SPARTA President’s Corner
contributed by Randy Springs
One third of 2019 is behind us, and it’s time to start thinking of vacations and travel plans. We are busy at my company with preparations for our pending merger, and management is focusing on documenting our procedures and processes. We’re also integrating some new members into our mainframe team.
Our speaker this month will be Glen Schneck of GT Software, with a presentation on z/OS APIs and their implementation and uses. Join us to learn more about how you can help keep the mainframe alive and innovative with new applications and opportunities to be the best solution for your company.
Your SPARTA group still needs a volunteer to replace Pam Tant as treasurer. This position would involve about two hours per month. Please consider serving and talk to me about the position.
Please plan to join your colleagues for pizza, networking, and education on Tuesday, May 7 at LabCorp.
(subject to change)
May 7, 2019 - z/OS API’s In Action by Glenn Schneck of GTSoftware
June 4, 2019 - TBD
July 9, 2019 - TBD
We need ideas and volunteers for future speakers. Presentations don’t have to be fancy, just informative and interesting. Even a 5 or 10 minute talk can start an interesting interaction. Contact Ron Pimblett by phone as noted below.
Board of Directors
Randy Springs - President
BB&T (919) 745-5241
3200 Beechleaf Court, Suite 300
Raleigh, NC 27604
Ron Pimblett - Vice President
MDI Data Systems
Land line 613 599 6970
Mobile 613 981 6919
190 Guelph Private
Kanata, ON K2T 0J7
Chris Blackshire - Secretary
Retired (Dell, Perot Systems, Nortel) (919) nnn-nnnn
Durham, NC 27713
Randy Springs - (Acting) Treasurer
BB&T (919) 745-5241
Ed Webb - Communications Director
SAS Institute Inc. 919-531-4162
SAS Campus Drive
Cary, NC 27513
Mike Lockey - Web Master
Guilford Co. Information Services 336-641-6235
201 N. Eugene St.
Greensboro, NC 27401
Meetings are scheduled for the first Tuesday evening of each month (except no meeting in January), with optional dinner at 6:15 p.m. and the meeting beginning at 7:00 p.m.
These monthly meetings usually are held at LabCorp’s Center for Molecular Biology and Pathology (CMBP) near the Research Triangle Park (see last page). Take I-40 to Miami Boulevard and go north. Turn right onto T.W. Alexander Drive. Go about a mile or so. Then turn right into LabCorp complex and turn Left to the CMBP Building (1912 T.W. Alexander Drive). In the lobby, sign in as a visitor to see Bill Johnson. Bill will escort you to the conference room.
Call for Articles
If you have any ideas for speakers, presentations, newsletter articles, or are interested in taking part in a presentation, PLEASE contact one of the Board of Directors with your suggestions.
The SPARTA policy is to e-mail a monthly notice to our SPARTA-RTP Group. The newsletter is posted to the website about five (5) days before each meeting so you can prepare. The SPARTA-RTP Group is maintained by Chris Blackshire; if you have corrections or problems receiving your meeting notice, contact Chris at firstname.lastname@example.org.
November 2018 “CBT Tape” Shareware Online
The directory and files from the latest CBT tape V496 (dated November 11, 2018) are available from www.cbttape.org.
If you need help obtaining one or more files, contact Ed Webb at SAS (see Board of Director’s list for contact info).
Minutes of the April 2, 2019 Meeting
• The meeting was called to order at 7:00 PM by
Randy Springs, the SPARTA President.
• The meeting was held at a LabCorp conference room in RTP, N.C.
• Fourteen (14) people were present.
• Everyone introduced themselves, told where they worked, and briefly described their job functions or their job hunting challenges.
• The minutes of the March 5, 2019 meeting as published in the April 2019 Newsletter were approved.
• The March 31, 2019 Treasurer's report was approved as published in the April 2019 Newsletter. As of 03/31/2019, the current balance was $1,114.72.
• Call For Articles: Articles are needed for this newsletter. If you would like to write an article for this newsletter, please contact Ed Webb. Keep in mind that you don't really need to write the article, it can be an article that you read that you would like to share with the membership.
• The SPARTA Web page is available. To access the SPARTA Web page, point your Web browser to this site: http://www.spartanc.org. Please send any comments or suggestions about the Web page to Mike Lockey. Be sure to check the Web page every once in a while to see any new or changed information.
• Randy reminded everyone to leave the LabCorp conference room clean.
• 2019 meeting dates, Future Speakers and Topics (subject to change based on internal politics, budget, the weather):
May 7, 2019
z/OS API’s In Action: Several User Success Stories
June 4, 2019
z/OS Network Security
July 9, 2019
August 6, 2019
September 10, 2019
SHARE 133 Update
October 1, 2019
November 5, 2019
December 3, 2019
If you have suggestions about speakers and topics, contact Ron Pimblett.
• The next SPARTA monthly meeting will be on
Tuesday, May 7, 2019 at Labcorp in RTP.
• Food for the May 7 meeting will be Pizza.
• The 2019 membership fee is due ($30) starting
in February 2019. Please pay Randy Springs.
• Thanks to LabCorp and Bill Johnson for hosting
• There are currently 88 people on the
SPARTA-RTP e-mail list.
• Send any e-mail address changes to Chris Blackshire so he can
update the SPARTA-RTP Listserv. You will be added by the
moderator (Chris = SPARTA-RTPemail@example.com) sending you
an invitation to Join the list.
• No update from Chris on the process of putting
a package together for Brad Carson, Tommy Thomas, and John
Bryan's SPARTA contributions and death information on the web
page under a new Emeritus section.
• No update from Randy Springs on the SPARTA
website connection to LinkedIn.
• No update about whether SPARTA needs to change
the website to HTTPS access.
• Randy Springs is looking for a new Treasurer
volunteer. He projects about 2 hours per month is needed.
- The treasurer position duties are:
- - Collect dues and pay expenses at each monthly meeting.
- - Deposit income at the BB&T bank monthly.
- - Make an updated monthly excel income-expense list for the monthly newsletter.
- - Give a Treasurer report at each meeting.
- - One Time: Be added to the checking account authorization.
- Contact Randy Springs if you are interested.
• LabCorp Meeting Place Update from Bill
Johnson: move dates are undetermined.
• The Business portion of the meeting ended
about 8:03 PM.
Presentation Topic: SHARE 2019 Phoenix
By Ed Webb of SAS
• Why Go to SHARE?
• Odds and Ends
• Best Sessions
• Sessions of Interest
• z/OS Service Status
• SHARE Status
• WHY GO TO SHARE?
- z/OS 2.4 Preview and late-breaking z/OS 2.3 news and IBM review of z14 ZR1
- Networking with peers and IBM developers and executives re-energizes your z work back home
- SHARE Requirements Carry More Weight with IBM than an individual RFE
- IBM’s committed to satisfy 20% of SHARE Core Technology Top 80 Requirements in z/OS 2.3
- - Delivered 5, Rejected 6, Planned 4 of Top 82
• ODDS AND ENDS
- Request for Enhancements (RFE) for new suggestions or requirements to IBM
- - http://www.ibm.com/developerworks/rfe/
- IBM z14 HMC Does Not Have Classic Interface
- - Order It Now for your z13 HMCs
- - Mobile HMC app for iOS and Android
- - - “Starbucks IPL”
- Search for 'share inc a2z' for SHARE App
- Hot Topics Now Maintained by IBM Systems Magazine
- - http://ibmsystemsmag.com/mainframe/hot-topics/
- Recent Topics:
- - Trusted Key Entry Policy Wizards
- - IBM Z Content Solutions
- - Container Pricing for Z Brings Predictability to Costs
- - What to Do When Tape Delivery Disappears
• BEST SESSIONS That I Attended
- 24738 Keynote: Endeavor to Succeed
- - By Captain Mark Kelly, US Navy, ex-Astronaut
- 24658 Zowe Installed and Configured: A User's Experience
- - By Dan Jast of IBM POK, a Systems Programmer
- 23964 Mainframe Penetration Testing 101
- - By Mark Wilson of RSM Partners
- 24123 Use z/OSMF to install a Software Product
- - by Kurt Quackenbush of IBM
- 24622 What’s New in z/OS 2.4 – Valley of the Sun Edition
- - By Gary Puchkoff of IBM
- 24583 z/OS Executive Forum
- - by David Jeffries, IBM VP of z/OS and many others
- 24028 Curious about SR changes and Support Transformation
- - By Michael Stephens of IBM
- 23895 Bit Bucket x’39’ (57 Sessions)
- - By a host of characters
- - Coffee Has Gotten Expensive by EJ
- - ISPF Crazy by Tom Conley
- - CBTtape.org file967 User Collection for ISPF (CUCI)
• z/OS SERVICE STATUS
- z/OS 1.9 End of Service was Sept. 30, 2010
- z/OS 1.10 End of Service was Sept. 30, 2011
- - Two more years (until Sept. 2013) for a fee
- z/OS 1.11 End of Service was Sept. 30, 2012
- - Two more years (until Sept. 2014) for a fee
- z/OS 1.12 End of Service was Sept. 30, 2014
- z/OS 1.13 End of Service was Sept. 30, 2016
- z/OS 2.1 End of Service is Sept. 30, 2018
- z/OS 2.2 End of Service is Sept. 30, 2020
- z/OS 2.3 End of Service is Sept. 30, 2022
- z/OS 2.4 End of Service is Sept. 30, 2024
- z/OS V2 has 5 years of Support plus 3 more years of fee-based Support
• SHARE STATUS
- SHARE Attendance Trending Upward
- - 1400 at Phoenix is larger than San Antonio in 2016
- 4 Women in IT sessions
- No Sessions Recorded in Phoenix
- - SHARE is re-evaluating recordings for Pittsburgh
- LapTop Covers Given Away at Phoenix
- SHARE 132 was March 10-15, 2019 in Phoenix
- SHARE Affiliate Rate is $99 Per Year (no voting)
- SHARE Select Membership (Annual Corporate)
- SHARE Monthly Webinars between Conferences
- - Registration required but free
- - Some vendor sponsored
- SHARE “Day” 8:30-5:30 (most breaks 15 min.)
- - 2-hour lunch starting in Pittsburgh (to accommodate Lunch and Learn issues)
- SHARE Mobile App for iOS and Android
- - Earlier Availability
- - Sharing between devices still needs work
- Submit Your Proposal to Speak at SHARE in Pittsburgh by Friday, March 29, 2019
- - SHARE Proceedings Access Needs SHARE Userid (free)
- - Go to www.share.org
• Future SHARE Conferences
- SHARE 133 Pittsburgh, Pennsylvania
- - August 4-9, 2019
- - Make Hotel Reservations Now
- SHARE 134 Fort Worth, Texas
- - February 23-28, 2020
- SHARE 135 Boston, Massachusetts
- - August 2-7, 2020
• Presentation Access - See the SPARTA webpage
for the complete presentation.
• Contact Info:
Phone: (919) 531-4162
• The April 2, 2019 monthly meeting ended about 8:50 PM.
Treasurer’s Report for March 2019
contributed by Randy Springs
The balance in the account is $1165.70 as of
April 30 2019.
SPARTA Financial Report
4/1/2019 through 4/30/2019
|Opening Balance 4/1/2019||$1,114.72|
|Food money donated||$53.00|
|Bank Service Charges|
|BANK BALANCE 04/30/2019||$1,060.65|
|PETTY CASH on hand||$105.05|
|TOTAL FUND BALANCE||$1,165.70|
Items of Interest
SPARTA Schedule and Menu for 2019
contributed by Chris Blackshire
May 7, 2019 - Pizza
June 4, 2019 - Chicken
July 9, 2019 - Subs (changed because of July 4 holiday in previous week)
August 6, 2019 - BarBQ
September 10, 2019 - Pizza (changed because of Labor Day holiday in previous week)
October 1, 2019 - Chicken
November 5, 2019 - Subs
December 3, 2019 - BarBQ
SHARE Pittsburgh is Less Than 90 Days Away!
Contributed By Ed Webb
Registration, Agenda and Hotels are available for SHARE Summer 2019 in Pittsburgh, PA on August 4-9. Start finalizing approvals and book your room now. Early discounted Registration ends June 21.
And be prepared to participate at SHARE in 2020 at one of these announced venues:
SHARE Winter 2020: Ft. Worth, Texas February 23-28
SHARE Summer 2020: Boston, MA August 2-7
You can always see the future SHARE schedule here.
How Long Should a Password Be?
Contributed By Chris Blackshire
For a long time, the common thinking was that the best, most practical passwords consisted of a random combination of upper and lower-case letters, numbers, and a special character or two. If so composed, password length needed to be only eight characters.
Randomness remains important, but as it turns out, size matters more.
A password today should have a minimum of 12 characters, and ideally, 16 or even more.
Large-scale account hacks
When you hear about large numbers of accounts being stolen by a hack at some service provider, you are naturally concerned that the hacker might now have access to your account names and passwords. If the service was storing your actual passwords, that could indeed be the case.
In fact, most services store an encrypted (technically, a "hashed") form of your password. For example, if a password was "password" (and that's a very poor password, of course), then a service might store "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", which is the hash value that corresponds to that password.
What that means is that hackers do not get a list of user names and passwords. What they get is a list of usernames and password hashes.
And what's great about hashes is that you can calculate a hash from a password, but you cannot do the reverse—you cannot calculate the password from the hash. As a result, one would think that by being hashed it'd be pretty unhackable, right?
If they can respond to an "I forgot my password" request with your actual, current password, then they have stored your password. This is bad. Best practice is to reset it to something new, either via a reset link, or by emailing a new password to you exactly once, after which the service no longer has it.
For the technically curious, an un-salted sha256 as the hashing function used here. That's technically better than md5 or sha1 that's commonly used. Sadly, not so much.
The most common type of password attack is simply a high-speed guessing game. This doesn’t work on an actual log-in page; they're slow, and will quickly deny further access after too many attempts. But this technique works wonderfully if the hacker has the entire database of account and password hashes sitting on his computer.
These attacks involve starting with an exhaustive list of possible words and known common passwords (including names, profanities, acronyms, and more) and perhaps a few rules to try interesting and common ways that people try to obfuscate words. They calculate the hash of each guess, and if it matches what was found in the compromised database of account information that they're working against, they've figured out the password for that account.
As we'll see in a moment, it's easy for hackers to make an amazing number of guesses is a short amount of time.
That's why you're not using that kind of password, right? That's why a password created from a totally random combination of characters is best. It forces hackers to move on to a true brute force attack of every possible combination to gain access.
Brute force attacks
Computers are fast. In fact, the computer on your desk is so fast that its ability to do simple operations is measured in terms of billions of operations per second.
Creating a password hash is not a simple operation, on purpose. However, it's still something that can be done very quickly on most machines today. Spread the work over a number of machines—perhaps a botnet—and the amount of processing power that can be thrown at password cracking is amazing.
The net impact is that it's now feasible to calculate the encrypted hash values for all possible eight-character passwords comprised of upper and lowercase alphabetic characters and digits.
Sixty-two possible characters (26 lower case, 26 upper case, 10 digits), in each of the eight positions gives us 221,919,451,578,09013, or over 221 trillion, combinations. (Special characters were left out for this example, but you get the idea - length is better).
This seems like a lot, until you realize that an off-line attack, which is easily performed once you've stolen a database of usernames and encrypted passwords, can be completed in a few hours. (This assumes technology which can "guess" something like 10 billion passwords per second—which, for those performing these kinds of attacks, is quite possible.)
It doesn't matter what your password is; if it's eight characters and constructed using upper and lower case letters and numbers, the hackers now have it—even if it was hashed by the service they stole it from.
Why 12 is better and 16 better still
As we've seen, eight-character passwords give you over 221 trillion combinations, which can be reasonably brute-force guessed offline in hours.
Twelve characters give you over three sextillion (3,279,156,381,453,603,096,810). The offline brute-force guessing time in this case would be measured in centuries.
Sixteen takes the calculation off the chart. Today.
That's why 16 is better than 12, and both are better than eight.
What about special characters?
Let's say that the system you're using allows you to use any of 10 different "special characters" in addition to A-Z, a-z, and 0-9. Now, instead of 62 characters, we have 72 possibilities per position.
That takes us to 700 trillion possibilities.
Compare that to sticking with the original 62 letters and numbers, but adding only a single character to make it a nine-character password. That takes us to over 13 quadrillion possibilities.
Yes, adding special characters makes your password better, but significantly better yet is to simply add one more character. So add two. Or six.
Long passwords are good, passphrases are better
The difference is really a semantic one, but in general: * A password is a random string of characters. * A passphrase is a longer string of words.
Why passphrase? Because they're easier to remember, and they're easier to make long—and as we saw, password length is perhaps the single easiest way to increase the security of a password.
"BT6aKgcAN44VK4yw" is a very nice, 16-character long, secure password that's difficult to remember. In fact, the only way to use this is with a password manager of some sort that remembers it for you.
On the other hand, "Its fleece was white as you know nothing John Snow", at 50 characters, is wonderfully long, secure, and most of all, memorable. (You may need to leave the spaces out of sites that don't allow them).
Even the best eight-character passwords should no longer be considered secure. Twelve is "good enough for now," but you really should consider moving to 16 for the long run.
And one other VERY important point:
Use a different password for each different site login you have. That way, a password compromised on one service won't give hackers access to everything else.
What is "the cloud"?
Contributed By Chris Blackshire
We have to start by throwing away this silly, silly term, "the cloud." It's nothing more than a fancy marketing term. Ultimately, it has no real meaning.
The cloud is nothing more than services provided online over the internet.
Seriously, that's all it is.
Another way it was recently explained was this: "The cloud' is simply using someone else's computer.”
Be it services that provide a place to store your data, enable you to communicate with others, provide applications, sell you things, or answer your technical questions—it's all happening in the cloud.
That's nothing new.
The cloud is new in name only.
You've probably been using online services long before anyone thought to slap the name cloud on 'em.
* Do you have an online email account like Outlook.com or Gmail? You're keeping your email in the cloud.
* Do you use any kind of email? It gets from point "A" to point "B" through the cloud.
* Do you upload pictures to a photo-sharing site like Flickr, Picasa, or Photobucket? That's the cloud.
* Do you use an online backup service? You've been backing up to the cloud.
You get the idea.
We really need to drive home the point that this thing people are calling the cloud is nothing new, and you've been using it already—probably for years—and almost certainly before that silly name was attached to it.
So let's jettison the name and all the baggage comes with it, and call this what it really is: online services.
Wit and Wisdom continued
Contributed by Ed Webb
• If you think nobody cares if you're alive, try missing a couple of car payments.
• Everyone seems normal until you get to know them.
• If you tell the truth, you don't have to remember anything.
• On matters of style, swim with the current; on matters of principle, stand like a rock.
• The less you know, the more you feel urged to show that you know it.
• We acquire the strength we have overcome.
Don’t Forget the Next SPARTA Meeting
Tuesday, May 7, 2019
Location: LabCorp in RTP
Use 1912 TW Alexander Drive, Durham, NC 27703 in
your map app.
Take I-40 to Miami Boulevard and go north. Turn right onto 1912 T.W. Alexander Drive. Go about a mile or so. Then turn right into LabCorp complex and turn left to the CMBP Building. In the lobby, sign in as a visitor to see Bill Johnson. Bill will escort you to the conference room.
Free Food before meeting: Pizza, Sodas and
z/OS API’s In Action: Several User
Speaker: Glenn Schneck of GTSoftware
P.O. Box 13194
Research Triangle Park, NC 27709-3194
First Class Postage
SPARTA Corporate Sponsors: