AlphaStations UNSECURE!!!!
Christian Kupferschmid
Hi folks
I tried this before but nobody seemed to care about the possability to
crack a AlphaStation within 5 minutes at the console.
Now I try it again.
Is there a possability to prevent users of AlphaStations to gain access
to the single user mode under DEC UNIX?
I set the console environment AUTO_ACTION to RESTART and the BOOT_FLAGS to A
but that's not enought. It is still possible to get to the console prompt
and change these parameters or boot directly into single user mode with the
boot command and the appropriate flags.
Is there a way to disable the operating system to boot into single user
mode or to disable ctrl-p or ctrl-c interrupts at boot time?
This is a topic I'm very concerned about.
Thanks for any comments.
Chris
--
Technical University, HTL Brugg-Windisch, Switzerland
Information Center
HTL Brugg-Windisch |RFC-822: kup...@htl-bw.ch
Kupferschmid Christian |DECnet : 47931259::kupfer
CH-5200 Brugg-Windisch |
Whenever I tell you something this might be the truth,
but sometimes it's not!
Gwyn Evans
: I tried this before but nobody seemed to care about the possability to
: crack a AlphaStation within 5 minutes at the console.
: Now I try it again.
: Is there a possability to prevent users of AlphaStations to gain access
: to the single user mode under DEC UNIX?
: I set the console environment AUTO_ACTION to RESTART and the BOOT_FLAGS to A
: but that's not enought. It is still possible to get to the console prompt
: and change these parameters or boot directly into single user mode with the
: boot command and the appropriate flags.
: Is there a way to disable the operating system to boot into single user
: mode or to disable ctrl-p or ctrl-c interrupts at boot time?
I'm not an expert in this area but isn't it normally accepted that the
first level of security is physical security and if you don't have that,
no manner of security is going to help. Surely if someone's got access
to the console, there's only a limited amount that can be done to stop
them getting to your data? There are going to be some things but it
sounds to me as if you should be looking at some other method of working
that doesn't require you to attempt to secure private data on public
systems.
Gwyn
--
+==========================================================================+
| Gwyn Evans | Gwyn_...@mtits.co.uk | Views expressed and |
| MTI Trading Systems | MAG:BMF DoD #2020 | statements made are |
| Uxbridge, Middlesex, UK | gw...@cix.compulink.co.uk | mine, not MTI's |
+==========================================================================+
Dan Pop
>I tried this before but nobody seemed to care about the possability to
>crack a AlphaStation within 5 minutes at the console.
Could you explain us what is AlphaStation-specific here? If the console
is not kept in a secure place, you can't expect the system to be secure.
>
>Is there a possability to prevent users of AlphaStations to gain access
>to the single user mode under DEC UNIX?
>
>I set the console environment AUTO_ACTION to RESTART and the BOOT_FLAGS to A
>but that's not enought. It is still possible to get to the console prompt
>and change these parameters or boot directly into single user mode with the
>boot command and the appropriate flags.
>
>Is there a way to disable the operating system to boot into single user
>mode or to disable ctrl-p or ctrl-c interrupts at boot time?
I don't think you would want to do this. What happens if someone is
stealing or cracking the root password, then logs in as root and changes the
root password? Or if you simply get the job of system administrator of a
machine with no possibility to be booted in single user mode and with an
unknown root password (the previous sysadmin left without telling it to
anybody).
>This is a topic I'm very concerned about.
Then keep the machine in a secure place. It's as simple as this.
If this cannot be done, make sure that:
1. There are no confidential files stored on the local disks of that
machines.
2. Someone with root access on that machine has no privileges on any
other machine.
You can't have a secure machine kept in an unsecure place. The case locks
can be picked, the discs stolen, the BIOS password of some PC's disabled
by changing the setting of a jumper, etc, etc.
Dan
--
Dan Pop
CERN, CN Division
Email: dan...@mail.cern.ch
Mail: CERN - PPE, Bat. 31 R-004, CH-1211 Geneve 23, Switzerland
Christian Kupferschmid
Thanks for your comments.
Fact is:
1. Machines like the AlphaStation 200 4/166 can't be locked in some
room and nobody has access to it because this machines are installed
to be used and I cannot stay behind every workstation and watch the users
whether they try to crack the system.
2. To keep management affordable, systems like this are normally installed
in NIS/YP environment. So if anybody gets root access, he/she can get access
to ALL data exported to that system even if nfs exports with root mapped
to -1. (Just create a user in the local passwd file with the uid and gid of
the desired data)
3. As system manager I choose the root password very carefully to keep the
possability very low that anyone can crack it. Other systems like SUN (I'm
not a fan of SUN) can get a single user shell only with the root password
which is much better than what's under DEC UNIX on a AlphaStation.
I tried to change the /etc/inittab file to start a tty on the console
in single user mode too, but none of my test was successfull. Either the
init process didn't respawn the tty after a ctrl-c or it didn't start
the tty if booted into single user mode (not shut down to single user).
After all comments I got on this topic I guess I have to blame DEC
having released a workstation most of our Computer Science students can
crack after 2 hours in system management class.
I NEED a password protected single user mode console on all AlphaStations
and I think this is a critical point in DIGITALs security concept.
Chris
System- & Networkmanager
Dan Pop
>1. Machines like the AlphaStation 200 4/166 can't be locked in some
>room and nobody has access to it because this machines are installed
>to be used and I cannot stay behind every workstation and watch the users
>whether they try to crack the system.
In such cases, it is common practice to give the users access to the
keyboard and display, but not to the workstation. Otherwise you risk to
have the disk, the memory or other parts stolen. Someone who is open
to stealing data, could be open to stealing hardware, as well.
