Greg Kroah-Hartman Rejects Apology from University of Minnesota Researchers (kernel.org) 140
Saturday University of Minnesota researchers emailed the Linux kernel mailing list apologizing for submitting buggy code as part of a research project to see whether it would be accepted.
Late Saturday night, the kernel team's Greg Kroah-Hartman replied: Thank you for your response.
As you know, the Linux Foundation and the Linux Foundation's Technical Advisory Board submitted a letter on Friday to your University outlining the specific actions which need to happen in order for your group, and your University, to be able to work to regain the trust of the Linux kernel community.
Until those actions are taken, we do not have anything further to discuss about this issue.
thanks
Late Saturday night, the kernel team's Greg Kroah-Hartman replied: Thank you for your response.
As you know, the Linux Foundation and the Linux Foundation's Technical Advisory Board submitted a letter on Friday to your University outlining the specific actions which need to happen in order for your group, and your University, to be able to work to regain the trust of the Linux kernel community.
Until those actions are taken, we do not have anything further to discuss about this issue.
thanks
Good decision (Score:5, Insightful)
Re:Good decision (Score:5, Interesting)
They could've just got their own. Heck, they could've set up their own fork, patch review team, and tried to fool them.
But no, they decided to break someone else's toys.
Re: (Score:3)
Re: (Score:2)
What makes it garbage? Reviews seem positive, aside from a JFK conspiracy post.
The author is at the Babbage Institute, which studies tech history. The CS department is on the other campus, across the Mississippi River.
Re: (Score:2)
That's not the review (Publishers Weekly), that's a comment to the review, and it's about a JFK conspiracy. The book itself seems fine, based on that review and others.
See also The Paranoid Style in American Politics (1964) if you're interested.
What makes it garbage in your mind? JFK stuff, Minnesota stuff, what?
Re: (Score:2)
Re: (Score:3)
UMinn already has gopher, the browser before www.
Re: (Score:2)
Re: (Score:2)
Somebody else already said it more funnily than me, elsewhere in this discussion, as it turns out.
Re: (Score:2)
Heck, they could've set up their own fork, patch review team, and tried to fool them.
Yes, but the study is about flaws in patch review process. Setting up their own, would just be testing their own review team and not the real thing. It really puts the "no human subjects" IRB exemption they managed to get into perspective.
Re: (Score:2)
A lot of research in subjects like psychology require the subject to be unaware of being a subject and hence there are well known guidelines related to damage mitigation the subjects being unaware is required for the experiment. A good example of this is the Milgram experiment where t
Re: (Score:2)
Typically, experiments which require the subjects' active participation also require the subjects' permission. They usually don't tell the subject exactly what's being studied since that could alter the results but they don't compel the participation of unwitting and unwilling people.
The Milgram experiment demonstrates this: the subject is deceived about their role in the experiment but accepts payment to participate in the experiment.
The modern "white hat" hacker movement often crosses this ethical boundar
Re: (Score:1)
Re: Good decision (Score:5, Insightful)
Re: (Score:2)
Not only that, but these "researchers" names will forever be associated with this lazy research topic and how they went about it.
They got a top-tier publication out of this. So far, I think most of the damage and extra work has landed on other people.
If they ever applied to any position I'm reviewing and found out
Many conferences have a double-blind submission process (i.e., authors are anonymous during review).
Re: (Score:2)
A top-tier publication might well be just a flash-in-the-pan. Could be the last thing of notoriety that they do when it comes to OS kernels.
Re: Good decision (Score:2)
This is the best decision. (Score:5, Interesting)
I'm betting their Research Project is continuing....
They're probably using that apology letter to try to answer questions like:
* How susceptible is the Open Source Community to lame excuses from organizations that try to sabotage their work?
* How vulnerable is the Open Source Community to letting rogue organizations inject more defects just by changing the personnel of the people submitting compromising patches?
