Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Cheating at Seti@home 245

Megor writes "Well it was bound to happen, people are cheating on Seti@home to inflate their work unit statistics, and the people who administer Seti are ignoring the complaints. ZDNET has an article explaining how they are cheating."
This discussion has been archived. No new comments can be posted.

Cheating at Seti@home

Comments Filter:
  • by taviso ( 566920 ) on Thursday October 31, 2002 @07:57AM (#4571195) Homepage
    Theres an interesting paper on this subject available here [distributed.net]. well worth a read.
    • by Anonymous Coward on Thursday October 31, 2002 @08:03AM (#4571200)
      A first post which is

      1. on-topic
      2. gets modded up

      What's this world coming to?
      • What's this world coming to?

        I blame the new server - its all different and backwards on that side of the country. They drive on the wrong side of the road too dont they?
    • by Anonymous Coward

      SETI's a joke, a simple machine whose optimum output is funding.

      They keep changing the rules: "If we do this, we'll find LIFE!" Then they don't find life. "Oh, wait, no, we'll do THIS -- and THEN we'll find LIFE!" Again, they don't find life. And so on, and so on.

      The money fountain is based on the fact that you can't prove that there isn't life out there, somwhere. It's very hard to prove that something doesn't exist. Therefore, these witch doctors at SETI just keep on mixing new and different potions every year and charging the taxpayer an arm and a leg for it all.

      What's worst is not the waste of money, but the violence done to the scientific method. Have you seen their calculations about the alleged "probability" of intelligent live existing somewhere else coincident with what passes for intelligent life on Earth? They've got these very serious-looking equations with variables and stuff, but the numbers they plug into the variables are all made up. They just pull numbers out of their asses! Who the hell knows how many Earth-like planets there are orbiting around G-type stars? NOBODY. We have exactly one (1) example to work from, and you can't generalize meaningfully from that. Who the hell knows how long the average radio-equipped civilization lasts before it blows itself up or transforms itself into energy beings and vanishes up its own etheric asshole? NOBODY. We have ONE example, which hasn't exploded or vanished yet, but who knows when or if it will? And what does that tell us about anything else? Nothing. If my dog gets hit by a car at age five, do I go and say, "Okay, that's how long dogs live: Five years. Now, given an arbitrarily assumed distribution of dogs on each of an arbitrarily assumed number of lawns in an arbitrarily assumed number of towns, we can calculate with meaningful precision that blah blah blah..."

      No. Wrong. Dead wrong. You can't calculate squat from what we know about any of the stuff SETI is yapping about, because we know nothing about any of it. Making up an equation doesn't make it science. If you feed real data (we don't have any) into the equation and then compare the output to the real world phenomenon that it's supposed to model (about which we know nothing, in this case) and it matches up, then you know what you've got? You've got a hell of a lot more testing to do before you publish any conclusions, is what you've got, but at least you've got something meaningful. Nothing that SETI is doing is in any way falsifiable. The question they're asking isn't even clearly defined. It's not science. Period. It's an open-ended money pit.

      • by Surt ( 22457 ) on Thursday October 31, 2002 @04:07PM (#4573482) Homepage Journal
        Ok, I know this is a troll but:

        Care to venture how many tax dollars go to seti right now? I'll venture an impressive number: 0. Seti is not currently publically funded. That's right, its all voluntary donations.

        I don't think anyone speaking for SETI has really made a claim such as: If we do X we will find life. Many times certainly they have said we _might_ find life.

        The drake equation and its variables are not 'made up'. They are estimated as accurately as possible from star surveys of the galaxy. Only the last couple of variables are really open to any sort of scientific question, the others are pretty well settled. The question that should be asked is whether or not there are enough hospitable star systems out there that it might be possible for intelligent life to exist outside our solar system, and the answer is clearly yes.

        Seti also has a clearly falsifiable premise: Seti claims that there might be other intelligent life inside of our galaxy (I believe that seti is willing to settle for our galaxy, since talking to anyone in a different galaxy is currently really beyond the realm of possibility for our technology). This claim is trivially falsifiable. Send a small probe to every start system, and survey any planets found. If no life is found, I believe that most if not all seti scientists will be glad to consider the question answered. Now sure, falsifying this way is a bit too difficult for us right now, so we're trying some other methods, but certainly within another century or so we should be well prepared to consider attempting a direct refutation of the seti premise.

        Or you can view this from the other direction. Seti is a project engaged with the attempted refutation of the scientific premise that there is no intelligent life in our galaxy outside our solar system. In this case we might say that they are simply using the best tools available to them right now, and we can expect that within the next 10,000 years or so that the question will be pretty well settled by advances in our technology, but it might be settled much sooner than that, and the potential value of settling the question early is tremendous.

        To clear up a last point, there are 2 questions I think seti would like to answer:

        1) Is there life outside our solar system, inside our galaxy.

        2) Is any of (1) that we discover, also intelligent.

        I think both are clear and falsifiable.

        • Also even if the SETI programme fails to find ET. It has proven very valuable in general scientific and social terms. advancing many fields from computing, electronics, physics, astrophysics, astronomy.

          In out field alone, its justified as a development bed for the first large scale distributed computing project

  • Motivation? (Score:5, Insightful)

    by Enocasiones ( 563499 ) on Thursday October 31, 2002 @08:02AM (#4571199)
    What drives people to do this? You may brag about being first, but still, you'll be first together with all your teammates. Lots of people to share the credit, not much left for an individual. And the fact that the cheating could corrupt the results just makes matters worse.
    • Re:Motivation? (Score:2, Informative)

      by simong_oz ( 321118 )
      My guess would be that it's the same sort of motivation that drives f@%$wits to beat up a pensioner for the $1.50 they might find.

      OK, it's a dodgy analogy, but I'm just saying that I'm not sure it's possible to understand the motivation without having it yourself. To you and I (and many others), corrupting the results of the research is a terrible thing, but these arseholes just don't give a shit.
    • by mosch ( 204 ) on Thursday October 31, 2002 @04:44PM (#4573826) Homepage
      A lot of people are assuming that these people cheated in order to up their stats (because seti stats get ya mad bitches!). I don't buy this for a second.

      I believe that these "cheaters" are in fact alien lifeforms, who are covertly working to sabotage the fine research being done by the seti@home project. The project was coming close to discovering the location of their invasion force, so a crack team was sent to earth to disable the earth information gathering project, and to lay the blame squarely at the feet of other earthlings.

      those aliens weren't quite clever enough though, were they...

  • by holle2 ( 85109 ) on Thursday October 31, 2002 @08:03AM (#4571202)
    I thought the move to close the source of SETI@home back in the old days was meant to stop the cheating ?
    Could it be that the protocol should be redesigned to contain, say digital signaures embedded into the binary (well not really a save place for that anyway ..)
    • M$ products & others' are closed and look at all the "cheats" (exploits) you can use on them. You cant stop the cheating through obscurity, as the linked page [distributed.net] in the First Post states.
    • by ebbomega ( 410207 ) on Thursday October 31, 2002 @08:53AM (#4571260) Journal
      If anything, closing source opens you up to "cheats" because every time that an exploit/cheat comes up, you don't have OpenSource-support to fix it sooner rather than later.

      Closing source isn't like sealing a tank. It's more like building a beaver-dam.
      • In a very ideolistic view, yes. Opening the source also makes it *very* easy for me to take the source, then do whatever I want to the code to produce whatever results I want using as much/little CPU as I want and return whatever results I want. Basically, I can change the program to be like this:

        int main()

        and since I have the *source*, it is very easy to read and interpret (don't need to know ASM or anything or deal with decyphering of disassembled code).

        Yes, you can fix bugs and submit the changes to fix the source tree but you make it *much* easier for cheaters to cheat if they want (and quite possibly enable more people to cheat).
        • by bogado ( 25959 ) <bogado AT bogado DOT net> on Thursday October 31, 2002 @01:07PM (#4572126) Homepage Journal
          In fact this is a hard problem to solve, since you have to trust the computations made on the client side. Every security protocol must not trust the client! The solution in this case would be punishing the guilt.

          My opinion is that each login should have a key, this key would sign all the packects received from this particular login. Now for every X packects received from any client, you resend one of them to another user, of there is a mismatch in the packet You then redo the calculation with your trusted code, and checkout witch is cheating and then ban this user.

          Since cheating is for achieving higher pontuation, no one would like to be banned, since this would mean that one would have to restart their statisics. Groups could also be punished if one of their members is cheating making them also responsible for their components. This would help to police the network.

          The key I proposed is for guaranty that a good user could not be sobotaged by other people sending packets in his name. Also one couls adopt a policy of sending more test packects to user with higher, more suspicious, rates of delivery.
          • This system opens up the can of worms for a DOS. Basically, if a given user can overflow the request for a new public key, so no one can request one, because he keeps the machine that is storing them too busy. The other alternative, is "checking bad blocks" is on trusted code doesn't scale with the size of the project. Now cheaters can turn the "checking bad blocks" into a bottleneck by submitting all bad blocks immediatly for you to have to check. Eventually the back log on check the bad blocks will be too difficult.

            They also address this in the article if the cheaters can manipulate the system enough to ensure they get the same block twice and send it in twice they win. Plus 99% of all blocks have the same answer: Nope, no interesting data here. That's it. So a cheater just has to send in "Nothing of interest here", for 100K blocks, then request a new public key and do that again. They could wipe out huge chunks of the key space because eventually they will get verified as correct.

            When you give source to anyone to run on their machine, you can't ever trust the results.


            • I don't know how SETI@Home currently works - perhaps all it does is send "Interesting" or "Not Interesting" replies. But no matter what it currently does, it certainly doesn't have to be that way.

              The client could send a "No interesting date here, becase" message. And the 'because' gets checked by other users periodically. DOS isn't a problem...Just check 1 out of 100 WUs. If that WU is bogus, check another. If that one's bogus, release them all back into the keyspace.
              • by ComputerSlicer23 ( 516509 ) on Thursday October 31, 2002 @03:58PM (#4573374)
                Okay, your right, I'd just gotten done reading another link from the posts, there is one from distributed.net that discussed all this, and actually was much more interesting then the original link. They talk about using a public key to sign data. Not that differs per individual, but even that is easy to abuse.

                It's *MUCH* faster to generate bogus data, then it is to check it. I could generate thousands of work units in an hour. If I was a bad person, I'd sign up for a new name for every single work unit. Or only every 10-20 units. If I can turn them in faster then you can test and reject them, I'm winning. The DOS will actual work. Remember, they can't possibly afford to check 1 out of every million blocks of the data they are sending out, otherwise they wouldn't be doing it as a distributed computing project. I can DOS them if they attempt to run a "trusted" version of the binary locally. I'd whoop them really bad and generating bogus data. The attacker isn't going to play nice and put all their work units in under a single name if they are attempting to subvert the process.

                I'm speaking from the perspective of an attacker who want's to subvert the process not rack up a big WU total. If I really wanted to rack up a huge work unit total, I'd take all my units under one name, and then submit them via 10 signed keys when they are done, so they all look like proper work units. Then they never check them locally, because they got verified by 10 different people as the same. How handy... If they have a set of "trusted" users that have to verify all the blocks, then all they should have the trusted people run the binaries, because everybody else will be throttled by the rate of the trusted ones.

                In the end, they really can't check anything locally or only by trusted users, because locally and trusted users doesn't scale, that's why it's a distributed process. All the attacker has to do, is overrun the computing resources of the checker, and they win. It's not hard at all to pump to much data at them, because I don't need to do any real work to generate them, they have to do loads of work to check them. (Spoken like a man who use to grade tests.)...



                • It's easy enough to stop a person from signing up for multiple accounts, though. Just keep a record of all IP's that signed up for accounts in the past 3 hours. If the IP is on the list, don't let them create an account. Dial-up users get screwed, but they can always come back in 3 hours to sign-up.

                  Or you could demand an email address, and verify it's authenticity (Send an email, follow a link).

                  All of this can be subverted, but it'd make it much harder, much slower, and probably not very much fun. It would certainly stop any massive DOS attacks or cheating from taking place.
            • Public keys are generated by the client, since for every public key there is a secret one. The system would only have to check if there is already a user with the same public key. much like the same test that is made today for every register engine on the web does for logins.

              Witch packets each user receives is compleatly out of control of the user, since it is the server who picks witch packet it will send to each user.

              Also I am not aware of what exactly the SETI@Home client does with the data, but I am pretty shure that it process the data and reply with a packect of processed data and not just a bit of "interesting"/"not interesting".
              • Sorry, I'd just gotten done ready up on the distributed.net article on the same subject. SETI@Home does have more information the interesting versus not interesting (RC5-64 doesn't). You can have the client generate a key, but now you've made it trival for me to generate as many public/private key pairs to overwhelm the checking routine.

                As I've explained in several other posts in this thread. Now I can DOS the thing by generating hundreds of thousands of keys, and generate 2-3 bogus WU results's for them. Now send them in. They talk in the article about the highest team ever having only 8Million, accumlated over the course of years. I can easily generate that many which have to be checked by the trusted system to ensure the blocks I've done are correct.

                Once I start doing this, the project will have to shut the checking system down. Either, I'll ensure no one ever gets to put any WU's thru because I've created a huge backlog of work that will never get caught up, or the checking system will become the bottleneck and there's no point in having a distributed system. Remember SETI@Home works the way it does because it's the only way to accomplish the processing. They don't do it because it's cool, or sexy. They do it because there's no other way to get it done.

                The other problem is, you'd have to randomly check people's work. Otherwise I could simple do 10 WU's have my account verified as "trusted" and then start spewing bogus data at you. The checker has the slight advantage that because I'd be turning in such huge number of WU's I'm more likely to be randomly selected be verified.

                As a percentage, I can also virtually sure I can get all the work units to come to me so I can check them under several private keys. While it's controlled by SETI at home, assuming I have enough bandwidth, I can write a client that requests huge number of work units. Because I'm not wasting any time actually doing the work on them, I could probably request 90% of the WU's that are given out in any single day assuming I have enough bandwidth. So I'd get de facto control over the answers turned in.

                It'd be a big pain in the ass, but if I really felt like doing it, I could probably pull it off.

