Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DECUServe Journal October 1997

1 view
Skip to first unread message

Brian McMahon, Info-VAX Refugee

unread,
Nov 1, 1997, 3:00:00 AM11/1/97
to

The DECUServe Journal
---------------------
October, 1997

From the Editors' Keyboard . . . . . . . . . . . . . 2
What's inside
E-mail Forwarding . . . . . . . . . . . . . . . . . 3
Caution! Merging (e-mail) traffic ahead.
DECnet Host Routing . . . . . . . . . . . . . . . . 6
Is it in Phase V yet?
FDDI Woes . . . . . . . . . . . . . . . . . . . . . 8
Troubleshooting an ailing FDDI ring
The Great Crypto Debate . . . . . . . . . . . . . 10
About cryptography attacks and U.S. policy
Digital Support on the Web . . . . . . . . . . . . 21
DECUServe strikes again!
Why is Mail Bouncing? . . . . . . . . . . . . . . 23
Something to know about MX records
Build Your Own PC . . . . . . . . . . . . . . . . 25
Exploring the mysteries of the motherboard
Wide disk, narrow controller . . . . . . . . . . . 38
Running wide RZ drives on an HSJ50
What's a CardBus? . . . . . . . . . . . . . . . . 40
CardBus? PCMCIA? PC Card? How's that again?
PATHWORKS Auditing . . . . . . . . . . . . . . . . 41
Documentation? Who needs documentation?
PATHWORKS Printing . . . . . . . . . . . . . . . . 43
Getting print services working for Win95 clients
About the DECUServe Journal . . . . . . . . . . . 44
Contact Information . . . . . . . . . . . . . . . 46

The DECUServe Journal October, 1997 Page 2
From the Editors' Keyboard


From the Editors' Keyboard
---- --- -------- --------

In between the usual job pressures, crises of various stripes, and
trying to get things wrapped up before we head off to the DECUS
symposium in Anaheim, your Faithful and Devoted Editors have somehow
managed to slip another issue of the DECUServe Technical Journal out
a full day before deadline. Perhaps the El Nino weather pheomenon
is to blame -- after all, it seems to be responsible for most
everything else recently.

Oddly enough, we have a full issue without a single article from the
VMS or Windows NT conferences. Oh well, these things happen. No
doubt we'll make up for it in the not-too-distant future. Enjoy!

* * * * *

The DECUServe Journal October, 1997 Page 3
E-mail Forwarding


E-mail Forwarding
------ ----------

Abstract:

Merging two companies, each with their own established e-mail
systems, into one entity can create some "interesting" challenges.
A few issues and useful considerations are discussed in the
following.

Participants:

John Briggs, Jim Campobello, Dale Coy, Linwood Ferguson.

Conference: INTERNETWORKING


Note 483.0, 17-Sep-1997
Campobello: Simplified email forwarding?
----------------------------------------
My company just merged and we're trying to figure out the best way to
handle email. I have a conception of a product that would solve our
problem, and I wonder if anything like it really exists.
Here's what we're trying to accomplish:

My company is "Calspan". We have a central site and
a half dozen remote locations.

The merger partner is "Veda". They have a central site
and a dozen remote locations.

The merged entity will have a new corporate name (call it "MergeCo"),
but the existing divisions will all keep their own names and IP addresses.

The big shots want us to be able to receive email addressed to
"empl...@MergeCo.com", and also to all keep our existing email
addresses. For example, I should be able to get mail addressed
both to "ca...@calspan.com" and "ca...@MergeCo.com".

That's easy enough to do if we create and maintain a full employee
alias list. However, we're looking for an easier way to do it.

I have a vision of a product that would run on a central mail server,
and it would have a list of all the local sites. When email came in
to "ca...@MergeCo.com", the product would contact a client piece running
on each site and ask if "campo" receives mail there. The client piece
would do an email lookup and answer yes or no. If no, the product would
go to the next site on the list. If yes, the product would re-address
the email to "ca...@calspan.com" and forward it there.

So much for my vision. Does anything like that exist? (If not, does
anyone want to write a commercial version and give me 25% of the royalties?)

The DECUServe Journal October, 1997 Page 4
E-mail Forwarding

Is there any other way to solve this (that won't involve maintaining
a master alias list)?

Note 483.1, 17-Sep-1997
Ferguson: Is the KISS approach unacceptable?
--------------------------------------------
I gather it is not acceptable to have one company get all the mail, and
maintain a forward list for employees at the other company? It would
probably be pretty easy to automate that list by nightly extracts from
the other company.


Note 483.2, 17-Sep-1997
Coy: You wouldn't like it
-------------------------
There have been products that do what you describe -- and in fact, some
are still available (for specific, all-the-same-vendor mail spaces, at
least).

The performance, network traffic, and CPU loading of such a product --
particularly above 10-or-so sites, is horrible. Scaling is at least
inverse-exponential (or worse).

Yes, other than "centralized list", the other alternative that I know
of is to maintain multiple copies of a distributed list.

Would I be correct in assuming that not all of the e-mail systems are
from the same vendor? If that's the case, a single centralized list
(or forwarder) is the best solution I know of.

Note 483.3, 18-Sep-1997
Campobello: Clarifications
--------------------------
>Linwood:
> I gather it is not acceptable to have one company get all the mail, and
> maintain a forward list for employees at the other company? It would
> probably be pretty easy to automate that list by nightly extracts from
> the other company.

It's not clear yet what will be "politically" acceptable; there's a
lot of maneuvering going on.

It's not philosophically acceptable to have a single central mail
server, because if it goes gown all the remote sites would be without
mail (including internal).

>Dale:
> Would I be correct in assuming that not all of the e-mail systems are

The DECUServe Journal October, 1997 Page 5
E-mail Forwarding


> from the same vendor?

Correct. There may someday be a standard, but for now not only does
each company have its own type of central system, but some of the
remote sites have different ones as well. Most of it is unix "sendmail",
but there are some others.

Note 483.4, 18-Sep-1997
Briggs: Two hubs?
-----------------
>It's not philosophically acceptable to have a single central mail
>server, because if it goes gown all the remote sites would be without
>mail (including internal).

That part is no problem. From the Internet point of view at least.
If nothing else, you have a backup server that knows nothing.

newcorp.com. IN MX 10 mail.onecorp.com.
newcorp.com. IN MX 20 backup.othercorp.com.

As long as mail.onecorp.com is up, mail will go there. No problem.

If mail.onecorp.com is down, mail will go to backup.othercorp.com.
And it will sit there until mail.onecorp.com comes back up.


Or you could have two mailers, each of which have access to copies
of the master forwarding database:

newcorp.com. IN MX 10 mail.onecorp.com.
newcorp.com. IN MX 10 mail.othercorp.com.
newcorp.com. IN MX 20 eisner.decus.org.

(Get permission before making eisner your backup mail spool site).

As long as both mailers are up, they'll share the load.
If one goes down, the other will accept all deliveries.
If both go down, eisner will spool the backlog.


It is less clear how one can avoid central hubs through which large
chunks of your e-mail network are connected in the general case.
E-mail routing is usually static. Messages wait rather than
routing around trouble.

Note 483.5, 18-Sep-1997
Ferguson: But you said...
-------------------------
>It's not philosophically acceptable to have a single central mail
>server, because if it goes gown all the remote sites would be without

The DECUServe Journal October, 1997 Page 6
E-mail Forwarding


>mail (including internal).

But you said:

> I have a vision of a product that would run on a central mail server,
> and it would have a list of all the local sites. When email came in
> to "ca...@MergeCo.com", the product would contact a client piece running
> on each site and ask if "campo" receives mail there. The client piece
> would do an email lookup and answer yes or no. If no, the product would
> go to the next site on the list. If yes, the product would re-address
> the email to "ca...@calspan.com" and forward it there.

In terms of failure, I fail to see the difference.

Not that .-1 and multiple MX records could not address both cases of
course.

Note 483.6, 18-Sep-1997
Coy: Hmmm
---------
>> I have a vision of a product that would run on a central mail server,
>> and it would have a list of all the local sites. When email came in
>> to "ca...@MergeCo.com", the product would contact a client piece running
>> on each site and ask if "campo" receives mail there. The client piece
>> would do an email lookup and answer yes or no. If no, the product would
>> go to the next site on the list. If yes, the product would re-address
>> the email to "ca...@calspan.com" and forward it there.

Now that I have a free minute or two, let me point out a few aspects of
that vision that may not be obvious:

1. You would have to decide what to do if all answers are "no".
2. You would have to decide what to do if SEVERAL answers are "yes".

Having done that, you would very quickly recognize that ALMOST every
time, you get the same answer. AHA! -- that means we can save a lot of
work by "caching".

Now, a cache is EXACTLY a centrally-maintained list of mail forwarding
addresses.

DECnet Host Routing
------ ---- -------


The DECUServe Journal October, 1997 Page 7
DECnet Host Routing


Abstract:

Although we're often fond of pointing out examples of prompt answers
to questions on DECUServe, sometimes the issues don't get resolved
overnight. Notice, for example, the dates on the .0 note and the .1
reply. The topic is one that has generated a fair amount of heat at
times, namely support for host-based routing in DECnet OSI, also
known as Phase V.

Participants:

Roger Carl, Larry Kilgallen, Galen Tackett.

Conference: DEC_NETWORKING


Note 1191.0, 12-Sep-1995
Kilgallen: Host-Based Routing for DECnet Phase V
------------------------------------------------
> <<< Note 350.11 by EISNER::KILGALLEN "Larry Kilgallen" >>>
> -< There will be slight delay in the *real* Phase V >-
>
> Since DEC has not committed to a particular release date or version,
> I guess for most of us it just means that Phase V will come a little
> later than for others. Even more so than DECwindows, DECnet Phase
> V will certainly be a case where only those with the true pioneer
> spirit will run it the first chance they get.
>
> A bug so massive as not supporting the major improvement in Phase
> III (routing) on the acknowledged major operating system (VMS) is
> certainly enough to make most of us refrain from trying Phase V.
> If DEC wants to put that much egg on their face (I can imagine the
> headlines in Computerworld now), it is their privilege.

At the Boston LUG meeting today, VMS DECnet/OSI Engineering Manager
said that support for the present Phase IV DECnet implementation will
be dropped "only after host-based routing is available in DECnet/OSI
on both VAX and Alpha".

As is appropriate, DEC continues to say that host-based routing is
not appropriate for all environments. As is even more appropriate
it seems to me they have gotten a message from those who have not
moved to DECnet/OSI (even if it will route over TCP/IP).

Note 1191.1, 26-Sep-1997
Tackett: What's the latest news?
--------------------------------
What's the latest on host-based routing for DECnet-Plus? Is it
available yet? Or if not, has Digital announced an availability date?


The DECUServe Journal October, 1997 Page 8
DECnet Host Routing


Note 1191.2, 26-Sep-1997
Carl: is this a trick?
----------------------
It is my understanding that routing has been in the current release for
at least a year.

Note 1191.3, 29-Sep-1997
Tackett: It's in there...
-------------------------
I just learned from the CSC that the DECnet-Plus on the VMS V7.1 disk
supports host based routing.


FDDI Woes
---- ----

Abstract:

The following series concerns a FDDI ring that experiences problems
(manifested as DECnet adjacency losses) a couple of times a day.
Various suggestions are made and a culprit is ultimately identified.

Participants:

Matt Holdrege, Galen Tackett, Brian Tillman.

Conference: DEC_NETWORKING


Note 1304.0, 4-Sep-1997
Tackett: DECnet FDDI adjacency lost
-----------------------------------
We're having problems with an Alpha running VMS V7.1 and DECnet Phase
IV (end node) over a DEC PCI FDDI interface (I forget the exact model
of FDDI controller).

The FDDI ring in question consists of only a few devices: This Alpha, a
DECnis router, a DECconcentrator 900MX, and a DECswitch 900EF (the
latter two plugged into a DEChub 900).

Periodically (once or twice a day), DECnet loses its adjacency to the
DECnis router on this FDDI ring. Turning the FPA-0 circuit off and back
on restores the adjacency. (Of course, without an adjacency to the
router, this system is cut off from the rest of our DECnet network).

This phenomenon seems to be associated with increments to the FDDI line
counter "ring initializations received". This counter gets incremented
occasionally on the Alpha, the DECnis, and the DECswitch; yet none of

The DECUServe Journal October, 1997 Page 9
FDDI Woes


the devices ever shows any "ring initializations initiated".

Could these be causing the adjacency to go down? And how can these
devices be receiving ring initializations if no one is sending them?

We've replaced all the actual FDDI cabling and the concentrator without
improvement.

(We're also running a TCP/IP stack on this system and the DECnis, and
TCP/IP applications seem to ride out whatever causes the DECnet
problem, without incident. Not really a surprise, perhaps...)

Note 1304.1, 7-Sep-1997
Holdrege: things to check
-------------------------
Physically, I would do the cables again and wipe down the connectors
with an alcohol pad.

Then I would check the firmware on each FDDI station. Check with DEC to
see if you have the latest.


Note 1304.2, 8-Sep-1997
Tillman: What FDDI driver?
--------------------------
Does this setup use FXDRIVER? There was an article posted to DSNlink
recently about FXDRIVER causing adjacency losses.

Note 1304.3, 8-Sep-1997
Tackett: Using FWDRIVER, not FXDRIVER
-------------------------------------
Our setup uses FWDRIVER, I would assume, since the device names are
FWA0: and FWB0:.

The firmware may not be current--the update file for this device was
missing from the V3.9 firmware update CD. We are running the same FDDI
firmware and VMS version on other systems, without seeing this problem.

Note 1304.4, 16-Sep-1997
Tackett: CLAIM sequences one hour apart
---------------------------------------
Using a Sniffer I've discovered that the FDDI interface on this system
periodically begins sending CLAIM frames, then gives up and starts
beaconing. This probably explains the incrementing error counters I
see in NCP.

I've observed two separate instances in which this symptom was repeated

The DECUServe Journal October, 1997 Page 10
FDDI Woes


very nearly one hour (3600 seconds plus or minus a few percent) after
its last appearance. This seems too unlikely to be merely a
coincidence.

Also, twice, the CLAIM sequence has begun shortly after the slightly
early appearance of a SMT NIF Announcement frame from a DECswitch. This
may not be significant, though: I don't know enough about FDDI to even
make a good guess. Typically these NIF Announcement frames seem to
appear almost exactly every 10 seconds. Once when the CLAIM began, they
had just been 2 seconds apart. Another time they were about 8.5 seconds
apart.

Does this information suggest anything we might try?

Note 1304.5, 18-Sep-1997
Holdrege: ring purger
---------------------
I don't recall the whole DEC scheme for FDDI. I have the document
buried here somewhere. But I don't think periodic CLAIMS's are a
problem. I think you can turn off the DEC ring purger at each node and
avoid the whole thing.


Note 1304.6, 22-Sep-1997
Tackett: Beaconing is perhaps the real problem?
-----------------------------------------------
We've already turned off the ring purger.

While I'm no expert, I think you're probably correct that periodic
CLAIMs aren't a problem. The problem here appears to be that the
CLAIMing node eventually starts beaconing, which seems to suggest that
it thinks there's something wrong with the rign.

Note 1304.7, 29-Sep-1997
Tackett: Unbootable DECnis at fault
-----------------------------------
It turns out that the source of the problem was a DECnis 600 router
that was trying unsuccessfully to boot over the network. It appears
that after about one hour of this, it was reinitializing the FDDI ring.
The next device on the ring was the AlphaServer which kept losing
its DECnet adjacency.

Turning off the DECnis, which isn't being used anyway, fixed the
problem. But I have to say that reinitializing the ring seems kind of
a drastic measure to take, just because the router can't boot.


The DECUServe Journal October, 1997 Page 11
The Great Crypto Debate


The Great Crypto Debate
--- ----- ------ ------

Abstract:

Well, this did start out as a substantive technical discussion. The
inital question concerned how a cryptographic attacker would
determine success, and what implications this would have for
countermeasures. Current state of U.S. crypto policy being what it
is, we suppose it was almost inevitable that the topic would turn to
ranting....

Participants:

John Briggs, David Campen, Malcom Dunnett, Linwood Ferguson, Pierre
Hahn, Bob Hassinger, Matt Holdrege, Larry Kilgallen, Bart Lederman,
George Merriman, Pete Sivia, Dan Wing.

Conference: SECURITY


Note 342.0, 16-Sep-1997
Ferguson: How do encryption attacks know they work?
---------------------------------------------------
This isn't a practical question but rather one for curiousity:

I've always heard that the problem of decoding most encrypted data is
equivilent to factoring a very large number. That always made sense in
the context of explain how they work, but is that really true?

In particular, if I think I have factored a large number, I can verify
it by simple multiplication.

Do such attacks rely on being able to recognize the result as a message
(e.g. expecting clear text of some particular type) or is there some
corrolary to multiplying it back out to tell if you got it right?


Note 342.1, 16-Sep-1997
Kilgallen: Public Key is different
----------------------------------
> I've always heard that the problem of decoding most encrypted data is
> equivilent to factoring a very large number. That always made sense in
> the context of explain how they work, but is that really true?

That statement has relevance only to RSA encryption. El Gamal uses
logarithms, DES uses S-boxes, etc.

Strictly speaking, when applied to RSA encryption, the statement is
not true. That is, nobody has a better way than factoring (or
nobody who is talking, anyway), but nobody has proved (again, nobody

The DECUServe Journal October, 1997 Page 12
The Great Crypto Debate


who publishes their proofs) that there is not some alternative to
factoring.

> In particular, if I think I have factored a large number, I can verify
> it by simple multiplication.

Yes, the verification of factors part is easy. It is the factoring
part that is hard. It would be easy if the number you needed to factor
was 2 digits long. Instead, it is typically 300 digits long.

> Do such attacks rely on being able to recognize the result as a message
> (e.g. expecting clear text of some particular type) or is there some
> corrolary to multiplying it back out to tell if you got it right?

Most attacks involve a simple final step to verify that the decrypt
"worked". Brute force mechanized attacks might make the assumption
that most characters of the secret mail message you are attempting
to hide from the ARApolice have spaces every so often and typically
have a constant high-order bit. Your use of diacriticals on every
character and totally run-on words will foil them.

In that regard, public key cryptography is "different" because you have
a guaranteed check device provided -- the public key. If a message you
make up can be sealed with the public key and then unsealed withyour
trial private key you have reached the solution.

Note 342.2, 16-Sep-1997
Ferguson: How important is knowledge of the final form?
-------------------------------------------------------
>Most attacks involve a simple final step to verify that the decrypt
>"worked". Brute force mechanized attacks might make the assumption
>that most characters of the secret mail message you are attempting
>to hide from the ARApolice have spaces every so often and typically
>have a constant high-order bit. Your use of diacriticals on every
>character and totally run-on words will foil them.

Ah, so that's why Jeff puts a form feed every couple of sentences. :-)

So sending data of a known structural syntax (say X.12 EDI data, or a
Word document) makes this aspect a lot easier, whereas sending numeric
data as binary without obvious structure makes it a lot more difficult.
Fair?

How much more difficult are such attacks then when the result is not
easily discernable to be "right"? For example, so-called weak 40 bit
keys: couldn't you just encrypt it twice? Or is that still effectively
the same as some (other) 40 bit key (doesn't seem likely, but never
looked into the theory of these things).

Just wondering why 40 bit is exportable (or maybe 56 now?) but 128 is
not, but why can't one do 3 * 40 and get almost the same?


The DECUServe Journal October, 1997 Page 13
The Great Crypto Debate


Note 342.3, 16-Sep-1997
Wing:
------
Triple DES does exactly that, but takes three times as long to encrypt/
decrypt, of course. With DES there isn't (supposed to be) a key that would
decrypt in one pass.

Simply XORing something prior to encryption can help to prevent simple
brute force attacks. But the strengh in your encryption isn't security
through obscurity (of the method you're using for encrypting) but through
strength of the underlying mechanisms.

Note 342.4, 17-Sep-1997
Kilgallen: Without determining success, you have nothing
--------------------------------------------------------
> So sending data of a known structural syntax (say X.12 EDI data, or a
> Word document) makes this aspect a lot easier, whereas sending numeric
> data as binary without obvious structure makes it a lot more difficult.
> Fair?

Yes. With a symmetric cipher, regardless of whether it is a block cipher
(DES, IDEA, RC5) or a stream cipher (RC2, RC4) there is no way to determine
success unless one has a way to determine if the answer is "right". Known
plaintext is one method, which is how the British used sloppy German crypto
operations to compare the weather forecast when encoded to that in the clear.
That was proof-positive, although "looks like a weather forecast" is good
enough for evaluating a solution you have already reached. If you are
willing to send weather forcasts under your key, it will help me determine
that I have figured out your key when the other data you transmit is all
meaningless to me (binary counts of candy bars left in various vending
machines). Of course if your decoded messages are totally meaningless
to me there is considerable question whether decoding them is useful to
me.

> How much more difficult are such attacks then when the result is not
> easily discernable to be "right"? For example, so-called weak 40 bit
> keys: couldn't you just encrypt it twice? Or is that still effectively
> the same as some (other) 40 bit key (doesn't seem likely, but never
> looked into the theory of these things).

Depending on the algorithms used, it could be that you the result is
weaker when double-encrypted (the techy term is "super-enciphered").
3DES ("Triple-DES") has been analyzed by the academic community
with the result that there are no known (published) weaknesses
when it is used properly. Something you conjure up on your own
would not have the reassurance of that peer-review. Of course
this does not prove that _government_ cryptanalysts don't know
of a weakness that they are not divulging. After all, one of
the latest cryptanalytic tools, so-called "differential cryptanalysis"
was a recently-published technique, but those who go back to the
original NSA comments on Lucifer as part of the process of turning
it into DES indicate (in retrospect) that the NSA knew about the

The DECUServe Journal October, 1997 Page 14
The Great Crypto Debate


technique of differential cryptanalysis about 15 years before it
was published in the academic world. (The NSA particularly suggested
changes to the S-boxes which make DES more resistant to differential
cryptanalysis.)

> Just wondering why 40 bit is exportable (or maybe 56 now?) but 128 is
> not, but why can't one do 3 * 40 and get almost the same?

But a product which uses 40-bit encryption multiple times to produce
a super-enciphered result is _not_ exportable, and the NSA has tried
to get IEEE standards designed so they do not include super-encipherment.

Are they protecting the usefulness of their ability to break 40-bit
encryption (hey, the first RSA challenge was 40-bits and it was
broken by someone at Berkeley in less than a day), or is the NSA
protecting us from the dangers of super-encipherment applied
without full analysis? Not even Jesse Helms knows the full story.

Note 342.5, 17-Sep-1997
Kilgallen: Recommended Reading - Bruce Schneier
-----------------------------------------------
> Simply XORing something prior to encryption can help to prevent simple
> brute force attacks.

But those are _really_ simple attacks, such as your DECUS friends might
mount. Even at the time of World War II there were techniques for the
cryptanalysts to see through multiple levels of masking.

For additional reading in this area, I would recommend "Applied
Cryptography" by Bruce Schneier. He is also a very good speaker
if you get a chance to go to a Security conference. Typically his
first slide, regardless of the subject goes:

"There are two kinds of cryptography,
that which can protect against your kid sister
and that which can protect against national intelligence agencies.
This talk is about the latter."

Note 342.6, 17-Sep-1997
Ferguson: So I encrypt my secret rocket plans 3 times?
------------------------------------------------------
>But a product which uses 40-bit encryption multiple times to produce
>a super-enciphered result is _not_ exportable, and the NSA has tried
>to get IEEE standards designed so they do not include super-encipherment.

I'm confused. If I have a tool that can encrypt my message, can I not
just run it through 3 times? Do companies somehow have to build in
something to actively prevent multiple encryptions in order to export
them?


The DECUServe Journal October, 1997 Page 15
The Great Crypto Debate


Or are the safegaurds so lax that the only requirement is that the
default behavior of the product be a single 40 bit (or 56 or whatever
it is today) pass?

Note 342.7, 17-Sep-1997
Kilgallen:
-----------
I am sure that you could run it three times, Linwood, and get it right.
I am not so confident about all of those overseas employees of ARAmark.

> Or are the safegaurds so lax that the only requirement is that the
> default behavior of the product be a single 40 bit (or 56 or whatever
> it is today) pass?

Only the readily attained behavior counts. But to be useful for email,
for example, one would need an S-MIME standard for how to do 3DES. You
probably don't have easy access to that portion of your Email software to
switch it from DES to 3DES. If you did, that would affect the exportability
of that Email product.

Note 342.8, 17-Sep-1997
Ferguson: That policy really makes me feel safer
------------------------------------------------
>I am sure that you could run it three times, Linwood, and get it right.
>I am not so confident about all of those overseas employees of ARAmark.

Ahh, but the government isn't trying to protect against them, right?
It's hostile governments, terrorists, and international arms traders
we must fear. Fortunately all of them are too dumb to be able to
buy it in the US and FTP it to their www.bad-guys.com site in the
Bahamas. Or just download any of the numerous versions floating around.

Heaven help us if they ever stop giving low-IQ tests to the bad guys;
our government will have to take a whole different approach.


Note 342.9, 17-Sep-1997
Hahn: You can use strong encryption overseas
--------------------------------------------
PGP is available overseas to decrypt 128 bit encrypted material.
And it is legal software as it has not been exported from the US.
PGP has nothing to do with it. Here is how it was done.

PGP has released in book form, their software, non-US based
programers have scanned and OCRed the book then recompiled
and made it available in many countries. That software is
compatible with PGP software and is owned by foreign companies
and is available usualy for free on non-US FTP sites.


The DECUServe Journal October, 1997 Page 16
The Great Crypto Debate


You can have strong encyption data (files, e-mail...) sent
out of the US without breaking the US export laws. Your
foreign correspondent gets the the foreign "developed" software
and decodes the encrypted file.

You do need to exchange public keys and run some tests.

Note 342.10, 17-Sep-1997
Sivia: How about triple encrypts using different routines?
----------------------------------------------------------
I've been curious if the encryption strength gets stronger if somebody
does multiple encrypts using different types of encryption, like a
first pass using DES, then a second pass using 40-bit PC1, then a final
pass using 160-bit Blowfish. I'd imagine that doing this would make it
harder than decrypting the same material encrypted with something like
triple-DES. True?

Note 342.11, 17-Sep-1997
Sivia: How'd they get the encryption logic out legally?
-------------------------------------------------------
> PGP has released in book form, their software, non-US based
> programers have scanned and OCRed the book then recompiled
> and made it available in many countries. ...

Just curious... if the whole PGP code was available this way, wasn't
this in effect the (illegal) export of encyption technology out of the
US? For some reason I think I recall that all but the actual
encryption/decryption logic was made available in some fashion like
this and the encryption/decryption process was figured out based on
academic papers, etc. Or was this another Urban Legend?

Note 342.12, 18-Sep-1997
Lederman: Only in America?
--------------------------
There was a court ruling that printing a program in a book or other
traditional written media was protected, and not subject to the export
restrictions. Therefore, an encryption algorithm or entire program
printed on paper could be (and was) legally exported.

As soon as you put it into a machine-readable format, then it becomes
subject to export controls.

There was a 'famous' shirt with an encryption algorithm printed on it
in text form, and in bar code. Because the bar code could, at least in
theory, be machine scanned the shirt violated munitions export
regulations. Scratch off the bar code part, and the shirt is o.k.

If you can make sense of this, you're ahead of nearly all of the legal

The DECUServe Journal October, 1997 Page 17
The Great Crypto Debate


and government people currently setting or planning crypto laws.


Note 342.13, 18-Sep-1997
Merriman: Weak encryption bad for business
------------------------------------------
A few years back, when I was reduced to working for banks to
earn my beer money, I ran into some people who were very
concerned that the key escrow proposals being promoted by our
government at the time could have grave consequences for the
economy.

Foreign banks have no interest in making their encrypted
money transfers using a system where the U. S. Government had
access to their keys. They feared that the U. S. could be locked
out of the international funds transfer networks because foreign
banks would flat out refuse to do business with U. S.
institutions using key escrow encryption. This would obviously
make U. S. import and export transactions very difficult.

I'm back to dealing with box scores and hog reports again, thank
goodness, so I'm not aware of the current state of play in this
area.


Note 342.14, 18-Sep-1997
Briggs:
--------
> There was a court ruling that printing a program in a book or other
> traditional written media was protected, and not subject to the export
> restrictions. Therefore, an encryption algorithm or entire program
> printed on paper could be (and was) legally exported.

Makes perfect sense. 1st amendment and all that.

> As soon as you put it into a machine-readable format, then it becomes
> subject to export controls.

Makes some sense -- if it's machine-readable and not human readable then
it's pretty clearly not speech. (There is the obvious argument that
machine-readable stuff could be decoded into human-readable format and
thus constitutes speech and the obvious counter-argument that since
directly human-readable stuff is permitted, the restriction on machine-
readable stuff is reduced to a mere time, place and manner constraint).

> There was a 'famous' shirt with an encryption algorithm printed on it
> in text form, and in bar code. Because the bar code could, at least in
> theory, be machine scanned the shirt violated munitions export
> regulations. Scratch off the bar code part, and the shirt is o.k.
>
> If you can make sense of this, you're ahead of nearly all of the legal
> and government people currently setting or planning crypto laws.

The DECUServe Journal October, 1997 Page 18
The Great Crypto Debate

Makes sense to me.

Note 342.15, 18-Sep-1997
Kilgallen: Another aspect of that exportable book
-------------------------------------------------
The version of PGP sources that was published last January was printed
in an OCR font.

Note 342.16, 18-Sep-1997
Kilgallen:
-----------
> I've been curious if the encryption strength gets stronger if somebody
> does multiple encrypts using different types of encryption, like a
> first pass using DES, then a second pass using 40-bit PC1, then a final
> pass using 160-bit Blowfish. I'd imagine that doing this would make it
> harder than decrypting the same material encrypted with something like
> triple-DES. True?

One might think so, but I think the best approach is to go with solutions
like triple-DES which have undergone peer-review. There a few different
varieties of triple-DES, including one which is vulnerable to what is
called a Meet-In-the-Middle attack (MITM). It is quite possible there
are other attacks specifically useful when PC1 (is there such an algorithm?)
is used after DES but not before. The advantage of triple-DES is that
you can read about the degree of analysis it has undergone and ensure
you avoid operational errors.

Note 342.17, 18-Sep-1997
Ferguson: You might have to become a lawyer :-)
------------------------------------------------
>Makes sense to me.

It's easy to understand how it comes about, but if it makes *sense* to
you, then I'd not admit it in public.

Note 342.18, 18-Sep-1997
Lederman: One could consider all printed text to be machine readable now.
-------------------------------------------------------------------------
I'm not sure that printing in an "ocr" font really makes a difference
anymore. So few people used them for anything other than decorative
effects that the people who build scanner and OCR software optimize for
commonly used 'non-ocr' fonts.

Actually, there is a font called "OCR-B", which I've found quite
useful. This isn't the "OCR-A" font which has the funny 'computer'

The DECUServe Journal October, 1997 Page 19
The Great Crypto Debate


shaped charcters with mostly straight lines. It's a medium weight,
medium bold sans-serif font with all of the numerals designed to be
distinctive and easy to distinguish from each other, and to minimize
confusion between 1 and l and 0 and O. I used to use it for printing
mailing addresses, because it was easy for both machine scanners and
humans to read correctly. But that was on a dot-matrix printer, and
now that I use laser and ink-jet I need true-type or post-script fonts
and I've never been willing to spend $70 or so to get it.

Note 342.19, 18-Sep-1997
Hassinger: Scan-ability vs. read-ability...
-------------------------------------------
I can believe the story about the printed form being allowed by a court
and not the bar code version, but I have to wonder about it.

These days how much actual difference is there? Well printed text can
be OCR scanned about as well as bar codes can. So really, the machine
scan-ability would seem to technically not be a viable distinction. I
wonder if really the issue ends up being human read-ability instead?
If humans can readily read it, then it is protected speech, and if they
can not, then it is not protected?

Note 342.20, 18-Sep-1997
Holdrege: more legal manuvers
-----------------------------
another recent court decision said that if we can export the code in
written form, it is silly to restrict it in machine form. The case is
being appealed and the judge left the restriction in place for now.


Note 342.21, 19-Sep-1997
Kilgallen: from this distance, Marilyn Patel seems quite smart
--------------------------------------------------------------
I believe that Judge Patel only left the restriction in place for _other_
situations, but that Daniel Bernstein's work is currently unencumbered.

This seems like a wise move, to avoid an appearance of grandstanding.
We have lived with the current situation long enough that a few more
months won't hurt.

Note that Judge Patel only made that distinction based on the government
notice that they would appeal. From the government perspective, the best
thing might be _not_ to appeal, thus limiting the effect of the Patel
ruling. Now, however, they are locked in at least to the Appeals Court
level.

The question is, if the Appeals Court rules for Bernstein and the
government decides not to take it to the Supreme Court, can Patel
revise her ruling to make it apply to other bodies of crypto information.

The DECUServe Journal October, 1997 Page 20
The Great Crypto Debate

Note 342.22, 22-Sep-1997
Briggs: Do you think it doesn't make sense?
-------------------------------------------
> It's easy to understand how it comes about, but if it makes *sense* to
> you, then I'd not admit it in public.

What sense of "makes sense" (if any) do you think the public has in mind?

Note 342.23, 22-Sep-1997
Ferguson: I think their reported reasons for it are silly
---------------------------------------------------------
I just mean that I doubt most of the public believes that these
attempts to shut the barn door with the horses already long gone (and a
gaping hole remaining still) are worth their tax dollars.

Note 342.24, 23-Sep-1997
Dunnett: I guess they just can't trust anyone
---------------------------------------------
Isn't it rather scary that people who do think this obviously
pointless policy enhances national security are the same folks
who are in charge of such security?

otoh, this is the same government that wants to screw up
tourism and cross border trade by treating us poor Canadian
visitors like criminals ( apparently they're going to require
all tourists to get visas, be fingerprinted and get a photo id
card - makes sense, that way only the criminals will find it
easy to get into the US ).

Shouldn't someone tell these folks the cold war is over and they
can tone the paranoia down a bit?

Note 342.25, 23-Sep-1997
Campen: Worse, they might not be as dumb as you think.
------------------------------------------------------
What is even scarier is that perhaps they do know what they are doing.
Perhaps the export controls are to prevent the development of strong
encryption for domestic use by average citizens. Perhaps the spooks
_do_ understand that foreign governments, terrorists, international
drugdealers etc will be able to get strong encryption anyway but that
the people the government really wants to be able to keep an eye on
are your average person. This is the motiviation behind the domestic
key escrow proposals that the US government wants. It really scares
the Feds that they might not be able to spy at will on average citizens.


The DECUServe Journal October, 1997 Page 21
The Great Crypto Debate


> otoh, this is the same government that wants to screw up
>tourism and cross border trade by treating us poor Canadian
>visitors like criminals ( apparently they're going to require
>all tourists to get visas, be fingerprinted and get a photo id
>card - makes sense, that way only the criminals will find it
>easy to get into the US ).

I hadn't heard of this. Even for the Feds this sounds excessive and of course
the Canadian government would retaliate and implement similar rules for US
citizens crossing into Canada.

Note 342.26, 23-Sep-1997
Ferguson: You bet
-----------------
> What is even scarier is that perhaps they do know what they are doing.
> Perhaps the export controls are to prevent the development of strong
> encryption for domestic use by average citizens. Perhaps the spooks

Oh, I do not doubt that at all, and common businesses as well. If you
read the way I said a couple of things, it's what they *say* it is for
that bugs me. They just haven't got the guts to make the real issue
they want to make.

Note 342.2724-Sep-1997
Briggs: Makes sense != I support
--------------------------------
> I just mean that I doubt most of the public believes that these
> attempts to shut the barn door with the horses already long gone (and a
> gaping hole remaining still) are worth their tax dollars.

Now that's a sentiment that I can get behind. I only wish I shared
your confidence in the wisdom of the general public.

While I do think that export controls on bar-coded crypto T-shirts
"make sense", I also agree that on balance, they're a bad idea. And
in my opinion, it's a pretty lopsided balance.


Digital Support on the Web
------- ------- -- --- ---

Abstract:

Just how good a source of information is DECUServe? Good enough to
sometimes even tell Digital employees something about what's
happening with Digital. (Quiet, there in the peanut gallery.)

The DECUServe Journal October, 1997 Page 22
Digital Support on the Web


Participants:

Graham Pye, Don Vickers.

Conference: OFFICE_AUTOMATION


Note 210.0, 7-Aug-1997
Vickers: Informal Digital support forums on the web
---------------------------------------------------
Digital has established AltaVista Forum discussion forums for informal
support for a number of their office automation products.

The URL to access the forums is:

http://www2.digital.co.uk/forums/access/dispatch.cgi

There are currently forums for:

ALL-IN-1
OfficeServer
Mailworks for UNIX
TeamLinks for Windows
TeamLinks for Macintosh
Drivers

Enjoy,
don

Note 210.1, 11-Aug-1997
Pye: Nobody tells me nuffin :-)
-------------------------------
Don,

It's interesting that you knew about this before I did!!

At the moment, the forums seem to be write locked. Also, judging from
the URL, they're hosted in Britain...

Graham

Note 210.2, 11-Aug-1997
Vickers: All I know is what I read in my e-mail
-----------------------------------------------
Graham,

The site does seem to not quite ready for prime-time but is promising.

I notice that there were a few non-Digital folks registered before I
received he request from the young man from the island to your west to

The DECUServe Journal October, 1997 Page 23
Digital Support on the Web


announce the site.

Just doing my (small) part to help,
don


Why is Mail Bouncing?
--- -- ---- ---------

Abstract:

Mail Exchanger (MX) records in the Internet's Domain Name System
(DNS) are useful ways of routing mail destined for a given domain
name via an intermediate host. There are some subtle little details
in setting them up, however. And if you get things wrong, you won't
necessarily notice right away... but the people trying to reach you
will.

Participants:

John Briggs, Pat Scopelliti.

Conference: INTERNETWORKING


Note 484.0, 17-Sep-1997
Scopelliti: Why is mail to transportlaw.com bouncing?
-----------------------------------------------------
We're having problems sending mail to the domain transportlaw.com.
I've even sent the mail from here and it still bounces with the same
error. I've exchanged mail with the folks at the site, they claim
we're the only ones seeing this problem. Methinks we're the only ones
reporting it to them...

Note this fails both from my company system and here on DECUServe.
While I could well have something messed up in DNS, etc., I have trust
in DECUServe folks. I sent a mail message from DECUServe to
us...@transportlaw.com and my DECUServe mail forwards back to my home
system. Here's the bounced mail (I've replaced the actual username
with "user"):

--Boundary (ID ufjyZLrW9m7GOoIato7g5A)
Content-type: TEXT/PLAIN; CHARSET=US-ASCII

The message could not be delivered to:

Addressee: us...@transportlaw.com
Reason: Illegal host/domain name found.



The DECUServe Journal October, 1997 Page 24
Why is Mail Bouncing?


--Boundary (ID ufjyZLrW9m7GOoIato7g5A)
Content-type: MESSAGE/RFC822

Received: from Eisner.DECUS.Org by Eisner.DECUS.Org (PMDF V4.2-12
#4291) id
<01INRF0T7...@Eisner.DECUS.Org>; Wed, 17 Sep 1997 19:56:14 -0400
(EDT)
Date: Wed, 17 Sep 1997 19:56:14 -0400 (EDT)
From: "Pat Scopelliti @ Corning @ 607-974-3855"
<SCOPE...@Eisner.DECUS.Org>
Subject: Another test
To: us...@transportlaw.com
Message-id: <01INRF0T8...@Eisner.DECUS.Org>
Organization: Digital Equipment Computer Users Society
X-VMS-To: IN%"us...@transportlaw.com"
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT

Just testing to see if Tom's changes to his nameserver helped.

Pat

--Boundary (ID ufjyZLrW9m7GOoIato7g5A)--

Any idea what's going on?

Note 484.1, 18-Sep-1997
Briggs: DNS problem on their end
--------------------------------
> -< Why is mail to transportlaw.com bouncing? >-

Because the folks at computerworks.net don't know what an MX record is
supposed to point to.

TRANSPORTLAW.COM preference = 10, mail exchanger = 204.89.131.200
200.131.89.204.IN-ADDR.ARPA name = ziggy.computerworks.net

An MX record in the DNS is supposed to point to a host name, not an IP
address. It should read (in zone file format)

transportlaw.com. IN 10 ziggy.computerworks.net.


Contact Tom Rothamel at (516)754-6163. E-mail ro...@computerworks.net.
He's the technical contact for transportlaw.com and computerworks.net.


Relevant commands to look this stuff up:

$ MULTI NSLOOKUP /TYPE=MX TRANSPORTLAW.COM
$ MULTI NSLOOKUP 204.89.131.200

The DECUServe Journal October, 1997 Page 25
Why is Mail Bouncing?


$ MULTI NSLOOKUP /TYPE=SOA TRANSPORTLAW.COM
$ WHOIS TRANSPORTLAW.COM
$ WHOIS COMPUTERWORKS.NET

Note 484.2, 18-Sep-1997
Scopelliti: Will forward the info
---------------------------------
I'll forward the info.. I was not aware that MX records should point
at hostnames. I did pretty much the same nslookup tracking, but the
key point was missed.

Tom is the guy with whom I've been corresponding, so I'l forward the
info to him.

Shouldn't the recoed contain "MX" ?

transportlaw.com. IN MX 10 ziggy.computerworks.net.

Note 484.3, 22-Sep-1997
Briggs:
--------
Yup. My mistake.

Note 484.4, 22-Sep-1997
Scopelliti: Chalk up another one for DECUServe!
-----------------------------------------------
Closure.. all is well. Tom checked the RFC and it mentions "domain
name" not IP address.


Build Your Own PC
----- ---- --- --

Abstract:

Some things you might want to know when you build your own personal
computer out of commodity parts. (Gee... doesn't everyone?)

Participants:

Gus Altobello, Terry Kennedy, Howard Siegel.

The DECUServe Journal October, 1997 Page 26
Build Your Own PC


Conference: PERSONAL_COMPUTING


Note 930.0, 28-Sep-1997
Siegel: Problems building a PC
------------------------------
Many thanks to all who gave advice in the PC Motherboards topic... But
I've got a problem that I need help to diagnose and fix.

The hardware (so far):

Tyan Tomcat IV single cpu motherboard
Intel Pentium 200
32 Meg RAM (Two 16 Meg EDO RAM SIMMS)
Generic S3 Trio64UV+ PCI video board
Toshiba 16x CD drive
Teac 1.44Mb floppy drive
No-name mini tower case with 230 watt power supply
Sony 100SF 15 inch monitor

The problem:

Nothing happens. Nada. Zip. The big zero. Arghhhh!

OK, here is the story...

Did a minimum amount of assembly so as to get to the point where I can
just apply power and get to the BIOS to make sure that I didn't zap the
motherboard, memory, or the CPU.

Mounted the motherboard in the case, and connected the power supply
to the mother board, the CD and floppy drives. Have not yet connected
any of the drive cables nor the parallel and serial ports. The speaker
wires, the reset switch and the HD activity LED have been connected.
I did not connect the turbo switch nor speed display (the board has no
turbo capability, but has connectors. But, the connectors have different
numbers of pins than the connectors on the wire sets, so I didn't bother
to connect them). Was not able to connect the fron panel power LED
display wires as the manual doesn't indicate where to plug in the
connector.

Processor was socketed when purchased, but I attached the heat sink &
fan unit with power connectors in the path to the CD. Set jumpers for
an Intel P45C family processor (3.4 volts as I recall). Installed memory
and set jumpers for 5 volt RAM SIMMS (which I assume them to be).

Plugged in video card. No jumpers on it to set.

Connected power cord, keyboard, and display. Apply power. The green
LED on the motherboard goes on. The power supply fan and the heat sink
fan beginning spinning. Nothing else happens. No hissing. No sparks
flying. No burning odors. No video. No POST display. No BIOS display.
Nothing!


The DECUServe Journal October, 1997 Page 27
Build Your Own PC


We know the monitor is good since it was used not 5 minutes ago by a
friend who brought his PC over so we could install a second disk.
Swap his video board for mine. My video board works just fine in his
system. My system is still doing nada.

What do I check next?

Note 930.1, 28-Sep-1997
Kennedy:
---------
> 32 Meg RAM (Two 16 Meg EDO RAM SIMMS)

Just as a comment, I never use EDO memory since it's just about the same
speed as "classic" FPM memory, but you can get FPM with parity (36-but) a
lot more easily than you can find real EDO parity memory.

> Mounted the motherboard in the case, and connected the power supply
> to the mother board, the CD and floppy drives. Have not yet connected
> any of the drive cables nor the parallel and serial ports. The speaker
> wires, the reset switch and the HD activity LED have been connected.
> I did not connect the turbo switch nor speed display (the board has no
> turbo capability, but has connectors. But, the connectors have different
> numbers of pins than the connectors on the wire sets, so I didn't bother
> to connect them). Was not able to connect the fron panel power LED
> display wires as the manual doesn't indicate where to plug in the
> connector.

You might want to try unplugging whatever is connected to the reset con-
nector - if you've got a LED cable on there by mistake you could be sending
a continuous reset.

Almost all motherboards since the IBM AT have a single 5-pin connector
(keyed between pins 1 and 3) for keylock and power. I think pins 4 and 5
are power with 1 &3 being keylock, but the pinout is in the Tomcat manual.

> Processor was socketed when purchased, but I attached the heat sink &
> fan unit with power connectors in the path to the CD. Set jumpers for
> an Intel P45C family processor (3.4 volts as I recall). Installed memory
> and set jumpers for 5 volt RAM SIMMS (which I assume them to be).

Make sure your CPU speed jumpers are set right (there's a bunch of 'em).
Also, I think the Tomcat IV comes jumpered for split-rail CPU power (MMX
CPU) yet you say you have a "classic" Pentium, so check them as well. Each
Pentium has markings on it which can be decoded to determine which voltage
it needs. There is no single right answer for all Pentiums.

If you took the CPU out to attach the heat sink, make sure it is fully
seated and the locking lever on the socket is fully latched. Checking for
bent pins isn't a bad idea as well.

If you had to change the memory voltage jumpers back to 5V, somebody was
screwing around with the board before you got it - Tyan ships them set to

The DECUServe Journal October, 1997 Page 28
Build Your Own PC


5V.

You could have a cheapo power supply that doesn't support the power OK
signal, but that's pretty rare these days. Make sure your motherboard power
cables are on right (the black leads on each of the J8 and J9 power supply
cables should be adjacent to each other when the cables are connected to the
motherboard).

Many cases have a post on the back edge which can short out circuitry on
the Tomcat, as it doesn't have a screw hole in that location. There are
normally 4 mounting positions at the rear edge of the case. The left 2 are
almost always handled by nylon spacers. The rightmost one is almost always
a hex standoff. The one I didn't mention (next to the right) is the problem
one - if there's a metal standoff there, it needs to come out. You should
be able to see that there's no matching hole on the motherboard.

If you have a really warped motherboard or case, the front/right edge of
the motherboard can short out to the case - the Tomcats are missing holes
for standoffs at the front right and center right postions (the memory SIMM
sockets are in the way).

Lastly, this system does have a BIOS chip in it (28-pin [wide] IC with a
holographic "Award" sticker on the top, on the left side of the motherboard
about 2/3 of the way to the front) and a CMOS chip (tall wide IC with a
"Dallas" logo and/or a picture of a clock on it)?

Note 930.2, 28-Sep-1997
Siegel:
--------
> lot more easily than you can find real EDO parity memory.

It is non-parity EDO ram. In my immediate area, FPM memory is not as
common, and Fry's charges a lot more for FPM than EDO. This RAM
was purchased from the same place local outfit I got the CPU.

FYI, I've put played with enough SIMMs laterly (mostly on Macs) to know
how to insert them, so I'm sure mine are seated correctly.

> You might want to try unplugging whatever is connected to the reset con-
>nector - if you've got a LED cable on there by mistake you could be sending
>a continuous reset.

The front panel switch/LED wires have little black connectors on them
which are labelled by function. Except there is one set of 2 wires that
have a single pin connector pin connector on each wire, so there is no
room for labels. This set a green wire and a white wire that are twisted
together and come from the front panel power on LED. This set is not
connected as the manual does not indicate where they should be plugged
in.

Assuming the connectors are labelled correctly, then I've got the correct
wires on the correct pins. But I'll try pulling the reset connector and

The DECUServe Journal October, 1997 Page 29
Build Your Own PC


report back.

Note: The turbo switch and diusplay wires are also not plugged in. The
switch connector has 3 wires, but the board only has 2 pins. And, since
there is no turbo mode on the board, I didn't bother trying to resolve
which wires we for what and just let them hang.

> Almost all motherboards since the IBM AT have a single 5-pin connector
>(keyed between pins 1 and 3) for keylock and power. I think pins 4 and 5
>are power with 1 &3 being keylock, but the pinout is in the Tomcat manual.

This case has no keylock. Do I have to jumper some of the pins on the
keylock connector so the board thinks the keylock is in the "operate"
operate position? Perhaps this is where the front panel power on LED
wires should be plugged in? (FYI, LED is pins 1&2, keylock is 4&5).

> Make sure your CPU speed jumpers are set right (there's a bunch of 'em).

Done. Jumpers per 200 Mhz processor as indicated in the manual.

>Also, I think the Tomcat IV comes jumpered for split-rail CPU power (MMX
>CPU) yet you say you have a "classic" Pentium, so check them as well. Each
>Pentium has markings on it which can be decoded to determine which voltage
>it needs.

Power jumpers came originally for an MMX chip with split rail power. I
reset them as per the manual for a P45C classic Pentium. As I remember
when I purchased the processor, there is a paper label on the underside
from the store that sold it to me. This label obscured some of the
markings on the chip itself. I'll pull the chip out again and check.

> There is no single right answer for all Pentiums.

Even though the manual says all classic Pentiums are 3.5V, etc., etc.!

> If you took the CPU out to attach the heat sink, make sure it is fully
>seated and the locking lever on the socket is fully latched. Checking for
>bent pins isn't a bad idea as well.

The heat sink clips onto the sides of the socket so the CPU did not
have to be removed. The CPU chick was fully seated and locked down at
the store when I got it. There were no bent pins when it was installed,
and it has not been pulled out since.

> If you had to change the memory voltage jumpers back to 5V, somebody was
>screwing around with the board before you got it - Tyan ships them set to
>5V.

