明大LINUX事件的反思(4) 官僚介入

作者:oneweek  于 2021-5-1 01:04 发表于 最热闹的华人社交网络--贝壳村

通用分类:热点杂谈

周三4/21 下午1点,官方声明出来了。估计系主任和卢老师开了一上午会。 
发了声明说的大意, 领导今天才刚了解详情细节,对此十分重视,等我回头找几只替罪羔羊出来, 给大家一个交代,有必要的话, 会杀现在的鸡儆未来的猴, blah blah

https://twitter.com/UMNComputerSci/status/1384948683821694976?s=20

Leadership in the University of Minnesota Department of Computer Science & Engineering learned today about the details of research being conducted by one of its faculty members and graduate students into the security of the Linux Kernel. 明大计算机科技系今天了解到一老师和研究生们对Linux内核安全性研究的详情

The research method used raised serious concerns in the Linux Kernel community and, as of today, this has resulted in the University being banned from contributing to the Linux Kernel. 研究方法在内核社区引起了严重关切,导致了社区禁止明大提交补丁。

We take this situation extremely seriously. We have immediately suspended this line of research. We will investigate the research method & the process by which this research method was approved, determine appropriate remedial action, & safeguard against future issues, if needed. 我们会严肃对待。首先已经马上停止这些研究。将调查研究方法和研究批准程序,补救措施,和确保不产生问题的方法

We will report our findings back to the community as soon as practical. 我们会尽快向社区汇报我们的发现。 

Sincerely,

Mats Heimdahl, Department Head 
Loren Terveen, Associate Department Head

底下回复的有的义愤填膺,有的冷嘲热讽。 都关注在道德问题。 





------------------------------------------------------------------------分割:  发酵和评论----------------------------------
------------------------------------------------------------------------分割:  发酵和评论----------------------------------
------------------------------------------------------------------------分割:  发酵和评论----------------------------------
周三下午系里发声明; 周四周五(4/22 4/23)多种语言的技术新闻都关注。 卢老师估计在静心写检查。 期间linux基金会给明大发了一封要求信。 
多数的评论是道德缺失。 太多了。 移民对这种评论的重量常常估计不足。 我看了是不能忍受之重,一般人会被压垮。 开头卢老师还拿学术道德委员会(IRB)批准了,有些中文也强调这个, 但是很多情况它们反手就可以找出鸡毛蒜皮,说你谎报,瞒报, 没有把所有的事情申报上来。 反手扣锅实在不能更容易了。 

我来看看少数的观点。 不光是这两天的

——————————Linus Torvalds,技术上不算什么事情,但毁了别人对你的信任——————————
Linux creator Linus Torvalds says that while the submission of known buggy patches to the kernel team is not a huge deal, it is obviously a breach of trust. Linux的原作者LINUS TORVALDS说,提交一个有问题的补丁技术上来讲,不是什么大事,但会惹怒一些人,滥用了别人对你的信任
"I don't really know what to say, I think the email thread is likely the most relevant information," Torvalds told iTWire in response to a query.
"I don't think it has been a huge deal _technically_, but people are pissed off, and it's obviously a breach of trust." (https://itwire.com/open-source/torvalds-says-submitting-known-buggy-patches-is-a-breach-of-trust.html)

---------____________________________-老中会不会故意的搞破坏? 还是华人的骄傲---------------------------
推特上少数人怀疑




 LiYaoshi说 (http://www.mitbbs.com/article_t/Military/60205423.html)
明明是华人之光
硬是被洋diao疯 骂成间谍
对安全p都不懂 一个个觉得自己是专家
比宇宙最牛安全会议的reviewer都牛

----------卢老师和小吴微信上的澄清--------------------------------


有位看上去像小吴的同学发了类似的种族指责,后来删帖。我自己留下一张图



---————————这个要怪IRB Review Board-----------------------
http://www.mitbbs.com/article_t/Programming/31594525.html
hci (海螺子), :
这种研究,本质是用人做实验,必须要通过IRB Approval。他们去申请了IRB Exempt,
居然还过了,这说明其实是明大IRB Review Board的问题。不知道是些什么人在上面,
太不靠谱了。所以Linux把明大ban了算是轻的,应该继续追责。

--------——--说皇帝没有穿衣的小孩; 有道德,高尚且勇敢---------------------
https://lore.kernel.org/lkml/20210427145347.00003846@tesio.it/
https://itwire.com/open-source/submitting-known-buggy-linux-patches-ethical,-noble-and-brave.html

"Damn kids, they're all alike" http://phrack.org/issues/7/3.html

Dear Kangjie Lu, Qiushi Wu, and Aditya Pakki,
Since nobody is doing so, I want to thank you for your hacks.
All the livor and drama that followed your research proves that the Linux Foundation failed to learn the lessons of Heartbleed.
At the end of the day, this is a valuable discovery for all of us.
You are the kids laughing loud that "the emperor has no clothes". More precisely, that the emperor STILL has no clothes. 
Ten year later.
The corporations behind the Linux kernel didn't take it well (you wasted their time and money! you outsmarted them! how dare!), but the hypocrisy in your commits is not the one you revealed.
Pretending that such kind of attack didn't succeded before, pretending that the problem is you, is way worse.
I've read that 
> The Linux Foundation's Technical Advisory Board submitted a letter  on Friday to your University outlining the specific actions which need to happen in order for your group, and your University, to  be able to work to regain the trust of the Linux kernel community.
But any programmer with a grain of salt, knows that they are just tring to distract everybody from their own operational failures.
They blame you and your University just to avoid to be held accountable.
It's neither you nor your University that need to regain trust.
It's not you that proved to not deserve it.
Your crime is that of curiosity.
How sad it is to see a project born "just for fun", turned into this!
But since I care more about cyber-security than about OSS marketing, I thank you for what you did. I hope that more of such kind of hacks and experiments will happen in the future, both in the Linux Kernel and in many other projects.
All without ANYBODY aware of them, because otherwise they would  prevent such epic failures to be discovered and publicly exposed, again and again.
What you did was not just ethical, but noble and brave.
Thanks.
Giacomo

------------Greg is Bully ------------------
有位于Greg过去有过节,在twitter上说你们群殴三位年轻人没意思; 



高兴

感动

同情

搞笑

难过

拍砖

支持
2

鲜花

刚表态过的朋友 (2 人)

评论 (0 个评论)

facelist doodle 涂鸦板

您需要登录后才可以评论 登录 | 注册

关于本站 | 隐私政策 | 免责条款 | 版权声明 | 联络我们 | 刊登广告 | 转手机版 | APP下载

Copyright © 2001-2013 海外华人中文门户:倍可亲 (http://www.backchina.com) All Rights Reserved.

程序系统基于 Discuz! X3.1 商业版 优化 Discuz! © 2001-2013 Comsenz Inc. 更新:GMT+8, 2024-3-26 16:49

倍可亲服务器位于美国圣何塞、西雅图和达拉斯顶级数据中心,为更好服务全球网友特统一使用京港台时间

返回顶部