Do we have a Boinc virus?


log in

Advanced search

Message boards : Number crunching : Do we have a Boinc virus?

Previous · 1 . . . 14 · 15 · 16 · 17 · 18 · 19 · 20 . . . 27 · Next
Author Message
Profile UBT - Halifax--lad
Volunteer tester
Avatar
Send message
Joined: 13 Dec 00
Posts: 433
Credit: 13,900
RAC: 0
United Kingdom
Message 243532 - Posted: 6 Feb 2006, 9:14:26 UTC - in response to Message 243305.

Halifax--lad wrote: [quote]I do know Tetsuji's version is OK, because I compiled it myself from his source code. All I want to tell, is that you are accusing others from ignorance and stupidity but in fact do not act differently.


Someone I know checked into the source code before I downloaded it, so I know that what it says on the tin it does.

____________
Join us in Chat (see the forum) Click the Sig


Join UBT

Profile roguebfl
Volunteer tester
Avatar
Send message
Joined: 21 May 99
Posts: 129
Credit: 223,953
RAC: 0
New Zealand
Message 243563 - Posted: 6 Feb 2006, 12:21:29 UTC - in response to Message 242253.

but wouldn't it be much more safer and easier (for users) to add to BOINC special codes that would make it anuseful, when installed with different name than boinc.exe or in different location than drive:\\program files\\BOINC, or even more simply, and allowing everyone more free play (but not too much), drive:\\...\\...\\BOINC\\ ????


yes way too much. have you consdered meny people use a multi[loigical] drive sytem for the windows box and might say maningf ther installs so only OS related things go into C:\\?

or even use an *nix bassed OS the does use drive:\\ at all?
____________
uninstall dyslexica.o : Permission denied


AMD Athlon 64 3000+ w/Windows
AMD Athlon 1800+ w/Linux

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 243565 - Posted: 6 Feb 2006, 12:36:30 UTC - in response to Message 243463.
Last modified: 6 Feb 2006, 12:47:44 UTC

Wasn't one of Trux's old optimized clients based on 4.68?
Not for FreeBSD like in this case, and my version did not have any problems with reporting processed time. That's a typical problem at FreeBSD machines with the official FreeBSD BOINC port available at FreeBSD.org, which is the only official option for this OS. Compiling from the soure is not easily possible without modifications, that's also why I wrote the HOWTO compile BOINC on FreeBSD

____________
trux
BOINC software
Freediving Team
Czech Republic

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 243568 - Posted: 6 Feb 2006, 12:40:52 UTC - in response to Message 243532.
Last modified: 6 Feb 2006, 12:42:23 UTC

Halifax--lad wrote: [quote]I do know Tetsuji's version is OK, because I compiled it myself from his source code. All I want to tell, is that you are accusing others from ignorance and stupidity but in fact do not act differently.
Someone I know checked into the source code before I downloaded it, so I know that what it says on the tin it does.
Well, if I want to continue in your style, then I have to ask: how do you know the server you downloaded the binary from (Marisan?) indeed offered the binary that was compiled from the source without modifications? Please note that I do not suggest that it is the case. I am only trying to explain you that you can also be "stupid in your book" as you wrote and install a Trojan even if you think you are well protected.

____________
trux
BOINC software
Freediving Team
Czech Republic

CJOrtega
Send message
Joined: 15 May 99
Posts: 186
Credit: 1,126,273
RAC: 0
United States
Message 243619 - Posted: 6 Feb 2006, 16:11:22 UTC

BTW: The poster on the MSN security.virus NG just mentioned that Boinc was installed on his computer at the same time that 'someone' installed Google Earth on his computer.

I have asked, what other programs did this 'someone' install on the posters computer that he wasn't told about? We will see if he responds.

It looks like that this might be a case of someone with access to the keyboard taking advantage of the opportunity to add to 'his' farm.


____________

Profile Crunchers For More Power
Volunteer tester
Avatar
Send message
Joined: 15 Mar 00
Posts: 15
Credit: 4,688,344
RAC: 0
Germany
Message 243622 - Posted: 6 Feb 2006, 16:37:51 UTC - in response to Message 242894.

If someone's computer gets RAC of 20,000, it is fishy. ... If someone has 30,000 hosts, it is fishy - it is not easily imaginable that an individual could have or control such amount of computers.



Oh yes. It's completly unimaginable for me to control 15 hosts like http://setiweb.ssl.berkeley.edu/show_host_detail.php?hostid=1782796 ...

Get a life!

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 243642 - Posted: 6 Feb 2006, 17:25:30 UTC - in response to Message 243622.

If someone's computer gets RAC of 20,000, it is fishy. ... If someone has 30,000 hosts, it is fishy - it is not easily imaginable that an individual could have or control such amount of computers.
Oh yes. It's completly unimaginable for me to control 15 hosts like http://setiweb.ssl.berkeley.edu/show_host_detail.php?hostid=1782796 ...
If you reread my post, you can clearly see "If someone's computer gets RAC of 20,000" and not "when some user has RAC of 20,000". Sorry, but that's a big difference. And still, I do not tell it is impossible, I just tell that it will definitely trigger curiosity

Get a life!
Thanks, but I do not think I deserved the offense. Is it really so bad asking for a simple explanation, or some mechanism to limit cheating and unethical behaviour of some users?

____________
trux
BOINC software
Freediving Team
Czech Republic

Profile UBT - Halifax--lad
Volunteer tester
Avatar
Send message
Joined: 13 Dec 00
Posts: 433
Credit: 13,900
RAC: 0
United Kingdom
Message 243662 - Posted: 6 Feb 2006, 18:08:40 UTC - in response to Message 243568.

Halifax--lad wrote: [quote]I do know Tetsuji's version is OK, because I compiled it myself from his source code. All I want to tell, is that you are accusing others from ignorance and stupidity but in fact do not act differently.
Someone I know checked into the source code before I downloaded it, so I know that what it says on the tin it does.
Well, if I want to continue in your style, then I have to ask: how do you know the server you downloaded the binary from (Marisan?) indeed offered the binary that was compiled from the source without modifications? Please note that I do not suggest that it is the case. I am only trying to explain you that you can also be "stupid in your book" as you wrote and install a Trojan even if you think you are well protected.


reread my post says there in black and white someone I know checked it 1st then passed it on to me

____________
Join us in Chat (see the forum) Click the Sig


Join UBT

J D K
Volunteer tester
Avatar
Send message
Joined: 26 May 04
Posts: 1295
Credit: 311,371
RAC: 0
United States
Message 243666 - Posted: 6 Feb 2006, 18:16:00 UTC

Me thinks this thread is getting to be absurd and should be closed.... Let Matt and his merry fingers do the talking I am sure he is on it.....
____________
And the beat goes on
Sonny and Cher

BOINC Wiki

Profile UBT - Halifax--lad
Volunteer tester
Avatar
Send message
Joined: 13 Dec 00
Posts: 433
Credit: 13,900
RAC: 0
United Kingdom
Message 243670 - Posted: 6 Feb 2006, 18:18:48 UTC - in response to Message 243666.

Me thinks this thread is getting to be absurd and should be closed.... Let Matt and his merry fingers do the talking I am sure he is on it.....


I agree close it for good
____________
Join us in Chat (see the forum) Click the Sig


Join UBT

Profile Irondog
Volunteer tester
Send message
Joined: 14 May 03
Posts: 9
Credit: 2,907,651
RAC: 0
United States
Message 243707 - Posted: 6 Feb 2006, 19:22:08 UTC - in response to Message 243149.
Last modified: 6 Feb 2006, 19:49:15 UTC

Let's ask the other way: Give me a single reason WHY would you want having your hosts hidden if there are no private data in the listing, and when your account is anonymous anyway?


One reason: Not everyone knows that some details are hidden and assume that everything they see on THEIR hosts (including IP, hostname, etc) is seen by everybody. Yes, WE all know this is not the case but not everyone takes time to look around and figure out what is going on before checking the "hide hosts" option.

If you want to petition the devs to take the option away, so be it. But it is there now and anyone can choose to use it and doing so should not implicate anything, whether they have a high or low RAC.


Host names can be seen by anyone. Since the host names are the names for the users in my home, I hide my PC's. Yes, I could change the names of the four PC's in my home, but I shouldn't have to and I don't want to.

Edit: Opps, after a second look, host names are hidden too. Never mind....
____________

Profile Michael Buckingham
Volunteer tester
Avatar
Send message
Joined: 21 Aug 99
Posts: 4508
Credit: 2,676,597
RAC: 0
United States
Message 243810 - Posted: 6 Feb 2006, 21:42:50 UTC - in response to Message 243707.
Last modified: 6 Feb 2006, 21:44:05 UTC

Let's ask the other way: Give me a single reason WHY would you want having your hosts hidden if there are no private data in the listing, and when your account is anonymous anyway?


One reason: Not everyone knows that some details are hidden and assume that everything they see on THEIR hosts (including IP, hostname, etc) is seen by everybody. Yes, WE all know this is not the case but not everyone takes time to look around and figure out what is going on before checking the "hide hosts" option.

If you want to petition the devs to take the option away, so be it. But it is there now and anyone can choose to use it and doing so should not implicate anything, whether they have a high or low RAC.


Host names can be seen by anyone. Since the host names are the names for the users in my home, I hide my PC's. Yes, I could change the names of the four PC's in my home, but I shouldn't have to and I don't want to.