                Thanks, Kirby

      • Although I agree that open source is the only way to come up with a truly cheat-proof system, there is a serious problem with using it here.

        If you assumme altering the clients is difficult then you may be able to rely on slight differences between the real clients and cheating clients to send data that will only work in the real clients. This can be done without changing the clients.

        However in a open-source solution it is far too easy for the cheaters to see what difference you are exploiting between the real and cheating clients, and modify the cheating client to emulate the difference. So any real fix will require all the clients to be replaced with new ones that do the new trick that makes the cheat impossible. Updating all the clients this way would require the entire system to be stopped.

        The closed-source one will fail eventually when there is no way to distinguish a cheater from a real client. In that case it is just as hard to update things as the open-source one. However this may happen later.

      • Closed source isn't like sealing a tank. It is more like building a beaver-dam?

        Why would anyone want to dam the beavers? Shouldn't they be allowed to run freely?

    • by anshil ( 302405 ) on Thursday October 31, 2002 @09:01AM (#4571270) Homepage
      Closing the source does not help a bit. After all you give a binary to your "foe", thats enough. Look in example to Ultima Online, they encrypt the stream already in 10 layers or so, with constant changing keys, algorithmns and so on. But it is still beeing hacked, simple as that, you've a binary of the client, you can view the algorithmn on assembler basis, thats enough "source" code to hack anything assuming enough motivation and time.

      Look at all the companies trying to hinder people copying with copy protection CD's, tongels and all that. Does it help? No it's all just a new challange for the hacker folk.
    • Cheating will always be possible. You can't have a trusted conversation with someone you can't trust. It's not like we can charge their credit card for every invalid result or have them arrested.

      All you can do is make cheating hard. If you would like cheating to be very hard, feel free to go here [sourceforge.net] and put in some work to help make it hard.

  • SETI Checking? (Score:5, Insightful)

    by rabiteman ( 585341 ) on Thursday October 31, 2002 @08:09AM (#4571206) Homepage
    From the article:
    One common technique used by cheats is to distribute partially completed work units to other team members' SETI@home accounts. One account is used to process a work unit until it is 99 per cent complete. It is then distributed hundreds of other team members who process the remaining portion of the unit and return it. The WU is credited to their accounts vastly inflating the quantity of public processing that appear to be dedicated to the project.

    Let's assume cheating is going on, and is being perpetrated in this manner. Why doesn't SETI@Home check each WU as it's submitted and say "Gee, here's hundreds of people from the same team submitting the same WU with the same result within minutes of each other. Seems awful suspicious!"

    Seems awful suspicious.

    • Re:SETI Checking? (Score:5, Informative)

      by phragle ( 83450 ) <<christiancable> <at> <gmail.com>> on Thursday October 31, 2002 @08:24AM (#4571221) Homepage
      Seti does check,

      As I understand it, for each unitl they send a number of redundant units out and then compare the evetual results taking the most popular result to be the correct result for that unit.
      • Re:SETI Checking? (Score:5, Insightful)

        by rabiteman ( 585341 ) on Thursday October 31, 2002 @08:56AM (#4571265) Homepage
        As I understand it, for each unitl they send a number of redundant units out and then compare the evetual results taking the most popular result to be the correct result for that unit.

        Even if this is the case, the point remains that one group handing in 300 redundant copies of the same data processed the same way will skew the results. What if the guy who processed the first 99% had some kind of screwup along the way, and his team hands in 300 copies of his screwed-up data? The other 3 people who got the same WU and got the right answer will be 'outvoted' by Team Cheater, ruining the whole effort (for that particular chunk of raw data, at any rate).

        • Re:SETI Checking? (Score:4, Insightful)

          by Zocalo ( 252965 ) on Thursday October 31, 2002 @09:27AM (#4571327) Homepage
          I don't know about Seti@Home, but if I were designing the WU submission / verification procedure, I'd be looking for anomalous submissions and verifying them on my own, trusted hardware. That includes all high positives and any units where you management DB is reporting a data validation mismatches - like more units returned than dispatched.

          Ultimately the league tables are just a bit of fun to entice more people into getting involved, Seti@Home probably doesn't care about who leads the tables in the slightest, only about getting a result. As long as they are confident that a positive result will not slip by unnoticed, why get involved in an resource wasting arms race with the cheaters?

      • Re:SETI Checking? (Score:4, Interesting)

        by phragle ( 83450 ) <<christiancable> <at> <gmail.com>> on Thursday October 31, 2002 @08:59AM (#4571268) Homepage
        from the seti FAQ http://setifaq.org/faq.txt 2.4 I heard I was getting the same work unit as everyone else. Is the program wasting my time? Nope, because the only time you're giving it is time your computer would have wasted anyway. Yes, early in the program there were times when the same work units went out over and over, due to overloading of the SETI@home servers that were supposed to be making new ones to send out. (They didn't expect half a million people to sign up, and they don't have enough staff or computing power to keep up with it.) And since then, the same work units are still sent out to several people, for various reasons (for instance, more than half the people who signed up have never returned their work units, and probably dropped out) But new work units are being sent out too, so just leave your SETI@home program working and it'll take care of the details. Note: If workunits are sent out multiple times, they can be doublechecked by SETI@home.
      • Re:SETI Checking? (Score:5, Interesting)

        by Coplan ( 13643 ) on Thursday October 31, 2002 @10:51AM (#4571571) Homepage Journal
        Simple solution...

        Seti should track what it hands out (and I'm sure it probably does). In fact, it should probably track to who it sends it (again, it probably does).

        If Seti sends out 30 WUs (abroad), it should know that if it gets 200 back, a flag should be sent up. If seti sends a WU to Bob, but not to Gregg, and Gregg sends THAT WU back, the one returned from Gregg should be voided.

        This is not about preventing competition. Screw that...Seti shouldn't be concerned about this issue relative to that. Seti's concern should be plain and simple -- it should be protecting the integrity of the data. 'Nuff Said.

        • Re:SETI Checking? (Score:2, Insightful)

          by ninjadoug ( 609521 )
          why should they care anyway. It's not like the points actually mean anything. This is like all those people who complain about 'Karma Whores'. Let them cheat, in fact give them a million points, just worry about the data I say
    • Why doesn't SETI@Home check each WU as it's submitted and say "Gee, here's hundreds of people from the same team submitting the same WU with the same result within minutes of each other. Seems awful suspicious!"

      they should make note of each work unit that goes out, and make sure it comes back from the same account. if the same account returns the same unit more than X times, it would be abusive but wouldnt cause any harm nor be added to the totals for that account.

      i suppose you could then cheat by getting a shitload of WU's (a few million?) and comparing to the millions of WU's your friend got, split the same ones and send them both in once processed. if the total pool of WU's is large enough, this should be rather impratical or should at least be easily spotted.

  • Ahem. (Score:5, Insightful)

    by acehole ( 174372 ) on Thursday October 31, 2002 @08:21AM (#4571216) Homepage
    This has been going on for as long as seti@home has been running.

    There are a variety of excuses people have for doing such things, such as :-

    * making the program calculate units faster
    * falsifying unit completion and results
    * hoping they cheat enough so they can get up the top of a table

    These people dont realise the problems with doing such things, If you contaminate the results with fraudulant and false data then you might as well forget about the whole project.

    What happens if there really was something found, but due to the high rate of contamination that it was thought to be too good to be true and discarded. Consequences really need to be thought out before you start wrecking the hardwork of scientists and academics who are only doing a service for everyone's benefit.

    • Re:Ahem. (Score:5, Informative)

      by taviso ( 566920 ) on Thursday October 31, 2002 @08:39AM (#4571244) Homepage
      one of the major culprits for this was actually Microsoft, they had a scam going where they optimized the SETI software for Windows and then published the results to show how well their platform performed.

      Theres more information in the setifaq [setifaq.org], section 1.3.6

      and on this usenet thread [google.com].

      its a very interesting topic.
      • one of the major culprits for this was actually Microsoft, they had a scam going where they optimized the SETI software for Windows and then published the results to show how well their platform performed.

        Much as I hate Microsoft, and would love to find them guilty, this is not cheating. It just minimising their natural disadvantage.

      • One of the major culprits for this was actually Microsoft, they had a scam going where they optimized the SETI software for Windows and then published the results to show how well their platform performed.

        That attitude by SETI was my major reason for not participating in SETI@home.
        When they started asking on sci.crypt if there was some way they could guarantee that only their client had performed the calculations,
        the question that naturally arose was "why the client, and not the data?".
        The answer provided shows that they were not (and still aren't) interested in proving the calculations are correct.

        For what it's worth, the solution to the checking problem is actually straight forward.
        Force the client to periodically calculate the MD5 hash of all the intermediate results (basically an image of ram) + the last MD5 sum calculated.
        Each block computed then returns the result (usually nothing interesting) and the MD5 sum.

        -- this is not a .sig
    • Re:Ahem. (Score:4, Interesting)

      by IIRCAFAIKIANAL ( 572786 ) on Thursday October 31, 2002 @09:38AM (#4571361) Journal
      What happens if there really was something found, but due to the high rate of contamination that it was thought to be too good to be true and discarded. Consequences really need to be thought out before you start wrecking the hardwork of scientists and academics who are only doing a service for everyone's benefit.

