their VMS system was not touched.
>
> Now, yeah, lots of business now depends upon WEENDOZE systems. But, VMS ran
> their core business, and while annoyed by the loss on the WEENDOZE systems, the
> company was able to continue to receive orders and ship product.
>
> Maybe some may see things differently, but, to me, there is a vast difference
> between being annoyed, and losing the capability to continue to run the
> business. Consider the ramifications of losing all Accounts Receivable data.
> Cant collect money is a major hurt.
>
> Not saying VMS cannot be hacked, but, the reality is, they usually are not hacked.
> --
> David Froble Tel: 724-529-0450
> Dave Froble Enterprises, Inc. E-Mail: da...@tsoft-inc.com
> DFE Ultralights, Inc.
> 170 Grimplin Road
> Vanderbilt, PA 15486

is Simon listening ...

On 7/10/2023 1:36 PM, Simon Clubley wrote:
> On 2023-07-10, Single Stage to Orbit <alex.buell@munted.eu> wrote:
>> On Mon, 2023-07-10 at 11:07 -0400, Dave Froble wrote:
>>> Not saying VMS cannot be hacked, but, the reality is, they usually
>>> are not hacked.
>>
>> Is this what they call securiy by obscurity? :-D
>
> Yes, and it can result in you being burned big-time if you are not careful.

Dave has occasionally argued security by obscurity.

But the above sound more like a simple observation to me.

Arne

On 7/10/2023 12:33 PM, Single Stage to Orbit wrote:
> On Mon, 2023-07-10 at 11:07 -0400, Dave Froble wrote:
>> Not saying VMS cannot be hacked, but, the reality is, they usually
>> are not hacked.
>
> Is this what they call securiy by obscurity? :-D
>

I would not call it security.

Probably is obscurity. Possibly more.

Bottom line, it's better be lucky than good. Both is even better.

No matter why, it is better to not be hacked, than to be hacked. I'll take what
I can get.

--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486

On 7/10/2023 7:53 PM, Arne Vajhøj wrote:
> On 7/10/2023 1:36 PM, Simon Clubley wrote:
>> On 2023-07-10, Single Stage to Orbit <alex.buell@munted.eu> wrote:
>>> On Mon, 2023-07-10 at 11:07 -0400, Dave Froble wrote:
>>>> Not saying VMS cannot be hacked, but, the reality is, they usually
>>>> are not hacked.
>>>
>>> Is this what they call securiy by obscurity? :-D
>>
>> Yes, and it can result in you being burned big-time if you are not careful.
>
> Dave has occasionally argued security by obscurity.

No, I have not!

Observing obscurity working is not the same thing.

> But the above sound more like a simple observation to me.

Yes.

--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486

On 7/10/2023 7:53 PM, Arne Vajhøj wrote:
> On 7/10/2023 1:36 PM, Simon Clubley wrote:
>> On 2023-07-10, Single Stage to Orbit <alex.buell@munted.eu> wrote:
>>> On Mon, 2023-07-10 at 11:07 -0400, Dave Froble wrote:
>>>> Not saying VMS cannot be hacked, but, the reality is, they usually
>>>> are not hacked.
>>>
>>> Is this what they call securiy by obscurity? :-D
>>
>> Yes, and it can result in you being burned big-time if you are not careful.
>
> Dave has occasionally argued security by obscurity.
>
> But the above sound more like a simple observation to me.
>
> Arne
>
>

Thinking about it, maybe I have done so.

--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486

On 7/10/2023 2:29 PM, Pizza RAC wrote:
> On Monday, July 10, 2023 at 11:07:04 AM UTC-4, Dave Froble wrote:
>> On 7/10/2023 9:04 AM, abrsvc wrote:
>>>
>>>>>> Then you have exploits that hit VMWare
>>>> The same problem exists for Alpha emulators, even though it's an emulator
>>>> and not virtualisation software. Also not probed anywhere near as much as
>>>> the mainstream products.
>>>
>>> I can agree with Simon for a change... :)
>>>
>>> Most of the problems I have seen in terms of "break-ins" have been at the host OS level and not problems with the emulators.
>>> I know of one client that has had multiple intrusions with NO impact on the OpenVMS system itself other than being inaccessible because of the network. OpenVMS itself was not affected at all. I see the same issue with the VMs. OpenVMS is not the problem here, only the underlying host.
>>>
>>> Dan
>>>
>> One of our customers got hit with a ransomware attack. Their WEENDOZE systems
>> were toasted. Their VMS system was not touched.
>>
>> Now, yeah, lots of business now depends upon WEENDOZE systems. But, VMS ran
>> their core business, and while annoyed by the loss on the WEENDOZE systems, the
>> company was able to continue to receive orders and ship product.
>>
>> Maybe some may see things differently, but, to me, there is a vast difference
>> between being annoyed, and losing the capability to continue to run the
>> business. Consider the ramifications of losing all Accounts Receivable data.
>> Cant collect money is a major hurt.
>>
>> Not saying VMS cannot be hacked, but, the reality is, they usually are not hacked.
>> --
>> David Froble Tel: 724-529-0450
>> Dave Froble Enterprises, Inc. E-Mail: da...@tsoft-inc.com
>> DFE Ultralights, Inc.
>> 170 Grimplin Road
>> Vanderbilt, PA 15486
>
> is Simon listening ...
>

Isn't he always ??

