Linux 5.13 Reverts and Fixes Problematic University of Minnesota Patches (phoronix.com) 38
An anonymous reader shares a report: One month ago the University of Minnesota was banned from contributing to the Linux kernel when it was revealed the university researchers were trying to intentionally submit bugs into the kernel via new patches as "hypocrite commits" as part of a questionable research paper. Linux kernel developers have finally finished reviewing all UMN.edu patches to address problematic merges to the kernel and also cleaning up / fixing their questionable patches. Sent in on Thursday by Greg Kroah-Hartman was char/misc fixes for 5.13-rc3. While char/misc fixes at this mid-stage of the kernel cycle tend to not be too exciting, this pull request has the changes for addressing the patches from University of Minnesota researchers. [...] Going by the umn.edu Git activity that puts 37 patches as having been reverted with this pull request. The reverts span from ALSA to the media subsystem, networking, and other areas. That is 37 reverts out of 150+ patches from umn.edu developers over the years.
terrible wasting of time (Score:4, Interesting)
still ongoing, the horrible waste of time U of M caused. Make the school an example with very harsh punishment so others will fear.
Re: (Score:1, Interesting)
Actually why not make the INDIVIDUALS an example, not the school? What are the names of the people who actually did this? They are responsible.
Re: (Score:3)
School was responsible, experiment was done under their supervision.
Re: (Score:2)
Re:terrible wasting of time (Score:5, Informative)
Linux Foundation asked the university for that information but they are not forthcoming to date. Thus, the university makes itself more guilty, and my call for more punishment gets another argument point.
Re:terrible wasting of time (Score:5, Informative)
Kernel maintainers asked the university because the researchers used fake identities [neowin.net] to hide who was really submitting the changes. That's how scummy the research was.
Re: (Score:2)
Yeah, that's pretty low. You want to play dirty tricks in the name of your research, that's one thing. Hiding your identity so that you face no consequence for your crimes (against decency) is quite another.
As for the school - I'm on the fence. On the one hand, defending the future careers of their young and foolish students is arguably worthy of respect - but that they'd do so in the face of such an egregious abuse of trust, to say nothing of approving the abuse in the first place? I suspect it will be
Re: terrible wasting of time (Score:1)
Re: (Score:2)
False, the Board is responsible for the approved actions of those in the buildings
Re: (Score:2)
You are shooting your virtual mouth off in ignorance.
Here, load some facts into your skull first:
https://www.theverge.com/2021/... [theverge.com]
Re: (Score:2)
They asked "the university"? You mean, the buildings?
Wow, if your English is that bad, Ivan, you should buy a dictionary. Or if you had internet, you could find one for free online!
Re: (Score:3)
still ongoing, the horrible waste of time U of M caused. Make the school an example with very harsh punishment so others will fear.
I agree. A simple and fun prank is excusable. But submitting, intentionally, known faulty code is not an experiment, it is not a "prank", it is an attack. What if I should "pretend" to armed robbery at a bank? "It was just a prank! I was just trying to get a feel for the bank security!"
NO. Unless there is prior permission and strict rules of conduct, a mission to find vulnerabilities is a crime.
Re: (Score:3)
> Unless there is prior permission and strict rules of conduct, a mission to find vulnerabilities is a crime.
You're not allowed to experiment on humans at a university without gojng through IRB. The authors didn't do that ahead of time and experimented on people without their permission.
The thing is - I bet they could have gotten permission from the kernel team to keep the attempt very limited and with oversight and safeguards.
They definitely got a result but so did Dr. Mengele. Ends don't justify the m
Re: (Score:3, Interesting)
Re:terrible wasting of time (Score:5, Interesting)
Yes, it's a huge waste of volunteer effort - instead of fixing bugs and adding stuff to the kernel, they're having to review old work, a very time consuming and not-fun job
I still maintain that a suitable punishment is for them to be Linux Foundation Platinum member for 10 years. That's $500k per year. A big university like UMinn should be able to swing it out of their budget.
It hurts, and I'm sure they'll have to eat into grant money but the whole university is responsible. From the students who decided to do it, to the professor who endorsed it to the review board who approved it. The IT or Comp Sci or general budget should hurt from it that such unethical research was conducted. Yes, even grant money to tell everyone that unethical research hurts a lot - if you're granting money, you should know the university made ethical lapses and part of your money is making reparations to same. If you're a student, you should know part of your tuition fees went to pay off the unethical research done and people should be angry that this happened - so angry that they won't let it happen again.
It could've been conducted ethically - there are people who you could've gotten consent from and letting them have full knowledge of what is going on, but who will keep quiet, observe the results and keep track of everything so at the end, it can be fixed. At most, the university might have to pay for someone's time in doing so - but it's a lot cheaper (a few thousand dollars, tops)
Re: (Score:3)
The Linux Foundation is not a government. They can't order anyone to become a Platinum member, so they cannot impose that kind of punishment.
Choosing to become a Platinum member might be a good way for UMN to make amends, but the university does not seem to be inclined to repair the damage that its students and staff caused within the scope of their university work. As a resul
Re: (Score:1)
Re: (Score:2)
It hurts, and I'm sure they'll have to eat into grant money
yeah, except grant money does not work like that. The university can not spend grant money on what ever it wants. Grant money is given to a university and is regulated by a contract with the grantee. Most of the time it is the federal government; but also with private companies.
If you spend grant money outside of the scope of the contract, you will lose the contract and probably get sued.
Grant money isn't a bunch of cash you can go YOLO with.
Re: (Score:2)
There are both *restricted* and *unrestricted* grants. Restricted grants work the way you suggest, unrestricted can be spent on anything. In addition the university also charges "overhead" on restricted grants, which goes into unrestricted funds.
Re: (Score:3)
Is it fair to screw over the students who were not involved in this though? Maybe some of them can transfer to another university but that may not be an option for many.
I guess the students could sue the university but it would be better all-round if this could be resolved and they could get on with their educations.
Re: (Score:3)
The students need to learn what kind of education institution they're getting their education from. Knowing that part of their tuition went towards compensating for unethically done research sho
Re: (Score:2)
I agree they should demand higher standards, but when they started their courses they didn't know about this and had no reason to suspect it. Now they are in a position where they have to finish their course somehow, and the actions of others should not disadvantage entirely innocent students.
Re: (Score:2)
So how much do we punish Harvard for producing Zuckerberg?
Re: (Score:2, Offtopic)
How is preventing UMinn students from submitting kernel patches "screwing them over?" It's not like they're prevented from _using_ Linux or even forking their own branch.
Re:terrible wasting of time (Score:4, Insightful)
No, this was a deep breach of professional ethics - something that every undergrad CS student should have had to pass a course on before graduating. And any professor should have damned well known better.
Human experimentation without foreknowledge or consent? Check.
Jeopardizing human health and safety by intentioanally installing backdoors in medical hardware? Check.
Intentionally undermining the reliability of critical physical and financial infrastructure? Check.
Frankly, everyone involved should be censured in the harshest way. CS people like to complain about not getting the respect given to engineers? An engineer would lose their license and have to change careers over a stunt like this. And any professor who actually approved such blatant ethical misconduct should at best be fired on the spot. They're supposed to be guiding students on professional ethics as well as technical skills. Had this been a medical or engineering misconduct the university would be lucky to keep their accreditation, and there would quite possibly be criminal charges filed.
This ain't grade school anymore. Adults face consequences for their actions - when they don't hide behind powerful institutions like the cowards they are.
Re: (Score:1)
Jack9 admitted:
I would have approved it this study, so there's that.
Please state the organization you work for, so that I can ensure that we never, ever end up in any sort of relationship with you. Thank you.
If this is an experiment, it's still ongoing (Score:5, Insightful)
The reaction of the Linux community to this breach of trust is interesting.
How people call for heads to roll - like in this here forum - is interesting.
Why the individual programmers who contributed the deceitful code agreed to do it instead of telling the study leader to get stuffed.
Why the U signed off on the project instead of telling the proposers of the study to get stuffed.
This is much more than a study of open-source supply chain: it's an ethics and behavioral study. A nasty and unpalatable, but interesting one - ala Milgram. I find it interesting, but I wouldn't want to have my name attached to it.
Re: If this is an experiment, it's still ongoing (Score:1)
Computer Fraud and Abuse Act (Score:2)
It is highly unlikely that a successful prosecution could ever be brought [a plaintiff would need standing, might need to show actual harm, etc.] but on the face of it the actions taken here look as though they might be illegal under 18 U.S.C. 1030(a)(5) [cornell.edu], The Computer Fraud and Abuse Act, which is the part that reads:-
Whoever...
(A) knowingly causes the tran