| Received: | from hermes.aegean.gr ([195.251.128.2]) by eupalinos.samos.aegean.gr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) |
| id KJD4B5C3; Mon, 14 May 2001 04:46:21 +0300 | |
| Received: | by hermes.aegean.gr with Internet Mail Service (5.5.2653.19) |
| id <KXMY1HS6>; Mon, 14 May 2001 04:46:39 +0300 | |
| Received: | from aueb.gr (hermes.aueb.gr [195.251.255.142]) by hermes.aegean.gr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) |
| id KXMY1HS5; Mon, 14 May 2001 04:46:29 +0300 | |
| Received: | from quarter.csl.sri.com (quarter.csl.sri.com [130.107.1.30]) |
| by aueb.gr (8.8.5/8.8.5) with ESMTP id EAA18132 | |
| for <dds@aueb.gr>; Mon, 14 May 2001 04:44:07 +0300 (EET DST) | |
| Received: | from quarter.csl.sri.com (localhost [127.0.0.1]) |
| by quarter.csl.sri.com (8.11.1/8.11.1) with SMTP id f4E1jFN06580; | |
| Sun, 13 May 2001 18:45:15 -0700 | |
| Received: | from chiron.csl.sri.com (chiron.csl.sri.com [130.107.15.74]) |
| by quarter.csl.sri.com (8.11.1/8.11.1) with ESMTP id f4E1dHN06037 | |
| for <risks-resend@csl.sri.com>; Sun, 13 May 2001 18:39:17 -0700 | |
| Received: | (from risko@localhost) |
| by chiron.csl.sri.com (8.9.3/8.8.7) id SAA23991 | |
| for risks-resend; Sun, 13 May 2001 18:39:16 -0700 | |
| From: | RISKS List Owner <risko@csl.sri.com> |
| Date: | Sun, 13 May 2001 18:39:16 PDT |
| precedence: | bulk |
| Subject: | Risks Digest 21.40 |
| To: | risks@csl.sri.com |
| Message-ID: | <CMM.0.90.4.989804356.risko@chiron.csl.sri.com> |
| Precedence: | bulk |
| Sender: | risks-owner@csl.sri.com |
RISKS-LIST: Risks-Forum Digest Sunday 13 May 2001 Volume 21 : Issue 40 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.40.html> and by anonymous ftp at ftp.sri.com, cd risks . Contents: Word file turns into two disjoint texts (Clive Page) Check everyone's Vodafone voicemail (Andrew Goodman-Jones) Car 54, where are you? (David Lesher) Euro risks, part 1 (Paul van Keep) Euro risks, part 2 (Paul van Keep) Thieves R Us (Mike Godwin via Dave Farber) Re: Citibank's meaningless privacy notice (Zygo Blaxell) Re: Using calendar reminder service ... (Nikita Borisov) Re: MSN "upgrade" creates long distance calling (Bob Frankston) Risks of not monitoring field-deployed systems (John Connor) Re: UPS Shutdown (Diomidis Spinellis, Chris Smith) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 04 May 2001 09:03:13 +0200 From: Diomidis Spinellis <dds@aueb.gr> Subject: Re: UPS Shutdown (Borg, Risks-21.36) In RISKS-21.36 Kent Borg noted that his UPS failed to power his server when the mains power was restored. The problem can probably be attributed to the way Kent installed and used the UPS rather than the UPS design. To power-down a UPS after its batteries signal that they are close to empty by expecting it to switch-off when the batteries are completely drained is incorrect due to a number of subtle race conditions (another risk). Consider first of all the scenario expected by Kent: 1. Mains power is interrupted 2. Computer is now powered by the UPS 3. UPS batteries signal a low condition 4. Computer gracefully halts 5. UPS dies as batteries are completely drained 6. Computer switches off as UPS power is interrupted 7. Mains power is restored 8. Computer restarts Consider now the first race condition: mains power is restored between steps 4 and 5. The UPS will restore power and the computer will wait idly in its halted state. One can counter, that many computers have automatic power management so that (in step 4) they can be shut off instead halted; when power power is restored the computer will correctly restart. Enter now the second race condition: power is restored DURING the shutdown sequence (this sequence can last for several minutes on servers running database applications). The computer will now complete its shutdown sequence and switch itself completely off despite being fed with mains power. How can one handle these problems? The communication protocol of most UPSs supports a software command to switch-off the UPS. Thus the last action of step 4 is to soft switch-off the UPS (and consequently the computer). When power is restored both will correctly restart. Note that the implementation of this sequence is not trivial: the UPS software I am familiar with, operates as a user process; when the computer is ready to halt, user processes have died and filesystems are unmounted making it difficult to send that last command to the UPS. Conclusions 1) UPS software is not optional (if you are searching for an implementation have a look at the open-source Network UPS Tools - NUT <http://www.exploits.org/nut/>). 2) The correct installation of UPS software is not trivial. Diomidis Spinellis <http://www.eltrun.aueb.gr/dds/> ------------------------------ [...] End of RISKS-FORUM Digest 21.40 ************************
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.