Page 3 of 3

Re: how about enabling TLS on your Assignment Servers?

Posted: Sun Apr 05, 2020 5:01 pm
by ipkh
While there might be no benefit to fah in tls, there absolutely is for any public facing website. True that everyone gets the same page, but not if the end user us targeted by Man in the middle attackers. While the folding team can take steps to mitigate this possibility, public websites can not.

Re: how about enabling TLS on your Assignment Servers?

Posted: Sun Apr 05, 2020 5:42 pm
by FoldingFodder
HaloJones wrote:They are encrypted because that's what we now do because Google said so.
Well... Cambridge Analytica. I think many people are concerned about being tracked across the internet, where a company like CA can build a profile on you and potentially manipulate you without you realising it. Therefore i can understand it with web browsing since finger printing, cookies, and extensions can ID you and/or the content you've visited. I see this as the main motivation for entire website encryption. Obviously, this is meaningless for something like F@H.

Re: how about enabling TLS on your Assignment Servers?

Posted: Sun Apr 05, 2020 6:10 pm
by ajm
Neil-B wrote:Just some random musings:

I don't think it was just the media promotion … I think it also includes the unparalleled situation the world finds itself in (obviously pandemics precede this but not in our "technological age") … The speed of communication plays into this - "the modern day grapevine" is massively powerful and efficient … The impact that COVID-19 is having on nearly everyone at a personal level means people really do want to help and actually have time to do so and get involved.

It is absolutely awesome the levels of support shown … and the progress made by the team in expanding the capability is brilliant.

On the one hand one could have "predicted" that people would flock to folding "at some point" - but predicting how people will react in the future is always fraught with issues … From a number of sources "word got out to the masses" and a massive (YAY) swell of support engulfed the project … add to that the fact that at many levels compute resource (usually busy with whatever day job it used to do) is suddenly idle and many people/organisations (at all levels - from home to multinational) are looking to do something useful with it, as the last few weeks have unfolded it was always going to be a case of all hands to the pumps catch up for the team - and I guess that isn't over yet.

I have no connections to the core team … but I can imagine myself, as a futures evangelist, sitting in front of an academic/venture capital funding board saying "You know what, there is the possibility that at some point the whole world is going to go into locked down and that a significant proportion of the worlds compute power will be pointed at our project … I therefore think you should fund us to have a whole team of developers so that we can pre-emptively develop the software to work perfectly for all types of compute resource, and an infrastructure expansion programme so that we can serve a 10/20/100 fold increase in community - and whilst you are at it can you expand the pool of scientific researchers to be able to adequately task this massively expanded project" :idea: :D
There should be a race coding this! Not "just" for FAH, but for the supercomputing sector as a whole. Now, and for the foreseeable future, such systems are the best supercomputers we can have. Their only drawback, but it might also be their very best feature, is that the people at large can "vote with their compute power", or invest it in what they deem necessary or useful. Today the virus, tomorrow climate engineering (of Earth, but also of other planets) or real anti-aging treatments... the sky's not even the limit.

Re: how about enabling TLS on your Assignment Servers?

Posted: Mon Apr 06, 2020 11:15 am
by HaloJones
FoldingFodder wrote:
HaloJones wrote:They are encrypted because that's what we now do because Google said so.
Well... Cambridge Analytica. I think many people are concerned about being tracked across the internet, where a company like CA can build a profile on you and potentially manipulate you without you realising it. Therefore i can understand it with web browsing since finger printing, cookies, and extensions can ID you and/or the content you've visited. I see this as the main motivation for entire website encryption. Obviously, this is meaningless for something like F@H.
CA had nothing to do with seeing into unencrypted web traffic - it merely relied on gaining uncontrolled access to Facebook data (which was all passed over TLS).

We've all allowed the web to track what we do. We unthinkingly click "accept" on the cookies warning when it pops up and never look at the privacy notice. We all happily engage in chain posts on Facebook that track what music we like or what films or what our favourite pet was called.

Adding the little padlock gives us all such warm feelings and achieves nothing. We willingly share everything with companies that monetise it.

Hackers don't need to do MITM attacks any more - just create an Android app or a Facebook page.