General > General Technical Chat
University of Minnesota Linux code security issues; banned and to be removed
<< < (19/23) > >>
bd139:
It's not. Our legal counsel in the US has actually checked.

Also it'd be Computer Trespass under CFAA, not Criminal Trespass as that applies to physical properly only.

Realistically it's more a parallel to the point of if someone gave you a car and you accepted it contractually with no warranty, then parked it in your garage and it burned your house down then it's the house owner's mess to deal with not the car's original owner mess (really it's the insurers problem - another side issue to consider!).  If they introduced a statutory law to prove causality then there would be no second hand goods because the entire ownership chain of the goods would be responsible for future events. Also every software bug would end in a lawsuit.

YMMV but "the law" doesn't cover this as it stands at least in the US and UK.

The only tenable issue from this is the chain of trust was proven to be chock full of holes.
DrG:

--- Quote from: ataradov on April 29, 2021, 08:54:01 pm ---Those guys are lucky they did not get into more trouble than this.

--- End quote ---

On the one quoted point, I'm not sure that you can evaluate the trouble they got into since it is not yet complete. Even at this point, how do you think that this "issue" looks to potential employers?

bd139:
I'd hire them in a snap. They'd be good for an adversarial security programme.
DrG:

--- Quote from: tunk on April 29, 2021, 08:47:37 pm ---Letter requesting withdrawal (April 26, 2021):
https://www-users.cs.umn.edu/~kjlu/papers/withdrawal-letter.pdf
There's more info on his page, including a letter to the Linux foundation from the department head:
https://drive.google.com/file/d/1z3Nm2bfR4tH1nOGBpuOmLyoJVEiO9cUq/view

Looks like the he has been removed from the program committee of IEEE S&P 2022:
https://www.ieee-security.org/TC/SP2022/cfpapers.html
But this has not been updated on his home page:
https://www-users.cs.umn.edu/~kjlu/

--- Code: ---News
[03/03/2021] I will be on the program committee of IEEE S&P 2022.
[02/12/2021] Our work on detecting unsafe DMA accesses was accepted to USENIX Security'21. Unchecked and inconsistent DMA accesses are very common in drivers; we found about 300 such bugs in Linux drivers.
....

--- End code ---

--- End quote ---

Thanks for these cites. The University letter is the most interesting to me. A couple of things that I see:

The Linux folks issued some requests (demands, whatever you want to call them) and that letter is a response.

The signatures are Dept head and Deputy Dept. Head - no Deans or higher ups are involved on paper. IOW, they are keeping it at as low a level as possible, which is reasonable in my view.

The University did not withdraw the paper. The authors withdrew the paper. This is not to say that some pointed discussions may have taken place. If the authors refused to withdraw the paper, my view is that the University would have done so.

The IRB is, in a sense, off the hook. This is what I thought would happen. These folks have roles and charters and in the US, these are pretty close to being standardized and there is CFR around them. Interestingly, this situation may changes some things, at least potentially. These are complicated issues (see https://www.hhs.gov/ohrp/regulations-and-policy/regulations/45-cfr-46/index.html).

The issue of ethics in research, however is much larger.

In my opinion (and only my opinion), is that the Univ seems to be saying that they are going to modfy their procedures to include/expand training and discussion with regard to research ethics. Some will view this as simple CYA and cosmetic attention. Maybe yes, maybe no. Their response in 3 and 4 does not seem, to me, to be weasel words....although I might change my mind at some point.

Does this satisfy doing X Y and Z as I mentioned earlier? Yeah, probably.
DrG:

--- Quote from: bd139 on April 29, 2021, 09:45:47 pm ---I'd hire them in a snap. They'd be good for an adversarial security programme.

--- End quote ---

Make them an offer, they might be interested.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod