Announcement

Collapse
No announcement yet.

Linux 5.13 Reverts + Fixes The Problematic University of Minnesota Patches

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 5.13 Reverts + Fixes The Problematic University of Minnesota Patches

    Phoronix: Linux 5.13 Reverts + Fixes The Problematic University of Minnesota Patches

    One month ago the University of Minnesota was banned from contributing to the Linux kernel when it was revealed the university researchers were trying to intentionally submit bugs into the kernel via new patches as "hypocrite commits" as part of a questionable research paper. Linux kernel developers have finally finished reviewing all UMN.edu patches to address problematic merges to the kernel and also cleaning up / fixing their questionable patches...

    https://www.phoronix.com/scan.php?pa...5.13-UMN-Fixes

  • #2
    To clarify, does that mean all 150+ were reviewed and all but 37 were deemed worth keeping, or is it just that only 37 have been tackled so far?

    Comment


    • #3
      Yes. Out of 150+ patches reviewed, 37 were removed and/or reverted as well as the fixes necessary to do that.

      Funnily enough, I read your post the first time as "150+ removed...37...worth keeping".

      Comment


      • #4
        Now, when are we going to hear about the further actions taken against (1) the University of Minnesota, and (2) those "researchers"--every last one; ALL up and down the chain of this particular instance--who are (they STILL are) responsible for this debacle performed in the name of "academic research"?
        There ARE going to be further actions taken, aren't there?

        This is absolutely unacceptable. At a minimum, those "researchers", along with everyone associated with the approval process of that "research" should be fired; and the University of Minnesota should be sanctioned--in the strongest possible ways--for allowing this to ever have happened.

        U.S. Government--how about YOUR pulling any and all funding, from this university, having anything and everything to do with Computer Science, and Electrical and Computer Engineering. This "institution of higher learning" has proven, beyond any shadow of a doubt, that it is not; and the tax-payers, who pay for the funding of university research, ought to be assured that their money is not wasted--as it most obviously is in the funding of "research" at the University of Minnesota.

        Comment


        • #5
          Originally posted by skeevy420 View Post
          Yes. Out of 150+ patches reviewed, 37 were removed and/or reverted as well as the fixes necessary to do that.

          Funnily enough, I read your post the first time as "150+ removed...37...worth keeping".
          That's good - the university may have made some mistakes but at least they have some real and worth-keeping contributions. Though 37 is surprisingly high for patches that weren't malicious and not worth keeping.

          Haha and yeah, reading back my question, I did phrase it weirdly.

          Comment


          • #6
            Originally posted by schmidtbag View Post
            That's good - the university may have made some mistakes but at least they have some real and worth-keeping contributions. Though 37 is surprisingly high for patches that weren't malicious and not worth keeping.
            I thought the same thing.

            Haha and yeah, reading back my question, I did phrase it weirdly.
            I was a little confused in the article and had to read it slowly multiple times. I think it's both more a case of when humans read numbers and words together our brains sometimes go WTF is going on here. That's especially true if you're like me and your brain likes to swap words or letters around when you speed read.

            Comment


            • #7
              Originally posted by danmcgrew View Post
              Now, when are we going to hear about the further actions taken against (1) the University of Minnesota, and (2) those "researchers"--every last one; ALL up and down the chain of this particular instance--who are (they STILL are) responsible for this debacle performed in the name of "academic research"?
              There ARE going to be further actions taken, aren't there?
              Why would there be? And why do you put "these" "terms" in "quo"te"s""?" It was research.
              People with actual malicious intent who are paid to introduce vulnerabilities into the kernel neither are nice enough to document their activities in research papers, nor will they use obvious email addresses that tell everyone who they are working for. This incident served as an excellent wake-up call and a good reminder of the need to be as critical as reasonably possible with changes submitted to open-source software. The wake-up call clearly didn't work for you, since clearly the illusion of a perfect world be restored for you just by burning some witches at the stake, but at least most of the kernel devs are bound to be smarter than you.

              Comment


              • #8
                I wonder if GKH still supports BLM now. It's not so fun when it's your house on fire.

                Comment


                • #9
                  Originally posted by david-nk View Post
                  It was research.
                  Ethical research requires consent, for starters.

                  Comment


                  • #10
                    Originally posted by david-nk View Post
                    Why would there be? And why do you put "these" "terms" in "quo"te"s""?" It was research.
                    People with actual malicious intent who are paid to introduce vulnerabilities into the kernel neither are nice enough to document their activities in research papers, nor will they use obvious email addresses that tell everyone who they are working for. This incident served as an excellent wake-up call and a good reminder of the need to be as critical as reasonably possible with changes submitted to open-source software. The wake-up call clearly didn't work for you, since clearly the illusion of a perfect world be restored for you just by burning some witches at the stake, but at least most of the kernel devs are bound to be smarter than you.
                    Its not that straight forwards. Looking for true threat causing problems is different to looking for a person just submitting do nothing commits.

                    To be correct a lot of parties with malicious intent do document how they do things. Ok not in the normal public internet. Over time the automated bots that run over the source code from Intel and others on the Linux kernel have been coded to detect a lot of these true malicious things. Lot of the malicious like bragging with each other how they did things.

                    The blame feature of git was put there that after the fact you could back trace to who added a particular fault. Does not get talked about a lot but quite a few developers and companies have been banned from submitting to the Linux kernel. Only thing that unique here is that its a University really.

                    Comment

                    Working...
                    X