Re: Change to Patch services effective September 18, 2010

Ian Miller. · ‎08-19-2010

If you jump straight to this forum you may not have seen the important note on the itrc front page.

I reproduce it here for your information. I have no answers.

Important note: As of September 18 (or shortly thereafter), HP will institute a change in the way that Patch services are accessed. Beginning at that time, Patch access will be through the ITRC support portal. You need to have a valid ITRC user ID and password and will now also need an active HP support agreement that includes Software Updates linked to your ITRC profile to access Patch content and services. We urge you to review your current support coverage now to ensure you have valid coverage and can maintain uninterrupted access to Patch. To obtain support coverage, please contact your local HP office or representative or visit http://www.hp.com/go/contacthp access HP via Chat or phone. For more information, please read the FAQs at this link.
http://www.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c02476621

____________________
Purely Personal Opinion

Rob Leadbeater · ‎08-19-2010

Hi Ian,

If you subscribe to HP's "Technology at Work Alerts" this information was also emailed out early this morning...

My initial reaction was, along the lines of "understandable", but I then got thinking about how long it takes HP to sort out support agreements.

In my experience this is usually a protracted experience that takes months, because few people within HP actually understand their own support offerings.

I suspect only giving people a month is somewhat shortsighted...

Regards,

Rob

Jan van den Ende · ‎08-19-2010

Hi Ian,

Any ideas (or info) what that means for the Hobbyist Program? Is that somehow considered as a support contract, or are we simply F**d?

Proost.

Have one on me.

jpe

Don't rust yours pelled jacker to fine doll missed aches.

Ian Miller. · ‎08-19-2010

Patch access for hobbyists is one of the as yet unresolved questions.

____________________
Purely Personal Opinion

Brian Reiter · ‎08-19-2010

Its going to be less than fun for those of us without support contracts. Don't ask me why we don't have a support contract, its out of my hands.

Steven Schweda · ‎08-19-2010

> Patch access for hobbyists is one of the as
> yet unresolved questions.

If it stays unresolved, then I expect to
begin migrating my primary computing
environment away from VMS fairly soon.

I sent a query into an "HP AllianceONE
Partner Program" (DSPP?) Web form, asking if
that program had anything to offer to a
lowly non-commercial peon like me. No reply
yet, but it hasn't been a whole day. Past
experience along those lines doesn't lead me
to expect much, but I'm always open to a
pleasant surprise.

Rob Leadbeater · ‎08-19-2010

@Brian: Don't ask me why we don't have a support contract

You won't be alone.

When we went through our last renewal, the base price had gone up by around 15%, which is a substantial chunk of cash on a 6 figure contract.

For the yearly maintenance price (sw and hw) of a GS160 I reckon I could buy two second user boxes for spares - and why should I bother paying for software support, when I've not logged a support call in years...

Cheers,

Rob

Brad McCusker · ‎08-19-2010

We're also going to be asking DSPP (or whatever it's called these days). We get our licenses for our development machines through DSPP, I hope they have a way to allow us to stay current with patches.

If anyone sees/hears what DSPP will do, please share with this forum.

Brad McCusker
Software Concepts International
www.sciinc.com

Brad McCusker
Software Concepts International

David R. Lennon · ‎08-19-2010

Hi,

I'm really ticked off at this for several reasons.

I'm one of those described in the "faq" for this change that devoted considerable effort to develop a "script" DCL command procedure that compares the patches on the current system with what is on the ftp site and downloads the ones needed, etc. How about a supported way to automate this natively on OpenVMS? This is even easy on MS Windows with Microsoft Update.

So now we have to login (most likely using another operating system's web browser) and individually download each patch then transfer them to our VMS system.

I'm also a hobbyist at home, so I have those access issues as well.

It seems to me if there is a defect (bug) in an operating system they sold, any patches to that o/s should be free. The LMF is there to make sure the o/s is "legal" right?

This can't be costing them much to maintain files on a ftp site. Maybe I don't understand their real reason for doing this, other than inconveniencing their customers...

I've asked our company's CIO to complain to our HP salesperson about this. Does anyone know a more direct person at HP to contact about this issue?

Thanks,
Dave

John Gillings · ‎08-19-2010

No doubt about it, HP hasn't changed ;-)

Decree from on high "do this NOW!". Act immediately, and then discover all the unanticipated fallout, and leave it to the worker bees to clean up the mess.

More than 17 levels of management to insulate those who make the decisions from having the slightest clue about what happens down where the real action occurs. More often than not it would only have taken a 5 minute conversation which someone familiar with the mechanisms (maybe even, shock horror, with a *customer*!?, what a concept!) to realise the flaws in the plan, such as those immediately raised here.

The only saving grace is that the people at the bottom level who have to actually DO all this stuff are exceptionally good at insulating customers from ill-conceived bozo decisions from on high.

It will be sorted out in the end, but it may take a while.

Aren't giant multinational corporations fun?

A crucible of informative mistakes

labadie_1 · ‎08-20-2010

Steven said

>>>If it stays unresolved, then I expect to
begin migrating my primary computing
environment away from VMS fairly soon.

If the bright idea was to kill VMS, I think this will be a complete success.

Roger_Fraser · ‎08-20-2010

"It seems to me if there is a defect (bug) in an operating system they sold, any patches to that o/s should be free. The LMF is there to make sure the o/s is "legal" right?"

Well said!

Also not being able to download from the FTP site will slow things down considerably.

Brian Reiter · ‎08-20-2010

At the moment, a support contract (if we had one) would be the first thing to go in terms of trying to save costs etc. (something our customers are very keen on).

It'll be interesting to see what would happen if some kind of horrendous failure could be pinned on the lack of upto date patches. The clash between a government and HP could be interesting (as long as you're not in the middle).

Given the we've already stumped up quite a lot of cash for the software and license, why shouldn't we qualify for patch support? After all microsoft do it without any kind of yearly fee.

Robert Atkinson · ‎08-20-2010

Perhaps they'll bring out SWA for VMS :-

http://h71028.www7.hp.com/enterprise/w1/en/os/hpux11i-system-management-software-assistant.html?jumpid=ex_r1533_w1/en/large/tsg/go_swa

Steve Reece_3 · ‎08-20-2010

To find the patches, there's already the Point Secure Patch Analyzer. That doesn't help to download them though.

Patch Analyzer is free too...

Ian Miller. · ‎08-20-2010

how does Patch Analyzer discover what patches are available and will it work after this change?

Do contact your HP account manager or other suitable person about this change.
Note this change affects all HP OS, not just OpenVMS.

____________________
Purely Personal Opinion

Doug Phillips · ‎08-20-2010

Are they going to add fine print to the sales agreement that says: "All software is sold and licensed 'as is' and we do not promise that anything will work according to its description and specifications." ??

I understand requiring a support agreement for updates: new features and new hardware support.

Patches to correct problems of safety (security) and non-conformance must be provided at no additional cost to lawful licensees.

IANAL but I hope HP has consulted their legal department. Of course, they might have been told 'Well, if a licensee complains too loudly, just give them the bug-patch. No one's going to spend the money to take us to court.'

So, given two competing software support models to choose from:

1) The model used by the most successful software company to ever exist and those successfully competing with that company.

2) The model used by organizations who have failed to compete with those following model #1.

HP chooses the model proven by history to be unsuccessful.

Richard Jordan · ‎08-20-2010

I posted my responses over on C.O.V. I also sent a message to the interim CEO via Hurd's link, and I'm working on notes to the board as well. This is a very bad decision on HP's part and it will negatively impact our remaining small (Open)VMS customers (and therefore us as well).

These customers do not have software contracts; they stay at the most recent version they had when either their initial contract expired, or what came on the system, but the patches have been critical on numerous occasions. When they upgrade its because they are buying a newer system, often an architecture change (our last VAX customer, a tiny shop, is prepping for an upgrade to an AlphaServer, and we've upgraded three Alpha sites to Itaniums). HP still gets the money, and most of them still have hardware support with HP, but the apps and programs are pretty static, and we haven't needed to place a software support call in many many years (2003 I think was the last one).

Not being able to get patches for the current customers, suddenly requiring a significant additional expense in order to correct flaws and problems in static version of VMS is a seriously big issue. I have NO doubt at all that it will drive some of them to make their next move off of VMS (the microsoft fanboys in the office are already champing at the bits).

Of course HP (and Compaq before) have been working for years to make the small VMS customers (and resellers, who were blown off shortly after the Compaq buyout) just go away so this is pretty much in line with their previous actions.

I'll also add... the recent huge changes in VMS engineering staffing and VMS support, and the exceptionally buggy nature of the V8.4 release (feels more like a .0 in many ways), makes the timing of this exceptionally unpleasant.

Dennis Handly · ‎08-20-2010

>Dave: This can't be costing them much to maintain files on a ftp site.

I assume ftp sites don't allow them to check for a support contract.

>Doug: Patches to correct problems of safety (security)

Patches for security will still be available.

Craig A Berry · ‎08-21-2010

Dennis> Patches for security will still be available.

There is no indication of that in the announcement nor in the associated FAQ, so anyone making plans based on official statements will have to assume this is NOT the case.

Even if it does turn out to be the case, there's not always a clear distinction between security patches and other patches. For example, the confusingly enumerated "hp SSL V1.4 for OpenVMS" which is "Based on OpenSSL 0.9.8h" fixes a bunch of CVEs, but it was released as a regular patch, not a MUP.

Also, the implication that security is somehow a cordoned off and independent area from overall system reliability is quaint but simply wrong in this day and age. For example, search for the word "crash" in any of the recent RMS, or FIBRE_SCSI, or SYS update kits. Each of these describes a fix for an arcane and unusual set of circumstances under which something went terribly wrong. If those circumstances can happen by accident, then some of them can probably be made to happen on purpose and thus represent potential attack vectors. People without support contracts will be more vulnerable.

While my company does have a support agreement, this change still affects me because it makes the most difficult-to-use method for finding out what patches are available the only method. For example, Jim Duff's patch syndication at <> will stop working if the ftp site is shut down. It's unclear whether PointSecure's tool will continue to work. It's already a rather byzantine manual process to figure out what patches are available, what patches one already has, what the dependencies are, and so on. This adds one more hurdle.

The FAQ linked from the announcement says, "This change brings HP in alignment with accepted industry practices for software patch delivery." That's simply a false statement and damages HP's credibility. No other vendor we deal with has anything like it. There is only one HP badge in our entire data center: a solitary OpenVMS system. There is already a perception that HP is too difficult to deal with and OpenVMS is too different from our other systems. This just fuels that perception.

Willem Grooters · ‎08-21-2010

Q: Why is HP making this change?
A: This change brings HP in alignment with accepted industry practices for software patch delivery ....

Alignmant fault.

Accepted Industry practice is:
* Got a license? you can get updates for free (Microsoft, numerous software vendors
* Totally free for everyone (Linux distributions).

So quite the opposite.

Willem

Willem Grooters
OpenVMS Developer & System Manager

Paul Jerrom · ‎08-22-2010

The most annoying thing as far as I am concerned is the removal of FTP support. I support sites where I simply do not have browser/PC access - so I cannot download patches to a PC and FTP them onto the VMS server. So now I'll have to burn a CD somehow and travel to site. What a backward step.

Have fun,

Peejay
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If it can't be done with a VT220, who needs it?

Doug Phillips · ‎08-23-2010

> ...burn a CD...

Or, download the patches to someplace that you can FTP into;

Or, push them to the VMS sites using whatever remote connection tool you have there.

At some remote sites, FTP is not running and I use Reflection or Kermit to upload files to them. PITA, but better than traveling around the country or doing a bunch of mailings.

The Brit · ‎08-23-2010

My personal gripe about taking away the FTP functionality is that I will have to pass the patches through some other system instead of dropping them directly onto my OpenVMS system.

One has to conclude that the rumoured "death wish" of HP towards OpenVMS may be more than just a rumour.

Dave.

Ian Miller. · ‎08-23-2010

I wonder if something creative could be done with wget to fetch the kits.

____________________
Purely Personal Opinion

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Change to Patch services effective September 18, 2010

Change to Patch services effective September 18, 2010