| General > General Technical Chat |
| University of Minnesota Linux code security issues; banned and to be removed |
| << < (10/23) > >> |
| Ed.Kloonk:
--- Quote from: DrG on April 25, 2021, 03:26:44 am ---Well, I appreciate the dialog. But, what you are saying, as I understand it, is that the Univ has to own up to some mistakes and take solid corrective measures....well maybe they will, but we'll see. :) --- End quote --- I think that due to the personal situation of those involved, public opinion may force Greg KH to walk back his statement. |
| magic:
You guys are funny :P The offending patches have not been submitted form the university's domain, but from throwaway gmail accounts. It's all described in the paper, but of course no one who has an opinion about the paper has actually read it, as usual. The patches were never meant to damage anything, they say they informed the maintainers about the experiment as soon as the malicious patches received approval on the mailing list and suggested correct fixes. Unfortunately we won't get to see the details of those exchanges without some extensive digging, because they have been redacted from the paper to protect the guilty maintainers. That was indeed done to calm down the ethics review guys. They passed ethics review by insisting that no personal information will be collected or published and they only test "the development process" as such. Finally, all the patches nuked by Greg were patches from random students looking for issues or playing with static analyzers. Most appear to have been accepted, a few have been found suboptimal, a few were rejected because they don't work. I'm disappointed that Greg hasn't followed up with the obvious and requested a review of patches submitted from other students around world (and from random strangers with gmail accounts). Like they should be doing in the first place :P OTOH, the paper is perhaps not very useful and the solutions they propose are either "no shit Sherlock" or plain dumb. But I would say it may still be worth it for the publicity stunt alone >:D Perhaps a lesson has been learned, do such things anonymously and don't brag about them under your real name later. |
| Ed.Kloonk:
--- Quote from: magic on April 25, 2021, 06:24:53 am ---You guys are funny :P The offending patches have not been submitted form the university's domain, but from throwaway gmail accounts. It's all described in the paper, but of course no one who has an opinion about the paper has actually read it, as usual. --- End quote --- Can you point to the spot in said paper? Gmail accounts are historically how Linux people communicate. |
| magic:
You start with downloading the PDF and then CTRL+F gmail :P Section VI on page 8. |
| ataradov:
It does not matter what emails were used. The work is endorsed by the University. And the "publicity stunt" is the reason why that uni should be forever banned from submitting anything. It would start a war of one upping each other. There must be real consequences for publicity stunts. It is like gender reveal parties. The further it goes, the stupider and more dangerous it gets. And their recent apology letter should be followed up by withdrawing that article from the IEEE conference. As it stands, their words still say one thing, and the actions say completely the opposite. The work on the article started quite some time ago. Those things have a pipeline. So who knows what other articles they were working on, and what consecutive patches from them are trying to test other things? It is safer to just remove all of them. Especially given that their contributions were not significant in any way. |
| Navigation |
| Message Index |
| Next page |
| Previous page |