[PLUG] Fire the umn.edu IRB?

Thu Apr 22 05:18:06 UTC 2021

The question they were asking is interesting, but (as someone said to
me this evening) it is sort of the equivalent of placing a bomb on an
airliner to see if it will be discovered before it explodes. Also, it
seems like the subjects of the experiment were human (users of the
software) and so the IRB was wrong to declare it didn't have human
subjects just because specific individuals were not targeted.

The main result seems to be that UMN affiliated contributors won't be
able to get their code accepted anymore with whatever psychological
advantages being associated with a benevolent institution might
normally have. You can't stop people from sending patches from a gmail
account, of course, but without the subtle assumption that it's a
friendly, warm-hearted contribution.

On Wed, Apr 21, 2021 at 9:21 PM Denis Heidtmann
<denis.heidtmann at gmail.com> wrote:
>
> In reviewing some of the emails in the list there were statements that
>
> "A lot of these have already reached the stable trees. I can send you
> revert patches for stable by the end of today "
>
> Not being a coder I am not sure what "stable tree" means, but it could
> mean that some of this malicious code made it in.  If so, the thesis
> of the paper is confirmed.
> If they had submitted only one patch and it had been written with more
> skill, would damage have been done?
>
> I am not supporting the UMN approach, but it does appear to me that
> the behavior of the kernel group has changed as a result, not just in
> their dealings with the  UMN people.
>
> -Denis
>
>
> On Wed, Apr 21, 2021 at 8:03 PM Russell Senior <russell at personaltelco.net>
> wrote:
>
> > The paper includes this line: "IRB [...] determined this is not human
> > research. We obtained a formal IRB-exempt letter"
> >
> > IRB stands for Institutional Review Board and any research institution
> > is going to have one. Here's the wikipedia page about IRBs in general:
> > https://en.wikipedia.org/wiki/Institutional_review_board
> >
> > On Wed, Apr 21, 2021 at 5:06 PM Jason Barbier <jason at corrupted.io> wrote:
> > >
> > > On Wed, Apr 21, 2021, at 5:02 PM, Denis Heidtmann wrote:
> > > > PSU has a policy that requires admin. review of any experiments to be
> > > > conducted on humans.  That got some people in trouble for testing
> > > > publications' response to submitted articles using bogus stuff.  I
> > wonder
> > > > if the UNM has such a requirement, and, if so, I wonder if it was
> > followed.
> > > >
> > > > -Denis
> > >
> > > The answer is yes, and they have an ethics review board which was posted
> > on that email thread for GKH to toss an email to and let them know whats up.
> > >
> > > >
> > > > On Wed, Apr 21, 2021 at 8:31 AM Ben Koenig <techkoenig at gmail.com>
> > wrote:
> > > >
> > > > > On Wed, Apr 21, 2021, 7:32 AM Ben Koenig <techkoenig at gmail.com>
> > wrote:
> > > > >
> > > > > >
> > > > > >
> > > > > > On Wed, Apr 21, 2021, 7:19 AM Jason Barbier <jason at corrupted.io>
> > wrote:
> > > > > >
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> On Wed, Apr 21, 2021, at 7:02 AM, Paul Heinlein wrote:
> > > > > >> > On Wed, 21 Apr 2021, Russell Senior wrote:
> > > > > >> >
> > > > > >> > >
> > https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/
> > > > > >> > >
> > > > > >>
> > > > >
> > https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
> > > > > >> > >
> > > > > >> > > Holy crap, way to step on it with golf shoes!
> > > > > >> >
> > > > > >> > I wonder if anyone has ever written anything on the subject of
> > > > > >> > Patterns of Abuse and Criminality. This looks like a version of
> > > > > >> > gaslighting, but in a tech-community context.
> > > > > >> >
> > > > > >> > --
> > > > > >> > Paul Heinlein
> > > > > >> > heinlein at madboa.com <mailto:heinlein%40madboa.com>
> > > > > >> > 45.38° N, 122.59° W
> > > > > >> > _______________________________________________
> > > > > >> > PLUG: https://pdxlinux.org
> > > > > >> > PLUG mailing list
> > > > > >> > PLUG at pdxlinux.org <mailto:PLUG%40pdxlinux.org>
> > > > > >> > http://lists.pdxlinux.org/mailman/listinfo/plug
> > > > > >> >
> > > > > >>
> > > > > >> To be fair reading the whole response from the umn address it
> > reads more
> > > > > >> like "Fuuuuuuuuuuu, the subject caught me and is blowing up my
> > doctoral
> > > > > >> thesis how do I save it!
> > > > > >
> > > > > >
> > > > > > By accepting the test results for what they are?
> > > > > >
> > > > > > He set out to prove a theory that OSS is inherently insecure. He
> > tested
> > > > > > that theory.
> > > > > >
> > > > > > Test results came back negative. The OSS community protected
> > itself from
> > > > > > malicious actors.
> > > > > >
> > > > > >
> > > > > Heyyy the pdf works when downloaded and viewed directly!
> > > > >
> > > > > But I still have trouble reading it. Maybe the CS team at UMN should
> > have a
> > > > > language arts major clean up the grammar before they start
> > recommending
> > > > > changes to the linux coc.
> > > > >
> > > > >
> > > > > It IS a serious college project after all.
> > > > > -Ben
> > > > >
> > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > >> PLUG: https://pdxlinux.org
> > > > > >> PLUG mailing list
> > > > > >> PLUG at pdxlinux.org
> > > > > >> http://lists.pdxlinux.org/mailman/listinfo/plugi
> > > > > >>
> > > > > >
> > > > > _______________________________________________
> > > > > PLUG: https://pdxlinux.org
> > > > > PLUG mailing list
> > > > > PLUG at pdxlinux.org
> > > > > http://lists.pdxlinux.org/mailman/listinfo/plug
> > > > >
> > > > _______________________________________________
> > > > PLUG: https://pdxlinux.org
> > > > PLUG mailing list
> > > > PLUG at pdxlinux.org
> > > > http://lists.pdxlinux.org/mailman/listinfo/plug
> > > >
> > > _______________________________________________
> > > PLUG: https://pdxlinux.org
> > > PLUG mailing list
> > > PLUG at pdxlinux.org
> > > http://lists.pdxlinux.org/mailman/listinfo/plug
> > _______________________________________________
> > PLUG: https://pdxlinux.org
> > PLUG mailing list
> > PLUG at pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> _______________________________________________
> PLUG: https://pdxlinux.org
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug