You omitted the fact that Aditya's advisor was Kangjie Lu, who ran the research project with the bogus patches. It would be natural to assume that anything from that general direction would be more of the same.
And this justifies slandering another unrelated human how? It might explain the more aggressive jump to an assumption of malice, you are correct, but it sure as hell doesn't justify arbitrary negative actions especially towards another honest human being resulting from such a leap. That's either Greg's fault or Kangjie's fault or some combination but certainly not Aditya's fault and they don't deserve to be treated as sub-human because of simple proximity.
That type of reality is not natural and it's not human and it's not the one I live in.
Be pissed at the stupid research paper all you want. It doesn't justify treating some tertiary human like utter shit.
And for the record nobody is trying to "cancel" Greg or the kernel here. The project is great and Greg is probably a super chill dude on most occasions. But people aren't perfect and fuck up. You can act rashly under stress and later be wrong. That's understandable and that is human. The whole point is how you respond in light of new information. That's the test of character.
We don't need to sit here and sweep Greg's BS under the rug because he's a kernel celebrity. I honestly think some form of apology would go a long way to rectifying the slander, and cool down the whole thing and most importantly, might be enough to make Aditya feel welcome again in the community. Greg was wrong, his behavior rash, and the example should not be emulated by others in our community. Period.
And yes, you are being misled. That's why Greg needs to publicly retract his accusation and apologize. That's why it's so frustrating that LWN did not clearly explain that Greg was flat out wrong.
I can’t understand why he would put his name on that open letter and remain quiet. For now, I will withhold judgment either way and hope more details emerge.
Edit: To clarify, I don’t think you’ve made enough of a case to prove Aditya’s innocence or justified your attack on Greg.
Aditya decided to join a supervisor with questionable ethics who ran a very ill-conceived research project. He could have chosen someone else for his thesis or spoken up when the paper went for submission, or at least stepped aside from kernel development but instead decided to dig in. It's all very poor judgement on his part, in multiple instances. There's no need to normalize that behaviour, because it's not normal, at least not in the world I'd like to live in.
Recommended reading: All Hallows Eve by Charles Williams, a meditation on where stupidity and selfishness lead.
I don't necessarily disagree about how a student should handle an ethically grey situation. But that still doesn't justify treating other humans like shit.
And for the record I don’t think there is even level headed consensus formed yet on the whole paper thing. It’s arguably unethical, but it is also arguably simply inconsiderate. And it has certainly provided some degree of utility, although it’s unclear how much. I think most of the impressions have been molded by Greg’s response during the “kernel peeps are pissed” phase of the whole affair.
And for the record I don’t think there is even level headed consensus formed yet on the whole paper thing.
The paper has been withdrawn because consensus is clear: for experiments on human subjects informed consent is required in advance. The institution recognizes that much: "We acknowledge our responsibility to do this to prevent situations like this incident in the future."
It's also reactionary. There was social pressure and the threat of being perma-banned as an institution from contributing to the kernel. The decision was made under duress. It's not surprising it was withdrawn.
> for experiments on human subjects informed consent is required in advance
By such simple logic A/B testing is unethical. And that may be the case. Still, it's not exactly clear in this case where to draw the line and who/what the subject is.
There's a comment elsewhere in this thread that sums the situation up better than I can: https://news.ycombinator.com/item?id=26985631. I've read the paper and honestly I have a mixed impression. It certainly is respectful and doesn't come off as "we're going to be super malicious and mega waste everyone's time and fuck with the kernel maintainers for fun and science". It does not aim to experiment with humans in order to study how humans socially react to a breach of trust in a high trust collaboration. That was not their goal at all. Arguably, as laid out pretty explicitly in the paper, the experiment is not on human subjects but rather on a system of collaboration used primarily by open source projects. It happens that the system is operated by humans. Are you testing the humans, or stressing the system?
Is making crafted investments in the market for the sole purpose of studying the validity of a hypothetical model unethical? Is it research on humans because the market is a human endeavor operated by humans? These are genuine questions.
