Hacker News new | past | comments | ask | show | jobs | submit login

I don't quite understand the outrage. Quite sure most HN readers were doing/involved in similar experiments one way or another. Isn't A/B testing an experiment on consumers (people) without their consent?



There is a sea of difference between A/B testing your own property, and maliciously introducing a bug on a critical piece of software that's running on billions of devices.


>> https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc....

"We did not introduce or intend to introduce any bug or vulnerability in the Linux kernel. All the bug-introducing patches stayed only in the email exchanges, without being adopted or merged into any Linux branch, which was explicitly confirmed by maintainers. Therefore, the bug-introducing patches in the email did not even become a Git commit in any Linux branch. None of the Linux users would be affected."



That's a false claim, though. There's evidence that at least one of the students involved did not do anything to alert kernel maintainers or prevent their code from reaching stable. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux...


That seems to directly contradict gkh and others (including the researchers) in the email exchange in the original post - these vulnerable patches reached stable trees and maintainers had to revert them.

They may not have been included in a release, but should gkh not have intervened *this would have reached users*, especially if the researchers weren't apparently aware their commits were reaching stable.


Isn't a/b testing usually things like changing layout or two things that....work as opposed to bugs?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: