Hosting Problems For distributed.net

Yoda2 writes "I've always found the distributed.net client to be a scientific, practical use for my spare CPU cycles. Unfortunately, it looks like they lost their hosting and need some help. The complete story is available on their main page but I've included a snippet with their needs below: 'Our typical bandwidth usage is 3Mb/s, and reliable uptime is of course essential. Please e-mail dbaker@distributed.net if you think you may be able to help us in this area.' As they are already having hosting problems, I hate to /. them, but their site is copyrighted so I didn't copy the entire story. Please help if you can." Before there was SETI@Home, Distributed.net was around - hopefully you can still join the team.

So 3Mb/s huh?

Average is not so interesting as peak is.

Now we will find out peak bandwidth usage, won't we?

Re:So 3Mb/s huh?

[BovineOne]

That figure is actually closer to the current average peak. We in fact currently have an ipfw bandwidth limit on the machine to limit it to 3Mbit/sec and it mostly stays under it. We just over-quoted that figure a little bit in our announcement so that there would be fewer concerns over some marginal potential growth and try to factor in some of the bandwidth peaks.

Gawd No

[ObitMan]

That would suck if they went out of business

Suggestion

[Jouster]

Could they just move the project over to SourceForge?

Jouster

Re:Suggestion

[hkhanna]

No because the distributed.net client needs to communicate on it's own port in whatever internal protocol it uses. That's what causes the bandwidth usage, not the downloading of the client, if that's what you think.

You can't put your own server software on sourceforge's servers, at least not to my knowledge, so all sourceforge would be good for is hosting the client downloads...which it might actually already do. Hope that answers your question.
Hargun

Re:Suggestion

[haeger]

I dont think so since sourceforge is for open source development and last time I checked they had atleast some portions of their code closed to prevent people from cheating.

I could be wrong though and I'm sure someone will point that out if so. Perhaps you could have some parts closed even on sourceforge.

Soccer manager: Hattrick

Re:Suggestion

[BovineOne]

Finding new hosting for our central "keymaster" is what the issue is. We have enough "fullsevers" for serving the computational data to clients (See http://n0cgi.distributed.net/rc5-proxyinfo.html).

FWIW, Our clients actually can speak a pure HTTP protocol for requesting data, allowing a simple /cgi-bin/rc5.cgi script handle direct serving, but the default communications mode is a more compact raw binary mode.

Re:Suggestion

[tcort]

If they were able to estabilsh a better proxy system they could have all of the clients connecting to proxies. Then they proxies could systematically send their packets of data to distributed.net a couple times a week. This would cut down on all the bandwidth for people who just do one work, connect, send the work unit, fetch another work unit, disconnect, crunch the work unit and repeat the above steps many times a day.

Since it's a "contest" with cash prizes, why not charge people to enter. That would cover some bandwidth costs if dnet was unable to get free bandwidth.

-TC

Re:Suggestion

[42forty-two42]

How much bandwidth does this 'keymaster' actually use?

Distributed hosting?

[gnovos]

Maybe they should go in for distributed hosting, like say one machine that just houses the IP address and a few thousand mirrors that the requests can be directed to as they come in. Not only is it a project that is just ASKING to be performed by distributed.net, but if they make some catchy point and click (i.e. EASY to use) clients that anyone with a large following can use, we might see the end of such things as Slashdot subscriptions and a resurgence of the "community" feel of the web.

Re:Distributed hosting?

[doubtless]

Distributed computing != distributed hosting... I don't really know what you mean exactly by distrubted hosting. You have to always get all your data to back to the 'central location' to finally compile the 'answer'.

Pretty much same concept as any clustered computing, the pipes are always important, and no, u can't 'distribute' the connections.

Re:Distributed hosting?

[itsnotme]

The problem with that is, they need a way to make sure that nobody is interfering with the blocks that are being processed, they dont need people cheating and so on, and they need a way to validate the blocks .. thats why they have their own cache's and so on

Re:Distributed hosting?

[slinted]

Distrubeted hosting sounds like it would be good news for Dnet but it would mean some complications
Each mirror-site's code would need to have its own verification scheme to validate someones completed blocks (which i think they have now). And it would have to be tamper-proof and/or trusted mirrors since faking a "done with block, this one wasn't it" in the location of the right answer (stat whores) would be a true setback for the project.
Since the full block information wouldn't ever be compiled together on a central server, we might have to give up some of the details from stats. Not having all the block by block count of every persons activity being centralized for stat-computation would probably cut back their bandwidth considerably.

Re:Distributed hosting?

[zilym]

Why the hell not? Machine A grabs a huge chunk of
keyspace off of the main server. Machine B
takes a subportion of the keyspace from Machine A.
Machine C takes a subportion of keyspace from
Machine D, ad nauseum. When a machine completes
the checking of its key blocks, it reports it back to
the machine it was acquired from for consolidation.
When the main server hears back from Machine A,
it is a tiny packet saying keys in this entire range have
all been checked and returned negative. One small
packet instead of hundreds from each of the
individual machines that actually processed them.

This is only one simple configuration for example
purposes.

You're still gonna need a host, but the
bandwidth required will be nothing.

Re:Distributed hosting?

[kiowa]

Well, there is the Freenet Project.

Re:Distributed hosting?

[BovineOne]

Our network already uses a somewhat distributed model to spread out bandwidth demand as best as we can. You can see a bit of it if you look at our Proxy Status page at http://n0cgi.distributed.net/rc5-proxyinfo.html

Each of the servers listed are in in different DNS rotation grouped roughly by geographically named groups (that try to take in general network topology/connectivity). The servers listed there (known as "fullservers") handle all of the data communication needs requested by clients, and the fullservers in turn keep in contact with the "keymaster". The keymaster is the server responsible for the coordination of unique work between all of the fullservers and assigning out large regions of keyspace to the fullservers (which in turn split up the regions and redistribute to clients).

The hardware that we had hosted at Insync/TexasNet was actually 3 machines which together served several roles: our keymaster, one of our dns secondaries, our irc network hub, one of our three web content mirrors, and our ftp software distribution mirror (for actual client downloads).

It's unfortunate that the change in management at Insync/TexasNet caused them to want to re-evaluate all of the free-loading machines that were receiving donated services (there were apparently several others besides us) and cut off anyone who wasn't paying. Regardless, it's a touch economy and companies that want to survive have to look at where their costs are going and do their best to cut spending.

Re:Distributed hosting?

[BovineOne]

This is effectively what we already do with our keymaster, fullserver, personal proxy tiering. Personal proxies can be several layers deep if needed (many of our teams set up their own team servers using personal proxies).

Re:Distributed hosting?

[Economist]

When the main server hears back from Machine A, it is a tiny packet saying keys in this entire range have all been checked and returned negative. One small packet instead of hundreds from each of the individual machines that actually processed them.

This is impossible since the whole subspace of Machina A isn't done by 1 user but by a lot of users. The keymaster needs this information on each block to be able to construct stats. So even with the personal proxies, each block has to be reported back to the keymaster seperate.

Re:frist post

[Dancin_Santa]

I ought to have left the Post Anonymously checkbox clear, huh?

D.S.

"I hate to /. them but..."?

[flipflapflopflup]

You've now got 10,000 readers hovering over the link, "Ooh, should I, shouldn't I?", then thinking f**k it and clicking anyway.

A slow, painful, prolonged, /.'ing ;o)

Re:"I hate to /. them but..."?

[BovineOne]

FYI, web server content is actually hosted on unrelated servers for which bandwidth is not currently an issue.

Re:"I hate to /. them but..."?

He is showing more restraint than you.

Re:"I hate to /. them but..."?

No, he's showing how much of pushover loser he is by self-censoring in order to gain the favor of those anal-types who WOULD censor him.

Censoring yourself != class.

Re:"I hate to /. them but..."?

[essdodson]

Mature use of the language does however translate to class.

Re:"I hate to /. them but..."?

[Yoda2]

Glad to hear this. I did feel sort of bad about even submitting the story, but I figured it would bring a lot of attention to you needs.

Stopping three quarters of the way

[Soft]

The RC5-64 challenge is currently at 73%, moving fast. Can you imagine the project shutting down just now?

Re:Stopping three quarters of the way

Assigning keyspace chunks to people requires negligeable amounts of bandwidth if the chunks are large enough.

Re:Stopping three quarters of the way

Can you imagine them hitting 100% and realizing that due to a software bug, the correct key was already found but no one realized it?

Re:Stopping three quarters of the way

[Peyna]

Better yet, they never found the correct key due to a software bug, therefore, they have to fix it and start all over.

Re:Stopping three quarters of the way

That's the same thing the parent said.

Re:Stopping three quarters of the way

That is the same thing that was said by the parent. (interestingly enough, I couldn't post the exact same thing that you said.)

Re:Stopping three quarters of the way

That is definitely the same thing the parent said.

Re:Stopping three quarters of the way

[Alsee]

Actually it is subtly different than what the parent said.

due to a software bug, the correct key was already found but no one realized it?

could easily be interpreted to mean that you found the key half way through and put it in your pocket and kept searching. Discovering a bug and checking your pocket is much better than discovering a bug and having to start from scratch.

-

Re:Stopping three quarters of the way

[Peyna]

Yes, and what you said is exactly what I meant.

Quote of the Day [QOTD]

[CaptCanuk]

Straight off Distributed.net's main page:
"Unauthorized Worm: We have recently learned that an infectious worm has begun circulating around the Internet deploying copies of our dnetc client. If you are looking for information relating to this worm then visit our trojan page. "

As opposed to your "authorized" worms?!?

Re:Quote of the Day [QOTD]

[NinjaGaidenIIIcuts]

I told that girl to don't rip off fragile experimental projects.

Afterall she's a lady and she would understand that's coward action to phreack on big security holes... or not. To abuse distributed.net because exist on there big security holes.

We cannot rely on crackers' compassion, distributed.net must find a way to turn clients' security into a better level.

OMG, hang on!!!

[Loki_1929]

No, they can't shut down yet! I have to break 10,000 in the rankings!

Good Lord, what shall I do? :(

Re:OMG, hang on!!!

Good thing you got that Athlon XP 1700 and 320 GB of HD, otherwise I'm sure it wouldn't be worth it to help out. You're certainly getting the most bang for your buck!

Principles and Paradigms of Distributed Systems

I believe the problem with ths cost of bandwidth can be donewith a simple system similar that found in Diablo 2. While it takes a considerable amount of bandwidth to run their servers, their is frequently a message saying "This server hosted by AT&T. While obviously this doesn't cover the cost of bandwidth completely, I'm sure that distributed.net's bandwidth provider would being willing to lessent the charges a little bit for a small banner in the client notifying the user who the service was running on.

On a slightly off topic note, while browsing Amazon earlier today, I was recommended a book by Maarten Van Steen titled Distributed Systems: Principles and Paradigms. while not completely on topic, I believe this book is

Distributed Hosting

[HerbieStone]

Maybe it's time for the distributed computing power to get hosted by distributed computers?

Seriously, what is the current state of p2p-networking when serving common html-pages would be the thing to do?

Location

[Beltza]

The fact that such a big world-wide project is bound to be hosted near Austin shows that computing technology still has a long way to go...

Re:Location

Well, not computing technology but rather population-bandwidth. Austin makes sense, or any other large data center. Europe would not make sense.

Re:Location

[Decibel]

I'm not really sure what to make of your comment. First, there's plenty of good connectivity in Austin, Houston, San Antonio, and Dallas. More importantly, we have a large concentration of staff in Austin, which is very important whenever physically working on the hardware is required.

Re:Location

[Milican]

I suppose it should be hosted in Cali? Rumble, rumble.... (earthquake).. or "hey where did the lights go?" (P&G Power Fiasco).. Texas Rules!

JOhn
Dallas, TX

Re:Location

[Beltza]

Europe would not make sense. ????????????
Can somebody explain me whats wrong with Europe??? There are lots of very good data centers in Europe. And what exactly is population-bandwidth?????

Re:Location

[Beltza]

I have no doubt that there is plenty of good connectivity in the neighbourhood.
I was only remarking that the current state of technology still requires physical access to the hardware, and therefore limits the geographical location.

Re:frist post

I'm am awed by your feigned ignorance. Perhaps one day I can feign ignorance as well as you.

I just don't know...

Dnet, is it useful ?

[linzeal]

What has it accomplished besides searching a keyspace with a known length and golumb rulers? Seti@home, cancer research, or that distributed raytracing screen saver is far more more useful.

Re:Dnet, is it useful ?

[Nipok+Nek]

seti@home will only be useful if it finds something.

Dnet has already confirmed the longest golumb ruler of length 24 and is working on discovering the longest ruler length 25. This information is IMMEDIATLY useful to people in many fields of science. I'd point you to their OGR page, but for the fear of /.'ing them.

Re:Dnet, is it useful ?

[Loki_1929]

Seti@home searchs a fairly insignificant portion of the sky for a completely insignificant number of signals with an un-optimized application which does little more than make pretty color pictures on the screen.

Cancer research? I've yet to see a viable distributed project for cancer research. By that, I mean an organized effort with real data, a complete and concise goal, and a clean method for reaching that goal. Distributed raytracing? More pretty pictures on the computer screen.

You want to draw pretty pictures, I want to brute force an encrypted message to prove current laws regarding encryption are draconian and need to be changed immediately. Gee, I can't imagine why anyone would think dnet is more usefull than raytracing....

Re:Dnet, is it useful ?

[linzeal]

Um, insignificant portion of the sky? Do you know how large the milky way is let alone the local galactic cluster? An even smaller field of view is just fine for a search for et.

I don't run any of the cancer dist. projects so someone else can answer that better than me.

What you are doing is hardly worth the effort. It would be like someone memorizing an entire DVD in binary than repeating it to fight the absurdities of the DMCA. Everyone knows how large the keyspace is and no one is surprized that it is taking them this long to find the key.

Seti@home has potential but I agree it needs to look for multi band signals at the least as it currently looks exclusively in the hydrogen emission band. It would be like people in france not having boats and looking across the ocean at britain expecting to see a fire that reaches a certain height above the ground, it is a very limited idea of what we should be looking for.

Re:Dnet, is it useful ?

10s of thousands pcs are bruteforcing 1line for months, whats the point of that unless a hacker/cracker/whatever can run his password lists through distributed.net or on a multibilliondollar computer? i know pcs will one day do that in a sec. folding@HOME seems way more usefull IMO

Re:Dnet, is it useful ?

[Graspee_Leemoor]

"Cancer research? I've yet to see a viable distributed project for cancer research. By that, I mean an organized effort with real data, a complete and concise goal, and a clean method for reaching that goal. "

http://members.ud.com/home.htm

This is real research, worked on by United Devices, helped by the University of Oxford, Intel and the National Foundation for Cancer Research.

It meets all your criteria- this is from their site:

"The research centers on proteins that have been determined to be a possible target for cancer therapy. Through a process called "virtual screening", special analysis software will identify molecules that interact with these proteins, and will determine which of the molecular candidates has a high likelihood of being developed into a drug. The process is similar to finding the right key to open a special lock--by looking at millions upon millions of molecular keys."

graspee

Re:Dnet, is it useful ?

[BovineOne]

Because distributed.net is a purely volunteer project, many of its staff also have their paid day-time jobs working for United Devices (who are responsible for the THINK Cancer project). That includes myself, Nugget, Decibel, Moose, Moonwick

Re:Dnet, is it useful ?

[Sc00ter]

dnet cracks keys by brute force.. Here's 10 keys, try them, oh? they don't work, here, have 10 more? They don't work either? Damn, have some more.

It does that with a ton of people until it finds the right key. It will eventually crack every crypto they throw at it, because it's only a matter of time.

Seti@home is searching for something that they don't even know if it's out there, and can you imagine the impact if they do find PROOF that there's life somewhere else? That's far more important then stupid crypto keys and such

the UD cancer treatment, while iffy because it's probably set up to benifit a company still has a HUGE impact on EVERYONE'S life.. I don't know anybody that either hasn't had cancer or a family member that has had cancer, and to find a cure!

Re:Dnet, is it useful ?

> will determine which of the molecular
> candidates has a high likelihood of being
> developed into a drug
>
Which will then be sold back to you at prices, where dying from cancer is probably the better choice. Profits, amazingly, do not get donated to the Free Software Foundation but to lawyers fighting the demand for affordable generic drugs. The drug-empire CEO's meanwhile sip martini's floating in their yacht just a couple miles off the coast of the Karposi-Belt...

Re:Dnet, is it useful ?

[theskov]

I really think you are missing the point with this question. The essence of all this, is that instead of using a fantazillion clockycycles on idle-threads every seconds, we can use them for whatever we want.

Dnet was the first distributed project I learned about. Now it's a funny little part of my life to drop in now and then and see how things are doing. To see how I'm doing, smiling at the-space.net making fun of the dutch cows when they overtook them for the first time and Killemall getting impatient.

After seeing the SETI@home client and all its bright colours, I've decided to shift to them when RC5 is over. Not because it is a worthier cause, but because it looks funny.

Now that, in my opinion, is the point of all this.

Re:Dnet, is it useful ?

Killed/Injured Israel 286/1024 Palestine 1125/20,000+

Considering the insane birthrate in the occupied territories, I'd say that the Palestinians are winning.

Re:Dnet, is it useful ?

[Nipok+Nek]

Did you even READ my post? A Golumb ruler has NOTHING to DO with crypto. Distributed.net works on MANY problems at the same time. Yes, it's got some crypto cracking going on right now. I don't do any of that. I have my node set to only do OGR blocks. A Golumb ruler is a ruler with no two sets of marks the same distance apart as any other two marks. Finding the shortest ruler for X number of marks is the kind of thing mankind only needs to do once, then the information will be available forever. On their website, they give examples of the kinds of science that can make use of this information. Like building radio arrays for... oh, I don't know... Finding life on other planets? Or for optimized scanners for.... oh, I don't know... scanning the human body for cancer cells?

Or we can just keep listening to static.

Nipok Nek

Re:Page making the same size post.

Break out the blueberry flavored condoms we are going to be sucking the serious software bug trolls dick for days as has some sort of semen blood clot bloackage going on. Contribute the vacuum of your head good slashdot readers !!! Unite !

Copy + Paste

we need your help!

URGENT: We have recently learned that our long-standing arrangement with Texas.Net (formerly Insync) would end at noon, Friday, March 22. Through an agreement with Insync, we were hosted at no charge for many years. Though we have tried to make other arrangements with them or to continue our current service until we can make other arrangements, in the end we had no choice but to move.

Several of the Austin cows made a road trip Friday morning to retrieve our equipment from their colocation facility.

We have no reason to complain about Texas.Net or their current decision. As a business, they chose to donate to us for a long time, and have now decided that they must stop. In dbaker's words in a letter to Texas.Net: "Our experience with Insync has been excellent; I've never been happier with an Internet provider. I've recommended them (and indirectly, Texas.Net) to everyone and even this [situation] won't change that."

Though United Devices has kindly offered to colocate our primary servers for a short time at no expense, we find ourselves in the market for a new ISP. If any of our participants work for a major ISP in Texas (preferably within a few hours of Austin, but we're not picky), and would be willing to donate colocation space and connectivity, we would eagerly like to speak with you. Our typical bandwidth usage is 3Mb/s, and reliable uptime is of course essential.

Please e-mail dbaker@distributed.net if you think you may be able to help us in this area.

Practical?

[olman]

Distributed net?

Correct me if I'm wrong, but isn't this the outfit which is concerned with breaking low-grade crypto? How's that going to improve my daily life? I'd much sooner donate my CPU cycles to the evil international pharmaceutic corps which does benefit cancer study. If you get a rash from commercial ventures, there's the folding@home. It's more like basic research, so it won't produce any miracle cures, but it might eventually lead to research that could.

But breaking crypto? Why?

Re:Practical?

[Loki_1929]

Correct me if I'm wrong, but isn't this the outfit which is concerned with breaking low-grade crypto?

If you consider 56/64/128-bit RC5 low-grade, yes.

How's that going to improve my daily life?

I have no idea what your daily life is like, but if it involves encrypting things you'd prefer stayed private, it should eventually help you in that aspect. Not to mention your boost of confidence as you follow your daily stats and see yourself advancing past others every day.

But breaking crypto? Why?

Because if a few thousand unspecialized computers can brute force the best encryption allowed by law with minimal optimization and research, then we have some good reasons to push for the law to be changed. Personally, I don't like the idea of the best encryption available to me being useful for all of 3 seconds while it's being broken. I don't usually have anything worth decrypting, but I like to think that when I do, it'll be worth my time to encrypt it.

Re:Practical?

[MisterBlister]

Because if a few thousand unspecialized computers can brute force the best encryption allowed by law with minimal optimization and research, then we have some good reasons to push for the law to be changed.

There's absolutely no evidence to suggest that the government will ever change crypto laws based on what happens at distributed.net.

Its not like those in government who are responsible for consulting in these matters (NSA, etc) aren't aware of the issues at play here with current export-level encryption -- if you think that they are somehow unaware of these issues and dnet is required to bring them to light, please pass the crack pipe.

Re:Practical?

[cperciva]

Because if a few thousand unspecialized computers can brute force the best encryption allowed by law with minimal optimization and research, then we have some good reasons to push for the law to be changed.

That might have been true when d.net was working on DES, but things have changed.

I think a more accurate wording would be

Because if a over ten thousand computers, working for three years, can't brute force 64-bit encryption, when 256-bit encryption is readily available then we have very little reason to push for the law to be changed.

Re:Practical?

[TheToon]

I agree with you. It is a dated paragraf that distributed.net should have removed. It was a valid argument back in the days when 42-bit keys was the maximum allowed for exported systems.

And 42 bits are clearly too veak. Today when 128-bits ar common and allowed to be used by almost the entire world, it's not an issue anymore.

Re:Practical?

Export was limited to 56 bit keys, not 42. And yes, this has been addressed with the successful conclusion of RC5-56. However, since such a large-scale *public* brute-forcing has never been done before (as currently with RC5-64), the value is not to be underestimated. It is a verification of where things are at in terms of what resources are required to brute-force various crypto-systems and key sizes. For that to be of benefit though, full disclosure must be made, especially CPU statistics etc.. Currently that information is not available. BovineOne, will it ever in full?

Re:Practical?

[DaveSchool]

If you find the key, you get $2000, I don't know about you, but that would sure improve MY daily life.

distributed.net

[TheToon]

I have always found distributed.net to be a relative structured organization. Their software with personal proxies made joining much easier than the Seti project, esp for people behind corporate firewalls. Small unobtrusive clients (esp for the des/rc5 projects) for a LOT of platforms.

It would be a shame to see them disappear. They've had/has a lot of cumulative computing power, and it ought to be put to real use.

Ah, the days of installing the res/rc5-42 clients on lots of 386 and 486 machines and actually having them do some real computing....

Re:distributed.net

[GigsVT]

You know, it's funny. I ran RC5-64 in 1997 on my pentium 200 for over a year. I recently, about 40 days ago started doing RC5-64 again, but this time with my cluster of seven Duron 900s. I surpassed my old account in about 15 days. Amazing how much faster the computers are now.

Re:distributed.net

[devnullify]

Well if you think about it per clock, 900MHzx7=6300Mhz 6300Mhzx15days=94500 94500x24hx60mx60s=8164800000 cycles in 15 days 200MHzx365days=73000 73000x24hx60ms60s=6307200000 So in fact, you're P200 did more work per clock than your Duron 900s. Scary isn't it :P.

Multiple problems

[Loki_1929]

There are numerous things you just couldn't "distribute." The keys have to be served from somewhere, they must be tracked in real-time from somewhere, and they must be accepted/processed somewhere. Stats must be compiled and then put into a single database. To distribute this to multiple computers would cause the amount of bandwidth used to rise to an extreme level, far beyond what it is now. (ie. send out the info, let each node process it, receive the data from each node, hope to Christ it's right)

Next, the integrity of the project gets called into question the moment you begin allowing clients to check processed blocks. The number of fals positives could easily shoot through the roof. Also, a computer with bad memory or simply running a faulty OS (such as Win9x/ME) could overlook a true positive, thereby virtually obliterating the project (ie. "we're at 100% completion with no result, guess we start over?")

As stated above, stats would be impossible to do in this manner, and the same applies for key distrobution. One could argue that the total keys be distributed amoung thousands of nodes and handed out from there, but you create more problems then you solve. You still need a centralized management location to keep track of keys that have or have not been tested. Imagine a node going offline permanently or simply losing the keys it was handed. Suddenly, a large block of keys is missing. As it stands now, the keymaster simply re-issues the keys to someone else after a couple of weeks of no response from the client it sent the original blocks to. Under a distributed format, the keymaster would have to keep track of which keys went to which key distributor, which of those came back, which of those need to be redistributed, where they... (you get the message.)

Next you run into another problem of integrity. What's to stop each distributed keymaster from claiming it's own client is the one that completed all blocks submitted to it. Consider this example, central keymaster sends out 200,000 blocks of keys to keymaster node 101. Keymaster node 101 distributes these keys to a bunch of clients which process the blocks, then send them back to keymaster node 101. Keymaster node 101, which has been modded slightly, then modifies each data block, changing the user id to that of the keymaster's owner, thereby making it appear that any block coming back from keymaster 101 was processed by keymaster 101. It might be easy to spot, but then how to you find out who to give credit to?

The webpage doesn't attract the majority of the bandwidth; the projects do. Distributing the projects would be disasterous, as many have already tried taking advantage of the current system to increase their block yields through modded clients. Luckily, this is easy to spot for now. Under a distributed system, this would be next to impossible. All this, and I've yet to make mention of the fact that the code would have to be completely re-written to work alongside a custom P2P application, which would add months of development to a project that probably only has weeks or months left in it.

In short, someone host the damn thing, k? :)

Re:Multiple problems

[rastan]

To distribute this to multiple computers would cause the amount of bandwidth used to rise to an extreme level, far beyond what it is now. (ie. send out the info, let each node process it, receive the data from each node, hope to Christ it's right)

Of course there are protocols for distributed computing by which you need not hope to Christ, but can be quite confident that your results are correct. Good ones can compute formulae and withstand up to one less than 1/3 of the participants being active traitors. But on the other hand, their bit complexity is not exactly lowering your total amount of communication either...

YHBT

I assert that this post is a troll. I also assert that YHBT.

This message has been brought to you by the troll committee of the .test community. Cherish our balls.

GOOGLE!

Google is currently researching distributed networking through their google bar - couldn't they cooperate on this with distributed.net?

Re: GOOGLE!

[Ruliz+Galaxor]

well, they are testing only with 500 users atm or so... not really that much. When Google is going to be operation for everyone, I think distributed.net is done (at least the rc5-64 and the current ogr will be).

Hmmz... I really hope I can disable the option in the google toolbar when it's fully operational. I prefer distributed over the whatever-google-is-going-to-choose project.

