Sorry to jump in rather late into the discussion, but I'll add my 2p worth.
Firstly I'll say that I'm in the camp that view this as an abuse of
resources. Sites decide which VOs to support and what priority to give
them based on their stated objectives, and any benefit the site gains
for its own research community. Using these resources for another
purpose, even if it is a purpose that the site would support if they
knew about it, is a Bad Thing.
However, I'd like to think this should be more a matter for the VOs to
police than the sites. Because there is no charging and not much
contention for resources, the VOs don't currently have a strong
incentive to do this. However, when the LHC experiments start I think
this will change, and anyone using large amounts of resources will have
to account for them.
If someone runs a small number of jobs that don't stick out by using
huge amounts of memory, CPU time or disk space, then I don't think we'll
ever spot them.
And if the management of a VO decides to extend their activities beyond
their stated objectives I think it will also be hard to detect, unless
the wider community of researchers in the VO raises an objection.
Ben
Cornwall, LA (Linda) wrote:
> So three matters,
>
> 1) Policy. There is the policy issue of who can run what, including who
> is allowed to run programs to try and crack certificates.
>
> 2) Discovery. There is the issue that technically anyone can run
> anything they like, just by calling it what they like. So how do we find
> who is breaking the rules?
>
> 3) What action to take. I agree there has to be a consequence for
> breaking the rules. Just like anything else in this world otherwise it
> does not work.
>
> I'll raise this all at this month's SCG.
>
> Linda
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Kostas Georgiou
>> Sent: 01 November 2007 13:25
>> To: [log in to unmask]
>> Subject: Re: Heinz' Challenge
>>
>> On Thu, Nov 01, 2007 at 11:30:06AM -0000, Cornwall, LA (Linda) wrote:
>>> Having said that, it is encouraging that when someone is trying to
> break
>>> RSA codes it got noticed by sites and the activity was stopped by
> many.
>>> This means I hope that if a user were to try and break codes in a
> more
>>> malicious way, e.g. to break a bank's certificate there is a fair
> chance
>>> it would be spotted. :-)
>> Being the one that noticed the job I can say that I don't see anything
>> encouraging :( I did notice the job *more than a month ago* and
> because
>> I got distracted with the security of it's pilot job nature I didn't
>> even look at what it was tryning to do. Then again nobody else noticed
>> anything either.
>>
>> I am very disappointed, if the user had taken some easy steps (just
>> changing the names of the binary/files) I don't think that it would
> have
>> been spotted *ever*.
>>
>> If I start sumbitting jobs tomorrow called CancerGeneSolveB3F910c with
>> inputs geneXXXXX for example who can tell that I am not cracking
>> certificates? Well since I am in dteam and not biomed I'll have to
>> think of a different name but believe me *nobody* will notice anything
>> wrong.
>>
>> Given this if we don't have hard penalties for a missuse we'll be
>> encouraging users to abuse the system.
>>
>> Kostas
--
Dr Ben Waugh Tel. +44 (0)20 7679 7223
Dept of Physics and Astronomy Internal: 37223
University College London
London WC1E 6BT
|