Personal computing discussed

Moderators: renee, farmpuma, just brew it!

 
ChrisDTC
Gerbil XP
Topic Author
Posts: 485
Joined: Sat Jul 14, 2007 10:02 am
Location: Texas

Trouble installing SMP in Vista

Tue Aug 28, 2007 10:35 pm

I tried installing SMP on Vista the same as I had done in XP with my administrator level account, but then it gave me som error so then I found this

http://fahwiki.net/index.php/How_do_I_i ... s_Vista%3F

so now I need to know how to uninstall SMP because every time I run it, it just has the deafult settings and no user name, that kind of stuff

I have a feeling this is going to require some registry fiddling :(
Image
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Tue Aug 28, 2007 11:45 pm

That is perhaps the worst wiki and advice ever.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
farmpuma
Minister of Gerbil Affairs
Posts: 2810
Joined: Mon Mar 22, 2004 12:33 am
Location: Soybean field, IN, USA, Earth .. just a bit south of John .. err .... Fart Wayne, Indiana
Contact:

Wed Aug 29, 2007 2:50 am

*After you stop the client* you can easily change your settings by creating a shortcut to the fah.exe file. In the shortcut properties add the " -configonly" (without the quotes) flag. Double click the shortcut and change your settings. Restart the client.
[img]http://[/img] Image
.* * M-51 * *. .The Whirlpool Galaxy. .TV muted, X dual flying birds & a mantra, "Specter be Gone"
 
7im
Gerbil
Posts: 51
Joined: Sat Sep 02, 2006 6:20 pm

Wed Aug 29, 2007 5:06 pm

farmpuma wrote:
*After you stop the client* you can easily change your settings by creating a shortcut to the fah.exe file. In the shortcut properties add the " -configonly" (without the quotes) flag. Double click the shortcut and change your settings. Restart the client.


There is a link in that SMP WIKI entry to another WIKI entry for how to reconfigure (change settings) in a fah client, add -config switch, etc.

Ryu Connor wrote:
That is perhaps the worst wiki and advice ever.


Really? That entry has helped many people.

If that WIKI entry is so bad, feel free to point out where the info is wrong, and I will have the WIKI updated.

Or maybe TR already has a better sticky post somewhere? Or not at all? :-?
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Fri Aug 31, 2007 5:06 pm

7im wrote:
Really? That entry has helped many people.

If that WIKI entry is so bad, feel free to point out where the info is wrong, and I will have the WIKI updated.


1. It has you activate the disabled Administrator account.

That account was deactivated for a reason. Link

That account has UAC disabled on it by default making it a security liability.

Furthermore there is no reason to activate this account to do this.

2. It instructs the users to set fah.exe to always run as Administrator.

That is just poor overall security. fah talks to the outside world via a port, which opens it up to the possibility of a remote priviledge escalation attack.

You don't mount screen doors to submarines. Link

3. It informs the user that if they want to install it to Program Files, that they'll need to do the always run as Admin trick or disable UAC.

Why not just tell them to change the NTFS permissions of Program Files while you're at it?

4. Alternate Method 1. Finding explorer.exe and elevating it to Admin does not work unless you are already in an account with Admin priviledges.

Link

That blog post gives a "hack" that will make it work for those who are not. Do me a favor and don't put that on the Wiki.

5. Alternate Method 2, bullet 3. An Admin elevated instance of Command Prompt puts you into System32, not Users.

Of the methods listed this seems to be the "cleanest" as it elevates up once, installs, and then drops back down to standard.

You make no mention if that method still requires fah.exe to run as Admin. If it doesn't great. If not, boo.

Don't let this read personal. Nothing against you 7im. It's apparent looking at this Wiki that Stanford apparently doesn't know how to code. Which in turn makes me wonder what kind of remote exploits exist yet undiscovered in their code.

I find it hard to believe that any Enterprise environment is folding for Standford if this is the reality of what this client requires.

Do the *NIX versions require root to work?

Edit: URL tag clean up.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
thecoldanddarkone
Minister of Gerbil Affairs
Posts: 2449
Joined: Wed Mar 26, 2003 4:35 pm

Fri Aug 31, 2007 5:45 pm

Ryu Connor wrote:
7im wrote:
Really? That entry has helped many people.

If that WIKI entry is so bad, feel free to point out where the info is wrong, and I will have the WIKI updated.


1. It has you activate the disabled Administrator account.

That account was deactivated for a reason. Link

That account has UAC disabled on it by default making it a security liability.

Furthermore there is no reason to activate this account to do this.

2. It instructs the users to set fah.exe to always run as Administrator.

That is just poor overall security. fah talks to the outside world via a port, which opens it up to the possibility of a remote priviledge escalation attack.

You don't mount screen doors to submarines. Link

3. It informs the user that if they want to install it to Program Files, that they'll need to do the always run as Admin trick or disable UAC.

Why not just tell them to change the NTFS permissions of Program Files while you're at it?

4. Alternate Method 1. Finding explorer.exe and elevating it to Admin does not work unless you are already in an account with Admin priviledges.

Link

That blog post gives a "hack" that will make it work for those who are not. Do me a favor and don't put that on the Wiki.

5. Alternate Method 2, bullet 3. An Admin elevated instance of Command Prompt puts you into System32, not Users.

Of the methods listed this seems to be the "cleanest" as it elevates up once, installs, and then drops back down to standard.

You make no mention if that method still requires fah.exe to run as Admin. If it doesn't great. If not, boo.

Don't let this read personal. Nothing against you 7im. It's apparent looking at this Wiki that Stanford apparently doesn't know how to code. Which in turn makes me wonder what kind of remote exploits exist yet undiscovered in their code.

I find it hard to believe that any Enterprise environment is folding for Standford if this is the reality of what this client requires.

Do the *NIX versions require root to work?

Edit: URL tag clean up.


I would like to thank you about the disabled administrator account info. I knew about it, and that was about it. That link was informative.
I7 4930k, 32 GB Ballistix DDRL3@2133 , 1.2 TB Intel 750 AIC, 500 GB mx200, Sapphire R9 Fury, asus x79 ws, HP ZR24w, edifier s730
HP Pro x2 612- i5-4302Y, 8 gigs of memory, 256 ssd
 
Krogoth
Emperor Gerbilius I
Posts: 6049
Joined: Tue Apr 15, 2003 3:20 pm
Location: somewhere on Core Prime
Contact:

Fri Aug 31, 2007 6:23 pm

That is werid. I never had a single problem running F@H SMP Client under Vista. I never had to run the installation program as "Administrator". The F@H client just causes Windows Firewall and UAC (a.k.a Ubernanny) to ask whatever to allow/deny the program to upload/download WUs.
Gigabyte X670 AORUS-ELITE AX, Raphael 7950X, 2x16GiB of G.Skill TRIDENT DDR5-5600, Sapphire RX 6900XT, Seasonic GX-850 and Fractal Define 7 (W)
Ivy Bridge 3570K, 2x4GiB of G.Skill RIPSAW DDR3-1600, Gigabyte Z77X-UD3H, Corsair CX-750M V2, and PC-7B
 
7im
Gerbil
Posts: 51
Joined: Sat Sep 02, 2006 6:20 pm

Sat Sep 01, 2007 1:15 am

Ryu Connor wrote:
1. It has you activate the disabled Administrator account.

That account was deactivated for a reason. Link

That account has UAC disabled on it by default making it a security liability.

Furthermore there is no reason to activate this account to do this.

2. It instructs the users to set fah.exe to always run as Administrator.

That is just poor overall security. fah talks to the outside world via a port, which opens it up to the possibility of a remote priviledge escalation attack.

You don't mount screen doors to submarines. Link

3. It informs the user that if they want to install it to Program Files, that they'll need to do the always run as Admin trick or disable UAC.

Why not just tell them to change the NTFS permissions of Program Files while you're at it?

4. Alternate Method 1. Finding explorer.exe and elevating it to Admin does not work unless you are already in an account with Admin priviledges.

Link

That blog post gives a "hack" that will make it work for those who are not. Do me a favor and don't put that on the Wiki.

5. Alternate Method 2, bullet 3. An Admin elevated instance of Command Prompt puts you into System32, not Users.

Of the methods listed this seems to be the "cleanest" as it elevates up once, installs, and then drops back down to standard.

You make no mention if that method still requires fah.exe to run as Admin. If it doesn't great. If not, boo.

Don't let this read personal. Nothing against you 7im. It's apparent looking at this Wiki that Stanford apparently doesn't know how to code. Which in turn makes me wonder what kind of remote exploits exist yet undiscovered in their code.

I find it hard to believe that any Enterprise environment is folding for Standford if this is the reality of what this client requires.

Do the *NIX versions require root to work?

Edit: URL tag clean up.


1. The WIKI entry lists three options for gaining the Admin access needed to setup the SMP client. The user can just as easily disable the account when done. Big deal.

2. The fah client opens a port 80 to the outside world, which is already open is most cases anway, but running fah.exe as Admin is not like putting a screen door on a submarine when the client only communicates with Stanford servers. Good luck imitating those. ;)

3. Yep, that's right. And that's why we tell them to install fah somewhere OTHER than C:\Program Files FIRST. But if they want to run fah from there, here's how to do it. The first thing people disable in Vista is UAC, so what's the big deal there? And if you have a better solution, why didn't you post it?

4. Most people setup only one user account in Vista anyway which can be elevated to Admin, so this works most of the time, right?

5. I wrote most of that WIKI entry, but didn't write nor verify the 2 alternate methods. I'll clean up Method 2 as you noted.

You raise valid concerns, but since both the SMP client and Vista are both still in beta testing (until SP1), so most users probably have to be at least a little bit dangerous to attempt this anyway, I'm not too concerned about strict adherance to all of the best practices.

And the SMP client is a v5 based F@H client, originally written back in the days of Windows 2000. So this isn't about Stanford being bad coders (duh), it's about prying open a new but lame OS so we can do beta testing on a new type of F@H client. And this testing will help them to make sure future versions of the client do work better within the confines of this new OS.

I've all but sworn off Vista for now, but if it I get some time on a machine that I don't mind destroying, I'll polish up that WIKI entry. I may even swap Method 2 for enabling the Admin account. ;)
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Sat Sep 01, 2007 1:27 am

1. Better not to lead them in that direction at all. Making the assumption that all your users are knowledgable enough to understand the security implications hurts everyone.

2. Even if FAH is unassailable through its' network access, running as Admin still leaves the possibilility of shatter attacks.

3. I note that and good for you, but following what was said with #1, you are suggesting an idea that the vast majority of your users will probalby not understand the security implications for.

4. Assumptions seem dangerous for a howto.

5. Windows 2000 has the same underlying model between Admin and Limited Users. What this essentially tells us has little to do with a "new but lame OS" and alot more to do with the fact that apparently Stanford has never learned to code.

Thanks for your time, even if in the end nothing changes.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
eitje
Gerbil Elite
Posts: 661
Joined: Fri Mar 07, 2003 11:28 am

Sat Sep 01, 2007 8:50 pm

7im wrote:
You raise valid concerns, but since both the SMP client and Vista are both still in beta testing (until SP1), so most users probably have to be at least a little bit dangerous to attempt this anyway, I'm not too concerned about strict adherance to all of the best practices.

I think that's probably the worst stance to take.

If a document is published to make it easier for people to use a client, it should either include warnings regarding the security concerns involved, or it should not recommend doing things that make volunteer systems more vulnerable than they were before. What I see instead is the text "Enabling this account will simplify the client installation process" without a warning about the adverse affects of doing so, or a recommendation to disable the account once installation is complete.

Ryu Connor wrote:
Thanks for your time, even if in the end nothing changes.

it's a wiki, so you should be able to make any modifications you think are necessary, right?
Your ideas intrigue me; I would like to purchase stock in your company.
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Mon Sep 03, 2007 9:21 pm

I Agree with Ryu.
 
7im
Gerbil
Posts: 51
Joined: Sat Sep 02, 2006 6:20 pm

Tue Sep 04, 2007 1:20 pm

Warning added to WIKI entry.

Warning: Enabling the Administrator account simplifies the F@h client installation process, but also has potential system security implications not fully explained here. You may wish to disable the Administrator account after the F@h client is installed, or research those implications yourself, or use one of the alternate methods listed below to run the Install.bat file with Admin privledges without enabling this account.


An no, Win2K does not behave the same way as Vista, regardless of your programming opinions. ;) And hence the need for this WIKI entry. Besides, it's unrealistic for you to expect molecular biophysicists to be top rate MicroShaft programmers. I'd rather have them looking for cures than looking up MS programming techniques. :roll: And the security changes made in Vista are still being debated as helpful or not, and I'd rather not join that pointless debate.
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Tue Sep 04, 2007 2:08 pm

7im wrote:
Warning added to WIKI entry.

Warning: Enabling the Administrator account simplifies the F@h client installation process, but also has potential system security implications not fully explained here. You may wish to disable the Administrator account after the F@h client is installed, or research those implications yourself, or use one of the alternate methods listed below to run the Install.bat file with Admin privledges without enabling this account.


An no, Win2K does not behave the same way as Vista, regardless of your programming opinions. ;) And hence the need for this WIKI entry. Besides, it's unrealistic for you to expect molecular biophysicists to be top rate MicroShaft programmers. I'd rather have them looking for cures than looking up MS programming techniques. :roll: And the security changes made in Vista are still being debated as helpful or not, and I'd rather not join that pointless debate.

Thank you for adding that to the wiki.

However I have to disagree with your insight. It's not as if MS suddenly completely changed their programming tactics. What happened is that they actually started enforcing their API calls. No longer could programmers be lazy and do admin-calls, but instead they have to go the same way that they have been told to the whole time, using standard system calls.
 
Flying Fox
Gerbil God
Posts: 25690
Joined: Mon May 24, 2004 2:19 am
Contact:

Tue Sep 04, 2007 2:22 pm

7im wrote:
And hence the need for this WIKI entry. Besides, it's unrealistic for you to expect molecular biophysicists to be top rate MicroShaft programmers. I'd rather have them looking for cures than looking up MS programming techniques. :roll: And the security changes made in Vista are still being debated as helpful or not, and I'd rather not join that pointless debate.
IMHO they should have no problem recruiting programming whizzes from their Computer Science/Engineering department to help them code properly. Such a high profile project you can get almost anyone just to have their name on it.
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
 
eitje
Gerbil Elite
Posts: 661
Joined: Fri Mar 07, 2003 11:28 am

Thu Sep 06, 2007 7:56 am

7im wrote:
Warning added to WIKI entry.

Good deal!
Your ideas intrigue me; I would like to purchase stock in your company.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On