Just because you mediate communication via the internet doesn't make it less an experiment involving human subjects - with all the duty of care that should involve.
Show this thread
Experiments on human subjects without informed consent or even a review by an ethics board...academic computer science has still yet to learn the lessons of the 1970s. https://twitter.com/kengiter/status/1330209964812607494 …
This Tweet is unavailable.
-
-
-
I must say it is something to occupy maintainer time (were they compensated for participation?) by surreptitiously introducing vulnerabilities to OSS projects and then in your abstract to urge those maintainer to do a better job.
Show this thread -
Hard to tell without the paper, but looking through patch history it seems that at least some of these attempts were submitted via their institutional email so it seems clear that to mitigate this issue you should disregard patches originating from universities.
Show this thread -
Are malicious patches an issue? Of course. But much like corporate infosec hacks running phishing tests on accounting the solution isn't training or blaming individuals - it's building tooling and infrastructure such that the damn ecosystem less vulnerable to individual error.
Show this thread -
-
Again...whatever way you want to interpret "we successfully introduced multiple exploitable use-after-free into the latest linux kernel" - still an experiment involving human subjects that should have gone through ethics review and required a consent and opt-out process.
Show this thread -
"What if people submit code that has bugs in it, and the maintainers don't catch it!....... but intentionally"
Show this thread -
For their next paper I suggest they become a maintainer of a kernel module and then deliberately start merging bad code we can call it "BLAME Attack (Backdoor Linux by Acquiring Maintainer Escalation" and give it a cool logo.
Show this thread -
Would that be academically novel enough IEEESP?
Show this thread -
The original tweet has been deleted because "it created...confusions", so to avoid confusion here is a screenshot and an archive of the shared first page of the paper.pic.twitter.com/96bIH7gKsN
Show this thread -
Given that the purpose of abstracts is to accurately summarize the research seems like a weird thing to do...to take down a screenshot of your paper that was accepted at a major conference...because it "created confusion"
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.