:|ot|:
At work I have three computers and was using the spare time on two for this project, mostly overnight. A MIS guy comes up and tells me that the FBI arrested and jailed a professor because he was participating in a (similar) distribution project. He was arrested on some charge such as running unauthorized software.

Anyone here anything like this? Any thoughts on using spare computer time for a worthwhile project on company time? Heck, this isn't keeping me from my work but:scared: :scared: the FBI arresting a professor? Sure sounds like :bs:

I haven't heard of anything so strict - I have however heard of it being called "illegal" to run on a university-owned machine, just because it's using public resources (school bandwidth) for unapproved purposes. But the FBI? I don't believe that. Then again, who knows these days...:rolleyes:

I believe the full story was that the state authorities (not the FBI) charged a former network administrator with 7 counts of computer trespass and 1 count of computer theft because he installed the Distributed.net client on 7 computers at a tiny technical college in Georgia.

The case never went to court--McOwen plea bargained the charges down to probation and a stiff fine. The moral of the story still remains though: don't install distributed computing clients on hardware you don't own without some very specific permissions in writing from the IT director and/or your boss (or boss' boss or the Head Boss; you get the picture :) ) and there is no monetary benefit from running these programs.

McOwen made a threefold mistake: 1) He got caught. 2) He didn't get permission. And 3) he installed distributed computation clients from a program that offered a monetary prize ($1000). All he would have gotten was a slap on the wrist and a simple pink slip if he had installed something like, say, the Seti@Home client on those machines instead.

Was that MIS guy trying to scare you? Or was it more of a "hey it's cool you have those clients running on these computers, but be warned..." kind of message? If it's the former, I would definitely take those clients off machines you don't personally own ASAP!

-Tex

For your reference, a couple articles on David McOwen's story follows:

ArsTechnica (http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=174096756&m=1740970353)

FreeMcOwen.com (http://www.freemcowen.com/) (Turn off cookies and disable popup windows if possible first)

Wired Magazine (http://www.wired.com/news/technology/0,1282,49961,00.html)

From the License Agreement page at SETI@home:

"You may use this software on a computer system only if you own the system or have the permission of the owner. You may not alter the software or associated data files. You may only use unmodified versions of SETI@home obtained through authorized distributers to connect the SETI@home server. Use of modified versions of SETI@home or other software to connect to the SETI@home server is prohibited. Distribution of this software is prohibited."

Take it to heart.

Don't run a DC project on computers you don't own, unless you've got permission from the owners (the company you work for).

It's that simple. You could loose your work and it's just not worth it.

Halon50, Thanks for the info. There's nothing better than having actual facts when people start throwing around FBI and arrests talk. Do I think he was trying to scare me? Either that or a wayward attempt to impress on me his 'knowledge'.

Paratima and Pontwood, sensible advice - to get permission before installing software. Problem is over the past years, I've *had* to perform independently, working in a rather technophobic place. (Not to mention that it's not what you do but who you are - I've seen every rule broken into bits!)

The thing is, if I didn't make independent decisions, we wouldn't have a web site much less a 400 page interactive web site that *does* benefit the public. BTW, a joke here is that no one supervises me cuz no one understands what I do.

But point taken. I will uninstall the software.:cry: :cry:

Thanks everyone.

Caitlin

This may not be an option, but if noone really knows what you are doing anyway you might consider just making an announcement that you have installed the client. If you email any "interested parties" exactly what you have done, then it creates a "speak now or forever hold your peace" opportunity.

Cat_odair,

Yes, uninstall it, but then simply ask if you can install it ... though don't tell them you had already done so before on their computers. I have a friend that did just that after I "slightly" impressed upon him the importance of respecting other people's property and the risk he was running of losing his job over it. The only downside is that the computers are now under his company's name and not his. However, he's just jazzed that they're willing to help science in this way and after a month was given approval to go around and install it on other net-connected computers.

