Slashdot Mirror
Distributed.net Captures Laptop Thieves.
Octal writes "According to this story, there is a little-known advantage to running a distributed.net client from your start-up script. On two separate occasions, laptops have been stolen, and then returned, by tracing the IPs of rc5des clients that criminals forgot to remove."
This is almost like the new car tracking alarm systems.
You realize of course that if this had been some Microsoft program running that kept track of user's IP addresses, people would be having a fit.
An example of doing the right thing paying off.
Injured software engineer fights back against Mattel!
Umm, didn't millions bitch when Intel tried to do that exact thing a couple months back? Correct me if I am wrong please.
Well, in a way if you are connected to a local network you have a unique identifier. All ethernet cards have and broadcast an id. On a local network it is fairly easy to find your computer's ip address (tcpdump). Of course you could probably walk down the hall and find it just as easy. If there was a method to connect to a server and have it report all the ip's and ethernet id's on the local net back to a central server you could locate stolen equipment. It will only work when you have an idea what region the machine is in. Computer theft on a college campus would be a good example....
Columbo episodes aside, most thieves aren't stunning intellects -- they just swipe stuff.
Hey, this exact same thing happened to me as well. One Saturday someone broke into our offices and stole two PC's that had the client running on them. Both were set to get blocks from a personal proxy (which logs incoming blocks) and set to 1 block buffer. When they were stolen, hence unplugged, I was able to dertermine the time within 30 minutes by looking at the last entry in the proxy logs.
:)
Unfortunately the machines were running NT so its very likely that they were formatted before being connected to the internet again, so we never caught the criminals. But its a cool story
Its pretty plain to see for anyone the differences. This guy is just an astroturfer -- ignore him.
Amen, brother. Praise the source. Halleluiah. etc. etc.
You should post your email address, so we can get you thrown off MediaOne.
It's a dicksize thing for the people competeing.
Contrary to popular belief, most thieves are not computer experts! Yes, it's true! In fact, many thieves do not even have a college degree! This is whats wrong with America's education system today. We have criminals that are computer illiterate. Truly the most surprising and disturbing thing I've heard in a long time. Idiot.
No everyone thinks this is a good idea. I mean if you signed up to use distributed.net and then YOU asked them for the logs it's one thing, but what if they gave out your logs to someone else, without a warrant? Check out this article over at Mindsec.com to see what I mean.
As HNN posted, and we posted at mindsec.com.
http://www.mindsec.com/misc/distnet.html
I talked to them voice about what they did,
they didn't seem to see the problem.
Well you had better check that trust you have.
I don't care if it is for good or bad, you
should NEVER give out logs like that. And
this is NOT the same as a web server logging
your IP, because it cross references to your
email address. (All statements are assuming
an average person, who did not take special precautions to use a different email address
or proxy)
I tried running rc5des on my laptop but it got so hot, and the fan was running all the time, that I had to remove it. At work I had a CPU blow out a month after I started running rc5des on the machine; now I only run rc5des on machines that are well endowed in the cooling area. Anyone else had problems with overheated CPU's when running rc5des, SETI etc?
Dang, Thanks... I've been looking for the gps equipment in this machine for a long time. Guess I don't have to worry about it anymore.
Sorry, but unless you take unusual (obscure) measures to protect your hardware in this fashion, it will be all too easy for a smart thief to set up a private Internet which feeds the notebook all the data it wants to see.
This is one instance where Security Through Obscurity works...
Microsoft GPS Computer Locater v2.xx . . .
Initializing GPS . .
Connecting . .
Transmitting computer location . . . .
Location transmitted to database.
The dots were timed out randomly, and for the version info I just copied something from a real Microsxxx driver, so it looked pretty real to those who didn't know better (like most of the people in my office). Obviously this would never get back a stolen computer, but thinking of the reaction of anyone who stole the computer and saw this when they turned it on was enough.
M
Anyone running distrubted.net software on a laptop most likely installed it themselves, and is fully aware that it sends information back over the network.
