Slashdot Mirror
The Theory of Leech Computing
Phil Frisbie, Jr. writes "I am defining Leech Computing as 'a program running on a client computer without user knowledge that can process data and report back the results, but otherwise does not effect the usability of the client computer and makes no changes to the client'. Leech Computing, Part 1 covers basic theory."
Good news boy! I found an electronics store that carries leeches. Well, actually, it was more of a bait shop...
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Medival computing?
Pretty soon we will need a host of barber-surgeon IT personel staffing most major computing facilities.
damn parasites
Leech Computing, Part 1
Where have you been leeched today?
---
By Phil Frisbie, Jr.
Disclaimer
This article is for personal enlightenment only. It is not a warning of any known current practices or a proposal of future acceptable practices. However, this is a REAL technology, as you shall see for yourself....
Part 1 of this article contains no real technical details. It is written to enlighten the average web user. Actual working examples with source code will be included in part 2.
Background
I am defining Leech Computing as 'a program running on a client computer without user knowledge that can process data and report back the results, but otherwise does not effect the usability of the client computer and makes no changes to the client'. This leech program runs only in memory, and does not access the client's hard drive at all. Real leeches typically attach themselves to animals that spend time in the water. When the leech is hungry, it attaches itself to an animal where it either remains until full or is knocked off. If knocked off, it simply finds another animal to attach to. When the leech is full, it drops off leaving the animal unharmed. The leech needs the animals, so it chooses large animals and only takes a little blood at a time without harming them.
Leech Computing is related to distributed computing. Distributed computing projects such as SETI at Home and distributed.net have hundreds of thousands volunteers that have downloaded and installed client software that runs in the background or as a screen saver. Data files are copied between the hard drive of the client and an Internet server in order to retrieve data to process and send back the results. Work is broken up into small units that can take anywhere from a few minutes to many days to complete before the results are sent back. These hundreds of thousands of clients act as one huge computer, which can accomplish much work at a very low cost, since the clients 'donate' their computing time to the project.
Another technology you may have heard about is Parasitic Computing. Parasitic Computing can use any computer connected to the Internet to process a tiny amount of data. While the idea is intriguing, it is not practical because the computing power needed just to send and receive the data packet is thousands of times more than just processing it yourself. I mention this because Leech Computing and Parasitic Computing share these basic ideas: the user does not know data is being processed, no software is installed, and no system changes are made.
So how can Leech Computing retrieve data, process it, and return the results without the user knowing it? How can it do this without installing any software? How can it be undetectable by firewall software? All it needs to accomplish these seemingly impossible goals is one piece of common software, a web browser.
The web browser is the most used piece of software today. Millions of users are logged in at any given time of the day browsing web sites, checking email, making purchases, etc. Since the first web site was put online about ten years ago, web pages have gone from plain text pages to the current flashy looking sites we have today. The web browser has evolved to provide the capabilities to support these needs.
One of the first web browser enhancements was JavaScript and Java applet support. JavaScript and Java applets are programs that run in your browser. While Java applets can potentially cause security problems and are disabled by some users, JavaScript has no serious security problems and so is seldom disabled. JavaScript is also the most widely used tool to enhance web pages because it is easy to use and very versatile. Most any time you see cascading menus, moving text, or forms that warn you when you enter the wrong type of data, you are running JavaScript programs. In fact, you could say that a fancy JavaScript page is leeching some of your computer resources in order to create all those fancy effects.
But, while web pages currently use JavaScript and other types of programs to process data to display, they generally do not send results back to a server (with the exception of forms the user may fill out and send). From now on when I refer to a leech program, I will be referring to a JavaScript program. Even though other types of programs such as Java applets and ActiveX controls could also be used, they may be disabled by the user, they may need to be approved by the user before they are run, and they do get installed to the users hard drive.
Simple examples
This is going to be theory only; no actual working code will be presented here. Again, part two will include actual working examples with source code.
Getting the data to the user is the simple part; it is simply embedded in the web page. Scrolling messages are a common example. Even though one line at a time might be displayed, all of them are loaded into the page. Or that cascading menu, which has all the submenus loaded ready to display when needed.
So, current web pages are already using JavaScript programs, and we know that data is being sent and processed to display that cascading menu when you run your mouse over it, but how could you possibly get data back to the server without the user knowing it?
One way would be to persuade the user to perform the upload of data. Remember, forms can submit data back to a server. We fill out forms and send them regularly. But forms can also have hidden information that the user does not need to fill out. In fact, a form can have ONLY hidden information; all it needs is a button for the user to click. Of course, you would not label such a button 'Click here to submit hidden data', but what if it were labeled 'Next Page'? How many times have you pressed a button like that without even thinking about it? When the user presses the button, the leech submits the hidden data and redirects to the next page. As long as the user gets to the next page, they will not have any reason to think that the button had any other function.
Another way would be to use a self-refreshing window. You know, like those annoying pop-up or pop-under advertisements. Or maybe something less conspicuous like a framed advertisement on a web page. When done with the current data, the leech can upload the processed data and get new data along with the new advertisement. Would you even notice, or even wonder about that advertisement refreshing? Of course not, because it is so common.
Conclusion
The technology to implement Leech Computing is here, now. Is it being used? I have not found any evidence, but I also do not look at the source code to every web page I download. Maybe I should.
Can it be prevented? That is the best/worst part, depending on your point of view. Since a leech can simply be a JavaScript program, nothing short of disabling JavaScript can stop it. And if you do, you will greatly reduce your web browsing experience, and will even be locked out of many sites that require JavaScript to be enabled.
Part 2 will be posted soon.
Phil Frisbie, Jr.
---
Page last modified: Tuesday February 19 2002
© 1998-2001 Hawk Software
a terrorist by accessing someone's computer
without their knowledge.
Very truly yours,
John Loose Mouth Ashcroft
Mod him up!
--the vi avenger
EFF PEE !
Spyware seems to fit this definition as a less-appreciated form of leech computing.
I'm not afraid of falling, it's the sudden stop at the end that frightens me.
fpfpfpfp.... hehehehe!!!!
Step #1: Leech off of someone with lots of bandwidth.
I can almost imagine someone writing a server side dynamic javascript generator on Slashdot in order to disseminate SETI data to web browsers to crunch (albeit very tenuously) to be uploaded again whenever someone hits 'submit' :)
GPL Deconstructed
Not really 'leech computing' but just 'leeches' or the infinitive form 'to leech'. I remember 'back in the day' of having friends who would upload GBs (literally several times the size of consumer hard drives at that point) to BBS's with their 14.4s.
:D
And then I would leech them all.
Thanks,
--
Matt
that can process data and report back the results
... it the only report the results (filenames etc.?)
Sure, passwords, logins, mails, other confidential data, or perhaps your son's pr0n collection
This reminds me of some popular trojans for windows (SUB7BONB)!
Life sucks.
I am defining Leech Computing as 'a program running on a client computer without user knowledge that can process data and report back the results, but otherwise does not effect the usability of the client computer and makes no changes to the client'
How can you perform computations on a computer without affecting the usability of the computer? If you are using cycles, then you're using cycles. The ones your leech uses will not be available to the user, and unless you run it very slowly, people will notice that their computer is slower than it used to be.
If it be a crime, then I be guilty.
Face it, the author's definition is simply too broad. Drivers run without user's knowledge. DLLs are loaded without user's knowledge. Hell, just about any program that a user doesn't understand falls under this category.
what else is Mr & Mrs home users new 2.4Ghz, 510Mb, 120Gb system running XP just purchased to send an AOLgram to missy at college once every weekend, good for?
try { do() || do_not(); } catch (JediException err) { yoda(err); }
A professor in our department hired a research assistant a while ago, who worked for him for about a year. After the assistant left, the professor noticed that his computer was running really sluggish at all hours, but b/c he wasn't really familiar with the system, assumed it was just getting slower with all the data processing algorithms he was running.
A couple of months later, the network admin starts nosing around, and sends the professor an embarassing note asking to take down the web server about hot leather pants from his computer, since it was overloading the network...
Mod this up to 5 so people can actually read the damn article.
Nice idea as long as your clients know what they've got on them and are willing to monitor the leech's connections 24/7 to make sure no one's retrofit them with a malicious payload, which is to say they aren't, which is to say I'm about as gung-ho to see these out in the wild as I am Magic Lantern.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
*waiting for Wil Wheaton to show up and make a comment*
:)
Every once in a while I like to masturbate a new word into my vocabulary, even if I don't know what it means.
Dont mod this as a troll you cum dumpsters, this is the greatest fucking post EVAR.
Can we use this to create a distributed webserver that where each person who visits the site will serve copies of it? This guy's system can definitely use it! SLASHDOTTED
SIG: HUP
running silently, without your permission and reporting back data (user habits in this case) to whomever....
What's this wait 20 seconds BS??
'mmmmmmmmm.... forbidden donut'
Can it be prevented? That is the best/worst part, depending on your point of view. Since a leech can simply be a JavaScript program, nothing short of disabling JavaScript can stop it. And if you do, you will greatly reduce your web browsing experience, and will even be locked out of many sites that require JavaScript to be enabled.
You don't need to entirely disable Javascript. How about using local proxies that selectively remove Javascript from a page? They could just remove the post operations, etc the same way that they remove popup windows today.
You're thinking leech as in user takes a file, but doesn't give anything back. Different principle here.
SIG: HUP
OHHHHHHHHHHHHHHHHHHHHHHHH
SO thats why my up rate is at at a constant 100Kb/s.
I thought my computer was just talking to that network thingy at the cable company.
There's also a good page quickly discussing Villain-to-Victim computing. The point is to use correctly configured machines to do things they were not intended to.
We (students) once turned one of the computer rooms into a mosix cluster
although us users knew (unlike this leeching) it was to the same effect, processes would migrate and spread the work load
once mosix get pthreads support (they han't last time i checked, i duno know, they were working on it) i think mosix would be a good thing to install even in offices. your work station being part of a cluster would make it last longer (ie in time b4 it too slow to use, and u upgrade all the office pcs)
Conceptually, I find this interesting. It can run without user notice. The only problem is that it does steal CPU cycles, and as far as I know there is no real way in Javascript (or Java applets) to make the program run only when it isn't competing with other applications. I can imagine that some users might get really upset because you are stealing their computer resources. Because of this, I wouldn't recommend doing this kind of thing without notifying the user and perhaps giving them the option to turn it off. However, I can see some potential uses for this as long as the user is aware. For example, slashdot viewers probably wouldn't mind some leech Javascript working on the latest encryption cracking contest, especially if they got to "share the wealth."
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
Hyuck hyuck hyuck. I saw that movie too.
Wil Wheaton sucks harder than any leech.
that was the stupidest fucking article _EVER_.
ps. suck onto my balls.
this sig limit is too small to put anything good h
Wired had an article about this way back in '97.
They called it mipsucking. The idea was to skim off CPU cycles when someone visited a web site. They even had a sample java-script app.
tscheck iour gremma!
Say you're running a 1.5 ghz machine and browsing the web. Chances are, even if you're playing MP3's in the background, you're using less than 5% of your processor cycles. If you could trade another 50% of those cycles you're not otherwise using for the ability to kill ads or for access to a restricted site, Would you?
(I can see it now. 50 to 100 years from now, the Porn Website Coalition has won a Nobel prize for creating a vast distributed network for math intensive problems....)
The problem with this model is that the implimentation of Javascript is slow and horrendously messy. It's brutally inefficient for anything other than the most minor effects carried out in a browser window. I shudder to think of what most browsers would do, given a math-intensive task. FFT's in Javascript anyone?
Unlike the author, I think that Java and/or ActiveX applets will probably see this sort of exploitation first, since they're easier to tune speed out of.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Are you also "The Turd Report"?
If so, why'd you stop posting?!?!?
I can't get through my day without TTR!!!!!
-CmdrTaco
Like the way you leeched this article. Sorry, couldn't resist.
For every post, there is an equal and opposite re-post.
Hey, I thought Leech computing was running a MicroSoft OS. ok, ok... cheap shot, I know.
Ok so using JavaScript will get the kind of spread that would be nice but I don't think you could do much in the way of calculations with it. It is VVVEEERRRYYY slow. It also seems to take over all of the computers I do demanding tasks with while using it (none of them are above 500Mhz).
Also, the computing power using JavaScript would be lower than the power required to add it to things and whatnot.
umm I'll start fininshing that essay now
When I was an undergrad I did a semester research project on this and identified some of the problems:
http://www.russross.com/cs261/paper.html
I run a dual CPU machine now which generally masks the problem, but even the fastest single CPU systems will suffer noticeable effects once the scheduler falls back to a round robin scheme with weighted timeslice lengths which is essentially what happens once you have two or more CPU bound jobs competing for CPU time.
- Russ
Wil Wheaton sucks harder than any leech.
He usually posts to Slashdot in the evenings. It's a shame that he's pretty damn easy going - I'd love to see him flame you.
Oh wait - you're a coward, too afraid to even give your name. Ass.
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Consider though:
- Use a server running apache to create little tasks and accept requests by sending out XML packets as replies.
- A languauge that can upgrade itself on the fly (I need *this* version library, go fetch..)
Home parallel processing... and today's pet project has
fuckedcompany.com, in a few more weeks we should be hearing about slashfags getting laid off (cuz you know they're not getting laid)
Ego masturbation as 'the guy who submitted this article and wants to be some hip motherfucker who can say 'hey, look at my throbbing, dripping ego! I coined a term!."
A more effective solution would be to have operating systems ship with distributed computing clients pre-installed. That way, if it's ever on the net, it'll be able to do work.
;) Besides, even if it did get hacked, you could have it runnig in a sandbox so that the system's integrity would never be jeopardized.
The current implementation of Leech Computer requires the user to be surfing around with a web browser. My solution would be on every OEM pc sold. Seems like a more useful setup to me.
Yes, there are security implications, but only as much as having any self upgrading piece of software running in the background. (Besides, I never said Microsoft was the company I'd pick to make the software.
The people buying computers these days are pretty clueless. I've seen people buy computers without having even used one before. Just because it's the 'in' thing. We might as well put all that wasted processing power to good use!
I believe we have discovered the first really innovative use for Java. Think about it, web delivered, platform agnostic (it's supposed to be) and quiet. a simple java app that loads, perform's it's job, send the results back and dies.
Do not look at laser with remaining good eye.
The one thing that surprised me a bit was that the author didn't take advantage of the opportunity to put a bit of leech computing onto his own web page. He mentions (on the second page) that:
Then I remembered that there was, in fact, just such a button on the first page. But when I went back to check, there wasn't actually a Javascript applet there trying to leech a little bit of computing power from me. There wasn't even a cute little message thanking me for checking to see if there was such a Javascript applet. Too bad, he missed a great chance.
There's no point in questioning authority if you aren't going to listen to the answers.
How about a system where everyone shares everyone's resources? Now of course if you have to do some heavy computing, you aren't going to want to have someone across the world crunching for you, unless you have high bandwith, but I think it would be a great idea. Anyone who runs the daemon, would be able to do whatever with an unlimited amount of power. Also being able to share files and whatnot.
However I don't know if it would be the best thing in the world if slow dialups were using it. That would kind of defeat the purpose. But perhaps it would be possible for someone with a slow ass computer, but high speed connection to play a computer game that was partially computed by someone across town? That would be really neat. I wonder if it would work...
Leech Computing(TM) is as pervasive as html. Ads (especially distracting ads) are leeching off of my brain power. They attempt to influence my browsing and buying behavior by first getting my attention and then communicating something to me. They are the cost for all of the free stuff I use daily, so I'm not complaining.
Would you even notice, or even wonder about that advertisement refreshing? Of course not, because it is so common.
Conclusion
The technology to implement Leech Computing is here, now. Is it being used? I have not found any evidence, but I also do not look at the source code to every web page I download. Maybe I should.
How about ghost ships and zombie processes? Wether intentional or accidental the results are the same. But then I'd hope that "the article poster" wasn't looking at this from a winblows or web centric point of view. Sounds like someone looking to kick up there webhits page. MOve along no news here.
JerryMeander posting w/o an account for 5 years (egads it's been a long time) and will continue doing so (i'm just too lazy to look up my lost password, or recreate my account)
Hey, screw you ya freaking karma nazis. I say something original, maybe not funny, and I get mod'd down. Now I've got an original idea. I'll copy and paste the article in discussion, and get mod'd to 5. "Hell, I hope I'm not breaking any copyright rules in doing so." Freaking jerks. :0
Do you see the sig? Do you have it in your sights? Why yes, Miss Moneypenny...
Is that in the second page, the author suggests that one way to get the applet to send the data back is to disguise it as a form, even a form with all hidden data, and only a button to click... what if the button just said "next page"? to read the page where the author suggests that, you have to click a button that says "next page". Have we all just been unwitting participants in an experiment to see if the theory works? Or was it just the 3 or 4 /. readers who actually go out and read the articles?
"The avalanche has already started. It is too late for the pebbles to vote" -- Kosh
Microsoft probably already have all those XP desktops autogenerating the next iteration of their inoperating system so they can concentrate on .Net
Yours Sincerely, Michael.
Well screw you too. mofo.
yep, absolutely right - if I'm browsing Slashdot on my G4 450dp with iTunes running, I can run dnetc from the terminal at 7.5Mkeys without any noticeable performance hit (if I use Omniweb at least, other browsers don't seem to be as threaded and get all choked up on me). Just proves how much excess power modern computers have - 8Mkeys when running by itself, 7.5 Mkeys when running with Omniweb and iTunes.
That was classic intercourse!
I don't really see how this is TOTALLY possible... I see how you can abstract it until it feels like it's working however...
IE... Ok, you don't want to install the program, since that would be changing the client, so all computers voluntarily run a sandbox... That sandbox runs in System Idle Process, or niced down a ways... Even given THOSE conditions, a would be interrupt would have to change context from that program into its own code (incidentally, it would have to without it, but for the sake of argument), and the processor will be giving off heat when if could be sitting idle...
No, I'm not TTR. In fact, I despise that sicko. IIRC, he wrote some fictional story about me and posted it in his journal. Weird. - 'EricKrout.com'
It's easy enough to hide a window in the background, much like a pop-up ad would. This window would auto update to send information back to the server.
Particularly vicious would be a virus that could harness this power and then redirect en-masse to DOS attack a specific target.
This concept is every interesting.
This automatic mirroring would be an easy way to kill the slashdot effect when it comes to sudden demand increases for specific files on a P2P network (Think Starr Report). Of course, one could argue that with sharing on by default a popular file would have plenty of mirrors without such as system, but it would help in situations where time is critical.
gsf@research.att.com had a coshell running back in late 1980s as part of nmake. Each person in the department permitted coshell to execute on their Sun workstation. Nmake would distribute compilation request to the Sun workstations with the least busy time. Reduced build times by 7 to 1. He has a patent on the coshell FWIW
If you want to give a handjob to Omniweb, just say so. Don't get bogged down in all the other shit, especially how you get off on running dnetc fast.
I'll look in the cookie jar and see if there's a goodie for you.
Imagine Google, or even Slashdot using this to aleviate some of their huge (well google anyway) computing needs. I certainly wouldn't mind lending a few of my CPU cycles to google if it meant my searches become more accurate.
"Don't let ego cloud your judgement, but don't let humility cloud who you are." -- Captain Squal
Mind the frickin' laser...
HAH, mod this up! "Wet bug parlors".. ;)
Oh no you di'int.
Do you see the sig? Do you have it in your sights? Why yes, Miss Moneypenny...
Leech computing?
I thought it was Lich computing, which is much
more horrifying...
Well, it seems that if something is greedy, self-serving, and intrusive, it doesn't neccesarily have to come from government after all!
It may be even easier to do than I thought at first, but some of the problem for people like me with persistent connections can be alleviated by:
1. Serious Firewalls (not much good, but could at least make it harder for a targeted attack if the Java Virus steals password data).
2. Running Java only when neccesary (what a pain).
3. Monitoring your bandwidth (my Primary Internet router actually has an LED meter of sorts).
Still, any code brought in by clandestine means, that operates without the user's knowledge or permission, is "malicious code," and perpetrators should be considered dorks.
It doesn't matter if the user is using the machine up to what you consider it's potential, It's Not Your Machine!
I wonder how many of the people who think this idea is "kewl" and think those users won't be hurt spend their spare time railing against "corporate greed." :)
Oh, well, one more genie out of the bottle.
Phil, you really should do a literature survey before you write stuff like this. Your so called leaech computing does not seem that novel, most viruses and intrusions occur like this. Non destructive voluntary cycle stealing has been well studied too, maybe you should take a look at the Condor project. For distributed search, there have been many applications, most notably seti@home but also protein folding and other such important problems. I could put the links in here, but you might be an undergrad trying to get help with your homework and then I could get in trouble (as I'm a Professor). On a side note, Barabasi et al. recently published an interesting paper on Parasitic Computing was published lately about using internet checksum computations to do interesting work. I will provide that link as it appeared in Nature (a MAJOR scientific forum but not usually thought of when looking for Computer Science references).
> how could you possibly get data back to the server without the user knowing it
.. " as a close of the top level script tag.
He says refresh and 'tricking' the user are the only ways (on form submits.) Wrong.
dynamic.php:
<script>
data data data
do do
calc calc
var me = answer;
document.write("<script src='http://myserver.com/donate.js?answer=" + encode(me) + "'></scr"+"ipt>");
<\script>
That sends some data to the client, does some client side cals, and sends the data back to my server (although I have to respect the max limit of data one can send via form posts, but its the same with his more obvious methods.)
This is done all the time to count impressions in the advertising world. In fact, in a sense, advertising tracking online is already leech computing in some implementations.
BTW, the
"Old man yells at systemd"
Hasn't it always seemed like tomorrow's CPUs were going to deliver so much performance you could share the excess capacity? Except that the OS/Apps of tomorrow always seem to grow to suck up that CPU so there's never any extra to hand out.
Except for the whole "Green PC" thing.
Computers do use more power when they are actually doing something. If one OEM did this, the other OEM would have a big ad campaign with people and their electric bills.
This is simply stealing money right out of people's pockets. I don't see it as any different from what the guys in the movie "Office Space" attempted to do by shaving a couple cents off of each transaction.
Sure, it only costs each user a little bit of money, maybe $1 a month, but it is still stealing.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
In 1988, a guy named Robert Tappan Morris had this crazy idea: take over people's computers but only use their spare cycles to (I believe) solve one hell of a math problem. Guess what happened next...
MS Windows.
http://en.wikipedia.org/wiki/2004_U.S._Election_c
The other problem is there is no money in distributed computing.
No one really has come up with a math-intensive problem that distributes well, that also can make money.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
ClearCASE distributed builds do this, although I'm not sure if it's really the same technology underneath or not.
Your right to not believe: Americans United for Separation of Church and
What you didn't know is that all these years Linus himself has been using the kernels of all net-connected linux users to munch data which he sells for a nice profit...
;-)
Spoon not. Fork, or fork not. There is no spoon.
Really, the methods he mentions, my browser already blocks.
"Tell me when I am about to submit data in a form"
"Disable (or 'warn me about') active scripting/Javascript/Java/ActiveX"
Am I the only person that uses these setting as my standard configuration?
Yes, this doesn't apply to "Joe Home User" but that is a matter of installation defaults, and Microsoft already said they'd switch to "secure by default" settings. (I should have tried harder resisting that dig.)
But really, Javascript *is* blocked by 'paranoid' security settings in browsers. And so is submitting form data. Though I haven't yet seen anything that tells you *what* data the form is submitting, without having to view source.
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
no, I don't want to give 'em a handjob - their browser is some way from perfect, believe me. But, shit, I spent a load of cash on my PC, It's nice to know it can do SOMETHING - better than all those PCs filling offices all over the world cranking through a fucking flower box screensaver. What a way to use up the world's natural resources! WTF do they stick all those stupid Energy Star stickers all over monitors when a little Post-It telling users to set their 'saver to "blank screen only" would be a THOUSAND times more environmentally helpful? Yeah, I used to get a mild thrill out of running dnetc fast, until my model got obsoleted - now it's a badge of shame (except in the x86 world, where it still looks fast). Anyhow, the numbers are true, and therefore DO illustrate the amount of wasted potential that typically heats up peoples offices these days.
That was classic intercourse!
And how is different from a classic [pre-Morris] computer worm? The original idea of a computer worm, after all, was a piece of code that would seek out under-utilized computers and run your code on it without disrupting normal operation. Morris's worm, for that matter, could have acted that way (arguably it was intended to) if it had been better debugged.
-JS
Vanity of vanities, all is vanity...
So pay them for units their computer's complete. Problem solved. Now the OEM looks like a godsend to Joe Sixpack because they'll pay him just to leave it turned on. And since Joe Sixpack doesn't know jack about computers, he doesn't realize that he'll save money by not having it do anything.
imagine doing this on a beowulf cluster
Back in '94, her computer also served as our print server....
"Joe Sixpack" (God a hate that expression) isn't an idiot. He will know that you don't get something for nothing, and ask what the catch is.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Interesting idea, considering that how the posts show up is up to YOU Check out your preferences jack ass!
Just have idea -
;-) pages.
Imagine Java applet on the Slashdot main page (and, more important, on comments pages).
Applet can take the piece of data from server, make some necessary computations (3-10 s., not too long), and return result back to server. It is important to increase "operating time", so it make sense to put such applets on the loooong and interesting
So, I view the content, and I pay for this with my CPU cycles.
BTW, Java is quite efficient for numerical tasks, according to my personal experience.
Goggy.
You missed the entire concept. What you're talking about is parasitic computing. Leech computing does not install ANY software to the client. It simply sends the data, mixed with other data, which is operated on unknowingly to the user, and sent back, unknowingly to the user, to the intended destination.
Waaaay back in 95-96, I created a cgi script on my university's homepage server that would simply grab the user's information (ip address, etc), put it in a file, and then display an image. Since I didn't have access to the http logs, there was no other way to see if anyone was viewing my web pages. I could connect it to any image I wanted to, and nobody would be the wiser (unless they looked at the page's source).
