Trouble installing SMP in Vista

Come join the... uh... er... fold.

Moderators: just brew it!, farmpuma

Trouble installing SMP in Vista

Postposted on Tue Aug 28, 2007 9:35 pm

I tried installing SMP on Vista the same as I had done in XP with my administrator level account, but then it gave me som error so then I found this

http://fahwiki.net/index.php/How_do_I_i ... s_Vista%3F

so now I need to know how to uninstall SMP because every time I run it, it just has the deafult settings and no user name, that kind of stuff

I have a feeling this is going to require some registry fiddling :(
Image
ChrisDTC
Gerbil XP
 
Posts: 485
Joined: Sat Jul 14, 2007 9:02 am
Location: Texas

Postposted on Tue Aug 28, 2007 10:45 pm

That is perhaps the worst wiki and advice ever.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Postposted on Wed Aug 29, 2007 1:50 am

*After you stop the client* you can easily change your settings by creating a shortcut to the fah.exe file. In the shortcut properties add the " -configonly" (without the quotes) flag. Double click the shortcut and change your settings. Restart the client.
Image Image
.* * M-51 * *. .The Whirlpool Galaxy.
farmpuma
Minister of Gerbil Affairs
Silver subscriber
 
 
Posts: 2305
Joined: Sun Mar 21, 2004 11:33 pm
Location: Soybean field, IN, USA, Earth .. just a bit south of John .. err .... Fart Wayne, Indiana

Postposted on Wed Aug 29, 2007 4:06 pm

farmpuma wrote:*After you stop the client* you can easily change your settings by creating a shortcut to the fah.exe file. In the shortcut properties add the " -configonly" (without the quotes) flag. Double click the shortcut and change your settings. Restart the client.


There is a link in that SMP WIKI entry to another WIKI entry for how to reconfigure (change settings) in a fah client, add -config switch, etc.

Ryu Connor wrote:That is perhaps the worst wiki and advice ever.


Really? That entry has helped many people.

If that WIKI entry is so bad, feel free to point out where the info is wrong, and I will have the WIKI updated.

Or maybe TR already has a better sticky post somewhere? Or not at all? :-?
7im
Gerbil
 
Posts: 51
Joined: Sat Sep 02, 2006 5:20 pm

Postposted on Fri Aug 31, 2007 4:06 pm

7im wrote:Really? That entry has helped many people.

If that WIKI entry is so bad, feel free to point out where the info is wrong, and I will have the WIKI updated.


1. It has you activate the disabled Administrator account.

That account was deactivated for a reason. Link

That account has UAC disabled on it by default making it a security liability.

Furthermore there is no reason to activate this account to do this.

2. It instructs the users to set fah.exe to always run as Administrator.

That is just poor overall security. fah talks to the outside world via a port, which opens it up to the possibility of a remote priviledge escalation attack.

You don't mount screen doors to submarines. Link

3. It informs the user that if they want to install it to Program Files, that they'll need to do the always run as Admin trick or disable UAC.

Why not just tell them to change the NTFS permissions of Program Files while you're at it?

4. Alternate Method 1. Finding explorer.exe and elevating it to Admin does not work unless you are already in an account with Admin priviledges.

Link

That blog post gives a "hack" that will make it work for those who are not. Do me a favor and don't put that on the Wiki.

5. Alternate Method 2, bullet 3. An Admin elevated instance of Command Prompt puts you into System32, not Users.

Of the methods listed this seems to be the "cleanest" as it elevates up once, installs, and then drops back down to standard.

You make no mention if that method still requires fah.exe to run as Admin. If it doesn't great. If not, boo.

Don't let this read personal. Nothing against you 7im. It's apparent looking at this Wiki that Stanford apparently doesn't know how to code. Which in turn makes me wonder what kind of remote exploits exist yet undiscovered in their code.

I find it hard to believe that any Enterprise environment is folding for Standford if this is the reality of what this client requires.

Do the *NIX versions require root to work?

Edit: URL tag clean up.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Postposted on Fri Aug 31, 2007 4:45 pm

Ryu Connor wrote:
7im wrote:Really? That entry has helped many people.

If that WIKI entry is so bad, feel free to point out where the info is wrong, and I will have the WIKI updated.


1. It has you activate the disabled Administrator account.

That account was deactivated for a reason. Link

That account has UAC disabled on it by default making it a security liability.

Furthermore there is no reason to activate this account to do this.

2. It instructs the users to set fah.exe to always run as Administrator.

That is just poor overall security. fah talks to the outside world via a port, which opens it up to the possibility of a remote priviledge escalation attack.

You don't mount screen doors to submarines. Link

3. It informs the user that if they want to install it to Program Files, that they'll need to do the always run as Admin trick or disable UAC.

Why not just tell them to change the NTFS permissions of Program Files while you're at it?

4. Alternate Method 1. Finding explorer.exe and elevating it to Admin does not work unless you are already in an account with Admin priviledges.

Link

That blog post gives a "hack" that will make it work for those who are not. Do me a favor and don't put that on the Wiki.

