|
|
Log in / Subscribe / Register

The TAB report on the UMN affair

[Posted May 5, 2021 by corbet]

The Linux Foundation Technical Advisory Board has issued its report on the submission of (intentionally and unintentionally) buggy patches from the University of Minnesota.

This report summarizes the events that led to this point, reviews the "Hypocrite Commits" paper that had been submitted for publication, and reviews all known prior kernel commits from UMN paper authors that had been accepted into our source repository. It concludes with a few suggestions about how the community, with UMN included, can move forward.

The recommendations include establishing an internal review process for patches submitted by the community and the creation (by the TAB in cooperation with researchers) of a "best practices" document for researchers working with the kernel community.

(LWN editor Jonathan Corbet played a small part in the writing of this report).

to post comments

The TAB report on the UMN affair

Posted May 5, 2021 18:53 UTC (Wed) by dvrabel (subscriber, #9500) [Link] (26 responses)

The introduction says "researchers should trust the developer community will not undermine the researchers' reputations when mistakes are made" but then makes no recommendations to achieve this.

Greg's authoritarian tone ("I will now have to ban all future contributions from your University", which he shouldn't have the power to do so), his presumption that he speaks for all maintainers, and his accusations of unethical research remain unchallenged by this report.

I think this report should have recommened that maintainers raise possible incidents of inappropriate submissions from researchers with the TAB, rather than going on angry rants and unilaterally deciding to dump a load of extra review work on maintainers.

The TAB report on the UMN affair

Posted May 5, 2021 21:57 UTC (Wed) by gus3 (guest, #61103) [Link] (18 responses)

> his accusations of unethical research remain unchallenged by this report.

They violated the very first tenet of the Nuremberg Code: consent of the subject is essential. GK-H didn't "level an accusation." He stated a fact.

The TAB report on the UMN affair

Posted May 5, 2021 22:29 UTC (Wed) by Paf (subscriber, #91811) [Link]

Yeah, I agree with this - I don’t think anyone (at least, not anyone in authority, including at the U of M) has seriously suggested, since the reports came out, that the “hypocrite commits” work was ethical. It was clearly not.

The TAB report on the UMN affair

Posted May 5, 2021 22:48 UTC (Wed) by dvrabel (subscriber, #9500) [Link]

There are two sets of patches. The original set of 3 from 2020 (the hypocrite paper patches) and this newer set from 6 April 2021. The first set has been shown to be unethical but when Greg responds to the 2nd set on the 20 April 2021 he is making an assumption that this set is also posted in bad faith (this is a fair assumption, but Greg did not know it as a fact until later).

The TAB report on the UMN affair

Posted May 6, 2021 5:00 UTC (Thu) by epa (subscriber, #39769) [Link] (13 responses)

Aw c’mon, the Nuremberg Code? Does anyone take seriously the idea this was ‘experimenting on humans’, as if they’d dropped a new drug into Greg’s coffee without asking him? That seems like manufactured outrage to me. If you see the world like that, everyone who posts a trollish comment on LWN to see the reaction would need approval from an ethics committee. Retailers wouldn’t be able to vary their prices to see the effect on sales. Even ordinary patch submission (without the deliberate bugs) would count as an experiment on humans if later reported in a paper.

The TAB report on the UMN affair

Posted May 6, 2021 8:28 UTC (Thu) by NYKevin (subscriber, #129325) [Link]

When you are getting paid to do something by (the government/an accredited university), you are generally held to a higher standard of ethics. You need to talk to an IRB to just ask a bunch of humans *how their day is going.*

Why? Because in the past, far too many scientists said "Aw, c'mon, this isn't really that unethical, is it?" and they ruined it for everyone else.

The TAB report on the UMN affair

Posted May 6, 2021 9:51 UTC (Thu) by rmayr (subscriber, #16880) [Link] (7 responses)

[Full disclosure: I am one of the four researchers who originally raised the concern to IEEE S&P chairs in November.]

