On Wed, Dec 6, 2017 at 6:49 PM, David Wright <deb...@lionunicorn.co.uk>
wrote:

> On Wed 06 Dec 2017 at 15:25:10 (-0800), James H. H. Lampert wrote:
>
> > Now, now, you walk up to the physical console on an AS/400, you're
> > not going to be able to do a PWRDWNSYS from a sign-on screen, nor
> > can do it if signed on as a user who doesn't have sufficient
> > authority to do a PWRDWNSYS. And you might be physically locked out
> > of the front panel. It's even possible that you might be physically
> > interdicted from unplugging the box, or shutting it down from the
> > circuit breaker panel.
>
> With the Cambridge University computing service in the days of the
> 370/165, the cut-off switch was high on the wall in the "cafeteria"
> area (self-service card reader and line printer) which was open to
> users 24 hours a day.


As a former system admin for a university's 370/158 (yes, in the Jurassic),
all I can
say is, wow. That really wouldn't work in an American university (big
surprise there...).
None of that stuff was anywhere near a normal human being where I worked.


> > Not every OS assumes by default that anybody with physical access to
> > the hardware also has the authority to shut it down.
>
> I didn't know we were talking about authority. One of the pastimes
> of kids in rough neighbourhoods is to pull the Engine Stop lever
> while a bus is picking up passengers.


And here they steal the conductors' keys on the subway and open the doors
in mid-trip.
So, we don't have conductors anymore, not for years. That's the American
solution.

But no one has picked-up the man's point: We deploy these machines as
servers, thousands
of them. This is desktop stuff that doesn't belong there, has no function
there. If we're going
to deploy these machines, why can't the manufacturers get a real, solid
clue about physical
security of the hardware? If the mainframes could do it 35 years ago why
can't it be done
today with smaller, discrete servers? Answer: It can be, but the
manufacturers value their
profit margin over your safety.

And, well, it must be said: An AS/400 is no mainframe, it's a mini....Sorry
dude ;-)

Reply via email to