I'm not sure if that would be considered a leech, but it was quite useful to me at the time...
And I had thought of this long before I had ever heard of the annoying 1x1 images all over the place... maybe I should have patented the idea. That way, my web browser wouldn't constantly be bogged down with requesting images from akamai. (And if it was, I could sue them.)
One of the prime costs of parallelised computing architectures has always been the communication overhead. When you break a computation into little bits, the transportation overhead allocated per byte of data transmitted rises enormously, depending on degree of parallelisation, of course.
/. session of how to guard against such exploitation without resorting to java/javascript disabling.
This is why TCP-based parasitic computation has never been much of an issue; it's simply not worth it. The processing power involved in forming packets and sending them off and receiving results has been greater than the power needed to perform the same calculation locally. Of course, with a sufficiently large number of hosts to leech cycles off, this ceases progressively to be true; assuming decent bandwidth too, naturally. Both generous asusmptions, even nowadays.
The real innovation here, IMHO, is the thought of conducting this kind of leeching using Java/Javascript. Both languages have splendid control flow structures, the bread and butter of number crunching. This means that there can be greater computational assignments at the nodes between transmissions, and this, if you've been following the stream of my thoughts here, means greater efficiency.
I'm looking forward to some examples now that parasitic computing should be technically feasible, efficient, and economic.
And I predict a lively ask
Blearf. Blearf, I say.
As a student, I know some people who were "busted" for installing seti@home and distributed.net clients on university owned machines without authorization. I'm assuming that this would be considered "leech computing." While the students' actions were harmless, there's a lesson to be learned.... DONT MESS WITH STUFF THATS NOT YOURS!
Perhaps with proper legislation, "leech computing" will become less of a problem...
Oh wait - you're a coward, too afraid to even give your name. Ass.
Actually I just wasn't logged in, Evan.
Allow me to proclaim loudly for all to hear: "Wil Wheaton sucks."
He's not the worst actor, but he's definitely in the lowest tier. Down there with Adam Sandler, Martin Lawrence, the Baldwin brothers (collectively), and the guys from CHiPs. Just because he frequents slashdot doesn't make me think any higher of him. Clearly you, a card carrying member of the washed-up-Hollywood-actors-who-post-to-slashdot guild, feel he's a good buddy of yours because he spouts off his mindless drivel here. What does that say about you, Evan?
I invite you, and your easy-going "friend" to flame me with all you've got. You other Slashdroids who aren't afraid to lose karma are welcome to join in too.
www.filefront.com
Take a look at the "client" they have you install to obtain games. It uses 'P2P' which is, in their words, a good thing. In reality, it installs a program that sucks up your bandwidth so fast you won't be able to play that Day of Defeat mod you just download from them.
I know this, because it only took me 2 minutes to find out my roommate had installed it and we immediately had 5 different connections trying to hit his machine. Amazing how quickly that program can bring a DSL connection to its knees.
Processes that computed quietly in the background used to be called deamons. The concept of deamons is more general than leeches, but encompasses them.
And?
feel he's a good buddy of yours because he spouts off his mindless drivel here. What does that say about you, Evan?
Actully, I don't feel he's a "good buddy". I just feel that anybody who attacks another person solely for the sake of attacking is an ass. I would have defended anybody you felt the need to personally attack.
Allow me to proclaim loudly for all to hear: "Wil Wheaton sucks."
Yes? And how? You're not saying he's a lousy actor (although you do later in the post, so I lean towards the idea that you are basing this statement upon your opinion of his acting), so why so you think Wil Wheaton, the person (whom neither you nor I know) sucks?
--
Evan "More than willing to burn Karma to grind agressive, anti-social assholes into the ground" E.
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
If you're trying to sound like an intellectual, you'd best learn the difference between "effect" and "affect".
And the brethren went away edified.
So does this mean I can turn the entire internet into a Beowulf cluster?!?!?!?1/ I can't wait until I tell the other skript kiddies about this!!!!!!!!!1111oneonetwo
My life's goal is to get a score of +3!
but it may sound like one. (it is not MS bashing either)
I have always wondered if Microsoft has done something like this in their operating systems. If they were sneaky, the "System Idle Process" would be doing a lot more than advertised. It never registers on the CPU counts, even though it is running at 99% of the CPU most of the time. The OS is closed source, so nobody could review it. Just a few ticks here and there, times 50 million. Have the website scoop up data, and distribute the next session (would be missed because you were doing a windows update or checking for the latest security hole fix). Get a nice new registration scheme that gives the PC it's new job codes.
I'd sure be doing it if I was them and I had that many captive PCs
It isn't enough that you people go after webservers, but email too! What the hell is with that link to the dude's email. You should be banned from posting. Hemos should not be allowed to accept post either.
Pretty poor thing to do in my opinion. I crunch SETI or distributed units depending on what mood I'm in (that's an interesting one...what kind of mood do I have to be in to determine what data I want to crunch....hrrrmmm) so I don't mind doing this thing. It's just that having someone do it w/ out my knowledge kinda ticks me off. Yeah, I know it's not much processing power, but still....the principle of the thing.
