Mersenne Digest Monday, February 28 2000 Volume 01 : Number 699 ---------------------------------------------------------------------- Date: Sun, 27 Feb 2000 17:30:01 -0600 From: Ken Kriesel <[EMAIL PROTECTED]> Subject: RE: Mersenne: p-1 and trial factoring At 02:55 AM 2/27/2000 -0800, Paul Leyland <[EMAIL PROTECTED]> wrote: >BJB wrote: > >> Yes - I think we need this database - with or without savefiles, >> it's a waste of effort to inadvertently duplicate work done before. >> Since P-1 is deterministic (like trial factoring, but unlike >> Pollard's rho or ECM) you should get the same result every if you use >> the same limits on the same exponent. > ... > > >The degree of freedom in choosing an elliptic curve for ECM is probably what >you're hinting at. I'd suggest that a database of number of curves at run >each B1/B2 limit is still useful. George keeps such a database for small >exponents. > > >Paul It's my understanding that the choice of curve is randomized intentionally, and that the space of possible curves for each exponent is so large that it is more efficient to check random curves than to attempt to eliminate the very small chance of calculating the same curve more than once. This approach is used not only in GIMPS, but in George's implementation of Richard Crandall's program for searching for factors of Fermat primes. It is not necessary or advisable to run all possible curves. In fact, for F16, my runs produced in sequence, the following seed numbers, many of which found the factor 825753601: Attacking 2^65536 + 1 Selecting elliptic curve seed s = 1561883045: Selecting elliptic curve seed s = 630999867: Selecting elliptic curve seed s = 1921480920: Selecting elliptic curve seed s = 1664751173: Selecting elliptic curve seed s = 671100398: Selecting elliptic curve seed s = 2008555722: Selecting elliptic curve seed s = 112071784: Selecting elliptic curve seed s = 1157242418: Selecting elliptic curve seed s = 690847237: Selecting elliptic curve seed s = 823396944: Selecting elliptic curve seed s = 1372799571: Selecting elliptic curve seed s = 244007149: Selecting elliptic curve seed s = 2013596788: Selecting elliptic curve seed s = 1958155050: Selecting elliptic curve seed s = 441279715: Selecting elliptic curve seed s = 248788694: Selecting elliptic curve seed s = 831355685: Note that they go to at least 2 x 10^9. Ken _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Sun, 27 Feb 2000 16:54:26 -0800 From: Will Edgington <[EMAIL PROTECTED]> Subject: Mersenne: p-1 and trial factoring Reto Keiser writes: A lot of factors of exponents between 10000 and 1000000 were found using the new P-1 method. Is there a database which contains which exponent were tested using which B1 and maybe a database od the save files? The P-1 data is also collected by me, in the 'o:' lines of my programs' usual format (merfmt.txt). I also collect P-1 save files and try to keep track of who is running Factor98 and other (older) P-1 programs on which exponents. Note that this will likely not affect the new GIMPS and Primenet P-1 efforts, as I'm concentrating on small exponents where complete factorizations might be feasible; the new GIMPS P-1 efforts will be to find a first factor to avoid having to do LL tests. Will http://www.garlic.com/~wedgingt/mersenne.html mersfmt.txt _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Sun, 27 Feb 2000 19:57:56 EST From: [EMAIL PROTECTED] Subject: Mersenne: hackerz attackerz Dear all: This is off-topic, except in the sense that it involves the ftp server where I maintain the Mlucas software for mersenne testing Unix clients. My ftp server has suffered its first (to my knowledge) hacker penetration. I think I stopped the attack before any serious damage was done, but thought I'd recap what happened and ask the sysadmins out there for advice as to how best prevent this sort of thing in the future. I've already contacted the local FBI field office, but this sort of thing (I'm not exactly eBay here :) may not be high on their priorities list. Summary: this morning I noticed a lot of ftp traffic on my server (not in itself unusual), and at the same time that one of my jobs had crashed while attempting to write to disk due to a full filesystem. After eliminating all the obvious candidates (large core files and such), I started a detailed account of disk usage for various directories, and found that the directory containing my public ftp archive was several hundred