Slashdot Mirror
Parasitic Computing
b0r0din writes: "CNN has this article about a way to force computers to solve complex computational problem using the checksum algorithm used by the TCP/IP protocol. For more technical details, see their website." You probably thought learning TCP/IP was useless. No! You can use it to make an extremely inefficient computer...
I have one of those -- it's running Windows ME.
InstaPundit! Ahead of the Curve Since 30 Minutes Ago
Such online piracy does not violate the security of hapless servers, using only areas specifically earmarked for public access, according to the researchers.
But it could slow the machines down by engaging them in mindless conversation while they unwittingly work for their remote master, Barabasi said.
Isn't this theft of resources? The researchers are literally stealing bandwidth and clock cycles. Maybe it's just me, but this seems very ethically wrong. I wonder if an IDS or firewall can be configured to protect against such leeching. Any lawyers or firewall experts in the house?
Wow! Could you imagine a Beowulf cluster choking on one of these?
"Mod, mod, mod...and another troll bites the dust."
This does raise a lot of questions. I'd say it falls somewhere in the big grey area between unethical and illegal a lot closer towards the unethical, so long as there is no visible impact on the host system, but that's just me.
I don't think we'll be having to worry about it becoming endemic anytime soon, as it appears the type of problem that can be solved is somewhat limited.
The truth about Scientology, Xenu, and you: Operation Clambake
This will make an EXTREMLY slow computer, and if anyone out there knows anything about routing (which I am sure you do :) The time it would take to recieve and compile all of the data would take longer and require more bandwith than would be viable on the economy of scale.
Example --- need to send 4,000,000 packets out and recieve the TCP packet back.
To do this with any speed, and also to not lose a fair majority of packets, you have to have a huge backhaul.. (T-3, OC3 or larger) TCP will not continue sending packet so you will loses them. Cost for large backhaul. $4800 month, (as by what my company chages..)
4,800 x 12 $57,600
So for one year of a huge pipe to the net you will be paying 57,600 (through my provider)
This still will not fix latent packets that never get back to the user, or any other problems.. (such as someone on your network running bearshare and eating all of your bandwidth)
Now lets look at the amount of money used for that large amount of bandwidth.
$57,600 for the amount we could have spent on that line in one year we can build a beowulf cluster with 30 nodes (and that is being very liberal on the cost of the nodes)
Now, looking at the article that I read, it seems as if the computing style using TCP/IP is very very ineffiecint.
Personally, for the amount needed to make this work, on the scale of actually getting any real work done, I would much rather build a Athlon Beowulf cluster.
This looks like in reality this could only be implimented in the real world as a new type of DOS attack.
Blah Blah Blah.
Anyway, other than the TCP checksum, are there any other protocols out there that do something more computationally intense to the data before returning it?
An interesting idea is the hijacking of authorization sections of secure protocols, dispatching authentication requests based on a public/private key pair you are trying to hack, to thousands of servers and the one that returns a successful result must have been given the correct key pair.
Of course, I'm fairly certain most widespread secure protocols can't be used like this, but one or two of the less common ones might have a loophole... but then again, if they're less common, resources would be scarce, and you're better off trying to crack things on your own.
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
Well, starting a TCP connection isn't illegal (although starting many, many of them is, of course.) But I wouldn't worry about it - like the researchers say, this would be useless for almost every distributed app imaginable.
While it does work, it's basically trading a (relatively) small amount of actual computation for a large amount of bandwidth. Actually sending those packets out in the first place may take more computation that the actual checksum would, so I'm not sure if this is entirely useful...
Hey, I could turn CodeRed into a SETI@Home client!
Opus: the Swiss army knife of audio codec
Those in Central, Mountain & further timezones might be able to catch it later today, or listen to it tomorrow on the ATC web site.
Just like people dialing a wrong number are stealing your time and resources. But part of the deal in having a phone that other peopls can call you on is that OTHER PEOPLE CAN CALL YOU.
But the people dialing the wrong number are doing it unintentionally. These folks are intentionally using my resources.
It is one thing to waste my resources do to an honest mistake. It is another to intentionally do this. Those are called crank calls (or telemarketers).
Steve M
ICMP echo packets (ping packets) also includes a checksum. By using the ICMP checksum instead of the TCP checksum, almost every computer connected to the Internet could be used for computation, not only web servers.
--CTH
--Got Lists? | Top 95 Star Wars Line
You could write a DeCSS client to find a decryption key by sending the computations out to the MPAA's servers. :)
Q.
