Announcement

Collapse
No announcement yet.

University of Minnesota Linux "Hypocrite Commit" Researchers Publish Open Letter

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • oiaohm
    replied
    Originally posted by BesiegedAce View Post
    Well I can't say you're not living up to your name. I guess it is best to err on the side of caution.
    https://www.theverge.com/2021/2/19/2...sity-ingenuity
    Particularly once you start considering where the Linux kernel end up.

    There is a miss belief that the open source communities are this we welcome everyone place. The hard reality is they are not there is a requirement to maintain trust and trust is really simple to lose with extrema effects to that loss. Yes they appear friendly until you are not trustworthy then you have pitchfork problem that will not back off simply.

    Leave a comment:


  • BesiegedAce
    replied
    Originally posted by cynical View Post
    This letter is obviously fake. If you don’t have the common sense to realize that surreptitiously submitting bugs for inclusion into the Linux kernel was a bad thing, then certainly you don’t have the capacity to feel sorry for doing it.

    This is clearly a last ditch attempt to prevent the ban and patch reversion from taking place. All patches from them should be pulled. If there are real bugs, then investigate them and write new patches. This group is not trustworthy.
    Well I can't say you're not living up to your name. I guess it is best to err on the side of caution.

    Leave a comment:


  • ultimA
    replied
    Originally posted by User42 View Post

    Good this is not what happened!
    Of course this is what happened. First, it is undeniable they tried to introduced bugs to the kernel. They have an earlier paper about it here, so I guess you won't dispute that. Second, when confronted, first they denied they did any such thing and still tried to get a new nonsense patch in. Then, when the issue was brought into a more public light, they openly defended themselves claiming they though it was okay what they did because it is not human research.

    They said, and I'm quoting from the researcher's own public FAQ about the case:
    "This is not considered human research. We send the emails to the Linux community and seek community feedback. The study does not blame any maintainers but reveals issues in the process. ... Throughout the study, we honestly did not think this is human research, so we did not apply for an IRB approval in the beginning. We apologize for the raised concerns. This is an important lesson we learned - Do not trust ourselves on determining human research; always refer to IRB whenever a study might be involving any human subjects in any form."

    Now, obviously there are a couple of problems with the above quote:
    1) They base "good" and "bad" entirely on the fact whether it is considered human research by *others*.
    2) It doesn't actually address their own judgement or admit they were wrong. They only admit they should have asked somebody earlier.
    3) They ignore that when the IRB (Institutional Review Board) gave them green light mid-research, they still thought it was okay and continued with it.
    4) Beside the question whether this was human research or not, they completely ignore that their methodology was unethical for other reasons too.

    Basically, their FAQ is just like their research. They ask the wrong questions, reach the wrong conclusions, and fail to discuss the actual problems. All the while trying to submit new fake patches, even after they were found out, LOL. So, User42, care to elaborate where I was wrong?
    Last edited by ultimA; 26 April 2021, 11:09 AM.

    Leave a comment:


  • timofonic
    replied
    Originally posted by ultimA View Post

    This has nothing to do with cancel culture. This group has knowingly and on purpose introduced bugs and vulnerabilities into a piece of software that millions of people around the globe rely on, many of them in mission-critical environments, and they admittedly didn't even feel bad about it, they openly said they see nothing wrong with their methodology. They only sent out their open-letter when they got banned as a result, which in light of their previous statements just days ago, is clearly not honest. This is justified self-defense from the kernel developers. Claiming this is cancel culture is like saying it is cancel culture to ban somebody from your home after they've committed vandalism in it and they don't even see what they did wrong and they'd do it again.
    Why feed the troll? They made something stupid and damaged Linux project.

    Let Linux Foundation get damage control and compensation for such awful actions.

    Throw money? A consulting firm to audit the code? Whatever, they deserve to compensate more than what they did as a pragmatic "sorry" to the community. Words are nothing, actions are the important stuff.

    Linux kernel is a giant project that is very interesting for students to acquire experience and for researchers too.

    Of course, new procedures and tools should be made to avoid this kind of disasters. But they choose the very wrong way of do things and ought to pay for it.

    If real world was better, they should already be in a trial and a strong resolution done in less than a week. But well see.

    Leave a comment:


  • User42
    replied
    Originally posted by codewiz View Post
    Greg K-H's response is quite unforgiving:



    https://lore.kernel.org/lkml/[email protected]/
    Which begs the question... What's gonna happen next time he reviews and accepts (or submit) a buggy patch? However unintentional it was, it looks like most people both working in the kernel and here say it's a non-problem that definitely does not need to be studied. So should I say "too bad that used-after-free bug was introduced more than 5 years ago, really nothing we can do"...

    I don't know, I personally think it's better, once, to slap a child who does not behave instead of letting them getting driven over by a car because once again they were not listening. Sure, a slap might be too strong, there are certainly other ways, but given the 2, I'd prefer my child to be unhappy for 5 minutes and live a long life instead of dying there. As much as I understand all the discussion about a slap being unnecessary or a bad way of doing it, when the child gets driven over, I find normal to ask parents what the heck they were thinking. There are enough CVEs (and obvious regressions) to say the kernel does not "behave".

    Leave a comment:


  • User42
    replied
    Originally posted by ultimA View Post

    This group has knowingly and on purpose introduced bugs and vulnerabilities into a piece of software that millions of people around the globe rely on, many of them in mission-critical environments, and they admittedly didn't even feel bad about it, they openly said they see nothing wrong with their methodology.
    Good this is not what happened!

    Leave a comment:


  • ThoreauHD
    replied
    This Burn Loot Murder University terrorism issue was just covered on gamers nexus.

    Leave a comment:


  • ultimA
    replied
    Originally posted by andyprough View Post
    They should be unbanned. Cancel culture has no place in a software movement whose foundational concepts are all derived from freedom of speech.
    This has nothing to do with cancel culture. This group has knowingly and on purpose introduced bugs and vulnerabilities into a piece of software that millions of people around the globe rely on, many of them in mission-critical environments, and they admittedly didn't even feel bad about it, they openly said they see nothing wrong with their methodology. They only sent out their open-letter when they got banned as a result, which in light of their previous statements just days ago, is clearly not honest. This is justified self-defense from the kernel developers. Claiming this is cancel culture is like saying it is cancel culture to ban somebody from your home after they've committed vandalism in it and they don't even see what they did wrong and they'd do it again.

    Leave a comment:


  • coder
    replied
    Originally posted by jason.oliveira View Post
    13 pages and seven hours of pure stupid before one of you thought to look at the replies on LKML to see GKH inform everyone that the Linux Foundation has submitted a list of demands to the University before they can be reinstated as contributors.
    Besides making an ass of yourself, what's your point? AFAICT, he didn't publish the list, so what does it change?

    Leave a comment:


  • curfew
    replied
    Originally posted by andyprough View Post
    They should be unbanned. Cancel culture has no place in a software movement whose foundational concepts are all derived from freedom of speech.
    Banning isn't cancelling. They're rightfully barred from "contributing" their crap into Linux. Nobody has e.g. banned them from Github altogether, blocking them for participating into other project as well. Nobody has taken their employment at the university away. They're still free to conduct their nonsense "research" as if nothing ever happened, just not with Linux anymore. And their ban from Linux repos doesn't seem permanent either.

    What a load of crap!
    Last edited by curfew; 26 April 2021, 05:54 AM.

    Leave a comment:

Working...
X