@ Rom Walton

Message boards : Number crunching : @ Rom Walton
Message board moderation

To post messages, you must log in.

AuthorMessage
Terror Australis
Volunteer tester

Send message
Joined: 14 Feb 04
Posts: 1817
Credit: 262,693,308
RAC: 44
Australia
Message 796629 - Posted: 12 Aug 2008, 3:42:57 UTC

Rom wrote on the Devs Forum

Message 19437 - Posted 11 Aug 2008 17:31:39 UTC
Brodo posted these questions on the S@H Forums, but due to technical issues I can't respond to them there.

Here are my responses.





Has there been any explanation anywhere (here or on the Beta forum) as to why 6.2.14 has been made so darn complex ???

Basically it SUX !! I would like some answers to the following questions...

1) Why does it have some secret squirrel data directory separate from the main BOINC directory ?




It is generally a bad idea to have your data and binaries lumped together in the same directory. Microsoft has been trying to get application developers to separate the two things for over ten years.

Starting with Windows Vista they force the issue by creating a hidden virtual file system for any program that attempts to write or modify files in the C:\Program Files\ directory structure.




2) Why does it need to create new user groups and accounts without asking ? Previous versions of the client did not find this neccessary ?




During the course of a brain storming session at the BOINC Workshop in 2006 we came to the conclusion we had a significant problem.

What would happen if some hacker group created a project that promised that they could find the cure for cancer in 18 months? There is a significant portion of the BOINC community that signs up to whatever the new project is. All they would have to do is create some fancy graphics, and most people wouldn't know that the worker application was sending out spam or searching the hard drive for Microsoft Money or Quickbooks files.

The BOINC development team does not and cannot stop anybody from setting up a project like that.

The only way to prevent some bad stuff like that from happening was to separate the execution of BOINC from the users data files.

Both boinc_master and boinc_project actually have fewer permissions on your computer then if you were to go create a new user in the control panel. They don't belong to either the users group or the administrators group.

When BOINC launches a worker application, that application is run with whatever permissions are assigned to boinc_project. Access to any files in your documents directory are automatically denied.



When I installed this client on XP32 it would only run when I was logged in with Admin priviledges. I could not get it to run under my user account despite adding it to the Boinc users group etc. This the reason why it only lasted 20 minutes on my computer before I went back to 5.10



I think you might have stumbled onto a bug somewhere, I'll look into it.




3) Why do the Devs treat the users like S***t ? We only get told the reasons for changes AFTER they have been implemented if at all !!! These are OUR computers and WE are doing the BOINC projects a favour by letting them use our machines to crunch their data at our own expense. They should recognize this and treat us with the respect we deserve. The BOINC client should NOT stuff around with the internal workings of our boxes without our consent, it should be operate like other programs (Gspot, HJsplit and others) which operate without needing to enter or alter registry settings, creating new user groups AND they stay in their own directory.




The current design was originally discussed during last years BOINC workshop, but was later followed up in Sep 07.

The design document can be found here

The implementation document can be found here

Email was sent out to boinc_dev@ssl.berkeley.edu requesting feedback on our idea and direction. The email list is open enrollment, anybody can sign up.

Announcement here

We began testing this new version of the client in March of this year. Updates to it were regularly posted to the download page beginning in April.



Earlier posts cast doubt on the security of 6.2.14 and Ozzfan said that it was unlikely it would be hacked because of the relatively small number of clients on the net. However it only needs one hacker who crunches to take a look at the client and they will know that there are 200,000 potential victims out there and crack it "just because they can". It appears the only way to run this version securely is to sandbox it in a virtual machine



The attack surface for the 6.x clients isn't any greater than the 5.x clients.

Both new user accounts have been denied incoming network connections and interactive sessions. Anybody attempting to map drives, attach to printers, use remote desktop, use remote assistance using either of those accounts are automatically denied.

Neither account shows up in the account list for logging in on boot up or via fast user switching.