Sadly, the opposite of you is a still-current (as far as I know) volunteer of Folding@Home that blatantly says he knows what he's doing is illegal and doesn't care. More than once a group of us tried to make him see how what he was doing was wrong. He however said the only reason he took his job was to have access to the company's computer farm to run the F@H client on. The company doesn't know he's running the dc project on their computers as he works the night shift, starts them up at the beginning of his shift, and the shuts them down and hides the clients before people show up the next day. He repeats this each night he works. The even sadder thing was the response from the F@H people. They basically publicly said they had no control over thus things and did nothing ... even though this cruncher has publicly said he knows he breaking the law and won't stop. Oh well. If it goes bad (the guy gets caught, fired, and publicly charged with the crime and F@H's name is dragged through the mud with him), F@H only has themselves to blame. Unfortunately, they'll also drag through the mud distributed computing in general and make companies and universities less and less likely to let a dc project onto their idle computers. :( Even worse, they may cause some companies and universities to go on a sort of witch hunt for possible culprits ... even those that only use it on the computer assigned to them at work.

Now when you go and ask, you'll need to have some ready answers for the common objections for letting a dc project run on company computers. Expect resistance and already be wearing your diplomat hat when you go and talk to them.

The biggest concern that I've heard companies and universities have about dc projects running on their computers is security. They fear someone will use the dc project as some sort of trojan horse to get into their files and/or sabotage/crash their computers. When you go and ask if you can run this dc project on some company's or organization's computers, expect this to be the first question out of their mouths. In F@H's case, I remember the F@H people and their savvy crunchers explaining how that dc project couldn't be used that way. Hmmm. Something about how it doesn't really interact with the rest of the computer and has no capacity for a trojan to make it do so. Something along those lines. If that and/or some other reason(s) can be said for DF about how it also cannot be used by hackers to break into company computers can be given by our computer-savvy people ... HOWARD, STARDRAGON, DYYRYATH, AEGION, SCOOFY12, JKEATING, JODIE, etc., I'm referring to you guys and gals :) ... perhaps you can use that hopefully short, concise, layman answer to alleviate that concern ... though you'll probably also need a very technobabble reason for your sys and net admins. You'll need to address also the auto-update function of DF (F@H last I heard still doesn't have it) and hopefully how it cannot be used to replace DF with a hacker program.

The second objection seems to be cost. There is one, but it is very small. However, having a good ballpark answer means you've thought of this and can prove it is very small. The cost is not only the extra electricity used by the computers to run at 100% capacity all the time but also the additional air conditioning that will be needed and cost of manpower to install and keep the clients running (DF's auto-updater should help on this point). Again, perhaps our computer savvy people here can give you a simple number that you can multiply by the number of computers you'll be asking to run this dc project on.

The third concern seems to be how it will affect work production at the company or organization. If you're going to advocate installing the text client, you'll need to explain how the "idle status" (lowest work priority setting) makes it yield CPU power to other programs as they demand it ... though, to be honest, I can tell how my computer performance is slowed by having DF running while I do other stuff and thus shut it down when I need top CPU performance (a.k.a. play computer games :D ). Besides, of course, simply running the screensaver version, another option was brought up by someone on the F@H forum about using the computer's task scheduler to simply bring up the text client after work hours and even somehow using it to shut it down again before work hours. I think someone even told how when it is Friday the scheduler will just let it run over the weekend without shutting it down during the daytime on the weekend. But, again, I forget how that can be done ... or at least the shutting down part. Any computer-savvy crunchers know how to make the task scheduler do this? Then again, I'd just advocate installing the screensaver client if computer performance interference is a concern.

The fourth concern is size of the client program and how much memory it will be using if it does benchmark storage to counter work unit loss due to power outages and such as well as how often the program will be connecting to the net and how much bandwidth that will eat up. Sorry, I don't know the answers to these questions either. Computer-savvy people, front and center please!

Those are the big four concerns. There will likely be others. Perhaps others here can make you aware of those as well and how to effectively address those concerns. You having an answer before they ask will simply improve your chances and make you look good in the bargain.

Now if your company or organization has a PR individual or department, you might like to seek out their endorsement first. Telling them how helping this dc project will give the company/organization a good name, make its employees feel good about being part of a "good citizen" company/organization (make it clear you'll be the biggest one jazzed by them doing so and how it will make you one happy employee of theirs), and even being good fodder for a press release to at least the local media. If you can get them to sign onto the idea, that might help you win the day. The PR director might even take the lead and go right to the top and ask your company's president or university's chancellor to make this an executive decision. You can even suggest such to them. ;) Always feed your PR people your spin so it becomes theirs. *laugh*

Now if you're at an educational institution, go to the computer science and/or biology department and get their chairs to also endorse this project. Them saying: "Yup, this has some scientific merit." will carry a lot of weight ... but don't be surprised that they also express the above concerns. However, winning them over to your side will only help your case. I'd even go to them before the PR people so the PR people have their assurance that this is a good project for science.

COLLEGE STUDENTS!!!! You can do the above for your institutions as well. Go talk to your CS and biology professors and get them behind DF then go and talk to your institution's PR person/department. With the stroke of a pen, your chancellor could enroll all the unclassified net-connected computers on your campus into this project and that would really give this project a HUGE boost. And if the powers-that-be resist and your college allows student referendums (mine did), collect the signatures and put it on the ballot of the next student election. Better yet, collect those signatures and make them part of the sales pitch to the CS/biology professors, PR department, and college administration! Just set up a little cardtable in your student center, print off a petition, put them on clipboards, and start asking fellow students to sign it. A catchy little banner over your set-up could pre-sell your petition to them. Something along the lines of: "Idle computers = waste! Sign a petition to get our idle campus computers helping to advance science!" That should do the trick. That and free beer and attractive female signature-getters in thong bikinis. *laugh* Just kidding. Just kidding. Though if you could swing it...... *laugh*

DISTRIBUTED FOLDING: Hiring someone to go around to colleges and do what I suggest above for the college students to do (minus the free beer and cheesecake) should yield you GREAT results. Someone that has all the answers down pat and has a silver tongue would get one university after another to enroll their computers into your project. I'd hire such a person and then send out an email to all volunteers asking those working for and/or attending colleges to get in contact with her/him and the two of them work together to get their institution enrolled into DF. In addition to this, the person would also naturally do cold-call sales pitches to universities ... as well as to corporations and non-profit organizations. These best done in person. It would thus need to be a traveling salesperson job, but it would do wonders for your DF project. Oh, and I even know an experienced marketing consultant that would be interested in such a job. ;)

Scott,

In response to your somewhat long-winded but topical diatribe,

1) Security has been mentioned before but you can never mention it enough, SO, as you might suspect, the only real potential "security hole" so to speak is in the auto-update. This is why we do not make it automatically accepted by default, and this is why it is digitally signed (thanks to a little nudging from Intel) to verify that it comes directly from me (this uses an encryption key that only I have, so no one else can digitally sign it the same way). Of course, you still have to trust me.. :D The client does NOT download work of any kind from our server as most of you have figured out by now, so there's no possible trojan entry point there. I would hesitate to say the software is extremely secure, even on Windows :p

3) I do everything, including play games, with the client running as a service in the background and you cannot even notice it is running, IMHO. As long as you have 128MB or more of RAM it should not be noticeable - all modern OSes handle task priorities quite well and will move aside low priority tasks when something more important is running.

4) this is answered in the README file

Last, re: hiring someone, let me remind you Scott (again) we are a University research lab, not an organization. Our funding for this project is $0. What you see is what you get. We have no money to pay salaries let alone for people to travel across the USA and Canada on a Distributed Folding Tour (not that I wouldn't do it myself if someone else were picking up the tab :p ).
We have had to make do with the hardware and staff that we have at present, and I don't think we've done too badly considering, but unless we happen to find some large company who wants to pump cash into our effort, we'll just have to leave the PR to us and our hospital PR staff. And all you wonderful users of course.

Originally posted by Brian the Fist
I would hesitate to say the software is extremely secure, even on Windows :p

Don't you mean especially on Windows? Or you mean you wouldn't hesitate to say? or what? :confused: :D

HOWARD: In response to your somewhat long-winded but topical diatribe,

Sorry you feel what I wrote was a bitter or violent criticism or attack. I didn't write it with that in mind nor when reading it over again, can I see that it was such ... especially towards DF. It was written with the aim of giving a warning example of how not to conduct yourself as a cruncher (using someone else's computers without their permission) and then how to properly and successfully get permission and enroll one's company and/or college into this project.

HOWARD: Last, re: hiring someone, let me remind you Scott (again) we are a University research lab, not an organization. Our funding for this project is $0.

Odd. I've read over the correspondence that we have exchanged and could not find anywhere where you said you had zero funds. If I had known this, my suggestions would have been different. So this dc project is just a hobby of yours? Something you do in your spare time? Amazing. Quite an achievement this then is. :)

HOWARD: What you see is what you get. We have no money to pay salaries let alone for people to travel across the USA and Canada on a Distributed Folding Tour (not that I wouldn't do it myself if someone else were picking up the tab :p ).
We have had to make do with the hardware and staff that we have at present, and I don't think we've done too badly considering, but unless we happen to find some large company who wants to pump cash into our effort, we'll just have to leave the PR to us and our hospital PR staff. And all you wonderful users of course.

That might be where you might like to first look for funds. Seriously. Your volunteers are active and involved. A marketer would view them as prime candidates for a donation solicitation campaign. If truly strapped for cash, you could even do a fair one by way of email. All you need to do is set up a tax-exempt non-profit that they can donate to which would help promote this dc project to others so to get them to also become crunchers. Just make sure its charter is public so people know how it will manage the donations it receives and what its goals will be. Not everyone will donate, of course, but you might be surprised how many will. And from those meager funds, you can work to build this booster club. Postcard campaigns are surprisingly effective and cheap. All you need is a good mailing list (nicely picked target market), a good short pitch, and you're off and running. The pleasantly surprising thing is that those brought in by such an ad campaign are very likely to fund that same ad campaign to bring in still more. All you need is the initial small snowball to get it rolling. Once funds reach a certain level, you can then go after corporate sponsors. I could go in more detail, but I'd sure you get the idea and I'd hate to be accused of being long-winded again. ;)

After some thought I decided to continue protein folding.

My open cubicle is directly outside the supervisor's area. I work 4/10 including weekends, leaving my station free to maurauders :haddock: three weekdays. It's why I had to password protect both computers cuz people sit at my station waiting on the BigDude and fiddle/crash/break whatever is around.

The DF program is mainly used nights and my days off. To prevent dufus/dufi from interfering, whenever I left - from the first day - I put a large sign on the monitor (Linux/Windows are connectng through switch) indicating the nature of the project and that it would have little if any negative impact on the agency and had positive potential in terms of nation's health, etc. which is true. Oh, this place is 7/24 - electricity and a/c always on.

I disconnect both the modem on Linux and the network connection on Windows. No hacker problem. When I return, I rc and upload manually. I did monitor the impact of this program on Linux and it seemed to take up little energy.

<linux perspective>
I've been impressed by both the security and the ease of using this program - a kid in nursery school could probably use it. :p
</linux perspective>

We have a HUGE book of SOP governing everything. As to the web, I believe there is some regulation on using personal e-mail (random thought - no regulation prohibits using phone for personal calls - constitutional?)

Of course, you are not supposed to ever play games (I don't although others do. I admit there's a Linux hacker program that's very tempting) and no porno sites, etc. but these seem the only regs.

When I get back after my 3 days off :|party|: I'll explicitly check on this.

As I mentioned, implicit approval has been given everything I have done/accomplished and I have been operating under this for quite some time. Again, I work in a technophobic agency, 65/70% male, most of who frankly will not/can not admit they are clueless in most computer areas. As to getting explicit approval, nothing I have done has had that other than permission to start a web site and the public kiosk - but my accomplishments have been recognized (awards yadda yadda).

Caitlin

This is probably good--you are not a state or federal employee (or are you?), you pretty much have everything but written permission (and if that MIS guy was trying to scare you, it doesn't sound like he has much power to do anything in the first place), and this project has no monetary or financial value whatsoever.

Except for the written permission part, I'd say you're safe and good to go! :)

-Tex

Sorry you feel what I wrote was a bitter or violent criticism or attack. I didn't write it
with that in mind nor when reading it over again, can I see that it was such ... especially
towards DF.


Ok, so I misused the word diatribe. I just meant 'speech' sort of.

Scott - a reply to your excellent paper with a lot of snips.

Originally posted by Scott Jensen
Cat_odair,

Yes, uninstall it, but then simply ask if you can install it ... though don't tell them you had already done so before on their computers.
<snip> The biggest concern that I've heard companies and universities have about dc projects running on their computers is security.
<snip>
The second objection seems to be cost.
<snip>
The third concern seems to be how it will affect work production at the company or organization.
<snip>
<snip> Always feed your PR people your spin so it becomes theirs. *laugh*
<snip>
1. Good point - uninstall, then ask for a "pilot" test. Make your company a Team, track the stats.

2. Security has now gotten to the point that I have to take printers off the network (which is under 2 firewalls) because someone could telnet into the jet direct card and run off prints. Don't fight security, show them the path or sneakernet.

3. Cost is relative, since about 1985 I've found that not turning systems off seems to give them a longer life. Thus $3/month versus maybe $3K/system. Turn the monitors off, but not the system.

4. Work production ? If it does not crash the main apps (netscape, e-mail, Word, Powerpoint, or your favorite CAD program) don't worry.

5. That's true make them think it's their idea, maybe they can get a reward for it.

Fold with permission, but sometimes you only have to worry about your direct supervisor. In my case if my supervisor say's it's ok, then it's his problem.

1. Good point - uninstall, then ask for a "pilot" test. Make your company a Team, track the stats.

I run systems for 2 teams. We (the wife and I) run our personal systems for a fun team of our choosing. Sometime ago (before DF) I did a pilot test - with the knowledge of the IT dept - using FAH to test the client on user workstations. This was to see if the client interfered with "real" work. After a period of time without anyone else noticing any difference (I didn't tell the users what I had done... some people get very possessive of their company equipment... ), I talked to the company owner. I explained what DC was and then explained what FAH was trying to do. I also confessed to the pilot test. He gave permission and I started a company team. I made it a point to keep all of the company workstations on the company team and not run them under my accounts or jump around to different DC projects.

gnewbury gave some good advice and I'll vouch for the fact that sometimes it works!

If your company has an employee newsletter, this would be an excellent way to make everyone aware how the company team is doing, how the dc project is coming along, and keep interest in the project ... as well as get as many company computers involved as possible. It can be as simple as merely telling a "few" stats (such as total number/percentage of company computers in project, number of new company computers added since last issue, total average CPU speed of all of them, total work units crunched by the dc project at time of publication, total work units crunched by the team [company], how many more work units crunched since last issue, how many more crunched by the team, current team ranking, change in team ranking since last issue, and special news [like if you got in the Top Ten structures]). Or you could even go one step further and write a little column up for your company newsletter that would let everyone know how the dc project is doing that stats alone cannot convey. The people that put out your company newsletter will very likely jump at your offer, you'll likely score brownie points with your employer for volunteering to do so, and you could even use the columnist credential to stuff your resume a bit.

