On 7 Mar 2013, at 15:46, Johnny Billquist <bqt at softjar.se> wrote:
Ah. That is another issue. If your terminal (xterm in this case) is configured to use UTF-8, then you will not work well against a machine that do not use UTF-8 (it's a mess).
Johnny
Oh god, just had a horrid flashback to calling BBSes in Finland in the early 90s with people using {}\| for etc.
In Portugal they just gave up and used apostrophes for accents, acute goes before the letter, grave goes after. Wait or is it the other way around?
sampsa <sampsa at mac.com>
mobile +961 788 10537
On 2013-03-07 12:45, Jordi Guillaumes i Pons wrote:
Al 07/03/13 00:59, En/na Johnny Billquist ha escrit:
I hope you are aware of the fact that telnet by default is not 8-bit
clean. :-)
Well, sort of. The same xterm configuration displays (and inputs) 8 bit
characters if I telnet to a linux box...
That is probably because at connection time, telnets negotiate the capabilities between them. You can get very different behavior depending on what you have on each side.
I think it is related to the usage of UTF-8 in the unix machine... I
have reconfigured my ubuntu laptop to use ISO-8859-15 and it now _seems_
to work.
Ah. That is another issue. If your terminal (xterm in this case) is configured to use UTF-8, then you will not work well against a machine that do not use UTF-8 (it's a mess).
Johnny
Cory Smelosky <b4 at gewt.net> writes:
On 6 Mar 2013, at 21:48, "Brian Schenkenberger, VAXman-" =
<system at TMESIS.COM> wrote:
"Jerome H. Fine" <jhfinedp3k at compsys.to> writes:
=20
{...snip...}
Seriously, has anyone ever successfully developed a virus for
a VMS system? I think I heard that there was a yearly contest
to see if anyone could compromise a VMS system and it failed
every year.
=20
A few (2-3) years ago, there was a reported security elevation exploit =
that
involves a stupid buffer contamination exploit in =
SMG$READ_COMPOSED_LINE and
any VMS utility that employed it and that was installed with =
privileges. It
turned out that the INSTALL utility could be exploited. It was NOT =
simple
to do but it could be done. I implemented a weaponized PoC to exploit =
the
security vulnerabity. It was, happily, quickly addressed. =20
=20
There was also another exploit wherein one could send, via VMS mail, =
the
equivalent of an attachment using /FOREIGN. If the attachment was =
created
with SUBMIT-ON-CLOSE and the file was read by a privileged user, all =
bets
were off. Again, this was quickly subdued before it became a =
widespread
exploit. That, IIRC, was about a decade ago.
=20
Not a bad record at one vulnerability per decade. ;) The only real =
success
stories of infiltrating VMS all stemmed from social engineering and =
not, to
my knowledge, from security holes in the OS.
I was recently watching a DEFCON talk about breaking in to VMS=85no =
remote vulnerabilities were found. They all required human stupidity or =
an existing account.
http://www.youtube.com/watch?v=3DXf7gVma6_3g
The vulnerability I spoke to WRT the SMG$READ_COMPOSED_LINE is discussed
in this video; however, these VMS neophytes (and I still believe that the
fellow discussing the SMG$ issue was given information about this from a
disgruntled VMS engineer as he clearly does NOT know what he is speaking
about) were tutored by others. The nonsense about using a logical name
still makes me spew a mouthful of coffee, assuming I'm drinking it, upon
my screen and keyboard when I watch that video you've linked. To exploit
the security hole (now patched) required self-modifying Alpha code. It's
not very likely that these guys had the wherewithal to accomplish such a
feat with their neanderthal approach to the subject they presented.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
Al 07/03/13 00:59, En/na Johnny Billquist ha escrit:
I hope you are aware of the fact that telnet by default is not 8-bit clean. :-)
Well, sort of. The same xterm configuration displays (and inputs) 8 bit characters if I telnet to a linux box...
I think it is related to the usage of UTF-8 in the unix machine... I have reconfigured my ubuntu laptop to use ISO-8859-15 and it now _seems_ to work.
On 6 Mar 2013, at 21:48, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
"Jerome H. Fine" <jhfinedp3k at compsys.to> writes:
{...snip...}
Seriously, has anyone ever successfully developed a virus for
a VMS system? I think I heard that there was a yearly contest
to see if anyone could compromise a VMS system and it failed
every year.
A few (2-3) years ago, there was a reported security elevation exploit that
involves a stupid buffer contamination exploit in SMG$READ_COMPOSED_LINE and
any VMS utility that employed it and that was installed with privileges. It
turned out that the INSTALL utility could be exploited. It was NOT simple
to do but it could be done. I implemented a weaponized PoC to exploit the
security vulnerabity. It was, happily, quickly addressed.