Both account's passwords are randomly generated at install time and only Windows remembers what the password for the boinc_master is.

In order to attempt to logon to the system as one of those users, hackers would have to already crack another account on the system.



I for one will continue to use 5.10 until it becomes totally obsolete. When this happens, I will then reconsider my commitment to the cause.



That is of course your choice, but given that S@H still accepts requests from clients running the 4.x version of the software, I don't think you'll have anything to worry about.


____________
----- Rom
BOINC Development Team, U.C. Berkeley
My Blog


Hi Rom

I apologise for the tartness in my original post. I guess frustration at the number of issues effecting SAH ATM just got to me for a moment and over-rode my usual good tact.

Thankyou for your calm and reasonable reply.

I guess this is a communication problem, I'd imagine that the majority of SAH users who are not Devs, like myself, do not visit the developers forum as a lot of what goes on there is over their heads and beyond their interest. There is also a limit on the time available to track multiple forums. Possibly some of what goes on in the Devs forum, such as requests for input should also be posted in the "technical" forums of the various projects, awkward I know but all of us run into the time problem with the amount of information we have to filter.

The same goes for the FAQ pages. when you are an "experienced" user, used to just "download, install and go", who reads FAQ's ? Afterall, reading the manual is the last thing you do :-)
Maybe a warning on the download page that "This is a major rebuild, Read FAQ before installing" is neccessary. There is also a possibilty that Vista and "Non-Vista" versions of the program are required or, "Standard" and "Custom" install options provided in the same way many other programs do.




When I installed this client on XP32 it would only run when I was logged in with Admin priviledges. I could not get it to run under my user account despite adding it to the Boinc users group etc. This the reason why it only lasted 20 minutes on my computer before I went back to 5.10



I think you might have stumbled onto a bug somewhere, I'll look into it.


FYI on this.
Having had it drummed into me years ago by one of the brightest IT people I've ever met, that you do NOT put your OS and data/programs in the same partition I did not install into the C:\Program files directory. It was installed into E:\BOINC. Maybe this has something to do with the problem, if so, it adds to the case for a "Custom" install option for the BIONC client. I forget the exact error message I got when I tried to run under my user account but it was definitely a permissions problem.

Regards
Brodo




ID: 796629 · Report as offensive
gomeyer
Volunteer tester

Send message
Joined: 21 May 99
Posts: 488
Credit: 50,370,425
RAC: 0
United States
Message 796638 - Posted: 12 Aug 2008, 4:08:32 UTC

Thanks for sharing this Brodo. Rom's explanations answer a few questions I had as well as confirming some suspicions. The changes sound very well reasoned. IMO it could all have been communicated better to begin with, and now it has.
ID: 796638 · Report as offensive
H Elzinga
Volunteer tester

Send message
Joined: 20 Aug 99
Posts: 125
Credit: 8,277,116
RAC: 0
Netherlands
Message 796716 - Posted: 12 Aug 2008, 7:55:33 UTC

Regarding user rights considder the following.

When runiing a windows based machine (2000 XP or Vista) in a domain connected enviroment there are restrictions on creating and using local accounts.
My first tests indicate that implemantation of the new rights structure is not compatible with domain operations.
ID: 796716 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 796736 - Posted: 12 Aug 2008, 9:19:07 UTC - in response to Message 796629.  
Last modified: 12 Aug 2008, 9:27:22 UTC

I guess this is a communication problem, I'd imagine that the majority of SAH users who are not Devs, like myself, do not visit the developers forum as a lot of what goes on there is over their heads and beyond their interest. There is also a limit on the time available to track multiple forums. Possibly some of what goes on in the Devs forum, such as requests for input should also be posted in the "technical" forums of the various projects, awkward I know but all of us run into the time problem with the amount of information we have to filter.

The problem for the developers is that you cannot expect of them to go to all these forums to check what the latest communication about the program is. I am pointing out to them what people have the biggest problems with, I assume I am not the only one doing so. But to get them to communicate with you, it's easier to do so on one central forum, where we all know they and you can post without limitations, without the need to first crunch and get credit/RAC.

I told you about Rom not having RAC to post here, yet you only posted this here and are expecting answers again. Why do you do that? Why not also post it here, but have the main discussion over there?

An account is easily made there, even when you are hardly ever going to use it.

The same goes for the FAQ pages. when you are an "experienced" user, used to just "download, install and go", who reads FAQ's ? Afterall, reading the manual is the last thing you do :-)

I am an experienced user and I am making the FAQs, just because I know one cannot remember every little detail about this software. Not about how it works, not about all its errors, not about all its ways to crash.

Maybe a warning on the download page that "This is a major rebuild, Read FAQ before installing" is neccessary.

You could have seen from the number that it was a major rebuild. We went from 5 to 6, isn't that enough of a clue for you? Or don't you even know that the numbering scheme of BOINC is major release dot development version = odd and release version = even dot revision number ?

Before you change from Firefox 2 to 3, will you go look up what changed, what may or may not work under the new version? Or will you install it and then complain that half your extensions don't work anymore and how you weren't warned for this?

There is also a possibilty that Vista and "Non-Vista" versions of the program are required

Sure. One version for all Linux distros to make sure it's completely compatible; a version for all the different Windows.

How many people do you think work full-time for BOINC? No, really, how about 3?

Rom makes all these versions available for Windows and Linux. If he were to make a special version for each iteration of the OSes, it would take him a month to release one version, in which time he would do no developing of the next version. All this work because you don't want to read the manual, because you think you know how things work? (Meaning "you" in the most general plural form here, not meaning you only. Lots of people have this problem. You're not alone. :-))

or, "Standard" and "Custom" install options provided in the same way many other programs do.

The installer as is has the standard install options.
Want to customize? Click the Advanced button.

Could anything there even be changed and made better? Sure, I bet it can.
But then follows the question if you READ what it does. A lot of people have complained about the need to reboot, while they are warned about this at the beginning of installing the software as well as in the end. What then? A couple of epilepsy invoking flashes, a big horn, blue dancing arrows around the red flashing warning? After the first time, will you read it again? It'll never be good enough. ;-)

Taking responsibility for your own actions is what you start with. You refused to read the manual as you "know" how it all works. The developers have this time given you all the opportunities to read what it was all about and yet you chose to ignore it all. Now, whose fault is it then when things go wrong for you?
ID: 796736 · Report as offensive
Profile Andy Lee Robinson
Avatar

Send message
Joined: 8 Dec 05
Posts: 630
Credit: 59,973,836
RAC: 0
Hungary
Message 796743 - Posted: 12 Aug 2008, 9:52:35 UTC - in response to Message 796629.  

It is generally a bad idea to have your data and binaries lumped together in the same directory. Microsoft has been trying to get application developers to separate the two things for over ten years.


This is a recommendation, not scripture!

Main benefit of compartmentalization is to make it easy to back up data, as programs can be replaced, and the file/dir permissions for the separate hierarchies can be more easily managed.

Another benefit for vendors is to make their programs much less portable, hence M$'s push on it.

However, some programs are designed to be portable with the minimum of fuss, and in Boinc's case, lumping them together is not a bad thing. The apps also change and can be considered as data.

It is a great advantage to be contained all in one dir, as it can be backed up in its entirety, moved and run from anywhere, real or virtual.

I use a mail reader call Forte Agent, 2Mb program and 3Gb mail data in one dir going back to 1994. I can back it up, copy to usb, run anywhere, copy back and don't have to worry about missing registry entries or which flavour of Windows.

Program/Data segregation is a good philosophy, but not appropriate or necessary for every case.

Andy.
ID: 796743 · Report as offensive
Profile AlphaLaser
Volunteer tester

Send message
Joined: 6 Jul 03
Posts: 262
Credit: 4,430,487
RAC: 0
United States
Message 796804 - Posted: 12 Aug 2008, 13:48:13 UTC - in response to Message 796743.  
Last modified: 12 Aug 2008, 13:49:07 UTC

It is generally a bad idea to have your data and binaries lumped together in the same directory. Microsoft has been trying to get application developers to separate the two things for over ten years.


This is a recommendation, not scripture!

Main benefit of compartmentalization is to make it easy to back up data, as programs can be replaced, and the file/dir permissions for the separate hierarchies can be more easily managed.

Another benefit for vendors is to make their programs much less portable, hence M$'s push on it.

However, some programs are designed to be portable with the minimum of fuss, and in Boinc's case, lumping them together is not a bad thing. The apps also change and can be considered as data.

It is a great advantage to be contained all in one dir, as it can be backed up in its entirety, moved and run from anywhere, real or virtual.

I use a mail reader call Forte Agent, 2Mb program and 3Gb mail data in one dir going back to 1994. I can back it up, copy to usb, run anywhere, copy back and don't have to worry about missing registry entries or which flavour of Windows.

Program/Data segregation is a good philosophy, but not appropriate or necessary for every case.

Andy.


Yes, but remember, Vista requires this to be the case. For any program under Vista that is launched without elevated privileges, \Program Files\ becomes write-protected. Legacy programs might still work though, because Vista forces any new/modified files to be created in a hidden data directory. BOINC has problems with this under Vista, as we have seen, so the developers are explicitly writing to the data directory instead of requiring the user to either disable UAC or install BOINC to some odd location.
ID: 796804 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 796865 - Posted: 12 Aug 2008, 21:11:46 UTC - in response to Message 796743.  

This is a recommendation, not scripture!

The PC gods are gonna getcha for that! ;)
It may not be 1984 but George Orwell sure did see the future . . .
ID: 796865 · Report as offensive
Profile Andy Lee Robinson
Avatar

Send message
Joined: 8 Dec 05
Posts: 630
Credit: 59,973,836
RAC: 0
Hungary
Message 796873 - Posted: 12 Aug 2008, 21:27:58 UTC - in response to Message 796804.  

Yes, but remember, Vista requires this to be the case. For any program under Vista that is launched without elevated privileges, \Program Files\ becomes write-protected. Legacy programs might still work though, because Vista forces any new/modified files to be created in a hidden data directory. BOINC has problems with this under Vista, as we have seen, so the developers are explicitly writing to the data directory instead of requiring the user to either disable UAC or install BOINC to some odd location.


Thanks for enlightening me - I have managed to avoid any contact with Vista so far and instead concentrate on Linux and XP64.

If they enforce it on Vista, then so be it but I wouldn't recommend anyone disabling UAC. However, installing BOINC to an odd location would be quite acceptable to me.
ID: 796873 · Report as offensive
Profile The Ancient One

Send message
Joined: 9 Mar 03
Posts: 19
Credit: 969,405
RAC: 0
United Kingdom
Message 816846 - Posted: 10 Oct 2008, 23:14:12 UTC

Could some kind soul please tell me how to get boinc v6.2.15 (pre install) for linux to connect? I've tried 'localhost' then 'password', no joy other than boinc client freezing now and then. I've tried reboot and allowing boinc to connect in this way and still to no avail? I'm running Fedora core 8 with all updates installed. I'd try manually installing but don't know how to do this either as I'm new to linux although I have a reasonable idea of the filing system its self.

Off the subject: It would be a great advantage if the linux developers would create an installer that can install any file correctly, like Microsofts installer. This I believe would get thousands of disillusioned Microsoft users to switch to one of the many linux OS as the fore mentioned is the main reason, I believe, for the slow uptake of linux OS's.
"All man born has a right to life and no man born has the right to take that life"
ID: 816846 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 816858 - Posted: 10 Oct 2008, 23:55:35 UTC - in response to Message 796743.  

It is generally a bad idea to have your data and binaries lumped together in the same directory. Microsoft has been trying to get application developers to separate the two things for over ten years.


This is a recommendation, not scripture!

