明大LINUX事件的反思（4） 官僚介入

https://twitter.com/UMNComputerSci/status/1384948683821694976?s=20

Leadership in the University of Minnesota Department of Computer Science & Engineering learned today about the details of research being conducted by one of its faculty members and graduate students into the security of the Linux Kernel. 明大計算機科技系今天了解到一老師和研究生們對Linux內核安全性研究的詳情

The research method used raised serious concerns in the Linux Kernel community and, as of today, this has resulted in the University being banned from contributing to the Linux Kernel. 研究方法在內核社區引起了嚴重關切，導致了社區禁止明大提交補丁。

We take this situation extremely seriously. We have immediately suspended this line of research. We will investigate the research method & the process by which this research method was approved, determine appropriate remedial action, & safeguard against future issues, if needed. 我們會嚴肅對待。首先已經馬上停止這些研究。將調查研究方法和研究批准程序，補救措施，和確保不產生問題的方法

We will report our findings back to the community as soon as practical. 我們會儘快向社區彙報我們的發現。 

Sincerely,

Mats Heimdahl, Department Head 

Loren Terveen, Associate Department Head

周三下午系裡發聲明； 周四周五（4/22 4/23）多種語言的技術新聞都關注。 盧老師估計在靜心寫檢查。 期間linux基金會給明大發了一封要求信。 

多數的評論是道德缺失。 太多了。 移民對這種評論的重量常常估計不足。 我看了是不能忍受之重，一般人會被壓垮。 開頭盧老師還拿學術道德委員會（IRB）批准了，有些中文也強調這個， 但是很多情況它們反手就可以找出雞毛蒜皮，說你謊報，瞞報， 沒有把所有的事情申報上來。 反手扣鍋實在不能更容易了。 

我來看看少數的觀點。 不光是這兩天的

——————————Linus Torvalds，技術上不算什麼事情，但毀了別人對你的信任——————————

Linux creator Linus Torvalds says that while the submission of known buggy patches to the kernel team is not a huge deal, it is obviously a breach of trust. Linux的原作者LINUS TORVALDS說，提交一個有問題的補丁技術上來講，不是什麼大事，但會惹怒一些人，濫用了別人對你的信任

"I don't really know what to say, I think the email thread is likely the most relevant information," Torvalds told iTWire in response to a query.

"I don't think it has been a huge deal _technically_, but people are pissed off, and it's obviously a breach of trust." （https://itwire.com/open-source/torvalds-says-submitting-known-buggy-patches-is-a-breach-of-trust.html）

---------____________________________-老中會不會故意的搞破壞？ 還是華人的驕傲---------------------------

推特上少數人懷疑

 LiYaoshi說 （http://www.mitbbs.com/article_t/Military/60205423.html）

明明是華人之光

硬是被洋diao瘋 罵成間諜

對安全p都不懂 一個個覺得自己是專家

比宇宙最牛安全會議的reviewer都牛

http://www.mitbbs.com/article_t/Programming/31594525.html

hci (海螺子), ：

這種研究，本質是用人做實驗，必須要通過IRB Approval。他們去申請了IRB Exempt，

居然還過了，這說明其實是明大IRB Review Board的問題。不知道是些什麼人在上面，

太不靠譜了。所以Linux把明大ban了算是輕的，應該繼續追責。

"Damn kids, they're all alike" http://phrack.org/issues/7/3.html

Dear Kangjie Lu, Qiushi Wu, and Aditya Pakki,

Since nobody is doing so, I want to thank you for your hacks.

All the livor and drama that followed your research proves that the Linux Foundation failed to learn the lessons of Heartbleed.

At the end of the day, this is a valuable discovery for all of us.

You are the kids laughing loud that "the emperor has no clothes". More precisely, that the emperor STILL has no clothes. 

Ten year later.

The corporations behind the Linux kernel didn't take it well (you wasted their time and money! you outsmarted them! how dare!), but the hypocrisy in your commits is not the one you revealed.

Pretending that such kind of attack didn't succeded before, pretending that the problem is you, is way worse.

I've read that 

> The Linux Foundation's Technical Advisory Board submitted a letter  on Friday to your University outlining the specific actions which need to happen in order for your group, and your University, to  be able to work to regain the trust of the Linux kernel community.

But any programmer with a grain of salt, knows that they are just tring to distract everybody from their own operational failures.

They blame you and your University just to avoid to be held accountable.

It's neither you nor your University that need to regain trust.

It's not you that proved to not deserve it.

Your crime is that of curiosity.

How sad it is to see a project born "just for fun", turned into this!

But since I care more about cyber-security than about OSS marketing, I thank you for what you did. I hope that more of such kind of hacks and experiments will happen in the future, both in the Linux Kernel and in many other projects.

All without ANYBODY aware of them, because otherwise they would  prevent such epic failures to be discovered and publicly exposed, again and again.

What you did was not just ethical, but noble and brave.

Thanks.

Giacomo

• [04/06]清明節的特別悼念
• [04/14]一個紅色歌曲
• [04/30]明大LINUX事件的反思（1）小P點燃導火線
• [04/30]明大LINUX事件的反思（2）大鎚轟然落下
• [05/01]明大LINUX事件的反思（3）稍有好轉
• [05/01] 明大LINUX事件的反思（4） 官僚介入
• [05/01]明大LINUX事件的反思（5） 道歉了，光道歉夠不夠
• [05/01]明大LINUX事件的反思（6）全部滿足；撤稿，信息大公開
• [05/02]明大LINUX事件的反思（7）校方回應
• [05/06]明大LINUX事件的反思（8）： 皆大歡喜好結局

• 查看：[oneweek的.最新博文]
• 查看：[大家的.最新博文]
• 查看：[大家的.熱點雜談]