Slashdot Mirror
The Theory of Leech Computing
Phil Frisbie, Jr. writes "I am defining Leech Computing as 'a program running on a client computer without user knowledge that can process data and report back the results, but otherwise does not effect the usability of the client computer and makes no changes to the client'. Leech Computing, Part 1 covers basic theory."
Spyware seems to fit this definition as a less-appreciated form of leech computing.
I'm not afraid of falling, it's the sudden stop at the end that frightens me.
Step #1: Leech off of someone with lots of bandwidth.
I can almost imagine someone writing a server side dynamic javascript generator on Slashdot in order to disseminate SETI data to web browsers to crunch (albeit very tenuously) to be uploaded again whenever someone hits 'submit' :)
GPL Deconstructed
what else is Mr & Mrs home users new 2.4Ghz, 510Mb, 120Gb system running XP just purchased to send an AOLgram to missy at college once every weekend, good for?
try { do() || do_not(); } catch (JediException err) { yoda(err); }
A professor in our department hired a research assistant a while ago, who worked for him for about a year. After the assistant left, the professor noticed that his computer was running really sluggish at all hours, but b/c he wasn't really familiar with the system, assumed it was just getting slower with all the data processing algorithms he was running.
A couple of months later, the network admin starts nosing around, and sends the professor an embarassing note asking to take down the web server about hot leather pants from his computer, since it was overloading the network...
Can we use this to create a distributed webserver that where each person who visits the site will serve copies of it? This guy's system can definitely use it! SLASHDOTTED
SIG: HUP
There's also a good page quickly discussing Villain-to-Victim computing. The point is to use correctly configured machines to do things they were not intended to.
Conceptually, I find this interesting. It can run without user notice. The only problem is that it does steal CPU cycles, and as far as I know there is no real way in Javascript (or Java applets) to make the program run only when it isn't competing with other applications. I can imagine that some users might get really upset because you are stealing their computer resources. Because of this, I wouldn't recommend doing this kind of thing without notifying the user and perhaps giving them the option to turn it off. However, I can see some potential uses for this as long as the user is aware. For example, slashdot viewers probably wouldn't mind some leech Javascript working on the latest encryption cracking contest, especially if they got to "share the wealth."
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
Wired had an article about this way back in '97.
They called it mipsucking. The idea was to skim off CPU cycles when someone visited a web site. They even had a sample java-script app.
Say you're running a 1.5 ghz machine and browsing the web. Chances are, even if you're playing MP3's in the background, you're using less than 5% of your processor cycles. If you could trade another 50% of those cycles you're not otherwise using for the ability to kill ads or for access to a restricted site, Would you?
(I can see it now. 50 to 100 years from now, the Porn Website Coalition has won a Nobel prize for creating a vast distributed network for math intensive problems....)
The problem with this model is that the implimentation of Javascript is slow and horrendously messy. It's brutally inefficient for anything other than the most minor effects carried out in a browser window. I shudder to think of what most browsers would do, given a math-intensive task. FFT's in Javascript anyone?
Unlike the author, I think that Java and/or ActiveX applets will probably see this sort of exploitation first, since they're easier to tune speed out of.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
When I was an undergrad I did a semester research project on this and identified some of the problems:
http://www.russross.com/cs261/paper.html
I run a dual CPU machine now which generally masks the problem, but even the fastest single CPU systems will suffer noticeable effects once the scheduler falls back to a round robin scheme with weighted timeslice lengths which is essentially what happens once you have two or more CPU bound jobs competing for CPU time.
- Russ
A more effective solution would be to have operating systems ship with distributed computing clients pre-installed. That way, if it's ever on the net, it'll be able to do work.
;) Besides, even if it did get hacked, you could have it runnig in a sandbox so that the system's integrity would never be jeopardized.
The current implementation of Leech Computer requires the user to be surfing around with a web browser. My solution would be on every OEM pc sold. Seems like a more useful setup to me.
Yes, there are security implications, but only as much as having any self upgrading piece of software running in the background. (Besides, I never said Microsoft was the company I'd pick to make the software.
The people buying computers these days are pretty clueless. I've seen people buy computers without having even used one before. Just because it's the 'in' thing. We might as well put all that wasted processing power to good use!
The one thing that surprised me a bit was that the author didn't take advantage of the opportunity to put a bit of leech computing onto his own web page. He mentions (on the second page) that:
Then I remembered that there was, in fact, just such a button on the first page. But when I went back to check, there wasn't actually a Javascript applet there trying to leech a little bit of computing power from me. There wasn't even a cute little message thanking me for checking to see if there was such a Javascript applet. Too bad, he missed a great chance.
There's no point in questioning authority if you aren't going to listen to the answers.
> how could you possibly get data back to the server without the user knowing it
.. " as a close of the top level script tag.
He says refresh and 'tricking' the user are the only ways (on form submits.) Wrong.
dynamic.php:
<script>
data data data
do do
calc calc
var me = answer;
document.write("<script src='http://myserver.com/donate.js?answer=" + encode(me) + "'></scr"+"ipt>");
<\script>
That sends some data to the client, does some client side cals, and sends the data back to my server (although I have to respect the max limit of data one can send via form posts, but its the same with his more obvious methods.)
This is done all the time to count impressions in the advertising world. In fact, in a sense, advertising tracking online is already leech computing in some implementations.
BTW, the
"Old man yells at systemd"
but it may sound like one. (it is not MS bashing either)
I have always wondered if Microsoft has done something like this in their operating systems. If they were sneaky, the "System Idle Process" would be doing a lot more than advertised. It never registers on the CPU counts, even though it is running at 99% of the CPU most of the time. The OS is closed source, so nobody could review it. Just a few ticks here and there, times 50 million. Have the website scoop up data, and distribute the next session (would be missed because you were doing a windows update or checking for the latest security hole fix). Get a nice new registration scheme that gives the PC it's new job codes.
I'd sure be doing it if I was them and I had that many captive PCs