Reasons some people avoid BOINC projects

Message boards : Rosetta@home Science : Reasons some people avoid BOINC projects

To post messages, you must log in.

1 · 2 · 3 · Next

AuthorMessage
Profile Feet1st
Avatar

Send message
Joined: 30 Dec 05
Posts: 1755
Credit: 4,690,520
RAC: 0
Message 12488 - Posted: 22 Mar 2006, 4:31:19 UTC

Don't mean to sound negative. The purpose of this thread is to identify valid reasons people are resistent to help with projects like Rosetta, in the hope that many of those reasons can be eliminated (often by a future post explaining how to enable some existing resolution to the concern).

If you restate your idea into the form "resolve THIS and more people will join", then it fits better under this thread.

Security: How can I be sure the program isn't searching my harddrive for private information?

I found this in the wiki
but it doesn't explain how to protect your data.

Someone else pointed me to Trux
but it didn't seem to give me the warm fuzzy that installing BOINC is a safe thing to do. Keeps talking about exposures and risks and how you might not follow all of their suggestions and create an exposure.

I'm looking for something that would actually convince an IT director that BOINC might be an OK thing to allow on a company full of machines, and that explains how THEY control how things will run so that no exposures are created. In fact, something that says "If you're gonna do a DC project, do it with BOINC! ...and here's why". Does anything like that exist?

Hard drive wear: I mentioned Rosetta to a friend of mine that holds a few patents in the hard disk drive field. His first thought was that a standard PC disk drive isn't built to take the wear of being on 24/7, and actually being used.

I realize I can set my preferences to put a timer on how frequently BOINC writes to disk and reduce it's use. And this probably works well for reducing power requirements too, because I can set a high value and let the disk spin down and go idle for periods of time.

...but I was wondering if anyone has outlined how to size and utilize a virtual disk to bare the brundt of the workunit IO? The virtual disk could be on a mapped drive on a server, or a ramdisk or even a memory stick or something. But sizing it properly would seem important, and then how to get BOINC to use it just for specific files that are written during WU processing. Not for all the program code and input files that are only read once.

Overheating: Same friend also mentioned that many standard PCs have undersized heatsinks, and will tend to overheat if CPU is kept 100% busy the way these DC projects tend to do.

A resolution has been posted elsewhere, I wanted to add it here to make a more complete resource for people to reference.

You can use the ThreadMaster to turn the CPU neddle back a few notches and basically NOT be used 100% of the time, thus leaving more time for cooling air to flow through the box.

The Rosetta requirements page points out the overheating problem, but not the solution or how to determine if this will be a problem for you, or what harm (or lack thereof) occurs when your PC overheats.

I appreciate your honesty and not wanting to harm anyone's machine(s), but perhaps it could be reworded so as not to STOP you in the process you've gotten this far in to, to participate in the project. Some will see this as a red flag, and not continue... even though their PC will do just fine.

Power consumption: I read on another thread an estimate that a crunching CPU takes about 60 watts more power than a PC that's on but idle. Has anyone seen any reasearch confirming this number??

If that's right, then the incremental cost, 24/7/365 is about $42 per year (at 8 cents per Kwh). And if you live in Minnesota (like me) half of the year the electricity will actually help cut your heating bills (although if you live in California or other tropical clim. then the A/C costs must be factored in to the cost as well).

PC longevity: Will leaving my PC on more of the time, and running it harder, reduce it's lifespan?

For starters... what happened with your last PC? Did it reach the end of it's life? Or just the end of it's usefulness due to the bigger better faster more effect of time?

I know that from a chipmakers point of view, that with a multi-layered circuit-board you want to leave it at a steady temp. all the time (i.e. minimize expansion and contraction due to heat, by leaving it on all the time). And, therefore, microfractures between those layers won't occur, extending useful life. But is this true for the REST of the machine?

Network bandwidth: But our network is on the brink now! We can't add any workload to it.

For starters, sounds like a network upgrade may be due. But, otherwise, you can control the hours of the day and/or the bandwidth BOINC will consume in the General Preferences.

Let's say we configure a whole cube farm of PCs to allow network usage only between 7PM and 7AM each day (and we bump our General Preference for getting more than .1 days of work at a time). Do you know what happens? The PCs crunch WUs all day, each of them has SOMETHING completed by day end, and ALL the PCs try to send their results at the same time! Thus if anyone IS trying to use the office network at 7:01PM, they aren't able to get anything done.

Does anyone know of a way to tell BOINC to lighten up? "Hey, look man, we got ALL NIGHT to report these results...let's wait our turn". "Wait our turn" would be a solution where the PCs are coordindated by some scheduler or other signal (and if you're doing all that, then prioritize so the PC with no work left gets on the network first, and the one with a result that's almost past due is right behind him). But short of that, is there a way to somehow Randomize when each PC tries to jump onto the network? So maybe they each begin at some random time between 7:00 and 8:30PM, rather than all jumping on RIGHT AT 7:00?
Add this signature to your EMail:
Running Microsoft's "System Idle Process" will never help cure cancer, AIDS nor Alzheimer's. But running Rosetta@home just might!
https://boinc.bakerlab.org/rosetta/
ID: 12488 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Johnathon

Send message
Joined: 5 Nov 05
Posts: 120
Credit: 138,226
RAC: 0
Message 12492 - Posted: 22 Mar 2006, 7:48:42 UTC

Thinking about the harddrive wear one... I've been thinking for my own machines, running BOINC on a CF card (2gb). Its possible...
ID: 12492 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
vavega
Avatar

Send message
Joined: 2 Nov 05
Posts: 82
Credit: 519,981
RAC: 0
Message 12498 - Posted: 22 Mar 2006, 8:56:15 UTC

they'd like to help, but don't understand the science and the pc workings of the program.

to combat these reasons, there should be a clear simple science explanation and the program and setup directions need to be bulletproof so no babysitting is involved. if you're going to have a recruitment drive using mass media (of any sort) be prepared to get people that don't have a large science or pc background and aren't willing to invest too much time. we do it because we love it, but not everyone feels the same way.
ID: 12498 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
BennyRop

Send message
Joined: 17 Dec 05
Posts: 555
Credit: 140,800
RAC: 0
Message 12499 - Posted: 22 Mar 2006, 9:23:44 UTC

PC longevity: Will leaving my PC on more of the time, and running it harder, reduce it's lifespan?

For starters... what happened with your last PC? Did it reach the end of it's life? Or just the end of it's usefulness due to the bigger better faster more effect of time?

Since '88, I've worked in pc repair and networking and for years was the Island's only authorized Novell Netware Reseller.

My systems have all been handed down.. My brother is using my Athlon xp 2600+ based system (and it's performing better with W2k than 3.2Ghz and 3.4Ghz P4 Dells running XP sitting on each side of it.) My sister is using the Athlon XP 1800+ system that was used before that. The 1800+ started 24/7 DC cruching in the summer of 2002. It's been on non stop since that point (although it hasn't run a DC client in the last year and half.) Drives have been replaced often on it - as it's always seemed to have outgrown the drives; so no word on whether drives are dying on it - they haven't been given the chance. 2 months ago, one of the Crucial Ram modules died.
The Athlon 2600+ has been crunching since around Oct of 2003. No major issues other than needing to keep replacing the video card for newer games, and adding ram for the same reason.
These seem to have lasted as long or longer than most of my client's machines - and they're being replaced with new systems when all but the easiest problems appear. (For some reason, users WANT their sub 1Ghz machines to be killed..)

[cpu overheating]
Prior to DC use, I had a 900Mhz athlon on an Asus motherboard - which had random problems that seemed to be related to overheating. After replacing the case, then adding tons of extra fans, then a Noisecontrol Silverado hsf to help cool the cpu - I found out that the motherboard's "default" setting was giving the cpu 0.20 volts more than it was supposed to. The motherboard was instantly replaced.. and the cpu and motherboard went to heaven shortly thereafter. My machines tend to be overcooled now.. but I had more problems with overheating prior to DC.
I've run across a number of overheating problems with client machines; from hsf not installed properly to the fan on the Heat Sink dying. Usually, it causes windows to crash repeatedly when the cpu is being used - and then they bring it in to be troubleshot.
I've used DC projects to help test ram and cpu cooling overnight - doing something useful and validating the cooling on the cpu and the ram. If the system is crashing due to overheating - it's easier to spot when you're running a DC project - rather than spending months trying to track down an intermittent problem. If it failed.. it's easy to run Memtest86 and Spinrite to test out the memory and HD. So for a business location - I'd recommend finding a DC app that doesn't interfere with the business apps being used and test them out.

-------------

Perhaps some of the larger pharmers could give feedback on the lifetime of their systems; especially the ones that stress the hardware even more by overclocking it.

And for HDs wearing out.. I'm seeing a much higher failure rate on client's HDs over the last few years - and these are the machines that aren't even running DC projects. Perhaps someone's testing a large enough group of 24x7 DC drives vs normal use drives and can give an idea of how much difference in lifespan the two groups have. Mine all last being passed down from one machine to another.. until they're put in 24x7 dc only machines. i.e. not big enough for real apps.

It's been pointed out that Compact Flash cards start having failures after about 10,000 write operations (please verify this)- so you shouldn't use one as a replacement for a drive being written to often. (temp files, etc).


ID: 12499 · Rating: 1 · rate: Rate + / Rate - Report as offensive    Reply Quote
Scott Brown

Send message
Joined: 19 Sep 05
Posts: 19
Credit: 8,739
RAC: 0
Message 12519 - Posted: 22 Mar 2006, 15:57:42 UTC


Overzealous Moderation (Rosetta only):

I stopped crunching for Rosetta some time ago because I disagreed with the overzealous nature of moderation of the message boards. While I was certainly in favor of some better organization, following moderated threads became overly tedious. More importantly, I suggested that, given the increased level of moderation, a more formal (and visible) statement of Forum policies was warranted (e.g., on the main web page, etc.). This was disregarded. I have watched these boards since and find that the moderation continues at this level, sometimes to the detriment of discussion. While checking offensive langauge is understandable and necessary, I remian uncomfortable with the moderation of posts even to the correction of the 'tone' of one's writing (e.g., see the "Optimized Client?" thread in the crunching forum). Having been involved with research extensively (e.g., reviewer for NSF, NIH grant work, etc.), part of my discomfort comes from a research ethics/rights of research participants standpoint.

I have no idea as to the number of people that share this discomfort (though from post on other projects I know that i am not alone), so I will not even hazard a guess at its potential effect.

(FYI, none of my posts--at least to my knowledge--was ever moderated here).
ID: 12519 · Rating: 2 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Dimitris Hatzopoulos

Send message
Joined: 5 Jan 06
Posts: 336
Credit: 80,939
RAC: 0
Message 12527 - Posted: 22 Mar 2006, 21:03:49 UTC - in response to Message 12488.  
Last modified: 22 Mar 2006, 21:32:40 UTC

Security: How can I be sure the program isn't searching my harddrive for private information?

I found this in the wiki
but it doesn't explain how to protect your data.

Someone else pointed me to Trux
but it didn't seem to give me the warm fuzzy that installing BOINC is a safe thing to do. Keeps talking about exposures and risks and how you might not follow all of their suggestions and create an exposure.

I'm looking for something that would actually convince an IT director that BOINC might be an OK thing to allow on a company full of machines, and that explains how THEY control how things will run so that no exposures are created. In fact, something that says "If you're gonna do a DC project, do it with BOINC! ...and here's why". Does anything like that exist?


I pointed to the trux BOINC security doc (for Linux it's a bit terse, but one can just install the Debian/ubuntu package which will install in a "sandbox" anyway).

It's a VALID concern of many people, who are aware of the potential risks of running 3rd party software on their PC. On top of all the security measures offered by BOINC (digitally signed executables etc), one can install BOINC "in a sandbox", so that regardless of potential security issues of the science projects, the system (Linux/WinXP/etc) is unaffected.

I've setup my BOINC so that even if all BOINC security layers were compromised, a "hostile" executable can't read any private files, e.g. in my home directory.

Hard drive wear: I mentioned Rosetta to a friend of mine that holds a few patents in the hard disk drive field. His first thought was that a standard PC disk drive isn't built to take the wear of being on 24/7, and actually being used.

PC longevity: Will leaving my PC on more of the time, and running it harder, reduce it's lifespan?


Science projects write to disk once every several minutes. It's not like some DB app which reads/writes to disk every second.

I've operated most of my PCs (at any point in time I had 6 on average) mostly Unix (Linux/FreeBSD) 24/7 since 1990 (very active harddisk, but not at 100% CPU utilisation). Basically my experience has been that if it runs OK under load for a couple of weeks (memtest86, prime95 etc), they'll last at least 5yr. In almost every case I just retired the hardware after 5-7 years because it reached its limits.

Basically one reason why I can't contribute more to Rosetta is because right now in addition to my P4s, I have 4 PCs which are old (PII and Pentium3), in continuous operation for the past 6+ yr.

And in my opinion, it'd be the rate-of-change (ROC) of temperature at powerup (for PCs which don't run 24/7) that would potentially reduce the lifespan of CPU / mobo etc.

Basically, to make a long story short, security was the biggest issue for me, as I have other data on my PCs (they're not just crunching boxes). Once I took care of that (run BOINC in "sandbox"), I never thought about "wearing out the PC" running it 24/7 or at 100% CPU.

My 2 cents.
Best UFO Resources
Wikipedia R@h
How-To: Join Distributed Computing projects that benefit humanity
ID: 12527 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Legman
Avatar

Send message
Joined: 7 Nov 05
Posts: 150
Credit: 129,568
RAC: 0
Message 12590 - Posted: 23 Mar 2006, 23:25:34 UTC - in response to Message 12488.  

Don't mean to sound negative. The purpose of this thread is to identify valid reasons people are resistent to help with projects like Rosetta, in the hope that many of those reasons can be eliminated (often by a future post explaining how to enable some existing resolution to the concern).

If you restate your idea into the form "resolve THIS and more people will join", then it fits better under this thread.

Security: How can I be sure the program isn't searching my harddrive for private information?

I found this in the wiki
but it doesn't explain how to protect your data.

Someone else pointed me to Trux
but it didn't seem to give me the warm fuzzy that installing BOINC is a safe thing to do. Keeps talking about exposures and risks and how you might not follow all of their suggestions and create an exposure.

I'm looking for something that would actually convince an IT director that BOINC might be an OK thing to allow on a company full of machines, and that explains how THEY control how things will run so that no exposures are created. In fact, something that says "If you're gonna do a DC project, do it with BOINC! ...and here's why". Does anything like that exist?

Hard drive wear: I mentioned Rosetta to a friend of mine that holds a few patents in the hard disk drive field. His first thought was that a standard PC disk drive isn't built to take the wear of being on 24/7, and actually being used.

I realize I can set my preferences to put a timer on how frequently BOINC writes to disk and reduce it's use. And this probably works well for reducing power requirements too, because I can set a high value and let the disk spin down and go idle for periods of time.

...but I was wondering if anyone has outlined how to size and utilize a virtual disk to bare the brundt of the workunit IO? The virtual disk could be on a mapped drive on a server, or a ramdisk or even a memory stick or something. But sizing it properly would seem important, and then how to get BOINC to use it just for specific files that are written during WU processing. Not for all the program code and input files that are only read once.

Overheating: Same friend also mentioned that many standard PCs have undersized heatsinks, and will tend to overheat if CPU is kept 100% busy the way these DC projects tend to do.

A resolution has been posted elsewhere, I wanted to add it here to make a more complete resource for people to reference.

You can use the ThreadMaster to turn the CPU neddle back a few notches and basically NOT be used 100% of the time, thus leaving more time for cooling air to flow through the box.

The Rosetta requirements page points out the overheating problem, but not the solution or how to determine if this will be a problem for you, or what harm (or lack thereof) occurs when your PC overheats.

I appreciate your honesty and not wanting to harm anyone's machine(s), but perhaps it could be reworded so as not to STOP you in the process you've gotten this far in to, to participate in the project. Some will see this as a red flag, and not continue... even though their PC will do just fine.

Power consumption: I read on another thread an estimate that a crunching CPU takes about 60 watts more power than a PC that's on but idle. Has anyone seen any reasearch confirming this number??

If that's right, then the incremental cost, 24/7/365 is about $42 per year (at 8 cents per Kwh). And if you live in Minnesota (like me) half of the year the electricity will actually help cut your heating bills (although if you live in California or other tropical clim. then the A/C costs must be factored in to the cost as well).

PC longevity: Will leaving my PC on more of the time, and running it harder, reduce it's lifespan?

For starters... what happened with your last PC? Did it reach the end of it's life? Or just the end of it's usefulness due to the bigger better faster more effect of time?

I know that from a chipmakers point of view, that with a multi-layered circuit-board you want to leave it at a steady temp. all the time (i.e. minimize expansion and contraction due to heat, by leaving it on all the time). And, therefore, microfractures between those layers won't occur, extending useful life. But is this true for the REST of the machine?

Network bandwidth: But our network is on the brink now! We can't add any workload to it.

For starters, sounds like a network upgrade may be due. But, otherwise, you can control the hours of the day and/or the bandwidth BOINC will consume in the General Preferences.

Let's say we configure a whole cube farm of PCs to allow network usage only between 7PM and 7AM each day (and we bump our General Preference for getting more than .1 days of work at a time). Do you know what happens? The PCs crunch WUs all day, each of them has SOMETHING completed by day end, and ALL the PCs try to send their results at the same time! Thus if anyone IS trying to use the office network at 7:01PM, they aren't able to get anything done.

Does anyone know of a way to tell BOINC to lighten up? "Hey, look man, we got ALL NIGHT to report these results...let's wait our turn". "Wait our turn" would be a solution where the PCs are coordindated by some scheduler or other signal (and if you're doing all that, then prioritize so the PC with no work left gets on the network first, and the one with a result that's almost past due is right behind him). But short of that, is there a way to somehow Randomize when each PC tries to jump onto the network? So maybe they each begin at some random time between 7:00 and 8:30PM, rather than all jumping on RIGHT AT 7:00?



I have heard the "wear" excuse. Im not sating you are wrong. But a pc lasts in my house about 4 years.. If Running boinc reduces the life of a harddrive from 7 years to 5 years, then i dont care..

It is my hunch that the "wear" isn't even that extensive.


Secret team meetings and the sharing of 3.2Terabytes of free software -->HERE!... Don't spy, we don't like spies!
ID: 12590 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Whl.

Send message
Joined: 29 Dec 05
Posts: 203
Credit: 275,802
RAC: 0
Message 12596 - Posted: 24 Mar 2006, 1:32:45 UTC
Last modified: 24 Mar 2006, 1:34:15 UTC

This P4 has being running DC projects 24/7/365 since I built it in march 2003 and it has been overclocked to 3.2Ghz in all that time. Its had the same 2x 120GB IDE hard drives in it and same DDR 400 memory as well. No problems so far.
ID: 12596 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Dimitris Hatzopoulos

Send message
Joined: 5 Jan 06
Posts: 336
Credit: 80,939
RAC: 0
Message 12597 - Posted: 24 Mar 2006, 2:27:56 UTC
Last modified: 24 Mar 2006, 2:30:14 UTC

Here is some feedback on the issue (from a company's perspective)

As I always thought, CEO is citing potential vulnerabilities problems. I know that BOINC science projects will try their best, with operating firewalled servers and signing executables on a non-Internet-connected PC, but I prefer to play it safe (especially since modern OSes make it easy).

QUOTE - source:
"I work for an employer with a couple hundred desktop computers. Recently I suggested to the CEO that we participate in a distributed computing project. This was my written request below, I removed any reference to the organization by name.
----------------------------
Currently our work stations are left running 24/7 in order to receive pushed out upgrades and updates. It would seem that we could use this under utilized resource by corporately participating in a non-profit "folding" project, such as the "World Community Grid" hosted by IBM. Folding projects involve processing medical research data when the workstation would otherwise by idle. The processing program is given the lowest system priority, so that it does not affect performance when the computer is actively being used. Other than the initial installation, which is trivial, this process is does not require any interaction on the part of the individual user. More information about the project can be found here;
...

Corporate partners participating in this project are listed here;
...

This could be a great way to do some good and improve our community relations at the same time. All at very little or no cost to our organization.


Thanks for your consideration.
-----------------------------

The response from the CEO was;

It is true that these applications do not normally impact performance; however, we have seen these types of programs negatively impact system performance in the past. In addition, there have been known security vulnerabilities associated with these programs, so the assumption that there is no associated cost with installing and maintaining an application like this is not true. Like other software programs, security vulnerabilities turn up constantly, which then require intervention and resolution.

When looking specifically at the "World Community Grid" project it appears they are moving over to the BOINC client, but their current client seems to have some undesirable characteristics (here's a quote from their forums on their current client: "Whether you have a large or small network, installing the WCG UD agent on multiple machines has always been difficult, as each PC has had to be manually registered with the WCG servers").

It's easy to say that there's no cost associated with something, but when you have to deploy it, respond to questions about why someone's system is running slow and then have to maintain a piece of software when a new critical vulnerability is discovered in it, you get to see the real costs associated with a single application.

With this in mind, I will not recommend that we deploy this application on our desktops.
------------------------------

Anybody have any similar experiences? Any suggestions how I might politely address these concerns?"

Best UFO Resources
Wikipedia R@h
How-To: Join Distributed Computing projects that benefit humanity
ID: 12597 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Feet1st
Avatar

Send message
Joined: 30 Dec 05
Posts: 1755
Credit: 4,690,520
RAC: 0
Message 12626 - Posted: 24 Mar 2006, 16:48:22 UTC - in response to Message 12597.  

Here is some feedback on the issue (from a company's perspective


Dimitris, thank you for providing such a specific example of what I've been talking about.

Is there any retort to this reasonable and informed CEO?

Confidentiality is one aspect. The closest thing I can think of there would be if BOINC were to come out and declare that it controls the environment like an OS does and prevents the applications within it from doing any snooping. ...but I don't think that's entirely accurate. I think it just controls the access to the project files. But the application COULD still be written to snoop around elsewhere.

I know BOINC has remote control features, although I've not tinkered with them my self. Are they adequate to describe as a single centralized control center for all the BOINC clients (in the office)?? If there were a problem, could an operator click a button and shutdown all the clients?

When a new BOINC version comes out that (in theory) plugs a security hole, can this change be rolled out to all the client systems? ...or does someone have to go to each one, end BOINC, backup the BOINC directory, install the new version, and restart?

Do any of the add-ons support functions like this? These types of functions are the ONLY way you're going to get IT departments on board. Put THEM in control of it, without any manual steps on each PC.

Let's say the IT department feels they trust Rosetta, but not Pirates, or BURP. Is there any way they can BLOCK these applications from running, and "protect" their networks and systems?
Add this signature to your EMail:
Running Microsoft's "System Idle Process" will never help cure cancer, AIDS nor Alzheimer's. But running Rosetta@home just might!
https://boinc.bakerlab.org/rosetta/
ID: 12626 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
R/B

Send message
Joined: 8 Dec 05
Posts: 195
Credit: 28,095
RAC: 0
Message 12630 - Posted: 24 Mar 2006, 17:16:13 UTC

I believe this means that any official CD's come from UW / Rosetta center address.
Founder of BOINC GROUP - Objectivists - Philosophically minded rational data crunchers.


ID: 12630 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Dimitris Hatzopoulos

Send message
Joined: 5 Jan 06
Posts: 336
Credit: 80,939
RAC: 0
Message 12638 - Posted: 24 Mar 2006, 19:37:55 UTC - in response to Message 12626.  

Here is some feedback on the issue (from a company's perspective


Dimitris, thank you for providing such a specific example of what I've been talking about.

Is there any retort to this reasonable and informed CEO?


IMO yes, because:


When a new BOINC version comes out that (in theory) plugs a security hole, can this change be rolled out to all the client systems? ...or does someone have to go to each one, end BOINC, backup the BOINC directory, install the new version, and restart?


One can roll-out BOINC to an entire network of Windows PCs (and upgrade it remotely) see e.g. automatic BOINC installation on muliple PCs

Let's say the IT department feels they trust Rosetta, but not Pirates, or BURP. Is there any way they can BLOCK these applications from running, and "protect" their networks and systems?


Individual projects are independant. A BOINC project won't load, unless we explicitly JOIN them. It's like visiting a Website. One can go to BBC.co.uk but not to cnn.com (or vv).

I'm not sure what kind of "vulnerabilities" might arise (unless some kind of trojan is planted in the open-source executable), as BOINC only communicates via shttp/http to the project's (e.g. Rosetta's) website. The only way would be to hijack a BOINC project's Website and still the bad guys won't be able to run anything on your PC, since executables are digitally signed.

In any case, one should be able to run BOINC in a "sandbox" under Win. I will provide detailed instructions to anyone who wants to know how to do it under LINUX.
But I'm not sure how exactly to achieve the same effect under Win2k/XP/2003 etc.

Basically, I think from the aforementioned CEO's perspective, he sees it as just another app to maintain, keep up with upgrades etc. From a knowledgeable user's perspective, BOINC is less prone to vulnerabilities than just about any app on my PC which accesses the Internet (Win, Antivirus, MSIE, Outlook, P2P, ICQ, IM etc)

But a less knowledgeable user has to take our word for it, so it only works for people who would blindly trust us on this.
Best UFO Resources
Wikipedia R@h
How-To: Join Distributed Computing projects that benefit humanity
ID: 12638 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Feet1st
Avatar

Send message
Joined: 30 Dec 05
Posts: 1755
Credit: 4,690,520
RAC: 0
Message 12716 - Posted: 26 Mar 2006, 21:39:18 UTC - in response to Message 12638.  

Individual projects are independant. A BOINC project won't load, unless we explicitly JOIN them. It's like visiting a Website. One can go to BBC.co.uk but not to cnn.com (or vv).


My point is simply that, from an IT director's point of view, they want to CONTROL these things. For example, allow BOINC and Rosetta, but prevent anyone in their user base from running "rogue BOINC project x". I'm thinking they might be able to achieve this by simply blocking that URL in one of those internet monitoring programs. But I'm not familiar with details on how they work. Also, it presumes the IT staff can keep a list of who to block (which is constantly changing, hence "maintenance" required).

I'm not sure what kind of "vulnerabilities" might arise (unless some kind of trojan is planted in the open-source executable), as BOINC only communicates via shttp/http to the project's (e.g. Rosetta's) website.


The vulnerabilities are not the BOINC connections to the internet per se. It's that I'm allowing code to run on my PC. And I've got no great way to PROVE what it's doing.

Perhaps I'm just a bit twisted, but let's say I were a hacker, and wanted to... steal EMail address books. It would be possible to mascuarade as a science project, throw up some spiffy graphics, and meanwhile the application is actually snooping through your EMail client files and extracting the goods. When it's done, it "reports results" to the host, (over an https encrypted connection!) to send back all the EMails it has found.

That's a simple example, and no great loss if it's just EMail addresses, but what if you work in an organization that has a "privacy policy", and what if instead of your address book or EMail archieve it snooped through your corporate data? Or implanted a virus?

It hasn't happened, true. But, technically, it's possible. There were other postings noting another project that let it's domain name expire (WHOOPS!), and it immediately went into the hands of someone that was waiting in line to take it. What if the domain name were suddenly going directly to the hacker rather than to the project?? The hacker now has the ability to send you a "new version" of code, which does a hack rather than science.

Running as a service, under the authority of a restricted or special use user ID (i.e. "in a sandbox") is a step towards addressing my concern. Now, again with your IT director cap on, how do you make SURE all of the users DO install it this way? Block the BOINC website? So they can only get the code from a local server?

Also, I think you get more interest in the project if people can fire up the graphic once and a while and see how they're doin'. And you can't do that when running as a service.
Add this signature to your EMail:
Running Microsoft's "System Idle Process" will never help cure cancer, AIDS nor Alzheimer's. But running Rosetta@home just might!
https://boinc.bakerlab.org/rosetta/
ID: 12716 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Feet1st
Avatar

Send message
Joined: 30 Dec 05
Posts: 1755
Credit: 4,690,520
RAC: 0
Message 12810 - Posted: 30 Mar 2006, 2:49:53 UTC
Last modified: 30 Mar 2006, 2:53:02 UTC

Ok, I later found you CAN use the graphic when running as a service.

Regarding the bandwidth issue, I've seen a few message board posts, and the BOINC Synergy team website that one should expect Rosetta to take about 1GB of network bandwidth per month, per dual-core CPU. But the chart has no date on when it was revised, and I know the message posts were in Dec. and early Jan. timeframe. That was before the Rosetta preference to chose your work unit size was implemented. And there are other posts discussing various compression possibilities.

So, I'm wondering, does anyone have any figures for the bandwidth requirements of the current implementation? Since I'm connected fulltime and have a wide pipe, I don't notice. But I'm wondering how my friends on dial up are going to do with Rosetta.
Add this signature to your EMail:
Running Microsoft's "System Idle Process" will never help cure cancer, AIDS nor Alzheimer's. But running Rosetta@home just might!
https://boinc.bakerlab.org/rosetta/
ID: 12810 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
BennyRop

Send message
Joined: 17 Dec 05
Posts: 555
Credit: 140,800
RAC: 0
Message 12817 - Posted: 30 Mar 2006, 5:30:24 UTC

A couple months ago, during my first 5 days on the project, I averaged 50 megs/day upload&download. In the first 2 weeks, after some small WUs - my >single< 2Ghz Athlon 64 cpu had run through almost 1 gig of upload and download bandwidth. 24/7 crunching.

Now we can tell Rosetta to work on just one WU for 24 hours; so there's just one WU uploaded and downloaded a day. If you set the Max time to 2 hours, you'll get around 12 WUs uploaded and downloaded every day. So the bandwidth depends on your settings.

Perhaps we could get Dr. Baker or one of the programmers to give an idea of the size of the average upload and downloads and you can calculate the bandwidth that will be used by your Max cpu time settings from that.


ID: 12817 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Dimitris Hatzopoulos

Send message
Joined: 5 Jan 06
Posts: 336
Credit: 80,939
RAC: 0
Message 12819 - Posted: 30 Mar 2006, 6:54:00 UTC - in response to Message 12716.  

Now, again with your IT director cap on, how do you make SURE all of the users DO install it this way? Block the BOINC website? So they can only get the code from a local server?


Maybe I wasn't clear enough, but as I wrote in my previous post in this thread

"One can roll-out BOINC to an entire network of Windows PCs (and upgrade it remotely) see e.g. automatic BOINC installation on muliple PCs"

it won't be installed by the USERS but by the NET ADMIN via a script and it will run as a service. In many corporate network installations, users can't install arbitrary software on the PC.

E.g. IBM is installing WCG on many of their corporate sites, quote:

"Hi, I just started using WCG recently. I only got it because it was automatically installed on my work machine by software that downloads fixes and other recommended software packages.

This automatic download program is maintained by the company I work for (IBM) and I guess it was recently modified to include WCG as one of the recommended software packages."
see source
Best UFO Resources
Wikipedia R@h
How-To: Join Distributed Computing projects that benefit humanity
ID: 12819 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Dimitris Hatzopoulos

Send message
Joined: 5 Jan 06
Posts: 336
Credit: 80,939
RAC: 0
Message 12820 - Posted: 30 Mar 2006, 7:08:21 UTC - in response to Message 12716.  
Last modified: 30 Mar 2006, 7:37:16 UTC

It hasn't happened, true. But, technically, it's possible. There were other postings noting another project that let it's domain name expire (WHOOPS!), and it immediately went into the hands of someone that was waiting in line to take it. What if the domain name were suddenly going directly to the hacker rather than to the project?? The hacker now has the ability to send you a "new version" of code, which does a hack rather than science.


It was me who reported it back in Jan06, I spent some time trying to debug the issue and I traced it down to "DNS-cache-poisoning", i.e. a bad guy tricking older DNS server software (still in use by 1/3rd of all Internet sites...) into thinking that a hostname has another IP than the real one, effectively redirecting the user to a new site.

Also see http://isc.sans.org/diary.php?date=2005-04-07, http://vdb.dragonsoft.com/detail.php?id=349, http://isc.sans.org/presentations/dnspoisoning.php

It was a rather unusual config, that could only be exploited if the project's BOINC server didn't have an "A" record, but a CNAME. OOOPS, I just checked and while R@H is fine, RALPH falls in this category. Please change ralph.bakerlab.org from being a CNAME to alpha.bakerlab.org, to having its own A record, like R@h is:

% host boinc.bakerlab.org
boinc.bakerlab.org has address 140.142.20.103

% host ralph.bakerlab.org
ralph.bakerlab.org is a nickname for alpha.bakerlab.org
alpha.bakerlab.org has address 140.142.20.204

Now you reminded me, I wanted to write to the BOINC devs to let projects know about it...

This incident proved to me personally that bad guys were actively trying to exploit the BOINC userbase, in the particular case I encountered just to redirect me to some stupid ads page.

BOINC projects digitally sign their executables, so even if the domain falls in bad guys hands, they won't be able to have you run an invalid executable (unless they implement the whole BOINC subsystem AND it's the first time you connect).

Best UFO Resources
Wikipedia R@h
How-To: Join Distributed Computing projects that benefit humanity
ID: 12820 · Rating: 1 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Keith E. Laidig
Volunteer moderator
Project developer
Avatar

Send message
Joined: 1 Jul 05
Posts: 154
Credit: 117,189,961
RAC: 0
Message 12834 - Posted: 30 Mar 2006, 15:41:09 UTC - in response to Message 12820.  

Please change ralph.bakerlab.org from being a CNAME to alpha.bakerlab.org, to having its own A record

done. -KEL


ID: 12834 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Feet1st
Avatar

Send message
Joined: 30 Dec 05
Posts: 1755
Credit: 4,690,520
RAC: 0
Message 15220 - Posted: 1 May 2006, 21:51:04 UTC

Gentlemen, please take it somewhere else. Many other more appropriate places to discuss Linux and Unix.
Add this signature to your EMail:
Running Microsoft's "System Idle Process" will never help cure cancer, AIDS nor Alzheimer's. But running Rosetta@home just might!
https://boinc.bakerlab.org/rosetta/
ID: 15220 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Feet1st
Avatar

Send message
Joined: 30 Dec 05
Posts: 1755
Credit: 4,690,520
RAC: 0
Message 16771 - Posted: 21 May 2006, 17:12:43 UTC

Seems to me that fully half of this thread is now not related at all to the topic which was reasons people avoid BOINC projects, and what, if any steps can relieve their concerns.

The initial point that some people run on operating systems that BOINC and/or Rosetta do not support is well taken. The resolution to that is clear, and it is clear there is nothing from the outside that we can do to relieve that concern.

I propose that all the entries since this one be moved to a Linux/Unix thread on the crunching board.
Add this signature to your EMail:
Running Microsoft's "System Idle Process" will never help cure cancer, AIDS nor Alzheimer's. But running Rosetta@home just might!
https://boinc.bakerlab.org/rosetta/
ID: 16771 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
1 · 2 · 3 · Next

Message boards : Rosetta@home Science : Reasons some people avoid BOINC projects



©2024 University of Washington
https://www.bakerlab.org