Dear All
Further to my earlier mail I now have received responses from Bob Jones
and Erwin Laure (which given the comments earlier in the thread deserve
to be read by everyone).
"Hi Jeremy,
Erwin has summarized nicely our point of view on this subject (see
attached email) and there are currently discussions going on about what
we need to change to avoid this situation in the future.
Cheers, Bob."
Erwin's summary:
" Please let me clarify a bit: yes, Bob and myself were aware of the
activity and encouraged it *as such*, we certainly didn't suggest,
encourage, agree or whatsoever to use a certain VO for that - that's
outside our mandate and I assume people are adhering to the AUPs they
sign.
From the thread it seems to me the biomed VO managers were not aware of
this activity and they certainly should have been informed. I think it's
up to the biomed VO managers now to assess whether this activity is
inline with the goals of the biomed VO and let it go on, or it is not
and make it stop. I will certainly help communicating whatever decision
you come up with."
So, it is generally recognised that this situation has arisen due to the
interpretation of one user. That takes us back to the question Paul
raised earlier in the thread and I'm sure that will feature in the
follow up to this matter.
I take the point about tickets being useless in this instance and will
investigate (along with some other apparent problems). This is all part
of the process of building a more sustainable infrastructure.
Jeremy
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Coles, J (Jeremy)
> Sent: 01 November 2007 10:38
> To: [log in to unmask]
> Subject: Re: Heinz' Challenge
>
> Dear All
>
> I have further information on the code use and why the user thought
> biomed an appropriate VO for it:
>
> " The main idea is to factor prime numbers in order to show how long
it
> would take to break a 768-bit code (also referred to as "sieving").
> Since PKI certificates use 1024 or 2048 bit codes, and biomed has
> typically the most severe security, I thought it would be fine to use
> the VO for that. However, if people do not agree with that opinion,
> I'm happy to explore other solutions.
>
> Seems that some people were concerned since they thought that there
> might be a price in USD awarded if a code is cracked. This is _not_
the
>
> case, and the sieving exercise is pure computer science research."
>
> For this work Heinz has been working with Proj. Lenstra from the EPFL,
> one of the most well-known persons in the field of cryptography and
> number sieving.
>
> And on the method employed:
>
> " ... one more point on number sieving. It is not "brute force" but it
> involves complex algorithms that reduces the actual run time of the
> overall "challenge". One result of the work can be new more efficient
> sieving algorithms: important for PKI and GSI".
>
> The question now coming from within the biomed VO is whether based on
> this explanation sites would re-authorise the user or whether an
> alternative route needs to be found for the activity - such as the
> setting up of a new VO. Though I can probably guess your replies you
> should let me know your opinions. Since we are not working in
isolation,
> once I've got a feel for the response here I will push the matter to
the
> ROC manager's for further discussion.
>
> Jeremy
>
>
>
> > -----Original Message-----
> > From: Testbed Support for GridPP member institutes [mailto:TB-
> > [log in to unmask]] On Behalf Of Alessandra Forti
> > Sent: 01 November 2007 09:33
> > To: [log in to unmask]
> > Subject: Re: Heinz' Challenge
> >
> > Hi Jeremy,
> >
> > I'm not sure biomed was aware of this. I don't have those jobs on
my
> > cluster and I was keen to give Heinz the benefit of the doubt as I
met
> > him and seemed a reasonable guy. But this is even worst than I
> expected.
> > Since it comes from the management and violates all the rules of
trust
> > that this grid is built upon. I mean so long for policies and AUPs.
> They
> > couldn't do more damage.
> >
> > I also agree with Kostas that "Sorry" is not enough.
> >
> > cheers
> > alessandra
> >
> > Coles, J (Jeremy) wrote:
> > > Hi Kostas/Graeme/All
> > >
> > > I agree that this needs to be escalated and it will be. First
though
> I
> > > would like biomed representatives and Heinz to explain/respond - I
> can
> > > not think of a justification on their side but that does not mean
> there
> > > isn't one. Once everyone has responded directly (or if the ticket
> goes
> > > without a proper response) then it can be taken further.
> Tier-2s/sites
> > > are of course able to decide themselves if they wish to take more
> > > immediate action as some have already done.
> > >
> > > Regards,
> > > Jeremy
> > >
> > >
> > >
> > >> -----Original Message-----
> > >> From: Testbed Support for GridPP member institutes [mailto:TB-
> > >> [log in to unmask]] On Behalf Of Kostas Georgiou
> > >> Sent: 01 November 2007 02:19
> > >> To: [log in to unmask]
> > >> Subject: Re: Heinz' Challenge
> > >>
> > >> On Thu, Nov 01, 2007 at 12:19:26AM +0000, Graeme Stewart wrote:
> > >>
> > >>> From the CIC portal, biomed described itself as:
> > >>>
> > >>> "These VO covers the areas related to health sciences.
Currently,
> it
> > >>> is divided in 3 sectors: medical imaging, bioinformatics and
drug
> > >>> discovery."
> > >>>
> > >>> We support the VO for it to engage in _that_ work, and we're
happy
> > > to
> > >>> have done work related to malaria, avian flu, etc. However, I
> don't
> > >>> see anything about rsa768 factorisation.
> > >>>
> > >>> So, this is, to my mind, even worse. This is not just Heinz
being
> a
> > >>> loose cannon, but sites being conned by top level EGEE
management
> > >>> into running jobs to which they had in no way agreed to run.
> > >>>
> > >>> The problem was then exacerbated by the way that Heinz wrote the
> > >>> code, which resulted in biomed being able to grab far more of
> many,
> > >>> many clusters in the UK than was reasonable. (And so much for
EGEE
> > >>> promoting push model RBs - just send in the pilots and watch our
> > >>> fairsharing go all to hell.)
> > >> This is exactly what I was going to say (better worded and
probably
> > > far
> > >> more polite though).
> > >>
> > >>> Frankly, as the UK, I think we should give them a bloody rocket
> for
> > >>> this. They've shown huge disrespect to sites - and how on earth
> can
> > >>> they expect other EGEE users and VOs to play by the rules when
> then
> > >>> engage in such a gross violation of our trust?
> > >> ...
> > >>> We haven't banned biomed - we've banned Heinz. And I am in no
> hurry
> > >>> to unban him. I'd expect an apology at the very least, as well
as
> an
> > >>> assurance that this will not happen again.
> > >> People should keep in mind that we are going to have similar
cases
> in
> > >> the future. If our responce today is going to be "a sorry is
> enough"
> > >> what is going to stop the next user doing the same thing tomorrow
> > >> considering how hard it is for us to spot an abuse? Unless there
is
> > >> a strong repsonce people will think "If I am not found (quite
> likely)
> > >> great, if I am found a sorry will solve everything".
> > >>
> > >> Cheers,
> > >> Kostas
> > >>
> > >> PS> BTW if the management agrees that breaking rsa768 is fine
then
> > > I'll
> > >> have a go as well or is it only Heinz/biomed that can have a go?
> > >
> >
> > --
> > ***********************************
> > * Alessandra Forti *
> > * NorthGrid Technical Coordinator *
> > * University of Manchester *
> > ***********************************
|