The funny thing is that I think there are legitimate questions to be raised (and hopefully answered), in areas around open source contributions. The problem is in their methodology.

In the long term, a better understanding of some of these issues could result in stronger and more successful open source projects. The research just needs to be conducted in the right way, which involves having the knowledge and consent of all participants to be subjects in research studies.

This letter is obviously fake. If you don’t have the common sense to realize that surreptitiously submitting bugs for inclusion into the Linux kernel was a bad thing, then certainly you don’t have the capacity to feel sorry for doing it.

This is clearly a last ditch attempt to prevent the ban and patch reversion from taking place. All patches from them should be pulled. If there are real bugs, then investigate them and write new patches. This group is not trustworthy.

How about once or twice, with something that actually does nothing, but appears to do damage?

I agree with you that there are legitimate questions to be raised, but yes, the methodology is a problem. It's not the only problem though because this is something that should be done by the kernel maintainers themselves or someone appointed by them; I also believe this is not a legitimate topic of academic research.

This is the fakest letter I ever read, the usual spam email I get is more believable.

i am honestly not surprised they did. sigh.

I don't understand how University let do that research, must be a teacher or someone that approve the request do that "research". When you do a research to a company or entity or person at the name of the university, you must request permission. It's something basic that any university must be a letter requesting and allowing do that. One thing is a theory saying there is a way with commits that are fake enter to development of the kernel. I think it will be huge deal and see with better eyes, if they found other contributor made Hypocrite commits than just they sent it by them. That will be a great research.

I agree with you that the specific researchers shouldn't be allowed to continue to lie and deceive. I was referring to what had been reported as a ban on the entire university - I'm strongly opposed to that type of canceling. It sounds like that threat may not come to pass.

Also, the kernel maintainers are not coming out of this with their reputations fully intact. A small group of juvenile morons were easily able to insert this code. What are the maintainers doing if they aren't paying even the slightest bit of attention to the submissions before they sign off on them?

Keep in mind that while the university may have stupidly greenlit this project by not classifying it as human experimentation, it's not necessarily a malicious decision. Incompetence or greed are far more likely. Universities are known for being hotbeds of both political infighting and bureaucracy. And there's generally a pretty wide rift between the sciences and the humanities, which can lead to tech-savvy people being ignorant of people, and people-focused people being ignorant of tech.

If UMN can clean up their act and keep a tighter leash on their less ethical members, there's little reason to exclude potentially thousands of others of contributors. It's just setting an example by levying a heavy punishment on the first/most prominent offender.

They've started by removing the brag post about their paper being accepted in the IEEE security symposium. But it's still listed on the symposium's site. If it hasn't been removed from the actual program yet, UMN should request that they withdraw the paper themselves - both from the symposium and any journals. And that goes to my major concern about this whole thing and the crocodile tears of the open letter - publicity. If the paper includes unethical studies, it should be withdrawn from *all* venues. We draw a pretty hard line on not rewarding unethical behavior. Professors and students gain tangible benefits from having their paper published, and from presenting at symposiums. I didn't see *any* mention of them withdrawing the paper or the presentation.

Similarly, Kangjie Lu is still part of the IEEE S&P 2022 program committee, and Qiushi Wu still lists the paper in his CV, as well as an ongoing project of the same kind. This paper should be a scarlet letter for a few years, and yet it's still being treated like a mark of pride.

If those involved in the paper really wanted to "rebuild the relationship" as stated in the open letter, they should start by not profiting off the harm that they caused. Otherwise it's just trying to weasel out of responsibility. And I guess that's the thing that justifies giving UMN a ban - they permitted it and they didn't punish it. It's merely been "suspended".

It's up to the universities to insure ethical behavior in their professors and grad students. Their professors and students were caught in unethical behavior and doubled-down on it by gaslighting people on the LKML until it hit the press, then astroturfing. The accusation of slander against the obvious distrust after having deliberately submitted vulnerabilities alone should earn a formal reprimand and censure. I guess the real difference between an institution with academic integrity and a diplomas-for-cash mill is if the institution not only suggests ethical behavior but requires it - and if they actually do something about flagrant ethics violations. If they don't go any further, then they'll deserve the ban for enabling this behavior.

I'm sure cultural differences will come up in the discussion. This is a pretty obvious ethics violation in western education systems, but it perhaps would have seen a more favorable reception elsewhere. It's true, but that doesn't excuse this type of unethical opportunism. The assistant professor has almost 9 years in western academia, and the others have 6 and 2 years. That should be enough to understand that a punchy thesis isn't enough justification to manipulate people to further your career.