Well that and users knowing about and adhering to VO AUPs.
Monday's PMB can decide what further action the UK should take from a
range of possibilities.
John
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of David Colling
> Sent: 01 November 2007 11:16
> To: [log in to unmask]
> Subject: Re: Heinz' Challenge
>
> Hi John,
>
> To my mind the biggest problem here is that raising tickets
> and sending messages via the VO had no effect. Heinz made a
> mistaken judgement - (something that we have all done at
> times). I have known him for a number of years and know that
> he is a reasonable person, and I am absolutely certain that
> he did mean any abuse. If the effect had been pointed out to
> him earlier then I am sure that he would have changed his
> actions. The system is clearly broken in some way and it is
> this that needs fixing... although I am afraid I don't know
> quite how to do this.
>
> What effect do you think that Jeremy raising at Monday's PMB
> meeting will have?
>
> All the best,
> david
>
> Gordon, JC (John) wrote:
> > So this seems like an admission that this is just a single users
> > interpretation of what constitutes relevant work and
> doesn't have VO
> > endorsement.
> >
> > Since we have established that there is no certificate or proxy
> > compromise, I don't think this is a security issue. It is a
> VO Trust
> > issue. I suggest we ask jeremy to report back when he receives an
> > official response from biomed and then decide how to proceed. My
> > suggestion would be to raise it at the weekly operations meeting.
> > Jeremy will doubtless raise it with GridPP PMB on Monday
> too. I will
> > state our position to ROC Managers and NA4.
> >
> > If sites wish to blacklist the user for operational reasons
> then that
> > is their right. Even if you are wrongly configred, that is an
> > operational reason until you fix it. They should inform
> him/her via the CIC Portal.
> > What you shouldn't do is ban biomed now.
> >
> > 'til later,
> >
> > John
> >
> >> -----Original Message-----
> >> From: Testbed Support for GridPP member institutes
> >> [mailto:[log in to unmask]] On Behalf Of Coles, J (Jeremy)
> >> Sent: 01 November 2007 10:38
> >> To: [log in to unmask]
> >> Subject: Re: Heinz' Challenge
> >>
> >> Dear All
> >>
> >> I have further information on the code use and why the
> user thought
> >> biomed an appropriate VO for it:
> >>
> >> " The main idea is to factor prime numbers in order to
> show how long
> >> it would take to break a 768-bit code (also referred to as
> >> "sieving").
> >> Since PKI certificates use 1024 or 2048 bit codes, and
> biomed has
> >> typically the most severe security, I thought it would be
> fine to use
> >> the VO for that. However, if people do not agree with that
> opinion,
> >> I'm happy to explore other solutions.
> >>
> >> Seems that some people were concerned since they thought
> that there
> >> might be a price in USD awarded if a code is cracked. This
> is _not_
> >> the
> >>
> >> case, and the sieving exercise is pure computer science research."
> >>
> >> For this work Heinz has been working with Proj. Lenstra from the
> >> EPFL, one of the most well-known persons in the field of
> cryptography
> >> and number sieving.
> >>
> >> And on the method employed:
> >>
> >> " ... one more point on number sieving. It is not "brute
> force" but
> >> it involves complex algorithms that reduces the actual run time of
> >> the overall "challenge". One result of the work can be new more
> >> efficient sieving algorithms: important for PKI and GSI".
> >>
> >> The question now coming from within the biomed VO is
> whether based on
> >> this explanation sites would re-authorise the user or whether an
> >> alternative route needs to be found for the activity - such as the
> >> setting up of a new VO. Though I can probably guess your
> replies you
> >> should let me know your opinions. Since we are not working in
> >> isolation, once I've got a feel for the response here I
> will push the
> >> matter to the ROC manager's for further discussion.
> >>
> >> Jeremy
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: Testbed Support for GridPP member institutes [mailto:TB-
> >>> [log in to unmask]] On Behalf Of Alessandra Forti
> >>> Sent: 01 November 2007 09:33
> >>> To: [log in to unmask]
> >>> Subject: Re: Heinz' Challenge
> >>>
> >>> Hi Jeremy,
> >>>
> >>> I'm not sure biomed was aware of this. I don't have those
> >> jobs on my
> >>> cluster and I was keen to give Heinz the benefit of the
> >> doubt as I met
> >>> him and seemed a reasonable guy. But this is even worst than I
> >> expected.