I have been running a Mandrake 8 KDE machine for a week now, up from Red Hat 7.1. PIII 800/128 MB RAM.
:)
It doesn't run, it flies very, very fast.
I really think one of the main positive points of Linux is allowing one to configure a good system regarless of the underlying hardware. There are options. Lots of them. If one will not fit your needs or your machine, try another. For free. As in beer and freedom...
But variations could be engineered to make online piracy much more efficient, he cautioned.
Uh, oh, now the RIAA, MPAA, and any other ??AA organizations will want to ban TCP/IP!
Does this mean the Internet is in violation of the DMCA?
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
I Have DONE THIS! I Did it years ago (steal cpu cycles remotely for local computational tasks in a distributed network manner without having account priveledges on any target systems)
,117 K-12 schools or school districts , 22 Local, state, and federal government agencies ,16 Healthcare organizations , 111 Libraries , 21 Other non-profit organizations ,28 Businesses . Most were Amdahl mainframes (IBM clones).
Many unitversities in the 1980s used the MERIT network and many still do.
A feture of MERIT allows logging onto any other system from another system and during a login process a free command line feature allows use of the CALC calculator line command.
This exotic command would only work for a while before they severed the line after about two minutes, unless you finally logged in validly so they could charge you the 9600 baud access fees.
The calculator command was great. It allowed a truly dumb terminal to do simple math functions. Other 1980's terminals such as Liberty Freedom Ones and other terminals have built in desk calculators modes.
You can use the calculator function to do multiplication and other operations without owning a system account. It even worked during modem connections and tou could tie up several connections by "hopping" during a login.
I created tools to use the math functions of the MERIT network to perform computations FOR FREE.
Merit is a private, non-profit corporation, governed by thirteen of Michigan's four-year publicly supported universities. In addition to the thirteen members there are 230 affiliates with a combined total of 425 dedicated network attachments from 398 separate locations. Merit affiliates include: 85 Colleges and universities,25 Community colleges
Stealing free cpu cycles of innocent target machines as a parasite to perform complex computational tasks of a larger state machine, using network protocols is fun, especially if distributed across multiple systems and limitless.
I proudly did it first in the early 1980s.
(I have a life though and achieved many other more useful things by the way)
F.E.
Most of the posts here have been of two schools:
Both valid points, but I think that it's foolish to dismiss this out of hand. First of all, it's a pretty slick hack. Very inventive, if nothing else. Secondly, it brings up some very interesting questions. Can this ever be made practical? What would it take? Would it be ethical to make it work? Can this be used to augment a DOS attack, or something similar? If so, how do we defend against it?
Maybe I'm talking out of my ass here. I don't know TCP/IP very well. However, I know that others of you out there really know your stuff. I'd like to hear from you.
This
Akin to:
If I steal something from you, and you never, ever notice that thing is gone (ie, out of your posession), have I really stolen from you, from your viewpoint?
I mean, if you don't know, you don't know, right?
Reason is the Path to God - Anon
Being an asshole isn't illegal. Nor did it prevent you from posting on /. But if it did the level of discource would rise significantly.
Read the thread to try and figure out my point, which you completely missed.
And while you're at it you may want to read the story. In which you'll find out that they really did this. Actual not theoretical.
I must be having a bad day to be responding to clueless fucking morons.
Steve M
User agreement: I'll let you access the information on my site at no direct cost to you IF you'll allow me access to your computer (not to exceed specified limitations) in return.
Click here to agree.
Don't you think it's time to start communicating?
OK.
practical (prkt-kl) adj.
1. Of, relating to, governed by, or acquired through practice or action, rather than theory, speculation, or ideals: gained practical experience of sailing as a deck hand.
2. Manifested in or involving practice: practical applications of calculus.
3. Actually engaged in a specified occupation or a certain kind of work; practicing.
4. Capable of being used or put into effect; useful: practical knowledge of Japanese. See Usage Note at practicable.
5. Intended to serve a purpose without elaboration: practical low-heeled shoes.
6. Concerned with the production or operation of something useful: Woodworking is a practical art.
7. Level-headed, efficient, and unspeculative. Being actually so in almost every respect; virtual: a practical disaster.
While the usefulness of this hack is virtually nil, it has been put into practise. See definition 1 above.
Steve M
Who said anything about laws?
I think it is a neat hack. I don't think any laws are needed as it seems there are no useful applications of the technique.
But saying that that because I open a service on my machine means that I have to put up with that service being co-opted for uses outside the 'spirit' for which it is intended is bullshit.
Steve M
2. Manifested in or involving practice: practical applications of calculus.
Did you read the article? They did this. They manifested it in practice.
3. Actually engaged in a specified occupation or a certain kind of work; practicing.
Again, they were actually engaged in doing this.
6. Concerned with the production or operation of something useful: Woodworking is a practical art.
Again, read the story. They solved their problem using this technique.
It has been put into practice. It is no longer just theorectical.
I do agree that it is not useful, but neither are virii or DOS attacks. Two other non-theorectical resource theives.
Steve M
If it will make piracy more efficient, I'm pretty sure the pirates would be very interested in finding out more about it.
Hell, in my experience, most pirates would use a modem that belched huge clouds of carbon monoxide and was powered by grinding up kittens in a big hopper if it got them an extra 10k/s on their downloads.
I'm logging off for the night and won't be responding to this thread again, and arguing over definitions by a hypertechnical dissection of semantics got old in junior high anyway.
Yeah that's how intelligent adults (or AC's) cope with things they don't like. They take their ball and go home. Bye.
My background is in physics. I studied it in college. Perhaps if you stayed in school after junior high ... but no matter.
Finding one Higgs boson means it is no longer theorectical. Just one. No no one will believe you if you don't explain how you did it. But you don't have to be continuously producing them.
And that is what they did here. They showed how to use this technique in practice. Thus it is no longer theorectical.
The technique was manifested in practice. It wasn't put into production nor does it appear to be all that useful. But they define the technique and they inplemented it. Just as Newton defined calculus and then used it to solve problems. Calculus turned out to be useful for solving other problems as well.
Here is another way to look at it. It is theoretically possible to use quantum computing techniques to solve a variety of problems. But in most cases it remains theorectical as the quantum computer has not been implemented.
Or perhaps you are confusing the non-theorectical vunerability with the as of yet only theorectical malicious uses.
Or perhaps I'm giving you too much credit. Since you seem unable to grasp the distinction between practical(real;concrete)/theorectical(unrealized; not yet seen in the universe) and practical(useful)/impractical(not useful).
And once they implemented a tinkertoy computer it was manifested in practice. It just takes one. Don't confuse the usefulness of the machine (is it practical to solve problems with it) with the implementation. Once it is implemented it is no longer theorectical, it is a practical implementation of the theory of machine computation.
Oh well, I guess I'll never know.
Steve M
Was this actually more efficient than just doing the calculations on your own system? If you were on a dumb terminal, i might understand the benefit, but you say you wrote a program to hop from one connection to another -- wasn't all this overhead more computationally intensive (even just for your own system) than doing the math yourself?
--
Mod up a post Rob doesn't like and you'll never mod again
To really be useful, you need a longer time to do a more complicated calculation. So:
/. types, they'd probably have JavaScript turned off.
1) Create a compeling website that will get people to stick around for a while (free pr0n would probably work).
2) Put all your pages into frames with a hidden, 0 pixel frame.
3) Create dynamic pages (JSP/ASP/whatever) that will pipe down JavaScript to the hidden frame with the algorythm that needs to be run.
4) Let the calculation run while the user browses your site, then POST the results back to the server when it's done.
This would all be relatively transparent to the user... Of course, if they're all paranoid
Why not make this a feature? Write an extremely simple virtual machine that would perform calculations as asked. Way smaller than java. Simple enough that you could write a proof that it couldn't try to play outside its sandbox.
You could give it a small chunk of memory to use, run it at a VERY low priority, and use SSH like transmission where the packets are automaticaly compressed and only a list of certain IPs would be accepted. All you would have to do is download the IPs of the distributed projects you wanted to work on and the virtual machine would accept packets from them. No specific clients to download for each project, and you would get distributed computing easily on all your machines.
Any projects like this? It would be great to have an always on and client secure distributed computing platform.
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
For full effect, use avian transport for the
TCP/IP packets. And write an interface to this
so that you can use it for SetiAtHome.
You'll find if you read the article that the authors specifically state that they know it is more computationally intensive to do this. It is purely a theoretical exercise in the true spirit of hackerdom -> who cares if it has a purpose, let's just see if we can do it:)
I don't think we're going to have to worry about ethical or legal implications, simply because this is too expensive and too complex. Just buy yourself a cheapo duron, or start a real DC project and make some cool stats so all the stats freaks will join.
Note, I haven't read the pdf's yet, so I don't know how well this type of computing scales, or how much power is available.
The best way to accelerate a windows box is at 9.8 meters per second square.