      Not that I disagree with you overall, but if they thought they found something but the results were contaminated, they would just reprocess them. Now, what we should worry about is something being overlooked...
  • by ClassicG ( 138845 ) on Thursday October 31, 2002 @08:30AM (#4571230) Homepage
    all I need to do to feel better about myself is to remember that there are people out there who are so bad that they need to cheat at Seti@Home in order to feel like something worth anything.
  • With SETI@Home, if you arean't already part of a team, can't you join a team and give them credit for all of your previously completed work units? With the project coming to a close, maybe we could all join Team Lamb Chop and give them a boost to keep them ahead of these cheaters.
  • by jukal ( 523582 ) on Thursday October 31, 2002 @08:34AM (#4571236) Journal
    run at cyberian.org [cyberian.org] some 4 years ago was that people will do anything to get their team/name listed in the first page of the statistics. Some of the people were even arrested by police for hacking into machines to make them crunch rc5 for their name. And it seems this trend is only getting worse. This is kind of sad, because it is not very good for the reputation of such efforts.
  • by jokrswild ( 247507 ) on Thursday October 31, 2002 @08:35AM (#4571237) Homepage
    as a participant of the Seti@Home project, this has been happening for some time. For those familiar, check out the stats for Overclockers.com Seti Team, of which i'm a member (insert a "Crunch for us!" flag here). We've suspected our number 1 memeber of cheating, but we have no proof. His numbers as of late were usually 0, until a few of our other memebers caught up. His Work Unit production started being upwards 300 or 400 a day.

    People tend to loose sight of the fact that Seti@Home is for scientific purposes, and get caught up in the statisitics of it all. I'm in to the statisitics, so i'll load more computers with the Seti@Home client, not cheat.
  • by hopbine ( 618442 ) on Thursday October 31, 2002 @08:40AM (#4571250)
    I havent seen any /. comments about the Google version of this. My office computer runs IE and has a Google toolbar. The other day it downloaded a trial version of combined computing, in this case the computing was to be on behalf of the "Folding@Home Distributed Computing" I wonder if Google will be hacked.
  • Ironcly (Score:4, Interesting)

    by isorox ( 205688 ) on Thursday October 31, 2002 @09:01AM (#4571271) Homepage Journal
    I'm researching seti for a final year comp sci project, and I've just handed in a draft about how its been secure, but how my distributed foobar will be open, and therfore more secure.

    (dunno how to make it secure yet though)

    Cheating is a big thing, as you can sell your work units on ebay!

    500 units @ 25 euros [ebay.co.uk]
    and http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&it em=2064169353 and
    http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem& it em=2064990327
  • by caveat ( 26803 ) on Thursday October 31, 2002 @09:02AM (#4571274)
    if i were one of the reviewers of this work for publication, and i even heard a whisper about cheating, i'd pack the whole pile of results up and ship them straight back as invalid.
    if this is /serious/ scientific research, there should be absolutely zero tolerance for cheating, and any team even suspected of it should be summarily disqualified and have all their results tossed - not out of fairness for the competitors, but for the simple sake of scientific integrity...you can't have people cooking the books and then expect legitimate results.
    • The farmed out processing only seeks candidate signals. When one is found it is re-processed by the central site to verify and interpret it. This is sciencific re-produceability in action. I dont know the exact number, but there have been several dozen false-positives so far, e.g. overlooked satellites quasars and the such.
  • by Alsee ( 515537 ) on Thursday October 31, 2002 @09:03AM (#4571277) Homepage
    With the competition?s close just two months away

    Seti@home may just sit back and silently allow these people to continue putting work into cheating, then at the close of the copmpetition throw out all bogus results.

    Sort of getting revenge by letting them waste their time for another two months.

  • Why Cheat? (Score:5, Funny)

    by orthogonal ( 588627 ) on Thursday October 31, 2002 @09:05AM (#4571280) Journal
    We're cheating because some 133t script-kiddie beamed a message to your solar system, some 50,000 of your years ago.

    Only by perverting your Seti@home results will we prevent you from discovering our advanced, trans-lightspeed, galaxy-spanning civilization -- and from discovering that despite our accomplishments, our civilization will fall unless we conquer your planet for water/slaves/Kentucky-Fried-Human (please pick one).

    Naturally, as an Alien Commader, I must gloatingly reveal our plans, with the excuse that you puny humans are too primitive to stop us even if you do know.

    PS: That Orson Welles broadcast 64 years ago today wasn't a hoax. We got to him just in time.
  • by Frnak ( 556880 ) on Thursday October 31, 2002 @09:07AM (#4571287)
    Wasn't seti@home just about scoring high work units?

    And what is this extraterrestial stuff people are going on about?
  • by Sherloqq ( 577391 ) on Thursday October 31, 2002 @09:09AM (#4571290)
    I wonder how this will affect other distributed projects, such as the cancer search.
    Apparently any time there is a prize involved, people are willing to forgo their ethics
    and the ulterior goals in favor of money. What would happen if this sort of cheating were
    uncovered in the cancer project? Will it undermine its reputation and credibility, even
    if only the stats were to have been sabotaged and not the results themselves? I'm sure
    that people would start peeping "Well, we can't trust those results now, can we?" And all
    those CPU cycles would have been wasted, after all.
  • ...inflated stats were being turned in years ago. This 'cheating' is hardly new. SETI must have grown tired trying to stay ahead of it with new versions and now just turns a deaf ear.
  • by pommaq ( 527441 ) <straffaren.spray@se> on Thursday October 31, 2002 @09:18AM (#4571308) Homepage

    Listen to the guy in the article:
    "Basically, three years of work to get to the top of the teams and eight million WU later, it looks as though the top team is going to be beaten by cheating," said Nealon.

