Comment by ksec
4 years ago
I am wondering if UMN will now get a bad name in Open Source and any contribution with their email will require extra care.
And if this escalate to MSM Media it might also damage future employment status from UMN CS students.
Edit: Looks like they made a statement. https://cse.umn.edu/cs/statement-cse-linux-kernel-research-a...
> Leadership in the University of Minnesota Department of Computer Science & Engineering learned today about the details of research being conducted by one of its faculty members and graduate students into the security of the Linux Kernel.
- Signed by “Loren Terveen, Associate Department Head”, who was a co-author on numerous papers about experimenting on Wikipedia, as pointed out by: https://news.ycombinator.com/item?id=26895969
Their name is not in the author list for the paper.
Edit: Parent comment originally referenced the paper that caused this mess.
Yep, sorry, I double-checked and edited it quickly. Sorry about that!
It should. Ethics begins at the top, and if the university has shown itself to be this untrustworthy then no trust can be had on them or any students they implicitly endorse.
As far as I'm concerned this university and all of its alumni are radioactive.
Their graduates have zero culpability here (unless they were involved). Your judgement of them is unfair.
> Their graduates have zero culpability here
It's not about guilt, it's about trust. They were trained for years in an institution that violates trust as a matter of course. That makes them suspect and the judgement completely fair.
4 replies →
Their graduates might not have been directly involved, but it's not possible to ig ore that those graduates were the product of an academic environment where this kind of behavior was not only sanctioned from the top but also defended as an adequate use of resources.
4 replies →
That's a bit much, surely. I think the ethics committee probably didn't do a great job in understanding that this was human research.
Ok...then is everybody who graduated from MIT radioactive, even if they graduated 50 years ago, since Epstein has been involved?
Your logic doesn't make ANY sense.
It makes perfect sense once you realize that universities are in the business of selling reputation.
When someone graduates from the university, that is the same as the university saying "This person is up to our standards in terms of knowledge, ethics and experience."
If those standards for ethics are very low, then it naturally taints that reputation they sold.
1 reply →
Why is the university where you put the line? You could as well say every commit coming from Minnesota is radioactive or, why not, from the US.
It is unfair to judge a whole university for the behavior of a professor or a department. Although I'm far from having all the details, it looks to me like the university is taking the right measures to solve the problem, which they acknowledge. I would understand your position if they tried to hide this or negated it, but as far as I understood that's not the case at all. Did I miss something?
Linux kernel is blocking contributions from the university mail addresses, as this attack has been conducted by sending patches from there.
It doesn't block patch submissions from students of professors using their private email, since that assumes they are contributing as individuals, and not as employees or students.
It's as close as practically possible to blocking an institution and not the individuals.
4 replies →
That seems to me like an unjustified and unjust generalization.
I think current context of the world as it is is full of unjustified and unjust generalization.
And as unfortunate as it sound it look like all victim of such generalization, the alumni would have to fight the prejudice associated to their choice of university.
That's a ridiculously broad assertion to make about the large number of staff and students who've graduated or are currently there, that is unwarranted and unnecessarily damaging to people who've done nothing wrong.
By that logic, whenever data is stolen I will blame thr nearest Facebook employee or ex-employee.
And any piss I find, i will blame on amazon
That's a witch hunt, and is not productive. A bad apple does not spoil the bunch, as it were. It does reflect badly on their graduate program to have retained an advisor with such poor judgement, but that isn't the fault of thousands of other excellent graduates.
It's discomforting to see "bad apple" metaphor being used to say "isolated instance with no influence to its surroundings".
That is exact opposite of how rot in literal bunch of apples behave. Spoil spreads throughout the whole lot very, very quickly.
2 replies →
Undoubtedly I am in the minority here, but I think it's less a question of ethics, and more a question of bad judgement. You just don't submit vulnerabilities into the kernel and then say "hey, I just deliberately submitted a security vulnerability".
The chief problem here is not that it bruises the egos of the Linux developers for being psyched, but that it was a dick move whereby people now have to spend time sorting this shit out.
Prof Liu miscalculated. The Linux developers are not some randos off the street where you can pay them a few bucks for a day in the lab, and then they go away and get on with whatever they were doing beforehand. It's a whole community. And he just pissed them off.
It is right that Linux developers impose a social sanction on the perpetrators.
It has quite possibly ruined the student's chances of ever getting a PhD, and earned Liu a rocket up the arse.
1 reply →
Ah, so people do actually use the expression backwards like that. I had seen many people complain about other people saying “just a few bad apples”, but I couldn’t remember actually seeing anyone use the “one/few bad apple(s)” phrase as saying that it doesn’t cause or indicate a larger problem.
> A bad apple does not spoil the bunch, as it were.
What? That's exactly how it works. A bad apple gives off a lot of ethylene which ripens (spoils) the whole bunch.
1 reply →
How not to get tenure 101