> >>> Since it comes from the management and violates all the
> >> rules of trust
> >>> that this grid is built upon. I mean so long for policies
> and AUPs.
> >> They
> >>> couldn't do more damage.
> >>>
> >>> I also agree with Kostas that "Sorry" is not enough.
> >>>
> >>> cheers
> >>> alessandra
> >>>
> >>> Coles, J (Jeremy) wrote:
> >>>> Hi Kostas/Graeme/All
> >>>>
> >>>> I agree that this needs to be escalated and it will be.
> >> First though
> >> I
> >>>> would like biomed representatives and Heinz to
> explain/respond - I
> >> can
> >>>> not think of a justification on their side but that does not mean
> >> there
> >>>> isn't one. Once everyone has responded directly (or if the ticket
> >> goes
> >>>> without a proper response) then it can be taken further.
> >> Tier-2s/sites
> >>>> are of course able to decide themselves if they wish to
> take more
> >>>> immediate action as some have already done.
> >>>>
> >>>> Regards,
> >>>> Jeremy
> >>>>
> >>>>
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: Testbed Support for GridPP member institutes [mailto:TB-
> >>>>> [log in to unmask]] On Behalf Of Kostas Georgiou
> >>>>> Sent: 01 November 2007 02:19
> >>>>> To: [log in to unmask]
> >>>>> Subject: Re: Heinz' Challenge
> >>>>>
> >>>>> On Thu, Nov 01, 2007 at 12:19:26AM +0000, Graeme Stewart wrote:
> >>>>>
> >>>>>> From the CIC portal, biomed described itself as:
> >>>>>>
> >>>>>> "These VO covers the areas related to health sciences.
> >> Currently,
> >> it
> >>>>>> is divided in 3 sectors: medical imaging,
> >> bioinformatics and drug
> >>>>>> discovery."
> >>>>>>
> >>>>>> We support the VO for it to engage in _that_ work, and
> >> we're happy
> >>>> to
> >>>>>> have done work related to malaria, avian flu, etc. However, I
> >> don't
> >>>>>> see anything about rsa768 factorisation.
> >>>>>>
> >>>>>> So, this is, to my mind, even worse. This is not just
> >> Heinz being
> >> a
> >>>>>> loose cannon, but sites being conned by top level EGEE
> >> management
> >>>>>> into running jobs to which they had in no way agreed to run.
> >>>>>>
> >>>>>> The problem was then exacerbated by the way that Heinz
> >> wrote the
> >>>>>> code, which resulted in biomed being able to grab far more of
> >> many,
> >>>>>> many clusters in the UK than was reasonable. (And so
> >> much for EGEE
> >>>>>> promoting push model RBs - just send in the pilots and
> >> watch our
> >>>>>> fairsharing go all to hell.)
> >>>>> This is exactly what I was going to say (better worded
> >> and probably
> >>>> far
> >>>>> more polite though).
> >>>>>
> >>>>>> Frankly, as the UK, I think we should give them a bloody rocket
> >> for
> >>>>>> this. They've shown huge disrespect to sites - and how on earth
> >> can
> >>>>>> they expect other EGEE users and VOs to play by the rules when
> >> then
> >>>>>> engage in such a gross violation of our trust?
> >>>>> ...
> >>>>>> We haven't banned biomed - we've banned Heinz. And I am in no
> >> hurry
> >>>>>> to unban him. I'd expect an apology at the very least,
> >> as well as
> >> an
> >>>>>> assurance that this will not happen again.
> >>>>> People should keep in mind that we are going to have
> >> similar cases
> >> in
> >>>>> the future. If our responce today is going to be "a sorry is
> >> enough"
> >>>>> what is going to stop the next user doing the same thing
> >> tomorrow
> >>>>> considering how hard it is for us to spot an abuse?
> >> Unless there is
> >>>>> a strong repsonce people will think "If I am not found (quite
> >> likely)
> >>>>> great, if I am found a sorry will solve everything".
> >>>>>
> >>>>> Cheers,
> >>>>> Kostas
> >>>>>
> >>>>> PS> BTW if the management agrees that breaking rsa768 is
> >> fine then
> >>>> I'll
> >>>>> have a go as well or is it only Heinz/biomed that can have a go?
> >>> --
> >>> ***********************************
> >>> * Alessandra Forti *
> >>> * NorthGrid Technical Coordinator *
> >>> * University of Manchester *
> >>> ***********************************
>
|