Dear All
I have further information on the code use and why the user thought
biomed an appropriate VO for it:
" The main idea is to factor prime numbers in order to show how long it
would take to break a 768-bit code (also referred to as "sieving").
Since PKI certificates use 1024 or 2048 bit codes, and biomed has
typically the most severe security, I thought it would be fine to use
the VO for that. However, if people do not agree with that opinion,
I'm happy to explore other solutions.
Seems that some people were concerned since they thought that there
might be a price in USD awarded if a code is cracked. This is _not_ the
case, and the sieving exercise is pure computer science research."
For this work Heinz has been working with Proj. Lenstra from the EPFL,
one of the most well-known persons in the field of cryptography and
number sieving.
And on the method employed:
" ... one more point on number sieving. It is not "brute force" but it
involves complex algorithms that reduces the actual run time of the
overall "challenge". One result of the work can be new more efficient
sieving algorithms: important for PKI and GSI".
The question now coming from within the biomed VO is whether based on
this explanation sites would re-authorise the user or whether an
alternative route needs to be found for the activity - such as the
setting up of a new VO. Though I can probably guess your replies you
should let me know your opinions. Since we are not working in isolation,
once I've got a feel for the response here I will push the matter to the
ROC manager's for further discussion.
Jeremy
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Alessandra Forti
> Sent: 01 November 2007 09:33
> To: [log in to unmask]
> Subject: Re: Heinz' Challenge
>
> Hi Jeremy,
>
> I'm not sure biomed was aware of this. I don't have those jobs on my
> cluster and I was keen to give Heinz the benefit of the doubt as I met
> him and seemed a reasonable guy. But this is even worst than I
expected.
> Since it comes from the management and violates all the rules of trust
> that this grid is built upon. I mean so long for policies and AUPs.
They
> couldn't do more damage.
>
> I also agree with Kostas that "Sorry" is not enough.
>
> cheers
> alessandra
>
> Coles, J (Jeremy) wrote:
> > Hi Kostas/Graeme/All
> >
> > I agree that this needs to be escalated and it will be. First though
I
> > would like biomed representatives and Heinz to explain/respond - I
can
> > not think of a justification on their side but that does not mean
there
> > isn't one. Once everyone has responded directly (or if the ticket
goes
> > without a proper response) then it can be taken further.
Tier-2s/sites
> > are of course able to decide themselves if they wish to take more
> > immediate action as some have already done.
> >
> > Regards,
> > Jeremy
> >
> >
> >
> >> -----Original Message-----
> >> From: Testbed Support for GridPP member institutes [mailto:TB-
> >> [log in to unmask]] On Behalf Of Kostas Georgiou
> >> Sent: 01 November 2007 02:19
> >> To: [log in to unmask]
> >> Subject: Re: Heinz' Challenge
> >>
> >> On Thu, Nov 01, 2007 at 12:19:26AM +0000, Graeme Stewart wrote:
> >>
> >>> From the CIC portal, biomed described itself as:
> >>>
> >>> "These VO covers the areas related to health sciences. Currently,
it
> >>> is divided in 3 sectors: medical imaging, bioinformatics and drug
> >>> discovery."
> >>>
> >>> We support the VO for it to engage in _that_ work, and we're happy
> > to
> >>> have done work related to malaria, avian flu, etc. However, I
don't
> >>> see anything about rsa768 factorisation.
> >>>
> >>> So, this is, to my mind, even worse. This is not just Heinz being
a
> >>> loose cannon, but sites being conned by top level EGEE management
> >>> into running jobs to which they had in no way agreed to run.
> >>>
> >>> The problem was then exacerbated by the way that Heinz wrote the
> >>> code, which resulted in biomed being able to grab far more of
many,
> >>> many clusters in the UK than was reasonable. (And so much for EGEE
> >>> promoting push model RBs - just send in the pilots and watch our
> >>> fairsharing go all to hell.)
> >> This is exactly what I was going to say (better worded and probably
> > far
> >> more polite though).
> >>
> >>> Frankly, as the UK, I think we should give them a bloody rocket
for
> >>> this. They've shown huge disrespect to sites - and how on earth
can
> >>> they expect other EGEE users and VOs to play by the rules when
then
> >>> engage in such a gross violation of our trust?
> >> ...
> >>> We haven't banned biomed - we've banned Heinz. And I am in no
hurry
> >>> to unban him. I'd expect an apology at the very least, as well as
an
> >>> assurance that this will not happen again.
> >> People should keep in mind that we are going to have similar cases
in
> >> the future. If our responce today is going to be "a sorry is
enough"
> >> what is going to stop the next user doing the same thing tomorrow
> >> considering how hard it is for us to spot an abuse? Unless there is
> >> a strong repsonce people will think "If I am not found (quite
likely)
> >> great, if I am found a sorry will solve everything".
> >>
> >> Cheers,
> >> Kostas
> >>
> >> PS> BTW if the management agrees that breaking rsa768 is fine then
> > I'll
> >> have a go as well or is it only Heinz/biomed that can have a go?
> >
>
> --
> ***********************************
> * Alessandra Forti *
> * NorthGrid Technical Coordinator *
> * University of Manchester *
> ***********************************
|