32

Not to get political, but apparently the political climate in the world leads to the following situation.

"I'm being a fucking evil lying asshole. But I'm actually a good guy, because I'm doing it as pseudo-scientific research to show how easy it is to be evil and dishonest"

https://zdnet.com/article/...
("Researchers" with an anti-FOSS motive attempting software supply chain attacks on Linux kernel)

What's next? "Scientists" killing puppies to show that, if someone was inclined to be that evil, puppies are weak and their necks snap easily?

Comments
  • 16
    While the research is stupid and should never have gotten approved by the ethics committee, the fact that you can merge code in Linux without extensive peer reviewing is alarming.
  • 7
    Absolutly your opinion. The decision to ban the university was in my opinion correct.
  • 5
    FYI Scientists are killing puppies for quite a long time.
    Just search for “Tested on dogs” when buying medicines or beauty products.
  • 2
    @vane there is an show on Arte(french/german tvbroadcast service) which explained it pretty good,
  • 4
    @stop Well the most radical is PETA, they have some statistics.
    Based on their data there are 65000 dogs tormented in laboratories ( only in US ) every year. We just ignore what we don’t see otherwise world will burn.
  • 8
    @vane

    Yeah, probably a stupid comparison. I'm good at making bad comparisons.

    I just have an issue with science trying to prove that it's easy to be evil, by actually doing evil things.

    I've also seen some examples of "researchers" spreading fake articles on purpose, to show how easy it is to make fake news go viral. Yeah, nice that you showed something everyone already knew, by actively contributing to the problem.

    How about research ways to prevent the issue?
  • 3
    @bittersweet I understand, but well there is not much publicity in security of code and easiest way to find money is to bring shit into public so some newspapers write about it. Then hope for some billionaires or governments to throw some money on it.

    Average people don’t understand what IT security is about. They can’t touch it so they don’t care.

    We aim to move our lives to digital space but we’re not educating what are consequences of that move.
  • 6
    That "scientists" have the perfect moral flexibility needed for a job in guantanamo bay or any other concentration camp.
  • 12
    ++ for bringing this interesting piece of news to the devrant community's attention.

    The researchers should've at least informed the head maintainer of their intentions prior to submitting the patches. He could then have helped their research, -if he were up for it-, by turning a blind eye up to the last step and rejecting the patches before they actually reached release-level code.
  • 8
    @webketje Exactly. That's the difference between ethical pentesting and attempting a malicious hack.
  • 4
    @vane What we (the world) do to humans every year makes the dog torture look like a walk in the park.
  • 0
    @Demolishun It’s definitely not heaven for anyone living on this planet since we aim to colonize Mars.
  • 2
    @homo-lorens the amount of people in the world that could possibly compile and develop Linux kernel code is small.

    Those who have the time to do so, even smaller.

    I wouldn't worry about it that much.

    You should be worried about node packages getting used more and more in gnome desktop tools and the like though...
  • 3
    @sariel @homo-lorens Compiling the kernel is easy (done by millions), developing for it is slightly harder but still done by hundreds of thousands if you consider all non-mainline modules and forks like the Ubuntu Kernel.

    Getting a patch into mainline takes actually a lot of time and effort (15k contributors, around 2-3k active devs), and there ARE at least 3 reviews. First an open early review on the mailing list, then a subsystem maintainer review, and lastly a review by Linus (or GKH/Levin if it's a bugfix for stable).

    And yeah, the important word in the article is "they tried". Not succeeded. Because GKH is pretty good at reviewing kernel patches.

    That's why he and a few other senior maintainers are paid $300-600k/y by the Linux Foundation, to keep the clowns out.
  • 0
    @bittersweet they should have a user/org badge on GitHub for instances like this.

    The clown badge, that way everyone can see your shame.
  • 2
    @sariel Linux kernel is not developed on GitHub... It's done completely through email 😄

    It's the reason why git send-email, git format-patch and git apply exist.
Add Comment