Slashdot Mirror
The Theory of Leech Computing
Phil Frisbie, Jr. writes "I am defining Leech Computing as 'a program running on a client computer without user knowledge that can process data and report back the results, but otherwise does not effect the usability of the client computer and makes no changes to the client'. Leech Computing, Part 1 covers basic theory."
Good news boy! I found an electronics store that carries leeches. Well, actually, it was more of a bait shop...
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Leech Computing, Part 1
Where have you been leeched today?
---
By Phil Frisbie, Jr.
Disclaimer
This article is for personal enlightenment only. It is not a warning of any known current practices or a proposal of future acceptable practices. However, this is a REAL technology, as you shall see for yourself....
Part 1 of this article contains no real technical details. It is written to enlighten the average web user. Actual working examples with source code will be included in part 2.
Background
I am defining Leech Computing as 'a program running on a client computer without user knowledge that can process data and report back the results, but otherwise does not effect the usability of the client computer and makes no changes to the client'. This leech program runs only in memory, and does not access the client's hard drive at all. Real leeches typically attach themselves to animals that spend time in the water. When the leech is hungry, it attaches itself to an animal where it either remains until full or is knocked off. If knocked off, it simply finds another animal to attach to. When the leech is full, it drops off leaving the animal unharmed. The leech needs the animals, so it chooses large animals and only takes a little blood at a time without harming them.
Leech Computing is related to distributed computing. Distributed computing projects such as SETI at Home and distributed.net have hundreds of thousands volunteers that have downloaded and installed client software that runs in the background or as a screen saver. Data files are copied between the hard drive of the client and an Internet server in order to retrieve data to process and send back the results. Work is broken up into small units that can take anywhere from a few minutes to many days to complete before the results are sent back. These hundreds of thousands of clients act as one huge computer, which can accomplish much work at a very low cost, since the clients 'donate' their computing time to the project.
Another technology you may have heard about is Parasitic Computing. Parasitic Computing can use any computer connected to the Internet to process a tiny amount of data. While the idea is intriguing, it is not practical because the computing power needed just to send and receive the data packet is thousands of times more than just processing it yourself. I mention this because Leech Computing and Parasitic Computing share these basic ideas: the user does not know data is being processed, no software is installed, and no system changes are made.
So how can Leech Computing retrieve data, process it, and return the results without the user knowing it? How can it do this without installing any software? How can it be undetectable by firewall software? All it needs to accomplish these seemingly impossible goals is one piece of common software, a web browser.
The web browser is the most used piece of software today. Millions of users are logged in at any given time of the day browsing web sites, checking email, making purchases, etc. Since the first web site was put online about ten years ago, web pages have gone from plain text pages to the current flashy looking sites we have today. The web browser has evolved to provide the capabilities to support these needs.
One of the first web browser enhancements was JavaScript and Java applet support. JavaScript and Java applets are programs that run in your browser. While Java applets can potentially cause security problems and are disabled by some users, JavaScript has no serious security problems and so is seldom disabled. JavaScript is also the most widely used tool to enhance web pages because it is easy to use and very versatile. Most any time you see cascading menus, moving text, or forms that warn you when you enter the wrong type of data, you are running JavaScript programs. In fact, you could say that a fancy JavaScript page is leeching some of your computer resources in order to create all those fancy effects.
But, while web pages currently use JavaScript and other types of programs to process data to display, they generally do not send results back to a server (with the exception of forms the user may fill out and send). From now on when I refer to a leech program, I will be referring to a JavaScript program. Even though other types of programs such as Java applets and ActiveX controls could also be used, they may be disabled by the user, they may need to be approved by the user before they are run, and they do get installed to the users hard drive.
Simple examples
This is going to be theory only; no actual working code will be presented here. Again, part two will include actual working examples with source code.
Getting the data to the user is the simple part; it is simply embedded in the web page. Scrolling messages are a common example. Even though one line at a time might be displayed, all of them are loaded into the page. Or that cascading menu, which has all the submenus loaded ready to display when needed.
So, current web pages are already using JavaScript programs, and we know that data is being sent and processed to display that cascading menu when you run your mouse over it, but how could you possibly get data back to the server without the user knowing it?
One way would be to persuade the user to perform the upload of data. Remember, forms can submit data back to a server. We fill out forms and send them regularly. But forms can also have hidden information that the user does not need to fill out. In fact, a form can have ONLY hidden information; all it needs is a button for the user to click. Of course, you would not label such a button 'Click here to submit hidden data', but what if it were labeled 'Next Page'? How many times have you pressed a button like that without even thinking about it? When the user presses the button, the leech submits the hidden data and redirects to the next page. As long as the user gets to the next page, they will not have any reason to think that the button had any other function.
