Employee "Disciplined" For Installing Bitcoin Software On Federal Webservers 86
Fluffeh writes "Around a year ago, a person working for the ABC in Australia with the highest levels of access to systems got caught with his fingers on the CPU cycles. The staffer had installed Bitcoin mining software on the systems used by the Australian broadcaster. While the story made a bit of a splash at the time, it was finally announced today that the staffer hadn't been sacked, but was merely being disciplined by his manager and having his access to systems restricted. All the stories seem a little vague as to what he actually installed, however — on one side he installed the software on a public facing webserver, and the ABC itself admits, 'As this software was for a short time embedded within pages on the ABC website, visitors to these pages may have been exposed to the Bitcoin software,' and 'the Coalition (current Opposition Parties) was planning on quizzing the ABC further about the issue, including filing a request for the code that would have been downloaded to users' machines,' but on the other side there is no mention of the staffer trying to seed a Bitcoin mining botnet through the site, just that mining software had been installed."
Duh? (Score:3, Informative)
I don't know how it is down under, but in the US federal systems are "For Official Use Only" meaning if you use them for personal gain, you're in hot water.
ABC != Federal (Score:5, Informative)
Federal implies "of the Federation", which in the context of Australia implies the government. However while the ABC being the state broadcaster is funded (and owned) by the government it is not a federal organization. The ABC is independent of the government, so saying that the bit coin software was installed on federal servers is disingenuous to say the least. In fact after reading TFA's I can't see anywhere where it specifies exactly on what servers the software was installed other than some "web servers".
And once again the summary is a joke. You explain what "the coalition" is, but don't explain what the ABC is. I feel sorry for the people who pay for this site.
Re:Duh? (Score:5, Informative)
Government issued cars with "For Official Use Only" would seem to be an exception to that. I've seen a Lexus around here with that stamped on it with a car seat and groceries piled in it. Sure, there could be an official reason for that but the odds are against it.
I can authoritatively comment on this, that a TDY car for all intents and purposes can be used almost exactly like a privately owned vehicle. TDY is the govt equivalent of a short to medium term business trip (maybe 1 day to I think a max 6 months). Basically its cheaper for the .gov to act like a car leasing company to itself, than to reimburse .gov employee for a rental car. Which is bizarre, you'd think Enterprise Rentacar would donate re-election funds to politicians to take over that apparently lucrative market, but they haven't done so ... yet. Someday it might happen to eliminate the non-scandal scandal stories.
The law says something like "administrative discretion" so its one of those "character" tests where you can do anything your boss allows but don't do anything stupid. This is really the only rule for a govt car. It can be hard for outsiders to wrap their head around this concept of not having 1000 individual specific rules, and only having a general rule of don't do something your boss thinks is dumb. A remarkable amount of .mil paperwork and regulations to death the stupidest little things and also has no paperwork and regulations for some of the most complicated things. Discretion and good taste...
Get permission from boss to drop kid off at daycare, fine no problemo as long as you have that permission. Drive to an occupy-wall-street protest in a non-official role, or as a protester, um... that might be a problem. Food store/restaurant while on TDY, almost certainly OK, that's the whole point of giving you a TDY car. Dive bar while on TDY, could get you in hot water depending on your boss and local culture and especially your behavior (this can be an addition charge in a conduct unbecoming hearing, or it can just be ignored if the department memorial day party is held at the dive bar). Do anything as a recruiter however tangentially far fetched as long as it directly involves potential recruits, OK. Do almost anything as a recruiter alone in a car without obvious recruit involvement, probably a bad idea.
Re:Duh? (Score:5, Informative)
Yeah that happens, and falls in the "do anything your boss allows but don't do anything stupid" superset of rules, although its also covered by the "don't do anything you wouldn't want your mom to see on the front page of the newspaper".
From personal experience, everyone seems to have heard some story about how a hot female recruiter got all the guys to sign up, but no one has anything more than "I heard" and a lot of wishful thinking / daydreaming.
I was thinking more along the lines of stories I've heard about recruiters driving kids with F-ed up families around so they can clear up their paperwork, like drive the kid to the DMV to get his ID card or to a Dr for an appointment to get an asthma waiver. I predict the level of this activity depends on how many applicants they get per slot and the state of the local economy, and especially the ratio of "recruits signed up this month" vs "monthly quota".
Re:stupid (Score:5, Informative)
Before you smart ass bitcoin miner kids think you know everything, Website Bitcoin Mining [bitcoinplus.com]. ;)
Site visitors do the mining, multiple a little slice of power times x million visitors over x amount of days and your localized mining is tiddly winks. This uses the website visitor's machine to mine coins (and this particular example is terribly inefficient itself but the idea is there, someone with the know how could really go the distance for their own mining operation). This can be exceptionally more efficient that running a local mining op on a single machine/small cluster if you have a relatively trafficed website it is running from.
You are focused on high speed precision mining instead of scaled general mining. A pressure washer vs. a regular water hose, the water moves faster through the pressure washer but put 5,000,000 hoses together and you can push insanely more total water per second than a handful of pressure washers.
Re:SETI@Home (Score:4, Informative)
Both Seti@Home and the default client for Bitcoin operate at the lowest thread priority possible (at least for a standard high level application that doesn't go into kernel mode). They are designed explicitly with the goal in mind to not get in the way of other programming tasks and should take up the CPU computing time normally performed by some other sort of idle process that most operating systems have when there is nothing else for the CPU to be performing.
In terms of "people's time is valuable", that is utter bullshit. This software will not steal hours and in both cases the network bandwidth is negligible as well. Network bandwidth might be a lesser issue to worry about, but these are very lightweight protocols.... Seti@Home especially. Browsing one web page per hour is going to suck up far more bandwidth, and don't even get started on any multi-media content like streamed audio or video.
In terms of CPU bandwidth, this would be CPU cycles that the computer would otherwise be doing absolutely nothing anyway. There is a very slight overhead in terms of having a few extra threads for the CPU to manage that otherwise wouldn't be there (very small overhead but is still there none the less) and these processes do take up a small portion of the RAM on the computer as well which could impact performance of some applications that are poorly written or are memory hogs. If you are running Microsoft Windows, the Windows Explorer program itself is such a wasteful hog of resources that any other application like Bitcoin or Seti@Home are marginal noise by comparison, much less if you are running something like MS Office. Linux is a bit more lean but even then a GUI shell of almost any sort also tends to chew up a whole bunch of system resources that put to shame anything these other applications perform... and both software packages can be operated in command-line only mode as well to reduce system impact.
One other side issue is simply software systems interaction. As much as you hope that modern operating systems keep data and code separated from one application to the next and some strong memory protection to keep programs from clobbering each other or impacting each other in competition for "system resoruces" of various kinds, sometimes weird interactions happen between various applications that can sometimes produce unexpected results. Simply having this software on a computer might cause a software glitch merely by being there. It certainly introduces more potential bugs to a computer system. On the other hand, these software packages are heavily tested and bugs which would crash your computer with something like the Blue Screen of Death would likely have been found and fixed with popular software packages like Bitcoin and Seti@Home, where my first guess for a BSOD would be something else and putting these applications as nearly the last thing to consider for system trouble shooting. Regardless, I've uninstalled this kind of software on systems I've used when trying to do software development if only to reduce the number of variables that might be causing problems with my software.
The problem is that many modern computer systems have a reduced power option when they are idle, even if it is for just a fraction of a second. In particular the Bitcoin software tends to do some rather high performance mathematical routines that require parts of the CPU to be powered that otherwise wouldn't be in a low-power mode, or perhaps really push the GPU to be performing calculations that can be very energy intensive. For older computers, this is something that wouldn't even be noticed as the CPU power consumption on older CPUs was rather constant but for the newer computers it can mean a doubling of power, certainly causing more heat to be generated and if they are in an air conditioned server closet that increased power consumption is something that could potentially be rather significant and even noticeable to an outside observer like a comptroller who notices that power consumption has increa
Re:SETI@Home (Score:2, Informative)
This guy was disciplined... at least according to the original article.
I've installed software like this on computers where I had permission to install various kinds of applications on those computers and was told to use my own judgement in those situations. It wouldn't hurt for a Director of Information Technology to set policies on distributed computing projects of various kinds as it relates to the organization in question, and in the case of Bitcoin it could be argued that any work units that are found should belong to the company and not to the technician who installed the software, but otherwise I fail to see what the problem is here?
Installing stuff like this without approval of the director if such approval is expected for any outside software package is something actionable, but there is no indication that this particular technician had any such requirement at all.
In terms of your concerns about memory consumption, CPU bandwidth, and malware issues, I think you are being overly paranoid about the issue. Bitcoin can be compiled from source code where a source code audit can be performed, and Seti@Home is pretty reputable as well. Concerns about malware are completely unjustified in this situation. That sometimes Bitcoin work unit search software can be installed through malware is a side effect that has nothing to do with deliberate installation of this kind of software on a computer system where permission is granted.
If anything, software like this is a good way to "stress test" a computer and has some very useful features that would even be desirable in a business computing environment. For projects like Seti@Home, you can even count the resources being used in this manner as a charitable "in-kind" contribution to a bona fide 501 (c) 3 non-profit organization and accounted for in various ways that could provide a financial benefit to a for profit company if they wanted to perform the necessary accounting. Since it would be using computing resources when the company isn't using them, it also has otherwise a negligible business impact.
It all depends on the context of how the software was installed and as you said, permission to perform that act.