>2. To keep management affordable, systems like this are normally installed
>in NIS/YP environment. So if anybody gets root access, he/she can get access
>to ALL data exported to that system even if nfs exports with root mapped
>to -1. (Just create a user in the local passwd file with the uid and gid of
>the desired data)
Use AFS instead of NFS and nobody will be able to steal data from a
secure file server, short of stealing the password of the victim, even
if the root account has no password on the workstation.
>3. As system manager I choose the root password very carefully to keep the
>possability very low that anyone can crack it.
Someone might look over your shoulder, while you type it. Or, if you type
it across a network, someone with a network sniffer might get it. It's
extremely difficult to have a secure network in the presence of thieves.
And you don't want to protect your network against the honest users :-)
>After all comments I got on this topic I guess I have to blame DEC
>having released a workstation most of our Computer Science students can
>crack after 2 hours in system management class.
Don't tell them about BOOT -FL S :-)
BTW, do you have PC's on your network? If yes, the security of your NFS
files is an illusion. Anybody can boot Linux from a diskette, disconnect
one workstation and impersonate that workstation (this is needed only if
the files aren't exported to anybody) to access the files using the mechanism
you have already described.
Christian Kupferschmid
Dan Pop <dan...@mail.cern.ch> writes:
>>1. Machines like the AlphaStation 200 4/166 can't be locked in some
>>room and nobody has access to it because this machines are installed
>>to be used and I cannot stay behind every workstation and watch the users
>>whether they try to crack the system.
>In such cases, it is common practice to give the users access to the
>keyboard and display, but not to the workstation. Otherwise you risk to
>have the disk, the memory or other parts stolen. Someone who is open
>to stealing data, could be open to stealing hardware, as well.
I'm terribly sorry to inform you, that a user don't need access to the
box to get to console mode. A certain key combination a startup stops booting
and falls back to console and the user is back in business with the boot
command. Even if I look the box up, cut the power of and back on is no
problem.
Most of my problems would be solved if the single user mode would be
protected with a password or the console can make it impossible to
boot single user mode. Other vendors like HP and SUN have mechanisms
like that. And that way it is at least a little bit harder to get access
to root privileges.
Or just the other way round: Why do I need an operating system with security
feathures like passwords for every users and access protections on files
when everybody sitting at the keyboard can get into single user mode and
disable the root password even if the system is standalone (just to look out
all the security problems on the network). This makes no sense. One should be
able to protect single user mode and the root password in any way. And that's
not possible on the AlphaStation 200 4/166 we got and I think some other
models of that typ too.
Chris
Dan Pop
>Dan Pop <dan...@mail.cern.ch> writes:
>
>>>1. Machines like the AlphaStation 200 4/166 can't be locked in some
>>>room and nobody has access to it because this machines are installed
>>>to be used and I cannot stay behind every workstation and watch the users
>>>whether they try to crack the system.
>
>>In such cases, it is common practice to give the users access to the
>>keyboard and display, but not to the workstation. Otherwise you risk to
>>have the disk, the memory or other parts stolen. Someone who is open
>>to stealing data, could be open to stealing hardware, as well.
>
>I'm terribly sorry to inform you, that a user don't need access to the
>box to get to console mode. A certain key combination a startup stops booting
>and falls back to console and the user is back in business with the boot
>command. Even if I look the box up, cut the power of and back on is no
>problem.
Naive question: how do you cut the power without access to the box?
Gromit
>3. As system manager I choose the root password very carefully to keep the
>not a fan of SUN) can get a single user shell only with the root password
>which is much better than what's under DEC UNIX on a AlphaStation.
Sun secure... hahahahahahahahaahahhhahahhahahahahahahahahahaha.
Tom O'Toole - ecf_...@jhuvms.hcf.jhu.edu - JHUVMS system programmer
**WAKE UP folks! Boycott Net$cape and Micro$oft greed driven proprietary
"enhancements"! BOYCOTT micro$oft network "msn.com", micro$soft money and other
attempts by the micro$oft monopoly to control electronic banking and commerce!**
Peter Mayne
>Most of my problems would be solved if the single user mode would be
>protected with a password or the console can make it impossible to
>boot single user mode. Other vendors like HP and SUN have mechanisms
>like that. And that way it is at least a little bit harder to get access
>to root privileges.
Do the other vendors stop users from removing the battery and/or shorting the
NVRAM to remove the password?
No vendor stops a user from bringing in their own workstation, plugging it in,
and going berserk.
>Or just the other way round: Why do I need an operating system with security
>feathures like passwords for every users and access protections on files
>when everybody sitting at the keyboard can get into single user mode and
>disable the root password even if the system is standalone (just to look out
>all the security problems on the network). This makes no sense. One should be
>able to protect single user mode and the root password in any way. And that's
>not possible on the AlphaStation 200 4/166 we got and I think some other
>models of that typ too.
On the other hand, the Athena model assumes that everyone with a workstation
can give themselves root access (which is perfectly true) and acts
accordingly. Users can make themselves root until they're blue in the face
(the root password is apparently well publicised, but I've forgotten it: an
MIT person might care to tell us), but it doesn't affect network security or
the security of the servers one bit. The best/worst the users can do is
"rm -rf /", and since it takes under 10 minutes to recreate the system, who
cares? In fact, users are encouraged to wipe their systems and rebuild them if
they feel like it. (A site where I work does this: if a piece of software goes
gaga, it's quicker and simpler to wipe the system disk and rebuild it than to
fix the files.)
Depending on the number of workstations you have (HP, SUN, and others as well
as Digital), you might like to look into Athena (or even DECathena).
--
PJDM
Peter Mayne
Digital Equipment Corporation (Australia)
Canberra, ACT
----
These are my opinions, and have nothing to do with Digital.
The truth is out there, but not necessarily in here.
Joseph Huber
kup...@speed.htl-bw.ch (Christian Kupferschmid) writes:
>
>I'm terribly sorry to inform you, that a user don't need access to the
>box to get to console mode. A certain key combination a startup stops booting
>and falls back to console and the user is back in business with the boot
>command. Even if I look the box up, cut the power of and back on is no
>problem.