Another way would be to use a self-refreshing window. You know, like those annoying pop-up or pop-under advertisements. Or maybe something less conspicuous like a framed advertisement on a web page. When done with the current data, the leech can upload the processed data and get new data along with the new advertisement. Would you even notice, or even wonder about that advertisement refreshing? Of course not, because it is so common.
Conclusion
The technology to implement Leech Computing is here, now. Is it being used? I have not found any evidence, but I also do not look at the source code to every web page I download. Maybe I should.
Can it be prevented? That is the best/worst part, depending on your point of view. Since a leech can simply be a JavaScript program, nothing short of disabling JavaScript can stop it. And if you do, you will greatly reduce your web browsing experience, and will even be locked out of many sites that require JavaScript to be enabled.
Part 2 will be posted soon.
Phil Frisbie, Jr.
---
Page last modified: Tuesday February 19 2002
© 1998-2001 Hawk Software
Spyware seems to fit this definition as a less-appreciated form of leech computing.
I'm not afraid of falling, it's the sudden stop at the end that frightens me.
Step #1: Leech off of someone with lots of bandwidth.
I can almost imagine someone writing a server side dynamic javascript generator on Slashdot in order to disseminate SETI data to web browsers to crunch (albeit very tenuously) to be uploaded again whenever someone hits 'submit' :)
GPL Deconstructed
Not really 'leech computing' but just 'leeches' or the infinitive form 'to leech'. I remember 'back in the day' of having friends who would upload GBs (literally several times the size of consumer hard drives at that point) to BBS's with their 14.4s.
:D
And then I would leech them all.
Thanks,
--
Matt
that can process data and report back the results
... it the only report the results (filenames etc.?)
Sure, passwords, logins, mails, other confidential data, or perhaps your son's pr0n collection
This reminds me of some popular trojans for windows (SUB7BONB)!
Life sucks.
what else is Mr & Mrs home users new 2.4Ghz, 510Mb, 120Gb system running XP just purchased to send an AOLgram to missy at college once every weekend, good for?
try { do() || do_not(); } catch (JediException err) { yoda(err); }
A professor in our department hired a research assistant a while ago, who worked for him for about a year. After the assistant left, the professor noticed that his computer was running really sluggish at all hours, but b/c he wasn't really familiar with the system, assumed it was just getting slower with all the data processing algorithms he was running.
A couple of months later, the network admin starts nosing around, and sends the professor an embarassing note asking to take down the web server about hot leather pants from his computer, since it was overloading the network...
Nice idea as long as your clients know what they've got on them and are willing to monitor the leech's connections 24/7 to make sure no one's retrofit them with a malicious payload, which is to say they aren't, which is to say I'm about as gung-ho to see these out in the wild as I am Magic Lantern.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
*waiting for Wil Wheaton to show up and make a comment*
:)
Every once in a while I like to masturbate a new word into my vocabulary, even if I don't know what it means.
Can we use this to create a distributed webserver that where each person who visits the site will serve copies of it? This guy's system can definitely use it! SLASHDOTTED
SIG: HUP
You're thinking leech as in user takes a file, but doesn't give anything back. Different principle here.
SIG: HUP
There's also a good page quickly discussing Villain-to-Victim computing. The point is to use correctly configured machines to do things they were not intended to.
We (students) once turned one of the computer rooms into a mosix cluster
although us users knew (unlike this leeching) it was to the same effect, processes would migrate and spread the work load
once mosix get pthreads support (they han't last time i checked, i duno know, they were working on it) i think mosix would be a good thing to install even in offices. your work station being part of a cluster would make it last longer (ie in time b4 it too slow to use, and u upgrade all the office pcs)
Not true. If you give the task a very low priority, it will only use cycles that are truly "spare" on most modern multitaking OSes.
When the user does anything interactive, the task will just get shoved to the back of the queue and won't get any cycles until the user had finished whatever they are doing. The user won't notice a thing.
Conceptually, I find this interesting. It can run without user notice. The only problem is that it does steal CPU cycles, and as far as I know there is no real way in Javascript (or Java applets) to make the program run only when it isn't competing with other applications. I can imagine that some users might get really upset because you are stealing their computer resources. Because of this, I wouldn't recommend doing this kind of thing without notifying the user and perhaps giving them the option to turn it off. However, I can see some potential uses for this as long as the user is aware. For example, slashdot viewers probably wouldn't mind some leech Javascript working on the latest encryption cracking contest, especially if they got to "share the wealth."
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
True, but can you lower the task priority from Javascript or a Java applet?
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
Wired had an article about this way back in '97.
They called it mipsucking. The idea was to skim off CPU cycles when someone visited a web site. They even had a sample java-script app.
Say you're running a 1.5 ghz machine and browsing the web. Chances are, even if you're playing MP3's in the background, you're using less than 5% of your processor cycles. If you could trade another 50% of those cycles you're not otherwise using for the ability to kill ads or for access to a restricted site, Would you?
(I can see it now. 50 to 100 years from now, the Porn Website Coalition has won a Nobel prize for creating a vast distributed network for math intensive problems....)
The problem with this model is that the implimentation of Javascript is slow and horrendously messy. It's brutally inefficient for anything other than the most minor effects carried out in a browser window. I shudder to think of what most browsers would do, given a math-intensive task. FFT's in Javascript anyone?
Unlike the author, I think that Java and/or ActiveX applets will probably see this sort of exploitation first, since they're easier to tune speed out of.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Like the way you leeched this article. Sorry, couldn't resist.
For every post, there is an equal and opposite re-post.
When I was an undergrad I did a semester research project on this and identified some of the problems:
http://www.russross.com/cs261/paper.html
I run a dual CPU machine now which generally masks the problem, but even the fastest single CPU systems will suffer noticeable effects once the scheduler falls back to a round robin scheme with weighted timeslice lengths which is essentially what happens once you have two or more CPU bound jobs competing for CPU time.
- Russ
Wil Wheaton sucks harder than any leech.
He usually posts to Slashdot in the evenings. It's a shame that he's pretty damn easy going - I'd love to see him flame you.
Oh wait - you're a coward, too afraid to even give your name. Ass.
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Consider though:
- Use a server running apache to create little tasks and accept requests by sending out XML packets as replies.
- A languauge that can upgrade itself on the fly (I need *this* version library, go fetch..)
Home parallel processing... and today's pet project has
A more effective solution would be to have operating systems ship with distributed computing clients pre-installed. That way, if it's ever on the net, it'll be able to do work.
;) Besides, even if it did get hacked, you could have it runnig in a sandbox so that the system's integrity would never be jeopardized.
The current implementation of Leech Computer requires the user to be surfing around with a web browser. My solution would be on every OEM pc sold. Seems like a more useful setup to me.
Yes, there are security implications, but only as much as having any self upgrading piece of software running in the background. (Besides, I never said Microsoft was the company I'd pick to make the software.
The people buying computers these days are pretty clueless. I've seen people buy computers without having even used one before. Just because it's the 'in' thing. We might as well put all that wasted processing power to good use!
I believe we have discovered the first really innovative use for Java. Think about it, web delivered, platform agnostic (it's supposed to be) and quiet. a simple java app that loads, perform's it's job, send the results back and dies.
Do not look at laser with remaining good eye.
The one thing that surprised me a bit was that the author didn't take advantage of the opportunity to put a bit of leech computing onto his own web page. He mentions (on the second page) that:
Then I remembered that there was, in fact, just such a button on the first page. But when I went back to check, there wasn't actually a Javascript applet there trying to leech a little bit of computing power from me. There wasn't even a cute little message thanking me for checking to see if there was such a Javascript applet. Too bad, he missed a great chance.
There's no point in questioning authority if you aren't going to listen to the answers.
Leech Computing(TM) is as pervasive as html. Ads (especially distracting ads) are leeching off of my brain power. They attempt to influence my browsing and buying behavior by first getting my attention and then communicating something to me. They are the cost for all of the free stuff I use daily, so I'm not complaining.
Would you even notice, or even wonder about that advertisement refreshing? Of course not, because it is so common.
Conclusion
The technology to implement Leech Computing is here, now. Is it being used? I have not found any evidence, but I also do not look at the source code to every web page I download. Maybe I should.
How about ghost ships and zombie processes? Wether intentional or accidental the results are the same. But then I'd hope that "the article poster" wasn't looking at this from a winblows or web centric point of view. Sounds like someone looking to kick up there webhits page. MOve along no news here.
JerryMeander posting w/o an account for 5 years (egads it's been a long time) and will continue doing so (i'm just too lazy to look up my lost password, or recreate my account)
Is that in the second page, the author suggests that one way to get the applet to send the data back is to disguise it as a form, even a form with all hidden data, and only a button to click... what if the button just said "next page"? to read the page where the author suggests that, you have to click a button that says "next page". Have we all just been unwitting participants in an experiment to see if the theory works? Or was it just the 3 or 4 /. readers who actually go out and read the articles?
