Post A6eI8eD4tp0xsqbBqa by Shamar@qoto.org
(DIR) More posts by Shamar@qoto.org
(DIR) Post #A6TZzkOiBZPSu7O3BQ by VickyRampin@octodon.social
2021-04-21T15:31:50Z
1 likes, 2 repeats
Really mad about this Linux kernel - academic research kerfuffle. See: https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/TL;DR: researchers at UMN introduced patches to Linux kernel that contained known-buggy code TO WRITE A PAPER and the UMN IRB didn't consider it human subjects research :blobangery: Wtaf were these researchers thinking? How did the IRB not consider this human subjects resaerch? How did someone think this was an ethical thing to do?
(DIR) Post #A6TZzm2o3z4m0l9aJk by VickyRampin@octodon.social
2021-04-21T15:32:17Z
0 likes, 0 repeats
now all UMN contributions are going to removed from the Linux Kernel and no future contributions from UMN will be accepted!
(DIR) Post #A6UMeQaJY91L81HH60 by icedquinn@blob.cat
2021-04-22T01:12:21.458511Z
0 likes, 0 repeats
@VickyRampin ethics boards are jokes :cirno_shrug: but technically they just sabotaged some software, which doesn't count as human experimentation.but if you tried to get volunteers for stem cell therapies to restore someone's healing they would have been piling themselves at the door to block it.
(DIR) Post #A6UMftU5aT6z3445Wi by icedquinn@blob.cat
2021-04-22T01:12:37.421590Z
0 likes, 0 repeats
@VickyRampin *hearing
(DIR) Post #A6VMVYlPxtQf2zCcGO by zacchiro@mastodon.xyz
2021-04-21T17:45:35Z
0 likes, 0 repeats
hey @VickyRampin ! just wanted to point out for people citing this thread that, according to https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf , they did not apply for IRB *before* the study. (Which is exemplary of how there is a severe lack of ethics considerations in empirical software engineering research.)Then, when they did apply, IRB did not consider it human subjects research, as you point out. But there was another major flaw in the process before that one (= not seeking approval).
(DIR) Post #A6VMVZFCBBFSXL8Og4 by zwol@mastodon.social
2021-04-21T18:02:57Z
0 likes, 0 repeats
@zacchiro @VickyRampin I've been an academic social science researcher. It's essential to understand that the core competence of a university IRB is the ethics of _medical_ research. That's what they were created to handle.The kinds of unethical research they understand, therefore, are the kind where the experiment directly causes bodily harm to participants, and the kind where the researchers' files contain embarrassing secrets about the participants (think "Patient J has syphilis").
(DIR) Post #A6VMVZg8Z0nbstjufg by zwol@mastodon.social
2021-04-21T18:06:54Z
1 likes, 0 repeats
@zacchiro @VickyRampin I can very easily see how the UMN IRB didn't think this was human subjects research. The _kernel_ is harmed if the bad patches are applied, but that's not harm to a person.Making Greg K-H do a bunch of extra work to weed the bad patches back out of the kernel _is_, I would argue, harm to a person, but not the kind of harm they're institutionally set up to recognize.
(DIR) Post #A6VMVdvWljUF3myGDQ by zwol@mastodon.social
2021-04-21T18:09:32Z
0 likes, 0 repeats
@zacchiro @VickyRampin The other angle the IRB ought to have picked up on, though, is the deception. I think there's a strong case that this is isomorphic to a psychology experiment involving lying to participants, which you're only supposed to do if there's no other way to get the data you need, and you're expected to tell people the truth after the experiment.
(DIR) Post #A6desDJjDoOldDslgO by galaxis@mastodon.infra.de
2021-04-22T13:00:04Z
0 likes, 0 repeats
@zwol @zacchiro @VickyRampin In other threads about this there was talk about trust. And that's the thing here: This research is manipulating the kernel development community by misusing trust, and while the product in question is code, there's a social process built around that. The attack is not targeted at technology, it's targeted at people and the conventions of their community.I'm little surprised some of those working in "computer" sciences might not want to see the difference though.
(DIR) Post #A6desDiBkrxqr5KIoC by Shamar@qoto.org
2021-04-26T12:48:49Z
0 likes, 0 repeats
@galaxis I think that what these researcher did was noble and highly ethical: they proved an (obvious and) dangerous operational issue that was likely exploited before without anybody noticing.All this drama is just the king that, fooled by thieves, is crying loud that the kids pointing at his nudity must be executed.#Linux #InfoSec #security@zwol @zacchiro @VickyRampin
(DIR) Post #A6dlVqMIbFaPjeMgOO by VickyRampin@octodon.social
2021-04-26T14:02:41Z
0 likes, 0 repeats
@Shamar @galaxis @zwol @zacchiro LOL! No!
(DIR) Post #A6dmAuuiZJuHjg37Vw by zwol@mastodon.social
2021-04-26T14:10:23Z
0 likes, 0 repeats
@Shamar @galaxis @zacchiro @VickyRampin The experiment may have been worth doing, but the execution was botched. They've both invalidated their own results, and poisoned the well for anyone wanting to do similar research in the future. This in turn means that genuinely malicious actors will probably find it *easier* to get their changes into Linux now.
(DIR) Post #A6eI8eD4tp0xsqbBqa by Shamar@qoto.org
2021-04-26T20:08:50Z
0 likes, 0 repeats
@zwolWhy you talk at future tense?If a bunch of University students got their bugs in the #Linux's stable tree, it's plain obvious they were not the first.Also I do not follow your reasoning: why they invalidated their result? How that would facilitate malicious attackers?To be honest I think that the Linux developers should thank them for showing that such obvious risks were not just theoretical.Instead, they stop accepting patches from that university.It's like when a led in your car shows that your engine needs oil... and you cover the led.@galaxis @zacchiro @VickyRampin