Edit: Opps, after a second look, host names are hidden too. Never mind....


Hostnames CANNOT be seen, only YOU can see your OWN hostnames, not anyone else.

OOPS: Second look beat me....hehe
____________


http://www.mikesbawx.org/photo/

Profile Crunchers For More Power
Volunteer tester
Avatar
Send message
Joined: 15 Mar 00
Posts: 15
Credit: 4,688,344
RAC: 0
Germany
Message 243835 - Posted: 6 Feb 2006, 22:41:30 UTC - in response to Message 243642.
Last modified: 6 Feb 2006, 22:42:58 UTC

If you reread my post, you can clearly see "If someone's computer gets RAC of 20,000" and not "when some user has RAC of 20,000". Sorry, but that's a big difference. And still, I do not tell it is impossible, I just tell that it will definitely trigger curiosity


I reread and reread your post to see your point, ok. But in the context of your other posts in this thread I read still "we need a detailed list of authorisation certificats for each host if there are 'suspect high" rac's for a user" between the lines. But in the 'CG case' you probably would have seen nothing 'suspect' in a visible host list! So it's complete useless to cry for "user observe users". The next idea is to replace the "Recommend this profile" button with "Report a cheater" ?

Is it really so bad asking for a simple explanation, or some mechanism to limit cheating and unethical behaviour of some users?


Nobody have to give an account about the hosts, RAC, etc!
Suggest and contribute enhancements on the host setup procedure if you want.
For example not to store the account key on each single host would be a great step for boinc security.

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 243873 - Posted: 6 Feb 2006, 23:49:22 UTC - in response to Message 243835.
Last modified: 7 Feb 2006, 0:18:09 UTC

I reread and reread your post to see your point, ok. But in the context of your other posts in this thread I read still "we need a detailed list of authorisation certificats for each host if there are 'suspect high rac's for a user"
HUH??!! Who do you quote here exactly?? Can you point me to the place where I claimed that? I may be senile, but I still have at least the minimal ability to check here on the forum what I wrote and what I did not. The sentence you quoted never came out of my keyboard. Can you explain why you put it in quotes and associate with me? I never mentioned any certificates here in the thread. All what I am asking for, are stricter rules, more transparency, better public control (we cannot ask the Berkeley developers to police half a million of users), hard punishment for abusers, improvement of the security, anti-abuse, anti-Trojan, and anti-hijack functions in the software, and active cooperation of the community on improving the system. I consider hiding hosts as definitively contra-productive in sense of global security. Do not agree with me, but let me at least the right to pronounce the wish publicly! As you can see, I am not alone. And if there was no such possibility to hide the hosts since the beginning, I doubt there would be too many people who would be scared away because of it. It was simply a mistake made at the beginning that should have never happen.

But in the 'CG case' you probably would have seen nothing 'suspect' in a visible host list! So it's complete useless to cry for "user observe users"
Quite in contrary - I believe we would see the suspicious pattern far before it was uncovered by the person who reported it on the British help-desk. Since the high RAC apparently came from machines accidentally "infected" with BOINC, most of them were certainly not overclocked hi-powered machines running 24/7 like it is often the case at high-ranking BOINC-farmers. Carsten Giese had very likely many thousands (maybe even tens of thousands) of hosts under his account. Wouldn't it trigger any suspicion at you? No? OK, then I have a nice bridge in Prague to sell to you.

The next idea is to replace the "Recommend this profile" button with "Report a cheater" ?
Please do not mix apples and oranges. I know very well that there are power users, or companies that are simply far too ahead. I would not raise any suspicion against 'teef' because he had the courtesy to explain what he is doing and all the facts matched very well with the explanation. In contrary, both Carsten Giese and NEZ refused to answer any questions (in spite of being apparently in contact and reading the questions), and refused to even remotely explain what's going on. Unlike many posters claimed in this thread, and in contrary to the public belief, NEZ was apparently never checked by Matt or anyone else at Berkeley (and I can well understand it - they have better things to do).

Nobody have to give an account about the hosts, RAC, etc!
Why not?! What is wrong with it? Do you cheat? Are you stealing computing time of your employer, your friends, your customers? BOINC should happily refuse such 'donations'! It only damages its image. If you want to sponsor the science, either comply with the rules, do it honestly, and show the number of hosts, or - do it anonymously without any "rewards" in form of stats ranking. Can you explain me what's wrong with this? Can you name me the reason why you do not want your hosts listed? (without IP's and without host names of course). What exactly are you afraid of? And please do not come out with the reply we already saw, that you are testing a huge farm with Pentium 8 on Windows 2010 under Non-Disclosure Agreement. If you do, opt for the anonymous account.

