Announcement

Collapse
No announcement yet.

University of Minnesota Linux "Hypocrite Commit" Researchers Publish Open Letter

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #51
    Originally posted by ddriver View Post
    It is actually a valid field of research, their one mistake was not going all the way as an actual exploit would to conceal itself in plain sight in the form of something useful.
    That's the cybersecurity equivalent of testing the construction techniques of a functioning dam, by trying to stress it with dynamite! And without clearing it with either those responsible for maintaining it or those potentially affected by its failure!

    Furthermore, informed consent is one of the hallmarks in research ethics, which you & the perpetrators seem to be completely missing!

    Originally posted by ddriver View Post
    I mean come on, has MS really contributed to linux anything in the interest of anything other than itself?
    If self-interest disqualified kernel contributions, then kiss goodbye most contributions from most corporate contributors!

    Anyway, here are a few that aren't tied to using Linux in a MS context or with MS-specific technologies:
    Originally posted by ddriver View Post
    Linux has been reduced to a money making vehicle for ruthless big tech corporations,
    As opposed to what? What would you have us use, instead? How should Linux deal with corporate contributors, and what kind of effect do you suppose that would have?

    Do you think Linux would really be better if they took little interest in it? I remember those days, and it was not fun to have to wonder if it would run stably on your hardware, and if all the basic features of your machine would work properly.

    Comment


    • #52
      Originally posted by ddriver View Post
      Yeah, and what if our collective behavior destroys the planet? Human actions that don't end up causing some long term harm are few and far in between for all of us, including those presumably most conscious on the subject.
      It's wrong to lump together harm resulting from a "tragedy of the commons" with destructive actions taken out of direct self-interest. It's like you're using unintended negative consequences to justify all acts of wrongdoing.

      I know you're smarter than that, but your cynicism dial seems to be turned up to 11. If you're aiming to play a constructive role in these discussions, consider trying to post when you're in a better mood. If you're just here to blow off steam, I'd suggest finding another outlet for that.

      Comment


      • #53
        Originally posted by OneTimeShot View Post

        Yes - what you wrote is a childish way of admitting you are wrong (in my experience).

        My only point is: they did something without written permission that looks an awful lot like something the FBI sometimes investigates. That wasn't smart on the part of their Ethics board.
        I see, since you can't prove me wrong, the next best thing you have in your arsenal is to claim I actually proved myself wrong. Now that's true genius at work...

        What's more, you pick that anemic and exceedingly childish attempt at faux argumentation as the place to refer to me as childish, or if you will - unknowingly exposing yourself further by resorting to by-the-book projection of your personal flaws onto those that make you rightfully feel uncomfortable for them. Or the good old "I am not it, you are it" in its subconscious, involuntary form.

        In addition to the "you wrong because 'something entirely unrelated to the actual subject'", you exhibit another prominent childish behavior pattern - not knowing how little you know. Having a sense of humor doesn't in any capacity render people right or wrong, you know, neither does politeness, correctness, manners, personal beliefs or anything.

        You know, in perfect good faith - you are not really doing yourself any favors, you are catering to and reinforcing your flaws. You may spend years and hundreds of thousands of dollars on psychiatrists without ever hearing as much of what you need to hear, that's actually how altruistic I am My gift to you, take it or leave it.

        That's the cybersecurity equivalent of testing the construction techniques of a functioning dam, by trying to stress it with dynamite! And without clearing it with either those responsible for maintaining it or those potentially affected by its failure!
        It absolutely isn't. It is the equivalent to attempt to sneak in a bag of "dynamite" branded confetti to see if the dam security will do its job properly and stop you.
        ddriver
        Senior Member
        Last edited by ddriver; 25 April 2021, 04:41 AM.

        Comment


        • #54
          Originally posted by Sethox View Post
          I suggest if you truly want a good opinion, read the paper that got published and gain a conclusion on that.

          This thread are full of opinion pieces that I can guarantee have not read the paper
          I'll fully admit I didn't read the paper. Whether or not it contains valuable findings is beside the point. The value of a paper's findings don't justify ethics violations in the underlying research. Furthermore, if the research was conducted in an unethical manner, there are likely procedural errors, as well. And that should cast doubts on whatever conclusions it claims to draw,

          There were other ways to do that research that wouldn't be unethical or pose risks to large numbers of non-consenting parties. These guys just took the easy, lazy, and cheap option.

          Comment


          • #55
            Originally posted by ddriver View Post
            I am sorry, scientific what? Science is a ruthless race for money and power, and ethics in that field exists merely as a pacifier for babies. Science has conducted an astonishing amount of extremely unethical actions both in line of research and application.
            It certainly has, but since you've apparently been living under a rock for like 50 years, here's some reading for you:

            https://www.google.com/search?q=ethi...ds+in+research

            Originally posted by ddriver View Post
            I don't think scientists are any more ethical than your average person,
            That's why ethical standards have been established -- specifically so that researchers know what is expected of them. It is also necessary that they be sanctioned, when they violate these standards, as a deterrent for others.

            Originally posted by ddriver View Post
            Those that already established themselves by extremely unethical means suddenly decide to become "concerned" with ethics, only to obstruct and impede their competition.
            This is kind of like my theory that extremely cynical people just like to believe that everyone else is as unscrupulous as they are, in order to make themselves feel better about their own self-dealing.

            Comment


            • #56
              Originally posted by ddriver View Post

              I see, since you can't prove me wrong, the next best thing you have in your arsenal is to claim I actually proved myself wrong. Now that's true genius at work...
              ...
              Wow - you do see why I think you are admitting you are wrong (most people stop when it is pointed it out and get back to the point).

              To summarise:
              - I agree with you that researching how security vulnerabilities get into the Linux Kernel is valuable.


              The stuff I am pointing out, and you are ignoring:
              - Deliberately attempting to add malicious code to a software project is (likely) some kind of criminal act.
              - University researchers must remain within the law. Most obviously by getting written approval from Linus or someone (which is what penetration testers do).
              - That their motivation was good wouldn't stop them being found guilty, although it would affect a sentencing (they won't go to jail).
              - There are plenty of existing vulnerabilities that have been introduced and found in the Kernel that can be studied for the research, adding one additional bug won't expand human knowledge.

              Comment


              • #57
                Originally posted by ddriver View Post
                I mean come on, has MS really contributed to linux anything in the interest of anything other than itself?
                No. And neither has RedHat or any other kernel contributor ever, or Linus Torvalds himself. That's how open source is intended to work: people can modify the project or collaborate on it in order to get some benefit for themselves (financial, operational, reputational or otherwise).

                Originally posted by ddriver View Post
                Linux has been reduced to a money making vehicle for ruthless big tech corporations, who knows, at this point the foundation may well like its new home in bed with big business more than its previous one in academia. It is after money, and going to big tech simply cuts the middleman, why scrounge on what academia suckles on big tech when they can have them massive bosoms raw.
                Considering that the ONLY alternative is to be reduced to an irrelevant toy system for hobbyists, I'm more than happy with that. It lets me exercise the Four Freedoms in full. As Stallman once said, the point is not to stop people from making money developing software; it's to let people make money developing Free Software.

                Comment


                • #58
                  Originally posted by andyprough View Post
                  They should be unbanned. Cancel culture has no place in a software movement whose foundational concepts are all derived from freedom of speech.
                  This has nothing to do with the cancel culture. It has everything to do with malicious software developers purposefully damaging the kernel.

                  Comment


                  • #59
                    Enough with all this horseshit feel-good virtue signalling.

                    If it were one of Microsoft's open source projects or even the Windows code that was targeted by the researchers, most of people people in here will singing a goddamned different tune.

                    Comment


                    • #60
                      Originally posted by Sonadow View Post
                      Enough with all this horseshit feel-good virtue signalling.

                      If it were one of Microsoft's open source projects or even the Windows code that was targeted by the researchers, most of people people in here will singing a goddamned different tune.
                      I don't think anyone is disagreeing with the value of researching how vulnerabilities get into software. The problems is that the University allowed the students to do it without getting some kind of authorisation, which is standard for penetration testing. That leaves them open to all kinds of legal problems.

                      Comment

                      Working...
                      X