MB larger than it was 24 hours ago. After some more sleuthing, I found that someone had logged on via anonymous ftp, created a directory with a name consisting of several blank spaces in /usr/users/ftp/pub, and was busily uploading hacker-sounding files into the new directory. I immediately halted network services and changed the ownership of the blank dir from 'ftp' to 'root.' I haven't deleted the directory in question, since there may be clues as to the source and nature of the attach in there. I think someone may have been trying to turn my server into a "zombie" such as in the recent denial-of-service attacks on several popular websites. Here's where my checks of disk usage first turned up the anomaly: # du -rsk /usr/users/ftp/pub/* 284260 /usr/users/ftp/pub/ <==this wasn't there yesterday... 7050 /usr/users/ftp/pub/alpha_docs 1416 /usr/users/ftp/pub/amd_docs 1503 /usr/users/ftp/pub/archived 87 /usr/users/ftp/pub/c_translations 1200 /usr/users/ftp/pub/ia64_docs 431 /usr/users/ftp/pub/ibm_docs 21759 /usr/users/ftp/pub/mayer 3704 /usr/users/ftp/pub/mips_docs 5440 /usr/users/ftp/pub/powerpc_docs 149 /usr/users/ftp/pub/spec98 168 /usr/users/ftp/pub/transmeta_docs 104 /usr/users/ftp/pub/usgov_docs This shows the blank-named dir created by the hacker, with owner = 'ftp': # cd /usr/users/ftp/pub/ # ls -l total 104 drwxr-xr-x 3 ftp users 8192 Feb 26 22:38 <==directory name = 3 spaces drwxr-xr-x 2 mayer users 8192 Feb 27 03:10 alpha_docs drwxr-xr-x 2 root users 8192 Feb 27 03:10 amd_docs drwxr-xr-x 2 mayer users 8192 Nov 26 02:38 archived drwxr-xr-x 2 mayer users 8192 Jun 2 1998 c_translations drwxr-xr-x 2 mayer users 8192 Feb 27 03:10 ia64_docs drwxr-xr-x 2 root users 8192 Feb 27 03:10 ibm_docs drwxr-xr-x 6 mayer users 8192 Feb 27 01:20 mayer drwxr-xr-x 4 mayer users 8192 Mar 31 1999 mips_docs drwxr-xr-x 3 mayer users 8192 May 4 1999 powerpc_docs drwxr-xr-x 3 mayer users 8192 Apr 19 1999 spec98 drwxr-xr-x 2 root users 8192 Feb 27 03:10 transmeta_docs drwxr-xr-x 2 root users 8192 Feb 27 03:10 usgov_docs The blank dirname is designed to make it harder to see what's in there, so one needs to do something to avoid directly entering a blank dirname, like # ls -l /usr/users/ftp/pub/* /usr/users/ftp/pub/ : total 8 drwxr-xr-x 3 ftp users 8192 Feb 26 22:38 4_mboca Within the directory 4_mboca was another directory named 'by_hitekfraud', containing the following goodies Mr. hacker uploaded: # ls -l total 168 drwxr-xr-x 2 ftp users 8192 Feb 27 10:23 AutoBot.v1.1.Cracked-DQF drwxr-xr-x 2 ftp users 8192 Feb 27 11:36 BEATMANIA_DA-SCAR drwxr-xr-x 2 ftp users 8192 Feb 27 02:49 Invictus-CLS drwxr-xr-x 2 ftp users 8192 Feb 27 10:14 Invictus_Manual_REPACK_FTFdOCs drwxr-xr-x 2 ftp users 8192 Feb 27 02:47 Invictus_music drwxr-xr-x 2 ftp users 8192 Feb 27 10:11 Revenant.Patch.1.2-FLTDOX drwxr-xr-x 2 ftp users 8192 Feb 27 01:08 boa.bite.3d-razor drwxr-xr-x 2 ftp users 8192 Feb 27 01:08 boa.bite.3d.trainer-paradigm drwxr-xr-x 2 ftp users 8192 Feb 27 02:24 easycert_easy_nt_server_4_v4.0_win9xnt_incl_keymaker-ucf drwxr-xr-x 2 ftp users 8192 Feb 27 02:24 flashfxp.v1.2.build.475.with.keygen--core drwxr-xr-x 2 ftp users 8192 Feb 27 02:24 flashfxp.v1.2.keygen.and.blacklist.checker.only--core drwxr-xr-x 2 ftp users 8192 Feb 27 02:25 invisible_secrets_v2.0_incl_keygen-ucf drwxr-xr-x 2 ftp users 8192 Feb 27 02:29 novell.netware.v5.0.unlimited.connection.licenses-dod drwxr-xr-x 2 ftp users 8192 Feb 27 02:46 pba.bowling.2-cls drwxr-xr-x 2 ftp users 8192 Feb 26 22:45 red.thunder-minime drwxr-xr-x 2 ftp users 8192 Feb 27 02:26 s.m.a.r.t.disk.monitor.v1.08.cracked-repack-xcrypt drwxr-xr-x 2 ftp users 8192 Feb 27 01:14 serv-u.ftp.v2.5d.incl.keygen--laxity--tno drwxr-xr-x 2 ftp users 8192 Feb 27 01:14 sygate.3.11.560.unlimited.users--mfd drwxr-xr-x 2 ftp users 8192 Feb 27 00:50 total.annihilation.kingdoms.iron.plague-origin drwxr-xr-x 2 ftp users 8192 Feb 27 01:10 transcender.c.plus.plus.cert.distributed.v6.0.win9xnt.incl.keymaker-core drwxr-xr-x 2 ftp users 8192 Feb 26 23:17 visual.flight.designer.2000-precise So my question to the sysadmins out there is: what's the best way to avoid this sort of thing, without installing a firewall and while still permitting ftp access? In re-reading the DEC Unix manpage for ftpd, it seems to me the weakest link is the guideline for the ~ftp/pub directory, which the manpage says to make owned by ftp and writeable by anyone. I've changed it to be owned by root and unwriteable except by root, but that may not be an option for folks who maintain public ftp archives that multiple users must be able to write to. Sorry for the temporary Unix-ification of this list, but I hope this may help some other ftp archive maintainers amongst the GIMPS crowd make their own systems safer from this kind of attack. - -ernst OK, now that I've done my little public service, don't I get to smooch with some Angelina-Jolie-looking hacker babe? :) _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Sun, 27 Feb 2000 18:59:14 -0800 From: "John R Pierce" <[EMAIL PROTECTED]> Subject: Re: Mersenne: hackerz attackerz > My ftp server has suffered its first (to my knowledge) hacker penetration. You can't have anonymous writable directories in FTP anymores. there are just too many abusers. Offhand, I'd say you weren't hacked, that was just the 'warez' crowd using you as a nice anoymous archive for their pirated software and MP3 files. Sounds like DEC Unix by default has this writable PUB so they probably targetted you because of this. The spaces directory is a typical 'warez' trick for hiding one of their file caches. - -jrp _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Sun, 27 Feb 2000 22:11:01 -0500 From: Brian Beuning <[EMAIL PROTECTED]> Subject: Re: Mersenne: hackerz attackerz First I am not a real expert. Turning off write permission on the blanks directory is not enough. You need to turn off permission on all the subdirectories also. Use find ' ' -type d -print | xargs chown root (between the quotes are 3 spaces). >From your description, it sounds like your system was not really violated. They just uploaded a bunch of stuff because the permissions on ftp/pub allowed it. If you think they may have gotten root permission, it is probably too late to ever trust the system again. It will need to be reinstalled from cd-rom (or other trusted media). Most ftp sites I have seen keep ftp/pub restrictive and make an ftp/incoming that is writable by user anonymous. As far as the steps you can take to protect yourself: 1. If your machine is a Linux box, installing a firewall is not that hard. My home gateway Linux box has the firewall enabled and it rejects 10 probes a day. If your machine has a static IP address it must get probed much more often. 2. There are programs (like tripwire) that are meant to catch intruders and watch for sensitive files being changed. They basically compute a checksum on all sensitive system files and then periodically check the system files have not changed. Some store the checksums on a read-only floppy to keep the hacker from changing the checksums. 3. Install a program that makes users use secure passwords. It should disallow very short passwords and words in the dictionary. 4. Turn off unused/insecure network daemons. Things like telnetd, portmap, nfs, rshd, rlogind, fingerd, identd, and bind can be off. If you can, just run the ftp daemon, and maybe a secure shell daemon for remote administration. If you need a web server, there is no way around being an expert in the web server app to configure it securely. Use a program like lsof to find all the ports on your machine accepting connections, and understand why you need that program running. If you don't really need it, disable it. 5. Get on a mailing list for security notices about your OS. If a hacker has discovered a weakness on someone else's system, you know the bad guys are going to try it on your system eventually. As one security expert put it "There be dragons out there." Good Luck, Brian Beuning [EMAIL PROTECTED] wrote: > Dear all: > > This is off-topic, except in the sense that it involves the ftp server where > I maintain the Mlucas software for mersenne testing Unix clients. > > My ftp server has suffered its first (to my knowledge) hacker penetration. > I think I stopped the attack before any serious damage was done, but > thought I'd recap what happened and ask the sysadmins out there for > advice as to how best prevent this sort of thing in the future. > > I've already contacted the local FBI field office, but this sort of thing > (I'm not exactly eBay here :) may not be high on their priorities list. > > Summary: this morning I noticed a lot of ftp traffic on my server (not in > itself unusual), and at the same time that one of my jobs had crashed > while attempting to write to disk due to a full filesystem. After eliminating > all the obvious candidates (large core files and such), I started a detailed > account of disk usage for various directories, and found that the directory > containing my public ftp archive was several hundred MB larger than it > was 24 hours ago. After some more sleuthing, I found that someone had > logged on via anonymous ftp, created a directory with a name consisting > of several blank spaces in /usr/users/ftp/pub, and was busily uploading > hacker-sounding files into the new directory. I immediately halted network > services and changed the ownership of the blank dir from 'ftp' to 'root.' I > haven't deleted the directory in question, since there may be clues as to > the source and nature of the attach in there. > > I think someone may have been trying to turn my server into a "zombie" > such as in the recent denial-of-service attacks on several popular websites. > > Here's where my checks of disk usage first turned up the anomaly: > > # du -rsk /usr/users/ftp/pub/* > 284260 /usr/users/ftp/pub/ <==this wasn't there yesterday... > 7050 /usr/users/ftp/pub/alpha_docs > 1416 /usr/users/ftp/pub/amd_docs > 1503 /usr/users/ftp/pub/archived > 87 /usr/users/ftp/pub/c_translations > 1200 /usr/users/ftp/pub/ia64_docs > 431 /usr/users/ftp/pub/ibm_docs > 21759 /usr/users/ftp/pub/mayer > 3704 /usr/users/ftp/pub/mips_docs > 5440 /usr/users/ftp/pub/powerpc_docs > 149 /usr/users/ftp/pub/spec98 > 168 /usr/users/ftp/pub/transmeta_docs > 104 /usr/users/ftp/pub/usgov_docs > > This shows the blank-named dir created by the hacker, with owner = 'ftp': > > # cd /usr/users/ftp/pub/ > # ls -l > total 104 > drwxr-xr-x 3 ftp users 8192 Feb 26 22:38 <==directory name > = 3 spaces > drwxr-xr-x 2 mayer users 8192 Feb 27 03:10 alpha_docs > drwxr-xr-x 2 root users 8192 Feb 27 03:10 amd_docs > drwxr-xr-x 2 mayer users 8192 Nov 26 02:38 archived > drwxr-xr-x 2 mayer users 8192 Jun 2 1998 c_translations > drwxr-xr-x 2 mayer users 8192 Feb 27 03:10 ia64_docs > drwxr-xr-x 2 root users 8192 Feb 27 03:10 ibm_docs > drwxr-xr-x 6 mayer users 8192 Feb 27 01:20 mayer > drwxr-xr-x 4 mayer users 8192 Mar 31 1999 mips_docs > drwxr-xr-x 3 mayer users 8192 May 4 1999 powerpc_docs > drwxr-xr-x 3 mayer users 8192 Apr 19 1999 spec98 > drwxr-xr-x 2 root users 8192 Feb 27 03:10 transmeta_docs > drwxr-xr-x 2 root users 8192 Feb 27 03:10 usgov_docs > > The blank dirname is designed to make it harder to see what's in there, > so one needs to do something to avoid directly entering a blank dirname, > like > > # ls -l /usr/users/ftp/pub/* > /usr/users/ftp/pub/ : > total 8 > drwxr-xr-x 3 ftp users 8192 Feb 26 22:38 4_mboca > > Within the directory 4_mboca was another directory named 'by_hitekfraud', > containing the following goodies Mr. hacker uploaded: > # ls -l > total 168 > drwxr-xr-x 2 ftp users 8192 Feb 27 10:23 AutoBot.v1.1.Cracked-DQF > drwxr-xr-x 2 ftp users 8192 Feb 27 11:36 BEATMANIA_DA-SCAR > drwxr-xr-x 2 ftp users 8192 Feb 27 02:49 Invictus-CLS > drwxr-xr-x 2 ftp users 8192 Feb 27 10:14 > Invictus_Manual_REPACK_FTFdOCs > drwxr-xr-x 2 ftp users 8192 Feb 27 02:47 Invictus_music > drwxr-xr-x 2 ftp users 8192 Feb 27 10:11 > Revenant.Patch.1.2-FLTDOX > drwxr-xr-x 2 ftp users 8192 Feb 27 01:08 boa.bite.3d-razor > drwxr-xr-x 2 ftp users 8192 Feb 27 01:08 > boa.bite.3d.trainer-paradigm > drwxr-xr-x 2 ftp users 8192 Feb 27 02:24 > easycert_easy_nt_server_4_v4.0_win9xnt_incl_keymaker-ucf > drwxr-xr-x 2 ftp users 8192 Feb 27 02:24 > flashfxp.v1.2.build.475.with.keygen--core > drwxr-xr-x 2 ftp users 8192 Feb 27 02:24 > flashfxp.v1.2.keygen.and.blacklist.checker.only--core > drwxr-xr-x 2 ftp users 8192 Feb 27 02:25 > invisible_secrets_v2.0_incl_keygen-ucf > drwxr-xr-x 2 ftp users 8192 Feb 27 02:29 > novell.netware.v5.0.unlimited.connection.licenses-dod > drwxr-xr-x 2 ftp users 8192 Feb 27 02:46 pba.bowling.2-cls > drwxr-xr-x 2 ftp users 8192 Feb 26 22:45 red.thunder-minime > drwxr-xr-x 2 ftp users 8192 Feb 27 02:26 > s.m.a.r.t.disk.monitor.v1.08.cracked-repack-xcrypt > drwxr-xr-x 2 ftp users 8192 Feb 27 01:14 > serv-u.ftp.v2.5d.incl.keygen--laxity--tno > drwxr-xr-x 2 ftp users 8192 Feb 27 01:14 > sygate.3.11.560.unlimited.users--mfd > drwxr-xr-x 2 ftp users 8192 Feb 27 00:50 > total.annihilation.kingdoms.iron.plague-origin > drwxr-xr-x 2 ftp users 8192 Feb 27 01:10 > transcender.c.plus.plus.cert.distributed.v6.0.win9xnt.incl.keymaker-core > drwxr-xr-x 2 ftp users 8192 Feb 26 23:17 > visual.flight.designer.2000-precise > > So my question to the sysadmins out there is: what's the best way to avoid > this