Suggest and contribute enhancements on the host setup procedure if you want. For example not to store the account key on each single host would be a great step for boinc security.
I suggested already a number of improvements, not only in this thread, implemented many new features and proposals of others (including one of you or your colleagues), in my customized clients, and I will certainly try to suggest more. So why don’t you do it yourself too?

____________
trux
BOINC software
Freediving Team
Czech Republic

Profile Fred G
Avatar
Send message
Joined: 17 May 99
Posts: 185
Credit: 24,109,481
RAC: 0
United States
Message 243883 - Posted: 7 Feb 2006, 0:03:04 UTC

For all the naysayers that think un-hiding computers is a privacy issue do us a favor and do this. Choose any user on the forum (use mine if you would like to), click on their name and look at their computers. Then tell us what you can get from the information. If you can get any information from the computers list that is detrimental to anyones privacy please list it. If it's such an issue I'd like to know what can be found.
____________

http://www.teamstarfire.org/

Profile Geek@Play
Volunteer tester
Avatar
Send message
Joined: 31 Jul 01
Posts: 2463
Credit: 85,106,777
RAC: 19,752
United States
Message 243890 - Posted: 7 Feb 2006, 0:23:53 UTC

You can never find the Internet Police when you need one!


____________
Boinc....Boinc....Boinc....Boinc....

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 243891 - Posted: 7 Feb 2006, 0:34:20 UTC - in response to Message 243890.
Last modified: 7 Feb 2006, 0:47:29 UTC

You can never find the Internet Police when you need one!
Agreed! That's why we prefer to police ourselves. The top ranking guys of the type of Usama Bin Laden and others in SETI Classic were very well known since many years to be abusers, and almost everyone knew it. But still, the police never came. UBN, together with some others, were removed only now at the final clean-up. Still, there are other known (and confessed) abusers who did it through and are still in the final list.

Personally I cannot care less about them, but the case of Carsten Giese (regardless if he is guilty or not) really upset me, because it puts the entire BOINC project into a great danger and under a dubious light. We only miss couple of really nasty projects like SPAM@home, HACK@home, CRACK@home, SCAM@home, PHISHING@home, PEDOFILY@home, and we are where we aim to. If we allow BOINC becoming the nest of abusers, hackers, virus writers and crooks, we cannot expect any nice future - other, more secure, better moderated, and probably commercial systems (like the coming Google grid computing) will easily take over.

____________
trux
BOINC software
Freediving Team
Czech Republic

Profile Mac-Nic
Volunteer tester
Avatar
Send message
Joined: 29 Jun 00
Posts: 165
Credit: 551,008
RAC: 0
Belgium
Message 243895 - Posted: 7 Feb 2006, 0:46:54 UTC - in response to Message 243891.

We only miss couple of really nasty projects like SPAM@home, HACK@home, CRACK@home, SCAM@home, PEDOFILY@home, and we are where we aim to. If we allow BOINC becoming the nest of abusers, hackers, virus writers and crooks, we cannot expect any nice future - other, more secure, better moderated, and probably commercial systems (like the coming Google grid compting) will easily take over.



Will the next step then something like ....
He 100 computers can you afford this manny ...
or are you a crook so let see the users this Bank_account..

Regards

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 243896 - Posted: 7 Feb 2006, 0:49:47 UTC - in response to Message 243895.
Last modified: 7 Feb 2006, 0:51:23 UTC

Will the next step then something like ....
He 100 computers can you afford this manny ...
or are you a crook so let see the users this Bank_account..
I do not think so. At least not among reasonable people. But if you show up with 80,000 hosts, then I'll definitely ask you to explain it, or will ask Berkeley to look at you closer. Wouldn't you?

____________
trux
BOINC software
Freediving Team
Czech Republic

Profile Mac-Nic
Volunteer tester
Avatar
Send message
Joined: 29 Jun 00
Posts: 165
Credit: 551,008
RAC: 0
Belgium
Message 243901 - Posted: 7 Feb 2006, 1:10:08 UTC - in response to Message 243896.
Last modified: 7 Feb 2006, 1:30:02 UTC

Will the next step then something like ....
He 100 computers can you afford this manny ...
or are you a crook so let see the users this Bank_account..
I do not think so. At least not among reasonable people. But if you show up with 80,000 hosts, then I'll definitely ask you to explain it, or will ask Berkeley to look at you closer. Wouldn't you?


Wmm...if i see someone with 80K host...then i think waaw i wonder if he could do it with one less. :)

Because it's not up to me to control anyone.

If i suspect someone i bring him to Cort.
If he is Innocent then i have to deal with the authorities for blaming him.

BTW are you a Tax official?

Regards

Previous · 1 . . . 14 · 15 · 16 · 17 · 18 · 19 · 20 . . . 27 · Next

Message boards : Number crunching : Do we have a Boinc virus?

Copyright © 2014 University of California