Enter here for a chance to win a custom MechWarrior 5: Mercenaries themed PC powered by Intel!
I don't want to be Racist here, its more the political Ideology I wish to get at. Look at the names and nationalities of the Contributors from the UMN. Chinese, and China have been causght with thier fingers in the cookie jars fairly often recently. Windows is so buggy even script Kiddies can hoax people into running malicious code and spying with the result.The activity of UMN would have been perfectly acceptable if had been done with full knowledge of (perhaps only a few) leaders in the Linux community as part of a broader security audit, with specifically defined goals and controls.
Failing that, I take the stance that Linux, and other open-source projects, should treat the code as if it personally belonged to each individual, therefore would never intentionally introduce code that is contrary to the code integrity.
How the above logic would not be obvious to legitimate researchers escapes me. That lapse might be the topic for a whole other discussion.
I wasn't aware of that. If that is the case, then the time needs to be taken to write and publish an exploit against the commit(s). Then the argument takes on a new life and UMN needs an additional slap with it.... When checking the code more closely, he could see that is was not only weakening the Kernel, it was intentionally adding security Flaws.
It's possible that those leaders wouldn't want there to be a paper highlighting how vulnerable open source software is to malicious contributions though, and would go out of their way to make sure that the code gets caught, even if it wouldn't have been otherwise. It's in their best interest to have people believe that their software is secure, after all, so they can't necessarily be trusted to not manipulate the results in their favor.The activity of UMN would have been perfectly acceptable if had been done with full knowledge of (perhaps only a few) leaders in the Linux community as part of a broader security audit, with specifically defined goals and controls.
Not all Ethic Chinese are communists, But the rich ones that get money seemingly from nowhere, these are the ones to take note of.I wasn't aware of that. If that is the case, then the time needs to be taken to write and publish an exploit against the commit(s). Then the argument takes on a new life and UMN needs an additional slap with it.
Failing that, and regarding racism/political ideology you mentioned... that computer science researchers are Chinese is not surprising at a university (unless the university uses racist quotas for admission)... a significant fraction of the researchers in my area of computer science expertise are Chinese (and some of my Chinese friends in this country are the most passionate anti-socialists, which is why they came to this country in the first place) .
I fully agree, and on top of that these guys should be banned from doing any scientific work at all. They have disregarded all good scientific practices and potentially may have put human lives at risk (for example if a Linux based machine that is involved in some medical processes gets compromised and turns out wrong numbers)I think the entire Open Source Community should just Black List those specific Contributors and the entire University of Minnesota as well just to be safe.
Spread the word, have them Black Listed for life.
Though I cannot say you are wrong with the assumption you made, but being part of the academic circle my self, i think it unlikely. Greg made it manifest that he saw the code that he banned them for was deliberate and malicious. If you have a look at the justification they made to Greg, and the Lies they then published, Greg said that they were trying to say that they deliberately put the code in to test Greg and his team. This is not only unethical, but also unlikely. You do not put code of this nature in a Kernel, that is not a test as the Nature of the Kernel is critical to running the system and security. They would have said nothing had greg and his team missed the code, and this would make that KERNEL version corrupt and a security Flaw.AFAIK there isn't really any evidence that anyone at UMN was actually trying to get a know-bad patch into the kernel. The only patches that we know had deliberate vulnerabilities were the ones discussed in the published paper (K. Lu, Q. Wu), where they took steps to ensure the changes would never actually be merged (and submitted corrected versions of the patches after the initial 'malicious' patches had been reviewed). The later patches submitted by A. Pakki (which were the subject of the email thread where Greg KH ultimately banned UMN), don't seem to be deliberately malicious. More like he tried to write an analysis tool and either did a half-assed job testing/validating it or was trying to get the kernel maintainers/community to do the job of testing it for him. The methods of the former were questionable and the behavior of the latter was unprofessional (to say the least), and I can see why it pissed off the maintainers. But I don't see either as trying to get known-bad code into the kernel. For example, I don't think pull requests for any of these patches were ever created (which is done to start the process of getting the patches integrated in the kernel). It seems the patches were just submitted for review via email and never went further than that.
Talk by Greg KH of ripping contributions out of the kernel were referring to all patches submitted by people with umn.edu email address ever, not just the "hypocrite commit" patches, and not just the 3 people mentioned in this article.
Being in the scientific circles myself, too I can only confirm this. What these guys did is not science. That's not the way people do scientific experiments. There is an established set of rules for scientific conduct and dismissing these rules means that a researcher may be even get banned from his work.This was intentional, it was deliberate, and though it is conjecture for me to say it was deliberate, I believe 99% that these are guys working for some 3rd party goal, [...]
I think certain academic professors with Chinese name, MIGHT be taking a flight back to the motherland. But on the other hand, if this was endorced by the FBI/CIA to have a back door everywhere, then they will not be prosecuted, and this whole thing goes away.Being in the scientific circles myself, too I can only confirm this. What these guys did is not science. That's not the way people do scientific experiments. There is an established set of rules for scientific conduct and dismissing these rules means that a researcher may be even get banned from his work.
For example: if someone slipped some faulty code into the firmware of a Boeing plane navigation system -he would be immediately accused of terrorism and a SWAT team would appear behind his house.
Compromising the Linux kernel in any shape or form is not fundemantally different from compromising the flight software of plane, because there are innumerable critical systems nation- and worldwide that are based on a Linux kernel.
I really hope that the public prosecution bodies will investigate this case. And I also hope that investigative journalists will also try to pull some more background information on this scandal.