And as a zOS Systems Programmer too.
You're 100% correct, but I'll add that it's very difficult to get management to bring in new people and give them the opportunity to learn from people who've had decades of experience in the technology and systems that the business depends on.
In my case I'm coming up on 36 years experience in the mainframe world, and I've got no one to teach my skillset to. As for people not wanting to work in a mainframe environment I've got a few comments that might help change their minds.
1) The mainframe isn't going away anytime soon.
2) Competition for jobs in the field is going to be on the side of the job seeker, not the employer once demand picks up (as we geezers retire) and supply of talent will be lower than for the more sexy IT positions.
3) According to the the free market system, if demand is high and supply low, prices rise. And in this case that means your salary.
Not only InfoSec, most warnings from the people who know up to the people who don't know, but have authority to act, or spend money are just ignored.
Several years ago I told Data Center management that a vital piece of hardware had reached end of life and needed to be replaced else we'd be at risk for a total system outage that might last for days.
They didn't want to spend the $30,000 dollars until they absolutely had to, so they ignored my recommendation. In the end, nothing bad happened, but it very easily could have and we'd have lost revenue in the millions of dollars, just so as not to spend money before they absolutely had to.
I disagree. It's the direct descendant of S/360 and has about 50 years of steady product improvements built in. Malware, running with general user access rights cannot affect system processes in any way, and cannot alter(or read) any memory location that it doesn't have access to. The zSeries hardware, with the operating system is a powerful combination, that Windows and commodity hardware can't touch.
I'm a zOS Operating Systems Programmer with 35+ years experience, and while there have been published security and system integrity patches issued on occasion, Windows has it beat by a mile.
Windows, any version, is architecturally insecure. While it can be patched, you're never going to be able to completely eliminate the insecurities. Does Microsoft have a system integrity statement like this? I highly doubt it.
IBM’s commitment includes design and development practices intended to prevent unauthorized application programs, subsystems, and users from bypassing z/OS security – that is, to prevent them from gaining access, circumventing, disabling, altering, or obtaining control of key z/OS system processes and resources unless allowed by the installation. Specifically, z/OS “System Integrity” is defined as the inability of any program not authorized by a mechanism under the installation’s control to circumvent or disable store or fetch protection, access a resource protected by the z/OS Security Server (RACF®), or obtain control in an authorized state; that is, in supervisor state, with a protection key less than eight (8), or Authorized Program Facility (APF) authorized. In the event that an IBM System Integrity problem is reported, IBM will always take action to resolve it
Real Programmers don't need an IDE to get their jobs done-- they are perfectly happy with a keypunch, a Fortran IV compiler, and a beer.
Think of it as evolution in action.
I'm wondering what's the temperature in the Phlegethon.
Thou shalt not make non-destructive copies of electrons as they pass over the holy Internet.
Great Hitler's Ghost, he's back.
Laws have to change as technology makes them obsolete. That's not to say that people who have an interest in living in the past won't kick, scream and bribe their congress critters, but eventually they'll lose.
From Heinlein's Life-Line;
There has grown up in the minds of certain groups in this country the notion that because a man or corporation has made a profit out of the public for a number of years, the government and the courts are charged with the duty of guaranteeing such profit in the future, even in the face of changing circumstances and contrary to public interest. This strange doctrine is not supported by statute or common law. Neither individuals nor corporations have any right to come into court and ask that the clock of history be stopped, or turned back.
As soon as they automate politics. That's when politicians will ban it.
Now that we know the NSA can intercept and decrypt any message, doesn't it also mean that they can change the message to whatever they want, re-encrypt it, and pull it out in a court of law as evidence?
If they do, or even if they don't, I can now say they did, and they can't prove they didn't.
Have them debug a z/OS StandAlone dump with IPCS. That'll get their juices flowing.
Don't have one. Been asking for years.