CRISIS: After tightening security, or at least trying to, with the AVAST firewall, I tried to get BOINCMGR back up - wouldn't run, in fact wouldn't run without pings, desktop access, and a whole lotta other controls left wide open.

In frustration, I turned off the firewall just so I could communicate work my BOINC system had been doing while disconnected, forgot and discovered in the morning I'd been pinged by 3/4 the population of Nigeria, or at least pirates operating under a Nigerian flag of convenience. with luck, the outage will just get me a plate of amusing spam,spam,spam,spam, a lobster thermador and spam.

So, WHAT does BOINC want (and why? I thought that work was sent to my machine as a file, machine performed tasks needed and uploaded the results. This should NOT require pinging, and all sorts of other system rights to access)

(I should know better, I started doing good positive hacking before the word developed a single negative connotation, can still do hardware on DEC PDP-1s,4s,5,s,6,s,7s,8s(all of em), 9s, 10,s 12s, 15s, and 20s, really good hardware, and get you the parts for the PC you need or the PC you want. But, somewhere along the line, I think when the basic x86/amd+ instruction set went from a booklet to 3 huge overpriced manuals, and I discovered that life required work, I became a USER, though I haven't yet fallen to the level of "knows as much about computing as about his 'fridge, and he doesn't know a thing about WHY a compressor makes it cold in the box.", and believes an EFF-developed course on "how your computers and the Internet works" then pass a test before issued a license to use one.)
Still looking for the real Emmanuel and the Resistance, but someone sent a chopper to cut off my head. RSVP here, I'll get it mailed to me at home.

---

Winston Smith, Room 101, MiniLove

So, WHAT does BOINC want (and why? I thought that work was sent to my machine as a file, machine performed tasks needed and uploaded the results. This should NOT require pinging, and all sorts of other system rights to access)

BOINC its parts talk to each other via remote procedure call, on localhost (127.0.0.1) only. They do this to be able to show in real time in BOINC Manager (the GUI) what the client is doing. To do so, you have to allow the BOINC binary (boinc.exe) and the BOINC Manager binary (boincmgr.exe) through your firewall on TCP port 31416.
To be able to contact the projects, the BOINC binary needs separate permission to access TCP ports 80 (HTTP) and 443 (HTTPS).

No other ports or addresses are needed.

---

BOINC its parts talk to each other via remote procedure call, on localhost (127.0.0.1) only. They do this to be able to show in real time in BOINC Manager (the GUI) what the client is doing.

Correction. BOINC client *listens* on any network interface available on port 31416. That makes it possible to control/monitor BOINC *clients* with one BOINC *manager* over network. However, for standalone computer with alone client it's OK to allow listening/opening port 31416 on localhost (127.0.0.1) and forbidding on any other interface.

---

I'm counting for science,
points just make me sick.