    Sure, the stats are fun. But once you make a competition of it, people are going to start cheating - doesn't matter if the only reward is seeing your name at the top of your group in some brute force number-crunching exercise. Even the legal users care mostly about where they are in the stats, not about the point of the project itself. I mean, look at the popularity of ProgressQuest.
    If I were SETI@Home, I'd remove the stats. Sure, you'd lose humungous amounts of CPU power when the $r1p7 kiddies abandon the project, but if you're getting millions of WUs of flawed data sent back to you, you need to do something drastic. Besides, they've got a pretty strong brand by now, and I'm sure a lot of users would stick with them just for the good of the cause, not just for the dubious honor of being at the top of the stats.
  • You may sign here if you agree!


  • Simple solution (Score:5, Insightful)

    by wowbagger ( 69688 ) on Thursday October 31, 2002 @09:28AM (#4571332) Homepage Journal
    When the hand out the work unit, put a unit ID number on it, and sign it with a hash.

    If they see the same ID being submitted by more than one system, zero the work unit totals for both machines.

    BOOM! Cheating now carries a very high price.
    • wowbagger wrote:

      When the hand out the work unit, put a unit ID number on it, and sign it with a hash.
      If they see the same ID being submitted by more than one system, zero the work unit totals for both machines.

      This would allow anonymous losers to request a new work unit, then deliberately submit bad units for ID's 0 .. n-1, just to DOS everyone else.


  • It seems to me the claims of cheating are just speculation, there is no evidence beyond the reported fact that a 'leading' team has emerged. Indeed the 'cheat' as descibed of bringing more machines to bear on the problem does not seem like cheating to me. It looks like bad loosers to me. It certainly has no negative impact on the scientific integrity of the resuls as some have suggested.

    • Re:EVIDENCE ? (Score:3, Informative)

      by JDax ( 148242 )
      The problem is not "bringing more machines to bear". A big issue has to do with those purposely re-submitting the same, already-processed results, over and over again, without ever having or needing to download a new WU.

      Read this thread [infopop.net] and this one [infopop.net] and do try to follow the links to the graphs showing the suspicious results.

      And do sign the petition against cheating here [teamprimerib.com].

      • I've read a good few links and whilst there seems to be lots of speculation. I can see _no_evidence_ of cheating. Increases in productivity has many possible explainations, new machines, additional machines, renewed efforts, new members, etc.
        • But did you bother to read the links I posted? This latest issue has been researched for at least a year and was initially brought to light back in August when the loopholes were privately brought to SETI's attention.

          The Netherlands has a population of 16,000,000. Roughly the population of Florida. So you actually believe that the highest producing 10 accounts alone on that single team (SETI@NL), some of whom suddenly became new members in October, are legitimately outproducing the ENTIRE combined daily output of the top 5 teams in SETI? So you do not find it unusual that those 10 mentioned produced 65,000 results in a single day? You do the math (there's alot of math done in those threads).

          Even the poor SETI@NL Team founder has admitted that there is nothing he can do about them because Founders are given no admin privileges to kick suspicious accounts off a team and the SETI project leaders have never responded to his inquiries about the accounts.
  • Simply by refusing more than 4 WU a day per person. (6 hours for a 1Ghz PC to do one unit x 4 units = 24 hours.) Add to this if a single unit appears to have been submitted more than, say, 3 times, it will be "suspect" and resent out to be checked and you (the original submitter) will only get credit for it once it passes this second level.
  • I have been an avid SETI@home user since its inception. I don't have many work units, but I have never felt the need to cheat, because this is one of the few things that I am interested in. Why are people trying to ruin it for the rest of us? I know cheaters can fake a signal to get their 15 min of fame, but I am sure that there are ways of finding out that they cheated.
  • More info. (Score:2, Informative)

    by Faile ( 465836 )
    While the article does a fair job explaning about the possible patches/hacks here's [hccnet.nl] a little more detailed version, and a few old usenet postings from S@H staff on the subject.
  • Some maga-project papers like the discovery of a new physics particle or sequencing a geonome have author lists over a hundred because so many people work on them. When they discover a signal from an alien intelligence, will they a milion authors on that paper? :-)
  • A while back, S@H was having so many bogus results sent in (and work units sent out to cheaters), Berkeley massively scaled back the bandwidth alloted to the project. The result was that people who didn't cheat and weren't compulsive users (people with caches / willing to retry their connections all day) couldn't get new work units. One of S@H's responses was to make the clients do more math, effectively slowing the clients down. The other was to close down some of the cheating loopholes.

