Hey Zeke Boyes, who is Bill Schuh? I don't even know of a relative by that name :-)
Working as Documented is another version of WAD. My stance is that if the system dies because of a design "feature", then perhaps that feature ought to be reconsidered. Certainly, there is no way to anticipate all possible feature failures, but when one comes up that is preventable, then the design ought to be tweaked. All of the discussion about whether it is or is not a DOS is totally irrelevant, especially to those who have been victimized. (I thought that Lyn Hadley eliminated WAD and BAD from the IBM vernacular years ago.) Regards, Richard Schuh > -----Original Message----- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of David Boyes > Sent: Friday, September 18, 2009 7:12 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: VM lockup due to storage typo > > On 9/18/09 9:32 AM, "Bill Holder" <hold...@us.ibm.com> wrote: > > > That is indeed one important question, but there was > another one, the > > question of whether this was a denial of service attack exposure, > > which i t is not. > > I think that's a point of view question. > > If I am another user on the same VM system, happy within my > cozy little class G box, and the hypervisor admin does > something outside of my control to some OTHER user that > causes CP to choke, then from the original user's perspective > it IS a DOS attack because it's something that is out of my > control, starves ME, and causes ME to choke without reason. > > An analagous parallel case in the distributed system world > would be a ping flood attack on a network segment. The > innocent get hurt along with the intended target by being > starved of access to the network, and thus lose the ability > to function according to design. > > From the hypervisor admin's POV, then yeah, it's just doing > what it's told to do. It's correct operation, working as documented. > > I think Bill Schuh and Marcy and myself are arguing for the > former viewpoint. I think you and Adam are arguing from the > latter view. > > > I'm not disagreeing that it would be nice if there were > some sor t of > > "are you sure" safety net before the system proceeded to try to do > > something suicidal, but that's a design and requirements > question, not > > a defect question. > > I think we're all in violent agreement on that point. Now, > the question is what is the best way to put a safety on that gun? >