There was also another exploit wherein one could send, via VMS mail, the
equivalent of an attachment using /FOREIGN. If the attachment was created
with SUBMIT-ON-CLOSE and the file was read by a privileged user, all bets
were off. Again, this was quickly subdued before it became a widespread
exploit. That, IIRC, was about a decade ago.
Not a bad record at one vulnerability per decade. ;) The only real success
stories of infiltrating VMS all stemmed from social engineering and not, to
my knowledge, from security holes in the OS.
I was recently watching a DEFCON talk about breaking in to VMS no remote vulnerabilities were found. They all required human stupidity or an existing account.
http://www.youtube.com/watch?v=Xf7gVma6_3g
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
"Jerome H. Fine" <jhfinedp3k at compsys.to> writes:
{...snip...}
Seriously, has anyone ever successfully developed a virus for
a VMS system? I think I heard that there was a yearly contest
to see if anyone could compromise a VMS system and it failed
every year.
A few (2-3) years ago, there was a reported security elevation exploit that
involves a stupid buffer contamination exploit in SMG$READ_COMPOSED_LINE and
any VMS utility that employed it and that was installed with privileges. It
turned out that the INSTALL utility could be exploited. It was NOT simple
to do but it could be done. I implemented a weaponized PoC to exploit the
security vulnerabity. It was, happily, quickly addressed.
There was also another exploit wherein one could send, via VMS mail, the
equivalent of an attachment using /FOREIGN. If the attachment was created
with SUBMIT-ON-CLOSE and the file was read by a privileged user, all bets
were off. Again, this was quickly subdued before it became a widespread
exploit. That, IIRC, was about a decade ago.
Not a bad record at one vulnerability per decade. ;) The only real success
stories of infiltrating VMS all stemmed from social engineering and not, to
my knowledge, from security holes in the OS.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
On 2013-03-07 00:49, Jordi Guillaumes i Pons wrote:
Telnet (either using -e telnet XXXX or from a local shell).
Oh, and I'm sure it is a keyboard problem and not a display problem. I can see the national characters on screen when I TYPE a file which contain those...
Jordi Guillaumes i Pons
Barcelona - Catalunya - Europa
El 07/03/2013, a les 0:39, Johnny Billquist <bqt at softjar.se> va escriure:
How do you connect to the VMS system?
I hope you are aware of the fact that telnet by default is not 8-bit clean. :-)
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
Telnet (either using -e telnet XXXX or from a local shell).
Oh, and I'm sure it is a keyboard problem and not a display problem. I can see the national characters on screen when I TYPE a file which contain those...
Jordi Guillaumes i Pons
Barcelona - Catalunya - Europa
El 07/03/2013, a les 0:39, Johnny Billquist <bqt at softjar.se> va escriure:
How do you connect to the VMS system?
On 2013-03-06 23:46, Jordi Guillaumes i Pons wrote:
Hello list,
I have been following this discussion about terminal emulators and I have decided to give xterm a(nother) try. I have built an .XResources file with this content:
XTerm.vt100.decTerminalID: 220
XTerm.vt100.allowScrollLock: True
XTerm.vt100.appkeypadDefault: True
XTerm.vt100.backarrowKey: False
XTerm.vt100.c132: True
XTerm.vt100.cursorBlink: True
XTerm.vt100.fontWarnings: 1
XTerm.vt100.geometry: 80x25
XTerm.vt100.faceName: lucida console
XTerm.vt100.faceSize: 12.0
XTerm.vt100.utf8: false
XTerm.vt100.locale: ISO8859-1
XTerm.vt100.keyboardType: vt220
XTerm.vt100.keyboardDialect: Z
(The "Z" keyboard dialect corresponds to the spanish DEC keyboard)
Now it seems to work quite well displaying stuff, and the keypad and the rest of application keys work, BUT the 8 bit spanish/catalan symbols DO NOT. What is curious about this is if I connect to a linux/OSX system the 8-bit stuff works (characters like , , , and vowels with tilde). But as soon as I connect to an VMS machine it DOES not. It seems to drop the highest bit.
The .Xresources configuration is the final one I worked on (the keyboardType and keyboardDialect are late additions, just to try to fix it). I have not been able to make it work with the local keys...
Any idea?
How do you connect to the VMS system?
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
On 2013-03-06 13:52, Brian Schenkenberger, VAXman- wrote:
Johnny Billquist <bqt at softjar.se> writes:
{...snip...}
Good question. I just let it use the default font, whatever that is.
Also, I just looked and noticed that Ctrl-Right Mouse shows an option
for enabling double sized characters. Do you have that, and is it enabled?
CTRL-MB3 ;) shows that they are selected. Same here too with default font.
Ok. The only thing I can think of is missing fonts then, and unfortunately I don't know which font xterm tries to use.
I can try looking at the sources of xterm later, but it would appear your setup in most ways match mine, yet we seem to get very different results.
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