>protected with a password or the console can make it impossible to
>boot single user mode. Other vendors like HP and SUN have mechanisms
>like that. And that way it is at least a little bit harder to get access
>to root privileges.
I wonder if it is really true, that the "PC-style" Alphas have no secure console
features. All older Alphas (the turbochannel models at least) have a "secure
console" jumper inside the box (physically accessible yes, but one has to remove
disk drives and memory boards to get access to). If this switch is in the ON
position, and a console password is enabled, without the console password
booting is only possible without parameters, i.e. no single user mode.
Check at Your console with HELP for
set password, setenv secure,login
commands. If present, You can make the system rather secure.
The Alpha owners manual should have a chapter on this topic.
--
Joseph "Sepp" Huber, Max-Planck-Institut Physik, Muenchen, Tel. +49 32354344
E-mail: Joseph...@vms.mppmu.mpg.de | HEPnet/SPAN: (13673::) MPICLU::HUBER
Andreas Fassl
>In article <49519j$c...@pluto.htl-bw.ch>, kup...@htl-bw.ch (Christian Kupferschmid) writes...
>>3. As system manager I choose the root password very carefully to keep the
>>possability very low that anyone can crack it. Other systems like SUN (I'm
>>not a fan of SUN) can get a single user shell only with the root password
>>which is much better than what's under DEC UNIX on a AlphaStation.
>Sun secure... hahahahahahahahaahahhhahahhahahahahahahahahahaha.
A good one, tears in my eyes.
Try this on your "secure" sun:
------------
void main() { while (1) fork();}
------------
DISCLAIMER: I am not responsible for the results of this program. It
drives lots of unix systems in a hanging state, forcing the sysop to
reboot the system.
--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ proGIS Softwareentwicklung, Simulationssysteme, Beratung +
+ E-Mail: and...@didymus.rmi.de VOICE: (49) 241 470 67 -0 +
+ FAX: (49) 241 470 67 -29 +
Peter Mayne
>
>kup...@speed.htl-bw.ch (Christian Kupferschmid) writes
>>I'm terribly sorry to inform you, that a user don't need access to the
>>box to get to console mode. A certain key combination a startup stops
booting
>>and falls back to console and the user is back in business with the boot
>>command. Even if I look the box up, cut the power of and back on is no
>>problem.
>
Wall power connection? Building fuse box? Power substation?
Overhead/underground wiring? You'd be amazed how some people who spend a lot
of time and money physically protecting their computers completely forget
about securing the power supplies.
Christian Kupferschmid
Just a summary.
So far it seems that the AlphaStation 200 4/166 and I guess all the other
AlphaStation models (4/100, 4/233. 250 4/266) are exposed to every beginner
hacker even if they are installed standalone, the box looked up, with access
to the power cord or a main power switch.
To me this seems to be very poor, I mean NO security at all.
And DEC wastes a whole page in there User Information Manual about computer
security.
Chris
To and...@didymus.rmi.de (Andreas Fassl). Tell your SUN system manager to
limit the per-user-processes in the kernel. This helps.
--
Senior College of Engineering, Switzerland
André Elbracht
why are you so exited ?
sensitive data will stay on a dedicated server
with no public access, isn't it ?
and the rest - let them use the alpha also as root,
and do every evening an automatic reinstall of the
machine over the net.
if this is not enough, you should have ordered X-terminals .
bye
Mike Iglesias
George Yobst <geo...@selway.umt.edu> wrote:
>Have a janitor pull the power cord to plug in their vacuum cleaner - how else!
Have the janitor plug in a floor scrubber on the same circuit breaker as your
system...
--
Mike Iglesias Internet: igle...@draco.acs.uci.edu
University of California, Irvine phone: (714) 824-6926
Office of Academic Computing FAX: (714) 824-2069
Tim Shoppa
Dan Pop <dan...@mail.cern.ch> wrote:
>kup...@speed.htl-bw.ch (Christian Kupferschmid) writes
>
>>I'm terribly sorry to inform you, that a user don't need access to the
>>box to get to console mode. A certain key combination a startup stops booting
>>and falls back to console and the user is back in business with the boot
>>command. Even if I look the box up, cut the power of and back on is no
>>problem.
>
>Naive question: how do you cut the power without access to the box?
>
Not hard at most installations here in the U.S. Local fire codes
usually require some easy way to cut off power that is readily accesible
to firefighters and the occupants of a building.
Good "computer room" installations usually have
a big red button on the wall that will trip some breakers in a
not easily accesible place; this has the advantage of making it
easy for the power to be shut off in case of emergency, while keeping
it difficult for unauthorized people to turn the breakers back on.
But many installations just have the breakers (or, in the case of my
lab, fuses) under a panel in the hallway. One flick off, one flick
on, and you've just put every machine on the floor through the "120
reset". We see that yet again it comes down to
physical security of the machine and its resources.
One way to get around this (at least for interruptions that are of
rather short duration) is to put the computer on a UPS, but
again many local fire codes require that there be some easy way
to shut off battery backup systems as well, at least in commercial
buildings. Some of the most spectacular phone-exchange fires
have happened when the banks of battery powered electronics could
not be shut off by firefighters, and this has caused many local
fire codes to require easily accesible power cutoffs to just about
all equipment.
Fire codes vary from locality to locality, so the above may not
be true everywhere in the U.S., and I have no idea what happens
outside the U.S.
George Yobst
>>box to get to console mode. A certain key combination a startup stops booting
>>and falls back to console and the user is back in business with the boot
>>command. Even if I look the box up, cut the power of and back on is no
>>problem.
>
>Naive question: how do you cut the power without access to the box?
>
>Dan
Have a janitor pull the power cord to plug in their vacuum cleaner - how else!
George
Yan-Song Chen
: Just a summary.
: So far it seems that the AlphaStation 200 4/166 and I guess all the other
: AlphaStation models (4/100, 4/233. 250 4/266) are exposed to every beginner
: hacker even if they are installed standalone, the box looked up, with access
: to the power cord or a main power switch.
In my opinion, the user who sit in from of the console of a workstation shd
have the right to do anything on the station(not the server) if he wants.
Such kind of security mechanisms are useless since they can not stop the user
from taking the whole computer away.
: To me this seems to be very poor, I mean NO security at all.
: And DEC wastes a whole page in there User Information Manual about computer
: security.
: Chris
: To and...@didymus.rmi.de (Andreas Fassl). Tell your SUN system manager to
: limit the per-user-processes in the kernel. This helps.
: --
: Senior College of Engineering, Switzerland
: Information Center
: HTL Brugg-Windisch |RFC-822: kup...@htl-bw.ch
: Kupferschmid Christian |DECnet : 47931259::kupfer
: CH-5200 Brugg-Windisch |
: Whenever I tell you something this might be the truth,
: but sometimes it's not!
--
yansong chen
--
YC...@uh.edu
D.Webb
>protected with a password or the console can make it impossible to
>boot single user mode. Other vendors like HP and SUN have mechanisms
>like that. And that way it is at least a little bit harder to get access
>to root privileges.
>
asking for a feature which DEC provides.
In my DEC 3000 model 300/300L AXP manual chapter 5 ( I run VMS on it but it can
run Digital UNIX ) is information on setting a password at console mode.
This password restricts what commands a user can type at the console prompt in
particular not allowing any parameters on the boot command unless this password
has been entered.
The password is a 16 character hexadecimal number.
This password is stored in FLASH ROM which can only be changed by following
the procedures in this chapter which include moving a jumper on the system
module.
David Webb
VMS Systems Manager
Middlesex University
Dan Pop
>I absolutely DO agree that a certain amunt of security should be built into
>the machine, in this case a console password.
The trouble with this "solution" is that passwords _are_ lost.
Questions like "I have a second-hand system, but the root password is lost,
help!!!" can be read in any Unix newsgroup.
The real problem is that the wrong approach was chosen in the first place.
When the users cannot be trusted, the worst idea is to build a workstation
network. The right approach is a server or a cluster of servers (kept
in a safe place) and X terminals for the users. The administration costs are
considerably lower and the integrity of the hardware and the data is
insured.
Of course, it's so much easier to blame someone else for your own
mistakes...
Uwe Leinberger GSI Darmstadt
In article <49l95d$h...@masala.cc.uh.edu>, phy...@menudo.uh.edu (Yan-Song Chen) writes:
>Christian Kupferschmid (kup...@htl-bw.ch) wrote:
>
>: Just a summary.
>
>: So far it seems that the AlphaStation 200 4/166 and I guess all the other
>: AlphaStation models (4/100, 4/233. 250 4/266) are exposed to every beginner
>: hacker even if they are installed standalone, the box looked up, with access
>: to the power cord or a main power switch.
>In my opinion, the user who sit in from of the console of a workstation shd
>have the right to do anything on the station(not the server) if he wants.
>Such kind of security mechanisms are useless since they can not stop the user
>from taking the whole computer away.
>
>: To me this seems to be very poor, I mean NO security at all.
>: And DEC wastes a whole page in there User Information Manual about computer
>: security.
do anything he wants. NO WAY!!!
This would bring the absolutely desastrous typical PC-s(h)ituation, where
every idiot thinks he's the knpwledgeable sysmgr and fiddles with congfigs,
installed programms etc all the time, braking things. Then come shedding
tears for help.
No, this would make ANY larger number of machines absolutely unmaintainable
as it is in reality with PCs running m$ crapware.
I absolutely DO agree that a certain amunt of security should be built into
the machine, in this case a console password.
Yes, it's NOT good enough to keep someone knowlegdable and determined from
doing mischieve, no way. But locking away the box does not, either.
As a retired US Army Staff Sergeant doing night watches here always sais:
"Locks are just to keep honest people honest", and a console password
will at least keep 95%+ of the small time want-to-be hackers from messing
things up.
As you saw from the sig, Chris is at a College/Research facility (as I am)
and there it's less a question of really keeping your vital business data
secret (Research usually is done to PUBLISH the results!!!), more a matter
of keeping your systems working as the tools they are.
WITHOUT having to re-invent the wheel every other day, in this case by
correcting all the shit done by self-imposed "experts".
In most college/university/research places some experienced and responsible
members of user groups will have access to a priv'd account to be able to
fix some problems, but these people ussually are experienced and responsible
enough to
-document any changes they make
-diskuss this with the central support personell and
-think twice about what they do, and a third time before the press <ret>
after typing the command......
It's just a matter of saving a hell of a lot of trouble and time to all people
using the machines as a tool for their work!
I agree with Chris that this typical PC feature of not having a console PWD
is not bearable for a machine like this.
Uwe
Yan-Song Chen
: Oh no, the user sitting on front of a WS should NOT have the right to
: do anything he wants. NO WAY!!!
: This would bring the absolutely desastrous typical PC-s(h)ituation, where
: every idiot thinks he's the knpwledgeable sysmgr and fiddles with congfigs,
: installed programms etc all the time, braking things. Then come shedding
: tears for help.
Why some brain damaged sysadms always think they have more knowledge about
the machine than the users? The users always have better knowledge about the
machine than those sysadms. Hire a sysadm for a desktop workstation is totally
waste of money. A person who uses the machine is the best one to manage the
machine, not those sysadms. What they need is a consultant, who can help
them in case they can not figure out how to do that, not a sysadm.
I just talk about the desktop workstations, not larger servers, which need
professional administrator to take care them.