Nope. Memory voltage jumpers were factory set to 5V as per the manual.

>cables are on right (the black leads on each of the J8 and J9 power supply
>cables should be adjacent to each other when the cables are connected to the
>motherboard).


The DECUServe Journal October, 1997 Page 30
Build Your Own PC


Done. The sequence of wires is (from top of board down)

red
red
red
white
black
black
black
black
blue
yellow
red
orange

Hmmmm. The manual indicates the following pinouts (in the same pin order):

Good Power Signal
VCC
+12V
-12V
Gnd
Gnd
Gnd
Gnd
-5V
VCC
VCC
VCC

If the wire colors mean anything, then I seem to have them backwards, but
the power connectors only fit on the connector block one way, so it would
have been impossible for me to get it backwards. Wonder if the connectors
were miswired from the factory?

> Many cases have a post on the back edge which can short out circuitry on
>the Tomcat, as it doesn't have a screw hole in that location. There are
>normally 4 mounting positions at the rear edge of the case. The left 2 are
>almost always handled by nylon spacers. The rightmost one is almost always
>a hex standoff. The one I didn't mention (next to the right) is the problem
>one - if there's a metal standoff there, it needs to come out. You should
>be able to see that there's no matching hole on the motherboard.
>
> If you have a really warped motherboard or case, the front/right edge of
>the motherboard can short out to the case - the Tomcats are missing holes
>for standoffs at the front right and center right postions (the memory SIMM
>sockets are in the way).

The case came with no standaoffs or spacers installed. I put all of the
spacers and standoffs in myself. The back edge of the board has a nylon
spacer at the bottom under the AMIKEY chip, a nylon spacer at the very top
of the board next to pin 1 of the power supply connector block, and a
standoff in the middle below the SMC chip to the left of the middle
PCI/ISA slot pair. For the "middle" set, there are 2 standoffs, one

The DECUServe Journal October, 1997 Page 31
Build Your Own PC


at the bottom of the board next to the second to last ISA slot, and one
just to the upper right corner of the PCI driver chip about 1/3 down from
the top of the board. The front/right set has a standoff at the bottom
next to the green LED on the board, and a nylon spacer about 1/4 of the
board height down from the SIMM slots.

There are no other standoffs or metal brackets or flashings that are
making contact with the board. The standoffs appear to be within their
alotted areas and the screws that go in to them have a non-conductive
washer between them and the top of the motherboard.

This was one area of concern for me when I assembled the system. Since
I have a mini-tower case and the Tomcat is a BIG board, I couldn't
slide it into place around the disk cage. I had to pull the mounting
plate off, mount the motherboard, and put the plate back on. Once back
together, I made sure that nothing was shorting to the motherboard from
the edges or bottom.

> Lastly, this system does have a BIOS chip in it (28-pin [wide] IC with a
>holographic "Award" sticker on the top, on the left side of the motherboard
>about 2/3 of the way to the front) and a CMOS chip (tall wide IC with a
>"Dallas" logo and/or a picture of a clock on it)?

"Award Software Inc, (c) 1995, PCI PNP 586 SN.....", Pin 1 indicator
to the bottom/rear side of the board.

"Dallas DS12887A, Realtime, 9702A2...", Alarm clock logo to rear side
of board, Pin 1 indicator to the bottom/read side of board.

Note 930.3, 28-Sep-1997
Siegel: more info
-----------------
Just to make sure I have something close to a working power supply, I
popped the cables off the board and measured the following voltages
(shown realtive to the motherboard when the cables are plugged in):

.-------------------------------------------------
!
!
! .--.
! ! ! 5.2 V (Red)
! +--+
! ! ! 5.2 V (Red)
! +--+
! ! ! 5.2 V (Red)
! +--+
! ! ! -4.8 V (White)
! +--+
! ! ! 0.0 V (Black)
! .-----------. +--+
! ! ! ! ! (Black) <-- Voltmeter Reference
! ! Keyboard ! '--'

The DECUServe Journal October, 1997 Page 32
Build Your Own PC


! ! Connector ! .--.
! ! ! ! ! 0.0 V (Black)
! '-----------' +--+
! ! ! 0.0 V (Black)
! +--+
! ! ! -11.0 V (Blue)
! +--+
! ! ! 11.2 V (Yellow)
! +--+
! ! ! 5.2 V (Red)
! +--+
! ! ! 5.2 V (Orange)
! '--'
!
!
!
!


I also popped the CPU out and found the following on the underside:

FV8050220
SY045/VSU
ICOMP (r) 2 #=142
MALAY
L7321257-0685

Note 930.4, 28-Sep-1997
Kennedy:
---------
This is a 200Mhz part in a plastic package which doesn't support DP, FRC,
or APIC with a power requirement of from 3.4 to 3.6V.

Note 930.5, 28-Sep-1997
Kennedy:
---------
> It is non-parity EDO ram. In my immediate area, FPM memory is not as
> common, and Fry's charges a lot more for FPM than EDO. This RAM
> was purchased from the same place local outfit I got the CPU.

Ok. As long as you're sure it works.

> The front panel switch/LED wires have little black connectors on them
> which are labelled by function. Except there is one set of 2 wires that
> have a single pin connector pin connector on each wire, so there is no
> room for labels. This set a green wire and a white wire that are twisted
> together and come from the front panel power on LED. This set is not
> connected as the manual does not indicate where they should be plugged
> in.


The DECUServe Journal October, 1997 Page 33
Build Your Own PC


This is probably for a digital speed display on the front panel.

> Note: The turbo switch and diusplay wires are also not plugged in. The
> switch connector has 3 wires, but the board only has 2 pins. And, since
> there is no turbo mode on the board, I didn't bother trying to resolve
> which wires we for what and just let them hang.

That's a "universal" turbo switch (if it was a relay, it'd be a Form C).
Just put it on so that the center pin and one of the outside pins is on
the 2 motherboard pins. If the turbo LED comes on with the switch in, you're
all set. If it's off with the switch in and on with it out, then rotate the
turbo switch connector 180 degrees.

> This case has no keylock. Do I have to jumper some of the pins on the
> keylock connector so the board thinks the keylock is in the "operate"
> operate position? Perhaps this is where the front panel power on LED
> wires should be plugged in? (FYI, LED is pins 1&2, keylock is 4&5).

No, the keylock is activated when the contacts are closed. Open means the
system is usable. Even if it is locked, you just get a "system locked - please
unlock" on power-up.

I checked - pins 1 and 3 are the power LED, 4 and 5 are the keylock.

> Power jumpers came originally for an MMX chip with split rail power. I
> reset them as per the manual for a P45C classic Pentium. As I remember

P54C?

> when I purchased the processor, there is a paper label on the underside
> from the store that sold it to me. This label obscured some of the
> markings on the chip itself. I'll pull the chip out again and check.

Urk. Let me guess, white paper like an oversize supermarket price tag,
the word "ACME", and a bunch of numbers?

> Even though the manual says all classic Pentiums are 3.5V, etc., etc.!

Right. 3.5 should work for all of 'em, but Pentium parts with markings
like "Sxxxx/Sxx" work down to 3.135V, while the "Sxxxx/Vxx" want between
3.4V and 3.6V only.

> If the wire colors mean anything, then I seem to have them backwards, but
> the power connectors only fit on the connector block one way, so it would
> have been impossible for me to get it backwards. Wonder if the connectors
> were miswired from the factory?

I doubt it. You should probably try another supply if you have one avail-
able, though.

> The case came with no standaoffs or spacers installed. I put all of the
> spacers and standoffs in myself. The back edge of the board has a nylon
> spacer at the bottom under the AMIKEY chip, a nylon spacer at the very top
> of the board next to pin 1 of the power supply connector block, and a

The DECUServe Journal October, 1997 Page 34
Build Your Own PC


> standoff in the middle below the SMC chip to the left of the middle

Metal standoff? Is there a matching mounting hole in the motherboard there?

My understanding is you bought at least the CPU chip, memory, and mother-
board from the same local vendor? You should be able to go there and say "it
doesn't work", either still in the case or naked. They should be able to set
it up on a workbench and try it for you - if something's broken the should
swap it for you, and if it works they may want to charge you something. If
you bring the case and power supply along, and (for example) the problem is
the power supply [and you didn't buy it there] you can probably get out of
the service charge if they sell you a replacement power supply.

Note 930.6, 29-Sep-1997
Siegel: my .2 volts worth
-------------------------
> This is a 200Mhz part in a plastic package which doesn't support DP, FRC,
>or APIC with a power requirement of from 3.4 to 3.6V.

DP? FRC? APIC? Gezundheit!

The Tyan manual says all P54C (Pentium Classic) chips take 3.5 V. The
dealer that sold me the CPU says 3.3 V. The place that sold me the
mother board says 3.3 V. Both say 3.5 is ok and won't hurt the chip
it should be 3.3 V.

Note 930.7, 29-Sep-1997
Siegel: Voltages under load
---------------------------
Later, I connected the power supply back to the CD and floppy drives an
took another reading. The +/- 12 V lines measure between 11.9 and 12.2
with the load.

Also tested the reamining power leads and they come out fine too.

I think the power supply is ok.

Note 930.8, 29-Sep-1997
Siegel: The long and winding road
---------------------------------
> Ok. As long as you're sure it works.

Called the place where I got the CPU and RAM, described the problems,
and they said come in and they'll test the processor and ram and replace
anything defective. I did. They said the processor was fine, but both
ram modules where bad. Hmmmmm. Those are the first DOA ram modules I've
seen in about 2 dozen that I've installed.


The DECUServe Journal October, 1997 Page 35
Build Your Own PC


> This is probably for a digital speed display on the front panel.

Yup. Not gonna use it (at least for now), so have not plugged in the
supply leads, turbo switch leads or turbo LED leads.

> That's a "universal" turbo switch (if it was a relay, it'd be a Form C).
>Just put it on so that the center pin and one of the outside pins is on
>the 2 motherboard pins. If the turbo LED comes on with the switch in, you're
>all set. If it's off with the switch in and on with it out, then rotate the
>turbo switch connector 180 degrees.

Maybe I'll do that if I have to take the motherboard out for any reason,
as some of the connectors are hard to get at at the moment.

> I checked - pins 1 and 3 are the power LED, 4 and 5 are the keylock.

That's what the manual says. I plugged in the front panel power on LED
to pins 1 & 3. Works fine.

> P54C?

Yup. Dyslexic fingers!

> Urk. Let me guess, white paper like an oversize supermarket price tag,
>the word "ACME", and a bunch of numbers?

Close. Name of dealer, stock number, stock date, and words to the effect
that the warrantee is void if the sticker is tampered with. Same on the
SIMMs.

> Right. 3.5 should work for all of 'em, but Pentium parts with markings
>like "Sxxxx/Sxx" work down to 3.135V, while the "Sxxxx/Vxx" want between
>3.4V and 3.6V only.

Both dealers where I've purchased parts are saying classic Pentiums are
3.3 V. But 3.5 is ok too. Neither bothered to check the stampings on
the bottom of the processor chip. I've got the jumpers set for 3.3 volts
now, but it is really easy to change back to 3.5.

> I doubt it. You should probably try another supply if you have one avail-
>able, though.

There was not enough information in the manual to tell which end is pin 1
in the picture of the connectors with the pin functions. Turns out the
wiring is fine. The Tyan web site has a "how to install the motherboard"
section that has a nice closeup color picture of the power connectors
after installation and the wire colors and order match mine, so I guess
I'm ok. Plus, I would think that if things were backwards, it would smoke
the board.

> Metal standoff? Is there a matching mounting hole in the motherboard there?

Yup metal. Brass hex posts. I only installed these posts where there
was a matching hole in the motherboard. The other holes were obviously

The DECUServe Journal October, 1997 Page 36
Build Your Own PC


for the nylon spacers. Turns out the Tyan web page mentioned above
recommends that you only use 1 metal standoff and screw, and that is in
the hole toward the center of the rear edge of the board (near the SMC
chip). For the holes that normally take a screw and post, they say to
use a nylon spacer with the back end cut off.

The place where I purchased the motherboard now says that I should have put
the nylon washers on both sides of the board at the screw holes.

> My understanding is you bought at least the CPU chip, memory, and mother-
>board from the same local vendor?

OK. Case purchased at a place in West LA. Motherboard, floppy drive, CD
drive, and video board from a dealer with a store in Glendale, but parts
actually purchased at a computer show in Reseda. Ethernet board
purchased from dealer at same computer show, not sure where the retail
store is located. CPU and RAM purchased at a dealer a couple of miles
from home. Hard disk purchased at Fry's. Monitor purchased at Best Buy
a couple miles from home.

> You should be able to go there and say "it
>doesn't work", either still in the case or naked. They should be able to set
>it up on a workbench and try it for you - if something's broken the should
>swap it for you, and if it works they may want to charge you something. If
>you bring the case and power supply along, and (for example) the problem is
>the power supply [and you didn't buy it there] you can probably get out of
>the service charge if they sell you a replacement power supply.

Took the whole assembly to the local CPU/RAM place. They "tested" the
CPU and RAM. CPU was fine. RAM replaced. I asked if it was ok to try
and boot the machine without the RAM and would at least an initial BIOS
screen be displayed if all was ok. They said "yeah, that'll work".
(If I'd asked them to test the whole motherboard & video board assmbly
they would have wanted to charge me for the work).

Took everything home. Put in CPU. Left out RAM. Same results.

Called motherboard place. Started to tell them the story. Before I
could finish, they said come in and they'll take a look at it. Packed
everything up and ran over. Openned the case, checked the jumpers, looks
fine. Plugged it in, turned it on. Nothering. Looks into case again
and sees no RAM. I finish story. He says they lied... Says the RAM
modules MUST be in before the BIOS will display anything (assuming
motherboard, CPU and RAM are working). Put in RAM. Power up........

BIOS shows Tyan Tomcat IV motherboard, 1 Pentium 200-S processor, 32 Meg
RAM, S3 Trio64UV+ video chipset. Yeah!!!!!!!!!!!!!!! (Of course it
hangs there because there are no disks connected as yet).

Head home a happy camper!


The DECUServe Journal October, 1997 Page 37
Build Your Own PC


Note 930.9, 29-Sep-1997
Siegel: Thanks for the advice
-----------------------------
Hey folks. Thanks for all the help so far. Keep it coming!

This has really been an adventure! I've been used to digging around
inside big VAXen, and have had to dig a bit inside the Alphastations
at work (one was delivered with extra memory, but was not installed
with the boards interleaved, so the machine onyl saw one third of the
total memory). And except for installing extra RAM in a few Macs, have
never had to fiddle inside a PC class machine.

It is really amazing how much abuse this stuff can take. I've had the
RAM and processor in and out a whole bnunch of times. The video boards
in my friends machine and mine swapped a bunch of times, etc., etc.
It is especially amazing gizen the seemingly cheap and sometimes slipshod
assembly of some of the parts. If one didn't realize before, then this
would really show you just how much all this stuff has been commoditized!
No wonder the PC is beating the Mac into the ground. Not as nice, still
a bit clunky, but very much less expensive and available in large quantity
everywhere.

Now that the basic machine works, it is time to install the hard disk
(the CD and floppy are already installed), cable up all the disks, and
attempt to put Windows 95 on from scratch. Now that'll be an adventure!
I'm sure there'll be more questions as I go.

Note 930.10, 29-Sep-1997
Altobello: Pointer to Rosetta Stone, please...
----------------------------------------------
As a followup, Terry, where did you get the CPU sticker information
translation in .4?

I've found "Tom's Hardware Page" (lookup in Yahoo) to be a source of
much (hopefully correct) information. Any other suggestions?


Note 930.11, 29-Sep-1997
Kennedy:
---------
"Intel Pentium(R) Processor Specification Update", ftp://download.intel.com/
design/pentium/specupdt/24248030.PDF or visit http://developer.intel.com,
click on "search" and enter "Pentium and specification update".

Also, "Intel Boxed Pentium Processors Installation Notes", order number
661369-001 (hardcopy only, comes with each boxed CPU).


The DECUServe Journal October, 1997 Page 38
Wide disk, narrow controller


Wide disk, narrow controller
---- ----- ------ ----------

Abstract:

The next several notes are taken from a stream titled "9GB Disks:
RZ40 and HSJ50 performance". Dealing with a profusion of part
numbers, components, shelves, narrow vs. wide, and so on can be bad
enough. Now suppose you're dealing with a rather LONG supply line.

Participants:

Linwood Ferguson, Gary Gladstone, Keith Parris, Russell Swatek,
Glenn Zorn.

Conference: HARDWARE_HELP


Note 2138.12, 5-Sep-1997
Swatek: Reqmnts for HSJ to drive wide RZ?
-----------------------------------------
<<< Note 2138.5 by EISNER::FERGUSON "Linwood" >>>

>> We have a bunch of RZ28 and RZ29 wide versions in wide shelves on
>> HSJ50's. We know they are running in narrow mode, but spent the extra
>> few dollars to be prepared if we wanted to put in HSJ<future> that
>> would do wide.

I have 8650s (VMS 5.5-1Hx) with HSC50s & RA92s, and a HSJ30 with TZ87s.
I also have 4 RZ29B-VWs (from an Alphaserver 8200 we decided not
to use). We would like to replace the HSC50/RA92 suite with more
HSJs and RZxxx-Vy (or whatever new part number is).

What is required to drive the wide RZ29B-VWs from a
SW500-FC/HSJ30-CA setup?

Note 2138.13, 6-Sep-1997
Ferguson: It just worked - sometimes
------------------------------------
Ours are in wide shelves with the narrow adapter, though we had one
shelf which had the 16 bit adapter and a 8/16 bit cable adapter and
that worked as well. We've also mixed 8 and 16 bit in the same shelf,
but that did not always work correctly (we had some RZ26's, RZ28's
(both narrow) and RZ29-wide's and could not get all three to work at
once, had to yank the RZ26's. If I recall we also had to put all the
wide at one end (I don't recall which, but think the low address end)

I haven't tried plugging them into a narrow shelf. I was under the
impression that would work as well, but not at all sure.


The DECUServe Journal October, 1997 Page 39
Wide disk, narrow controller


Note 2138.14, 8-Sep-1997
Parris:
--------
As Linwood said, you need a wide shelf with a narrow personality module to
connect wide drives to an HS[J|D|Z][30|40|50]. The SBB User's Guide that comes
with each new drive notes that new drives are now marked with symbols
indicating their compatibility with wide and/or narrow shelves.

Note 2138.15, 9-Sep-1997
Swatek: Actual Part Numbers?
----------------------------
Hate to be a pest, but does anybody have the actual Part Numbers
for the cables, personality card, rack ... to drive the wide RZ29B-VWs
from a SW500-FC/HSJ30-CA setup?

Our DEC salesman sold us this very HSJ30 "complete subsystem" with
TZ87s to connect to our CI-bus, he just unfortunately forgot to
include the HSJ30 controller card in the order. The supply chain
takes months to get to the South Pacific, so it took about 8 months
to make these drives operational.

Note 2138.16, 9-Sep-1997
Zorn: Parts list
----------------
The following are numbers from the Nov '96 US Catalog

HSJ30 - Realize this controller will be retired on 30-NOV-1997 (see the
2-SEP-1997 Customer Update)

HSJ30-CA No cache
HSJ30-CD 16 Mbyte cache
HSJ30-CF 32 Mbyte cache

BA350-MA - HSJ controller shelf
BA350-MB - HSJ controller shelf with power and brackets

BA356-SC - Shelf with no personality module
BA35X-MG - 8 Bit module for BA356
BA35X-HF - 150 W power supply
BN21H-xx - SCSI cable were xx is length (HSJ to BA356)

Note 2138.17, 9-Sep-1997
Gladstone:
-----------
If you are using the controllers with write-back cache, don't forget the
controller batteries (I'm not sure if the batteries are standard).


The DECUServe Journal October, 1997 Page 40
Wide disk, narrow controller


Note 2138.18, 18-Sep-1997
Swatek: Thanks for Part Numbers :-)
------------------------------------
<<< Note 2138.16 by EISNER::ZORN "Glenn Zorn" >>>

Thanks for quick detailed response. Our order is out to Midwest,
and with luck equipment will be working in 4 months.


What's a CardBus?
------ - --------

Abstract:

A discussion of what the heck a CardBus is. We'll give away the
short answer: another name for the PCMCIA version 3 spec. Details
follow.

Participants:

Michael Mazzoni, Kevin Roels, Alan Striegel.

Conference: HARDWARE_HELP


Note 2169.0, 1-Sep-1997
Mazzoni: What is CardBus?
-------------------------
What is CardBus? Is it a new, more easily pronounced name for PCMCIA, or are
CardBus cards different from PCMCIA cards?

Note 2169.1, 2-Sep-1997
Roels: Cardbus is faster
------------------------
It is different. CardBus offers a higher-speed serial interconnect bus
than is normally used in laptops. There is a significant performance
improvement to be had if you are using 100 meg ethernet cards, for
instance.

Note 2169.2, 5-Sep-1997
Striegel: Features of CardBus
-----------------------------
CardBus is the tradename for the PCMCIA v3 specification. A CardBus slot
will accept any older PC Cards and use them in the same old way, but the new
spec allows for a number of features that were never present in the original
PCMCIA (now often referred to as PC Card-16 to distinguish them).

The DECUServe Journal October, 1997 Page 41
What's a CardBus?

o 32-bit data paths
o DMA
o bus mastering
o much higher speeds (up to 132 MBps vs 8 MBps)
o advanced power management
o lower voltage option

Higher-speed network adapters seem to be one of the prime reasons for
wanting CardBus, but Microsoft just rolled out support in the OEM Service
Release 2 version of Windows 95, so not everybody could take advantage of
CardBus devices even if they had them until about November of last year.


PATHWORKS Auditing
--------- --------

Abstract:

How to get auditing enabled in PATHWORKS V5.0e; the mystery of the
undocumented auditing keywords revealed.

Participants:

Laurie Knepper, Mark Yahnke.

Conference: PATHWORKS


Note 922.0, 12-Sep-1997
Knepper: Turning on auditing in Pathworks for VMS V5.0e
-------------------------------------------------------
Pathworks V5.0e on an AXP with VMS 6.2. How do I turn on the Pathworks
audit logging? When I click on "Enable Auditing" to change it from O,
nothing happens. When I click on specific items to audit, nothing
happens. We are having some trouble with access via NT Workstation 4.0
PCs and would like to turn this on to help diagnose what's happening
(new setup that we're trying to debug). TIA!

Note 922.1
Yahnke: Edit PWRK$LANMAN:LANMAN.INI
-----------------------------------
Hello Laurie,

The problem is solved by editing the LANMAN.INI file and changing
the settings there. The area you tried is information only.

Edit the file PWRK$LANMAN:LANMAN.INI - ours looks like this:

The DECUServe Journal October, 1997 Page 42
PATHWORKS Auditing



[server]
alertnames = ADMIN,D19753
auditing = BADSESSLOGON,BADUSE,BADNETLOGON
security = user
SRVCOMMENT = Pathworks V5.0E

I cannot remember all the keywords, or where to find them. If you
need them let me know and I will find them...

Good luck!

Mark Yahnke

Note 922.2, 19-Sep-1997
Knepper: Please, would appreciate the "undocumented" keywords!
--------------------------------------------------------------
The keywords would be greatly appreciated. DEC Support got back to the
other system manager around the time I got the info here. He edited
the .INI file and got it working, using AUDIT = YES. Apparently, this
turns on everything, which is not neccessarily what we're going to want
in the long run. Support said they'd get us the list of keywords, but
so far, it's not been forthcoming.

I'm not understanding why the other system manager is coming across
major Pathworks features that are not documented in the online books,
nor in DEC's online support database. You shouldn't have to make a
phone support call to find out how to turn on a feature like auditing.
I'm not sure what went wrong during the installation, but our Help
option is not working in the Pathworks Administration program, either.
However, DEC Support told him the auditing stuff is not documented, so
I don't guess it would have been in Help, either. This makes no sense
to me.

Note 922.3, 19-Sep-1997
Yahnke: Keywords for Auditing
-----------------------------
Hi Laurie,

The optional events are as follows: LOGON, LOGONLIMIT, NETLOGON,
GOODNETLOGON, PERMISSIONS, RESOURCE, SERVICE, SESSLOGON, BADSESSLOGON,
GOODSESSLOGON, USE, BASUSE, GOODUSE, USERLIST

This stuff is documented in the MS LAN Manager Admin. Reference guide.
A full set of MS LAN Manager docs were delivered with the v5 client
stuff. If you started with v6 client then I don't think DEC sent
them.

Anyway, you can use AUDITING=keyword,keyword, etc. or you can use
AUDITING=YES and then on another line below that use NOAUDITING=

The DECUServe Journal October, 1997 Page 43
PATHWORKS Auditing


keyword, keyword, etc.

By the way, I can relate to your frustrations with DEC "noSupport"...

Note 922.4, 23-Sep-1997
Knepper: DECUServe ahead of DEC Support.... again
-------------------------------------------------
Thank you muchly!!


PATHWORKS Printing
--------- --------

Abstract:

A short exchange concerning some slightly-altered behavior in recent
versions of PATHWORKS, which can unexpectedly bust printing
services.

Participants:

Josef Derflinger, Mathew Greener, Chuck McMichael, Patrick Stair.

Conference: PATHWORKS


Note 915.0, 17-Jul-1997
Derflinger: PRINTING FROM WINDOWS 95
------------------------------------
Problems with windows95 and pathworks.
First I can't seem to make it see my server in the networking
neighborhood icon, properties will say no properties available.
Second configuring LPT2: to print to \\SERVER\PRINTER will tell me
that the printer is not available
But: The drive shares are visible, accessible, LAT works for a regular
VT setssion.
Config: WIN95 version of PW6.0 on the alpha machine PWV5.1.
Any help is appreciated.

Note 915.1, 19-Jul-1997
Greener: Some fixes, maybe?
---------------------------
If you configure at least one Win95 machine to provide services the
OpenVMS/VMS servers will suddenly appear in the network neighborhood.

Do you have PW ver 1.0A for Win95?

The DECUServe Journal October, 1997 Page 44
PATHWORKS Printing

Note 915.2, 21-Jul-1997
Derflinger: WINDOW VERSION
--------------------------
No I used 7.0A, but did not install printer server. Do not seem to
understand the concept, because the vms machine is the print server.
All documentation reads about printing to win95 client, I want to use
the printer hooked up to my vms machine.

Note 915.3, 21-Jul-1997
McMichael: Is the VMS end set up to share?
------------------------------------------
On the VMS machine, from your SYSTEM account, issue the command
NET SHARE <printername> /PRINT

Also, the printer's share name has to be the same as the VMS queue name.

Note 915.4, 22-Jul-1997
Derflinger: THANKS
------------------
Thank you, that is it.
Printer share must be the same name as the vms queue name. Why the
change? PWV5 it could be any name

Note 915.5, 22-Jul-1997
Stair: LAN Manager is main reason, I think
------------------------------------------
Say hello to LAN Manager, aka PWV5. Actually, you can define a logical that
points to the queue, and then build the printer share based on that
logical. (I can't find where I read a good illustration of this;
perhaps it was on DSNlink.)

I was initially frustrated by having to use the queue names also, but
now I find that it simplifies things (one less translation I have to
do, one less name to keep track of). And if I add the "/DESCRIPTION"
field to the INITIALIZE/QUEUE commands that build the VMS queue, this
description will show up in Win/95 and Win/NT print manager, so that
gives all the info they need, usually.


The DECUServe Journal October, 1997 Page 45
About the DECUServe Journal


About the DECUServe Journal
---------------------------

The DECUServe Story

DECUServe is an electronic conferencing system, somewhat related to
bulletin board systems but much larger and more organized. It is
devoted to the general area of computer technology such as systems,
software, hardware, and communication, in the Digital and related
third party vendor market area.

DECUServe also has complete access to and from the Internet. Usenet
Newsgroups are accessible using newsreaders from DECUServe and the
comp.os.vms newsgroup is added to a VAX Notes conference of its own.

DECUServe is included as a part of the Sustaining member package for
US DECUS which costs $40 a year. A DECUServe membership for other
members of US DECUS is $35 a year. A DECUSere subscription for
foreign members costs $75 per year.

The conferencing system is available nearly 24 hours a day, seven
days per week. There is no hourly connect charge. The subscriber
pays communication costs to a phone number in eastern Massachusetts.
Reduced rate communication services are available in some areas and
INTERNET access is available (node - eisner.decus.org).
Subscriptions must be used by a single person. Company or group
subscriptions are not available, nor may subscriptions be
transferred.

DECUServe uses the Digital VAX Notes conferencing software. We
currently have over 50 technical conferences available on subjects
such as Security, the VMS Operating System, ALL-IN-1, Databases,
Site Management, Personal Computing, DEC Networking, Third Party
Software, Hardware, Workstations, the World Wide Web and many more.
Over 130,000 technical notes are on line. All conferences,
including the Frequently Asked Questions (FAQ) from the Usenet
newgroups, are indexed to allow for fast text content searches.

You can obtain up to the date statistics and information via the
World Wide Web at the URL
http://WWW.DECUS.ORG/decus/decusv/index.html which provides a number
of options. One option displays the activity in each of the
technical conference. Another option allows you to read issues of
the DECUServe Journal which is published worldwide every month and
contains samples of the discussions that occur 24 hours a day.

If you have access to Internet mail, you can receive a DECUServe
Application form directly. Send mail to
appli...@eisner.decus.org -- the mail text may be blank. On-line
subscription information is available in the U.S. by dialing
1-800-521-8950 and logging in with username INFORMATION.

The DECUServe Journal October, 1997 Page 46
About the DECUServe Journal


Publication Information

Topic threads in the DEC Notes conferences on DECUServe are selected
for publication on the basis of strong technical content and/or
interest to a wide audience. They are submitted to the editor from
various sources, including DECUServe Moderators, Executive Committee
members, and other volunteers. Suggestions for inclusion are
enthusiastically solicited. Articles selected for publication are
edited on an OpenVMS VAX system in TPU and then formatted with
Digital Standard Runoff.

Contact Information
-------------------

The editors of the DECUServe Journal are Brian and Sherrie McMahon.
They can be reached by any of the following means:

mcma...@decuserve.decus.org
mcma...@decuserve.decus.org
mcma...@decus.org
grif...@decus.org
bmcm...@cisco.com
Work phone: +1 408 527 0434

0 new messages