* Can groups that want back doors in Linux (hackers, government groups, etc) just switch the names of contributors and get to add more backdoor attempts even after their first people are banned?
The only way the Linux community can come out looking secure in the university's final research papers is to be extremely strict in the conditions of their return to the community.
Re: (Score:1, Informative)
These are foreign actors [github.io], sponsored by the PRC and need to be removed immediately:
"I am a Ph.D. student in the Computer Science & Engineering Department at the University of Minnesota, advised by professor Kangjie Lu. I received my undergraduate B.A. in the Information Science & Engineering Department of the University of Science and Technology of China in 2018."
Re: This is the best decision. (Score:2)
Why would they sabotage the whole kernel when Linux is used all over China. They are probably more dependent on Linux than the US.
Re: (Score:3)
There is little need to sabotage the kernel. There are enough utilities, including the kernel, that are patched and built as part of localized distributions for vulnerabilities to be injected many other places in the build systems. I've had security chats about environments that subject their code to sophisticated technology reviews, but do not protect their build and deployment systems or that publish permanent backdoor logins for the security team.
Re: This is the best decision. (Score:2)
You must be new here. This is the intellectual vigor he brings to every subject.
Re: This is the best decision. (Score:2)
Re: (Score:3)
It's not like this is sabotage to break the kernel and make it nonfunctional. Are you really claiming you don't understand why China might want backdoors in its own systems? For anything truly secure, they could patch out the known vulnerabilities. For everything else, it's just another tool of surveillance and control.
Re:This is the best decision. (Score:4, Insightful)
The fact that we're all talking about it seems to indicate that it does have value.
No. If the research had value, then we would be discussing the results, not the ethics of the methodology.
Clearly Greg thinks it's highly unethical, but it's not clear how this research can be done in another more ethical way.
If research can't be done ethically, then you DON'T DO IT.
Re: (Score:2, Insightful)
If an attacker really wanted to sneak bad code in they would not just change the names on the patches, they would change the organisation too. Banning an entire university is kinda pointless, if someone there wants to submit patches they will just send them from a Gmail account instead of a .edu one.
The kernel people seem to understand this and their issue is more being pissed off at having their time wasted then security.
Re:This is the best decision. (Score:4)
wasting the time of people who otherwise might be working, at least indirectly, on security is a security issue.
Re: (Score:2)
Indeed. It is a denial-of-service attack on the security processes.
Re:This is the best decision. (Score:4, Insightful)
True. There is value in making it entirely clear that anybody caught will get banned though. For example, the NSA does depend on being able to submit patches to keep the US economy safe. If they have to fear getting blocked in that, their incentives to try active sabotage get reduced significantly. For that to work the threat has to be credible and the ban has to be enforced, even if it was just stupid no-ethics researchers this time.
Re:This is the best decision. (Score:5, Insightful)
Even with credentials from the University of Minnesota these people were not able to get their patches into the kernel. What makes you think that random hacker would have an easier time?
The reality is that this sort of thing works like a web of trust. The University allowed researcher to abuse that trust in their name, and now everyone associated with that institution is seen as less trustworthy. This is precisely how it should work. The folks vetting these patches can't know everyone, and no one can really audit every line. That means that they have to be able to trust people that they don't know. The solution of course, is a web of trust. It is very likely the reason that this code wasn't rejected out of hand was that someone assumed that researchers at the University of Minnesota could be trusted not to be malicious actors. The folks safeguarding the Linux code don't know everyone at the University of Minnesota, but they probably knew someone, and they trusted the group not to pull this sort of prank.
And now that is simply not the case.
It wasn't only these two researchers either. There were professors that had to have approved this research, and other colleagues that knew about it and didn't warn their colleagues outside of the university. This prank has officially burned the reputation of everyone that has ever worked under a umn.edu email address.
Don't get me wrong, this is still exciting research. It is just the sort of research that gets everyone involved banned as pariahs for time and all eternity. The other folks working on the Linux kernel simply can not afford to be merciful in this case. Even if they had made this commits "on accident" then the mere fact that they were this poorly done would raise red flags for future commits. The fact that they did this on purpose and that other people knew about it and thought it was a good idea just means that they are completely untrustworthy.
If I were a student at umn.edu I would be furious. I can't imagine what the people running this research group were thinking.
Re: This is the best decision. (Score:2)
Re: (Score:2)
What makes it drivel? Reviews seem positive, aside from a JFK conspiracy post.
Re: (Score:3)
It wasn't only these two researchers either. There were professors that had to have approved this research, and other colleagues that knew about it and didn't warn their colleagues outside of the university.
Specifically, they also got this through IRB review approval by claiming "no human subjects" exemption.
Don't get me wrong, this is still exciting research.
Ironically, the ethically solid parts (like reviewing and analyzing prior bugs or describing the proposed patch threat) were the best part anyway.
Re: (Score:3)
I probably would be willing to forgive individuals from the University of Minnesota, and if I already knew them those relationships probably wouldn't change. However, trust in the institution will have to decrease unless officials there take drastic steps. The best that the officials at the University of Minnesota can hope for is that they appear grossly incompetent. They hired an entire group of researchers that thought that this was a good idea. If they continue to sponsor them they appear actively ma
Re:This is the best decision. (Score:5, Insightful)
Here's the part I have a real problem with:
* Our recent patches in April 2021 are not part of the “hypocrite commits” paper either. We had been conducting a new project that aims to automatically identify bugs introduced by other patches (not from us). Our patches were prepared and submitted to fix the identified bugs to follow the rules of Responsible Disclosure, and we are happy to share details of this newer project with the Linux community.
So they're apparently still claiming that their April patches, which introduced security issues just like the "hypocrite commits" did, and were overseen by the same professor, were not done deliberately. Seriously? I'm sorry, but at this point, I don't believe them. That's the problem with lost trust. How does anyone reasonably assume it was anything except deliberate now, given what they've done? Even if they weren't deliberate, then they were incredibly incompetent. You can't really have it both ways.
It still feels to me like they're whitewashing this, trying to protect this grad student when he stuck his foot in his mouth and claimed innocence, going so far as to attack Greg Kroah-Hartman for his "preconceived biases."
Re: (Score:2)
Just ban them and rip _everything_ out they ever contributed. That grad student can go was dishes as a career as far as I am concerned. The organization may eventually get un-banned again if they cut out the cancer mercilessly and credibly. And I mean getting rid of that professor as well.
Re: (Score:2)
Just ban them and rip _everything_ out they ever contributed.
According to BleepingComputer [bleepingcomputer.com], that's exactly what they did.
Re: (Score:2)
So basically a group of people from an organization decided it would be ok to attack the system without permission. Why is nobody pressing charges?
If they did this to a commercial product/service without explicit permission ahead of time I am pretty darn sure there would be some jail time being discussed.
Re: (Score:2)
I'm betting their Research Project is continuing....
They're probably using that apology letter to try to answer questions like:
* How susceptible is the Open Source Community to lame excuses from organizations that try to sabotage their work?
* How vulnerable is the Open Source Community to letting rogue organizations inject more defects just by changing the personnel of the people submitting compromising patches?
* Can groups that want back doors in Linux (hackers, government groups, etc) just switch the names of contributors and get to add more backdoor attempts even after their first people are banned?
The only way the Linux community can come out looking secure in the university's final research papers is to be extremely strict in the conditions of their return to the community.
Very true. And it is entirely possible there are some of the usual evil forces (for example from the US intelligence community) exactly trying to answer these questions for their own use and as preparation to get well camouflaged backdoors in there. They would be using these "researchers" that apparently do not understand professional ethics at all as a front and guys to take the fall when discovered.
Personally, I would require a sworn statement form all "researchers" involved that this was only their own b
Re: (Score:2)
Follow the money. The idea of research chumps had to have crossed the minds of the kernel developers. Good thought!