And the author of this kinda sounds gleeful when he says the only way to stop it would be to disable JavaScript, which would lock the user out of many sites (not a direct quote). Grrrr..........he's pretty much promoting web pages as a great way to do things that users don't know ahout. Gee, there isn't enough of that out there today....*cough*
Why not just use one of the well-documented, unlikely to be fixed in the near future 'features' in MSIE? You could write your program in C, upload it to the luser's RAM via a buffer overflow, and execute it. Upon the next reboot, it's gone, as it was never saved to the hard disk.
Instead of infecting the web browser in some intricate way, as indicated, why not just use the Windows DLL's to make a windowless browser client, submitting the automatically created web page with form included completely hidden? Should be rather easy, even for a VB novice as myself.
Jakob Breivik Grimstveit
"I love deadlines. I love the whooshing noise they make as they go by."
A better term would be parasitic computing. Since a parasite thrives of off a host.
that "Next" button at the bottom of the first page of the article's going to be the sample code in Part 2! Would make for great irony and would shut up anyone that claims that they'd notice if their machine was doing something it's not supposed to.
-Crawdaddy
His article says:
Another technology you may have heard about is Parasitic Computing. Parasitic Computing can use any computer connected to the Internet to process a tiny amount of data. While the idea is intriguing, it is not practical because the computing power needed just to send and receive the data packet is thousands of times more than just processing it yourself. I mention this because Leech Computing and Parasitic Computing share these basic ideas: the user does not know data is being processed, no software is installed, and no system changes are made.
Please try to read the article before you go making redundant peanut gallery comments. The link you provided is helpful, though.
PUBLIC SPLIT ON WHETHER BUSH IS A DIVIDER -CNN scrolling banner, 10/15/2004
Look, Evan. I'm some anonymous person that you don't know. There is absolutely no need to lie to me.
It's obvious you have a crush on the guy, and hey that's fine. You've also got a Rocky Horror fetish, and that's fine too. More power to you. The key is to accept your feelings. Just don't keep lying to yourself, pretending you're doing some wonderful deed standing up for an actor in the hopes of making them notice you. It's just not going to happen, Mmmkay?
If I was to say, "Metallica Sucks." Would you grind my aggressive, anti-social asshole self into the ground for personally attacking them? No, probably not. Because it isn't a personal attack. Same applies here.
This strikes me as theft, plain and simple, if the folks doing it don't ask for your permission first. What I would want is a utility which detects these intrusions and then sends back fifty megabytes of bogus data over my cable connection...see how long the theft lasts when they continually get slammed with garbage.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
By definition: a program that leeches CPU and reports back to the mothership.
Gates and his cohorts have been doing this
ever since the Internet came along.
All my best friends were anonymous people I didn't know at one time. :) Here's to interaction.
If I was to say, "Metallica Sucks." Would you grind my aggressive, anti-social asshole self into the ground for personally attacking them? No, probably not. Because it isn't a personal attack. Same applies here.
No, and if you said "Westley sucks" or "Stand by Me sucks", I wouldn't have had a problem. But had you said "Jason Newstead sucks", I would have jumped in with the same fervor.
Hell, you could have even said "Wil Wheaton's acting career sucks", or "Wil Wheaton's acting sucks" (although, if you're like me, you haven't seen any representative work of his in the past decade). But an attack on a person is an entirely different affair.
So - clarify. What are you saying?
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
The only thing this will be used for is nuking
What if there was a proxy that could scan a web-page (much like an ad-busting proxy) and try and deal with the code within. It could then tell you roughly what a certain bit of java code did and ask you if you wanted to run it or not. There are few recognised innocent things java can be used for in web pages - validating, rollovers etc, the code for these is not that complex. If people would start using the same bit of code (many do, because they nick it from someone else) it would make it easier to identify what was useful and what wasn't. For example, anything that creates a new window is not useful (IMHO), so the proxy could disable it, and put a little link at the bottom of the page saying "this script has been disabled, to enable it click here" or something like that. You could also allow the user to disable certain commands, such as onRightClick (i think thats the one) to stop right click scripts (you will know what i mean if you use IE.. (i use opera)). This way you could live with java enabled but without annoying script kiddies.
Mainly its microsoft who are the culprits, allowing scripts to do more than is good for them. The whole idea of the sandbox, is that you cant control _anything_ outside it, not the window, not the mouse, not the browser. This is starting to get offtopic though..
This comment does not represent the views or opinions of the user.
don't troll the feeds
I about pissed myself after reading this:
http://www.mnftiu.cc/mnftiu.cc/war.html
Read the whole site. It's funny shit.
i just read this whole thread. what the fuck chuck? so what? you're sporting a stiffy for some actor that may or may not be good. but let's at least be honet about the whole deal. don't fool yourself -- you can't fool yourself. i'm not homophobe, so don't sweat it. i don't hold you being queer against you or anything. it's not an issue. but for god's sake man, get it out in the open. stuff that festers just gets infected and puss covered, and what good is that? you tell me that.
moral of the story: you act like an ass-> you look like an ass. don't act like an ass. not that you should care that I think you're a silly bastard a bit too wrapped up in some sort of platonic liason, or maybe not platonic (but that's not the issue). just don't being a silly little fuck about the whole affair. this advice you can take as from someone who's been there.
what would be the use if you need hits from a webpage to do this? even if you had thousands of webpages (impractical) doing this you still have to get people to go to the pages. parasitic computing and distributed systems like SETI don't require users to do anything. let us not forget that the checksum isn't the only possibility to get a computer to do calculations unknowingly (and without installed software). look at routers, ssl, etc. In combination, these seem much more useful for exploitation b/c contact between parasite and host is initiated by the coder of the parasite. anyway.....