sort of thing, without installing a firewall and while still permitting > ftp access? > > In re-reading the DEC Unix manpage for ftpd, it seems to me the weakest > link is the guideline for the ~ftp/pub directory, which the manpage > says to make owned by ftp and writeable by anyone. I've changed it > to be owned by root and unwriteable except by root, but that may > not be an option for folks who maintain public ftp archives that > multiple users must be able to write to. > > Sorry for the temporary Unix-ification of this list, but I hope this > may help some other ftp archive maintainers amongst the GIMPS crowd > make their own systems safer from this kind of attack. > > -ernst > > OK, now that I've done my little public service, don't I get to smooch with > some Angelina-Jolie-looking hacker babe? :) > _________________________________________________________________ > Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm > Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Sun, 27 Feb 2000 22:29:40 -0500 From: Pierre Abbat <[EMAIL PROTECTED]> Subject: Re: Mersenne: hackerz attackerz >So my question to the sysadmins out there is: what's the best way to avoid >this sort of thing, without installing a firewall and while still permitting >ftp access? > >In re-reading the DEC Unix manpage for ftpd, it seems to me the weakest >link is the guideline for the ~ftp/pub directory, which the manpage >says to make owned by ftp and writeable by anyone. I've changed it >to be owned by root and unwriteable except by root, but that may >not be an option for folks who maintain public ftp archives that >multiple users must be able to write to. Make sure that no one logging in as anonymous can write to the ftp archive (which it sounds like you did), and no one can log in as himself and upload anything (which I'm not sure how to do). Allow only rsync, either with modules or over ssh, to update the ftp space. phma _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Sun, 27 Feb 2000 22:56:48 -0500 From: Your Name <[EMAIL PROTECTED]> Subject: Mersenne: Manual Use of Primenet I've got a possible glitch report regarding the manual use of Primenet which may be useful, and a couple of comments. I run Prime95 on my main PC (PII 300) which has a dialup connection to the Internet. Having been thus hooked on this project for a year, I recently added a dedicated P166 (more coming). At this point the P166 has no Internet connection (and I don't have the time to set one up -- this is strictly a home based effort), so I grabbed an exponent using the manual checkout of Primenet (my account is DHPope). For some reason, though I entered the computer type and speed when I checked out the exponent, my account page shows the CPU speed as 0 and the Prime95 version as 16 (I'm running 19.2.1). Also (and probably as a result of this) the time allotted to the LL test is 50 days, a bit less than half the time the P166 actually needs. With that as background, here are some questions: 1) Did I do something wrong, or is 0MHz and v16 assumed for all manual checkouts? If so, should this be the case? 2) Though I've read the documentation, it's not clear to me whether my manually checked out exponent will be put back into the pool at the end of its "days to go" (about a week from now), or whether I have until "days exp" (about 10 weeks). 3) Though my automated exponent (running on the PII 300) sends an update every 28 days without fail, I can find no procedure by which I can update the progress on the manual exponent (i.e., the date updated column in my account report is always blank). Again, have I missed something, or am I seeking a function that simply isn't there? 4) If there is no ability to manually send an update, I assume I need to ask for an extension (I know there's a form for this). Must I do this before "days to go" reaches 0, before "days exp", or at some other time? Now for a couple of comments: Manual Checkouts: Great! Without them, I wouldn't be able to participate beyond my main PC (and others wouldn't be able to participate at all). If there are enough of us, is it worthwhile to fix the glitch (if it is a glitch) in (1) above? Or provide a way to send updates (a la 3)? CPU Speed: Sure, I know a P166 is a dog (at least for this kind of work), but the price was right. And I (for one) don't mind waiting 10-12 weeks for an LL result. Maybe I'm wrong, but it seems to me that P166s (and their ilk) can continue to contribute to the effort for a couple of more years. Here's one man's vote that this be kept in mind in future planning for Prime95 and the Mersenne Project. Best regards, Dennis Pope _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Sun, 27 Feb 2000 20:30:18 -0800 From: Russel Brooks <[EMAIL PROTECTED]> Subject: Mersenne: Anything a 486DX2-66 DOS 5.0 pc can do? I have an old 486 pc running dos and mostly doing nothing all day long. Is there anything this machine can do to contribute to GIMPS without waiting months and months for any results? Cheers... Russ _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Mon, 28 Feb 2000 00:15:39 EST From: "Nathan Russell" <[EMAIL PROTECTED]> Subject: Re: Mersenne: Manual Use of Primenet >From: Your Name <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Mersenne: Manual Use of Primenet >Date: Sun, 27 Feb 2000 22:56:48 -0500 > >I've got a possible glitch report regarding the manual use of Primenet >which may be useful, and a couple of comments. > >I run Prime95 on my main PC (PII 300) which has a dialup connection to >the Internet. Having been thus hooked on this project for a year, I >recently added a dedicated P166 (more coming). At this point the P166 >has no Internet connection (and I don't have the time to set one up -- >this is strictly a home based effort), so I grabbed an exponent using >the manual checkout of Primenet (my account is DHPope). > >For some reason, though I entered the computer type and speed when I >checked out the exponent, my account page shows the CPU speed as 0 and >the Prime95 version as 16 (I'm running 19.2.1). Also (and probably as a >result of this) the time allotted to the LL test is 50 days, a bit less >than half the time the P166 actually needs. > >With that as background, here are some questions: > >1) Did I do something wrong, or is 0MHz and v16 assumed for all manual >checkouts? If so, should this be the case? > >2) Though I've read the documentation, it's not clear to me whether my >manually checked out exponent will be put back into the pool at the end >of its "days to go" (about a week from now), or whether I have until >"days exp" (about 10 weeks). > >3) Though my automated exponent (running on the PII 300) sends an update >every 28 days without fail, I can find no procedure by which I can >update the progress on the manual exponent (i.e., the date updated >column in my account report is always blank). Again, have I missed >something, or am I seeking a function that simply isn't there? > >4) If there is no ability to manually send an update, I assume I need to >ask for an extension (I know there's a form for this). Must I do this >before "days to go" reaches 0, before "days exp", or at some other time? > >Now for a couple of comments: > >Manual Checkouts: Great! Without them, I wouldn't be able to >participate beyond my main PC (and others wouldn't be able to >participate at all). If there are enough of us, is it worthwhile to fix >the glitch (if it is a glitch) in (1) above? Or provide a way to send >updates (a la 3)? > >CPU Speed: Sure, I know a P166 is a dog (at least for this kind of >work), but the price was right. And I (for one) don't mind waiting >10-12 weeks for an LL result. Maybe I'm wrong, but it seems to me that >P166s (and their ilk) can continue to contribute to the effort for a >couple of more years. Here's one man's vote that this be kept in mind >in future planning for Prime95 and the Mersenne Project. Please correct me if I'm wrong, but the four primes we've found so far were found on, from most recent: - -300 MHZ Aptiva - -200 MHZ Pentium - -100 MHZ Pentium - -90 MHZ Pentium Pro Note that two of the winning machines were far slower yours, and the others were not state-of-the-art at the time they won. As a new member of this project, I realize that I may have little voice, but I do feel that it is important to keep all computers capable of contributing doing so. Nathan > >Best regards, >Dennis Pope ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Mon, 28 Feb 2000 15:11:27 +0200 From: Jukka Santala <[EMAIL PROTECTED]> Subject: Re: Mersenne: hackerz attackerz [EMAIL PROTECTED] wrote: > My ftp server has suffered its first (to my knowledge) hacker penetration. > First of all, I take offence at the use of the term "hacker" here. I would havthought most people following this list are knowledgeable enough to make the distinction - what GIMPS for example does is hacking, what the "script-kiddies" did with Amazon etc. is best characterized as cracking. These peoplere crackers - they go around cracking software licenses/copy protection and site security. By definition you can never "secure" your sytem against them, since breaking into systems is what they do. You can make it harder, or not (seemingly) wort their trouble. As somebody else alreaaid, though, it doesn't look like what you were dealing with were crackers, either, or DoS attacks for that matter. You were just dealing with somebody who thouht they had found an open server to store and share their cracks/scripts on. Because these files are borderline-illegal, they try to sneak them in without the systems adminstration knowing. > So my question to the sysadmins out there is: what's the best way to avoid > this sort of thing, without installing a firewall and while still permitting > ftp access? > Permit only read access, no write access. If you need to keep write access, set up a quota on the FTP user/daemon (Or better yet, put the FTP directory on separate filesystem from the rest of the system) and allow writing only on /incoming, but disable reading from that directory. This leaves possible abusers with no incencitive to upload files. If you need to allow write access to certain directories to certain people, set them up with accounts with needed access to the FTP directories. -Jukka Santala _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Mon, 28 Feb 2000 11:20:23 -0500 From: Jeff Woods <[EMAIL PROTECTED]> Subject: Re: Mersenne: Manual Use of Primenet >>2) Though I've read the documentation, it's not clear to me whether my >>manually checked out exponent will be put back into the pool at the end >>of its "days to go" (about a week from now), or whether I have until >>"days exp" (about 10 weeks). Days to go is how long Entropia estimates it will take that machine to complete that exponent. Days exp. is how long the server will leave the exponent assigned to you WITHOUT hearing from you. If that number is 83 days, don't let it get to zero without reporting status, or the number will be returned to the pool. >>3) Though my automated exponent (running on the PII 300) sends an update >>every 28 days without fail, I can find no procedure by which I can >>update the progress on the manual exponent (i.e., the date updated >>column in my account report is always blank). Again, have I missed >>something, or am I seeking a function that simply isn't there? There's no way to update the STATUS (i.e. like the automated clients do, reporting what iteration its one, etc), but if your time to expire (not dayts to go but days exp) is approaching zero, you CAN prevent the number from returning to the pool, even if you're not done yet. http://entropia.com/ips/manualtests.html#extend That will allow you to add extra days to the "days exp" column, leaving the number assigned to you for further work. >>4) If there is no ability to manually send an update, I assume I need to >>ask for an extension (I know there's a form for this). Must I do this >>before "days to go" reaches 0, before "days exp", or at some other time? Before "days exp" reached zero. >>Manual Checkouts: Great! Without them, I wouldn't be able to >>participate beyond my main PC (and others wouldn't be able to >>participate at all). If there are enough of us, is it worthwhile to fix >>the glitch (if it is a glitch) in (1) above? Or provide a way to send >>updates (a la 3)? No need -- these are manual exponents, not part of the general pool per se. Just request an extension, and that's all you need do. _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Mon, 28 Feb 2000 18:37:28 -0000 From: "Brian J. Beesley" <[EMAIL PROTECTED]> Subject: Re: Mersenne: p-1 and trial factoring On 25 Feb 00, at 16:52, George Woltman wrote: > However, it must be pointed out that at some point you are better off > switching to ECM rather than expanding the P-1 bounds. I'm not sure what > that point is. And, at some point, ECM itself gives way to CFRAC, SNFS, ... It's possible to find pathological examples of numbers which are easily factored by any one method but practically impervious to the others. The resources needed must be taken into account. ECM on Mersenne numbers with exponents well into the millions is going to be slow & _very_ memory intensive. Let's get P-1 going first & "argue" about implemeting ECM (for "trial factoring" of large exponents) later. Regards Brian Beesley _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Mon, 28 Feb 2000 18:37:28 -0000 From: "Brian J. Beesley" <[EMAIL PROTECTED]> Subject: Re: Mersenne: Manual Use of Primenet On 27 Feb 00, at 22:56, Your Name wrote: > For some reason, though I entered the computer type and speed when I > checked out the exponent, my account page shows the CPU speed as 0 and the > Prime95 version as 16 (I'm running 19.2.1). This is normal, and immaterial. If you're using the manual testing page to get exponents to test, it just takes whatever you put in when you complete the form (each time) & doesn't store it. > Also (and probably as a > result of this) the time allotted to the LL test is 50 days, a bit less > than half the time the P166 actually needs. No, your system is running slow for some reason. Is it an AMD processor, or is it running ~12 hrs/day? Either of these would explain the anomaly. > 2) Though I've read the documentation, it's not clear to me whether my > manually checked out exponent will be put back into the pool at the end of > its "days to go" (about a week from now), or whether I have until "days > exp" (about 10 weeks). Days to expiry. > > 3) Though my automated exponent (running on the PII 300) sends an update > every 28 days without fail, I can find no procedure by which I can update > the progress on the manual exponent (i.e., the date updated column in my > account report is always blank). Again, have I missed something, or am I > seeking a function that simply isn't there? There is a section on the PrimeNet Manual Assignments page for progress reports. It's (somewhat confusingly) called "extension". Simply put in the number of days you expect to elapse before the assignment completes. This resets the expiry date to this number plus 60 days. > Manual Checkouts: Great! Without them, I wouldn't be able to > participate beyond my main PC (and others wouldn't be able to > participate at all). If there are enough of us, is it worthwhile to fix > the glitch (if it is a glitch) in (1) above? Or provide a way to send > updates (a la 3)? There are two ways to use automatic assignments in your situation: (a) if you have a LAN, run pnProxy on the system with the internet connection; (b) without a LAN, set up another copy of Prime95 in a different directory on your system with internet connectivity & make a copy of all the files from the P166 Prime95 directory into it. You can then communicate with the PrimeNet server by starting the copy in this directory (just leave your other copy running as well). When the communication with PrimeNet has finished, stop this "parasite" version & copy any files which have changed to the P166 system using "sneakernet" (copy to a floppy disk & walk across the room!). Use "sneakernet" to update any files on the "parasite" from the P166 before you connect it to PrimeNet again. The LAN method is much more convenient & can be implemented for less than $50; you need (at most) two network interface cards and a crossover cable long enough to connect the systems. The neccessary software you already have in Windows (or linux); pnProxy is free, from the software page on entropia.com. Regards Brian Beesley p.s. Why not change the "Your Name" parameter in your mail client to something meaningful? _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Mon, 28 Feb 2000 13:40:21 -0500 From: "STRAYER, JON E. (AIT)" <[EMAIL PROTECTED]> Subject: Mersenne: PII vs. PII >From a rather haphazard reading of my account info, it seems to me that my 500Mmhz PIII is cranking out LL tests about twice as fast as my 300mhz PII. Is that expected? If so, what in a PIII gives it such an advantage over a PII? _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ Date: Mon, 28 Feb 2000 14:42:24 EST From: [EMAIL PROTECTED] Subject: Mersenne: GIMPZ Jukka Santala wrote: >First of all, I take offence at the use of the term "hacker" here. >I would have thought most people following this list are knowledgeable >enough to make the distinction - what GIMPS for example does is hacking Thanks for clearing me up on that - I was under the (apparently misguided) impression that GIMPS was about recreational mathematics. My sincerest apologies. I shall begin to recode all my software, er, I mean to say, warez, immediately. - -Ernst _________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers ------------------------------ End of Mersenne Digest V1 #699 ******************************