Nothing short of full disclosure has any chance of getting the chumps past this mess.
Re:This is the best decision. (Score:4, Insightful)
Look, the university and these people benefited from screwing over the Linux community with their tests. The benefit was the publication of their paper. It may not be a monetary benefit, but it's a prestige benefit - the authors and the university get greater recognition in the academic community because of this work.
The apology did not seem sincere. It was just a post to the LKML. I do not see how the damage they caused during their experiments, plus the benefit they themselves plus the university got is made up by this one post.
A handwritten apology letter sent to the Linux Foundation and Greg would've been the bare minimum to than what was basically a no-effort post And by bare minimum, I mean "I'm a poor student and really cannot do anything more meaningful".
The damage to Linux should include compensation in some form greater than the amount of work this has caused - all the time and effort that is now spent going through the contributions and reviewing them and all this. It could be a simple cash donation to the Linux Foundation - or maybe it's hardware - some high end Linux PCs for developers.
It costs real people time and money to fix up the damage they caused, the least they could do is compensate people for that. If UMN really wanted to "make good", how about a 10 year commitment of $500,000 to the Linux Foundation? (That's 5 million dollars, which should be well above compensating the damage, well above whatever benefits they'd get from publishing the paper and well above the prestige obtained from it). I don't care if it comes out of the university's IT budget, or their CS department budget or whatever else. $500K isn't a random number, it's the platinum membership fee at the Linux Foundation.
It'll sting, but it's not something UMN would suffer too badly from I would think - they're a big university.
And had there been informed consent, then it's much less of an issue - I'm sure some minor compensation for the extra time and effort would've been sufficient - a few thousand dollars just to keep track of all the patches manually should be more than sufficient.
Of course, I can't find what Greg wanted as he has hinted. I know it's probably somewhere in LKML but it's a pain to find it.
Re: (Score:2)
And had there been informed consent, then it's much less of an issue - I'm sure some minor compensation for the extra time and effort would've been sufficient - a few thousand dollars just to keep track of all the patches manually should be more than sufficient.
What you're talking about is basically penetration testing. If there had been informed consent then there would be no need for compensation at all, because both parties would have laid-out a groundwork for the test, both parties would have privately shared in the results before the any information was made public, and the Kernel team would have had time to take corrective action prior to results being published. The researchers, be they student-researchers or otherwise, would have been celebrated rather t
Re: (Score:2)
$500k seems a bit excessive for the damage caused.
I would say a good remediation would be to offer to hire an independent security developer to review all patches that University of Minnesota wishes to commit as well as 2 other equal sized commits from other users for the next 5 years.
They should also sponsor a working committee within the Linux Foundation to write a whitepaper on how any organization should approach future white hat operations.
Re: (Score:2)
I'm betting their Research Project is continuing....
This is why material efforts need to be made before their 'apology' is accepted. The university should be required to hire an independent security auditor to review all commits by the University for a period of like 5 years. And as penance they also have to fund the security auditor's reviews of an equal number of commits from other users on behalf of the Linux Foundation.
A probationary period seems appropriate until trust can be returned.
Re:Good decision (Score:4, Insightful)
If the contents of this letter public? It's not linked in the summary.
Re: (Score:2)
I don't think it needs to be public. All the relevant people know the contents, no need to drag problems on in the open.
Re: (Score:2)
I don't think it needs to be public. All the relevant people know the contents, no need to drag problems on in the open.
Is this an attempt at irony? The whole platform is supposed to be OPEN, and this transgression was not against a small, select group of people. In the open is exactly where the problems should be.
Four other groups of relevant people (Score:4, Funny)
I classify "relevant people" to include not only those involved in the incident but also several other groups.
- One is the the university's student body, in order to know whether they will need to transfer to another university before graduation in order to pursue their intended career.
- A second is high school seniors considering applying to the university, in order to know whether they will need to choose a different university in order to pursue their intended career.