"The avalanche has already started. It is too late for the pebbles to vote" -- Kosh
Microsoft probably already have all those XP desktops autogenerating the next iteration of their inoperating system so they can concentrate on .Net
Yours Sincerely, Michael.
yep, absolutely right - if I'm browsing Slashdot on my G4 450dp with iTunes running, I can run dnetc from the terminal at 7.5Mkeys without any noticeable performance hit (if I use Omniweb at least, other browsers don't seem to be as threaded and get all choked up on me). Just proves how much excess power modern computers have - 8Mkeys when running by itself, 7.5 Mkeys when running with Omniweb and iTunes.
That was classic intercourse!
I don't really see how this is TOTALLY possible... I see how you can abstract it until it feels like it's working however...
IE... Ok, you don't want to install the program, since that would be changing the client, so all computers voluntarily run a sandbox... That sandbox runs in System Idle Process, or niced down a ways... Even given THOSE conditions, a would be interrupt would have to change context from that program into its own code (incidentally, it would have to without it, but for the sake of argument), and the processor will be giving off heat when if could be sitting idle...
It's easy enough to hide a window in the background, much like a pop-up ad would. This window would auto update to send information back to the server.
Particularly vicious would be a virus that could harness this power and then redirect en-masse to DOS attack a specific target.
This concept is every interesting.
This automatic mirroring would be an easy way to kill the slashdot effect when it comes to sudden demand increases for specific files on a P2P network (Think Starr Report). Of course, one could argue that with sharing on by default a popular file would have plenty of mirrors without such as system, but it would help in situations where time is critical.
Imagine Google, or even Slashdot using this to aleviate some of their huge (well google anyway) computing needs. I certainly wouldn't mind lending a few of my CPU cycles to google if it meant my searches become more accurate.
"Don't let ego cloud your judgement, but don't let humility cloud who you are." -- Captain Squal
Mind the frickin' laser...
Oh no you di'int.
Do you see the sig? Do you have it in your sights? Why yes, Miss Moneypenny...
Leech computing?
I thought it was Lich computing, which is much
more horrifying...
Well, it seems that if something is greedy, self-serving, and intrusive, it doesn't neccesarily have to come from government after all!
It may be even easier to do than I thought at first, but some of the problem for people like me with persistent connections can be alleviated by:
1. Serious Firewalls (not much good, but could at least make it harder for a targeted attack if the Java Virus steals password data).
2. Running Java only when neccesary (what a pain).
3. Monitoring your bandwidth (my Primary Internet router actually has an LED meter of sorts).
Still, any code brought in by clandestine means, that operates without the user's knowledge or permission, is "malicious code," and perpetrators should be considered dorks.
It doesn't matter if the user is using the machine up to what you consider it's potential, It's Not Your Machine!
I wonder how many of the people who think this idea is "kewl" and think those users won't be hurt spend their spare time railing against "corporate greed." :)
Oh, well, one more genie out of the bottle.
Dr Dobbs Journal ran an article (not available online - only the source of the program) here
It described what the author called a "parasitic computer." The function was rather trivial and has no real benifit, but the premise was that by passing three numbers to a web server your could check to see if the sum of two of them were equal to the thrid by using the checksum of the results. The article went on to explain that this was more of a proof of concept, and that later down the road you could see some more neat-o-rific hacks similar in style to this that took advantage of remote functionalities on host computers while other clients were the parasites. Interesting article and very cool thoughts on the future of ideas like this if you get a chance to get a dead tree copy of the issue.
Please give your mod points to others, Im at the cap. They will appreciate it more
> how could you possibly get data back to the server without the user knowing it
.. " as a close of the top level script tag.
He says refresh and 'tricking' the user are the only ways (on form submits.) Wrong.
dynamic.php:
<script>
data data data
do do
calc calc
var me = answer;
document.write("<script src='http://myserver.com/donate.js?answer=" + encode(me) + "'></scr"+"ipt>");
<\script>
That sends some data to the client, does some client side cals, and sends the data back to my server (although I have to respect the max limit of data one can send via form posts, but its the same with his more obvious methods.)
This is done all the time to count impressions in the advertising world. In fact, in a sense, advertising tracking online is already leech computing in some implementations.
BTW, the
"Old man yells at systemd"
Hasn't it always seemed like tomorrow's CPUs were going to deliver so much performance you could share the excess capacity? Except that the OS/Apps of tomorrow always seem to grow to suck up that CPU so there's never any extra to hand out.
Except for the whole "Green PC" thing.
Computers do use more power when they are actually doing something. If one OEM did this, the other OEM would have a big ad campaign with people and their electric bills.
This is simply stealing money right out of people's pockets. I don't see it as any different from what the guys in the movie "Office Space" attempted to do by shaving a couple cents off of each transaction.
Sure, it only costs each user a little bit of money, maybe $1 a month, but it is still stealing.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
In 1988, a guy named Robert Tappan Morris had this crazy idea: take over people's computers but only use their spare cycles to (I believe) solve one hell of a math problem. Guess what happened next...
MS Windows.
http://en.wikipedia.org/wiki/2004_U.S._Election_c
The other problem is there is no money in distributed computing.
No one really has come up with a math-intensive problem that distributes well, that also can make money.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
ClearCASE distributed builds do this, although I'm not sure if it's really the same technology underneath or not.
Your right to not believe: Americans United for Separation of Church and
What you didn't know is that all these years Linus himself has been using the kernels of all net-connected linux users to munch data which he sells for a nice profit...
;-)
Spoon not. Fork, or fork not. There is no spoon.
Really, the methods he mentions, my browser already blocks.
"Tell me when I am about to submit data in a form"
"Disable (or 'warn me about') active scripting/Javascript/Java/ActiveX"
Am I the only person that uses these setting as my standard configuration?
Yes, this doesn't apply to "Joe Home User" but that is a matter of installation defaults, and Microsoft already said they'd switch to "secure by default" settings. (I should have tried harder resisting that dig.)
But really, Javascript *is* blocked by 'paranoid' security settings in browsers. And so is submitting form data. Though I haven't yet seen anything that tells you *what* data the form is submitting, without having to view source.
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
no, I don't want to give 'em a handjob - their browser is some way from perfect, believe me. But, shit, I spent a load of cash on my PC, It's nice to know it can do SOMETHING - better than all those PCs filling offices all over the world cranking through a fucking flower box screensaver. What a way to use up the world's natural resources! WTF do they stick all those stupid Energy Star stickers all over monitors when a little Post-It telling users to set their 'saver to "blank screen only" would be a THOUSAND times more environmentally helpful? Yeah, I used to get a mild thrill out of running dnetc fast, until my model got obsoleted - now it's a badge of shame (except in the x86 world, where it still looks fast). Anyhow, the numbers are true, and therefore DO illustrate the amount of wasted potential that typically heats up peoples offices these days.
That was classic intercourse!
And how is different from a classic [pre-Morris] computer worm? The original idea of a computer worm, after all, was a piece of code that would seek out under-utilized computers and run your code on it without disrupting normal operation. Morris's worm, for that matter, could have acted that way (arguably it was intended to) if it had been better debugged.
-JS
Vanity of vanities, all is vanity...
So pay them for units their computer's complete. Problem solved. Now the OEM looks like a godsend to Joe Sixpack because they'll pay him just to leave it turned on. And since Joe Sixpack doesn't know jack about computers, he doesn't realize that he'll save money by not having it do anything.
Back in '94, her computer also served as our print server....
"Joe Sixpack" (God a hate that expression) isn't an idiot. He will know that you don't get something for nothing, and ask what the catch is.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
You missed the entire concept. What you're talking about is parasitic computing. Leech computing does not install ANY software to the client. It simply sends the data, mixed with other data, which is operated on unknowingly to the user, and sent back, unknowingly to the user, to the intended destination.
One of the prime costs of parallelised computing architectures has always been the communication overhead. When you break a computation into little bits, the transportation overhead allocated per byte of data transmitted rises enormously, depending on degree of parallelisation, of course.
/. session of how to guard against such exploitation without resorting to java/javascript disabling.
This is why TCP-based parasitic computation has never been much of an issue; it's simply not worth it. The processing power involved in forming packets and sending them off and receiving results has been greater than the power needed to perform the same calculation locally. Of course, with a sufficiently large number of hosts to leech cycles off, this ceases progressively to be true; assuming decent bandwidth too, naturally. Both generous asusmptions, even nowadays.
The real innovation here, IMHO, is the thought of conducting this kind of leeching using Java/Javascript. Both languages have splendid control flow structures, the bread and butter of number crunching. This means that there can be greater computational assignments at the nodes between transmissions, and this, if you've been following the stream of my thoughts here, means greater efficiency.
I'm looking forward to some examples now that parasitic computing should be technically feasible, efficient, and economic.
And I predict a lively ask
Blearf. Blearf, I say.
