https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
On Wed, Apr 21, 2021 at 10:18 PM Russell Senior <russ...@personaltelco.net> wrote: > > The question they were asking is interesting, but (as someone said to > me this evening) it is sort of the equivalent of placing a bomb on an > airliner to see if it will be discovered before it explodes. Also, it > seems like the subjects of the experiment were human (users of the > software) and so the IRB was wrong to declare it didn't have human > subjects just because specific individuals were not targeted. > > The main result seems to be that UMN affiliated contributors won't be > able to get their code accepted anymore with whatever psychological > advantages being associated with a benevolent institution might > normally have. You can't stop people from sending patches from a gmail > account, of course, but without the subtle assumption that it's a > friendly, warm-hearted contribution. > > On Wed, Apr 21, 2021 at 9:21 PM Denis Heidtmann > <denis.heidtm...@gmail.com> wrote: > > > > In reviewing some of the emails in the list there were statements that > > > > "A lot of these have already reached the stable trees. I can send you > > revert patches for stable by the end of today " > > > > Not being a coder I am not sure what "stable tree" means, but it could > > mean that some of this malicious code made it in. If so, the thesis > > of the paper is confirmed. > > If they had submitted only one patch and it had been written with more > > skill, would damage have been done? > > > > I am not supporting the UMN approach, but it does appear to me that > > the behavior of the kernel group has changed as a result, not just in > > their dealings with the UMN people. > > > > -Denis > > > > > > On Wed, Apr 21, 2021 at 8:03 PM Russell Senior <russ...@personaltelco.net> > > wrote: > > > > > The paper includes this line: "IRB [...] determined this is not human > > > research. We obtained a formal IRB-exempt letter" > > > > > > IRB stands for Institutional Review Board and any research institution > > > is going to have one. Here's the wikipedia page about IRBs in general: > > > https://en.wikipedia.org/wiki/Institutional_review_board > > > > > > On Wed, Apr 21, 2021 at 5:06 PM Jason Barbier <ja...@corrupted.io> wrote: > > > > > > > > On Wed, Apr 21, 2021, at 5:02 PM, Denis Heidtmann wrote: > > > > > PSU has a policy that requires admin. review of any experiments to be > > > > > conducted on humans. That got some people in trouble for testing > > > > > publications' response to submitted articles using bogus stuff. I > > > wonder > > > > > if the UNM has such a requirement, and, if so, I wonder if it was > > > followed. > > > > > > > > > > -Denis > > > > > > > > The answer is yes, and they have an ethics review board which was posted > > > on that email thread for GKH to toss an email to and let them know whats > > > up. > > > > > > > > > > > > > > On Wed, Apr 21, 2021 at 8:31 AM Ben Koenig <techkoe...@gmail.com> > > > wrote: > > > > > > > > > > > On Wed, Apr 21, 2021, 7:32 AM Ben Koenig <techkoe...@gmail.com> > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Apr 21, 2021, 7:19 AM Jason Barbier <ja...@corrupted.io> > > > wrote: > > > > > > > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> On Wed, Apr 21, 2021, at 7:02 AM, Paul Heinlein wrote: > > > > > > >> > On Wed, 21 Apr 2021, Russell Senior wrote: > > > > > > >> > > > > > > > >> > > > > > https://lore.kernel.org/linux-nfs/yh%2ffm%2ftsbmczz...@kroah.com/ > > > > > > >> > > > > > > > > >> > > > > > > > > > https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf > > > > > > >> > > > > > > > > >> > > Holy crap, way to step on it with golf shoes! > > > > > > >> > > > > > > > >> > I wonder if anyone has ever written anything on the subject of > > > > > > >> > Patterns of Abuse and Criminality. This looks like a version of > > > > > > >> > gaslighting, but in a tech-community context. > > > > > > >> > > > > > > > >> > -- > > > > > > >> > Paul Heinlein > > > > > > >> > heinl...@madboa.com <mailto:heinlein%40madboa.com> > > > > > > >> > 45.38° N, 122.59° W > > > > > > >> > _______________________________________________ > > > > > > >> > PLUG: https://pdxlinux.org > > > > > > >> > PLUG mailing list > > > > > > >> > PLUG@pdxlinux.org <mailto:PLUG%40pdxlinux.org> > > > > > > >> > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > >> > > > > > > > >> > > > > > > >> To be fair reading the whole response from the umn address it > > > reads more > > > > > > >> like "Fuuuuuuuuuuu, the subject caught me and is blowing up my > > > doctoral > > > > > > >> thesis how do I save it! > > > > > > > > > > > > > > > > > > > > > By accepting the test results for what they are? > > > > > > > > > > > > > > He set out to prove a theory that OSS is inherently insecure. He > > > tested > > > > > > > that theory. > > > > > > > > > > > > > > Test results came back negative. The OSS community protected > > > itself from > > > > > > > malicious actors. > > > > > > > > > > > > > > > > > > > > Heyyy the pdf works when downloaded and viewed directly! > > > > > > > > > > > > But I still have trouble reading it. Maybe the CS team at UMN should > > > have a > > > > > > language arts major clean up the grammar before they start > > > recommending > > > > > > changes to the linux coc. > > > > > > > > > > > > > > > > > > It IS a serious college project after all. > > > > > > -Ben > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > >> PLUG: https://pdxlinux.org > > > > > > >> PLUG mailing list > > > > > > >> PLUG@pdxlinux.org > > > > > > >> http://lists.pdxlinux.org/mailman/listinfo/plugi > > > > > > >> > > > > > > > > > > > > > _______________________________________________ > > > > > > PLUG: https://pdxlinux.org > > > > > > PLUG mailing list > > > > > > PLUG@pdxlinux.org > > > > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > > > > > > _______________________________________________ > > > > > PLUG: https://pdxlinux.org > > > > > PLUG mailing list > > > > > PLUG@pdxlinux.org > > > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > > > > _______________________________________________ > > > > PLUG: https://pdxlinux.org > > > > PLUG mailing list > > > > PLUG@pdxlinux.org > > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > > > PLUG: https://pdxlinux.org > > > PLUG mailing list > > > PLUG@pdxlinux.org > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > _______________________________________________ > > PLUG: https://pdxlinux.org > > PLUG mailing list > > PLUG@pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