Optimization of Network Usage

[Jouster]

I find this an excercise in futility; if the protocols used to transmit the data are not available to /.ers, we cannot suggest a scheme that would be meaningful. If the blocks are indexed, and all that's returned is an "index <X> complete" message, then a system of proxies sending message like "indexes 1217-1250 completed by my subnodes" to the main server once every hour makes sense. If, on the other hand, the bulk of the data is used to verify that processing actually occured, and that it occured with the official client (which I suspect is the case), we would need to know details of the data being passed back and forth in order to help.

I know that I, for one, have boxen and bandwidth to pull off 3 Mb/s of CPU-intensive network traffic 24/7, but I'm not about to devote my precious resources to something that I don't understand, especially when I haven't even had the chance to ascertain that a solution that utilized my donated resources was, in fact, the best one.

Jouster

Re:Optimization of Network Usage

[Atzanteol]

After running a perproxy for over a year now, I think I can speak to this.

Each 'message' to the keyserver is more like 'ipaddres,date,username,keyrange,size of key range,client version'

They do work in ranges, and dnet has been working to make those ranges larger but not too large (larger == lower bandwidth, but more time need be spent cracking it). If it takes to long to crack a range, that range risks being recycled before a user submits it. It's a very dynamic system that they've been working on for many years now and seems to be doing well. Maybe they could tweak some more for bandwidth, but that would be a question better asked of the fine dnetc staff.

Re:Optimization of Network Usage

[green+pizza]

I, for one, have boxen and bandwidth to pull off 3 Mb/s of CPU-intensive network traffic 24/7

Sweet! What sort of connection is that? The cable modem provider in my area offers very limited "business" symmetric connections up to 5 Mbps, but they charge dearly for it. A lot cheaper than a fractional T3, though.

Re:Optimization of Network Usage

[BovineOne]

The "keymaster" (the machine that utilizes the ~3Mbit/sec) already distributes larger regions of uncomputed work to all of the "fullservers", which are the ones that in turn distribute the actual work to clients after splitting the blocks into sizes that correspond to what is needed by clients. You can see the list of all of the fullservers at http://n0cgi.distributed.net/rc5-proxyinfo.html

All of the chatty, multi-step network communications overhead with dealing directly with the clients is done at the fullserver level, including doing a windowed-history based coalescing on result submissions.

Re:Optimization of Network Usage

[Jouster]

Inform me, in that case, why it is non-trivial to simply increase the size of the work sent to the fullservers?

One possibility I could see is that many needed (unprocessed) keys are non-contiguous. If so, have fullservers keep track of what keys they have sent but not received in the same way the keymaster does now. In order for this to work, clients need to stick to the same fullserver. With that in mind, at install-time, fetch a list of fullservers and stick them in an .ini, and rank them according to ping times. Now the only way keys get repeated is if somebody manually edits that .ini file [note 1], or if a fullserver goes down. If a fullserver goes down, the keys "allocated" to it do not get allocated to the other fullservers for a long, long time to ensure that the fullserver is REALLY down.

Advantages:

1. Keymaster could be run on a 56k modem, bandwidth-wise. (Although it might be interesting to harness the logic chips of a 56k modem to build a keymaster... hmmmm)
2. There's a very high probability that statsbox-iii would only have to query only a few of the fullservers in order to generate stats for any given user, reducing bandwidth usage, especially if there exists a terse "No data received from that user" reply.
3. Because keys that are out of linear order are ignored, there's a high probability that chunky data (1010101101, where 1 is returned, 0 is not), which is likely produced by an unreliable client, is assigned multiple times. The threshold for reporting could be played with, but I would suggest five as a starting point (fullservers only report streaks of five or more keys within their assigned keyspace that are as yet unchecked).

Just a humble little thought,
Jouster

Note 1: Stats only show and only count the last submission of any given key (i.e., delete old entries for that key if you, as the fullserver, received two replies, and programmatically ignore the earliest of multiple replies during statistics aggregation), so it would be pretty pointless to switch fullservers by hand.

Re:Optimization of Network Usage

[Jouster]

Dual OC-3's. Our NOC is a NICE place to be, especially since I bought five 24x CD burners and put them in there. Can we say, "RedHat ISOs in twenty seconds or less"?

*grin*
Jouster

Aliens, crypto or cancer - what's your choice?

[crudeboy]

I think the use of spare cpu cycles is an excellent way to support science, but...
For some time the only one around was seti@home which analyzes noise from space, I think, in search for alien lifeforms, then there's distributed.net doing crypto and math stuff, (correct me if I'm wrong). And then there's people like Intel running medical research in areas like cancer and alzheimer.

I don't know about you, but to me medical research feels a somewhat more beneficial to humanity than search for aliens. Don't get me wrong, I'm not saying that the work done by seti and distributed isn't important or shouldn't be done, just that there's other research that might be more worthwhile supporting.

That's just my opinion, but if you feel the same way, checkout this site.

Re:Aliens, crypto or cancer - what's your choice?

[Sircus]

You're wrong, so I'll correct you :-)

d.net was around a long time before SETI@home - I've personally been running the client since 1997. SETI@home launched on May 13, 1999 (though they were fundraising and doing development for a couple of years before that).

I'm personally strongly interested in cryptography for various reasons, so d.net gets my processor time. I seem to recall various people have concerns about how exactly the cancer project will use the eventual data it collects - i.e. whether the products produced as a result of the project will be commercially exploited - they don't want companies just using this large distributed network to make a fast buck.

Re:Aliens, crypto or cancer - what's your choice?

[crudeboy]

Heh, I stand corrected :-)

Thanks for pointing out the errors in fact, but still the cancer research appeals more to me personally even though I share the general concerns about the use of the results.

Re:Aliens, crypto or cancer - what's your choice?

[NineNine]

As far as I can figure out, the only people who would be "strongly interested in cryptography" would be cryptographers, terrorists, money launderers, and purveryors of kiddie porn. Call me nuts, but unless you fall into one of those groups, I don't see why the interest (paranoia) is warranted. I agree with the first poster. My cycles go to medicine. Whether or not it's commercial, I don't care. If my cycles help to invent a cure that I have to BUY somewhere down the line, I'll gladly buy it.

Re:Aliens, crypto or cancer - what's your choice?

[DataSquid]

I always figured dnet was on the way to UD anyway. This seemed to imply that, but I guess it was just people they took, noth the project. I guess there's no money in cracking crypto ;) The idea of distributed computing has been proven, and I think the original goal of allowing stronger crypto standards in the US has been achieved as well(?), so now it's on to more useflul tasks.

I still like seing my clients from my first job 4 years ago still submitting packets, gives me a nice feeling ;) Wish I never used my real email address though.

Re:Aliens, crypto or cancer - what's your choice?

[Arimus]

Execuse me.... what about large companies who use email etc to communicate between their various branches in other countries? Recently (well a year or two ago) there where a number of articles about the French spying on British and US companies, The British spying on US and French etc... and the gov't agencies concerend passed some details on to rival companies.

As for me... well I like the idea of only my intended receipient reading my emails - the gov't wants the keys they can have them but joe bloggs sitting down stream of my mail packet... can sod off.

Re:Aliens, crypto or cancer - what's your choice?

[Sircus]

I sell a commercial SSH client and dabble in cryptography as a hobby - so I guess I fall in to the first category. There are plenty of reasons to be interested in cryptography aside from the Ashcroft/FBI-mandated ones, though. My issue with the cancer stuff is that if these companies are going to make billions off some cure (and if they come up with a cure, they sure are), I'm of the opinion that *they* should be the ones putting the billions into the research, not costing my cycles/power. I wouldn't give my facilities away to any other commercial venture for free, why should the situation change because they want to make money off cancer patients?

If the distributed cancer network weren't there, and if it's really performing a genuinely useful job for the companies, you can be sure they'd be investing the $x million required to just buy a supercomputer or three to do it for them. So the only difference I see the cancer project making is that it's saving huge pharmaceutical firms a few million dollars. The world's cryptographers, most of whom are academics (ignoring the NSA-employed ones for a minute) don't have the millions of dollars to throw around if d.net wasn't there - neither do the mathematicians interested in the results of d.net's other project, Optimal Goulomb Rulers. As a result, I see d.net as making more of a difference than the cancer stuff.

All that said, those are my reasons for running d.net - you've got your own reasons, and it's your own choice.

Re:Aliens, crypto or cancer - what's your choice?

[Arimus]

And what I tried to add to my original reply but failed as I'd clicked post a second before I thought of it...
Amnesty international amongst others make use of strong cryptography to be able to work in some of the less liberal countries - without strong crypto they'd be fubar'd.

Your reaction is typical of the brainwashing the various supposedly open gov'ts have purveyed over the last few years...

Re:Aliens, crypto or cancer - what's your choice?

[Sarunas]

Don't forget another practical distributed project. Stanford's protein folding project: folding@home

Re:Aliens, crypto or cancer - what's your choice?

[mosch]

If you hold an interest in cryptography, then you should realize that d.net is an incredibly boring application. It does the cryptographic equivalent of proving that it's possible to count to a million, by ones. It's absolutely useless.

If d.net did something interesting, like attempt to find an improved factoring algorithm, or to find a way to perform interesting analysis on ciphertext, then it would be useful. Right now though, it's a 100% useless application.

Think for a moment about what d.net truly does, and tell me with a straight face that it's interesting to either a cryptologist or a cryptanalyst.

If you want to help somebody with your spare cycles, you can help cure diseases or if you're so inclined, you can perform FFTs on random noise. Don't try to tell me that d.net helps anything though; you're kidding yourself if you think so.

Re:Aliens, crypto or cancer - what's your choice?

[RatOmeter]

Read up on the cancer research at United Devices [www.ud.com] or the Chemistry dept at Oxford University [www.chem.ox.ac.uk] who is running said research. It is being funded by donations and any breakthrough treatments that might arise from the research will likely be licensed to the pharmaceutical firms by Oxford, just like happens with any other successful university research.

One of the objectives of this approach to bio research is to *reduce* its cost. Reduced research cost should equate to reduced treatment costs. I don't think it's unreasonable for people/orgs to make money on this sort of thing, as long as it's not usary and the work is productive and benefits human-kind. I think the Intel/UD/Oxford project(s) will be just that.

Re:Aliens, crypto or cancer - what's your choice?

[pne]

Not completely useless... it gives you an idea of how long it takes to count to a million, by ones, on general-purpose, widely available hardware.

For example, they showed that RC5-56 was not terribly secure since it "only" took 250 days; similarly for DES in 22 hours (and I think they did RC5-48 before RC5-56). However, I think that with the time they've been taking on RC5-64 (over four years now, and nearly another year to go to exhaust the keyspace) shows that that key length is still fairly secure against "casual" hackers.

In conclusion, I think that d.net does help something -- it tells people "56 bits bad, 64 bits still decent". IMO.

Re:Aliens, crypto or cancer - what's your choice?

[nmace]

i would do the cancer thing, or any other medical research thing, except fot 2 reasons 1)how do i know that they won't take the cure once it's found and refuse to give it to anyone except people that can afford to pay a million dollars a dose? 2)i don't run windows. all the cleints they have are for windows.

Re:Aliens, crypto or cancer - what's your choice?

[swb]

One of the objectives of this approach to bio research is to *reduce* its cost. Reduced research cost should equate to reduced treatment costs.

Any treatments developed by this will be priced comperably with other treatments of a given effectiveness. Reducing the development costs only allows them to increase their profit margins, in effect subsidizing other drug development efforts with higher costs and less competitive pricing opportunities. Or more cynically increasing the compensation available to high-level executives, which will likely happen anyway.

Capitalists almost NEVER use reduced production costs as an incentive to lower prices without serious competitive pressure, and even then the greater temptation is to act like an illegal cartel and keep prices higher. They almost always price goods and services comperable to like goods in the market and enjoy the higher profit margins.

You can argue that this is good for business, or you can argue its good for consumers in the long run, I think there's points to be made on both ends. But it still leaves a nagging question about who dies and who doesn't because some marketing guy needs a bigger boat.

Re:Aliens, crypto or cancer - what's your choice?

[Jungle+guy]

Dnet was the first project to create a flexible distributed client for internet work. They contributed in the development of distributed computing based on public participation over the internet. Before it, I can remember of GIMPS, but their client performs only one task - searching for new primes. With the Dnet, the same client can be used for different tasks. It is also the most non-obstrusive distributed client, taking up only 2 MB RAM while in background. Other clients can eat as much as 16 MB of your RAM. One could argue over Dnet priorities. They have taken over 1500 days to break the 64-bit encription key, and may take 300 more to wrap it up. But we should hope the project pick up a new goal once RC5-64 is finished, and not disband altogether. In a nutshell, Dnet may not have clear practical goals, but it may be used for the development of distributed computing, that can be put for very practical uses.

Re:Aliens, crypto or cancer - what's your choice?

[OverlordQ]

The reason I do distributed.net is because we KNOW there is a solution to the problem. As for SETI@HOME and UD, they're just stumbling blindly, they're hoping they're going in the direction, they don't even know if they can come up with a solution.

Re:Aliens, crypto or cancer - what's your choice?

[Sircus]

Half of cryptography is (and pretty much always has been) politics. d.net is, in my eyes, a political project. Sure, its political point was more trenchant at the time of RC5-56, but the escalating keyrate still makes a good point about the folly of limiting export key length now.

Re:Aliens, crypto or cancer - what's your choice?

[Decibel]

However, I think that with the time they've been taking on RC5-64 (over four years now, and nearly another year to go to exhaust the keyspace) shows that that key length is still fairly secure against "casual" hackers.

Depends on your definition of casual, but in any case, determining how long a brute force attack might take is still useful. Many security experts use 20 years as the benchmark for how long something should be safe from an attack. In the extreme, this means that if we are able to complete the RSA challenge before 2016 or so (I don't remember exactly when they offered the challenges), then RC5-64 isn't secure.

Admittedly, that's a very extreme view, but given the progress that a group of volunteers has been able to make against RC5-64 I hope it shows that nothing that needs long-term protection should be encrypted with RC5-64 (imagine how long it would take to brute force RC5-64 in 2010, for example).

Re:Aliens, crypto or cancer - what's your choice?

[cabbey]

Have you even LOOKED at d.net in the last two years or so? I'd have to guess not, or else you missed OGR, which can be used for exactly the kind of things you're asking for!

Re:Aliens, crypto or cancer - what's your choice?

Chris, are you a fucking retard?

Re:Aliens, crypto or cancer - what's your choice?

[tedgyz]

Cancer.

Actually, Intel is a sponser. The provider of the service is United Devices.

I always thought SETI@Home was cool, from a technical point of view, but I couldn't get very excited about analyzing random noise from space.

THINK ABOUT THIS: With the proliferation of encryption and compression technology, would we even be able to detect our own data? Ok, sure, it's may be on a carrier signal, blah blah blah, but once we gathered the data, what would we make of it? I think we are boldly assuming that alien transmissions are cleartext. :-)

Anyhow, back to United Devices distributed cancer research...

In 1999, my 3 year old daughter died of a brain tumor. In the process of her treatment I was exposed to the world of cancer research and discovered how little we actually know. After a biospy, they couldn't even classify her tumor. It didn't fit the classification system, which means many of our assumptions are fundamentally flawed.

Most of the cancer "treatments" are just blind guesses as to what might work. Clinical research shows that some treatments have a statistically better effect and are thus put into use.

What appeals to me about the distributed computer research is that it accelerates the whole process of guessing and helps target specific treatments that have a higher chance of working. Thus, the clinical research can spend more time testing better-than-average treatments.

Please consider participating in a truly useful project. Here is the site for my daughter with a link to the UD site:
In Memory of Abby and Kevin

Re:Aliens, crypto or cancer - what's your choice?

[cabbey]

unlike you, no.

get a fucking life ?

hmm ?

Can you imagine.....

A beowulf cluster of Distributed.net?

Re:Can you imagine.....

[Whatthehellever]

A beowulf cluster of Distributed.net?

Actually, this is not feasible. I have spent the last few years designing and building beowulf clusters. A year or so ago, I emailed the the team and asked them about it. Their reply was the way the client was designed currently, the client would not benefit from a computational cluster like Beowulf. Beowulf is a computational cluster, the dnetc client does not use computational algorythms (sp?). It is simply a brute force client that takes an encrypted code and attempts to open it with a set string of keys (password).

Believe me, it would be nice to utilize any one of my clusters to the cause... Maybe the d.net team will read this and perhaps design their next-gen client with bproc extentions for Beowulf use.

that's a lot of bandwidth

[Trepidity]

A continuous three Megabits per second works out to somewhere just under a Terabyte a month. Not going to be cheap.

Re:that's a lot of bandwidth

[HTD]

Um just under a Terabyte, are u sure? When i calculated it assuming they meant 3Mbit/sec (and not megabyte, who knows, they used an abbreviation and are americans...) taking 30 as the average average of days in a month ;) makes 972000000000 bytes a month (says windows calculator) this divided by 1024*1024*1024*1024 gives me approx 0.75186 Terabyte. which is not just under a terabyte i'd say. it's nevertheless a lot - too much for almost any company in europe i think. out of curiosity - how were they able to afford this until now? What's traffic price in the states, or asked different how hard is it to get a green card these days ;)?

Re:that's a lot of bandwidth

[macjerry]

A continuous three Megabits per second works out to somewhere just under a Terabyte a month. Not going to be cheap.

It's going to run about $600/month plus server costs. Bandwidth prices have been dropping rapidly over the past year.

Re:that's a lot of bandwidth

Through whom?

Re:that's a lot of bandwidth

That's only two T1s.

Solution: make money.

[jukal]

How much does reliable 3Mb/s really cost? Their project is already so popular, that it should not be a problem to find ways to make money with it.

When we run the Cyberian RC5-56 challenge we got all kinds of offers from all kinds of companies willing to ship us something, a monster Digital machine for example. And our popularity was minimal compared to them - we had like 1 percent of the amount of clients that they run now.

Why is it a problem in this case? I think that the help that they really need is the services of 1 (one) marketing oriented individual (that's not me) :)

Re:Solution: make money.

[BovineOne]

We get hardware donations occasionally and use them when we get them (the previous stats server was donated, we have had drives and memory donated, and my multi-proc development machine's motherboard was donated). Those are usually not as hard to get since those are one-time gifts.

Getting donations of bandwidth and hosting is harder because those are ongoing commitments (including potential staff-support, and physical colo access, etc).

Direct money donations are also somewhat hard to get. Fortunately distributed.net is a 501(c)(3) organization, which means anyone can donate and receive an income tax writeoff (see articles of incorporation). Tax day is coming up soon, folks! :)

Re:Solution: make money.

[jukal]

Heh! That was the marketing spirit I was looking for!

Keep on the good work guys, it was fun to compete against you on those days. Maybe there's chance to do that sometime in the future as well :))

Anyway, it might be beneficial if you could outline your bandwidth problem in a more detailed way: what does the traffic consists of. What's the peakhour traffic. That way we all could try to think whether we have something concrete in hands which ould help you out. Is there some design decisions that makes it hard to spread the traffic more? Or could the problem be changed by doing some design changes? What's your schedule, is there a date when you will be "cut off"

Best of luck!

Re:Solution: make money.

[llamalicious]

Moderators: up the parent as Informative please.

I'm sure the aliens will cure all our diseases....

[Sarcasmooo!]

...by VAPORIZING us!! YEEAAARRGGHH!!!

Free Cycles?

Has anyone done the math? A fully utilized CPU costs me around $0.05/hour here in California. That's $30 per CPU. Not exactly "free cycles".

Re:Free Cycles?

[NinjaGaidenIIIcuts]

Distributed.net is somewhat seemlike but different to clustering piped via NIC's.

Few processing power is required to handle the I/O between machines, data compression and validation compared to the cpu cycles those will be spend on "internal" processing. This is true for both boxed clusters and distributed.net.

Clustering management doesn't make an impact so the cpus will do all stages of processing "in-house", but due to a different architeture distributed.net needs power to handle "160000 PII 266 MHz".

Don't laugh!

[NinjaGaidenIIIcuts]

more than 160000 PII 266MHz computers

This is a present? For me?

Cool, but they should have presenting me with 10000 Athlons 2000+ plus 10000 Geforce4's and 10000 Game Tits XP instead. I mean, does anybody know why they use PII's 266 MHz as a reference?

Re:Don't laugh!

because it hasnt been updated in a very long time.

Re:Don't laugh!

[pne]

Because they started RC5-64 over four years ago and probably didn't change their frame of reference since then, only the multiplier.

Sort of like how some PC magazines do benchmarks of things such as hard drives with old systems, to ensure that you can compare last week's results with some numbers published two years ago, in a semi-meaningful way since the only thing changed is the different hard drive.

Re:Don't laugh!

[llamalicious]

it sure does sound more impressive to a non-tech than 11000 PIII Xeon 800s or whatever the equivalent would be.
Big number in the front... ooohh look, shiny things.

Reality

[tomstdenis]

The only reason you "submit" blocks is to get stats. If all the clients just did random blocks of keys you'd expect the key to be found equally as fast.

To top if off the finder of the key gets the *full* 10,000$ if they don't go thru d.net.

What incentive is there for d.net now?

Tom

Re:Reality

"If all the clients just did random blocks of keys you'd expect the key to be found equally as fast."

That would lead to a lot of blocks being processed more than once before the entire keyspace was exhausted, increasing the time required.

Re:Reality

[tomstdenis]

Perhaps but how many blocks reported to dnet are valid in the first place?

A real experiment would not hand out the same block to only one person. Heck check out UD they claim to send the same block to at least five people. And I agree its a good idea. That chances that 5 people are cheats is less than the prob of only 1.

Besides, there are teams of thousands on dnet. Why don't they organize their own cache? We already know quite a bit of the keyspace is invalid.

My point is there is really no need for dnet other than stats and glory. My single computer stands about as much chance of finding the key inside dnet or outside dnet.

Tom

Re:Reality

Q: How does the user know they found the winning key?
A: They don't. They only found the first 8 bits. The d.net keymaster checks for 8 good bits, then does a proper check against the full length.

HTH. HAND.

Re:Reality

[tomstdenis]

What the heck is this?

The algorithm probably checks for ASCII characters [e.g. the top bits of each byte is zero]. You can't decrypt just one byte in CBC mode with RC5.

What is to say I don't make my own client that does the same thing except it locally logs such hits [statistically they are 1/256] There are other things you can check too... for example the chars inside the body are likely to be in the range 32..127 which is 96 chars of the 256 possible. Statistically that is (96/256)^8 or 1/2048. There are multiple blocks which gives you 2^{-11N}.

So its just as easy to write your own client. The challenge is finding users. But like I said earlier. If you are going to run it anyways you might as well run your own client. You stand equally as much chance.

Tom

Re:Reality

[NevDull]

My single computer stands about as much chance of finding the key inside dnet or outside dnet.

'cept that you probably wouldn't write a search client. I know that you seem to be saying that they're nothing and you're something, but *they're actually doing something*.

Re:Reality

[GigsVT]

They use false positives to check for this. They send the client a deliberate false positive, that way since a cheater is going to be sending back all negatives, they can find the cheaters.

Re:Reality

[tomstdenis]

I probably wouldn't because what does this prove?

Nobody in their right mind uses a 64-bit key for a symmetric cipher anymore. Its essentially assumed that its not a good idea. Most people just default to a 128-bit key and pray that the rest of the cryptosystem is worth the same.

See what the dnet people miss is that while a long key is a good idea to encourage, good crypto practices such as

1. Lots of eyes on the code
2. Open peer review [encourages good coding lest you want to get embarrased]
3. Good passwords
4. Secure clients [e.g. no viruses]
etc...

are more important. All dnet is proving is that >250000 computers can attack a 64-bit key in four years. What they fail to mention is to attack a 128-bit key will take 2^64 more time [or more computers in the same time] to solve.

Whoopy.

Tom

Think of all the cpu cycles wasted!!!

Just think of how many cpu cycles will be wasted if they are forced to shut down... boggles the mind!

2 Mbps DSL

[green+pizza]

I get about 2.0 Mbps from my "2.2 Mbps" SDSL connection. If two other folks such as me were to pitch in, I think we could handle it. Not sure if this would classify as business use, if so I would have to hand over another $25/month to my ISP.

Re:2 Mbps DSL

I get about 2.0 Mbps from my "2.2 Mbps" SDSL connection. If two other folks such as me were to pitch in, I think we could handle it. Not sure if this would classify as business use, if so I would have to hand over another $25/month to my ISP.

If you think that you're really getting 2 Mbps for $50, try using it all, continuously, for a month or two.

Your ISP is likely paying $300 a month for each Mbps of connectivity to larger networks. You think they're really going to let you use 2 Mbps?

Maybe Speakeasy to the rescue?

If we all ask them really nicely, maybe Speakeasy would take them on. I mean, they're one hell of an ISP and mirror RPMfind too...

Re:Distributed viruses?

Why would anyone want to run such ditributed programs. A better potential virus vehicle I have never seen. Why would anyone entrust such code to run on their computers? How secure is the main site against attack (where the client program is downloaded from)?

Pointless project by now

[Skuto]

Distributed.net has gotten to be a more or less pointless project by now.

Originally, the point they wanted to make was that 64-bit RC5 was not strong enough to protect privacy.

They started, what, 4-5 years ago? About 30 000 computers running for 4 years can't break 64-bit encryption. Geez, I'd say that, if anything, the conclusion would be that 64-bits is plenty for shopping etc. unless you've got some really _big_ secrets. Certainly plenty for day-to-day mail. More or less the opposite of what they wanted to prove.

Nowadays they've added the OGR stuff to appear at least a bit more usefull, but in reality, the applications of those results are very limited.

Really, the right thing to do is not to waste power on such pointless projects.

--
GCP (Moderation suggestion: -1 Disagree)

Re:Pointless project by now

[The+Whinger]

I'm not sure that it is a pointless project. The dnet project is quite interesting mainly because of the scale of the thing and the fact that they've managed to balance it all.

I would be very suprised if the future of the 'net didn't focus around sharing computational power, distributed computing and storage on-mass. As such the distributed.net effort is a great starting place to learn from.

Of course - there are still hundreds of other issues not covered by dnet. The reality of the 'net is that it is STILL in its infancy. It has a lot of growing up to do - and lot of issues still need to be solved that are currently buried deep into its complexities. Such as search engines - as the web grows these become increasing flaky.

Re:Pointless project by now

[ComputerSlicer23]

Actually didn't they start out to prove that RC5 was good, and that DES was bad? I was pretty sure that the original goal was to prove to the government that a couple geeky guys could break any encryption that was legal to export at the time it started, and that wanted them to extend from the lower number of bits to a higher number of bits. I know they can do DES in no time flat. I believe they were attempting to prove that a machine that can do DES in a day, can't do RC5 in less they several years, hences lots more secure.

Either way, they the only co-lo I know of in Texas is Rackspace.com. I don't believe they will give out space for free, but you could check.

Re:Pointless project by now

[CrackerJackz]

Waayyy back when I remember the "days to exaust keyspace" was well into the thousands, as PCs have gotten faster the project would take less than a year to finish now ...

Re:Pointless project by now

30 000 home computers can't. One single custom designed processor hive that can crunch just the type of maths.. Cracks your banking session in less than a second. Costs only like million usd.

What it costs.

[mbone]

In most areas of the country, a single rack in a colo / exchange facility costs $ 1500 per month or less, and 3 Mbps would cost ~ $ 1200 per month. They didn't say how many racks they need, but at that bandwidth, my guess is no more than one or two.

So, they have been getting $ 3000 per month or more of free bandwidth and rack space.

IMHO, if their work is really important, they should be able to raise $ 36K per year from the crypto community.

Don't link to the original...

[mmol_6453]

It's just a suggestion, but wouldn't it make sense just to link to the Google mirror, rather than the site itself?

Of course, don't bother trying if Google hasn't had time to cache the site yet...

Easier to sell if not so useless

There are lots of better uses for spare cpu cycles than solving a puzzle of arbitrary difficulty. What happens when you get a solution? Just throw in another handful of bits, and start again? And this is science _how_?

The only science here is proving once again that humans can be lured into competing on any basis. This is really no different than the SUV gap.

Re:Distributed viruses?

[BovineOne]

Client downloads are PGP signed http://http.distributed.net/pub/dcti/v2.8015/ and are served by machines that mirror it (via rsync over ssh) from a tightly controlled host, which is not one of the servers that actually publicly serve the files. Although the binaries are pre-compiled, the original source code is open for review at http://www.distributed.net/source/

Distributed Medical Research...

[vandan]

I was interested in what you said about Intel & their distributed cancer research, so I checked it out. Unfortunately, their site is a little scarce on the details of who this research benefits.
However it does mention that finding drugs to combat various diseases is a first priority. So I assume that a particular pharmecutical company would benefit from this, as would a small percentage of people with cancer who also have private health insurance.
I would want my CPU time going in open-source medicine, and not someone else's patent that will be abused to make the most money possible.
I'm not saying that this is the case with Intel's distributed cancer-curing client, but it kinda looks like that given the lack of details of beneficiaries.
Anyone know for sure?
I might email them...

keyservers?

[oyenstikker]

Do people running their own keyservers for their teams help with the bandwidth at all? If they requested (required?) that each time over a certain size run their own keyserver, might it help?

Re:keyservers?

[BovineOne]

Running our personal proxy for large teams (particularly if they are all at a single corporation or a single school) can indeed help, because it reduces some of the overhead of communications with each individual client. There is also some optimization done by the personal proxy to allow it to request larger blocks of work and partition it into smaller portions when it finally distributes to the actual clients.

However, this doesn't reduce the bandwidth at the keymaster any further, since this sort of splitting is already also being done at a larger scale between the keymaster and fullservers (and the bandwidth issue is with the keymaster, not the fullservers).

Folding @ Home on Linux (and URL)

[mj]

I run the Folding @ Home client on Linux, and it runs quite well!

I prefer to use my spare cycles for Medical research.

http://folding.stanford.edu

Re:Folding @ Home on Linux (and URL)

[Jello7]

A much better protein folding project for medical research purposes is the Distributed Folding project.

A fancy OpenGL version of the screensaver is available for Windows and the coolest ASCII art screensaver ever is available for every other platform you could shake a stick at... Actually, just:

• Linux 2.x and higher (Redhat 6.2) (gcc)
• Linux 2.x and higher (Redhat 7.1) (Intel compiler)
• FreeBSD 4.5 and higher (Intel CPU)
• IRIX 6.x (64-bit)
• Solaris 2.8 and higher (64-bit)
• Macintosh PowerPC-Linux 2.x
• Macintosh PowerPC Darwin/OSX
• Compaq-Alpha-Tru64

Folding @ Home on Mac OS X

[mj]

Also available for OS X.

(same URL)

Folding at Home

Issues Resolved?

[moonboy]

I just saw this statement at the bottom of their front page:


distributed.net and United Devices join forces: distributed.net and United Devices have announced a partnership which will combine the skills and experience of distributed.net with the commercial backing of United Devices. Several distributed.net volunteers are leaving their old day jobs and joining United Devices full time. United Devices will be providing distributed.net with new hardware and hosting services, as well as sponsoring a donation program that will help support distributed.net's charitable activities."

I guess they are okay for the time being?

Re:Issues Resolved?

[BovineOne]

Although United Devices is currently graciously hosting some of the displaced distributed.net hardware temporarily, they've indicated that they are not willing to do this long term (which is quite a reasonable decision, since it is a lot of bandwidth).

Note that several of the distributed.net volunteer staff (including myself) do indeed work for United Devices during the day, and that our employment there began awhile ago (more than 15 months ago), so that partnership announcement is not really related.

MOD UP

mod this post up

Re:Distributed viruses?

Very few people actually check the PGP signature - and even fewer people compile the program from source. They generally just download the pre-built binary and run it. If a server that serves the file is compromised, all binaries on it can also be compromised. Availability of source code means very little in this case.

University?

[BacOs]

Since the distributed.net projects are very research oriented, it seems like a well connected university could provide the hosting and if the university was already into encryption research, the distributed.net projects would mesh quite well.

Gambling regulations

[yerricde]

Since it's a "contest" with cash prizes, why not charge people to enter.

d.net can't do that because under the regulations of many U.S. states, that would be considered "gambling."

Re:Gambling regulations

[billcopc]

Well then, somebody slap MP3.com's Payback for Playback scheme. You have to pay 20$ to be eligible to earn royalties, yet said royalties can vary wildly from one month to the next, depending on MP3.com's financialists' mood. It used to be that a decent artist could rake in a couple thousand bucks per month, now even the biggest, most whoring 'artists' earn only in the high hundreds. That sounds like some bastardized form of gambling to me.

Re:Gambling regulations

[Jouster]

In actuality, gambling regulations wouldn't apply to that scenario. Because d.net uses a 100% non-random criterion to select a winner (namely, whether they found The Key), it's not a contest, it's a competition.

That said, IMHO, would most people pay to participate in d.net? No.

Jouster

10mbps/sec internet is cheap in Tokyo..go there..

[takochan]

Internet connectivity in Japan (home of Imode
among other things) is way ahead of the states/
europe, so why not move the server there..

NTT sells business connections via fiber to
the internet (10mbps and 100mbps/sec), for
something like around $200 or $300 month
depending which you choose, including
the ISP fee. Connectivity to the US and Europe
is pretty good (low ping times), generally.

[BTW, You can get residential (ie. dynamic IP)
for about $75/month, which is what I have here in
my house..

..its very cool, the hardest thing was actually
finding a router that could route that fast,
(linksys..etc, are too slow, max out at 5mbps or
so), but some Japanese companies make them
now.. it connects to an 100mhz PC I got for
free from the bin, which now runs as a linux
webserver (and linux, being so cpu efficient,
has no trouble keeping up..as well as more modern
machines I use for my desktop), but the server
does a great job serving web pages & the like,
running video conferences to the US..etc..

So if you need bandwidth, come here..
Very cool..

Someone please explain...

[karlm]

Finally I've got a good excuse for not carefully reading the article :-)

Thier site is popular enoug that it would seem to be a good time to experiment with moving the http stuff to freenet, since it's only updated once per day. The people willing to download the dnet client are would seem to be some of the most willing people to download the freenet client. Freenet is designed so that the slashdot effect actually increases reliability and speed of acess for the commonly requested data. Distributed.net would seem to have reached a critical mass of readership in order to have reasonable reliability for its freenet page. Your could have the client get your team and individual scores sent to it as part of the block submission cinfirmation.

It would seem to me that they could arbitrarily reduce their bandwidth requirements by increasing the minimum size of keyspace portions they're handing out. It would seem that thier project traffic would be (or could be made) the same for each work unit, regardless of the size of the work units. Bigger work units are really only a problem for clients that are turned off and on regularly. They client still only needs to keep track of current state (current key in the case of RC5), the final state of the work unit (last key to check for RC5) and the current checksum for the work unit. None of these change in memory requirements as you increase work unit sizes. 99% of the people don't know the work unit size anyway, so changing the work unit size won't cause many people to complain, particularly if it's necessary to keep dnet hosted.

Unless I'm mistaken, the server really only needs to send the client a brief prefix identifying the message as a work unit, followed by "start" and "stop" points for the computation. For RC5, this would mean a 64-bit starting key and a 64-bit ending key. I haven't sat down and worked out the cannocalization scheme for GRs, but it seems that they are countable (in the combinatorics sense, not the kindergarten sense) and could be represented fairly compactly. The current minimum ruler length need not be sent, snce you'd probably always want the client to send back the minimum ruler length in it' work unit anyway. The client would need to send back a work unit identifier (this could be left out, but it's not strictly safe) and an MD5 sum of all of the computational results or some other way to compare results when they duplicate work units. (A certain percentage of the work units are actually sent tomultiple clients in order to check that everyone is playing fairly.)

