The deeper problem here is that loosely-coupled CPUs have a value approximating 0. Your unused CPU cycles have absolutely no value to you, so what you are going to see if a fast race to the bottom in terms of price. This sounds great, particularly if you need some sort of embarrassingly parallel task performed, but most of the people providing the CPU cycles will have an artificially inflated sense of their value (e.g. "I paid X for this system and if I participate in this scheme for some period of time I should expect to get X/time back") and are not going to stick around when they learn that in return for the overhead of the cpushare system and bandwidth costs they will incur the CPU provider will end up with diddly-squat in return.
When you think about it, what does your web browser do? It is downloading someone else's code (Javascript, Flash...) and executing it on your machine. Somehow your trust the browser. Why not trust the virtual machine? Maybe if the company only allows Javascript to be executed on the virtual machine, people might feel more comfortable about the idea.
From reading their blog and a little googling, they currently are using SECCOMP - http://en.wikipedia.org/wiki/Seccomp - which is a process restriction mechanism that nobody really seems to trust.
They are working towards using KVM (Kernel Virtual Machine) which would be a Virtual Box running on your local workstation.
The copy on the front page makes it sound like a scam, even if it's not (and I have no idea either way). It looks like they're trying hard to tell you that the money is real, which of course makes you wonder if it's really unlikely that you can earn real money.
This site does look suspicious. When you go to the orders page FireFox says:
Secure Connection Failed
www.cpushare.com uses an invalid security certificate.
In FireFox 3 it makes you jump through hoops to allow you access a site which has self-signed certificates or has one with an unknown issuer such as CAcert.
The FF3 developers regard this as a feature as it may help prevent potential man-in-the-middle attacks or people making false assumptions about sites based on a padlock by making you add exceptions in every case. I personally regard this functionality as an extremely irritating flaw in FF3 that it goes out of its way to annoy, provides an utterly inadequate explanation for the end user and gets in the way of lots of legitimate use cases (think passwords on non-critical sites that would otherwise be sent in plaintext using http where /any/ security even without trust is actually an improvement). What's even more annoying is that I've yet to find a good way of getting around this broken functionality.
From the webpage: "Feel free to join CPUShare to immediately start earning your first CPUCoins and to potentially earn real money by selling your CPU resources."
Anytime real money is involved or potentially involved, folks should be using the defacto certification companies that browser all agree on.
CACert isn't really unrecognized, it's just that they haven't worked out a deal with Firefox. There's a 5 year old bug about this, and they're just waiting for the company to do something before they add them.
