Is it just xenophobic paranoia on my part or are others concerned that they are running code/programs/data from Chinese organisations... all of which are controlled by the Wonderful Chinese Government...
I can't see what would the PRC want with your computer that they couldn't do by themselves? :police:
I agree with Mike. :thumbsup:
I doubt the Chinese are hard pressed for technological equipment particularly when most of it is manufactured there now. biggrin
The media here really give China a bad rap. They ignore most good points and exaggerate the rare and bad. When I was there earlier this year I was shocked by how wealthy the people and communities were. Almost none of what I saw had ever been shown on television here.
In Anshan I saw my first Maybach (http://en.wikipedia.org/wiki/Maybach) (this colour and model click (http://en.wikipedia.org/wiki/File:Maybachs.JPG)), a two million dollar car. Distribution of wealth(1) seems to be very high too (something India desperately needs to learn).
I think the most striking feature for me was the twelve lane toll ways that criss-cross the entire country. I would have thought that that information would have been of interest to many Australians.
(1) Capitalist style distribution, not socialist. :wink
QuoteIs it just xenophobic paranoia on my part
YES!Do you have any facts to support such a claim?
:aus1:
Can you provide examples of "World Community Project code/programs/data" that is of Chinese origin?
Personally, I have a problem dealing with a government that deals with protesters by sending tanks to roll over them, and I won't deal with Chinese-owned businesses (like Repco) if I can avoid it. I'll buy Australian if I can - if only in the faint hope that by saving jobs here, I'll find myself something to do to earn money to pay ever-increasing taxes.
Quote from: Mysteron347 on September 15, 2009, 02:17:32 PMPersonally, I have a problem dealing with a government that deals with protesters by sending tanks to roll over them
It is unfortunate but almost every country has a history of human rights abuses, not least of which is our own.
I'm not too paranoid about most of this stuff but China is one of many (most?) countries that actively pursue national advantage over other countries or nation states. In this case I think it's about information and influence, not access to crunching power.
How many of us monitor our outbound network traffic, and could determine that a significant quantity of data is going to an unexpected IP address (in China, Korea, Somalia)? Could we be sure it's not related to BOINC? Does anyone do independent code reviews of each published BOINC project app? Does anyone running GenLife (for example, since info is lacking about what that project is achieving) also run host-based intrusion detection software that identifies suspicious file access patterns?
It must be an attractive idea that they could legitimately run an application on the computers of a million people around the world, computers which are potentially used in business/government or to access personal documents of individuals holding technical roles in business/government. It would give them an avenue to do lots - perhaps download a trojan app that silently uploaded every Office document to an anonymous server they control. Better yet it could upload a list of all interesting file names (that would be smaller when compressed & obfuscated) and then they could pick & request documents of interest. Or do keyword searches within those docs and across your LAN. It could copy and upload password stores. Or get enough information to improve odds of other social engineering or blackmail. China, Israel, Germany, India, Saudi Arabia, United States ... which government don't you trust completely?
So BOINC as an intelligence or cyber-warfare tool is an interesting thought experiment. Maybe I *am* a bit too paranoid about it after all.
Quote from: Dataman on September 15, 2009, 02:01:25 PM
Do you have any facts to support such a claim?
:aus1:
I didn't make any claim beyond the project running work from Chinese organisations.... Watch the Boinc screen saver and it will show you who and wat is being run...
Quote from: WikiWill on September 15, 2009, 04:43:09 PMBOINC as an intelligence or cyber-warfare tool is an interesting thought experiment. Maybe I *am* a bit too paranoid about it after all.
Your post encapsulates my point. We open our system to basically unknown and unvetted programs and data on the basis that it is for some "higher cause" so it "must be OK"
I am simply questioning this rationale... that's all.
Quote from: LoneWolf_53 on September 15, 2009, 01:38:12 PM
I agree with Mike. :thumbsup:
I doubt the Chinese are hard pressed for technological equipment particularly when most of it is manufactured there now. biggrin
It has NOTHING to do with MY PC.. nor access to technology per se. It is about the possible compromise of DATA contained on any system running Boinc.
Boinc is run by thousands of people. *IF* some malicious code were to be contained in a project it *could* therefore enable sensitive data to be stolen.
How do you restrict what Boinc projects/programs can and cant do on you systems?
Well I guess all I can say to that is it is each person's obligation to ensure that anything they have of value is protected and to take appropriate steps to do so.
