[GTALUG] Linus Torvalds Responds to Linux Banning University of Minnesota

Sun Apr 25 15:11:26 EDT 2021

On Sun, Apr 25, 2021, 12:07 PM Karen Lewellen via talk <talk at gtalug.org>
wrote:

> I am not sure I resonate.
> why banning an entire university program for the actions of two students?
> Its like saying because one doctor abused his  duties, we will not let
> anyone seek care from St.  Michael's hospital ever again.
>

Rephrasing. If you knew about a doctor abusing patients at a hospital and
getting away with it, would you trust the hospital for your care or find
another one? Well there is a doctor at that hospital who has given you
excellent care in the past ( trust factor). So maybe you go to them then.

It is the same here. The University broke the trust factor. The IRB failed
to do it's job.

Dhaval

Or for a more computer reference Cloudflare's deciding I am a threat
> because I cannot solve their noninclusive captcha..they have a zero
> tolerance policy too.
>
>
>
> On Sun, 25 Apr 2021, Ansar Mohammed via talk wrote:
>
> > I know some people may think this is an over-reaction. But FWIW, I agree
> > with the Zero Tolerance approach.
> >
> >
> > On Sun, Apr 25, 2021 at 12:08 PM Dhaval Giani via talk <talk at gtalug.org>
> > wrote:
> >
> >> On Sun, Apr 25, 2021 at 8:32 AM D. Hugh Redelmeier via talk
> >> <talk at gtalug.org> wrote:
> >>>
> >>> | From: Aruna Hewapathirane via talk <talk at gtalug.org>
> >>>
> >>> Thanks for pointing this out.  (I used to subscribe to the LKML but it
> >>> just got too voluminous.)
> >>>
> >>> | I am still trying to understand the reason 'why' would anyone even
> >> want to
> >>> | do this ?
> >>>
> >>> The first question is "what, exactly, is 'this'?".
> >>>
> >>> I've ONLY read media reports and their recent apology.  So I'm not the
> >>> most informed.
> >>> <
> >>
> https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/T/#u
> >>>
> >>>
> >>> Some reactions.
> >>>
> >>> The apology starts with:
> >>>
> >>>   "We sincerely apologize for any harm our research group did to the
> >>>    Linux kernel community."
> >>>
> >>> This common formulation rubs me the wrong way.  The word "any" means
> >>> that they are not actually admitting to there being harm.  If they had
> >> used
> >>> "the" or "all", I would interpret it as a genuine apology.
> >>>
> >>> Later they seem more contrite.  But it is buried at the end of a
> >>> paragraph, near the end of the message>
> >>>
> >>>   "We apologize unconditionally for what we now recognize was a breach
> of
> >>>    the shared trust in the open source community and seek forgiveness
> for
> >>>    our missteps."
> >>>
> >>> I think that they may have done the communities a service.  This kind
> >>> of weakness injection has always been available to bad actors.  In
> >>> this case, it was an actor intending to do good.
> >>>
> >>> - they don't think that they actually added a vulnerability
> >>>
> >>> - they demonstrated how adding a vulnerability could be done
> >>>
> >>> GKH appears to have over-reacted.  (I may be wrong: he's always seemed
> >>> like a rock-steady guy.)
> >>>
> >>
> >> As someone actually affected by these reverts :-). Greg KH did not
> >> over react. These guys did not do the community a service. They did
> >> add vulnerabilities (those have been reverted since) and they did not
> >> tell us anything. I myself have left old code in the kernel when
> >> trying to get rid of some of my stuff. And I was not trying to inject
> >> a bug. They did not tell me anything I did not already know. It is
> >> easy to get bugs into the kernel. Let me link to the paper and their
> >> "contributions".
> >>
> >>
> >>
> https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
> >> --
> >> VIII A
> >> By its nature, OSS openly encourages contributors. Com- mitters can
> >> freely submit patches without liability. We believe that an effective
> >> and immediate action would be to update the code of conduct of OSS,
> >> such as adding a term like “by submitting the patch, I agree to not
> >> intend to introduce bugs.” Only committers who agreed to it would be
> >> allowed to go ahead to submit the patches. By introducing the
> >> liability, the OSS would not only discourage malicious committers but
> >> also raise the awareness of potential introduced bugs for benign
> >> committers.
> >> --
> >> This is a mitigation. Have contributors claim they are not introducing
> >> bugs (at least intentionally).
> >>
> >> The rest of the mitigations are equally bizarre. They are not telling
> >> us anything we don't know. There is nothing original in this work
> >> (except for the human experimentation aspect of it.)
> >>
> >> Now let's talk about the negative impact. It is already hard enough to
> >> contribute to the linux kernel. It is built on trust. They have
> >> destroyed any trust we had in code coming from UMN. How do we know we
> >> are not being experimented for research? Like Greg pointed out, it is
> >> much easier for us to ignore all their stuff. I don't have enough
> >> seconds in my minute to get my day job done. On top of that, any new
> >> comer will have to face a much higher bar, making it even more
> >> hostile. (I actually see it as a negative, because it is easier to
> >> ignore the newcomer as opposed to doing the extra work. And generally
> >> most newcomers with some work turn out to be darn good contributors.)
> >> It will make it harder to look at non corporate contributions
> >> seriously.
> >>
> >> And as far as UMN is concerned, this is not the first time they have
> >> been involved in questionable experiments. The last time had much more
> >> serious consequences.
> >> https://en.wikipedia.org/wiki/Death_of_Dan_Markingson
> >>
> >> Dhaval
> >> ---
> >> Post to this mailing list talk at gtalug.org
> >> Unsubscribe from this mailing list
> >> https://gtalug.org/mailman/listinfo/talk
> >>
> >---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20210425/d66490fc/attachment.html>