My GTX 1650 does Milkyway task in about 6 minutes.
That feeling when 2019 GPU is slower than 2013 gpu.

That's 93 GFlops. Mine is 1000. Nvidia sux. I have never and will never buy their low grade rubbish.

My GTX 1650 does Milkyway task in about 6 minutes.
That feeling when 2019 GPU is slower than 2013 gpu.

Well, Tahiti is High-End, the 280X has 250W TDP, GeForce 16 is the Low-End of Geforce 20 series, the 1650 has 75W TDP and it's launch price was half or (a lot) less of any of the Tahiti cards. Outside of that very special Milkyway application, the 1650 isn't bad at all, the SP Performance per Watt is even a lot higher.

---

.

Well, Tahiti is High-End, the 280X has 250W TDP, GeForce 16 is the Low-End of Geforce 20 series, the 1650 has 75W TDP and it's launch price was half or (a lot) less of any of the Tahiti cards. Outside of that very special Milkyway application, the 1650 isn't bad at all, the SP Performance per Watt is even a lot higher.

The SP is lower overall, I'm surprised they make a card that slow nowadays.

And DP is actually used in most of the projects, just not 100% of the time.

The SP is lower overall, I'm surprised they make a card that slow nowadays.

It's lower overall, but about 2.5x higher per Watt. That's a huge difference if you don't run Milkyway on it. Gaming performance (and that's what GPUs are actually made for, not for BOINC) is higher than Radeon HD 7970 GHz Edition, which burns 300W instead of the 75W the GTX 1650 is using. Yes, the Tahiti cards are great in particular for Milkyway and BOINC in general, but let's not act like that was what GPUs are primarily made for. It would be nonsense for the average GPU user to buy 2019 a Tahiti card when they can get better performance in games at about 25-30% energy consumption.

---

.

It's lower overall, but about 2.5x higher per Watt. That's a huge difference if you don't run Milkyway on it. Gaming performance (and that's what GPUs are actually made for, not for BOINC) is higher than Radeon HD 7970 GHz Edition, which burns 300W instead of the 75W the GTX 1650 is using. Yes, the Tahiti cards are great in particular for Milkyway and BOINC in general, but let's not act like that was what GPUs are primarily made for. It would be nonsense for the average GPU user to buy 2019 a Tahiti card when they can get better performance in games at about 25-30% energy consumption.

I play games, and I don't care for energy performance. It's not like I play games 24 hours a day. So as a gamer only the speed matters. And something a decade newer should not be slower. BTW, the Tahiti speed ain't good enough for games, I have a twice as fast Nano for that. Which is also efficient in power.

Hello there!

I use BOINC 7.9.3 on Ubuntu 18.04 and recently I have started to get errors on downloading files for Rosetta@Home tasks like "transient HTTP error".
It seems to affect only Rosetta's files, files for other projects seem to be downloaded well.
Just in case, the file names go as "KC_12mer_12_hallucinated..." and "KC_13mer_13_hallucinated..." for Rosetta 4.20.

It seems like I can download the files manually and place them where they should be (/var/lib/boinc/projects/boinc.bakerlab.org_rosetta/) - after that the task's status transitions from "Downloading" to "Ready to start".
However, I am afraid that there will be a similar problem with uploads - so may you please suggest how can I make BOINC manage Rosetta@Home files transfers automatically again?

Here is the event log with http_debug, http_xfer_debug and network_status_debug flags enabled - looks like is a kind of SSL certificate problem:

Tue 20 Dec 2022 10:35:55 EET | Rosetta@home | [http] HTTP_OP::init_get(): https://boinc-files.bakerlab.org/rosetta/download/7c/KC_12mer_12_hallucinated_55_11.zip
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS handshake, Certificate (11):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS handshake, CERT verify (15):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS handshake, Finished (20):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (OUT), TLS change cipher, Client hello (1):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (OUT), TLS handshake, Finished (20):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  ALPN, server accepted to use http/1.1
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  Server certificate:
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:   subject: CN=www.google.com
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:   start date: Nov 28 08:19:01 2022 GMT
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:   expire date: Feb 20 08:19:00 2023 GMT
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:   subjectAltName: host "www.google.com" matched cert's "www.google.com"
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:   issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:   SSL certificate verify ok.
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (OUT), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Sent header to server: GET / HTTP/1.1
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Sent header to server: Host: www.google.com
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Sent header to server: User-Agent: BOINC client (x86_64-pc-linux-gnu 7.9.3)
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Sent header to server: Accept: */*
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Sent header to server: Accept-Encoding: deflate, gzip
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Sent header to server: Content-Type: application/x-www-form-urlencoded
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Sent header to server: Accept-Language: en_US
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Sent header to server:
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: HTTP/1.1 200 OK
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Date: Tue, 20 Dec 2022 08:35:56 GMT
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Expires: -1
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Cache-Control: private, max-age=0
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Content-Type: text/html; charset=ISO-8859-1
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Content-Encoding: gzip
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Server: gws
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: X-XSS-Protection: 0
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: X-Frame-Options: SAMEORIGIN
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Set-Cookie: 1P_JAR=2022-12-20-08; expires=Thu, 19-Jan-2023 08:35:56 GMT; path=/; domain=.google.com; Secure
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Set-Cookie: AEC=AakniGOg4us7UbTeD0AIz-b37iy5EjS_ILng2YPon72NYT610HS15qt6Ru8; expires=Sun, 18-Jun-2023 08:35:56 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Set-Cookie: NID=511=HyJMAjp9f88XSRXcGz4s9sQAFWhAzMIrSpJaeSUC_skIKlJSsRvCrIMtIed6-zkZMwLD9-WodT8K9S2-9ePzMFIs65t46nnBtJ-nXtdLitjZgfv3qXVkPscnq9kBFN4CQf6JQinZl1JhCpUd1w3Gg-R2XDMF-YPh1RXirWlO2DI; expires=Wed, 21-Jun-2023 08:35:56 GMT; path=/; domain=.google.com; HttpOnly
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server: Transfer-Encoding: chunked
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Received header from server:
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 1768 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 2850 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 3201 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 3689 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 1485 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 8 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 286 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 5 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 1 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 1 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 9 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 6 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 5 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 4 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 1 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 1 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 2310 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http_xfer] [ID#0] HTTP: wrote 1211 bytes
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  TLSv1.3 (IN), TLS Unknown, Unknown (23):
Tue 20 Dec 2022 10:35:56 EET |  | [http] [ID#0] Info:  Connection #566 to host www.google.com left intact
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info:  TLSv1.3 (IN), TLS handshake, Server hello (2):
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info:  TLSv1.2 (IN), TLS handshake, Certificate (11):
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info:  TLSv1.2 (OUT), TLS alert, Server hello (2):
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info:  SSL certificate problem: unable to get local issuer certificate
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info:  stopped the pause stream!
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info:  Closing connection 567
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info:  TLSv1.3 (IN), TLS handshake, Server hello (2):
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info:  TLSv1.2 (IN), TLS handshake, Certificate (11):
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info:  TLSv1.2 (OUT), TLS alert, Server hello (2):
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info:  SSL certificate problem: unable to get local issuer certificate
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info:  stopped the pause stream!
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info:  Closing connection 568
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates
Tue 20 Dec 2022 10:35:57 EET |  | [network_status] status: reference site lookup pending
Tue 20 Dec 2022 10:35:57 EET |  | Internet access OK - project servers may be temporarily down.
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | Temporarily failed download of KC_12mer_12_hallucinated_55_11.zip: transient HTTP error
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | Backing off 00:29:36 on download of KC_12mer_12_hallucinated_55_11.zip
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | Temporarily failed download of KC_12mer_12_hallucinated_55_11.flags: transient HTTP error
Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | Backing off 00:25:01 on download of KC_12mer_12_hallucinated_55_11.flags
Tue 20 Dec 2022 10:35:58 EET |  | [network_status] status: online

With care, Viktor

I use BOINC 7.9.3

There's your problem, the latest version is 7.20.2, with much newer SSL stuff in it.

the latest version is 7.20.2, with much newer SSL stuff in it.

Where do I get the latest version for Ubuntu Linux?
I have tried to use one from BOINC's official website and I have got the next error:

/usr/bin/boinc: /usr/lib/x86_64-linux-gnu/libcurl.so.4: version `CURL_OPENSSL_3' not found (required by /usr/bin/boinc)

It turned out that the one there has even older version - 7.4.22 - good that I made a backup before.
The one which is available via bionic ppa is 7.9.3, the same version I have:

$ sudo apt-cache policy boinc
[sudo] password for sloboda: 
boinc:
  Installed: 7.9.3+dfsg-5ubuntu2
  Candidate: 7.9.3+dfsg-5ubuntu2
  Version table:
 *** 7.9.3+dfsg-5ubuntu2 500
        500 http://ua.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
        500 http://ua.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages
        100 /var/lib/dpkg/status
     7.9.3+dfsg-5 500
        500 http://ua.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
        500 http://ua.archive.ubuntu.com/ubuntu bionic/universe i386 Packages

This ppa should have 7.20.5
https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/boinc

Thank you for your help and suggestions!

It seems like the version update was not crucial though, the problem was probably in /var/lib/boinc-client/ca-bundle.crt file.
The CA bundle file was outdated before, now it seems to be a symbolic link to /etc/ssl/certs/ca-certificates.crt file, which was recently updated after re-installing BOINC 7.9.3 and libcurl4-openssl-dev package and uploads go well now.

With care,
Viktor

and uploads go well now.

Well, downloads didn't.

I have managed to update BOINC to 7.20.5 (that wasn't necessary in my case, as I have found later) with the next steps:

# stopped the previous version:
sudo service boinc-client stop
# without update-ca-certificates there was the next error:
# Cannot add PPA: 'ppa:~costamagnagianfranco/ubuntu/boinc'.
# ERROR: '~costamagnagianfranco' user or team does not exist.
sudo apt-get update && sudo apt-get install ca-certificates -y && sudo update-ca-certificates
# added the repository with the latest versions
sudo add-apt-repository ppa:costamagnagianfranco/boinc
# acknowledged the updates and upgraded boinc
sudo apt-get update && sudo apt-get upgrade boinc
# started the new version:
sudo service boinc-client start

Nevertheless, the error persisted.

It seemed a bit like of a curl problem, so I have decided to check it:

$ curl https://boinc-files.bakerlab.org/rosetta/download/c1/KC_12mer_12_hallucinated_93_236.flags

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

So the problem wasn't around the BOINC itself after all.
I don't know why exactly my local curl decided not to trust Rosetta@Home files server's PEM certificates.
Nevertheless, I saved those certificates to a separate crt file (/usr/local/share/ca-certificates/rosetta.crt) and run sudo update-ca-certificates again.
After that downloads started work again for Rosetta@home project for my BOINC client.

The problem seems to be solved for me for now.
Leaving this here just in case someone stumbles on the same thing.

With care,
Viktor

Looking through the top hosts list it is interesting to see that some are still returning completed work even though they do have some "not started by deadline" "canceled by server" and "aborted"
Others have work units "waiting validation" from October
Old relics from "15 Apr 2020, 12:37:56 UTC Not started by deadline - canceled " as database dirt
And the rest of us getting on with crunching other projects work
I wonder if rosetta is going to run all work out and planning to do a big full project database reset to clean out the cruft ? hint . . . . .
And why am I posting this ?
Its just something to do on a day like today is , before I attack the accumulated pans and dishes in the kitchen , nnn ;-)

So the problem wasn't around the BOINC itself after all.
I don't know why exactly my local curl decided not to trust Rosetta@Home files server's PEM certificates.
Nevertheless, I saved those certificates to a separate crt file (/usr/local/share/ca-certificates/rosetta.crt) and run sudo update-ca-certificates again.
After that downloads started work again for Rosetta@home project for my BOINC client.

That was just the hint I needed.

I ran the update-ca-trust command on my RHEL8.6 Linux system, and it seems to work (as far as I can tell).
It does not download any Rosetta tasks at the moment, because there are none available. But at least, no error messages.

---

I, too, was not able to download any WU files during the last batch around 15.-21.12.2022
BOINC version 7.20.2 on Ubuntu 22.04.1, fully updated.
update-ca-certificates did not help.

I did some analysis:

I noticed two different URLs used by Rosetta:
Root URL for general communication:
https://boinc.bakerlab.org/
Old download URL, index with folder and file structure visible:
https://boinc.bakerlab.org/rosetta/download/

It seems some time ago Rosetta switched to a new URL for downloads.
New download URL, index hidden, shown as offline on the status page:
https://boinc-files.bakerlab.org/

Both URLs seem to target the same underlying file system. As an examlple, the following two URLs lead to the same file:
https://boinc.bakerlab.org/rosetta/download/0/3stub_cyc_target_1cwa_00081_2_extract_B.zip
https://boinc-files.bakerlab.org/rosetta/download/0/3stub_cyc_target_1cwa_00081_2_extract_B.zip

Tests on Debian with curl:
old URL:

curl https://boinc.bakerlab.org/rosetta/download/0/3stub_cyc_target_1cwa_00081_2_extract_B.zip -vI
*   Trying 128.95.160.156:443...
* Connected to boinc.bakerlab.org (128.95.160.156) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=Washington; O=University of Washington; CN=*.bakerlab.org
*  start date: Dec 14 00:00:00 2022 GMT
*  expire date: Dec 14 23:59:59 2023 GMT
*  subjectAltName: host "boinc.bakerlab.org" matched cert's "*.bakerlab.org"
*  issuer: C=US; ST=MI; L=Ann Arbor; O=Internet2; OU=InCommon; CN=InCommon RSA Server CA
*  SSL certificate verify ok.

new URL:

curl https://boinc-files.bakerlab.org/rosetta/download/0/3stub_cyc_target_1cwa_00081_2_extract_B.zip -vI
*   Trying 128.95.160.134:443...
* Connected to boinc-files.bakerlab.org (128.95.160.134) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I could recreate the same error on multiple independent Rasbpian/Debian installations with the same result.

Firefox on Windows and Ubuntu did not complain, shows verified by Internet2.
On Windows, Openssl fails on both the new and old URL, probably because it's out of date (2021).
wget and curl in powershell did not complain.
Edge on Windows downloads the zip without warning, but warns about a missing certificate when opening https://boinc-files.bakerlab.org and clicking on the lock symbol.

Openssl tests on Debian, each with the same results:
Raspbian (buster): OpenSSL 1.1.1n 15 Mar 2022
Ubuntu (22.04.1 LTS): OpenSSL 3.0.2 15 Mar 2022

new URL:

openssl s_client -connect boinc-files.bakerlab.org:443

CONNECTED(00000003)
depth=0 C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org
verify return:1
---
Certificate chain
 0 s:C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org
   i:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 14 00:00:00 2022 GMT; NotAfter: Dec 14 23:59:59 2023 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGpDCCBYygAwIBAgIQLX34hscHGmFRGzZSrcfHojANBgkqhkiG9w0BAQsFADB2
---snip---
    Start Time: 1672334317
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: yes

old URL:

openssl s_client -connect boinc.bakerlab.org:443

CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
verify return:1
depth=0 C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org
verify return:1
---
Certificate chain
 0 s:C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org
   i:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 14 00:00:00 2022 GMT; NotAfter: Dec 14 23:59:59 2023 GMT
 1 s:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA512
   v:NotBefore: Sep 19 00:00:00 2014 GMT; NotAfter: Sep 18 23:59:59 2024 GMT
 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGpDCCBYygAwIBAgIQLX34hscHGmFRGzZSrcfHojANBgkqhkiG9w0BAQsFADB2
--snip--
    Start Time: 1672334384
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

Here a comparison with an external 3rd party online analysis from SSLLABS:
https://www.ssllabs.com/ssltest/analyze.html?d=boinc-files.bakerlab.org ("This server's certificate chain is incomplete. Grade capped to B.")
https://www.ssllabs.com/ssltest/analyze.html?d=boinc.bakerlab.org (Rating: A)
(Additional test: https://www.digicert.com/help/)

As you can see, even they show issues with the certificate chain for the new URL.
If I understand the results correctly, the old URL sends both the server certificate (1) and the intermediate certificate (2) (= issuer certificate) to the client (SSLLABS: Certification Paths: "1 - Sent by server, 2 - Sent by server"), completing the chain of trust with the root certificate (3) on the client.
The new URL only sends the server certificate, but not the intermediate certificate (SSLLABS: "2 - Extra download", from InCommon RSA Server CA / Internet2). If the client does not already have this intermediate certificate in its trust store, which seems often but not always the case (comparing Firefox vs windows vs Debian), the chain is broken and any connection to boinc-files.bakerlab.org fails.
Maybe there are also some automated tricks and workarounds going on, like caching the intermediate after once connecting to boinc.bakerlab.org, so that the client can puzzle the chain together anyway.

As others already wrote, it is visible in Rosetta's statistics that something widespread isn't working.
Comparing earlier batches with the last batch is noticeble slower in crunshing and returning WUs:
https://munin.kiska.pw/munin/Munin-Node/Munin-Node/results_rosetta.html

https://www.boincstats.com/stats/14/project/detail/credit


So, I think what needs to be done is to recreate the configuration for / copy the intermediate certificate from boinc.bakerlab.org to boinc-files.bakerlab.org, so that it gets sent to clients as well.

Screenshots for comparison of the chains, no differences between platforms:

URL: boinc.bakerlab.org



URL: boinc-files.bakerlab.org

I ran the update-ca-trust command on my RHEL8.6 Linux system, and it seems to work (as far as I can tell).
It does not download any Rosetta tasks at the moment, because there are none available. But at least, no error messages.

My system has now been updated to RHEL8.7. Having run update-ca-trust has not hurt anything, but it did not help either.

Well, Rosetta still does not admit to having any work units on its web site, but it tried to download some to me today. I think it was only one.

It created these files but you can see they are all empty. And they are all marked "downloading."

-rw-r--r--. 1 boinc boinc  0 Jan  4 22:18 database_357d5d93529_n_methyl.zip
-rw-r--r--. 1 boinc boinc  0 Jan  4 22:18 LiberationSans-Regular.ttf
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.11mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 16:29 rb_01_04_474411_469629_ab_t000__robetta.200.3mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.4mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.5mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 16:13 rb_01_04_474411_469629_ab_t000__robetta.200.6mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.7mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.8mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.9mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 18:49 rb_01_04_474411_469629_ab_t000__robetta_FLAGS
-rw-r--r--. 1 boinc boinc  0 Jan  4 16:29 rb_01_04_474411_469629_ab_t000__robetta.zip
-rw-r--r--. 1 boinc boinc  0 Jan  4 17:31 rosetta_4.20_x86_64-pc-linux-gnu
-rw-r--r--. 1 boinc boinc  0 Jan  4 17:31 rosetta_graphics_4.20_x86_64-pc-linux-gnu

---

My system has now been updated to RHEL8.7. Having run update-ca-trust has not hurt anything, but it did not help either.

Well, Rosetta still does not admit to having any work units on its web site, but it tried to download some to me today. I think it was only one.

It created these files but you can see they are all empty. And they are all marked "downloading."

-rw-r--r--. 1 boinc boinc  0 Jan  4 22:18 database_357d5d93529_n_methyl.zip
-rw-r--r--. 1 boinc boinc  0 Jan  4 22:18 LiberationSans-Regular.ttf
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.11mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 16:29 rb_01_04_474411_469629_ab_t000__robetta.200.3mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.4mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.5mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 16:13 rb_01_04_474411_469629_ab_t000__robetta.200.6mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.7mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.8mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.9mers.index.gz
-rw-r--r--. 1 boinc boinc  0 Jan  4 18:49 rb_01_04_474411_469629_ab_t000__robetta_FLAGS
-rw-r--r--. 1 boinc boinc  0 Jan  4 16:29 rb_01_04_474411_469629_ab_t000__robetta.zip
-rw-r--r--. 1 boinc boinc  0 Jan  4 17:31 rosetta_4.20_x86_64-pc-linux-gnu
-rw-r--r--. 1 boinc boinc  0 Jan  4 17:31 rosetta_graphics_4.20_x86_64-pc-linux-gnu

There are a very small number of Robetta tasks coming through to my Windows machines too. I think we're the overflow for Robetta's own machines. It seems everyone's asleep and not producing much work - even with WCG, Rosetta, and Asteroids, I sometimes run out of CPU work. Oh well, I'm off to fiddle with some GPUs, I've constructed an 800A 12V ring main on a large bookshelf to plug GPUs in anywhere. A few kilowatt 12V LED power supplies and a couple of reels of car starter motor cable (0 AWG).

To whom it may concern,
The download server is broken per status page:

Download server boinc-files.bakerlab.org Not Running

Please fix.
Thanks.

The servers over @ Ralph are all running , they could chuck all the work over there if they can`t or be botherd to fix this lot .

The servers over @ Ralph are all running , they could chuck all the work over there if they can`t or be botherd to fix this lot .

Ralph is undervalued and underused by the project itself....

---