:: 28-Jul-1999 21:23 (Wednesday) ::

Lots of tiny things on stats over the past few days. I’m sure you’ve
noticed by now the new “odds to find key” on everybody’s psummary
and tmsummary pages. Started out as a quick little hack, but turned out
to be fairly involved because I also took the opportunity to add some
new fields to the daily_blocks table.

Previously I had a simple cache table that stored date,blocks to make
Daa’s daily_totals_raw.php3 query run nice and fast. (used to generate
the keyrate graphs). I added a bunch of fields to the table to track
the #1 ranked team and participant for each day as well. This way
we’ll be able to track how many blocks it took to be in the #1 spot
from any given point in the project. Plus it adds a new element to
the #1 spot — how many consecutive days you can hold the position.

I still haven’t worked up the script that’s going to need to run to
populate the historical data, I suspect that’ll be a time-consuming run.
Data from 27-Jul on will be in there, though, obviously.

tally also has a nice, fresh kernel installed, and I toyed around with
memory allocation for sybase a bit today too.

Non-stats-related, I received word from the dWear (distributed.net
merchandise) vendor that they’d found a firm that thinks they can do a
better job on the distributed.net t-shirts. black instead of white, and
a much higher-quality transfer technology. I may have samples as soon
as this friday to review.

:: 28-Jul-1999 05:27 (Wednesday) ::

In case any of you are wondering, stats aren’t down, the box is just
unreachable. This is a problem affecting that entire Verio site, so there’s
not much we can do about it except wait for them to fix things on their end.
Sorry for the inconvenience.

:: 27-Jul-1999 12:20 (Tuesday) ::

Whups — when the server died during last night’s update, it was in the
middle of performing the team ranking (overall). I didn’t properly
accommodate for the state of the cache tables, and it caused a hiccup when
calculating the rank change offsets for the overall team rankings in
today’s stats.

There are no cute, little, green and red arrows for today on the overall
team rankings pages. Sorry about that. It’ll return to normal in
tonight’s run.

:: 27-Jul-1999 06:54 (Tuesday) ::

Stats are back online. Thanks for your patience.

:: 27-Jul-1999 04:47 (Tuesday) ::

Before everyone starts emailing us, the stats-box is down right now. We’re
working on it, and is should be back up soon. The stats-run will finish a
little late tonight.

Sorry for the inconvenience.

:: 26-Jul-1999 17:56 (Monday) ::

Well one quick update.

rc5des-win32-x86-cli.zip v2.7112.444b

The win32 client was updated to properly fix the screen saver
multiplexor. The screen saver multiplexor now properly works.

Beginning with 2.7112.444, the client distribution (ie .zip) includes
a screen saver multiplexor that will launch the client in the
background and another screen saver of your choice in the
foreground. When deactivated, the multiplexor will stop the
client. The screen saver is tagged as a Windows 4.0 module, ie for
Windows95 /WindowsNT 4.0 or greater, since Win40’s Screen Saver
preview mode only works with 4.0 executables. To run it under
WindowsNT 3.x read readme.txt in the client distribution for
information.

enjoy!

:: 26-Jul-1999 06:12 (Monday) ::

Ok well if you haven’t noticed by now, several clients have been
updated. sorry for the delay at announcing.

rc5des-win32-x86-cli.zip v2.7112.444
rc5des-dos-x86-cli.zip v2.7112.444
rc5des-freebsd-x86-elf.tar.gz freebsd 3 & 4 v2.7112.444
rc5des-irix-mips.tar.gz v2.7112.444
rc5des-linux-arm-aout-cli.tar.gz v2.7112.444
rc5des-linux-netbsd1.3-arm-cli.tar.gz v2.7112.444
rc5des-solaris25-sparc-nonultra-mt.tar.gz v2.7112.444
rc5des-solaris25-sparc-nonultra-nomt.tar.gz v2.7112.444
rc5des-win16-x86-cli.zip v2.7112.444

enjoy!

:: 24-Jul-1999 18:01 (Saturday) ::

Abuses, both big and small…

I apologize to everyone who has been receiving their password every day
at 13:00. Someone at 216.13.75.98 has been running a webcrawling robot
that doesn’t honor the robots.txt file.
“Mozilla/4.0 (compatible; BorderManager 3.0)”, whatever that thing is.

I’ve blocked the IP, so it should stop happening.

The more important issue is that It’s clear that I need to make a statement
regarding the Russian block vandal. Here’s the situation:

Last week, a user (rc5whs@chat.ru) started turning out some unbelievable
key rates. Literally overnight he began turning in keys at a rate of
several gigakeys a second. As we usually do when situations like this occur,
we contacted the user via email and tried to get a feel for his position.
At his point we were pretty sure we were dealing with a hacked client, but
until we knew the person’s disposition we weren’t sure quite how to react.

For a bit of historical background, this is hardly the first time that
someone has hacked a client to bypass the keytesting routine. Compromising
the client in this manner is not simple, but neither is it overly difficult.
We’ve relied primarily on the fact that most people with the skills required
to vandalize the project in this way are not vandals. When this has
happened, the key has always been to ascertain exactly what the person’s
motivation is. Many of you may recall the czcrack user from last year who
did the exact same thing that our Russian friend has done. With that
person, as soon as their stats disappeared, they did too. Another less-
publicized event happened recently when a well-known cracking group
threatened to release a cracked client as leverage to force us to adopt
their opensource philosophies. After much discussion, we all realized that
their position was a bit unfair unless they were prepared to explain how
that could be done without compromising the integrity of the project in
the exact same manner as their releasing a broken client would do.

In discussing the situation with the Russian vandal, he stated that his
goals for using a broken client were to prove to us that it was possible
to do so. Apparently unaware of previous situations of this nature, he
felt it important to stress that he feels our security is insufficient.
On IRC he stated that he plans on publishing a manifesto stating such on
his web page. If he does, I’ll put the url here in my .plan for those
who are interested.

All the blocks done by the vandal have been cleared from the keytables
on the keymaster, and his stats (the entire team, in fact) have been
pulled offline. As we have in the past, distributed.net has already
moved on. Turning in blocks that haven’t been checked is detectable by
our servers. While such activity, even on this scale, is disruptive
it does not compromise the integrity of the project.

I’d like to especially thank Maxxim Kochegarov for his assistance in
formulating a theory on the identity of the vandal. You can read his
thoughts at http://rc5.aha.ru/english/rc5whs-1.shtml

In the end, some good has come out of this situation. It’s prompted
our coders to start seriously considering what measures we can implement
which will allow us to respond to such situations in a more timely
and decisive manner. Already there are a number of “solutions” being
discussed which would allow for earlier detection and (most importantly)
better quantification of the scope of these events. I suppose we’re
simply beyond the point where we can rely on people’s good judgment
when it comes to vandalizing the project.

Sorry for the length and relative unreadability of this update. I hope
to clean it up some before I post it to the mailing list. I’m several
days late in getting the information posted, and couldn’t justify waiting
until I had sufficient time to write something better.

A few minor details:

o I wiped out the whole team, and all six or seven members. I suppose
it’s possible that some of those people are innocent of any wrongdoing.
I’ll be looking into that matter this week trying to determine if the
team should be re-instated. While we’re only aware of the wrong-doing
of the maxx@rc5.aha.ru member, I do find it unsettling that we received
no emails from any of the other members during his activity, and only
heard from them after the team had been removed.

o Yes, I know I’ve been impossibly vague on the technical details of both
the detection and the proposed improvements to the clients and servers.
This is for two reasons: one, there’s not enough space here to cover the
subject appropriately, and two, it would be better for the coders and
designers to discuss those issues as they’re more technically qualified
to do so. The plan is to move that discussion to the list for a full
treatment.

o The project has not been compromised by this event, nor any of the
other events of this nature. While this is uncomfortable and
inconvenient, it is hardly terminal.

Thanks, as always, for your patience and understanding.

:: 22-Jul-1999 02:04 (Thursday) ::

Here’s to keep you updated on what I’ve been up to lately. I have been pretty
busy getting translated versions of the web site up online for our non English-
speaking users. Our team of translators has been stunningly efficient in
translating pages in many different languages, including Russian, French,
Dutch, German, and more to come, such as Danish, Italian, Spanish
and Portuguese. Many thanks go to them.

At first, the way things were handled is that users’ browser language
preferences were taken into account to serve them the ‘most suitable’ version
of the web site. It soon enough proved to not be a very effective way of
offering multilingual pages. That’s why as of yesterday, the translated pages
are only accessible via the links that are present at the top of each page.
Everything should now default back to English in any case.

Sorry about the temporary inconvenience that some of you may have experienced
over the past two weeks. Thanks.

:: 21-Jul-1999 18:03 (Wednesday) ::

I’ve somehow managed to cobble together some RISC OS tools, done a
bit of source code fiddling, and come up with an ARM-only RISC OS release-2.7112.444 client.

I’ll have a go at getting the x86 stuff back in soon, and then maybe look in to sorting out the task-switching problems.