Message boards : Number crunching : Problems and Technical Issues with Rosetta@home
Previous · 1 . . . 254 · 255 · 256 · 257 · 258 · 259 · 260 . . . 300 · Next
Author | Message |
---|---|
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
My GTX 1650 does Milkyway task in about 6 minutes.That's 93 GFlops. Mine is 1000. Nvidia sux. I have never and will never buy their low grade rubbish. |
Link Send message Joined: 4 May 07 Posts: 356 Credit: 382,349 RAC: 0 |
My GTX 1650 does Milkyway task in about 6 minutes. Well, Tahiti is High-End, the 280X has 250W TDP, GeForce 16 is the Low-End of Geforce 20 series, the 1650 has 75W TDP and it's launch price was half or (a lot) less of any of the Tahiti cards. Outside of that very special Milkyway application, the 1650 isn't bad at all, the SP Performance per Watt is even a lot higher. . |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
Well, Tahiti is High-End, the 280X has 250W TDP, GeForce 16 is the Low-End of Geforce 20 series, the 1650 has 75W TDP and it's launch price was half or (a lot) less of any of the Tahiti cards. Outside of that very special Milkyway application, the 1650 isn't bad at all, the SP Performance per Watt is even a lot higher.The SP is lower overall, I'm surprised they make a card that slow nowadays. And DP is actually used in most of the projects, just not 100% of the time. |
Link Send message Joined: 4 May 07 Posts: 356 Credit: 382,349 RAC: 0 |
The SP is lower overall, I'm surprised they make a card that slow nowadays.It's lower overall, but about 2.5x higher per Watt. That's a huge difference if you don't run Milkyway on it. Gaming performance (and that's what GPUs are actually made for, not for BOINC) is higher than Radeon HD 7970 GHz Edition, which burns 300W instead of the 75W the GTX 1650 is using. Yes, the Tahiti cards are great in particular for Milkyway and BOINC in general, but let's not act like that was what GPUs are primarily made for. It would be nonsense for the average GPU user to buy 2019 a Tahiti card when they can get better performance in games at about 25-30% energy consumption. . |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
It's lower overall, but about 2.5x higher per Watt. That's a huge difference if you don't run Milkyway on it. Gaming performance (and that's what GPUs are actually made for, not for BOINC) is higher than Radeon HD 7970 GHz Edition, which burns 300W instead of the 75W the GTX 1650 is using. Yes, the Tahiti cards are great in particular for Milkyway and BOINC in general, but let's not act like that was what GPUs are primarily made for. It would be nonsense for the average GPU user to buy 2019 a Tahiti card when they can get better performance in games at about 25-30% energy consumption.I play games, and I don't care for energy performance. It's not like I play games 24 hours a day. So as a gamer only the speed matters. And something a decade newer should not be slower. BTW, the Tahiti speed ain't good enough for games, I have a twice as fast Nano for that. Which is also efficient in power. |
rakvium Send message Joined: 2 Apr 18 Posts: 4 Credit: 228,726 RAC: 161 |
Hello there! I use BOINC 7.9.3 on Ubuntu 18.04 and recently I have started to get errors on downloading files for Rosetta@Home tasks like "transient HTTP error". It seems to affect only Rosetta's files, files for other projects seem to be downloaded well. Just in case, the file names go as "KC_12mer_12_hallucinated..." and "KC_13mer_13_hallucinated..." for Rosetta 4.20. It seems like I can download the files manually and place them where they should be (/var/lib/boinc/projects/boinc.bakerlab.org_rosetta/) - after that the task's status transitions from "Downloading" to "Ready to start". However, I am afraid that there will be a similar problem with uploads - so may you please suggest how can I make BOINC manage Rosetta@Home files transfers automatically again? Here is the event log with http_debug, http_xfer_debug and network_status_debug flags enabled - looks like is a kind of SSL certificate problem: Tue 20 Dec 2022 10:35:55 EET | Rosetta@home | [http] HTTP_OP::init_get(): https://boinc-files.bakerlab.org/rosetta/download/7c/KC_12mer_12_hallucinated_55_11.zip Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS handshake, Certificate (11): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS handshake, CERT verify (15): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS handshake, Finished (20): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (OUT), TLS change cipher, Client hello (1): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (OUT), TLS Unknown, Certificate Status (22): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (OUT), TLS handshake, Finished (20): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: ALPN, server accepted to use http/1.1 Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: Server certificate: Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: subject: CN=www.google.com Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: start date: Nov 28 08:19:01 2022 GMT Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: expire date: Feb 20 08:19:00 2023 GMT Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: subjectAltName: host "www.google.com" matched cert's "www.google.com" Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3 Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: SSL certificate verify ok. Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (OUT), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Sent header to server: GET / HTTP/1.1 Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Sent header to server: Host: www.google.com Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Sent header to server: User-Agent: BOINC client (x86_64-pc-linux-gnu 7.9.3) Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Sent header to server: Accept: */* Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Sent header to server: Accept-Encoding: deflate, gzip Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Sent header to server: Content-Type: application/x-www-form-urlencoded Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Sent header to server: Accept-Language: en_US Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Sent header to server: Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Certificate Status (22): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: HTTP/1.1 200 OK Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Date: Tue, 20 Dec 2022 08:35:56 GMT Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Expires: -1 Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Cache-Control: private, max-age=0 Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Content-Type: text/html; charset=ISO-8859-1 Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws" Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Content-Encoding: gzip Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Server: gws Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: X-XSS-Protection: 0 Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: X-Frame-Options: SAMEORIGIN Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Set-Cookie: 1P_JAR=2022-12-20-08; expires=Thu, 19-Jan-2023 08:35:56 GMT; path=/; domain=.google.com; Secure Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Set-Cookie: AEC=AakniGOg4us7UbTeD0AIz-b37iy5EjS_ILng2YPon72NYT610HS15qt6Ru8; expires=Sun, 18-Jun-2023 08:35:56 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Set-Cookie: NID=511=HyJMAjp9f88XSRXcGz4s9sQAFWhAzMIrSpJaeSUC_skIKlJSsRvCrIMtIed6-zkZMwLD9-WodT8K9S2-9ePzMFIs65t46nnBtJ-nXtdLitjZgfv3qXVkPscnq9kBFN4CQf6JQinZl1JhCpUd1w3Gg-R2XDMF-YPh1RXirWlO2DI; expires=Wed, 21-Jun-2023 08:35:56 GMT; path=/; domain=.google.com; HttpOnly Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Transfer-Encoding: chunked Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Received header from server: Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 1768 bytes Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 2850 bytes Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 3201 bytes Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 3689 bytes Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 1485 bytes Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 8 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 286 bytes Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 5 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 1 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 1 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 9 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 6 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 5 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 4 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 1 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 1 bytes Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 2310 bytes Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http_xfer] [ID#0] HTTP: wrote 1211 bytes Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: TLSv1.3 (IN), TLS Unknown, Unknown (23): Tue 20 Dec 2022 10:35:56 EET | | [http] [ID#0] Info: Connection #566 to host www.google.com left intact Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info: TLSv1.3 (IN), TLS handshake, Server hello (2): Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info: TLSv1.2 (IN), TLS handshake, Certificate (11): Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info: TLSv1.2 (OUT), TLS alert, Server hello (2): Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info: SSL certificate problem: unable to get local issuer certificate Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info: stopped the pause stream! Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#874] Info: Closing connection 567 Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info: TLSv1.3 (IN), TLS handshake, Server hello (2): Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info: TLSv1.2 (IN), TLS handshake, Certificate (11): Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info: TLSv1.2 (OUT), TLS alert, Server hello (2): Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info: SSL certificate problem: unable to get local issuer certificate Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info: stopped the pause stream! Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] [ID#875] Info: Closing connection 568 Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates Tue 20 Dec 2022 10:35:57 EET | | [network_status] status: reference site lookup pending Tue 20 Dec 2022 10:35:57 EET | | Internet access OK - project servers may be temporarily down. Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | Temporarily failed download of KC_12mer_12_hallucinated_55_11.zip: transient HTTP error Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | Backing off 00:29:36 on download of KC_12mer_12_hallucinated_55_11.zip Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | Temporarily failed download of KC_12mer_12_hallucinated_55_11.flags: transient HTTP error Tue 20 Dec 2022 10:35:57 EET | Rosetta@home | Backing off 00:25:01 on download of KC_12mer_12_hallucinated_55_11.flags Tue 20 Dec 2022 10:35:58 EET | | [network_status] status: online With care, Viktor |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
I use BOINC 7.9.3There's your problem, the latest version is 7.20.2, with much newer SSL stuff in it. |
rakvium Send message Joined: 2 Apr 18 Posts: 4 Credit: 228,726 RAC: 161 |
the latest version is 7.20.2, with much newer SSL stuff in it. Where do I get the latest version for Ubuntu Linux? I have tried to use one from BOINC's official website and I have got the next error: /usr/bin/boinc: /usr/lib/x86_64-linux-gnu/libcurl.so.4: version `CURL_OPENSSL_3' not found (required by /usr/bin/boinc) It turned out that the one there has even older version - 7.4.22 - good that I made a backup before. The one which is available via bionic ppa is 7.9.3, the same version I have: $ sudo apt-cache policy boinc [sudo] password for sloboda: boinc: Installed: 7.9.3+dfsg-5ubuntu2 Candidate: 7.9.3+dfsg-5ubuntu2 Version table: *** 7.9.3+dfsg-5ubuntu2 500 500 http://ua.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages 500 http://ua.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages 100 /var/lib/dpkg/status 7.9.3+dfsg-5 500 500 http://ua.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages 500 http://ua.archive.ubuntu.com/ubuntu bionic/universe i386 Packages |
kotenok2000 Send message Joined: 22 Feb 11 Posts: 258 Credit: 483,503 RAC: 133 |
This ppa should have 7.20.5 https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/boinc |
rakvium Send message Joined: 2 Apr 18 Posts: 4 Credit: 228,726 RAC: 161 |
Thank you for your help and suggestions! It seems like the version update was not crucial though, the problem was probably in /var/lib/boinc-client/ca-bundle.crt file. The CA bundle file was outdated before, now it seems to be a symbolic link to /etc/ssl/certs/ca-certificates.crt file, which was recently updated after re-installing BOINC 7.9.3 and libcurl4-openssl-dev package and uploads go well now. With care, Viktor |
rakvium Send message Joined: 2 Apr 18 Posts: 4 Credit: 228,726 RAC: 161 |
and uploads go well now. Well, downloads didn't. I have managed to update BOINC to 7.20.5 (that wasn't necessary in my case, as I have found later) with the next steps: # stopped the previous version: sudo service boinc-client stop # without update-ca-certificates there was the next error: # Cannot add PPA: 'ppa:~costamagnagianfranco/ubuntu/boinc'. # ERROR: '~costamagnagianfranco' user or team does not exist. sudo apt-get update && sudo apt-get install ca-certificates -y && sudo update-ca-certificates # added the repository with the latest versions sudo add-apt-repository ppa:costamagnagianfranco/boinc # acknowledged the updates and upgraded boinc sudo apt-get update && sudo apt-get upgrade boinc # started the new version: sudo service boinc-client start Nevertheless, the error persisted. It seemed a bit like of a curl problem, so I have decided to check it: $ curl https://boinc-files.bakerlab.org/rosetta/download/c1/KC_12mer_12_hallucinated_93_236.flags curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. So the problem wasn't around the BOINC itself after all. I don't know why exactly my local curl decided not to trust Rosetta@Home files server's PEM certificates. Nevertheless, I saved those certificates to a separate crt file (/usr/local/share/ca-certificates/rosetta.crt) and run sudo update-ca-certificates again. After that downloads started work again for Rosetta@home project for my BOINC client. The problem seems to be solved for me for now. Leaving this here just in case someone stumbles on the same thing. With care, Viktor |
.clair. Send message Joined: 2 Jan 07 Posts: 274 Credit: 26,399,595 RAC: 0 |
Looking through the top hosts list it is interesting to see that some are still returning completed work even though they do have some "not started by deadline" "canceled by server" and "aborted" Others have work units "waiting validation" from October Old relics from "15 Apr 2020, 12:37:56 UTC Not started by deadline - canceled " as database dirt And the rest of us getting on with crunching other projects work I wonder if rosetta is going to run all work out and planning to do a big full project database reset to clean out the cruft ? hint . . . . . And why am I posting this ? Its just something to do on a day like today is , before I attack the accumulated pans and dishes in the kitchen , nnn ;-) |
Jean-David Beyer Send message Joined: 2 Nov 05 Posts: 187 Credit: 6,372,414 RAC: 5,712 |
So the problem wasn't around the BOINC itself after all. That was just the hint I needed. I ran the update-ca-trust command on my RHEL8.6 Linux system, and it seems to work (as far as I can tell). It does not download any Rosetta tasks at the moment, because there are none available. But at least, no error messages. |
rsNeutrino Send message Joined: 22 Mar 20 Posts: 10 Credit: 4,886,438 RAC: 6,103 |
I, too, was not able to download any WU files during the last batch around 15.-21.12.2022 BOINC version 7.20.2 on Ubuntu 22.04.1, fully updated. update-ca-certificates did not help. I did some analysis: I noticed two different URLs used by Rosetta: Root URL for general communication: https://boinc.bakerlab.org/ Old download URL, index with folder and file structure visible: https://boinc.bakerlab.org/rosetta/download/ It seems some time ago Rosetta switched to a new URL for downloads. New download URL, index hidden, shown as offline on the status page: https://boinc-files.bakerlab.org/ Both URLs seem to target the same underlying file system. As an examlple, the following two URLs lead to the same file: https://boinc.bakerlab.org/rosetta/download/0/3stub_cyc_target_1cwa_00081_2_extract_B.zip https://boinc-files.bakerlab.org/rosetta/download/0/3stub_cyc_target_1cwa_00081_2_extract_B.zip Tests on Debian with curl: old URL: curl https://boinc.bakerlab.org/rosetta/download/0/3stub_cyc_target_1cwa_00081_2_extract_B.zip -vI * Trying 128.95.160.156:443... * Connected to boinc.bakerlab.org (128.95.160.156) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=US; ST=Washington; O=University of Washington; CN=*.bakerlab.org * start date: Dec 14 00:00:00 2022 GMT * expire date: Dec 14 23:59:59 2023 GMT * subjectAltName: host "boinc.bakerlab.org" matched cert's "*.bakerlab.org" * issuer: C=US; ST=MI; L=Ann Arbor; O=Internet2; OU=InCommon; CN=InCommon RSA Server CA * SSL certificate verify ok. new URL: curl https://boinc-files.bakerlab.org/rosetta/download/0/3stub_cyc_target_1cwa_00081_2_extract_B.zip -vI * Trying 128.95.160.134:443... * Connected to boinc-files.bakerlab.org (128.95.160.134) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS header, Unknown (21): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. I could recreate the same error on multiple independent Rasbpian/Debian installations with the same result. Firefox on Windows and Ubuntu did not complain, shows verified by Internet2. On Windows, Openssl fails on both the new and old URL, probably because it's out of date (2021). wget and curl in powershell did not complain. Edge on Windows downloads the zip without warning, but warns about a missing certificate when opening https://boinc-files.bakerlab.org and clicking on the lock symbol. Openssl tests on Debian, each with the same results: Raspbian (buster): OpenSSL 1.1.1n 15 Mar 2022 Ubuntu (22.04.1 LTS): OpenSSL 3.0.2 15 Mar 2022 new URL: openssl s_client -connect boinc-files.bakerlab.org:443 CONNECTED(00000003) depth=0 C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org verify error:num=21:unable to verify the first certificate verify return:1 depth=0 C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org verify return:1 --- Certificate chain 0 s:C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org i:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Dec 14 00:00:00 2022 GMT; NotAfter: Dec 14 23:59:59 2023 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIGpDCCBYygAwIBAgIQLX34hscHGmFRGzZSrcfHojANBgkqhkiG9w0BAQsFADB2 ---snip--- Start Time: 1672334317 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) Extended master secret: yes old URL: openssl s_client -connect boinc.bakerlab.org:443 CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA verify return:1 depth=0 C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org verify return:1 --- Certificate chain 0 s:C = US, ST = Washington, O = University of Washington, CN = *.bakerlab.org i:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Dec 14 00:00:00 2022 GMT; NotAfter: Dec 14 23:59:59 2023 GMT 1 s:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA512 v:NotBefore: Sep 19 00:00:00 2014 GMT; NotAfter: Sep 18 23:59:59 2024 GMT 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384 v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIGpDCCBYygAwIBAgIQLX34hscHGmFRGzZSrcfHojANBgkqhkiG9w0BAQsFADB2 --snip-- Start Time: 1672334384 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Here a comparison with an external 3rd party online analysis from SSLLABS: https://www.ssllabs.com/ssltest/analyze.html?d=boinc-files.bakerlab.org ("This server's certificate chain is incomplete. Grade capped to B.") https://www.ssllabs.com/ssltest/analyze.html?d=boinc.bakerlab.org (Rating: A) (Additional test: https://www.digicert.com/help/) As you can see, even they show issues with the certificate chain for the new URL. If I understand the results correctly, the old URL sends both the server certificate (1) and the intermediate certificate (2) (= issuer certificate) to the client (SSLLABS: Certification Paths: "1 - Sent by server, 2 - Sent by server"), completing the chain of trust with the root certificate (3) on the client. The new URL only sends the server certificate, but not the intermediate certificate (SSLLABS: "2 - Extra download", from InCommon RSA Server CA / Internet2). If the client does not already have this intermediate certificate in its trust store, which seems often but not always the case (comparing Firefox vs windows vs Debian), the chain is broken and any connection to boinc-files.bakerlab.org fails. Maybe there are also some automated tricks and workarounds going on, like caching the intermediate after once connecting to boinc.bakerlab.org, so that the client can puzzle the chain together anyway. As others already wrote, it is visible in Rosetta's statistics that something widespread isn't working. Comparing earlier batches with the last batch is noticeble slower in crunshing and returning WUs: https://munin.kiska.pw/munin/Munin-Node/Munin-Node/results_rosetta.html https://www.boincstats.com/stats/14/project/detail/credit So, I think what needs to be done is to recreate the configuration for / copy the intermediate certificate from boinc.bakerlab.org to boinc-files.bakerlab.org, so that it gets sent to clients as well. |
rsNeutrino Send message Joined: 22 Mar 20 Posts: 10 Credit: 4,886,438 RAC: 6,103 |
Screenshots for comparison of the chains, no differences between platforms: URL: boinc.bakerlab.org URL: boinc-files.bakerlab.org |
Jean-David Beyer Send message Joined: 2 Nov 05 Posts: 187 Credit: 6,372,414 RAC: 5,712 |
I ran the update-ca-trust command on my RHEL8.6 Linux system, and it seems to work (as far as I can tell). My system has now been updated to RHEL8.7. Having run update-ca-trust has not hurt anything, but it did not help either. Well, Rosetta still does not admit to having any work units on its web site, but it tried to download some to me today. I think it was only one. It created these files but you can see they are all empty. And they are all marked "downloading." -rw-r--r--. 1 boinc boinc 0 Jan 4 22:18 database_357d5d93529_n_methyl.zip -rw-r--r--. 1 boinc boinc 0 Jan 4 22:18 LiberationSans-Regular.ttf -rw-r--r--. 1 boinc boinc 0 Jan 4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.11mers.index.gz -rw-r--r--. 1 boinc boinc 0 Jan 4 16:29 rb_01_04_474411_469629_ab_t000__robetta.200.3mers.index.gz -rw-r--r--. 1 boinc boinc 0 Jan 4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.4mers.index.gz -rw-r--r--. 1 boinc boinc 0 Jan 4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.5mers.index.gz -rw-r--r--. 1 boinc boinc 0 Jan 4 16:13 rb_01_04_474411_469629_ab_t000__robetta.200.6mers.index.gz -rw-r--r--. 1 boinc boinc 0 Jan 4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.7mers.index.gz -rw-r--r--. 1 boinc boinc 0 Jan 4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.8mers.index.gz -rw-r--r--. 1 boinc boinc 0 Jan 4 08:27 rb_01_04_474411_469629_ab_t000__robetta.200.9mers.index.gz -rw-r--r--. 1 boinc boinc 0 Jan 4 18:49 rb_01_04_474411_469629_ab_t000__robetta_FLAGS -rw-r--r--. 1 boinc boinc 0 Jan 4 16:29 rb_01_04_474411_469629_ab_t000__robetta.zip -rw-r--r--. 1 boinc boinc 0 Jan 4 17:31 rosetta_4.20_x86_64-pc-linux-gnu -rw-r--r--. 1 boinc boinc 0 Jan 4 17:31 rosetta_graphics_4.20_x86_64-pc-linux-gnu |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
My system has now been updated to RHEL8.7. Having run update-ca-trust has not hurt anything, but it did not help either.There are a very small number of Robetta tasks coming through to my Windows machines too. I think we're the overflow for Robetta's own machines. It seems everyone's asleep and not producing much work - even with WCG, Rosetta, and Asteroids, I sometimes run out of CPU work. Oh well, I'm off to fiddle with some GPUs, I've constructed an 800A 12V ring main on a large bookshelf to plug GPUs in anywhere. A few kilowatt 12V LED power supplies and a couple of reels of car starter motor cable (0 AWG). |
DJStarfox Send message Joined: 19 Jul 07 Posts: 145 Credit: 1,250,162 RAC: 0 |
To whom it may concern, The download server is broken per status page: Download server boinc-files.bakerlab.org Not Running Please fix. Thanks. |
.clair. Send message Joined: 2 Jan 07 Posts: 274 Credit: 26,399,595 RAC: 0 |
The servers over @ Ralph are all running , they could chuck all the work over there if they can`t or be botherd to fix this lot . |
[VENETO] boboviz Send message Joined: 1 Dec 05 Posts: 1994 Credit: 9,524,889 RAC: 7,500 |
The servers over @ Ralph are all running , they could chuck all the work over there if they can`t or be botherd to fix this lot . Ralph is undervalued and underused by the project itself.... |
Message boards :
Number crunching :
Problems and Technical Issues with Rosetta@home
©2024 University of Washington
https://www.bakerlab.org