Distributed Computing Projects

Discussion in 'other security issues & news' started by marti, May 10, 2002.

Thread Status:
Not open for further replies.
  1. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    I know many folks running Distributed Computing Projects, such as Seti and cancer research.  I don't participate.

    I'm posting here to ask about privacy/security issues involved with running any of those programs.  Anyone have any thoughts on the subject?

    thanks,
    marti
     
  2. snowman

    snowman Guest

         ** FFI **

            Distributed computing is a science which solves a large problem by giving small parts of the problem to many computers to solve and then combining the solutions for the parts into a solution for the problem. Recent distributed computing projects have been designed to use the computers of hundreds of thousands of volunteers all over the world, via the Internet, to look for extra-terrestrial radio signals, to look for prime numbers so large that they have more than ten million digits, and to find more effective drugs
    . These projects are so large, and require so much computing power to solve, that they would be impossible for any one computer or person to solve in a reasonable amount of time.

                                * * * * * *


             MARTI

             its difficult to keep just one computer even marginally secure......a laborous task..............consider 100,000 computers......if I actually tryed to fund just ten secure computers among people I know...I could not.

                                   snowman
     
  3. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    Snowman,

    I know the definition of distributed computing.  What I'm curious about is

    "does running a distributed computing program increase ones security/privacy risks?"

    thanks,
    marti
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Marti - I wouldn't touch distributed computing with a ten-foot pole, personally. Seti's database was already hacked, once (although, until now anyway, that info hasn't been utilized in any way).

    It's a gut-level thing with me - I don't want anyone else to have the use of my processor. It boils down to the fact that I haven't the technical expertise to know, exactly, what they'll be using it for.

    It goes without saying that if anyone ever does get into anyone's distributed computing servers , they'd be able to unleash a DDoS attack of pretty impressive proportions against whatever target they chose - I really don't want my computer to be a part of that.

    Just my .02 Pete
     
  5. snowman

    snowman Guest

          Marti

          because the are others who may not know the definition.....an since I am not a self-centered individual..I thought to post the definition..so that just maybe someone could offer a response that might answer your question.   guess I just consider others more than some people do.


                                snowman

       
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    I am a proud member of genome@home. Knowing that 99% of my clock cycles are wasted, and they could be useful to people actively working on genetic problems in humans, I had NO problem making the choice to join up.

    The application has never been exploited, and can be no less secure than you using a web browser or email (in-fact web browser or email is probably a million times more likely to be a source of grief) It is controlled by Stanford University. The do have somewhat of a clue about computer security I'd hope. The benefits out-way the risks by a wide margin in my opinion. For the entire project to succumb to hack that allowed the whole works to be part of a DDoS, then everyone would have to be individually infected with a trojan. The app itself have no remote control capability. Even if the worst happened, and may machine was part of a DDoS once in 3 years, it would STILL be a positive benefit for mankind over all.

    Genome@home is (also in my opinion) far more beneficial to humanity than Seti or prime. I'll also say that this research concerns my immediate family,  so I might be a bit bias.


    Info here:

    http://gah.stanford.edu/
     
  7. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    Snowman,

    I did not intend to be rude in my response to you.  However, your response did not seem to have anything to do with the question that I asked.

    marti
     
  8. snowman

    snowman Guest

             MARTI

             Nor was I being rude either....your post had been up for several hours with out any replies....in consideration of your interest in the topic I simply offered the definition as addional information

            my response indicated that  imo if its difficult to properly secure one computer.....how is it possible to know if those other 100.000 computers are secure...or their servers........would trusting the security of my computer to total strangers be wise........its matter of personal choice.......

            wishing you a most pleasent day Marti...an glorious weekend.....


                                   snowman
     
  9. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    ? you are doing that now aren't you? How many of the people who worked on the programs installed on your system (including OS and hardware drivers) do you know personally?

    For me the number is zero.

    I trust the reputation of the companies whose software I use (except Microsoft of course!). I would trust Stanford university before trusting M$
     
  10. snowman

    snowman Guest

          Unicrom

          good point !    definitely I would not trust M$ as far as I could throw them by their eyebrows......

          Network...is just not my cup of tea......although I do connect to world exchanges daily......but then I would not be willing to use an mp3 file sharing network....certainly that would not be up to par with say Stanford......

           but yes I do see your point.

                                    snowman
     
  11. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    I've been running these programs for more than 3 years now and never had an issue with privacy or security.  Projects I've run:

    seti@home
    folding@home
    genome@home
    mersenne prime numbers
    distributed folding
    rc5-64
     
  12. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    So, far it's two yes and two no.

    marti
     
  13. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Matri I suggest you inquire to people who actually use these progs, and ask them how many problems they have had.

    I have noticed many people are scared of DCPs without knowing much about them.

    Whe asking any question or poll, always think:

    1) does this person have any idea what they are talking about.

    2) Is this person qualified (unofficially even) to make an educated statement about such things.

    3) avoid tallying like: 2 - 1. Meaningless if the two jokers who vote "for" have no real knowledge/evidence/experience on such topics, and the one "against" is an expert in that feild. Subjectivity is paramount here.
     
  14. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    UNICRON,

    I can ask folks that run DCP programs, but most of them are only "mildly" interested in computer security.  That's why I asked in this forum.

    Tonight, I read about an intrustion to a DCP list of users.  Seems that someone got in and "retired" several folks from the list.  This intrustion was not on the indivuals computers, but,  it does make me wonder about the security of running such a system.
     
  15. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Marti,

    If I recall correctly, several people were recently fired for using their work computers for seti.  That may sound mean and harsh, but the systems' admin had determined that seti ewre making no attempts to plug known holes in their software (typically when the screensaver phoned home) and seti, bless 'em, stated that they couldn't spare the time or resources to address the problems.  That's if I recall correctly.  Personally, I've racked up nearly 1,000 work units in seti.  HTH.
     
  16. FanJ

    FanJ Guest

    Oops, Checkout, sorry, my English is failing me again...
    What means:

    Of course no offence meant, I only didn't understand that.
     
  17. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Sorry, Jan - I tend to use 'engineering' English when I should write more plainly for people here.  Racked up means accumulated.  It refers to a scoring machine for games, like darts, where a wooden rack has point counters which move along it.  So, to record points scored, you would move your pointer across the rack.

    I hope that's clear?  Sorry for the confusion.
     
  18. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    I've donated 2600 hours of processor time to seti@home since I started with it in January. I see no obvious problem with it. The only information about you that Berkely receives is your email address, and you can fake that at the risk of being locked out of your account if you forget your password.
     
Loading...
Thread Status:
Not open for further replies.