Re:Someone please explain...

[essdodson]

The work packets are already incredibly small. 200 bytes represents anywhere from 2^28 keys to 2^33 keys. At this stage in the rc5-64 contest the blocks are getting smaller as they've already run through they keyspace once and the little tidbits are left to be accounted for.

distributed.net was useful in the past

[athmanb]

By proving that RC5-56 can be broken by simple home PCs (with an algorithm as simple as you call it "counting to a million by ones", they IMHO did a large part to educate lawmakers that the age old U.S. export restrictions have to be overturned.
And they succeeded in this.

What I however don't understand is why they kept doing their cryptography projects afterwards. Proving that RC5-64 is breakable while you can buy 256 bit encryption freely is indeed just a stupid waste of CPU cycles and bandwidth.

I'd like to see them discontinue RC5-64, and concentrate their work on OGR and maybe on other, new projects.

Re:distributed.net was useful in the past

You CAN buy 256-bit encryption scheme products. Still there are those relatively unsafe 64-bit ones around and we must get rid of them.

Who cares?

[athmanb]

Honestly.

We all know that eventually, the key is going to be found, and some stupid message will be deciphered ("Congratulations on solving the 64 bit challenge. blablabla")

Why waste trillions of CPU cycles and thousands of $ in bandwidth to find something out that we already know is true?

Sorry, my CPU time is taken.

[Fourier]

You know, I would help out with all this distributed computing stuff, but my spare CPU cycles are all taken up running multiple instances of Progress Quest.

D.Net Obsolete?

[okie_rhce]

Seems to me like this story makes distributed.net obsolete.

Re:D.Net Obsolete?

[Diphthong]

not quite -- that /. story was talking about RSA, a public-key algorithm. the problem is that the 2^1024 keysize doesn't actually require you to try 2^1024 keys in order to break in -- kewl stuff lets you factor such a number more easily than that.

D.Net is trying to crack RC5, a symmetric-key algorithm. at the moment there's no better approach than brute-force -- checking all 2^64 possibilities.

64 bits is enough

[heroine]

The original idea of distributed.net dates back to when the government was conspiring to restrict the number of bits in encryption and students protested that 64 bits wasn't enough. Well it may be technically breakable but economics made it unbreakable in the end.

Windows on Intel - what's your choice?

[staplin]

I agree that the medical research might be more worthwhile to support, but AFAIK there are only Wintel clients available. (Case in point, United Devices and even your own link to Intel.)

That leaves an awful lot of non-intel boxes, and even non-windows intel boxes with spare cycles that can't participate. Until they have the option to do so, I anticipate a lot of cycles going to 'less worthy' causes...

The key is random

[yerricde]

Because d.net uses a 100% non-random criterion to select a winner (namely, whether they found The Key), it's not a contest, it's a competition.

What's so "100% non-random" about how RSA Labs selected the key?

p2p

[gunix]

these things with sites loosing their hosting, things are removed from the net... it makes me feel that a p2p solution would be great! Don't ask me how... I just feel that could solve some of these problems...

3mbit/s ? Pfitt!

I dont understand how can this be a problem, I can get a dedicated server with a 3 mbit/s capped for less than $500 a month. If you want to pay per gig and get fully burstable link it's going to cost a little more, but still it's going to be less than $1k month...

Icq 9482144

The Spice of Life

[NoWhereMan]

I think the use of spare cpu cycles is an excellent way to support science, but...

Each project has it's own benefits. I completed 5000 SETI units and now I am looking for prime numbers. If you feel that strongly about medical research, then good for you. I did not like the bandwidth problems SETI kept running into. I decided my spare cpu cycles would be better spent elsewhere. I share the same concern others have expressed about how the medical research data will be used. Some companies think they can patent my genes :(

I recommend that people look at all of the distributed projects. I suggest that you can support more than one. We can learn from all of them.

BTW, the EFF supports GIMPS. Maybe I will get back that money I have been donating for the last few years ;-)

RC5 fights Scientology *gasp!*

[dex22]

Yes, it's true.

The Knights of Xenu are currently ranked 45th...

They're team 3504, so if you aren't yet affiliated with the team, or are new to the distributed.net effort, please feel free to join that team and help bring more exposure to the insanity that is Scientology :o)

Distributing Distributed.net

[MrZaius]

Wouldn't the hosting problem be fairly minimal if they distributed the key generation/distribution/whatever using peer2peer tech? It's not as though it doesn't have the infrastructure there yet. People have already been willing to give up their cpu time, and I suspect that 10-25% would be more than willing to give up a small chunk of their bandwidth as well.

Don't /. use Google cache

[dr_zeus]

Google

So many begging for something on Slashdot

[g_bit]

Why do care? Why are so many organizations begging for money, bandwidth, or something else on /.? This is pathetic!!

Re:So many begging for something on Slashdot

[Sponge!]

If you will note, distributed.net in and of itself as a whole, did *NOT* submit the story to slashdot. It was submitted by a third party who is in no way whatsoever related to distributed.net.

Re:The Spice of Life (Reworded for comedy)

[matrix29]

I think the use of spare fart cycles is an excellent way to support science, but...

Each project has it's own benefits. I completed 5000 [www.farts.com] fart units and now I am looking for prime farts [www.farts.net]. If you feel that strongly about medical fart research, then good for you. I did not like the bandwidth problems [www.fartfarm.com] kept running into. I decided my spare fart cycles would be better spent elsewhere. I share the same concern others have expressed about how the medical fart research data will be used. Some companies think they can patent my farts :(

I recommend that people look at all of the distributed farting projects. I suggest that you can support more than one. We can learn from all of them.

BTW, Breaking Wind: Legendary Farts [http://www.pitt.edu/~dash/fart.html] supports Literacy. Maybe I will get back those beans I have been donating for the last few years ;-)

There's something you've forgotten

You win money if you find the winning key.
That's worth your spare cycles, even if you're not interested in the crypto application.

We can help.

[lw54]

We have colocation bandwidth for $87 per 1 Mbps with 99.95% uptime SLA. We have a secondary connection for $262 per 1 Mbps with 99.99% uptime SLA.

Please feel free to email sales@tiernetworking.com for more information.

Re:10mbps/sec internet is cheap in Tokyo..go there

Shipping several boxes from Texas to Tokyo in a few days is gonna be a real dog, cost-wise.

3Mbps is literally nothing at the right placetime

[daemous]

3Mbps is puny and **could** not cost a thing network-wise in the right place given the right schedule. Most bandwidth is priced on the 95th percentile of usage, and is based on the highest of the inbound and outbound traffic. Here are a few things to note:

a) a large company or website with localtime 9-5 employee or website traffic greater than 10Mbps peak could do almost anything any time between 5-9. Limit the upload and download client activity to this timeframe and you have it solved for 2/3rds the day. Not a 100% effective, but not too significant if the workload pieces are multi-day. If you're concerned, you could somehow chain two of these companies around the globe and you have free bandwidth 24hrs a day.

b) a mainly outbound company (e.g.- large website) could receive data at any time of the day.

c) a mainly in-bound (corporate) company could send data at any time of the day.

Maximum Uptime?

[I+have+nutsack]

Cheerio!

I've found that maximum uptime is easily attained when I'm holding my satchel (within which I store and transport nuts). When my satchel, or "nutsack" is firmly in my left hand, my uptime is tremendous. In fact, I've been known to have uptime of days or weeks.

This is easily measurable, as I've set up an snmp-based physical uptime monitoring system, to monitor my equipment. I have numerous charts and graphs for your perusal, if there's interest.

-I have nutsack

Try your webhosting provider

[Milican]

I sent an e-mail to my guys at pair.net and they said they would look into it. They also said thanks for pointing the site out. Maybe some of you guys can try some other hosting sites? Worth a shot!

JOhn

Too weak crypto!

Our present crypto in for instance browsers is WAY too weak. You can build with couple million $ a machine that can crunch open everything in for instance the competitor company's intranet. 64 bit encryption is a joke. As is the "high" encryption 128bit. 512? Bah. 1024? Bah.

We need way more strong cryptography. They won't let us until we break the current ones. Distributed.net can prove that breaking the current crypto is feasible. Dnet is a lot more useful than for instance seti@home which is completely irrevelant and useless.

At least *I* don't like the current situation where people can see my credit cards numbers on the 'Net. I don't know about you...

Re:Distributed viruses?

[PerryMason]

I am sure that there are mechanisms in place to verify the PGP signature at regular intervals. All it would take is to run a friggen cron job to download the binary, PGP test it and return a result. Hell, i'll do it on one of my boxen at home, i'm sure the momentary interuption won't inconvenience the machine's real work of rc5 cracking. :)

there are other valid distributed challenges

all this talk about distributed computing
and NOONE seems to have mentioned
the MersennePrime project

http://www.mersenne.org/

..AND theres a big financial prize!

Re:The Magical Fruit (Reworded for comedy)

[NoWhereMan]

That was quite a tangent ;-)