And all colleges that I know of also have a campus newspaper that runs on volunteer help. If you're a student, faculty, staff, or alumni, you could volunteer to do a regular column on how the college team is doing and end it with giving stats as stated above.

If you live in a place that has a community newspaper, you could also volunteer to do the same for them as well. All you'd need to do is think up a team (namely a name) that would represent basically the distribution area of the newspaper. Easiest thing to do is simply use the same geographic identifier that your newspapers uses. What I mean by that is if your community newspaper is called The Mayberry Tribute, call your team something like The Mayberries. Community newspapers are usually quite desperate for news and by making the team have a local spin, they'd see that it would draw people to regularly check at least the stats. As for daily newspapers, I don't see any harm in offering to also write such a column for them, but don't be surprised that they turn you down. Daily and community newspapers are pretty much different animals ... but, again, go ahead and offer. You've got really nothing to lose.

Lastly, if you're part of a social organization (Masons, PEO, Jaycees, Boy Scouts, Mensa, etc.), all of them have a membership publication and are thus also ripe for the picking. Simply make up a team right now that is blatantly for that group (i.e., "The Girl Scouts") and you're off and running. If you have a rival social organization, spark up a little friendly competition between the two of you (such as "The Girl Scouts" vs. "The Boy Scouts") and then report on the progress of both in the stats. Simply find a cruncher that belongs to that rival organization and have them start up a team for them. If you don't know someone from your rival, ask here in the forum and there might be one that's willing to help you out in this way.

And one of the nice side benefits of doing any of the above is that you're VERY likely to then get all the computers owned (assigned to) that publication enrolled into this project. :)

For all the newspapers and newsletters above, the first thing you should do is creat the appropriate team for the publication. No need to wait for permission. Simply creat one now and throw your stats into it. By the way, if your computer farm numbers more than mine (that being ... *sigh* ... one), you can set up teams for as many computers as you have running this project and simply assign at least one to each of the teams. This way you can set up teams for your company, your alumni, your local community, AND the social organization(s) to which you belong.

The second thing you must then do is write up two to three sample articles. The first one should be the introduction article for your column. Remember to write pyramid style (most important facts first and then rest in descending order) so when editors chop it, the most important stuff makes it in. And local spin is probably the most important thing of all and should lead the article. Suggest an article title and think hook when you do. What will spark people's interest to read the article. Same for the first paragraph. The first paragraph needs to hook the reader in and make them want to read further. As for talking specifically about DF, that leaves the local spin area and thus should be in the middle or last half of the article. And when presenting DF, present the human angle and go for quotes from DF staff. Simply send Howard (a.k.a. Brian the Fist) and Dr. Hogue an email (send it to Howard and let him relay it to Dr. Hogue), tell them what you're doing, and ask if he wouldn't mind answering a couple questions of yours for the article. Ask for soundbites that you can quote. Long-winded answers (like what mine usually are on this forum ;) ) take up too much space. End the intro article with the team's current stats and where those interested can go on the web to download DF and join the team. Don't worry about the editor chopping off this last paragraph. It will make it and if s/he is going to cut, they'll cut out the paragraph(s) right before it. This last paragraph is a "News You Can Use" sort of thing thus why it will make it in.

The other one to two articles you should write up are sample columns. If you're only willing to write up a stats column, that's fine. Make that as compact as possible, especially if you're hoping to get a daily newspaper to pick it up. This is where you really need to measure out the column widths of your newspaper and create up a little chart for them. If you can wing a color graph, that would be great ... saying your publication handles color, but also make a black-n-white one as well.

The other sample column is if you're also willing to write up a little commentary on how the project is coming along that stats alone cannot convey. This is where you could profile other folders of your team. For remember: NEVER underestimate the power of local spin. Newspapers thrive on it since they know that's what their readers want. As for length of this type of column, you need to scan your publication and see about how long they give to other columnists. Think in 100's of words. You'll need to tell the editor that your more-lengthy column is, say, a 500-word column ... but that you're also quite flexible in decreasing and increasing its length to suit their needs.

