Slashdot Mirror
Learning a New OS... and Fast!?
Inexile2002 asks: "I've been asked to assist a consultant on a project using VMS and basically have four days to figure out enough that I'm actually of some use. (We're not doing development, just security reviews, so I'm not totally screwed.) Originally I was going to ask for advice on how to start teaching myself VMS from scratch including best books and support websites when I realized that there is a more generic issue here. What are people's thoughts on learning a new OS and learning it fast? Have people found optimal ways to pick things up quickly, get a familiarity with commands and underlying logic? How about learning the basics when you can't actually install and play with the OS in question?"
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Books will only go so far. Real-world experience is the only thing that counts.
I've been asked to assist a consultant on a project using VMS and basically have four days to figure out enough that I'm actually of some use.
I seriously doubt that you will learn enough in 4 days to be of any use. You will probably slow down the others who do know what they're doing. I would just admit that I didn't know anything about the OS, but would like to work along with the others to learn.
I've always thought consultants were overpaid. This proves it. See this week's Dilbert strip for proof.
Monday
Tuesday
Wednesday
Thursday
The fastest way to learn a new OS is see what commands a user type to get job done. You could stand behind someone who is proficient with that OS, but it's pretty annoying. If you are lucky you could find 'RECORD/REPLY' key in some old keyboard(like those you find in 3270 keyboard). Press it and walk away and wait for a unaware user to come....
:)
Oh you are a security reviewer? Nevermind then...
Security reviews? Is that all? It's not like that requires any in-depth knowledge of the operating environment. You're off the hook!
xxxyyyxxx@graduates.iti.com. ie: ITT Tech, Chubb, etc. I pray for this young lad....
With no offence to him, (I did it myself when I first got into the industry)but he shouldn't have taken/applied for this job.
I wish underqualified people wouldn't apply for jobs they can't do. This screws everyone else, because they get them sometimes.
-sdst
You can not learn enough about an OS to consult on its security, and if I'd hired you to look at my systems and later found out you hadn't even been on them a week prior, I'd likely turn around and sue you pantless.
If strictly looking at code or similar is your plan, and you're only worried about being able to navigate the system enough to look at source, I'd suggest looking at the little intros that are part of any college coursework involving the OS. Chance are you can find all kinds of class notes and course workbooks with Google.
The most common things that need to be done are done on all OSs - it's just frustrating to do the translation (I'm sure there's a way to add a user but what is it??). You won't be much, if any, good in 4 days but one useful tool is a book like the "Universal Command Guide" (www.ucgbook.com). Unfortunately while it bills itself as "Every Command, Every OS" that must be for limited values of "Every" since VMS, Plan9, OS370, VxWorks, etc. are not mentioned.
Still, it is a handy, if imperfect, reference if you mostly use one of [Windows, *nix, Netware, Macintosh, MSDOS] but sometimes need to recall how to do something on other than your primary OS.
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
We're being Trained on Macs for Mac support for printers (OS8/9/X)
In little after the first 3 days I was confident enough to take on any problem, and even offer advice to others in my class/the teachers. I was surprised how I caught on so fast, OSX was a breeze since it is Unix based.
I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
Find out what VMS uses for grep and then type the equivalent of this at the command line:
grep "Here's where the buffer under-run starts" *.c
Opinions on the Twiddler2 hand-held keyboard?
check out http://troubleshooters.com
He has a book on "Rapid Learning" for tech professionals.
aloha,
dave
Just call up Tank and ask him to download it into your brain. Presto-chango! .. oh wait, you aren't in the Matrix. .... or ARE you?
----- rL
rtfm and no sleep.
I'm not going to actually touch a machine. Period. I'm going to be handling physical security and the people side of the policy - ie. What business process are involved in granting or revoking user accounts and how are code changes managed on a process side. That's my job.
I do touch the tech often enough that I'm helping out the VMS guy. Mostly, that'll mean doing his documentation for him when he's done his testing. I just want to be conversant enough that I won't be a time suck while I document everything. As for learning, I find I don't know what to ask the sys admins if I don't know anything about the OS. Even when I know the system, I play dumb... it's just going to be much much easier to play dumb for VMS.
Basically, I could go in to this and not know a thing about VMS and it wouldn't really hurt my ability to do my job. However, that's not the way I like to do things... I handle processes and policies but the more I know about the client...
"Learning a New OS... and Fast!?"
shouldnt that be Learning an Old OS... ?
What is the consultant expecting you to do. Knowing that helps you know what to learn. On the other hand, you may wind up just being a gofer.
The first place I always look in this circumstance is the Rosetta Stone of Unix aka " What do they call that in this world?" Unfortunately, vax mainframes aren't one of the listed. Read up on the DEC stuff, since they had a similar design philosophy. I remember two things about VMS: prepare to go all caps, and version control is with a semicolon and file version after it for every file. Good luck.
http://tinyurl.com/4ny52
A very good collection of links and information conserning VMS can be found here
The site is very insightful.. and I think it can be read through in a couple of hours. =)
You can connect with telnet of SSH.
Four days to learn a new OS?
- stop surfing the web
- stop posting self-help questions to Slashdot
- start doing your work
The best way I have found to learn anything really fast is to be given a task from a boss who doesn't really how much work getting the task done before the deadline involves.
I've learned a lot of things that way. I probably haven't learned them correctly or as well as I should but it has helped.
Good luck to you!
On a more related note I do remember a very good resource on VAX/VMS security. I can't find it now but it was along the lines of how to hack a Vax. it outlined a lot of security issues and how it differs from the Unix world.
If your local bookstore for some reason is out of stock (as the book is one of their top sellers), try SAMS Press' "Teach Yourself VMS in 24 Hours".
You won't be disappointed...
Read this backwards. And this. And see if you can find this at a local bookstore.
Beware, Nugget is watching... See?
It seems you asked 2 questions. The first being (seemingly): help me learn VMS in 4 days. The other being about the general opinion of learning a new OS. I figured I throw my hat in to the ring on the first one. (I use OpenVMS at work, and Linux at home; I figure I'm qualified).
s net/vms-unix -commands.html
/path/to/this/file.txt it is $set def(ault) [path.to.this]file.txt. Directories are surrounded by [square brackets] with dots "." separating sub-dirs. Also there are probably multiple file systems on several disks; the disk where the OS lives is most likely called DISK$SYSTEM, and the users (aka /home) is prolly on DISK$LOG. You can bounce around from folder to folder without specifying the filesystem, but to move to another fs you have to specify it: SET DEF DISK$SYSTEM:[PATH.TO.THIS]FILE.TXT
VMS is really quite similar to Unix-y OS's. What really flipped the switch for me was the how to pass parameters to the commands in VMS.
This page has helped me the most. In fact I have a print out taped up in my cube for easy reference.
http://www.physnet.uni-hamburg.de/phy
Dont get discouraged by some of the long commands. As long as you have the unique chars it knows what you mean. The command DIRECTORY is shortened to DIR.
Also the man equivelent in VMS is the HELP command. The help docs are complete and very well done.
The other trick to learning VMS fast is to know the directory syntax. Instead of #cd
On a side note, stay away from the VMS to Linux HOWTO. It has *very* little helpful info, except for the first few pages that show the related Linux commands.
We're not doing development, just security reviews, so I'm not totally screwed.)
You've got this backwards. Security requires more indepth knowledge of the OS than development. If they've got you doing security reviews for a system you don't know how to use, I'm sure there are a few hundred script kiddies around who'd love to know who you're doing this for.
... and don't use anything thing else until you have learned it.
This may not suit your situation, but I get a box that has no significance to anyone else and try to work out how to do the common things I might do in a normal work day, and if I totally screw the box, it won't matter.
:-) /me ducks and runs
:-)
I spose what I am getting at is once the pressure of breaking something that some one else is relying on is removed, I can discover and learn at my best.
As a secondary, these things may help
- someone who knows and can spare the time for questions they think are dumb
- a good book, or good web site or other reference that someone who you trust to know the OS can recomend.
- Mailing lists, and mailing list archives;
Remember: All OS's do the same thing: Make the hardware useful - but then you did say you were using VMS
-Idiot
(PS: thanks again Jules for getting that Solaris box booting multiuser again
Basically, if you can sit with someone and watch what they do for a good 8 hours, you should get enough of an idea of the main bits you're going to need. A book at night might help you understand what you're doing, but if you need to learn fast, "monkey see, monkey do".
After that, just make sure you're not on any important machine when you start experimenting with your new knowledge, and play around with it.
I've never used VMS, but then again I've never read any books on DOS and (would think) I'm still pretty damn good at the CLI bashing (esp. under NT/2k), so I reckon second hand knowledge is better than any book.
Dan. -- So what if it's spelt wrong, nobody's perfect
Not meaning to flame VMS here, just observing. .
Why such long command names? You'd think they could at least truncate the command DIFFERENCES to something like DIFF (or, if that's too unixy, DIFFS), DIRECTORY to DIR, etc.
Just wondering...
:)
Heard they were bringing in a couple of "highly skilled VMS security consultants" for a security audit. Hell, with four days worth of reading you'll be better than the idiots we have now (at least you've proven you can read...)!
People couldn't type. We realized: Death would eventually take care of this.
I've never used VMS, but after looking through the links people have provided, it looks really weird. I'd admit you don't know anything about VMS, and then buy a few books, and read them. Get access to an older Alpha or VAX, and learn the stuff. Once you learn the basics, everything else should come easy. If I can learn the basics of Unix in a week, you can learn VMS basics in a week.
Of course, I learn a new trick with Unix every day, so you're most likely screwed. Joking...
Slashdot is a waste of time. I enjoy wasting time.
The CLI forces the first few characters of each command to be unique, so you generally don't have to type in the full command names. It's just a good idea to spell them out in full when writing scripts.
Well I'm reading the links below and one that didn't get mentioned kind of suprised me Open VMS documentation.
Anyway VMS security is nothing like Unix security. Oracle or NT security is much closer to the security model. VMS admins don't tend to modify the base systems very much and VMS is very secure by default. So I wouldn't be looking for Linuxy holes like the equivelent of "sendmail" exploits. The real problem you'll have is finding out which users can elevate privledge, and privledges that in combination can give them a great deal of authority.
In my experience the hole that VMS guys tend to miss is this: Unaudited program gives the author the authority of the user running the program. So if Joe submits changes to the "update accounts file" and update accounts runs as a system operator on the production box then Joe has system operator permissions unless someone is checking his code carefully. Unix guys tend to see this as obvious VMS guys tend to miss this since Joe may not officially even have a log in ont he production box.
someone that doesn't know squat about vms, and has 4 days to learn says:
i have no idea how to even respond to that. if taking this job was your idea, i'd suggest to get into som other line of work (like sweeping streets). if someone you work for put you on this project, i suggest you explain to them why this is a bad idea. this may require the help of a large hammer.
Acts@core.mailboks.com Acrux@core.mailboks.com Adam@core.mailboks.com Adar@core.mailboks.com Ada@core.mailboks.com
...that on any decent VMS system,
will start a surprisingly friendly hierarchical help menu on "topic". Or don't specify a topic and just wander around the help tree.
Just as "man man" is a useful command to give to Unix newbies, "HELP HELP" is a good starting point for VMS. My first networked machine was a VMS. When I finally moved to Unix, I was so diappointed in the man pages. "You have to type the whole name of the topic? It can't figure it out? Sheesh..."
Like the tagline goes: VMS is a text-based adventure game. If you win, you get to use Unix.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
You just have to get enough chars to make it unique from any other command. Just like tab-completion. DIFF is not DIR, but DI(FF) will get confused with DI(R).
The reality is you probobly won't learn enough VMS in 4 days to secure it up right. This comes from somebody who spent 4 years with a large vax cluster. VMS is a pretty cool os, and you'll learn enough to use in a few days, but secure something requires you knowing the ins and outs of it, something that only comes with experience.
I know jack about AS/400, I know I could probobly be a proficient user in 4 days, and maybe even a relativly good admin in a few weeks, but to feel like a did a good job securing it would take a lot longer.
This is someplace where it actually is a good idea to pay a consultant a ton of money. Specialized skills (like VMS these days) are hard to come by. A consultant who specializes in vms will have the experience to help.
That is, unless you have a member of your team who knows what they're doing allready. An extra set of eyes with a fresh perspective, and a good understanding of the existing use of the cluster will help the experienced (and maybe slightly complacent) vms guru with his/her job.
Personally I tend to learn things most effectively (and most quickly) by doing. I think most of my colleagues are similar in that regard. I would suggest finding one good introductory source and one good reference source, and then spend as much time at the keyboard as possible. I think that total immersion is the fastest way to learn something.
/. !
Of course, realistically speaking no one is going to gain any significant mastery of something like VMS in just a couple of days. Especially if you're working on a security project where the people you're up against (i.e. blackhats and evil-doers) have probably spent enormous amounts of time uncovering obscure holes and configuration problems.
And, as a previous respondent said, tear yourself away from
First off... I will not be touching machines.
/. is a good suggestion too frankly, but at 3AM I need a break.)
Second, by security reviews... I should have been clearer... not securing the boxes on any kind of code or OS level... if the sys admin isn't doing his job I'll never damn well know. I'll be reviewing security policy. Who has authority to sign off on new user accounts? Has this person signed off on new user accounts? What is the process for notifying the sys admin to remove an account? Has everyone who's departed the company had their account deleted? This is the kind of security review I'm responsible for. I also look at who has the ability to actually walk up to the box. I assess adequacy of the security physically getting into the server room.
I'm not totally stupid. If they wanted me to actually touch a keyboard on a machine who's OS I didn't know - I would tell them to find someone else. (Hell, because of the nature of what I do, I'm reluctant to touch the machines I do know.) I try to learn as much as I can before I go in because that is the way I prefer to work.
There are people in my shop who wouldn't know a shell script from a hollywood script and they can do the same job I do and do it competently. I just like to know as much as I can about the system.
And so far the best suggestions have been to read the online stuff and not sleep... already doing that. (Avoiding
is available here:
http://www.thevax.org/.
It's a free service run by hobbyists.
HTH,
JP
First of all, VMS has a really good built in help facility. Use it.
Second of all, *why* are you going along on this one? There have to be *zillions* of old VMS junkies that are out of work that are very competent at this.
May we never see th
VMS Documentation:
http://www.openvms.compaq.com/doc/
VMS OS Documentation:
http://www.openvms.compaq.com/doc/os731_index.html
Look in particular at "OpenVMS User's Manual" for starters, then "OpenVMS System Manager's Manual", and "OpenVMS Guide to System Security".
VMS security is fairly fine-grained and the OS is pretty secure by default provided people (and processes, eg backups) are granted privileges on the basis of the minimum needed to perform their work, and passwords for the really dangerous accounts are kept under tight control (place I used to work had the password for the all-powerful "system" account in a sealed envelope in a safe). Oh, and if you have physical access to the system console then there are alternative boot modes which can override all the OS protections. They're well-documented.
System Management:
http://www.openvms.compaq.com/openvms/system_manag ement.html - though at first glance this looks to be more a "here are some fine extra products you can buy to help you" page than detailed technical information.
More VMS Documentation:
http://www.openvms.compaq.com/wizard/openvms_faq.h tml
Yet more VMS Documentation:
Type "HELP" at the command line.
Notwithstanding your clarifications of what you'll be doing, good luck.
IMO. Just think of how much time you need to know before beginning to understand how to properly secure a system. People could use Linux for months to do all they need, and still not have a good idea of permissions, daemons and other security elements.
I've never used VMS, but I'm completely sure it's a system with its own quirks, security features and comon configuration errors that result in security problems.
My own opinion is that when possible I'll never get into this situation. I can and do admit I don't know everything, and if possible would try to get out of a situation when I'm pretty sure I won't be helpful. If you can't do that I think you should try to find a guru who'll give you some basic knowledge. But I still think that in 4 days you can't learn much about security.
If you're doing security audits you should be aware that VMS's security and permissions model is significantly different to the average UNIX . It's got proper ACLs, extremely detailed process privileges and quotas (from disk space to page files), installed images, and more I can't remember off the top of my head. So it might be worthwhile hitting the manuals at http://www.openvms.compaq.com/ . The system security manual would be a good place to start.
However, development-wise, the DECWindows debugger is quite good, as are the compilers (though watch out for symbol name lengths on older DEC C compilers).
When it comes to learning one's way around a new OS in general, I've either muddled through over a period of weeks or volunteered ^_^ a mentor onsite and pestered them with hopefully intelligent questions. (Nothing you can find out from the online HELP, in other words.)
-- Proud descendant of semi-nomadic cattle-herders.
With that said and you still feel compelled to do this then hopefully you have a major strength in some other OS (say NT-like OSs). If you know a lot about OSs (in terms of theory) you know that they function pretty much the same way. They operate the system. The ways that they do this may be different, but the same functions must be accomplished. A OS expert can pick up new OSs really quickly because they have a deep understanding of what an OS is suppose to do and how they relate to the computer system. If you are that kind of person, it's just a matter of learning new command keywords and command line syntax. If you are not that kind of person, you would never be successful in securing any operation system VMS or otherwise.
"player 4 hit player 1 with 0 stroms"
Especially UICs... yikes.
This is probably the single best resource now. There used to be a nice little paperback which gave an overview but I doubt it is produced now. I would add that the biggest thing to learn about are users, rights and identifiers.
See my journal, I write things there
The main point is ensuring that accounts can be tied to users (as that is what gets audited) and that unlike Unix, you may have many system administrators with individual accounts. VMS also supports the concept of Security Administrators as separate from the System Administrator.
What you are looking for is documentation on who can do what and who approves it. For various reasons, it is a good idea to keep users or at least their rights identifiers around for a long time, even after users have left. It is better to disable the user until you are certain that their rights identifier is no longer in the system.
As with many systems, an OpenVMS console can be used for breaking into the system. However, it can be secured in such a way that bypassing security is extremely difficult.
See my journal, I write things there
Once you've got them I'd recommend telnetting on over to Manson which mercifully for those of us who don't have access to our own Vax will let you play around with a guest account.
VMS feels a LOT like DOS though. If you're comfortable with DOS you can pick up the basics of VMS in a few hours.
Try installing an emulator at home...then just hack away.
Have you been DaMa9eD today?