5. Alternate Method 2, bullet 3. An Admin elevated instance of Command Prompt puts you into System32, not Users.

Of the methods listed this seems to be the "cleanest" as it elevates up once, installs, and then drops back down to standard.

You make no mention if that method still requires fah.exe to run as Admin. If it doesn't great. If not, boo.

Don't let this read personal. Nothing against you 7im. It's apparent looking at this Wiki that Stanford apparently doesn't know how to code. Which in turn makes me wonder what kind of remote exploits exist yet undiscovered in their code.

I find it hard to believe that any Enterprise environment is folding for Standford if this is the reality of what this client requires.

Do the *NIX versions require root to work?

Edit: URL tag clean up.


I would like to thank you about the disabled administrator account info. I knew about it, and that was about it. That link was informative.
I7 3820, 16 GB of ram, 240 gig corsiar nuetron, gtx 560 ti, asus x79 ws, HP ZR24w
128 GB surface pro
thecoldanddarkone
Minister of Gerbil Affairs
 
Posts: 2236
Joined: Wed Mar 26, 2003 3:35 pm

Postposted on Fri Aug 31, 2007 5:23 pm

That is werid. I never had a single problem running F@H SMP Client under Vista. I never had to run the installation program as "Administrator". The F@H client just causes Windows Firewall and UAC (a.k.a Ubernanny) to ask whatever to allow/deny the program to upload/download WUs.
Ivy Bridge i5-3570K@4.0Ghz, Gigabyte Z77X-UD3H, 2x4GiB of PC-12800, EVGA 660Ti, Corsair CX-600 and Fractal Refined R4 (W). Kentsfield Q6600@3Ghz, HD 4850 2x2GiB PC2-6400, Gigabyte EP45-DS4P, OCZ Modstream 700W, and PC-7B.
Krogoth
Maximum Gerbil
Silver subscriber
 
 
Posts: 4380
Joined: Tue Apr 15, 2003 2:20 pm
Location: somewhere on Core Prime

Postposted on Sat Sep 01, 2007 12:15 am

Ryu Connor wrote:1. It has you activate the disabled Administrator account.

That account was deactivated for a reason. Link

That account has UAC disabled on it by default making it a security liability.

Furthermore there is no reason to activate this account to do this.

2. It instructs the users to set fah.exe to always run as Administrator.

That is just poor overall security. fah talks to the outside world via a port, which opens it up to the possibility of a remote priviledge escalation attack.

You don't mount screen doors to submarines. Link

3. It informs the user that if they want to install it to Program Files, that they'll need to do the always run as Admin trick or disable UAC.

Why not just tell them to change the NTFS permissions of Program Files while you're at it?

4. Alternate Method 1. Finding explorer.exe and elevating it to Admin does not work unless you are already in an account with Admin priviledges.

Link

That blog post gives a "hack" that will make it work for those who are not. Do me a favor and don't put that on the Wiki.

5. Alternate Method 2, bullet 3. An Admin elevated instance of Command Prompt puts you into System32, not Users.

Of the methods listed this seems to be the "cleanest" as it elevates up once, installs, and then drops back down to standard.

You make no mention if that method still requires fah.exe to run as Admin. If it doesn't great. If not, boo.

Don't let this read personal. Nothing against you 7im. It's apparent looking at this Wiki that Stanford apparently doesn't know how to code. Which in turn makes me wonder what kind of remote exploits exist yet undiscovered in their code.

I find it hard to believe that any Enterprise environment is folding for Standford if this is the reality of what this client requires.

Do the *NIX versions require root to work?

Edit: URL tag clean up.


1. The WIKI entry lists three options for gaining the Admin access needed to setup the SMP client. The user can just as easily disable the account when done. Big deal.

2. The fah client opens a port 80 to the outside world, which is already open is most cases anway, but running fah.exe as Admin is not like putting a screen door on a submarine when the client only communicates with Stanford servers. Good luck imitating those. ;)

3. Yep, that's right. And that's why we tell them to install fah somewhere OTHER than C:\Program Files FIRST. But if they want to run fah from there, here's how to do it. The first thing people disable in Vista is UAC, so what's the big deal there? And if you have a better solution, why didn't you post it?

4. Most people setup only one user account in Vista anyway which can be elevated to Admin, so this works most of the time, right?

5. I wrote most of that WIKI entry, but didn't write nor verify the 2 alternate methods. I'll clean up Method 2 as you noted.

You raise valid concerns, but since both the SMP client and Vista are both still in beta testing (until SP1), so most users probably have to be at least a little bit dangerous to attempt this anyway, I'm not too concerned about strict adherance to all of the best practices.

And the SMP client is a v5 based F@H client, originally written back in the days of Windows 2000. So this isn't about Stanford being bad coders (duh), it's about prying open a new but lame OS so we can do beta testing on a new type of F@H client. And this testing will help them to make sure future versions of the client do work better within the confines of this new OS.

I've all but sworn off Vista for now, but if it I get some time on a machine that I don't mind destroying, I'll polish up that WIKI entry. I may even swap Method 2 for enabling the Admin account. ;)
7im
Gerbil
 
Posts: 51
Joined: Sat Sep 02, 2006 5:20 pm

Postposted on Sat Sep 01, 2007 12:27 am

1. Better not to lead them in that direction at all. Making the assumption that all your users are knowledgable enough to understand the security implications hurts everyone.