Choosing to do something it totally different then software that does something you're not even aware of without your consent. THAT is a privacy violation.
There is no way you can "verify" that latter answer without actually redoing the entire work yourself, in which case there would be no point in asking others to lend you their CPU time in the first place. Even though you know the key yourself, you can only detect the liar if he claims having searched the part of the keyspace it is in and still not found it. All the other sections of the keyspace would remain in doubt, and the challenge would be useless as a measure of how hard it is to search the entire keyspace.
Now, could someone come up with a way to verify by looking at the data submitted that the computer is still safely in the hands of the owner, then we would get another benefit from the d.net project (as well as getting this thread barely back on topic).
Relying on the fact that the bad guys have used only a single ID works only as long as the risk of getting caught this way is minimal. As soon as you start labelling all reports by the same submitter as faked, they will start obtaining multiple ID's to the point where your attempts at detecting them will be meaningless, much like you can't eliminate spam by listing the e-mail addresses of all the spammers.
There will simply be more rogue keyspace searchers than keyspace blocks per searcher (or more spammers than spams per spammer), and your 0.1% sample will detect only about 0.1% of the rogue keyspace blocks submitted. This will still leave the integrity of 99.9% of the submitted blocks in doubt.
However, if you are somehow able to check a randomly chosen piece of data in each keyblock submitted, then you stand a pretty good chance of detecting blocks where more than half the data has been faked. Is that good enough for the application at hand?
You won't save any money by having someone search your premises for that missing $100 bill, and then hire someone for $100 to follow him around and make sure he doesn't sneak the money away and pretend not having found it.
I have a laptop for work that's plugged in 90% of the time. The reason I don't have a desktop is so I can use it at home (plugged in) as well. So for me, it's not dumb at all.
My boss just asked me to install rc5des on all of the machines here. I've got no choice but to boost my keyrates...
>They wouldn't have to crack your Linux password, >they would just have to boot off a Linux
>boot floppy,
Maybe on yours, but mine is configured to boot only from the hard drive, and changing *this* requires a password stored in flash memory (or whatever it is). Eliminating *that* can be done, but iirc, it's going to take special equipment (remove chip from board & flash) or a dealer.
If my system gets stolen, they'll try booting up, see some wierd screen that doesn't say Win95, give up, and format the hard drive.
--
Wow! The found the thieves because the stolen laptops had an application that contained a unique UID, and sent periodic network announcements to a centralised body.
:-)
Gosh, if everyone had one of those on their computer, computer crime would be greatly reduced! And if it was built into the OS or even the firmware, it would be hard for thieves to remove.
So, let's petition Intel and AMD and MS to get together so that all new computers report in a unique ID to a central body over the network whenever they have a live net connection.
Yeah! That'd be great..
giggle
-----
It seems to me that this would be an ENORMOUS performance impact on the clients as they are. People keep shouting for them to code it "right", and do it only in the True Method of All Things Coded: OpenSource, but what they don't realize is that in order to beef it up cryptographically to ensure that results are indeed calculated and not forged, you'd have to take an incredible performance hit.
Now would you honestly prefer that D.net progress be *halved* as a result of them turning to the Good Side of the Force? C'mon..
I completely agree with D.net's reasoning and their decision to remain closed for now.
I'm not "bashing" OpenSource. I simply feel that there are certain times when keeping your source code closed and proprietary is perfectly justifiable. This is one such case.
And yes, performance will be *drastically* reduced. Perhaps not halved, but at least on the order of 20% or more.
All of these calculations have been optimized to an obscene degree. It's all done down to the assembly code level. Taking and storing mid-calculation data and performing a checksum/cryptographic hash/whatever on it will be an *enormous* performance hit, relative to the highly optimized calculation loop that's being performed on the data.
Now I have no actual numbers to base this on, but I believe the D.net crew said almost as much (with a number in the same range) on their web site, or in some message someplace. Check out their FAQ or something for details. They explain why they remain OpenSource, and I think their explanation is perfectly adequate.
You're totally right. All closed source software is inherently EVIL, and all companies who release closed-source software are themselves spawns of satan.
Who cares if we have to make all of our software cryptographically secure if we want to be able to trust their output? Who cares if this security HALVES the performance of CPU-critical tasks like D.net? OpenSource is always good, and if making programs cryptographically secure is the only way for OpenSource programs to give us trustable, reliable results, then by golly that's the way it must be done, because OpenSource is the True Path. OpenSource is the Light. Programming to pay bills is the path of the Dark. Fear the Dark. Oppress the Dark. Closed-source programming is the path of Evil. All evil must be destroyed.
Not necessarily. It should work this way: when the client checks all the keys in a block, it saves the results of the intermediate calculations, and hashes all of them via a semi-secure hash function (md5, sha1). You just have to be careful that these intermediate values are hard or impossible to get without the real computations; for example let them be the last bit of the supposedly decrypted text (which then looks invalid).
Then, occasionally, you check some of these values by hand (or, the horror, by sending the same task to another individual :) and if there's a mismatch, you know one of them is lying about his performance.
You need to check only a small percent (i.e. probably less than 0.1%) of these values anyway, since anyone trying to fake his keyblocks will want to do crank out much more false keyblocks like those pranks before.
The only question is where to store these additional values, as it might take a significant amount of storage to administrate the keyspace anyway, but I think it even sufficient to store a few bits (at most 32) of this hash to be able to catch the bad guys.
Now I can only hope the distributed.net guys read this :)
"Ten years from now, they could do it in a few seconds." -- The Racketeer of the Hellfire Club, 1993, Phrack 42
Who said halved??? I just devised a method which provides a way to prove that a given block is incorrectly submitted as done. Inexpensive even in the storage point of view (just a few more bits for each block to store, where the submitter ID is already stored); and there's no need to check all of the results, just the suspicious ones. Done correctly, just slows the progress down possibly even microscopically. The "cryptographic" method to compute these bits is actually very fast too, MD5 doesn't take too long for a few bits per N blocks at the clients. And might be even unneeded as the final bits of computations are probably hard to get anyway...
Oh, and let me ignore your opensource bashing.. Why do you think people can't abuse the closed source version too? This simply seems to be a way where you can be safer than that, even with open source clients...
"Ten years from now, they could do it in a few seconds." -- The Racketeer of the Hellfire Club, 1993, Phrack 42
Well, I think the only "reasonable" (ehrm) incentive to "fake" results is having a large keys/sec value, and if you have multiple id's, you won't have that :)
I think by carefully looking at log results they would be able to get most of the bad guys anyway. IP address, submitter id, submitter team; some of them must repeat frequently if you use a fake client...
But having just sending a few bits of result (i.e. 32 bits for each keyblocks, each meaning the xor of the last bits of the particular cleartexts from the 1/32 of the keyblock) is basically what you and I am saying too, I like "my" way because by storing less bits you can store more proofs to check later if someone looks suspicious, whereas for a random check it's more wise to send more bits (the more to chose from, the more sure you can be faster by checking it).
"Ten years from now, they could do it in a few seconds." -- The Racketeer of the Hellfire Club, 1993, Phrack 42
"when" is exactly the point of the d.net rc5 and DES efforts. the first DES contest took d.net what, a year or so to crack? the second fell in a few months, and the third DES contest completed in less than a day. the point is to show how long des/rc5 can stand up to brute force attacks.
imabug
"For I am a Bear of Very Little Brain, and Long Words Bother Me"
I suppose cracking times can help show how vulnerable an encryption scheme is to brute force attacks. Whether it's a dedicated machine doing it (like EFF's Deep Crack) or a bunch of computers working part time on it (like with d.net), if the method can't stand up for very long to a brute force attack, are you going to use it? DES III fell in less than a day. Granted the key was found in the first 1/4 of the keyspace, but that still means less than a week to crack DES just by brute force.
