Comment by perfunctory
4 years ago
I don't quite understand the outrage. Quite sure most HN readers were doing/involved in similar experiments one way or another. Isn't A/B testing an experiment on consumers (people) without their consent?
4 years ago
I don't quite understand the outrage. Quite sure most HN readers were doing/involved in similar experiments one way or another. Isn't A/B testing an experiment on consumers (people) without their consent?
There is a sea of difference between A/B testing your own property, and maliciously introducing a bug on a critical piece of software that's running on billions of devices.
>> https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc....
"We did not introduce or intend to introduce any bug or vulnerability in the Linux kernel. All the bug-introducing patches stayed only in the email exchanges, without being adopted or merged into any Linux branch, which was explicitly confirmed by maintainers. Therefore, the bug-introducing patches in the email did not even become a Git commit in any Linux branch. None of the Linux users would be affected."
https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah...
This message contradicted that.
That's a false claim, though. There's evidence that at least one of the students involved did not do anything to alert kernel maintainers or prevent their code from reaching stable. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux...
That seems to directly contradict gkh and others (including the researchers) in the email exchange in the original post - these vulnerable patches reached stable trees and maintainers had to revert them.
They may not have been included in a release, but should gkh not have intervened *this would have reached users*, especially if the researchers weren't apparently aware their commits were reaching stable.
Isn't a/b testing usually things like changing layout or two things that....work as opposed to bugs?