2. Even if FAH is unassailable through its' network access, running as Admin still leaves the possibilility of shatter attacks.

3. I note that and good for you, but following what was said with #1, you are suggesting an idea that the vast majority of your users will probalby not understand the security implications for.

4. Assumptions seem dangerous for a howto.

5. Windows 2000 has the same underlying model between Admin and Limited Users. What this essentially tells us has little to do with a "new but lame OS" and alot more to do with the fact that apparently Stanford has never learned to code.

Thanks for your time, even if in the end nothing changes.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Postposted on Sat Sep 01, 2007 7:50 pm

7im wrote:You raise valid concerns, but since both the SMP client and Vista are both still in beta testing (until SP1), so most users probably have to be at least a little bit dangerous to attempt this anyway, I'm not too concerned about strict adherance to all of the best practices.

I think that's probably the worst stance to take.

If a document is published to make it easier for people to use a client, it should either include warnings regarding the security concerns involved, or it should not recommend doing things that make volunteer systems more vulnerable than they were before. What I see instead is the text "Enabling this account will simplify the client installation process" without a warning about the adverse affects of doing so, or a recommendation to disable the account once installation is complete.

Ryu Connor wrote:Thanks for your time, even if in the end nothing changes.

it's a wiki, so you should be able to make any modifications you think are necessary, right?
Your ideas intrigue me; I would like to purchase stock in your company.
eitje
Gerbil Elite
Gold subscriber
 
 
Posts: 646
Joined: Fri Mar 07, 2003 10:28 am

Postposted on Mon Sep 03, 2007 8:21 pm

I Agree with Ryu.
Usacomp2k3
Gerbil God
 
Posts: 21240
Joined: Thu Apr 01, 2004 3:53 pm
Location: Orlando, FL

Postposted on Tue Sep 04, 2007 12:20 pm

Warning added to WIKI entry.

Warning: Enabling the Administrator account simplifies the F@h client installation process, but also has potential system security implications not fully explained here. You may wish to disable the Administrator account after the F@h client is installed, or research those implications yourself, or use one of the alternate methods listed below to run the Install.bat file with Admin privledges without enabling this account.


An no, Win2K does not behave the same way as Vista, regardless of your programming opinions. ;) And hence the need for this WIKI entry. Besides, it's unrealistic for you to expect molecular biophysicists to be top rate MicroShaft programmers. I'd rather have them looking for cures than looking up MS programming techniques. :roll: And the security changes made in Vista are still being debated as helpful or not, and I'd rather not join that pointless debate.
7im
Gerbil
 
Posts: 51
Joined: Sat Sep 02, 2006 5:20 pm

Postposted on Tue Sep 04, 2007 1:08 pm

7im wrote:Warning added to WIKI entry.

Warning: Enabling the Administrator account simplifies the F@h client installation process, but also has potential system security implications not fully explained here. You may wish to disable the Administrator account after the F@h client is installed, or research those implications yourself, or use one of the alternate methods listed below to run the Install.bat file with Admin privledges without enabling this account.


An no, Win2K does not behave the same way as Vista, regardless of your programming opinions. ;) And hence the need for this WIKI entry. Besides, it's unrealistic for you to expect molecular biophysicists to be top rate MicroShaft programmers. I'd rather have them looking for cures than looking up MS programming techniques. :roll: And the security changes made in Vista are still being debated as helpful or not, and I'd rather not join that pointless debate.

Thank you for adding that to the wiki.

However I have to disagree with your insight. It's not as if MS suddenly completely changed their programming tactics. What happened is that they actually started enforcing their API calls. No longer could programmers be lazy and do admin-calls, but instead they have to go the same way that they have been told to the whole time, using standard system calls.
Usacomp2k3
Gerbil God
 
Posts: 21240
Joined: Thu Apr 01, 2004 3:53 pm
Location: Orlando, FL

Postposted on Tue Sep 04, 2007 1:22 pm

7im wrote:And hence the need for this WIKI entry. Besides, it's unrealistic for you to expect molecular biophysicists to be top rate MicroShaft programmers. I'd rather have them looking for cures than looking up MS programming techniques. :roll: And the security changes made in Vista are still being debated as helpful or not, and I'd rather not join that pointless debate.
IMHO they should have no problem recruiting programming whizzes from their Computer Science/Engineering department to help them code properly. Such a high profile project you can get almost anyone just to have their name on it.
Image
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
Flying Fox
Gerbil God
 
Posts: 24141
Joined: Mon May 24, 2004 1:19 am

Postposted on Thu Sep 06, 2007 6:56 am

7im wrote:Warning added to WIKI entry.

Good deal!
Your ideas intrigue me; I would like to purchase stock in your company.
eitje
Gerbil Elite
Gold subscriber
 
 
Posts: 646
Joined: Fri Mar 07, 2003 10:28 am


Return to TR Distributed Computing Effort

Who is online

Users browsing this forum: No registered users and 1 guest