There are also different ethical frameworks. No harm was caused by this research. In fact, the only real harm to humans has been Greg berating a person (because of their proximity to past research and perceived sloppy patches) who offered legitimate patches some of which actually fixed bugs in the kernel. Clearly Greg didn't even take the time to understand the patches he just categorically dismissed them all because he had a bone to pick. Now the kernel is down a contributor who's contributions clearly have utility.
Back to the paper, even if it presents the obvious for people working on open source projects, it, like is the status quo in security research, is the working example of the exploit. In my experience people don't give a shit about perceived vulnerabilities until they become real vulnerabilities. As a kernel user, I actually value this research more than the alleged waste of time it may have caused for maintainers. I'm not the only one who feels this way. Sometimes to effect change you need to light a fire under somebody's ass.
So the paper is valuable to some subset of people. It provides utility. It did no harm to computer system or humans. You see what I'm getting at.. there are ethical frameworks under which this paper is clearly ethical (even if you concede it directly and explicitly aimed to experiment on humans, which I debate). Ideally the researchers would have asked Linus and Greg if they could perform the research on their project so they wouldn't feel out of the loop and attacked/culpable when the research was published. I do hope everyone's learned their lesson in that regard.
Anyway back to Greg, you're really moving the goal posts. We can agree 100% that the paper is unethical. The fact is simply irrelevant when considering whether it's right to piss on some student at UMN who presented valid albeit sloppy patches to the kernel in a gesture of good faith in order to try and improve the state of security. It's a breach of the kernel's own community guidelines, at the very least!
This is a ridiculous judgment from someone who has barely a glimpse into someone else's life. You've extrapolated, from a mere association that you know virtually nothing about, that Aditya must be both stupid and selfish.
From his posts to the mailing list it's clear that Greg was aware of the "hypocrite commit" paper and that there was some agreement in place with the University which must have stipulated "no more bogus patches". Professor Lu and everyone in his group were aware of the state of affairs. Then Aditya went and posted another bogus patch, the output of his static analyzer, to further his career, even though he should have known how that would be received. I regretfully stand by my assessment.
> and that there was some agreement in place with the University which must have stipulated "no more bogus patches"
This is baseless.
> Then Aditya went and posted another bogus patch
Not bogus. Aditya's analyzer did in fact find plenty of bugs - do your research, this is confirmed by many other maintainers.
> to further his career, even though he should have known how that would be received
Why should he have known that? I would never expect to receive the kind of feedback given by Greg, followed by a total university ban, over a student submitting subpar commits. It's an insane overreaction.
> Not bogus. Aditya's analyzer did in fact find plenty of bugs
But the commit in question was bogus, and it looks like Aditya did not properly check the output of his tool. Maybe he did not send bogus patches on purpose, but the fact that he used the Linux kernel as a playground for testing his experimental static analysis tool (without disclosing it in the commits) is still problematic and he should be called out for that.
Here's another interpretation based on the facts we know today:
Greg was assuming these were patches coming from some new "hypocrite patch" project at UMN and "AGAIN" refers to the previous incident in Aug2020 regarding the paper. I don't think the student was ignoring anything. Greg categorically dismissed legitimate contributions to the kernel because of his rash perception that UMN was up to no good AGAIN. So that's why he referenced the previous event and said AGAIN.
In other words: Greg and all the other kernel maintainers were made unwilling participants in a research project (the "hypocrite patches") and then were made unwilling participants in another research project with the same advisor (the static analyzer which was of questionable utility).
So - no more free research support for the University of Minnesota. That's fair because the reviewers did not choose to spend time on the University of Minnesota's research output.
I didn't "omit it", it's irrelevant. It obviously would not be natural since it was incorrect, and a natural response would not be to throw blind, incorrect allegations and ridiculous insults due to a suspicion.
Greg overreacted. Linus agrees, other kernel maintainers agree. The only person who won't come out and admit it is Greg himself, and his overreaction has cost the kernel a valuable asset as well as the reputation of an innocent researcher, who now gets comments like "they're disgusting" from people who took Greg's accusations at face value.
