Hi John,
To my mind the biggest problem here is that raising tickets and sending
messages via the VO had no effect. Heinz made a mistaken judgement -
(something that we have all done at times). I have known him for a
number of years and know that he is a reasonable person, and I am
absolutely certain that he did mean any abuse. If the effect had been
pointed out to him earlier then I am sure that he would have changed his
actions. The system is clearly broken in some way and it is this that
needs fixing... although I am afraid I don't know quite how to do this.
What effect do you think that Jeremy raising at Monday's PMB meeting
will have?
All the best,
david
Gordon, JC (John) wrote:
> So this seems like an admission that this is just a single users
> interpretation of what constitutes relevant work and doesn't have VO
> endorsement.
>
> Since we have established that there is no certificate or proxy
> compromise, I don't think this is a security issue. It is a VO Trust
> issue. I suggest we ask jeremy to report back when he receives an
> official response from biomed and then decide how to proceed. My
> suggestion would be to raise it at the weekly operations meeting. Jeremy
> will doubtless raise it with GridPP PMB on Monday too. I will state our
> position to ROC Managers and NA4.
>
> If sites wish to blacklist the user for operational reasons then that is
> their right. Even if you are wrongly configred, that is an operational
> reason until you fix it. They should inform him/her via the CIC Portal.
> What you shouldn't do is ban biomed now.
>
> 'til later,
>
> John
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]] On Behalf Of Coles, J (Jeremy)
>> Sent: 01 November 2007 10:38
>> To: [log in to unmask]
>> Subject: Re: Heinz' Challenge
>>
>> Dear All
>>
>> I have further information on the code use and why the user
>> thought biomed an appropriate VO for it:
>>
>> " The main idea is to factor prime numbers in order to show
>> how long it would take to break a 768-bit code (also
>> referred to as "sieving").
>> Since PKI certificates use 1024 or 2048 bit codes, and
>> biomed has typically the most severe security, I thought it
>> would be fine to use the VO for that. However, if people do
>> not agree with that opinion, I'm happy to explore other solutions.
>>
>> Seems that some people were concerned since they thought
>> that there might be a price in USD awarded if a code is
>> cracked. This is _not_ the
>>
>> case, and the sieving exercise is pure computer science research."
>>
>> For this work Heinz has been working with Proj. Lenstra from
>> the EPFL, one of the most well-known persons in the field of
>> cryptography and number sieving.
>>
>> And on the method employed:
>>
>> " ... one more point on number sieving. It is not "brute
>> force" but it involves complex algorithms that reduces the
>> actual run time of the overall "challenge". One result of the
>> work can be new more efficient sieving algorithms: important
>> for PKI and GSI".
>>
>> The question now coming from within the biomed VO is whether
>> based on this explanation sites would re-authorise the user
>> or whether an alternative route needs to be found for the
>> activity - such as the setting up of a new VO. Though I can
>> probably guess your replies you should let me know your
>> opinions. Since we are not working in isolation, once I've
>> got a feel for the response here I will push the matter to
>> the ROC manager's for further discussion.
>>
>> Jeremy
>>
>>
>>
>>> -----Original Message-----
>>> From: Testbed Support for GridPP member institutes [mailto:TB-
>>> [log in to unmask]] On Behalf Of Alessandra Forti
>>> Sent: 01 November 2007 09:33
>>> To: [log in to unmask]
>>> Subject: Re: Heinz' Challenge
>>>
>>> Hi Jeremy,
>>>
>>> I'm not sure biomed was aware of this. I don't have those
>> jobs on my
>>> cluster and I was keen to give Heinz the benefit of the
>> doubt as I met
>>> him and seemed a reasonable guy. But this is even worst than I
>> expected.
>>> Since it comes from the management and violates all the
>> rules of trust
>>> that this grid is built upon. I mean so long for policies and AUPs.
>> They
>>> couldn't do more damage.
>>>
>>> I also agree with Kostas that "Sorry" is not enough.
>>>
>>> cheers
>>> alessandra
>>>
>>> Coles, J (Jeremy) wrote:
>>>> Hi Kostas/Graeme/All
>>>>
>>>> I agree that this needs to be escalated and it will be.
>> First though
>> I
>>>> would like biomed representatives and Heinz to explain/respond - I
>> can
>>>> not think of a justification on their side but that does not mean
>> there
>>>> isn't one. Once everyone has responded directly (or if the ticket
>> goes
>>>> without a proper response) then it can be taken further.
>> Tier-2s/sites
>>>> are of course able to decide themselves if they wish to take more
>>>> immediate action as some have already done.
>>>>
>>>> Regards,
>>>> Jeremy
>>>>
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: Testbed Support for GridPP member institutes [mailto:TB-
>>>>> [log in to unmask]] On Behalf Of Kostas Georgiou
>>>>> Sent: 01 November 2007 02:19
>>>>> To: [log in to unmask]
>>>>> Subject: Re: Heinz' Challenge
>>>>>
>>>>> On Thu, Nov 01, 2007 at 12:19:26AM +0000, Graeme Stewart wrote:
>>>>>
>>>>>> From the CIC portal, biomed described itself as:
>>>>>>
>>>>>> "These VO covers the areas related to health sciences.
>> Currently,
>> it
>>>>>> is divided in 3 sectors: medical imaging,
>> bioinformatics and drug
>>>>>> discovery."
>>>>>>
>>>>>> We support the VO for it to engage in _that_ work, and
>> we're happy
>>>> to
>>>>>> have done work related to malaria, avian flu, etc. However, I
>> don't
>>>>>> see anything about rsa768 factorisation.
>>>>>>
>>>>>> So, this is, to my mind, even worse. This is not just
>> Heinz being
>> a
>>>>>> loose cannon, but sites being conned by top level EGEE
>> management
>>>>>> into running jobs to which they had in no way agreed to run.
>>>>>>
>>>>>> The problem was then exacerbated by the way that Heinz
>> wrote the
>>>>>> code, which resulted in biomed being able to grab far more of
>> many,
>>>>>> many clusters in the UK than was reasonable. (And so
>> much for EGEE
>>>>>> promoting push model RBs - just send in the pilots and
>> watch our
>>>>>> fairsharing go all to hell.)
>>>>> This is exactly what I was going to say (better worded
>> and probably
>>>> far
>>>>> more polite though).
>>>>>
>>>>>> Frankly, as the UK, I think we should give them a bloody rocket
>> for
>>>>>> this. They've shown huge disrespect to sites - and how on earth
>> can
>>>>>> they expect other EGEE users and VOs to play by the rules when
>> then
>>>>>> engage in such a gross violation of our trust?
>>>>> ...
>>>>>> We haven't banned biomed - we've banned Heinz. And I am in no
>> hurry
>>>>>> to unban him. I'd expect an apology at the very least,
>> as well as
>> an
>>>>>> assurance that this will not happen again.
>>>>> People should keep in mind that we are going to have
>> similar cases
>> in
>>>>> the future. If our responce today is going to be "a sorry is
>> enough"
>>>>> what is going to stop the next user doing the same thing
>> tomorrow
>>>>> considering how hard it is for us to spot an abuse?
>> Unless there is
>>>>> a strong repsonce people will think "If I am not found (quite
>> likely)
>>>>> great, if I am found a sorry will solve everything".
>>>>>
>>>>> Cheers,
>>>>> Kostas
>>>>>
>>>>> PS> BTW if the management agrees that breaking rsa768 is
>> fine then
>>>> I'll
>>>>> have a go as well or is it only Heinz/biomed that can have a go?
>>> --
>>> ***********************************
>>> * Alessandra Forti *
>>> * NorthGrid Technical Coordinator *
>>> * University of Manchester *
>>> ***********************************
|