Just curious, but isn't it possible that one of the providers of "optimized" clients could hack the code by just a few bytes and claim 5 more credits than was real?

claimed_credits=claimed_credits+5.0;

If the "match" occurs on a WU with more than one cruncher with this the optimization, the granted credits could be skewed. If the "skew" is small and doesn't change granted all the time, it might go unnoticed.

The end result, however, is those looking for credits, could be doing the "cheating" that was a reason Seti Classic needed to become seti/Boinc

With all the threads about using optimized clients, the precentage of users who could potentially sending "skewed" claimed_credits could be increasing, and while non optimized clients may catch a side effect at times, the "skewed" clients would get it more often....

Why does it seem that Seti is the only project that releases source code for the cruncher to the general public? It's just asking to be hacked!

"Use my client and you'll get more credits" is enough of a tagline to get people to use it.

---

[font='fixedsys,courier']One could just as easily skew the claim downwards as upwards.

As long as the data returned is valid and the calculations take less time, I couldn't care if I claim 50% less credit.[/font]

---

Although i think it is not appropriate to cheat like this, i also think it is not possible. It's not the cruncher, that asks for credit, it's the BOINC client, that asks for credit depending on time spend crunching and benchmark results.

---

Aloha, Uli

Although i think it is not appropriate to cheat like this, i also think it is not possible. It's not the cruncher, that asks for credit, it's the BOINC client, that asks for credit depending on time spend crunching and benchmark results.

'Fraid it is possible.... Read this:

http://pirates.vassar.edu/forum_thread.php?id=400

---

Its open sourec to appeal to as many as possible. Many do not want pre compiled code running on their systems;they want to see it and compile it to make sure their security is not compromised. Its a nice feature.

On cheating there's a whole pile of things that can be done to try and subvert the total system but everyone would have to do them to overcome the quoram. I think its fairly robust and a concerted effort by many many users would have to be made to succeed; this is the important protection and limiting factor on potential cheats If everybody did it, though, would it be cheating...????????...or just an uprating of credits for all with differentials unaffected?????????????

I'm not sure about the other projects on why they are closed. CPDN is probably because its UK Ministry of Defence rules.

---

Although i think it is not appropriate to cheat like this, i also think it is not possible. It's not the cruncher, that asks for credit, it's the BOINC client, that asks for credit depending on time spend crunching and benchmark results.

'Fraid it is possible.... Read this:

http://pirates.vassar.edu/forum_thread.php?id=400

I think I read the thread as a WU with a quoram of 1 needed. Well for cheaters that's cheap meat. On that basis its entirely possible to cheat. That's why seti has a quoram of 3 or 4 or even 5. I think seti is safe for now. Did I read it wrong?

---

Although i think it is not appropriate to cheat like this, i also think it is not possible. It's not the cruncher, that asks for credit, it's the BOINC client, that asks for credit depending on time spend crunching and benchmark results.

'Fraid it is possible.... Read this:

http://pirates.vassar.edu/forum_thread.php?id=400

I think I read the thread as a WU with a quoram of 1 needed. Well for cheaters that's cheap meat. On that basis its entirely possible to cheat. That's why seti has a quoram of 3 or 4 or even 5. I think seti is safe for now. Did I read it wrong?

I think you read it right!

But while it may not be possible to wholesale cheat on every unit, if a sufficiently large anough group of people did adopt this cheat, some cheated WUs would compare with other cheated WUs and get through.
Critically IMO, there is no mechanism tham I'm aware of that would penalize anyone from trying to cheat. So some may feel 'why not' - if someone claims 100 credits for every WU when they should only claim 50, every now and then they'll get the 100, but nothing lost if they don't.

---

...Critically IMO, there is no mechanism tham I'm aware of that would penalize anyone from trying to cheat. So some may feel 'why not' - if someone claims 100 credits for every WU when they should only claim 50, every now and then they'll get the 100, but nothing lost if they don't.

And those cheaters would stick out like a sore thumb on the database and so arouse suspicions for their credits AND the returned science results.

There's already a check for if a client returns claims that are too far out.

Hey this is Open Source. The system has to be scrutinised like this so that the system stays a few steps ahead of everyone and any future cheaters!

Regards,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

The chances of someone actually getting the higher claimed credit is very small. The important thing is that there is now a known "hole" that should be plugged.

Let's hope they plug it.

The chances of someone actually getting the higher claimed credit is very small. The important thing is that there is now a known "hole" that should be plugged.

The real problem is not so much the cheating, but more commonly the difference of the ratio benchmark/WU efficiency on different hardware and OS platforms, or even individual computers (or even the very same compuer at different times). Both benchmarks and WU run slower or faster depending on the overall load of the machine, so already by stopping all programs and services you can influence the benchmark by tens of %.

The biggest trouble is that the credit is based on Cobblestone and the benchmark measures only the number of floating point and integer operations per second, and in no way takes in account any parallelism or other features of modern CPU's that can complete the work with much less FP or Integer operations than a reference computer.

It is the calibration of the benchmark that is missing. Better told, using the benchmark in this simple form is flawed and can never work correctly. To achive just and conform credits, it is necessary to base the crediting on reference units and not on worthless benchmarks that do not tell anything about the real CPU speed. It would be easy to change the system so, that it randomly sends a shorter reference unit with known Cobblestone value (this already hapens anyway), and then assign a coefficent to the machine used for calculation of credits of all WU's. Unlike now, there would not be any claimed credit, but simply the unit and the time spent on it. The credit would be then calculated on the server side and assigned to all participants of the WU, excluding so any manipulation.

---

trux
BOINC software
Freediving Team
Czech Republic