Even if you REALLY want to write the more lengthy column, you should still include both the stats-only column sample and the lengthy column sample. Something is better than nothing and the editor/publisher might feel they have space for the stats-only column but not the lengthy column. If you don't offer the stats-only column, you won't then get in at all. Again, better something than nothing. Also, it makes you look more professional since it makes it clear to them that you understand the value of page space. And even if they only go with the stats-only column, if there's some real news about the dc project to report, they'll likely allow you to do a little news article and place it next to or around your regular stats-only column at those times.

Once you get these two or three articles written up, write up a nice one-page letter to the editor pitching the column to her/him and include the samples. Don't let your cover letter exceed one page. Three paragraphs is all it needs to be. First paragraph is the hook. This is your local spin. Second paragraph is who you are. Third is your offer to write the column. The shorter these paragraphs are, the better.

Now if you'd like some help with the above, feel free to send me an email. We can discuss possible spins and I'd be even willing to put on my editor's cap and read over your cover letter and sample articles. Please though run them through a spellchecker before sending them to me.

Originally posted by Brian the Fist
Scott,

In response to your somewhat long-winded but topical diatribe,

1) Security has been mentioned before but you can never mention it enough, SO, as you might suspect, the only real potential "security hole" so to speak is in the auto-update. This is why we do not make it automatically accepted by default, and this is why it is digitally signed (thanks to a little nudging from Intel) to verify that it comes directly from me (this uses an encryption key that only I have, so no one else can digitally sign it the same way).

From the purely academic side of the house - so all one would really have to do is trace execution during an update (easy right now with weekly updates to get a large sampling) find the key verification routine and nop it out, right? Even if the code is encrypted, you just find the decrypt routine, use the key that was passed in and decrypt the loader, put in your noop and reencrypt. From that point on you "own" the client, right?

There are, of course, methodologies for securing this process a bit more. Totally beyond the scope here and totally for the paranoid-inclined. And I'm in no way touting adding such a thing...

I just get all icky-feeling when I see people vouchsafing a security methodology... The first myth of security is that it exists, afterall. ;)

Sorry Jodie, but I think I fail to see your point here. Why would someone want to hack their own copy of the client?? My point was that if you use the client we provide, it checks for digital signatures on updates and refuses to install them if not signed. That means if someone manages to hack an update server, and thinks they'll be clever and put a malicious update file, the client won't install it. Certainly a knowledgable user could bypass this security check but why would you?

The hack would simply be the first stage. The next stage would then require distribution... TCP splicing, redirection, or taking a shot against the server serving it up. All of those are generally fairly trivial compared to reversing the client itself.

Again, though, simply an academic stance - the odds that someone would go this route instead of other more simple attacks is negligible, IMHO...

The "Rule of Thumb" that I use in this kind of situation is:

"The computer in question belongs to [place name here]. If the software in question is NOT on the approved list, then don't do it!" On my very own personally-owned PC, I get really peeved if someone/something puts a program that I don't want on my PC. Heck, when I wanted to borg my husbands box, he and I had several long discussions about it, recognizing that his PC really is his PC.

Short answer - the owner of the PC is really the owner, and has (or should have) complete control of that PC. If the company/college/whatever has a policy in place, follow the policy - it is THEIR computer. You might try a reasoned approach to getting permission to put the program on the PC, but if the owner of the PC says "no", then that's the official word.

Personally, I think that prosecution was and is a trifle (!) heavy-handed - violation of the policy should be, at the very most, a firing offense, not a criminal issue.

Good discussion!:thumbs:

Originally posted by Moogie
Good discussion!:thumbs:

Agreed. In fact, after it runs its course, it would probably make a good candidate for the Educational Section. It even has a nice catchy little title to spark people's interest in reading it.