Announcement

Collapse
No announcement yet.

University of Minnesota Linux "Hypocrite Commit" Researchers Publish Open Letter

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • codewiz
    replied
    Greg K-H's response is quite unforgiving:

    Thank you for your response. As you know, the Linux Foundation and the Linux Foundation's Technical Advisory Board submitted a letter on Friday to your University outlining the specific actions which need to happen in order for your group, and your University, to be able to work to regain the trust of the Linux kernel community. Until those actions are taken, we do not have anything further to discuss about this issue.
    https://lore.kernel.org/lkml/[email protected]/

    Leave a comment:


  • DanL
    replied
    Originally posted by Sonadow View Post
    I am making a direct accusation of double standards and hypocrisy against the active members of this forum, and only two have been able to come up and say that they don't think that way, even with the mask of anonymity protecting them. Because that's what most of this forum's members are.
    Or maybe, just maybe, no one wants to waste their time on your nonsense.

    Leave a comment:


  • DanL
    replied
    Originally posted by moilami View Post
    You are wrong in this. I don't even get it how all this "cancel culture rant" started up with a case where there was no free speech issues at all to begin with.
    I think you missed the sarcasm..

    Leave a comment:


  • Sonadow
    replied
    Originally posted by Kver View Post

    Your assumption that people with an interest in Linux want to see MS burn is just plain wrong.
    Really? Look at how long my original post has been up, and compare that with number of users who have actually come out to say that they don't.

    Answer: two. Just. TWO.

    I am making a direct accusation of double standards and hypocrisy against the active members of this forum, and only two have been able to come up and say that they don't think that way, even with the mask of anonymity protecting them. Because that's what most of this forum's members are.

    Leave a comment:


  • cb88
    replied
    Originally posted by coder View Post
    They tried government downsizing in the 1990s, but it ended up costing tax payers more to have the same services get outsourced and have to pay a 3rd party entity + the worker + a federal employee to ensure the contractors did the jobs they were hired to do.

    If you mean just making government do 90% less, that would put us on a fast track to being a failed state. Most people have no idea of the multiplicity of ways their lives, jobs, and our modern systems depend on government. This message is being pushed by wealthy and powerful corporations and individuals because government is the only thing keeping them from fully exploiting the people to the fullest degree possible.

    If you mean replacing bureaucrats with political appointees, that leads to politicization of the government and putting it in the pocket of whatever political party is in power. Having a non-partisan, professional federal workforce is far preferable to that. Government bureaucrats get attacked by the same forces that run contrary to the interests of the people, because bureaucrats are the front line workers of a government that's of the people, by the people, and for the people.

    The libertarian wet dream is just that -- a dream. It never happened and it never could. What you want is effectively just for wealthy elites to have even more wealth and power, while the masses get squeezed, poisoned, flooded, and extorted.
    Then eliminate the "services" ... you know very well that 90% of what the goverment does is spend money like no tomorrow. And when "outsourcing" they let the bids got to shitty companies like oracle that end up not even succeeding in providing the basic services. Literally the only federal services I have ever used are Interstates, and paying taxes.... I am fairly confident that the federal goverment could run the FDA, and EPA and the few other essential services WITHOUT, the bureaucrat head count.

    Leave a comment:


  • edoantonioco
    replied
    So this research did prove that you can put bugs easily into the kernel, I hope phoronix will make an article once the university publish the result of the investigation.

    Leave a comment:


  • timofonic
    replied
    They should fire the responsible people of that insane stupidity and make a substantial donation to compensate the damage, not just bad quality astroturfing.

    This makes the recent IBM controversy about an employee using his Gmail address instead IBM.com one and such look a lot more innocent in comparison.

    Leave a comment:


  • ultimA
    replied
    Originally posted by ddriver View Post
    So are you saying that it is not a viable research field to determine if there are possibilities to establish viable attack vectors by means of code contribution?
    Yes, I at least, stand by my opinion this isn't even research. What were they trying to prove? That if a group A (in this case kernel developers) trusts another group B (in this case an established university), then B is able to fool A? Wow. Great discovery, worthy of a Nobel Prize! Not to mention they draw false conclusions, because in their paper they clearly pose it as if this was a unique threat model for open-source software. But in reality this is a problem elsewhere too. Take for example where the NSA backdoored NIST standards in 2007. Or when a company buys a software component from another one for integration and it turns out to be backdoored. If anything, mostly closed-source software is backdoored! Heck, it can even happen with hardware, when you buy a piece of hardware from a manufacturer that you think is trustworthy, like it happened to many companies who bought backdoored network devices from Zyxel (2021).

    Fake research, false conclusions, a waste of money, and an unethical methodology.
    Last edited by ultimA; 25 April 2021, 07:28 PM.

    Leave a comment:


  • alcalde
    replied
    Originally posted by ddriver View Post

    So are you saying that it is not a viable research field to determine if there are possibilities to establish viable attack vectors by means of code contribution?

    Why not prevent .... say vehicle safety inspection tests from doing anything that the vehicle manufacturer hasn't authorized explicitly?

    And you don't see how this might defeat the purpose of the study?

    The real "crime" here is not what they did but that they were overly lousy and superficial with it. It doesn't even amount to making an effort, and as such, actually constitutes very little danger... if any...

    At worst, this is nothing more than some spam that some people are getting paid to filter through. It is nothing exceptional, it is a part of our contemporary daily reality.
    You quote me and the segment you chose to quote says nothing about viable research. We're talking about ethical research. Stitching a person's head onto a gorilla's body is viable research. Doing it without informed consent is not ethical.

    In general you can't perform experimentation on people without their consent, whether this fact defeats the purpose of your study or not. Code in the kernel is ultimately going into embedded devices that can't be readily updated, vehicles, security-critical products, etc. Do you not see where this should give one pause before experimenting upon the kernel without anyone's consent? There's no indication anyone thought any of this through before barreling ahead with this experiment.

    Leave a comment:


  • moilami
    replied
    Originally posted by DanL View Post
    We've got a "cancel culture" and a "virtue signalling". Can I get a "woke mob"? I mean, enforcing consequences for using the kernel as an unwilling lab rat clearly makes one part of the woke mob.
    You are wrong in this. I don't even get it how all this "cancel culture rant" started up with a case where there was no free speech issues at all to begin with. Must have been some very grumpy old timer jokingly saying this is cancel culture, which then got echoed around.

    The dude did intentionally sabotage Linux. There is zero free speech in what he did. If he just expressed his wished to make such sabotage, then that would had been free speech and deleting him cancel culture. But again, he committed actions other than free speech, he directly sabotaged a software project. It is not cancel culture to delete him.

    Leave a comment:

Working...
X