: No, this would make ANY larger number of machines absolutely unmaintainable
: Uwe
--
yansong chen
--
YC...@uh.edu
Uwe Leinberger GSI Darmstadt
In article <951201220...@dxmint.cern.ch>, Dan Pop <dan...@mail.cern.ch> writes:
>leinb...@axp621.gsi.de (Uwe Leinberger GSI Darmstadt) writes:
>
>>the machine, in this case a console password.
>
>Questions like "I have a second-hand system, but the root password is lost,
>help!!!" can be read in any Unix newsgroup.
>
>The real problem is that the wrong approach was chosen in the first place.
>When the users cannot be trusted, the worst idea is to build a workstation
>network. The right approach is a server or a cluster of servers (kept
>in a safe place) and X terminals for the users. The administration costs are
>considerably lower and the integrity of the hardware and the data is
>insured.
>
>Of course, it's so much easier to blame someone else for your own
>mistakes...
>
>Dan
>--
>Dan Pop
>CERN, CN Division
>Email: dan...@mail.cern.ch
>Mail: CERN - PPE, Bat. 31 R-004, CH-1211 Geneve 23, Switzerland
>
Yeah, but Xterms + server means a hell of a lot of investments in netware,
and the cost of a low-end WS is alomost comparable to a Xterm also.
Yes, your way of course does appeal to the old-fashioned
"Computing-Center/Mainframe" blokes who're afraid of being replaced also:
In a environment where you have many people using a few basic apps
working on few large and common datasets (like warehouse, admin, typical
banking, etcpp) this centralized approach does make sense (but probably is
done much faster & cheaper with character-cell type terminals).
And yes, in most of these cases the security(=secrecy) of data is a major
issue.
In a typical research environment like GSI here or CERN it is IMHO much
different:
Here you have typically some small to medium sized groups (1...20) people
working with the same data (and sometimes large amounts, often more or
less sequentially) and I've found in THIS case it's much better to give
every group one (ore a few) Workstations rather than Xterms + central
machines.
In most of these groups you must have some local data management
anyway, install some tape drives and lets say 5+GB or so of disk space to
each of the stations so people can manage/keep their data locally.
This saves a hell of a lot of money in HW. If you look the price of eg. a
250 4/233 plus 5 GB diskspace per user and compare this to a scheme
where you provide same diskspace, total CPU and a Xterm per user in the
other scheme you might be up to a suprise.
OF course, keep the machines all clustered to keep it managable, and keep
a central server for system, installed app's and some backuped disks
where people keep their RESULTS and SOURCES etc., ie the stuff that hurts
when lost. (if one of the local data disks blows, you just re-read the data
from the tape as before).
Data security (in the sense of secrecy) is by far NOT the same issue as above:
All work is done to be published anyway. And then people in research at
institutes like CERN or GSI or SLAC or..... will be quite grown up and
won't play games like "how easy is it to break/bring down the system?"
all the time: They probably stopped doing this when they started to use
computers as tools for their real interesting work (when they where
still undergraduates, things might have been different, if memory serves ;-)
Uwe
Dan Pop
>In a typical research environment like GSI here or CERN it is IMHO much
>different:
A reality check will show that both CERN and DESY have opted for the
workgroup servers + X terminals model for the scientist users.
Uwe Leinberger GSI Darmstadt
They IMHO might have wasted quite a lot of money...
Some groups here also went along his way.
It did the GROUP cost a bit less at the begin, but the INSTITUTE (if you
include computing center bugdet) had to pay more all told. And now, since
groups have to buy scratch disks etc. more and more from their own bugdet
anyway, this does not even really make sense from the group's point of
view in many cases. (Surprisingly experimentalists *seem* to be expected
far more often to buy their own cpu than theoreticians)
Mind you: I'm NOT saying to go for total anarchy, I'm rather saying keep
the servers for the system central, as well as for all the installed
products and the backuped user disks (where people keep all the important
stuff like sources and results etc), but give a WS with scratchdisk-space
and CPU to every desk where people do heavy analysis work. This saves money
since you more or less get an X-Term for free along with the CPU/disk
and it again saves moeny on the network, since you can do most of the heavy
I/O locally in such a scheme. You typically DO run the same data many times
through analysis to get the best result resp. cross-check everything.
(This is even true for raw data often). As long as the machines are
clustered (and here I mean clustered, not just a bunch of NFS cross mounts)
any free CPU is still avilable to eg MC simulations and theoretical
calculations that need CPU, but don't do this much I/O, running in
background on low-priority batch queues and maybe under the control of a
good class scheduler/load leveler. To keep a bit "public" local scratch
space at every machine helps reducing the netload once again.
A more detailed structure including group servers is notwithstanding
my argumentation.
People tend to see only these that are paid from their OWN bugdet,
but tend to forget investments paid from other bugdets. Since all these
investments have to be paid from the very same bugdet of the very same
institute, this is IMHO quite short sighted, no?
And then I sometimes seem to get a whiff of an impression, that maybe some
computing center bosses (who grew up as the God-of-the-Mainframe, ie then
the God-of-Computing) just want to keep everything in a single room under
their control. It also might seem soemtimes that they fear to have their
own bugdet and staff reduced and thus tend to go for central solutions
just to keep themselves important. Sometimes they even re-invent the
mainframe by piling up dozens of WSs in a row of 19" racks behind glass....
IMHO such decisions often include criteria that are quite different than
to gain maximum efficiency (in terms of maximum benefit at minimum OVERALL
costs)...
..but being a mere little physicist I might be wrong on this, just not
getting all the information?
But I keep wondering.
Uwe
Dan Calle
>
> Why some brain damaged sysadms always think they have more knowledge about
> the machine than the users?
Most sysadmins do. If this is not the case, the wrong person was hired.
> The users always have better knowledge about the
> machine than those sysadms.