This is brilliant.
Why not create a Java applet that does distributed.net work (or similar), proxied through the web server. Slashdot could have it on its main page (hell, it could be that Slashdot logo in the corner). Some clever person could submit all the work done as his or her own. Sure, running in Java only part-time would limit the amount that would get done, but given the number of computers sitting on Slashdot at any given moment, it could accomplish a lot cumulatively...
I'm not familiar enough with web Java applet security policies to know how tricky this would be, but it'd be interesting, anyway.
-Puk
I wonder if you have ever been bitten by a leech! You'll know about it alright, just maybe not straight away. GF & I got into a bit of bush and got half a dozen bites each about a fortnight ago. Took a week for the itching to stop for me, gf is just recovering now.
Maybe the effects of leech computing would be the same, you don't notice it when it's happening, but you pay for someone's piracy later.
Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
:-] trolls provide a valuable service though, dontcha think? they always get the stupid comments in early enough to avoid you accidentally making the same ones. I wouldn't browse at 0 if I minded THAT much - even the ascii cracks me up sometimes!
Yes, it is a very good idea, and to a certain extent its already here. Just take a look at the Fast Track network. Morpheus, Kazaa et al. give the option for a "super node", which I usually disable because my k6-2 550 ain't what she used to be, that allows search requests to be bounced off of your pc. Dosn't exactly use spare cpu power for anything useful, but it does improve the speed and search accuracy of the network.
13 year old white supremacists are shitty web designers.
Stress is a killer, man. Take it a little bit easy next time.
Next time I want to share some information, I'll be sure to be as cryptic as possible to avoid complaints.
Thanks.
I never said that Java or ActiveX would not work, only that for my simple examples I would use JavaScript. I will get into more details in part 2, but let me say that I think it would be best to add a leech program to an ActiveX component that is needed to access a site. For example, your bank may require you to download an ActiveX component to display interactive tables, or how about for updating your software :)
Thank you! Someone else that read the article and understands the concept.
Secondly: Please do NOT moderate this up as funny. This is written on a PC with such a SIS MoBo, AMD K6-2 500 and a PCI TNT. Sulk, pout.
I know we love to bash the marketing folks around here a lot, but I have to make a stand for marketing at this point.
Please put some more thought into what you name these things. P2P and distributed computing has so much potential...but if we go around naming our protocols "leech" who the hell is gonna use it?
I'm going to assume that for now the author goes for something using Javascript:
#1. Javascript is extremely slow. It's also interpreted, not compiled. Code optimized and compiled for a system can be a hundred times faster.
#2. Coding anything usuable for this type of application would require a good bit of code to be sent via javascript.
#3. The amount of processing it would take to:
A) Generate the web page to send to the user with the appropriate Javacode + whatever the user needs to process
B) User's computer to interpret the Javascript, execute the code, send back to the main host computer
C)Host computer recieves the data, decides where to store it, what to do with it etc.
And for the code to run and NOT affect the user significantly (meaning the processing done wouldn't be very much at all), all in all would likely require far more processing than it would if it were compiled on a server just running by istelf.
All in all it would be very inefficient, and probably faster for the server managing the data and generating the pages to process this information on its own.
Sorry I flew off the handle.
I'd mod you up, but I can't now that I've participated in this discussion.
PUBLIC SPLIT ON WHETHER BUSH IS A DIVIDER -CNN scrolling banner, 10/15/2004
Too bad that idea has been around since the 70's. Read Cyberpunk's third chapter on RTM (Robert Tappan Morris), or follow this link I just found: http://www.info-sec.com/viruses/99/viruses_061599a _j.shtml .
I was thinking the same. An article about leeching , actually performing what it just explained?
Parasitic Computing is useless until the compute power one can steal is greater than the compute power needed for the theft.
A jewel theif wouldn't spend $15,000 to steal a $5,000 diamond, so I won't spend 15 clock cycles to steal one.
-twb
"The other problem is there is no money in distributed computing."
:(
Sure there is - but its in everybody else's wallets.
.
That is nothing new... M$ invented that with win3.1 way back...
I'm sure, I'm remebering correctly that JUNO, a free, ad sponsored ISP; was either going to, or had anounced their intention to have their user's either migrate to a paid plan, or run some kind of drug analylsis program on their machines. I think their EULA even had a line that required that end user's machines run 24/7, but they were not planning to actualy enforce that clause.
From what I've seen in the field, joe aveage windows user realy doesn't multi-task anyways so there are lots of idle CPU cycles connected to the internet. I've processed 89 work units for SetiAtHome on my machine.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Something like the Million Monkeys with Typewriters (WordProcessors) creating the Complete works of Shakespeare?
Your Girlfriend and I got into a bit of bush, I got about half a dozen bites on the neck a fortnight ago.
Took a week for the bitching to stop, your girlfriend is just able to walk now.
She had a nice bush though...
- Kaos games and encryption systems developer
Actually, an embedded Java applet (make it 1 by 1 pixels) may fit the job description better, especially if there is a way for that applet to denice itself.
>|<*:=