As a student, I know some people who were "busted" for installing seti@home and distributed.net clients on university owned machines without authorization. I'm assuming that this would be considered "leech computing." While the students' actions were harmless, there's a lesson to be learned.... DONT MESS WITH STUFF THATS NOT YOURS!
Perhaps with proper legislation, "leech computing" will become less of a problem...
Oh wait - you're a coward, too afraid to even give your name. Ass.
Actually I just wasn't logged in, Evan.
Allow me to proclaim loudly for all to hear: "Wil Wheaton sucks."
He's not the worst actor, but he's definitely in the lowest tier. Down there with Adam Sandler, Martin Lawrence, the Baldwin brothers (collectively), and the guys from CHiPs. Just because he frequents slashdot doesn't make me think any higher of him. Clearly you, a card carrying member of the washed-up-Hollywood-actors-who-post-to-slashdot guild, feel he's a good buddy of yours because he spouts off his mindless drivel here. What does that say about you, Evan?
I invite you, and your easy-going "friend" to flame me with all you've got. You other Slashdroids who aren't afraid to lose karma are welcome to join in too.
www.filefront.com
Take a look at the "client" they have you install to obtain games. It uses 'P2P' which is, in their words, a good thing. In reality, it installs a program that sucks up your bandwidth so fast you won't be able to play that Day of Defeat mod you just download from them.
I know this, because it only took me 2 minutes to find out my roommate had installed it and we immediately had 5 different connections trying to hit his machine. Amazing how quickly that program can bring a DSL connection to its knees.
Processes that computed quietly in the background used to be called deamons. The concept of deamons is more general than leeches, but encompasses them.
And?
feel he's a good buddy of yours because he spouts off his mindless drivel here. What does that say about you, Evan?
Actully, I don't feel he's a "good buddy". I just feel that anybody who attacks another person solely for the sake of attacking is an ass. I would have defended anybody you felt the need to personally attack.
Allow me to proclaim loudly for all to hear: "Wil Wheaton sucks."
Yes? And how? You're not saying he's a lousy actor (although you do later in the post, so I lean towards the idea that you are basing this statement upon your opinion of his acting), so why so you think Wil Wheaton, the person (whom neither you nor I know) sucks?
--
Evan "More than willing to burn Karma to grind agressive, anti-social assholes into the ground" E.
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
If you're trying to sound like an intellectual, you'd best learn the difference between "effect" and "affect".
And the brethren went away edified.
So does this mean I can turn the entire internet into a Beowulf cluster?!?!?!?1/ I can't wait until I tell the other skript kiddies about this!!!!!!!!!1111oneonetwo
My life's goal is to get a score of +3!
but it may sound like one. (it is not MS bashing either)
I have always wondered if Microsoft has done something like this in their operating systems. If they were sneaky, the "System Idle Process" would be doing a lot more than advertised. It never registers on the CPU counts, even though it is running at 99% of the CPU most of the time. The OS is closed source, so nobody could review it. Just a few ticks here and there, times 50 million. Have the website scoop up data, and distribute the next session (would be missed because you were doing a windows update or checking for the latest security hole fix). Get a nice new registration scheme that gives the PC it's new job codes.
I'd sure be doing it if I was them and I had that many captive PCs
Pretty poor thing to do in my opinion. I crunch SETI or distributed units depending on what mood I'm in (that's an interesting one...what kind of mood do I have to be in to determine what data I want to crunch....hrrrmmm) so I don't mind doing this thing. It's just that having someone do it w/ out my knowledge kinda ticks me off. Yeah, I know it's not much processing power, but still....the principle of the thing.
And the author of this kinda sounds gleeful when he says the only way to stop it would be to disable JavaScript, which would lock the user out of many sites (not a direct quote). Grrrr..........he's pretty much promoting web pages as a great way to do things that users don't know ahout. Gee, there isn't enough of that out there today....*cough*
Why not just use one of the well-documented, unlikely to be fixed in the near future 'features' in MSIE? You could write your program in C, upload it to the luser's RAM via a buffer overflow, and execute it. Upon the next reboot, it's gone, as it was never saved to the hard disk.
Instead of infecting the web browser in some intricate way, as indicated, why not just use the Windows DLL's to make a windowless browser client, submitting the automatically created web page with form included completely hidden? Should be rather easy, even for a VB novice as myself.
Jakob Breivik Grimstveit
"I love deadlines. I love the whooshing noise they make as they go by."
that "Next" button at the bottom of the first page of the article's going to be the sample code in Part 2! Would make for great irony and would shut up anyone that claims that they'd notice if their machine was doing something it's not supposed to.
-Crawdaddy
His article says:
Another technology you may have heard about is Parasitic Computing. Parasitic Computing can use any computer connected to the Internet to process a tiny amount of data. While the idea is intriguing, it is not practical because the computing power needed just to send and receive the data packet is thousands of times more than just processing it yourself. I mention this because Leech Computing and Parasitic Computing share these basic ideas: the user does not know data is being processed, no software is installed, and no system changes are made.
Please try to read the article before you go making redundant peanut gallery comments. The link you provided is helpful, though.
PUBLIC SPLIT ON WHETHER BUSH IS A DIVIDER -CNN scrolling banner, 10/15/2004
Look, Evan. I'm some anonymous person that you don't know. There is absolutely no need to lie to me.
It's obvious you have a crush on the guy, and hey that's fine. You've also got a Rocky Horror fetish, and that's fine too. More power to you. The key is to accept your feelings. Just don't keep lying to yourself, pretending you're doing some wonderful deed standing up for an actor in the hopes of making them notice you. It's just not going to happen, Mmmkay?
If I was to say, "Metallica Sucks." Would you grind my aggressive, anti-social asshole self into the ground for personally attacking them? No, probably not. Because it isn't a personal attack. Same applies here.
Stay tuned for part 2. Yes, the JavaScript or Java applet run in browser threads, so they will be at normal priority. But, you can throttle the main loop....
This strikes me as theft, plain and simple, if the folks doing it don't ask for your permission first. What I would want is a utility which detects these intrusions and then sends back fifty megabytes of bogus data over my cable connection...see how long the theft lasts when they continually get slammed with garbage.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
All my best friends were anonymous people I didn't know at one time. :) Here's to interaction.
If I was to say, "Metallica Sucks." Would you grind my aggressive, anti-social asshole self into the ground for personally attacking them? No, probably not. Because it isn't a personal attack. Same applies here.
No, and if you said "Westley sucks" or "Stand by Me sucks", I wouldn't have had a problem. But had you said "Jason Newstead sucks", I would have jumped in with the same fervor.
Hell, you could have even said "Wil Wheaton's acting career sucks", or "Wil Wheaton's acting sucks" (although, if you're like me, you haven't seen any representative work of his in the past decade). But an attack on a person is an entirely different affair.
So - clarify. What are you saying?
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Yes, the basic definition is broad, but not in the context of my article. And I quickly clarify it within a few paragraphs.
A major difference between spyware and a leech is that the spyware was installed by (but without the knowledge of) the user, but a leech does not install itself to the system. The leech is gone as soon as you exit the browser ar at least change pages.
The only thing this will be used for is nuking
What if there was a proxy that could scan a web-page (much like an ad-busting proxy) and try and deal with the code within. It could then tell you roughly what a certain bit of java code did and ask you if you wanted to run it or not. There are few recognised innocent things java can be used for in web pages - validating, rollovers etc, the code for these is not that complex. If people would start using the same bit of code (many do, because they nick it from someone else) it would make it easier to identify what was useful and what wasn't. For example, anything that creates a new window is not useful (IMHO), so the proxy could disable it, and put a little link at the bottom of the page saying "this script has been disabled, to enable it click here" or something like that. You could also allow the user to disable certain commands, such as onRightClick (i think thats the one) to stop right click scripts (you will know what i mean if you use IE.. (i use opera)). This way you could live with java enabled but without annoying script kiddies.
Mainly its microsoft who are the culprits, allowing scripts to do more than is good for them. The whole idea of the sandbox, is that you cant control _anything_ outside it, not the window, not the mouse, not the browser. This is starting to get offtopic though..
This comment does not represent the views or opinions of the user.
what would be the use if you need hits from a webpage to do this? even if you had thousands of webpages (impractical) doing this you still have to get people to go to the pages. parasitic computing and distributed systems like SETI don't require users to do anything. let us not forget that the checksum isn't the only possibility to get a computer to do calculations unknowingly (and without installed software). look at routers, ssl, etc. In combination, these seem much more useful for exploitation b/c contact between parasite and host is initiated by the coder of the parasite. anyway.....
This is brilliant.
Why not create a Java applet that does distributed.net work (or similar), proxied through the web server. Slashdot could have it on its main page (hell, it could be that Slashdot logo in the corner). Some clever person could submit all the work done as his or her own. Sure, running in Java only part-time would limit the amount that would get done, but given the number of computers sitting on Slashdot at any given moment, it could accomplish a lot cumulatively...
I'm not familiar enough with web Java applet security policies to know how tricky this would be, but it'd be interesting, anyway.
-Puk
I wonder if you have ever been bitten by a leech! You'll know about it alright, just maybe not straight away. GF & I got into a bit of bush and got half a dozen bites each about a fortnight ago. Took a week for the itching to stop for me, gf is just recovering now.
Maybe the effects of leech computing would be the same, you don't notice it when it's happening, but you pay for someone's piracy later.
Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
Yes, it is a very good idea, and to a certain extent its already here. Just take a look at the Fast Track network. Morpheus, Kazaa et al. give the option for a "super node", which I usually disable because my k6-2 550 ain't what she used to be, that allows search requests to be bounced off of your pc. Dosn't exactly use spare cpu power for anything useful, but it does improve the speed and search accuracy of the network.
13 year old white supremacists are shitty web designers.
Stress is a killer, man. Take it a little bit easy next time.
Next time I want to share some information, I'll be sure to be as cryptic as possible to avoid complaints.
Thanks.
I never said that Java or ActiveX would not work, only that for my simple examples I would use JavaScript. I will get into more details in part 2, but let me say that I think it would be best to add a leech program to an ActiveX component that is needed to access a site. For example, your bank may require you to download an ActiveX component to display interactive tables, or how about for updating your software :)
JavaScript is about 1/60 the speed of compiled C for floating point intensive calculations. But a leech could also be embeded in a Java applet or ActiveX component for greater speed.
Thank you! Someone else that read the article and understands the concept.
Secondly: Please do NOT moderate this up as funny. This is written on a PC with such a SIS MoBo, AMD K6-2 500 and a PCI TNT. Sulk, pout.
I'm going to assume that for now the author goes for something using Javascript:
#1. Javascript is extremely slow. It's also interpreted, not compiled. Code optimized and compiled for a system can be a hundred times faster.
#2. Coding anything usuable for this type of application would require a good bit of code to be sent via javascript.
#3. The amount of processing it would take to:
A) Generate the web page to send to the user with the appropriate Javacode + whatever the user needs to process
B) User's computer to interpret the Javascript, execute the code, send back to the main host computer
C)Host computer recieves the data, decides where to store it, what to do with it etc.
And for the code to run and NOT affect the user significantly (meaning the processing done wouldn't be very much at all), all in all would likely require far more processing than it would if it were compiled on a server just running by istelf.
All in all it would be very inefficient, and probably faster for the server managing the data and generating the pages to process this information on its own.
Sorry I flew off the handle.
I'd mod you up, but I can't now that I've participated in this discussion.
PUBLIC SPLIT ON WHETHER BUSH IS A DIVIDER -CNN scrolling banner, 10/15/2004
Parasitic Computing is useless until the compute power one can steal is greater than the compute power needed for the theft.
A jewel theif wouldn't spend $15,000 to steal a $5,000 diamond, so I won't spend 15 clock cycles to steal one.
-twb
"The other problem is there is no money in distributed computing."
:(
Sure there is - but its in everybody else's wallets.
.
I'm sure, I'm remebering correctly that JUNO, a free, ad sponsored ISP; was either going to, or had anounced their intention to have their user's either migrate to a paid plan, or run some kind of drug analylsis program on their machines. I think their EULA even had a line that required that end user's machines run 24/7, but they were not planning to actualy enforce that clause.
From what I've seen in the field, joe aveage windows user realy doesn't multi-task anyways so there are lots of idle CPU cycles connected to the internet. I've processed 89 work units for SetiAtHome on my machine.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Something like the Million Monkeys with Typewriters (WordProcessors) creating the Complete works of Shakespeare?
Actually, an embedded Java applet (make it 1 by 1 pixels) may fit the job description better, especially if there is a way for that applet to denice itself.
>|<*:=
Now THERE'S an idea. Embed these little gems on your corporate intranet, and use them to convince management that the whole staff needs a computer upgrade. Make sure you put it in places where it will have the highest impact on management.
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
First, Leech Computing is nothing like viruses and other intrusions.
Second, the Condor Project (of which I am aware but did not mention because I thought SETI at Home and distibuted.net were better known examples) is simply another distributed computing project.
Third, I am simply a programmer who thought this idea was interesting enough to spend the time to write an article. I am no longer in school, but my oldest daughter will be attending a university this fall.
Forth, I did mention Parasitic Computing in my article. I read the Parasitic Computing article that was published in Dr. Dobb's Journal.
I agree with you!
I am a fan of distibuted computing, and I see the great potential. However, I also dislike hidden programs, so when I decided to right about my idea I picked a name that would have a negative context. And while I had to acknowledge the similarities between distributed and leech computing, I tried to make the differences clear.