Main benefit of compartmentalization is to make it easy to back up data, as programs can be replaced, and the file/dir permissions for the separate hierarchies can be more easily managed.

Another benefit for vendors is to make their programs much less portable, hence M$'s push on it.

However, some programs are designed to be portable with the minimum of fuss, and in Boinc's case, lumping them together is not a bad thing. The apps also change and can be considered as data.

It is a great advantage to be contained all in one dir, as it can be backed up in its entirety, moved and run from anywhere, real or virtual.

I use a mail reader call Forte Agent, 2Mb program and 3Gb mail data in one dir going back to 1994. I can back it up, copy to usb, run anywhere, copy back and don't have to worry about missing registry entries or which flavour of Windows.

Program/Data segregation is a good philosophy, but not appropriate or necessary for every case.

Andy.


Actually, when Microsoft releases "recommendations", they really want to let you know that it may become "required" at any point in the future. Just like its always been a "recommendation" to never run as Administrator.

Generally speaking, one should always take Microsoft's Best Practices as scripture and not a "recommendation", regardless of any argument you can make to the contrary.

Microsoft gave developers plenty of time to get used to the idea of running on a multiple user platform, and to start expecting that users will not always be running as Administrator, and now they have enforced it (a great idea, IMO).
ID: 816858 · Report as offensive
kittyman Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Jul 00
Posts: 51468
Credit: 1,018,363,574
RAC: 1,004
United States
Message 816915 - Posted: 11 Oct 2008, 2:25:41 UTC

You mean I'm supposed to give up my title of 'Adminisstratio'??? LOL.
"Freedom is just Chaos, with better lighting." Alan Dean Foster

ID: 816915 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65709
Credit: 55,293,173
RAC: 49
United States
Message 816919 - Posted: 11 Oct 2008, 2:33:54 UTC - in response to Message 816915.  

You mean I'm supposed to give up my title of 'Adminisstratio'??? LOL.

If You have Vista or Newer, Yes, It's Your fate and It can't be altered short of the L side or MS giving in(Good Luck). ;)
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 816919 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 816928 - Posted: 11 Oct 2008, 2:45:48 UTC - in response to Message 816915.  

You mean I'm supposed to give up my title of 'Adminisstratio'??? LOL.


LOL

No, you just shouldn't run as Administrator all the time. Leave the Administrator account logged off until needed and in the mean time use a standard user account for all basic tasks.

The only problem with following this MS Best Practice is that apps still expect everyone to be running as Admin and won't run unless you are. Trying to run these apps as a Standard User will result in errors. App developers have known about this Best Practice for over ten years now (actually since Windows NT was released) but they, like Andy Lee Robinson, thought it was just a "recommendation" and largely ignored it.

Now that finding flaws has become common for Windows because its such a large target, and the number one cause of this is users running with full access on their system when they get infected, the best way to avoid the trouble is to start forcing people to use Standard User accounts, or to protect the Admin account by actively running it in a lesser privileged space, a la User Account Control in Vista.
ID: 816928 · Report as offensive
Profile Andy Lee Robinson
Avatar

Send message
Joined: 8 Dec 05
Posts: 630
Credit: 59,973,836
RAC: 0
Hungary
Message 817307 - Posted: 12 Oct 2008, 0:31:01 UTC - in response to Message 816928.  

Well, I do believe that user/administrator accounts should be enforced.

That still won't stop spyware doing nasty things hijacking the users account and spewing spam or encrypting documents for ransom or a million other nasty things, but it should make it cleanable without requiring a vape and reinstall.
It's the dumb users that need to be vaped and reinstalled!

In boinc's case, I really don't think it is a bad thing to have the programs and data together as a nice portable and backupable entity as long as the program is running under its own restricted account with no read access to anywhere outside its tree.

If the OS enforces segregation, then so be it. At least it is making an effort to be responsible.
ID: 817307 · Report as offensive

Message boards : Number crunching : @ Rom Walton


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.