Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!caip!think!husc6!cmcl2!seismo!ut-sally!ut-ngp!melpad!osi3b2!james From: james@osi3b2.UUCP (James R. Van Artsdalen) Newsgroups: net.unix-wizards,net.micro.att Subject: Re: ATT 3b2 firmware password Message-ID: <226@osi3b2.UUCP> Date: Mon, 29-Sep-86 02:03:40 EDT Article-I.D.: osi3b2.226 Posted: Mon Sep 29 02:03:40 1986 Date-Received: Wed, 1-Oct-86 01:32:58 EDT References: <305@pinney.munsell.UUCP> Organization: Origin Systems Inc. Lines: 69 Xref: watmath net.unix-wizards:19729 net.micro.att:1551 As the posting system name should indicate, we have and use a 3b2. We are quite pleased with it. I would certainly agree that it is overpriced at list, but we bought ours used for a good deal less than list. It supports about 12 people total, with 5 on-line at once (averaging three or four throughout a day). In article <305@pinney.munsell.UUCP>, pac@munsell.UUCP (Paul Czarnecki) writes: > I have some friends with an ATT 3b2 that has a firmware password in it. > They'ld like to rebuild thier kernal but they can't because a previous > and long gone engineer changed this firmware password. > > The documentation seems lacking (for obvious reasons) about how to > defeat this protection scheme. > > (Why don't they call ATT and ask them? Well, you see, they don't quite > actually own the machine. Soon after they bought it they discovered > that it was a much better space heater or boat anchor than a computer. > They notified ATT that the machine did not satisfy them and to please > come take it away. Much letters and lawyers later, ATT cancelled the > bill but never picked up the machine. This was over a year ago. Now > they actually have a need for it.) The 3b2 runs extremely cool. It is shaped like a small box. It would make neither a good space heater nor a good boat anchor. :-) Seriously it sounds like these people had no business buying a computer if they needed something bigger than a 3b2 but didn't realize it until _after_ taking delivery. Be serious folks and hire a good consultant when you spend lots of money on things you don't understand (obviously this audience doesn't need this reminder, but some people still do). > (I knew it wasn't a computer when one day, frustrated beyond belief at > it, I reached around and powered the beast off. On my screen flashes > the words, "System shutdown in 5 minutes." I sprinkled some holy water, > drew a pentagram around it, and cut the main power switch to the > building.:-) DEFINITELY hire a consultant to select your computer! Just what did you expect to happen when you pulled the power cord? Did you expect it to get better??? Did you disbelieve that in fact the computer would be off in five minutes? The 3b2 is like any other computer: software problems are best solved with the power on... > If anyone knows how to do this please send me mail. PLEASE DO NOT POST > SUCH AN OBVIOUS SECURITY HOLE NOR WILL I SUMMERIZE TO THE NET. No hole exists of that form: physical access is required to defeat the firmware. And in any case the answer is rather obvious: disconnect the battery for a little bit. Once the battery is reconnected the firmware will default to the original password. This is no less a security hole than with any other computer: once you have unimpeded physical access by someone who knows the hardware & software (as is required to break security in this manner) you have the computer and its data. I realize I've sounded a bit heavy-handed in this article, but you gave several misleading impressions in your article. The 3b2 is not junk: were you expecting a VAX or something? It's a fairly reliable machine that runs 5 people very well to my experience (albeit that it's a bit overpriced). Secondly there is no real security hole with the firmware password: Simple physical security will prevent someone from changing the password in this manner. And finally, shutting off the computer out of frustration, especially arbitrarily removing power when the system would clearly complete the cycle on its own, it rather poor technique. One should never risk the file system(s) by simply removing power. At one point I had our 3b2 up for 5 continuous months without a reboot, and without a glitch. Turning off power nightly simply isn't the way to run a unix system... I've cross-posted this article to net.micro.att: you should be able to get other questions answered there. -- James R. Van Artsdalen ...!ut-ngp!utastro!osi3b2!james Live Free or Die