Do we have a Boinc virus?


log in

Advanced search

Message boards : Number crunching : Do we have a Boinc virus?

Previous · 1 . . . 9 · 10 · 11 · 12 · 13 · 14 · 15 . . . 27 · Next
Author Message
Profile Michael Buckingham
Volunteer tester
Avatar
Send message
Joined: 21 Aug 99
Posts: 4508
Credit: 2,676,597
RAC: 0
United States
Message 242392 - Posted: 4 Feb 2006, 18:37:42 UTC - in response to Message 242378.
Last modified: 4 Feb 2006, 18:40:20 UTC

When Nez started rocketing up the charts there was some concern expressed on the boards. He was checked out and even posted several times to clear up the problem. Turns out there was no problem. He has properly earned his number 1 ranking.
Well, Giese is done, so why not reharshing this case :) I searched the forum archive, but found only a single post of NEZ - in Cafe, regarding the Babe of the Day. No comment to the incredible RAC he has. Theoretically, it could be done by couple of hunderds of high performance machines (or maybe couple of supercomouters) running 24/7, but practically several thousands machines seem to be more probable. That's surely possible for a huge company or a well organized group of individuals, but I'd be interested how Nez explained it. Can you point us to the post he made, and that turned it into "no problem" as you wrote? I'd be definitely interested in reading it, but did not find anything.



yeah, coz that guy has way more than Giese has...301,352.32 RAC, Thats THOUSANDS of [edit]average[edit] computers.
____________


http://www.mikesbawx.org/photo/

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 242393 - Posted: 4 Feb 2006, 18:38:11 UTC - in response to Message 242390.
Last modified: 4 Feb 2006, 18:38:58 UTC

No, he never answered Misfits question in the BOTD thread.
Hmm, in that case I have to tell that to me it stinks too. Shouldn't the guys at BOINC have look at this one maybe too.

____________
trux
BOINC software
Freediving Team
Czech Republic

Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 3
United States
Message 242396 - Posted: 4 Feb 2006, 18:42:29 UTC - in response to Message 242388.
Last modified: 4 Feb 2006, 18:53:58 UTC

Another easy way of cheating was discussed long time ago on our team forum, when some new projects appeared, with description in foreign languages that nobody understood. We were speculating that there is nothing easier than creating a bogus project, just forwarding S@H WU's and then resending the completeed results to the S@H server under own user or team ID.



Just to make sure I'm reading this right:

You set up a BOINC project, which pulls results from SAH and then farms them out to it's own participants, then recollects them when finished and transmits them back to SAH.

How would that be strictly cheating, since the "farm" project is being legitimately run by the people who participate on it, and the farm project would still have to set up individual accounts for every one of their proxies to get around the quota problem.

It might be unethical to not disclose the fact you're acting as an "agent", but the true cruncher still gets BOINC credit for the proxy project they run.

Do you have links to any of the "agent" projects?

Alinator

Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 3
United States
Message 242398 - Posted: 4 Feb 2006, 18:43:40 UTC - in response to Message 242396.
Last modified: 4 Feb 2006, 18:45:21 UTC

Pilot error!! :-)

Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 3
United States
Message 242404 - Posted: 4 Feb 2006, 18:56:34 UTC - in response to Message 242393.
Last modified: 4 Feb 2006, 19:03:05 UTC

No, he never answered Misfits question in the BOTD thread.
Hmm, in that case I have to tell that to me it stinks too. Shouldn't the guys at BOINC have look at this one maybe too.


If you search the forums and drill down the threads, Rom did make a response which indicated Nez was legit.

Here's a link:

http://setiathome.berkeley.edu/forum_thread.php?id=21447#180861

Although I'm not 100 % sure he was referring to Nez, Teef, or both.

Alinator

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 242441 - Posted: 4 Feb 2006, 19:34:51 UTC - in response to Message 242404.

http://setiathome.berkeley.edu/forum_thread.php?id=21447#180861
Although I'm not 100 % sure he was referring to Nez, Teef, or both.
He really did not specify, but seems to be speaking really about Teef, who indeed explained that they were just burning in a huge farm of machines for other purposes, and it took just few weeks. Also, all what Rom wrote is this:
Wow, S/He has a butt load of machines.
Things look okay from this end, I'll look them over again tonight.
Giese had also huge number of machines, so if they did not know about the hijacked machines, they would not suspect him either. The things changed since then.


____________
trux
BOINC software
Freediving Team
Czech Republic

Profile Misfit
Volunteer tester
Avatar
Send message
Joined: 21 Jun 01
Posts: 21784
Credit: 2,509,700
RAC: 1,956
United States
Message 242445 - Posted: 4 Feb 2006, 19:40:24 UTC

I don't believe the 'virus' would be able to attach random accounts because the email address and password, or account key, would have to be known. As long as the database that contains this info hasn't been compromised this senario couldn't happen.
____________

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 242446 - Posted: 4 Feb 2006, 19:42:13 UTC - in response to Message 242396.
Last modified: 4 Feb 2006, 19:49:31 UTC

You set up a BOINC project, which pulls results from SAH and then farms them out to it's own participants, then recollects them when finished and transmits them back to SAH.

How would that be strictly cheating, ...
Well, I am probably not normal, but yes - for me it is cheating.

Do you have links to any of the "agent" projects?
Do you really think, I'd be still till now if I knew such projects exist? If you suspect some, try opening couple of WU's in Notepad - you may (and you may not) find out if just forwards WU's of another project.
____________
trux
BOINC software
Freediving Team
Czech Republic

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 242452 - Posted: 4 Feb 2006, 19:43:51 UTC - in response to Message 242445.
Last modified: 4 Feb 2006, 19:44:10 UTC

I don't believe the 'virus' would be able to attach random accounts because the email address and password, or account key, would have to be known. As long as the database that contains this info hasn't been compromised this senario couldn't happen.
If I wrote 'random', I certainly did not mean completely random, but simply random user ID from a pool of user id's of the crook - it's not a big deal generating couple of hundreds of user ids.

____________
trux
BOINC software
Freediving Team
Czech Republic

Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 3
United States
Message 242457 - Posted: 4 Feb 2006, 19:51:38 UTC - in response to Message 242441.
Last modified: 4 Feb 2006, 20:14:52 UTC

Giese had also huge number of machines, so if they did not know about the hijacked machines, they would not suspect him either. The things changed since then.



Agreed, I guess that's a point in favor of the 'Stone counters. The odds you can get away with an illegitimate credit exploit long term would seem to be pretty small when it causes numbers big enough to make a real difference, if this thread (and others) is any indication.

One of the "hazards" of being in the top 100! LOL

Regarding the other matter of an "Agent" project;

Since I cannot find anywhere where it is expressly prohibited (here at SAH), if it was fully disclosed to prospective participants as to what they were actually doing, I still don't see it as cheating. It's not like the proxy crunching hosts are double dipping, since their credit is accounted for in the Agent Project totals, and as far as SAH is concerned they have X new hosts crunching for them legally. I see it as similiar to "Account Managers on steroids".

The case could be different for a project like PAH, where result are grouped by processor type on purpose if that wasn't honored by the agent, but then a project could always specifically disallow agenting in its rules.

Of course, I'm ignoring the obvious question of why someone would want to give up the specific project credit their machine earned to the Agent in the first place, but assuming they did, why shouldn't the Agent be entitled to a "reward" for the service provided to the target project?

Alinator

Hans Dorn
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 3 Apr 99
Posts: 2245
Credit: 18,382,977
RAC: 9,184
Germany
Message 242464 - Posted: 4 Feb 2006, 20:01:39 UTC

I'm pretty sure that NEZ is alright. He's been crunching for quite a while now, and no complaints showed up.

Regards Hans


P.S:

I have a bad feeling about Carsten Giese, though. Can't be sure because of the lack of information.

I also think his credits should be deleted from seti.germany, so this whole mess can be considered closed.
____________

Profile Fred G
Avatar
Send message
Joined: 17 May 99
Posts: 185
Credit: 24,109,481
RAC: 42
United States
Message 242469 - Posted: 4 Feb 2006, 20:07:11 UTC - in response to Message 242298.

@ Fred_G: Fred, could you possibly send me the file sched_request.xml from the system32 dir of the infected machine? I am building in some protection into my core client, and need to verify some info in the file. Thanks!

If you are willing to do it, use please boinc -AT- truxoft -DOT- com

I'll see if I can get it and send it to you.

>Fred
____________

http://www.teamstarfire.org/

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 242499 - Posted: 4 Feb 2006, 20:52:06 UTC - in response to Message 242457.
Last modified: 4 Feb 2006, 21:16:03 UTC

Since I cannot find anywhere where it is expressly prohibited (here at SAH), if it was fully disclosed to prospective participants as to what they were actually doing, I still don't see it as cheating.
Maybe you have personally, or generally in your country, different ethical and moral values than I do. However, I think I can be pretty sure that I am not the only one who does not need to have written laws and rules to know what is moral and what not, or what is cheating and what not. I agree though that the opinions may differ. For me, if a project pretended it made some big science, or research
important for the mankind, but in fact did nothing else than forwarding your work to another project as if it was made by another user (themselves) - sorry, for me it is immoral and I definitely consider it cheating. If you feel it perfectly OK and decide to launch such project, or maybe even if you do it already yourself, then please count that I'll fight against you as much as I can.

EDIT: and of course, if you reread my posts, since the beginning I do not speak about any proxy or agent project that clearly states that it does something like that - it wouldn't make any sense anyway, so I doubt anyone would launch or use such project if it clearly specified that in only passes your work for their own.
____________
trux
BOINC software
Freediving Team
Czech Republic

[SG-SPEG]stefan78
Send message
Joined: 1 Aug 99
Posts: 19
Credit: 30,308
RAC: 0
Germany
Message 242502 - Posted: 4 Feb 2006, 20:54:22 UTC

Hi all,

as Hans mentioned, i also support the idea of deleting the addtitional credits from CG. The Seti.Germany credits will go down, but they will be fair. Before anyone is saying, that Seti.Germany is cheating it would be better to delete the credits.