Calculating how fast a keyspace can be searched is easy. The d.net effort is *showing* how fast it can be done. I think when DES III fell, everyone involved was shocked at just how fast it took, even though they could calculate the top keyrate, how fast it would take to ramp up to that keyrate, how many participants it would take, etc. it turned out to be a very graphic presentation on how weak DES is now. That's what the contest is about I think.
But d.net is about more than just cracking encryption. it's about the power of distributed computing. cracking just happens to be a good illustration of DC.
"For I am a Bear of Very Little Brain, and Long Words Bother Me"
>BTW: 1) d.net client source is still closed. d.net is an insult to the Open Source community and we should have nothing to do with it.
i don't recall d.net ever having claimed to be open source, so how can it insult something it isn't?
imabug
"For I am a Bear of Very Little Brain, and Long Words Bother Me"
The distributed.net client takes active effort to set up. The Microsoft tracker is enabled by default, and takes active effort to disable. That distinction makes all the difference in the world.
Didn't some (older?) SGI boxes require an IP connection to boot ? I think I heard that, havent seen it myself though...
:)
It could be a nice feature to have in firmware. Connect to the vendors' ``bootup registration'' server, send a unique id of the hardware along with some information (like IP/subnet/routing).
The story I heard about the SGIs was, that it was an anti-theft measure.
However, I wouldn't count on having Award or any of the other PC bioses hold an IP stack anytime soon though...
If someone wrote a daemon (regd) that was run right after the network came up, which did this registration, there could be a good chance that any asshole thief would at least boot the machine once before he wiped the drives.
Do I smell a project here ?
BTW: 1) d.net client source is still closed. d.net is an insult to the Open Source community and we should have nothing to do with it. 2) I think running something like this on a laptop is dumb -- save your battery instead.
--
Fuck the system? Nah, you might catch something.
The idea that anyone would steal a computer and then operate said computer on a public network without reformatting the drive or otherwise replacing all identifying parameters... well, I don't know whether to laugh or cry.
Serves them right, of course. It just goes to show that good wins because evil is generally stupid.
---------------------
the SlashDot spellchecker:
---------------------
John 3:16 - God's Public License
I used to follow the ICQ newsgroups and I had
tried helping someone do this exact thing. They
said their computer was stolen but a friend
had seen the account logged in after it was stolen and even had a copy of her contact file
that contained that last IP.
I didn't know if that IP was accurate. But I
explained about locating the ISP and contacting
them. I detailed what had to be done, whether it
was to traceroute by themselves, or ask Mirabilis to help them trace the logins of that account. Actually, I think I had asked Mirabilis for login
information but the answer was that they did not
have any logging in place so they couldn't help.
I didn't hear anything for a couple of weeks and
by then I had stopped following those newsgroups.
I had forgotten all about this till now.
At least this is how I remember it...it was around first quarter 1998 I think.
Andy
You just want to start the client up as a specific user on bootup, right? That doesn't necessarily imply a login.
Probably what you want to do is stick something like su -c "rc5clientthingy --option blah" rc5user < /dev/null 2>&1 > /dev/null & in one of your init scripts. Bonus points if you set up a full-blown SYSV script for it (a la /etc/rc.d/init.d).
You probably want this to start in runlevel 2, 3 or 4, as those are the "network-enabled" ones. (if you're using standard runlevel configurations)
Berlin-- http://www.berlin-consortium.org
DNA just wants to be free...
Blah. So what? With local console access I could break into any x86 machine I've ever seen. Sometimes it taks a lot of effort, but if the machine is stolen and I have the time to open it I can get into it. No x86 box I've ever seen stores passwords anywhere other then CMOS, that is erasable via a jumper on the motherboard or removing the battery for a while. Even in the off chance it were FLASH, just call arround a bit. There are always chips available. Not to mention most Flashable BIOS units have a special key combo you can use to initialize the FLASH sequence, used in case you try to update your FLASH and it doesn't work right and kills your box. It just loads the flash image from floppy.
;) Of course the image name could be different, hit tab. ;) I believe there is even a key combo to get the lilo prompt if it's set to not show it.
As for getting into Linux, how do you boot? LILO probably, most people running Linux use it. At the prompt just type "linux single" sometime and see what it does.
Or I could just take out the HD and put another one in. Most systems are set to autodetect the HDs on bootup, and will change the config automaticly without needing BIOS config.
Of course, the point of this message is that nothing is secure if the attacker has physical access to it. Crackers have broken hardware security many times in the past, and probably will continue to. Most dongles are crackable, Playstation, DVD Region codes, Computers, Networks, and probably a ton of other stuff I haven't thought of.
You know, tracking computers after they've been stolen is really simple. You don't even need a internet connection. There are companies out there selling anti-cartheft chips that are basically minature transmitters. When the vehicle is stolen, you call up the company, and they activate the chip via a satellite downlink, and then it's a simple matter of tracking down the signal.
Similar technology could easily be implemented for computers without all the privacy hoopla surrounding software or the "UID" stuff intel would have you believe is really there for your own good.
--
The SB1200 doesn't store the MAC address. Even if it did, all you need to do is open your browser and click on this link, which will reset your modem to it's factory defaults. This is also useful when the modem periodically fouls up and garbles all your configuration information (usually resulting in a "serial port error" whenever you try to connect).
--
I've been wondering about how to get my rc5des client logged in automatically on bootup for a while, and this seemed like the perfect opportunity to ask.
I searched all the HOWTO's for similar information (how to log in a user on bootup) but evidently I did not find the information I needed.
My girlfriend often uses my laptop and can't be bothered to remember to switch to a virtual console and log in rc5. So how can I make rc5 login and begin work on bootup?
Security isn't *much* of an issue here, I've got a separate rc5 user, running in a restricted bash environment.
Any pointers to documentation? Or free clues?
Muchos Gracias!
Is anyone working on a secure JVM that would be used for generic CPU time / disk storage distributement? In a good future we'd be able to hire extra power in and out.
--
When I get a laptop with wireless connectivity, I'll have it register to work server regularly + on every boot.
I think, therefore thoughts exist. Ego is just an impression.
Several reasons:
.doc format without informing you, and without giving you a chance to opt out.
- You install distributed.net expressly to send stuff back. Distributed.net tells you explicitly that it is doing so.
- Distributed.net only sends things back that are related to its mission.
- You install Microsoft Office to do word processing, create spreadsheets or run a database. None of these missions require an ongoing information exchange with Microsoft.
- Microsoft includes this information in their
- Microsoft is a large company that many people distrust becuase of similar fiascos in the past. As a result, our comfort level with giving them information is likely to be lower than with distributed.
D
----
Some of the IBM laptops have passwords on the motherboard and hard drive that can't be erased. If you forget the password, IBM can't help you. The motherboard and/or hard drive must be replaced. This makes the laptop useless to a thief.
Mea navis aericumbens anguillis abundat
Not really. My experience in tracing people on the 'Net has shown me that most ISP's will hand over a lot of info without a warrant or any identification. As an example... Several months ago I had some script kiddie trying to bring down our companies web server by using a DOS attack. While the kid didn't have a chance in h*ll of actually crashing the server, it was annoying. So, I traced his IP, identified myself to to his ISP over the phone, and explained the problem. I was promptly given the users name, address, and telephone number. You shoulda heard his mom go off on him when I called :)
That's not a solitary incident either. I've requested this type of info, for legitimate reasons, several times in the past and I've never had an ISP tell me no. The closest thing I've ever had to "verification" was an ISP that asked for my telephone number, and called me back. Identifying people is easy if you know how to ask properly..
There is nothing so pathetic as seeing a beautiful young theory roughed up by a tough gang of facts.
I think most non-intel systems have power on passwords that are stored in PROM. These things don't need a battery to survive, and if you forget it you better hope you have a PROM programmer ready.
-matt
Hmm.. I'm thinking I should put rc5 back on my notebook
Time to implant the homing beacon.
-- dc.
It's just Crap.
When someone steals your cell phone, and then they answer the phone before the number is changed.
Anyway, this could be a good way to sell distributed.net to companies. I know big corps would trade their extra cpu cycles for the safety of their most expensive machines. Oh, well. Just a thought
geach
I can't believe how stupid these thieves were. Who in thier right mind would connect a stolen computer to a local net/the internet without first formating the HD? You have no idea what's on there. What type of viruses it has? What is shared? What programs it run?
With the way that most websites use cookies, I'm sure there are any number of websites that the thieves could have visited that would have been able to give the owners the same data. Then there are programs likes netscape which can send all your information back to netscape with every click of the mouse if your not careful.
Bottom line, they were very stupid thieves.
I wonder what OS these laptops where running? Must have been Win9x...
Quack
Which "them" is that? HNN, mindsec, d.net, Microsoft?
I'm running the dhid daemon (www.dhis.org) on my laptop, so that no matter where I connect to the 'net, I would have the same domain name. I guess it would work just as well if it were stolen from me.
i usually clean the windows before using them.
;-)
I remember reading about someone recovering his PC the same way coz the lamebrain who had bought it from the thieves just plugged it in, connected to the net and ICQ connected to ICQ server. The owner discovered his ICQ account was active, tracerouted back, and called the ISP.
Can anyone find a link to that story?
---
> Well, I think the only "reasonable" (ehrm) incentive to "fake" results :)
> is having a large keys/sec value, and if you have multiple id's, you
> won't have that
You guys are lacking imagination. If I were to hack the d.net
client, I'd keep the key rate the same. I'd just make sure that if
I found The Key, it'd tell me first, not distributed. Then I get
all the prize money and I can donate money to charities
that I think do more good than, say, ones de facto dedicated to
ensuring rich people don't have to pay for their software.
In other words, trusting your software not to send your hardware ID code is no different than trusting your software not to send a crytographically uniquie ID that was generated for your machine. Having a PIII doesn't make your machine any less (or more) private than having any other microprocessor-based machine.
The only valid issues I've ever seen raised about the PIII's ID code were concerns over some ill-conceived applications that did not properly consider security and/or privacy. However, such issues should be dealt with separately from the existance of the ID (which is not in and of itself a bad thing), since it is possible to do these same bad things without resorting to the use a microprocessor's ID code.
It really surprises me how much FUD is still floating about on this topic, most of which does not appear to have any basis in reality.
..wayne..
Thus, your comments on the easy foiling of software methods also applies to the sending of a hardware ID since it requires software to do the sending.
..wayne..
Hey, this is off-topic, but I'm just wondering it you still have a copy of that program you wrote (simple, or hard, it may be, but I can't program myself or I'd try)... I want it so I can do the same thing to people on my compy! (esp. since, if they get past LILO, that'll be a real shocker! ha!)
If you have it, email me at my address.. and thanks!
Insert mind here.
I'm unaware of ANYONE claiming the PIII ID broadcasts itself.
The three points I brought up still stand: what is the function of the ID? The ID can not be removed by the user (unlike so ftware ID methods) and CAN be activated without user concent. And finally, the ID was to be shipped activated by default.
I would argue that the two issues have a much closer relationship. The fact that this identification technology was being announced in the same breath of ill-conceived applications is very telling. The whole idea behind the ID was to provide those very types of services! Ill-conceived indeed.
Software identification concepts have also been tried. Cookies. Some users are accepting of them. Many are not - features to disable cookies went from third-party add-ons to rolled in features on major browsers. Once again, a software based technology is easy to foil once it is identified. The hard-coded ID number is impossible to remove.
I do agree on one point. The fear over the PIII ID was overly hyped. The media seemed to harp on it for an overly extended period of time. I'm sure the general populous ended up fearing the PIII ID without any real clear idea of WHY they should.
Hmmm. That's actually a good possibility. Though, I'm not sure how big of an issue that actually is.
Though, I'm of the opinion that the big problem for Intel is counterfeit chips; processors that have been remarked as higher speed chips. While they've put some hardware in place to make overclocking much more difficult - I think embedding a model number would have been better. Of course... this leads to the big "Is there really a difference between X MHz and Y MHz chips" question/conspiracy theory.
OK. I can see where you misunderstood my own understanding of the issue concerning how that ID can be used. And, indeed, a solely software based scheme could effectively do the same thing. And in both cases, it would require the interaction of a user to disable. But allow me to point out two distinctions between a hardware and software ID.
The ability to remove the ID is important. If I find a software ID and delete it - its gone. For that software to work again, it will have to generate another ID. It makes it harder to continue to identify me. With a hard-coded ID, once the identifying process is running again, I can be linked with the same identity as before.
A second point is how to set up the identification scheme. A software based scheme would require access to more resources. Not only will you have to get the person to execute the code, but you'll need to store that ID somewhere on the host machine. Of course, a minor point is also having to generate more complex (and larger) code to not only read the ID, but generate and store (possibly hide) the ID. With a hardware ID, its a simple matter of reading a register. I would suspect java-enabled marketing banners could do that with ease. Since there's no writing or control of additional resources, the code will be small and unlikely to attract notice... or leave evidence of its actions.
RC5: We know that there's an answer, and a probability theorist could even tell you how long it will take to find.
SETI: Even if you believe in E.T. (I don't), the particular data being examined by SETI seems of minimal real value in finding him.
GIMPS: We have every reason to believe that huge Mersenne primes exist beyond those already known, but we don't know. The only way to find them is by a brute force.
In this sense, I consider, the GIMPS project to be somewhat more serendipitous research -- more interesting. (Ok, "serendipitous" is the wrong word, since we are, in fact, looking for huge primes. But it's 3:45AM and I can't think of the right word.)
[By the way, there are only 38 known Mersenne primes and the most recently discovered is over 2 million digits long. If you like huge numbers, GIMPS is the project for you.]
"I have a good idea why it's hard to verify programs. They're usually wrong." --Manuel Blum, FOCS 94
Sorry that this is a little off topic, but I haven't seen anything on /. about rc5 in awhile and I have a question to ask.
Here goes...
What's the point of rc5? I can see d.net wanting to participate (because of the money and to test distributed computing), but why is the money being given away at all??
Everyone _knows_ that if you search long enough, you'll find the key. It's not a question of 'if' it's a question of 'when'... so what's the point?
*shrug*... Maybe I just don't understand.
So the distributed.net logs were able to give them the IP address of the most recent connection from that machine. Utterly useless. In order to find out more detils of the connection, didn't someone have to call the ISP and fax them a warrant?
This is a very useful feature; it allows me to have a Windoze machine at home to connect to my cable modem when I have a problem with MediaOne and they refuse to admit to the existence of other than Windoze and MacOS. At other times, my Linux machine, normally connected to the net, uses that Windoze box's MAC address, (the one that MediaOne associates with my connection), rather than the one programmed into its NIC. This means I don't have to swap NICs between the two machines to humor MediaOne.
You're confused. Why should MediaOne care how my machine sets its MAC address, so long as there's only one NIC connected to the cable modem? It's easier for them than to have them change their idea of my MAC address when, at their request,I switch from my normal machine to the Micro$oft machine and then change it back after the problem is debugged. It's easier for me than swapping the card between machines and totally equivalent from their viewpoint. The Micro$oft machine exists solely so I can plug it in in place of my real machine when I call MediaOne with a problem.
My e-mail address is petersonp@genrad.com. I have no reason to hide behind anonymous postings.
I ran RC5 until SETI came out. I am hooked on the poweruser competitions. Do people run both apps? Should I switch back? I figure the data churned by these apps are more usefull to society than the crap I churn out.
Hey, leave comments about my mother out of this!
So does this mean that if I have the SETI@home client installed, I'd be able to find my computer if it got abducted by aliens?
"P.C. phone home..."