Thinking about it some more, isn't all security obscurity?

Isn't encryption obscurity?

--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486

Single Stage to Orbit <alex.buell@munted.eu> wrote:
>On Mon, 2023-07-10 at 11:07 -0400, Dave Froble wrote:
>> Not saying VMS cannot be hacked, but, the reality is, they usually
>> are not hacked.
>
>Is this what they call securiy by obscurity? :-D

It is. And security by obscurity is in no way a bad thing, but it is not
a thing to be relied upon. Because obscurity can change very suddenly
and without warning.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

Dave Froble <davef@tsoft-inc.com> wrote:
>
>Thinking about it some more, isn't all security obscurity?

No. Take physical security for instance. Everybody knows where the computer
center is. They just don't want to deal with the armed guards at the entrance.

>Isn't encryption obscurity?

It often is. Sometimes encryption depends entirely on knowing a key that
other people don't know. But it isn't always, and it's usually a whole
lot better when it isn't.

Kevin Mitnick says that one out of every three whiteboards in offices have
a password on them, it's just a matter of figure out where it is and what
it's a password to.
--scott

--
"C'est un Nagra. C'est suisse, et tres, tres precis."

On 7/16/2023 10:22 AM, Scott Dorsey wrote:
> Single Stage to Orbit <alex.buell@munted.eu> wrote:
>> On Mon, 2023-07-10 at 11:07 -0400, Dave Froble wrote:
>>> Not saying VMS cannot be hacked, but, the reality is, they usually
>>> are not hacked.
>>
>> Is this what they call securiy by obscurity? :-D

I still think Dave was making an observation not making
a recommendation.

> It is. And security by obscurity is in no way a bad thing, but it is not
> a thing to be relied upon. Because obscurity can change very suddenly
> and without warning.

Not only can security by obscurity break down in seconds if
the obscurity leaks.

There is also the issue of vulnerability to more targeted
attacks. If someone invent their own DIY encryption algorithm
and use it to encrypt the cute pics of their pets, then it
may work because nobody wants to spend time getting access
to those pics. But if that DIY encryption algorithm is used
to encrypt important business data or state data, then
there is a reason for cyber criminals and the so called
"state actors" to spend resources cracking it.

Arne

On 7/16/2023 10:27 AM, Scott Dorsey wrote:
> Dave Froble <davef@tsoft-inc.com> wrote:
>>
>> Thinking about it some more, isn't all security obscurity?
>
> No. Take physical security for instance. Everybody knows where the computer
> center is. They just don't want to deal with the armed guards at the entrance.

Well, one could hide the computers ...

>> Isn't encryption obscurity?
>
> It often is. Sometimes encryption depends entirely on knowing a key that
> other people don't know. But it isn't always, and it's usually a whole
> lot better when it isn't.
>
> Kevin Mitnick says that one out of every three whiteboards in offices have
> a password on them, it's just a matter of figure out where it is and what
> it's a password to.
> --scott
>

--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486

On 2023-07-16, Dave Froble <davef@tsoft-inc.com> wrote:
> On 7/16/2023 10:27 AM, Scott Dorsey wrote:
>> Dave Froble <davef@tsoft-inc.com> wrote:
>>>
>>> Thinking about it some more, isn't all security obscurity?
>>
>> No. Take physical security for instance. Everybody knows where the computer
>> center is. They just don't want to deal with the armed guards at the entrance.
>
> Well, one could hide the computers ...
>

The heavily guarded computer centre is just for show.

The real control system is a laptop behind a door accessible through an
unlocked janitor's closet. :-)

Simon.

PS: Let's see if anyone gets the reference...

--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

On 7/18/2023 8:39 AM, Simon Clubley wrote:
> On 2023-07-16, Dave Froble <davef@tsoft-inc.com> wrote:
>> On 7/16/2023 10:27 AM, Scott Dorsey wrote:
>>> Dave Froble <davef@tsoft-inc.com> wrote:
>>>>
>>>> Thinking about it some more, isn't all security obscurity?
>>>
>>> No. Take physical security for instance. Everybody knows where the computer
>>> center is. They just don't want to deal with the armed guards at the entrance.
>>
>> Well, one could hide the computers ...
>>
>
> The heavily guarded computer centre is just for show.
>
> The real control system is a laptop behind a door accessible through an
> unlocked janitor's closet. :-)
>
> Simon.
>
> PS: Let's see if anyone gets the reference...
>

Is it anywhere near Kansas?

bill