Message boards : Number crunching : Count Computer : The LHC CERN Game
Message board moderation

To post messages, you must log in.

AuthorMessage
Greger

Send message
Joined: 9 Jan 15
Posts: 151
Credit: 431,596,822
RAC: 0
Message 42041 - Posted: 4 Apr 2020, 20:07:56 UTC - in response to Message 42040.  

What is the is point in increase of host? Probably that new host got increased due to new batch of work to sixtrack. What type of game do you refer to.

If like to share install package I suggest to link to main site or github and avoid creating mirror or copy sites of project for stats install package and scripts.
These script hold unneeded package and i would prefer direct source from cernvm.cern.ch or lhc them self.

I get it you would like to marketing and promote your site but it starting to get spamming and more annoying then help users.

Please stop links that related to helix, RS, Gdrive or any script to hpc or unwanted packages.
ID: 42041 · Report as offensive     Reply Quote
computezrmle
Volunteer moderator
Volunteer developer
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 15 Jun 08
Posts: 2386
Credit: 222,994,413
RAC: 136,379
Message 42044 - Posted: 4 Apr 2020, 22:36:35 UTC

I agree with Gunde.

It appears to be not very trustworthy to post links to outdated software that is not even hosted on the original source.

In addition there is no further explanation, just a couple of keywords like:
- Linux
- Docker
- Improve the internet

It looks like they should make a user curious enough to follow the links.
I doubt it would be a good idea to run any software or script behind the links.
ID: 42044 · Report as offensive     Reply Quote
Richie_unstable

Send message
Joined: 26 Oct 18
Posts: 90
Credit: 4,188,598
RAC: 0
Message 42046 - Posted: 4 Apr 2020, 23:22:59 UTC

I agree with Gunde. I don't see why this QE endlessly keeps posting helix links on this site (and on some other sites). Many times it looks like a garbled collections of links to helix etc. and the idea of the message is difficult to follow. Maybe that is one style of advertising but feels like spamming already.
ID: 42046 · Report as offensive     Reply Quote
Greger

Send message
Joined: 9 Jan 15
Posts: 151
Credit: 431,596,822
RAC: 0
Message 42048 - Posted: 5 Apr 2020, 0:29:36 UTC - in response to Message 42045.  
Last modified: 5 Apr 2020, 0:46:06 UTC

HPC and data center that would setup put up system would use directly from source in build or what site cern.ch put out. They have a strict policy to follow to ensure nothing unknown could get in or open up against there system them or data that would use.

There is weakness to make mirrors of site or hand out script to users and this in level of these posted in forum on several post frequently. It would set users in risk and also the one that setup this. It mat not be an malicious on this but could be abuse on on MIT attack between both part. These are from untrusted sources of single owner not in part project itself and script that posted is hand out with packages that is not needed and specified on guide from cern.sh homepage and HPC have there on section for this.

is.gs redirect to a Gdrive for .sh . They would not allow any datacenter to get any .sh for install from external script and this script have several packages as pollinate, haveged and links to untrusted source https://entropy.n-helix.com.com. How secure are this SSL and to domain and security to Google cloud. Is it maintained enough and backed up.
This is not included for setup for SL and Cent OS posted from your end and never suggested from Cern documents https://cvmfs.readthedocs.io/en/stable/index.html

Helix and RS could be great blog on topic to post great info for HPC but mirror project site or hand out script or commands could give false safety for users that put trust on external sources.
If you would like to be a part to support directly to cern i suggest to get direct contact and share resources and follow the guidelines and policy for network they provide to cache sites or mirror files.

It is for all users, project and external supporters interest to get correct info and code. Cern have a great network inside and backed up with many proxy servers that have cloudflare and frontier.cern.ch.

For Boinc there is mainsite and github for users get packages or use trusted package providers.
ID: 42048 · Report as offensive     Reply Quote
maeax

Send message
Joined: 2 May 07
Posts: 2071
Credit: 156,179,500
RAC: 105,414
Message 42050 - Posted: 5 Apr 2020, 5:48:37 UTC

Quantum are you a member of Cern?
I ask it, because Laurence is your friend on your LHC-page.
ID: 42050 · Report as offensive     Reply Quote
computezrmle
Volunteer moderator
Volunteer developer
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 15 Jun 08
Posts: 2386
Credit: 222,994,413
RAC: 136,379
Message 42131 - Posted: 11 Apr 2020, 17:52:03 UTC

General hints regarding external downloads

Software that is required for LHC@home apps should be downloaded only from the original sources.

BOINC
https://boinc.berkeley.edu/
https://boinc.berkeley.edu/download.php
https://boinc.berkeley.edu/download_all.php


VirtualBox
https://www.virtualbox.org/
https://www.virtualbox.org/wiki/Downloads


Linux users may also check if a package is already provided by their distribution.


Other sources are not checked by the project team and should therefore be treated as unreliable.
ID: 42131 · Report as offensive     Reply Quote
maeax

Send message
Joined: 2 May 07
Posts: 2071
Credit: 156,179,500
RAC: 105,414
Message 42134 - Posted: 11 Apr 2020, 19:44:36 UTC - in response to Message 42133.  

The LHC CERN Game?
QE, please stop your thread!
ID: 42134 · Report as offensive     Reply Quote
maeax

Send message
Joined: 2 May 07
Posts: 2071
Credit: 156,179,500
RAC: 105,414
Message 42135 - Posted: 11 Apr 2020, 22:18:17 UTC

QE,
is this your goal?
https://gpl-hpc.n-helix.com/projects
This is NOT Cern like.
ID: 42135 · Report as offensive     Reply Quote
computezrmle
Volunteer moderator
Volunteer developer
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 15 Jun 08
Posts: 2386
Credit: 222,994,413
RAC: 136,379
Message 42139 - Posted: 12 Apr 2020, 9:08:30 UTC - in response to Message 42133.  

The n-helix.com setup represents a typical untrusted man-in-the-middle situation.


Man-in-the-middle setups can be found throughout the internet, e.g if a redirection is made or a proxy is used.

Case 1
LAN: [[ (browser on a local computer) <--> (local proxy: trusted) ]] <--> WAN: [[ (abc.cern.ch) ]]
The local proxy represents a man-in-the-middle but since it is under control of the LAN administrator it can be trusted.

Case 2
LAN: [[ (browser on a local computer) ]] <--> WAN: [[ (xyz.openhtc.io: trusted) <--> (abc.cern.ch) ]]
The openhtc.io domain is hosted by Cloudflare but under control of the CERN/Fermilab administrator group.
Hence it can be trusted.

Case 3
LAN: [[ (browser on a local computer) <--> (local proxy: trusted) ]] <--> WAN: [[ (xyz.openhtc.io: trusted) <--> (abc.cern.ch) ]]
Case 1 and case 2 can be combined and remain trusted.
This means the browser on the local computer will always show pages from abc.cern.ch.

Case 4
LAN: [[ (browser on a local computer) ]] <--> WAN: [[ (xwz.n-helix.com: untrusted) ]] <--> WAN: [[ ((abc.cern.ch) ]]
This represents a huge security hole!
The original intentions of the xwz.n-helix.com admin don't matter since at any time the connection chain can be modified - either intentionally or accidentally - to:
LAN: [[ (browser on a local computer) ]] <--> WAN: [[ (xwz.n-helix.com: untrusted) ]] <--> WAN: [[ ((any.arbitrary.address) ]]
Whenever this happens the browser on the local computer will not even be aware of the change and neither the LAN administrator nor the CERN/Fermilab administrator group can restore the original setting!



Conclusion
As already mentioned any software should only be downloaded via trusted connection chains.
Best practice: download it directly from original sources.
ID: 42139 · Report as offensive     Reply Quote
Sabrina Tarson

Send message
Joined: 6 Jun 19
Posts: 1
Credit: 935,923
RAC: 0
Message 42152 - Posted: 13 Apr 2020, 1:24:39 UTC

I'm confused why these links haven't just been removed? I've seen two moderator posts warning people not to download anything from these links, and that they are untrustworthy, so why are they still here? The user who keeps posting them has done nothing to explain what the links are for or why they are posting them.
ID: 42152 · Report as offensive     Reply Quote
Richie_unstable

Send message
Joined: 26 Oct 18
Posts: 90
Credit: 4,188,598
RAC: 0
Message 42154 - Posted: 13 Apr 2020, 2:09:14 UTC

"for speed & server offload". That must be an important factor. Users are downloading an installer with file size less than 10MB. I can imagine there could be even two downloads happening at the same time sometimes if a random canadian and indian got the same idea at a given moment. The official Boinc source server could be struggling under that load. Help it might need.
ID: 42154 · Report as offensive     Reply Quote

Message boards : Number crunching : Count Computer : The LHC CERN Game


©2024 CERN