- A third is researchers and ethics boards affiliated with other universities, in order to understand the consequences of violating the code of conduct.
- A fourth is the admissions staff of other universities, in order to prepare for an influx of transfer students.
Re: (Score:2)
Somehow it's China's fault.
Meanwhile, GregKH was full of praise for Huawei's committment to support the 5.10 LTS kernel for six years.
Re: (Score:2)
***whoosh***
See https://en.wikipedia.org/wiki/... [wikipedia.org]
Not yet, apparently (Score:2)
If the contents of this letter public? It's not linked in the summary.
I couldn't find it anywhere on the E_mail kernel threads, and lots of other people there are asking as well.
It might show up a little later, but today it doesn't appear to be public.
Re:Good decision (Score:4, Insightful)
It's clear the previous commenter was referring to letter mentioned in this part of the Greg K-H email: the Linux Foundation and the Linux Foundation's Technical Advisory Board submitted a letter on Friday to your University outlining the specific actions
So maybe a more careful reading of the comment would be appropriate before flaming....
Re:Good decision (Score:4, Insightful)
Indeed. Research is fine, but unethical research (this was human experimentation with subjects that never got asked for consent and no ethical oversight) is not and needs to have drastic negative repercussions for the experimenters.
Re:Good decision (Score:4, Insightful)
Re: (Score:2)
I'm sure they'll put an entire team on the crime of submitting shitty code to a free project.
Agreed (Score:5, Interesting)
They provided steps the university can do to regain trust/redemption .. which seems correct and reasonable to me.
Re:Agreed (Score:5, Interesting)
U of Minn feeling understandably frustrated (Score:5, Funny)
Once again, another move towards their long-term goal of reinstating gopher as the world's go-to internet protocol has been detected and thwarted.
stupid people amaze me (Score:5, Insightful)
I think Greg Kroah-Hartman did the right thing. They were told how to fix the situation, now the ball is in their court. I bet they don't fix anything until the CompSci department starts losing funding.
What amazes me is that supposedly intelligent people thought this was a good idea. In the "real world" (as opposed to academia) idiot stunts like this get people fired, or jailed. The most generous way I can see it is, what they were really testing was the development process, and not the code (product) itself. And it looks like the process responded just fine.
Re: (Score:3)
Furthermore it also seems like the department has such a high degree of aut
Re: (Score:3)
While it's true that social science research more routinely involves stuff you have to clear with an Institutional Review Board (IRB), you don't have to have a PhD in moral reasoning to understand the computer *security* research is an ethical minefield. Anybody who doesn't understand that is not qualified to supervise students doing security research.
Re: (Score:2)
Re: (Score:2)
I suspect that the Linux Foundation stated that as long as these researchers continued to be employed by umn.edu that all umn.edu submissions would be sent straight to /dev/null. That's what is almost certainly in the letter that is not part of the public record. These researchers are hoping that an apology can save their careers. So they sent a public apology to LKML knowing that it would be read by the right people. The signs are all there. Let's look at Greg KH's response line by line.
Thank you for your response.
For those of y
Most of the time (Score:5, Insightful)
I'm of the opinion that IRB requirements for human social experimentation are wasteful and burdensome. This is an example of where they aren't and would never have signed off if consulted.
Actively sabotaging critical infrastructure is not acceptable, regardless of motivation.
Re: (Score:3)
IRBs are bit burdensome. The problem is you don't know if you are in the "unnecessary" category or not until you have gone through an IRB.
Re: (Score:2)
Re: (Score:2)
A fucking joke gets modded Troll.
“Well I didn’t think it was funny, nyah”?
Yeah, that’s still not the definition of a Troll, genius, it’s just a post that you don’t personally like. Not everything that doesn’t yank your crank is a troll.
If you’re the sperm that won, can you even imagine what the others sperms must have been like? I mean, millions upon millions of tadpoles in your addy’s sack and you, YOU, were the best of the best?
Fuck me.
Dude must have
Not a rejection (Score:2)
He thanked them, and reiterated what they need to do to make amends. That is accepting an apology, not rejecting one.
Re:Not a rejection (Score:4, Insightful)
I wouldn't call it accepting the apology, but rather continuing to leave the door open for them to make an acceptable apology.
Re:Not a rejection (Score:5, Insightful)
He thanked them, and reiterated what they need to do to make amends. That is accepting an apology, not rejecting one.
I'm not sure how you think the english language works, but accepting an apology would be typically defined as returning to how things were before. Effectively right now things are precisely as they are had the apology not been written.
Also "he thanked them" ? Seriously dude you need to learn to read in between the lines. When someone signs a formal and dismissive reply with just "thanks" not even with a capital letter, it is generally considered among people who understand the english language to be the exact opposite of thanking someone.
It was the code of conduct friendly version of "go fuck yourself".
Re: (Score:2)
I'm not sure how you think the english language works, but accepting an apology would be typically defined as returning to how things were before.
I don’t think this is accurate at all. There is no “return to the way things were before” requirement in my experience, and in fact this rarely happens if something something is greater than trivial.
Re: (Score:2)
I'm not sure how you think the english language works
But this is accurate. How does the English Language work?
Re: (Score:2)
Re: (Score:3)
I don’t think this is accurate at all.
Then effectively what you're saying is that there's zero point to ever giving an apology? I mean just think about what is going on here.
a) they were caught
b) they were told precisely what they needed to do.
c) they apologised (why would they, they have a plan to go back to how things were)
d) they were given a professional fuck you and we're still at step b.
Apologies exist because of a desire to change some outcome. If the outcome hasn't changed the apology was completely and utterly worthless and can in no w
Re: (Score:2)
Re: (Score:2)
If you require that to accept an apology, things must return to how things were
That may have been too harsh of a requirement, but the requirement is that things change. Otherwise the apology itself may as well not exist. At this point we can conclude that not only has nothing changed for the company, but by specifically omitting any mention of the apology Greg Kroah-Hartman has shown nothing has even changed in his opinion of the university.
In no stretch of the imagination can this in any way be considered an acceptance of an apology.
Re: (Score:2)
When someone signs a formal and dismissive reply with just "thanks" not even with a capital letter, it is generally considered among people who understand the english language to be the exact opposite of thanking someone.
Quite true. This is one of the complexities of language in general; it's not that in each and every case a lowercase "thanks" would be dismissive, but it's at least common enough to be recognizable. Every language and dialect likely has similar oddities, and they are multiplied by communicating in text. I remember for example reading how when the Japanese say "huh?" it tends to indicate at least a subtle dissatisfaction, whereas in the USA it's nothing more than a lack of understanding. This led to anecdote
Re: (Score:2)
Greg KH acknowledged that he had received their apology, and then he reminded them that a letter had been submitted to their University outlining what their University and their group had to do in order to regain trust.
You will specifically note that Greg KH does not outline steps that the researchers themselves can do to repair that relationship. That is a telling omission.
I suspect that the researchers wrote their apology because the letter that Greg KH mentions demands that the researchers in questi
Re: (Score:2)
I suspect that the researchers wrote their apology because the letter that Greg KH mentions demands that the researchers in question be fired.
That would be harsh lol.
Re: lolwut (Score:2)
Fork Linux or go xBSD... (Score:2)
Or even better U of Minesota can pour all those smart compSci people into completing GNU HURD! ;-)
Sign of contempt (Score:5, Insightful)
Re: (Score:2)
I also got the impression that the only reason he didn't end with "t." is because he's not finnish.
Re: Sign of contempt (Score:2)
It's rude to not capitalize the "t" in the "thanks".
But, what would have been great is if he misspelled thanks as "Now Fuck Off"
Here's one of the changes (Score:5, Interesting)
Here's [kernel.org] an example of two of the changes submitted by Pakki, and the change request indicates that Pakki signed off on the changes.
(I'd post the code, but I cannot for the life of me figure out how to avoid the slashdot "ascii art" filter.)
In the 1st case, setting rm to NULL seems like a good idea, except that it's the end of the function, the function will return, so making the assignment to a function argument does nothing.
In the 2nd case, checking rm for non-NULL seems like a good idea, except that previous code has pro-actively accessed the memory in all cases, so at the point in the code it's known to be non-NULL.
The statement that these changes do nothing seems to be spot on.
Re: Here's one of the changes (Score:2)
The do more than nothing. It adds 2 superfluous instructions to the kernel. And it is "dead" code. Which someone might discover and try to remove. And in any case a potential to introduce future bugs. It also consumes additional processing cycles, unless an optimizing compiler is able to eliminate them. Lets say they are executed. Not a big deal? Thats 2 instructions, not measurable on a single instance. But spread that across billions of linux instances, and it is something a bit more than nothing. If i
Re: (Score:2)
It also consumes additional processing cycles, unless an optimizing compiler is able to eliminate them.
Setting a variable to something that's no longer used afterwards is pretty basic thing to optimize away. That's why GregKH went off at the guy, because it was kids stuff that any C programmer would have known was nonsense as a fix; and why either the student's cover story was nonsense, or the student was so incompetent as a programmer and naively trusted his "tool" output.
Re: (Score:2)
Seems to me, then, that they have a good case for saying these people are just wasting maintainer's time.
Post on your Own Site then Syndicate Elsewhere (Score:2)
At one time, Slashdot's comment section was being flooded with copies of two sexually explicit ASCII art depictions of male genitalia, one titled "goatsex" and the other titled "jackoff". Later, it was logos of the trolling group GNAA, and then National Socialist swastikas.
And if you think about it, it's not impossible to post code. You can post it on your own website and link to it in a comment, as described in "POSSE" on the IndieWeb wiki [indieweb.org].
Re: (Score:2)
Considering I routinely see ascii art of swastikas here, it obviously isn't working.
Re: Post on your Own Site then Syndicate Elsewhere (Score:2)
Well there's your answer: make a big giant ascii art rendering of your code and use swastikas for the pixels.
Re: (Score:2)
Meanwhile SoylentNews - based on Slash - can do quite a lot more than this site.
For instance, when I type a fucking UK pound sign, in a plain text comment box in a standard mainstream browser, this site still gives me this crap:
£1.00
Re: Here's one of the changes (Score:2)
To be fair (Score:2)
Re:To be fair (Score:4, Insightful)
For people claiming to be security experts, they sure don't seem to understand that security is all about trust and what completely losing trust does for the whole system.
Re:To be fair (Score:4, Insightful)
This is where the *real* cost to the kernel team comes in. They will have to carefully review all 190 patches, maybe reverting and replacing them if there's the slightest doubt. They can't just assume that only three of the patches are bogus, even though that is probably the case - they *have* to check.
This could waste hundreds of hours of the kernel team's time.
No wonder they're pissed off.
Re: To be fair (Score:2)
A question of entitlement mentality (Score:3)
The saboteurs felt entitled to shit in a pool they do not own. Like entitled children they were sorry they were disciplined.
The kernel is a vitally important asset to humanity, not a toy.
Also, celebs targeted for hatred of Turkey (Score:2)
"I really don't like Turkey.", one said.
When asked to elaborate, "The white is too dry."
A response that immediately wreaks of racism.
(which is to say, watch it with the sensationalist headlines)
GKH didn't "reject", just mentioned again, the steps by which they could come back into the community they attacked. It was a reasonable response, maybe a bit harsh, but considering what happened. You can accept an apol
Re: (Score:2)
Someone earlier reported, though without sources or references, that the FBI had been notified. Perhaps not all of the steps are currently public.
(OTOH, one shouldn't necessarily either believe or disbelieve an anonymous comment on the internet.)