BOINC used as a Trojan…

From this article:
http://www.heise-security.co.uk/news/85807/from/rss09

What the heck, it is bad enough I have to allocate as many resources as I have to avoid being inundated with spam in both email (6000+ a month) and blog (2500+ a month), but now something I’ve helped to build is being abused.

I guess the criminal element of the world just is not content with crapping in their yard, they have to crap in everyone else’s too, even when there isn’t any money involved.

I had heard about this early last week, Carl came up with a clever solution for CPDN. Hopefully this won’t be all that common.

—– Rom

BOINC Q&A — 23/02/07

What are you most chuffed about getting fixed/working/added?

 To be honest most of my contribution to this release has been in the manager role, most of the code changes were from David and 3rd party contributors.

I guess the thing I’m most jazzed about in the release of this new client that I pushed for would be the CPU feature detection stuff the community has been wanting for a long time. Along with that the client makes an attempt to detect which video card the machine is using.

It has been a ‘chicken and the egg’ problem, it wasn’t something any of the projects were specifically looking for and therefore kept being dropped from the list. Of course the major problem with that is we didn’t have any firm numbers on what percentage of the base of machines could handle the more advanced instruction sets.

Now that the information is part of the host record, I’m hoping the stat sites can build some fancy graphics and charts which might encourage one or more of the projects to create a client with specialized instruction sets.

We’ll need to improve the server-side scheduler to handle scheduling specialized clients, but in the end I think it’ll benefit everyone. Undoubtedly this is going to cause some angst amongst those who are only in it for the credits, as the credit granting gap between a stock client and an optimized client is going to shrink further.

How is boinc going to get around the problem on Windows VISTA where you are not suppose to (and often cannot) write to the ‘program files’ directory?

We’ll be breaking apart the data from the executables using the SHGetFolderPath API. Although we’ll need to put a possible override registry value for those who want to store the data on a different drive.

Right now I’ve been brainstorming on the various upgrade scenario’s. ( XP to Vista and  32-bit to 64-bit )

It is a messy problem.

To submit questions for next week just click on the comments link below and submit your question.

Thanks in advance.

—– Rom

%d bloggers like this: