Newsgroup: comp.risks


Received: from hermes.aegean.gr ([195.251.128.2]) by eupalinos.samos.aegean.gr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id KJD4B5C3; Mon, 14 May 2001 04:46:21 +0300
Received: by hermes.aegean.gr with Internet Mail Service (5.5.2653.19)
id <KXMY1HS6>; Mon, 14 May 2001 04:46:39 +0300
Received: from aueb.gr (hermes.aueb.gr [195.251.255.142]) by hermes.aegean.gr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id KXMY1HS5; Mon, 14 May 2001 04:46:29 +0300
Received: from quarter.csl.sri.com (quarter.csl.sri.com [130.107.1.30])
by aueb.gr (8.8.5/8.8.5) with ESMTP id EAA18132
for <dds@aueb.gr>; Mon, 14 May 2001 04:44:07 +0300 (EET DST)
Received: from quarter.csl.sri.com (localhost [127.0.0.1])
by quarter.csl.sri.com (8.11.1/8.11.1) with SMTP id f4E1jFN06580;
Sun, 13 May 2001 18:45:15 -0700
Received: from chiron.csl.sri.com (chiron.csl.sri.com [130.107.15.74])
by quarter.csl.sri.com (8.11.1/8.11.1) with ESMTP id f4E1dHN06037
for <risks-resend@csl.sri.com>; Sun, 13 May 2001 18:39:17 -0700
Received: (from risko@localhost)
by chiron.csl.sri.com (8.9.3/8.8.7) id SAA23991
for risks-resend; Sun, 13 May 2001 18:39:16 -0700
From: RISKS List Owner <risko@csl.sri.com>
Date: Sun, 13 May 2001 18:39:16 PDT
precedence: bulk
Subject: Risks Digest 21.40
To: risks@csl.sri.com
Message-ID: <CMM.0.90.4.989804356.risko@chiron.csl.sri.com>
Precedence: bulk
Sender: risks-owner@csl.sri.com
RISKS-LIST: Risks-Forum Digest  Sunday 13 May 2001  Volume 21 : Issue 40

   FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.40.html>
and by anonymous ftp at ftp.sri.com, cd risks .

  Contents:
Word file turns into two disjoint texts (Clive Page)
Check everyone's Vodafone voicemail (Andrew Goodman-Jones)
Car 54, where are you? (David Lesher)
Euro risks, part 1 (Paul van Keep)
Euro risks, part 2 (Paul van Keep)
Thieves R Us (Mike Godwin via Dave Farber)
Re: Citibank's meaningless privacy notice (Zygo Blaxell)
Re: Using calendar reminder service ... (Nikita Borisov)
Re: MSN "upgrade" creates long distance calling (Bob Frankston)
Risks of not monitoring field-deployed systems (John Connor)
Re: UPS Shutdown (Diomidis Spinellis, Chris Smith)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 04 May 2001 09:03:13 +0200
From: Diomidis Spinellis <dds@aueb.gr>
Subject: Re: UPS Shutdown (Borg, Risks-21.36)

In RISKS-21.36 Kent Borg noted that his UPS failed to power his server when
the mains power was restored.  The problem can probably be attributed to the
way Kent installed and used the UPS rather than the UPS design.  To
power-down a UPS after its batteries signal that they are close to empty by
expecting it to switch-off when the batteries are completely drained is
incorrect due to a number of subtle race conditions (another risk).
Consider first of all the scenario expected by Kent:

1. Mains power is interrupted
2. Computer is now powered by the UPS
3. UPS batteries signal a low condition
4. Computer gracefully halts
5. UPS dies as batteries are completely drained
6. Computer switches off as UPS power is interrupted
7. Mains power is restored
8. Computer restarts

Consider now the first race condition: mains power is restored between
steps 4 and 5.  The UPS will restore power and the computer will wait
idly in its halted state.  One can counter, that many computers have
automatic power management so that (in step 4) they can be shut off
instead halted;  when power power is restored the computer will
correctly restart.  Enter now the second race condition: power is
restored DURING the shutdown sequence (this sequence can last for
several minutes on servers running database applications).  The computer
will now complete its shutdown sequence and switch itself completely off
despite being fed with mains power.

How can one handle these problems?  The communication protocol of most
UPSs supports a software command to switch-off the UPS.  Thus the last
action of step 4 is to soft switch-off the UPS (and consequently the
computer).  When power is restored both will correctly restart.  

Note that the implementation of this sequence is not trivial: the UPS
software I am familiar with, operates as a user process; when the
computer is ready to halt, user processes have died and filesystems are
unmounted making it difficult to send that last command to the UPS.

Conclusions
1) UPS software is not optional (if you are searching for an
implementation have a look at the open-source Network UPS Tools - NUT
<http://www.exploits.org/nut/>).
2) The correct installation of UPS software is not trivial.

Diomidis Spinellis <http://www.eltrun.aueb.gr/dds/>

------------------------------
[...]

End of RISKS-FORUM Digest 21.40
************************



Newsgroup comp.risks contents
Newsgroup list
Diomidis Spinellis home page

Creative Commons License Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.