[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "3 fingers"



-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 4 May 1998, Bob Beck wrote:

> > Though often if the machine becomes unusable, its handy to be able to tell
> > a Network Operations Center lad to do that instead of you giving out root
> > passwords on production servers.  

> 	If the machine is unusable you usually need to have them hit
> the reset button anyway. You do on most non-intel hardware, which at

If the machine is really dead.  Our intel servers are FreeBSD.  They don't
seem to have any problems accepting a control-alt-delete even if the
machine is dead to the outside.  I don't like driving into work at 3am
because a server is dead unless I have to.  We don't have serial console
logins via a Portmaster yet on all of our intel servers, so I like being
able to at least reboot the machine in a nicer manner than something akin
to unplugging it.

And on "non intel" hardware like a Sun, stop-a will let me do some things
nicely.  I can serial console from home on our Suns running Solaris.

> don't bother trying to explain vulcan nerve pinch sequences to NOC
> gerbils because they differ from platform to platform and from os to

heh.  sounds like we share some staff$#@%

> 	If the machine's not dead, it's much easier to explain "sudo
> reboot" which I can make work on anything remotely 'nix like than it
> is to explain where reset buttons or vulcan nerve pinch and boot
> commands on many different beasties.

as long as they have accounts on the machine, true.  i have given out OTP
before on a machine at console.
 
> 	Nevertheless, I don't really care if it's there or not - to me
> if they have physical access to the CPU it don't matter much. If the
> feature were there I'd want to be able to disable it for places like
> public labs, etc. just to keep the unclued masses from using it
> stupidly.

true enough.  but my servers are locked up in a node room.  (and the
machine i'm sending this email from is locked in my office under my desk)
but its not like noc people are walking around rebooting machines.  not if
they like working here and walking.

i think there is a big "for this" and "against this" thing going on.
perhaps it should be an option, then you don't have to enable it, and i
don't have to live without it.

neither one of us is going to convince the other that one way is better
than the other.  in my environment it works well and i like it.  i'd like
to have it.  

cheers,

.oO				. . . . http://gravity.hellyeah.com	
e m o r y 			.       husband in training, 
.     Oo.			. 	unix systems engineer.	
. . . . . . . . . . . . . . . . .	OpenBSD advocate.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNU3xujvv3jBzkA6dAQHhnAP9GShdDk4+CE3beml0mTInWTaB9+iv3WRI
DRCMIG2fzQax6HrzSMcdzZ5a7CauJKhMFuuG8pk1X+D2xp3yc5AEvzRfupwgn9Tx
ssxJrsIkrn1mjnUM8YJPtq9DuSo1TCD/tNDl4+gz4nSmb/Yh624zfL3PNe5aSxnC
PQpHk4wPVmY=
=icun
-----END PGP SIGNATURE-----