Shoot the breeze, anything goes.

User avatar
PROBLEMCHYLD
VIP
Posts: 971
Joined: 2013-03-22 12:55

2021-04-22 06:13 »

I read it today. Some people are just evil and fucked up. I have to revise my kernel and add extra security to be safe. I have Debian, Slackware and Windows 7 on multiple computers.

Steven W
VIP
Posts: 2184
Joined: 2013-08-10 22:40

2021-04-22 21:34 »

I would treat anything coming from so-called 'education' as suspicious these days.

Steven W
VIP
Posts: 2184
Joined: 2013-08-10 22:40

2021-04-23 03:06 »

In February 2021, UMN researchers published a research paper titled, "Open Source Insecurity: Stealthily Introducing Vulnerabilities via Hypocrite Commits."

The focus of this research was to deliberately introduce known security vulnerabilities in the Linux kernel, by submitting malicious or insecure code patches.

As seen by BleepingComputer, the researchers demonstrate many examples of instances where they introduced known vulnerabilities by making these "hypocrite" patch commits...
Greg,

I respectfully ask you to cease and desist from making wild accusations that are bordering on slander.

These patches were sent as part of a new static analyzer that I wrote and it's sensitivity is obviously not great. I sent patches on the hopes to get feedback. We are not experts in the linux kernel and repeatedly making these statements is disgusting to hear.

Obviously, it is a wrong step but your preconceived biases are so strong that you make allegations without merit nor give us any benefit of doubt. I will not be sending any more patches due to the attitude that is not only unwelcome but also intimidating to newbies and non experts.
Translated to English:

REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE, DAS RACIST AND YOU'RE PART OF THE PATRIARCHY! REEEEEEEEEEEEEEEEEEEEEEEEEEEE!

Of course these 'hypocrite patches' were signed off on by the University's Internal Review Board.
"We had carefully considered this issue, but could not figure out a better solution in this study," state the researchers.
Scum of the earth.

Steven W
VIP
Posts: 2184
Joined: 2013-08-10 22:40

2021-04-23 03:36 »

research_method.jpg
research_method.jpg (159.78 KiB) Viewed 1194 times
'research method' :lolno:

Steven W
VIP
Posts: 2184
Joined: 2013-08-10 22:40

2021-04-23 05:54 »

If you have a moment, read over this:

https://arstechnica.com/gadgets/2021/03 ... lose-call/

User avatar
!
30%
Posts: 3072
Joined: 2013-02-25 18:36

2021-04-23 09:48 »

Steven W wrote:
2021-04-23 05:54
If you have a moment, read over this:

https://arstechnica.com/gadgets/2021/03 ... lose-call/
Cool article.

These fuck heads hide behind "research" bla bla bla is bullshit in my humble opinion. Let's call a duck for what it is, a duck! They introduce vulnerabilities into code on purpose. They didn't even announce it with at least one team member on Linux side so that can know what's going on, if it was really to test how things would be handled. You can't just one-sidedly introduce vulnerabilities into code and then sit silently, wtf?! I'm pretty sure it's illegal to do. What a big mess they made. Disgusting. :sick:


User avatar
!
30%
Posts: 3072
Joined: 2013-02-25 18:36

2021-04-25 17:16 »

We are a research group...
LOL right...

Steven W
VIP
Posts: 2184
Joined: 2013-08-10 22:40

2021-04-28 02:55 »

Aditya Pakki's response is the worst of the worst, prattling on about 'preconceived biases' and playing the 'woke' card then pretending to have written a static analyzer. That all seemed to have dried up after getting called out on it. :lol:

Still, I hope a bigger lesson is learned by the Linux kernel team. I'm sure there's plenty of people up to no good.

Post Reply