Much as I believe in crunching I'd be the first to say that it isn't for every computer and certainly it wouldn't be wise for the department of defense to run DC projects.
That being said however anything that I have of importance most certainly doesn't reside on my computer for some potential hacker to help themselves to so if they are determined to get pictures of my dog, vehicle, or beach outing, then they are welcome to it. :jester:
I crunch because I believe in the concept and potential and at least this way I am in control over what I crunch and what resources I want to commit to it unlike charities where you hand over your hard earned cash and more often than not maybe ten cents on the dollar gets to where those who solicited the funds said it was going to go.
Most of the equipment I run would be running anyway so it's not as if it's costing much extra and we run risks being connected to the internet whether we are participating in a DC project or not.
If there's a particular project that you're leery of then don't run it and choose something else.
There's no shortage of options.
In response to your last post you take the same risks using any computer connected to the net exchanging information.
How do you know your MSN isn't snooping around where it shouldn't?
I'd be more wary of Microsoft than the Chinese. biggrin
Quote from: Latoof on September 15, 2009, 05:21:31 PMIt is about the possible compromise of DATA contained on any system running Boinc.
Boinc is run by thousands of people.
The logistics are the problem. Some sample arithmetic gives 2 million BOINC users times a 300GB hard disk each, is 600 Petabytes (I think) and DSD would have trouble working with that much data and that's their job. Given that many people have multiple computers and many are servers I would suggest that 600PB would be a light figure. Also, original data alone would not be worth that much without including changes and that would be a daily accumulation of say 10%. Meaning the original mass would be added again every ten days.
It just isn't feasible and what would anyone do with that information? Keeping e-mails and phone calls makes more sense, which is why DSD do it.
If there they pick up a key word they search through their data-warehouse of information looking for historical uses of the key words looking for original users. Like that Indian doctor and his cousins or the Tampa for that matter (they weren't supposed to do that because it was domestic spying which is supposed to be banned).
Quote from: LoneWolf_53 on September 15, 2009, 05:32:22 PM
I'd more wary of Microsoft than the Chinese. biggrin
I most heartily agree.
Quote from: miw on September 16, 2009, 06:16:21 PM
AND/OR (b) only crunch projects sponsored by big-name organisations that have a huge amount to lose if such a plot is discovered. Universities are probably fairly safe in this regard, but controls could be lax. WCG could be possibly the safest of the lot, because every application and even the BOINC releases they say are "OK" are vetted by IBM, who have a market capitalisation of about US$155B and really don't want to lose that.
Since the TMRL DRTG debacle, I do not crunch projects not sponsored by a recognised and respected research organisation. (at least I don't think I do. :-\ )
--Mark
My thoughts exactly.
Frankly I worry far more about the P2P utilities and Torrents used by the kids to obtain music when it comes to security and trojans.
Even with all the PC skills I have when there's music that interests me I go buy the CD but alas I can't stop the kids from using the likes of Limewire which I refuse to install on any of my own machines. :sneaky:
An article in Slashdot on this topic:
http://it.slashdot.org/story/09/09/16/1256249/Feds-Ask-IT-Execs-To-Throw-Away-Cellphones-After-Visiting-China?from=rss
QuoteUS intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'
In it's entirety the article appears to support my contention that if the US (or any other) government is so paranoid about security they'd best begin by looking at home before stressing over the Chinese.
Malicious code can originate anywhere so the best thing a body can do is stay the heck away from questionable sites, don't use P2P software, avoid Torrents, and run the best security software you can.
I figure anytime I'm connected to the net which is 24/7 I'm taking a risk so all I can do is take precautions, use common sense, and in so far as crunching goes I put most of my efforts toward WCG because it's backed by IBM and I can't see them being too willing to have their reputation sullied by some scandal.
It's no guarantee but it's a risk I'm prepared to take.
No different from life really when you think about it. I mean I can avoid global spots of unrest, stay in relatively calm Canada, and lock the doors when I go to bed at night but that doesn't make it a certainty that I'll wake up safe and sound in the morning.
Whose to say a piece of space junk can't fall on my head whilst I'm asleep? biggrin
I just take sensible precautions and don't fret about what might be.
Truth be told I'm more comfortable with BOINC WCG than I was with United Devices.
Quote from: LoneWolf_53 on September 17, 2009, 04:12:32 PM
Whose to say a piece of space junk can't fall on my head whilst I'm asleep? biggrin
Oooh that's tempting fate a bit too much for my liking biggrin