    It's unfortunate that the stats helped make the project so popular ... since they also made it a target for people needing to inflate their numbers at any cost.

  • I'd like to see stats on which work unit has the highest score. That is, which single individual work unit (described as the instant of time in which it was originally captured) has been returned most often. Or better yet, which work unit has the highest return/fetch ratio.

  • My guide to distributed computing [bacchae.co.uk] includes a section on dealing with parasites.

    Bill, SETI should have asked me.

  • How much of a loser are you to cheat at SETI?
    • **How much of a loser are you to cheat at SETI?**

      same kinda loser that would.. reply to this saying
      "the same kinda karmwhore who would reply to this saying 'the kind of a loser who would cheat in nethack and then brag about finishing it'".
  • by jacoplane ( 78110 ) on Thursday October 31, 2002 @12:09PM (#4571861) Homepage Journal
    here [seti-nl.org], though they're in dutch. I would translate, but I have no time. Basically, they say that they don't want to win by cheating, and that if they have evidence to support the claim that someone is cheating, that person will be removed from the team.
  • by SETIGuy ( 33768 ) on Thursday October 31, 2002 @01:08PM (#4572129) Homepage

    Yet another overblow cheating report. Frankly, it doesn't really impact the science. The cheaters only process a small fraction of the total data and candidate identification doesn't rely on either a single result or a results from a single work unit.

    Lets keep the the scope of the problem in perspective. What these guys are worried about is being in first place in the stats. I understand their concerns, but right now we have neither the funds nor the manpower to share them. Perhaps when SETI@home is shut down, and SETI@home II is running, we will go back and adjust the totals. Perhaps not.

    SETI@home II will run under BOINC and will have more immunity to such exploits. The cost of such immunity will likely be a GUID for each machine running BOINC, in addition to a per user key pair. This, of course, will get slammed by privacy advocates. Hell, if Microsoft were doing it I'd slam them.

    Right now our priorities are

    • Keeping everything running.
    • Identifying candidates for reobservation at Arecibo (sometime in the next 4 months or so).
    • Building the SETI@home II data recorder.
    • Getting Astropulse running as part of the BOINC beta.
    • Finding enough funding to keep us running.
    • Designing the SETI@home II analysis code.
    Sorry, but fixing the stats can't be a priority right now. The extension of that to "SETI@home doesn't care about cheating" is extrapolating too far.
  • ...about not having run the client for the past few yeras. I used to have a copy of the SETI@Home client running on every machine I had legitimate access to, but after a few reinstalls of Windows here and there, I've never bothered to reiinstall it.

    I did take part in the original RC-5 challenge, and put some work into the RC-64 (forgive me if the names aren't accurate, it's been a while) but I just could never get behind any of the new projects. The RC5 project had a definite timeline to it; it was kinda like playing the lottery -- sure, I didn't find the winning key, but I could have.

    And now to have an open admission of cheating on the SETI project -- even if it's not to the degree the article suggests -- just leads me to believe that there are people who care more about the imaginary "score" than the goals of the project, so much so that they're willing to potentially corrupt the findings to "win".

    And if the article is correct in saying that the project leaders at SETI don't care about the cheating, then I think it's especially tragic. I won't be donating any spare CPU cycles I have to this project, and I'll certainly be thinking twice about other similar projects.

    I'm sure my computer will be just as happy drawing little hypecubes as crunching data on a cure for cancer or figuring out Saddam Hussein's email password (whoops, that's been done already)...

    Jay (=
  • Take out the Game (Score:2, Interesting)

    by _KhlER3L ( 601441 )
    If S@H didn't make it into a big race, people wouldn't be cheating. Give them a motivation, a simple numbers game, and they will, and have, to the detriment of the project.

    Technical solutions such as adding hashes of this or encrypted that's will not tackle the root source of the problem: the game playing people themselves.

    A solution I think might work would be to make WU statistics viewable only by the producer himself. Everybody wants to know what he or she has done, but compiling the data for an entire work group, much less all work groups, would be next to impossible. Without 'meaningful' ranking data, game players would have to find some other way to please themselves.


  • The article says that the cheaters can have an impact on the results of the whole project. I read that, and I did a doubletake: What, the SETI project has results?
  • Maybe the aliens have decided they don't want to communicate with us after all, and so they're sabotaging the data...

    And maybe we shouldn't be so judgemental and quick to criticize SETI@Netherlands - they're just pawns in an intergalactic game of cat and mouse.
  • I don't know why they're so keen on looking for intellegent life out there. They should be looking down here! OTOH, their odds of success are better out there.

It seems intuitively obvious to me, which means that it might be wrong. -- Chris Torek