But Berkeley should check all high RACs as i think if it can happen once, it also can happen twice....maybe now.
____________

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 242514 - Posted: 4 Feb 2006, 21:08:33 UTC - in response to Message 242464.
Last modified: 4 Feb 2006, 21:10:03 UTC

I'm pretty sure that NEZ is alright. He's been crunching for quite a while now, and no complaints showed up.
I'd love if I knew you have some specific reason to belive him. I find it difficult though to believe that an individual may manage to reach that high RAC (comparable with the RAC of the team leader SETI.Germany with over 10.000 members - and probably at least double of that number of hosts).

Well, maybye it is not an individual (only the el. power costs would ruin him/her). Maybe it is a huge group of individuals - in that case though I would expect them having a well know website, forum and number of active members who would not hesitate to post some explanation here. Or it might be a huge corporation, but in that case I would expect they'd be happy to use the top ranking as a good advertisement and not doing it anonymously. Or maybe it is a guy who built a supercomputer, or a GCU cruncher and manages to crunch 100 times more per machine than others. Then I'd expect he won't keep it secret that long and offers his dicovery to others too (yes, I am naïve).

Yes, I know, all these are pure speculations, but still I find it as suspicious as at Carsten Giese, when not even more.

____________
trux
BOINC software
Freediving Team
Czech Republic

Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 3
United States
Message 242521 - Posted: 4 Feb 2006, 21:15:18 UTC - in response to Message 242499.
Last modified: 4 Feb 2006, 21:25:29 UTC

Since I cannot find anywhere where it is expressly prohibited (here at SAH), if it was fully disclosed to prospective participants as to what they were actually doing, I still don't see it as cheating.
Maybe you have personally, or generally in your country, different ethical and moral values than I do. However, I think I can be pretty sure that I am not the only one who does not need to have written laws and rules to know what is moral and what not, or what is cheating and what not. I agree though that the opinions may differ. For me, if a project pretended it made some big science, or research
important for the mankind, but in fact did nothing else than forwarding your work to another project as if it was made by another user (themselves) - sorry, for me it is immoral and I definitely consider it cheating. If you feel it perfectly OK and decide to launch such project, or maybe even if you do it already yourself, then please count that I'll fight against you as much as I can.


With all due respect:

Where did I say that to clandestinely or otherwise misrepresent the purpose of an Agent Project is moral, ethical, and should not be considered a cheat?

I expressly specified that if such an Agent was operated with *Full Disclosure* to prospective participants as to what the purpose was, then I don't see a problem, and it is a stretch to call it cheating under *those* conditions.

For example, if I perform computer service work for someone, and as a quid pro quo in lieu of cash payment, have them allow me to run BOINC/SETI on their machine with full disclosure and permission under my account, is that cheating? I don't think so. Then why should an Agent Project operating under the *same* conditions not be allowed?

<edit> OK, sorry, we must havew been co-posting, since I see from your edit, we are on the same page! LOL

Alinator

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 242528 - Posted: 4 Feb 2006, 21:19:21 UTC - in response to Message 242521.
Last modified: 4 Feb 2006, 21:21:47 UTC

For example, if I perform computer service work for someone, and as a quid pro quo in lieu of cash payment, have them allow me to run BOINC/SETI on their machine with full disclosure and permission under my account, is that cheating? I don't think so. Then why should an Agent Project operating under the *same* conditions not be allowed?
Sorry, but I did not speak about such case at all. Please reread my original post. Besides it, it makes no sence to create a project that does nothing else than stealing your work and passing it as their own. (I mean no other sense than cummulating credits). If you agree to work under the account of anoterh user, it is your free choice, but that's a completely different case that I did not discuss here at all.

____________
trux
BOINC software
Freediving Team
Czech Republic

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 242529 - Posted: 4 Feb 2006, 21:20:30 UTC - in response to Message 242528.
Last modified: 4 Feb 2006, 21:21:05 UTC

sorry, double post again
____________
trux
BOINC software
Freediving Team
Czech Republic

Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 3
United States
Message 242536 - Posted: 4 Feb 2006, 21:26:51 UTC - in response to Message 242529.
Last modified: 4 Feb 2006, 21:34:09 UTC

sorry, double post again


LOL, no problemo and I've done it too, see my edit.

The only use for such a project I can see would be if people wanted to not be directly associated with any project in any way, but still wanted to contribute in some manner.

Maybe call it BOINC-a-mizer@Home. :-)

Alinator

[SG-SPEG]stefan78
Send message
Joined: 1 Aug 99
Posts: 19
Credit: 30,308
RAC: 0
Germany
Message 242548 - Posted: 4 Feb 2006, 21:39:14 UTC

I think, this issue should be reported to companies as F-Secure, Symantec and McAfee as i think, if this is a modified worm who causes these problems, there should be updated virus patterns to stop spreading it widely.


____________

Previous · 1 . . . 9 · 10 · 11 · 12 · 13 · 14 · 15 . . . 27 · Next

Message boards : Number crunching : Do we have a Boinc virus?

Copyright © 2014 University of California