What planet do you live on? I mean, it does happen occasionally, but where
do you get this "always" business?
> Hire a sysadm for a desktop workstation is totally
> waste of money. A person who uses the machine is the best one to manage the
> machine, not those sysadms.
It's my experience that, very often, the person who uses the machine doesn't
have the time or inclination to bother with all the fixing, upgrading,
maintaining, and general administration usually taken care of by a sysadmin.
> What they need is a consultant, who can help
> them in case they can not figure out how to do that, not a sysadm.
Sometimes you need a consultant, and sometimes a sysadmin. Often some kind
of MIS department performs both functions, general adminstration of a large
number of desktop workstations, and consultation when users need spot-help.
> I just talk about the desktop workstations, not larger servers, which need
> professional administrator to take care them.
If you have an office full of programmers, maybe they should all admin their
own machines, if they want to. If you have a department of scientists,
usually they'd prefer having someone expert at the task make sure that their
workstations stay up and running and are outfitted with the best software
and peripherals to do what the scientists want them to do.
--
Dan Calle Senior, Computer Science and Mathematics, Virginia Tech
Assistant Administrator: acm.vt.edu
Email: d...@vt.edu Online: dca...@lucifer.bevc.blacksburg.va.us
Web Page: http://lucifer.bevc.blacksburg.va.us/ Finger for Geek Code.
Al Herb
I hate to start with this but my own son attends VA Tech (but not as a CS
major). I personally have been involved with the CS field for over 30
years and was, at one time, a real UNIX advocate...that is until other
folks and myself such as MIT began to realize that supporting UNIX will
quite rapidly outstrip a University's ability once gone distributed.
At the end of my son's 1st year at VT, I was standing across the street
from the dorms awaiting my son's arrival with all his belongings. What I
see is a sea of kids carrying PCs. Maybe a lot were running Solaris but I
doubt it. The point to be made is that the next generation workforce will
be PC literate and *not* needing a consultant or sysadmind...unless of
course it's a UNIX environment and there's literally no choice.
> It's my experience that, very often, the person who uses the machine doesn't
> have the time or inclination to bother with all the fixing, upgrading,
> maintaining, and general administration usually taken care of by a sysadmin.
I can't resist this! It's my point exactly. The sysadmin's job will be
deminished once the end user regains control of being capable of providing
his/her own support.
--
Furlough: Paying someone for something you can't afford to pay them to come to work to do.
Uwe Leinberger GSI Darmstadt
>I hate to start with this but my own son attends VA Tech (but not as a CS
>major). I personally have been involved with the CS field for over 30
>years and was, at one time, a real UNIX advocate...that is until other
>folks and myself such as MIT began to realize that supporting UNIX will
>quite rapidly outstrip a University's ability once gone distributed.
>
>At the end of my son's 1st year at VT, I was standing across the street
>from the dorms awaiting my son's arrival with all his belongings. What I
>see is a sea of kids carrying PCs. Maybe a lot were running Solaris but I
>doubt it. The point to be made is that the next generation workforce will
>be PC literate and *not* needing a consultant or sysadmind...unless of
>course it's a UNIX environment and there's literally no choice.
>
>> It's my experience that, very often, the person who uses the machine doesn't
>> have the time or inclination to bother with all the fixing, upgrading,
>> maintaining, and general administration usually taken care of by a sysadmin.
>
>I can't resist this! It's my point exactly. The sysadmin's job will be
>deminished once the end user regains control of being capable of providing
>his/her own support.
>
are just toys, and in most cases would be better replaced by a few binders
and plain paper anyway.....
What you say above about maintenance of a distributed UNIX environment is
quite true (there's hardly a way to make such a environment as managable
as a real Cluster a la VMS), but it's even more true for PC's.
As long as every single user just carries his own little toy for just and
only his own little fun, you don't have a problem. This is VERY different,
however, if you want to do some real WORK in organized, controlled manner.
This is about the same as some years back the difference of a bunch of
students carrying their individual class notes around (these they could
manage alone, of course) and the files circulating around in a insurance
company or government departmen: There of course MUST be a well organized
and maintained system!
So PLEASE stop comparing WORK and TOOLS with GAMES and TOYS!
Uwe
Al Herb
(Uwe Leinberger GSI Darmstadt) wrote:
> You're talking about TOYS, not TOOLS. All these PC's the kids carry around
> are just toys, and in most cases would be better replaced by a few binders
> and plain paper anyway.....
But add the dictionary, encylopedia, slide rule, table of elements, etc.
and the load gets rather burdensome.
>
> What you say above about maintenance of a distributed UNIX environment is
> quite true (there's hardly a way to make such a environment as managable
> as a real Cluster a la VMS), but it's even more true for PC's.
>
There is a way. It's called Athena born out of MIT. Folks there saw the
management problem coming before they went to distributed computing.
> As long as every single user just carries his own little toy for just and
> only his own little fun, you don't have a problem. This is VERY different,
> however, if you want to do some real WORK in organized, controlled manner.
> This is about the same as some years back the difference of a bunch of
> students carrying their individual class notes around (these they could
> manage alone, of course) and the files circulating around in a insurance
> company or government departmen: There of course MUST be a well organized
> and maintained system!
>
>
The "TOY and GAMES" as you put it is but a piece of a (theoretical)
distributed client/server "system"...but a very important piece. Let it be
managed by the user if they are able. The server (WORK and TOOLS) will
still require the support of a sys/admin. We just won't need as many of
them.
> So PLEASE stop comparing WORK and TOOLS with GAMES and TOYS!
There! I distinquished the two.
Gromit
>Why some brain damaged sysadms always think they have more knowledge about
>machine than those sysadms.
Puhlease..., the users click on icons, do they know what happens behind the
scenes? Have you ever been called in to fix a problem having no idea
what had been done by who knows how many people? You know how much time
is wasted? First of all the actual end user, 89 cases out of 100, is UTTERLY
without clue. They haven't even the knowledge or desire ('just FIX it so I can
get back into email') to make a comprehensible problem description, so you have
to play twenty questions for an hour. Now we have these unmanaged systems using
any number of distributed server systems, the client setups for which have been
done by any number of different people/departments with no central
documentation... We are talking disASTer!
>Hire a sysadm for a desktop workstation is totally
>waste of money.
Having a bunch of unmanaged desktop systems is the BIGGEST waste of money in
the long run, but that's what bill gates gave us and that is what's bought.
It's totally penny wise pound foolish but was sold by the boatload to out of
touch executives and now we are stuck with it.
>A person who uses the machine is the best one to manage the
>machine, not those sysadms.
Laughably false, unless they have the proper experience and training, which
of course management is not willing to provide. Ideally they should just be
clones of some client image downloaded from a server which is centrally
managed and unfuckwithable thereafter.
>I just talk about the desktop workstations, not larger servers, which need
>professional administrator to take care them.
If they are to work on the network in a client/server relationship, they need to
be managed with the same level of care, otherwise it leads to the aformentioned
scenario.
Dan Calle
>
> I hate to start with this but my own son attends VA Tech (but not as a CS
> major).
> At the end of my son's 1st year at VT, I was standing across the street
> from the dorms awaiting my son's arrival with all his belongings. What I
> see is a sea of kids carrying PCs. Maybe a lot were running Solaris but I
> doubt it. The point to be made is that the next generation workforce will
> be PC literate and *not* needing a consultant or sysadmind...unless of
> course it's a UNIX environment and there's literally no choice.
Not that I completely disagree with your point but allow me to make my own:
the *CS* majors at VT all have Unix boxes. It varies from year to year;
this year, incoming freshmen bought IBM PCs with FreeBSD, last year (the
year I transferred in) it was DEC 3000/300LX Alphas with OSF/1, the year
before, it was DECstation 5000/2x machines with Ultrix, and so on. I fault
the department for not being able to settle on a system but I like their
choice of OS. If a Tech CS major with a non-PC buys a second computer (we
are computer geeks after all, :-) ) it's typically a PC and you can bet
that it will have at least one partition that contains an OS not written by
Microsoft.
Hmmm...I just reread your point above and I've decided that I *do* disagree
completely. I'm but a lowly undergrad and you've said you have over 30
years of experience in the CS field but it seems to me that you're living in
a dream world if you think that because the next generation workforce will
PC literate (how literate is another discussion entirely), they won't be
needing consultants or sysadmins. The software crisis is *not* over and
years of work have *not* refined software engineering to the point where it
can be used to write powerful, flexible, bug-free, completely interoperable
software. I have no degrees in SE, but I think that if someone had come up
with a decent solution to this problem, I would have heard about it (no, OOP
does not count as a solution, though it is a step in the right direction).
So until the situation changes, software companies will continue to right
code that is powerful and flexible, but not bug-free or completely
interoperable.
Hell, your point is that the next generation workforce will be PC-literate -
that means primarily DOS/Windows right? You think that the state of the
Wintel PC art in interoperability will free users from the need for
sysadmins and consultants? We're talking Windows 95 Plug 'n Play here - in
other words, don't make me laugh.
> In article <30C1AE...@vt.edu>, Dan Calle <d...@vt.edu> wrote:
>
> > It's my experience that, very often, the person who uses the machine doesn't
> > have the time or inclination to bother with all the fixing, upgrading,
> > maintaining, and general administration usually taken care of by a sysadmin.
>
> I can't resist this! It's my point exactly. The sysadmin's job will be
> deminished once the end user regains control of being capable of providing
> his/her own support.
And why do you think that this is going to happen any time soon? But even
if it did, you miss my point. Let's say that Be Inc.'s BeOS (in case you
haven't heard of it, it's a brand new OS with none of the backwards
compatibility hangups that MacOS, DOS/Windows, and UNIX have to deal with)
running on BeBoxes takes the market by storm and pushes Microsoft and Intel
into niche markets (yeah right, but for the sake of the argument...) and is
so wonderful and easy to use in its final form that end-users will be
capable of providing their own support. Mostly they won't. They're not all
computer geeks like me - they don't all love fiddling with computers - they
don't all love installing software, learning about networks, installing
hardware, or any of that stuff that computer geeks like doing. Their
company will still pay computer geeks to do that for them, just as they
always have. Remember, I'm still speaking of a workplace environment, not
home.
Gromit
>I can't resist this! It's my point exactly. The sysadmin's job will be
>deminished once the end user regains control of being capable of providing
>his/her own support.
We have been told this was going to happen for ten years. In some environments,
I agree it's appropriate, but in some not. As long as they can support
themselves, the more power to 'em. If they want to change a bunch of
things they should own the problems that result. That's not too much to ask,
but I don't see a whole lot of it happening... The worst thing we have here
is people getting apps. and configuration from here there and everywhere, with
no communication between these providers.
Andreas Fassl
>Uwe Leinberger GSI Darmstadt (leinb...@axp621.gsi.de) wrote:
>: Oh no, the user sitting on front of a WS should NOT have the right to
>: do anything he wants. NO WAY!!!
>: This would bring the absolutely desastrous typical PC-s(h)ituation, where
>: tears for help.
>Why some brain damaged sysadms always think they have more knowledge about
>the machine than the users? The users always have better knowledge about the
This situation is the reason #1 for the return of openVMS or any other
high security OS.
Please don't flame me if you haven't first read the DEC manual about security
concepts or the VMS system manager manual from Harry flowers.
Security breaches can be done by:
- physical access: via network, unlocked computer rooms, easy access to the
machine, etc. For example it is very easy to connect a external hard drive
to any system via the SCSI bus and boot this drive with your own system.
- security holes in the software, I just mention the never ending story of
the mail software security blackouts on unix systems.
- security holes caused by several components together. Software A is "secure",
software B is "secure", both together are causing a security breach.
- missing security site policy
This is the best strategy to avoid (or lower the risk) of site attacks.
So, the whole thread shows only parts of the problem.
In general, computers can't be "secure". Same problem is valid for file cabinets,
locker rooms, vaults, etc. If the (criminal) energy is high enough, you will
get in.
Regards Andreas
Stephen Hoffman
In article <491pla$f...@pluto.htl-bw.ch>, kup...@htl-bw.ch (Christian Kupferschmid) writes:
:I tried this before but nobody seemed to care about the possability to
:crack a AlphaStation within 5 minutes at the console.
With console access, one can crack into most any system -- that
capability is what makes a console, a console.
The best solution at present is make the policy clear to all system
users, and to immediately fire, "space" or expell all offenders.
(This is not a direct solution. However, a policy such as this
should/must be in place independent of any system security.)
Your previous message on "sport cracking" was noted internally (in
fact, by me), and folks here at Digital are looking into this situation.
(You have not mentioned which particular AlphaStations are involved,
however.) I'm not presently in a position to comment on when (or, of
course, if) a password-protected AlphaStation console will be available.
------------------------------ Opinionative -------------------------------
Stephen Hoffman OpenVMS Engineering hof...@xdelta.enet.dec.com
Insunt interdum menda in eo quod est efficax
---------------------------------------------------------------------------
Andreas Fassl
>Yan-Song Chen wrote:
>>
>> Why some brain damaged sysadms always think they have more knowledge about
>> the machine than the users?
>Most sysadmins do. If this is not the case, the wrong person was hired.
>> The users always have better knowledge about the
>> machine than those sysadms.
>What planet do you live on? I mean, it does happen occasionally, but where
>do you get this "always" business?
>> Hire a sysadm for a desktop workstation is totally
>> waste of money. A person who uses the machine is the best one to manage the
>> machine, not those sysadms.
>It's my experience that, very often, the person who uses the machine doesn't
>have the time or inclination to bother with all the fixing, upgrading,
>maintaining, and general administration usually taken care of by a sysadmin.
Lets make a little calculation.
If a workstation user has one question per day needing the sysadmin attention,
if the question needs 5 minutes to answer or 20 minutes to fix if he has to
come along = 12 minutes mean value.
10 users = 120 minutes
50 users = 600 minutes (ah, overtime)
Andreas Fassl
>Yeah, but Xterms + server means a hell of a lot of investments in netware,
>and the cost of a low-end WS is alomost comparable to a Xterm also.
Not correct.
>Yes, your way of course does appeal to the old-fashioned
>"Computing-Center/Mainframe" blokes who're afraid of being replaced also:
And the road goes back to this configuration. No Client/Server. Back to
Big turbo laser with lots of X Terminals. (For example)
>Data security (in the sense of secrecy) is by far NOT the same issue as above:
>All work is done to be published anyway. And then people in research at
>institutes like CERN or GSI or SLAC or..... will be quite grown up and
>won't play games like "how easy is it to break/bring down the system?"
>all the time: They probably stopped doing this when they started to use
>computers as tools for their real interesting work (when they where
>still undergraduates, things might have been different, if memory serves ;-)
That is the typical point of view for people in research institutes. You
will never be confronted with real life in this warm corners not doing "real
work". (Don't take it personal, I know, there is sometimes a lot of work
to be done)
So, if you want to work -> workstation, if you want to play -> playstation.:-)
In many companies, the sysadmins job is to
- prevent people from playing games on the system.
(Example: I worked for an acedemic institute in 1983 on a VAX 11/780. Great
system, and one great game: -> space invaders on a VT100. It was programmed
very tricky and so the game process ate in average about 33% of CPU time.
The sysadmin was always on the hunt to find the hidden images.)
- prevent people from wasting disk space
(Example: The normal user "ALL" tends not to clean up his directory. This
can be tackled by a quota scheme, but on very large sites this is not a
real solution.)
- prevent people from sniffing around in other user areas
(Example: Hey, lets look in the mail in-box of our cute and nice secretary)
- prevent people from sabotage
(Example: It is especially with Unix boxes no problem, to crash even under
a low-priv account the entire system. Some people do this to get an extra
break. Or think of mobbing, just deleting the day work of a hated collegue)
- prevent people from taking things away
(Example: It is a big problem in companies that people open the CPU container
and remove some of the build-in SIMMs. It takes a time, that the user of
the system realizes the missing 8 from 16 MB. Or 32 of 64 MB on workstation.
With kind regards
Andreas Fassl
root
:
: Just a summary.
:
: So far it seems that the AlphaStation 200 4/166 and I guess all the other
: AlphaStation models (4/100, 4/233. 250 4/266) are exposed to every beginner
: hacker even if they are installed standalone, the box looked up, with access
: to the power cord or a main power switch.
: And DEC wastes a whole page in there User Information Manual about computer
: security.
:
: Chris
If you have physical access to the console whats to keep you from
mounting mounting the hard drive on say a linux portable and changing the
file system to your hearts content????
You need physical security before anything else.
--
Bill Broadley Broa...@math.ucdavis.edu UCD Math Sys-Admin
Linux is great. http://ucdmath.ucdavis.edu/~broadley PGP-ok
Yan-Song Chen
: In many companies, the sysadmins job is to
Those companies should hire syspolices instead of sysadmins.
: - prevent people from playing games on the system.
: With kind regards
--
yansong chen
--
YC...@uh.edu
Uwe Leinberger GSI Darmstadt
fooling around with theses systems.......
....judging by all your really unreasonable ranting against any rules on
a system maybe you got caught and fired???(and that then would have been
just one more case where the sysmgr was cleverer, eh?)
Uwe