Oh, yes, this is very much considered to have been intentional research on human subjects. It doesn't only require (potential) bodily harm, but any harmful effect that can be caused by an experiment without consent - wasted time included - is unethical. By this definition, experimenting on consumers with prices is also not on the positive side of an ethical debate, though many businesses operate that way right now. In this particular case, the research was not only intentional, but intentionally deceiving, which is a step up from neutral changes to watch for an effect.

However, the important part here is that, in pretty much all democratic/liberal countries with universities funded by public money, academic research is held to a much higher standard than private businesses. Research on human subjects requires their explicit, informed consent or, in *very* limited exceptions where that consent would undermine the research goal that is in the overarching public interest, close oversight by an independent committee. An academic research group can absolutely not decide by themselves if their human subjects experiments are ethical or not, and which safeguards to put in place.

The TAB report on the UMN affair

Posted May 6, 2021 10:34 UTC (Thu) by epa (subscriber, #39769) [Link] (2 responses)

I agree that academic research is held to a higher standard and I don't doubt the researchers might be in trouble with their ethics committee (or the committee will be in trouble for having issued a waiver). What I find odd is people who have no connection to the university or academia sticking their noses in and denouncing the researchers for perceived violations of some ethics code. Surely that's a sideshow. After all the intentionally broken commits could equally have come from a private individual or even someone working undercover for an intelligence agency.

Thanks for the clarification that it is indeed considered research on a human subject. I think it is a mistake to group this kind of tail-tweaking with real nonconsensual experiments forbidden by the Nuremberg Code (which very clearly is talking about medical experimentation). But then, I'm not part of the ethics committee either, so I'm not really qualified to comment.

The TAB report on the UMN affair

Posted May 8, 2021 17:39 UTC (Sat) by NYKevin (subscriber, #129325) [Link] (1 responses)

> After all the intentionally broken commits could equally have come from a private individual or even someone working undercover for an intelligence agency.

Such a person would have been banned from submitting patches and that would have been the end of it. Indeed, that's *precisely* what happened in this case, except that everybody decided that "UMN banned" is news, whereas "John Smith banned" is not news.

The TAB report on the UMN affair

Posted May 11, 2021 6:15 UTC (Tue) by epa (subscriber, #39769) [Link]

I'm saying that intentionally broken patches could have come from a bad actor who didn't go on to disclose that they were bad and publish a paper about it. Most likely they would never be spotted.

The TAB report on the UMN affair

Posted May 7, 2021 2:18 UTC (Fri) by tytso (subscriber, #9993) [Link]

UMN, even in their most recent response, has claimed that it isn't considered Human Subject Research, so they disagree with you. I think they are full of sh*t, but they almost had to make that claim, given that the Hypocrite Commit work was funded by an NSF grant, and if they admitted that it was subject to the HSR rules, then (a) their IRB would probably in deep doodoo, and (b) they might have to refund their grant money to the NSF, and/or be subject to various disciplinary actions from the NSF. It's my understanding that a complaint has reached the NSF, and it'll be interesting to see what the good folks at NSF think of UMN's claim of, "no HSR work here"!

The TAB report on the UMN affair

Posted May 7, 2021 16:18 UTC (Fri) by nedu (guest, #50951) [Link] (2 responses)

> [Full disclosure: I am one of the four researchers who originally raised the concern to IEEE S&P chairs in November.]

You wrote "November" here, but in the TAB report, I'm seeing a Dec 1 event in the "Timeline of events".

| 2020 Dec 1:
| - Sarah Jamie Lewis & others send a letter to IEEESSP.
| https://hackmd.io/s/BJGs6Tfiw

What looks like an email published at that url seems to be undated.

Metadata in the source of that webpage seems to support a December 1, 2020 publication date. Or, simply hovering over /changed 5 months ago/ results in a tooltip.

Anyhow, this event in the TAB report's timeline is what you're referring to?

[Yesterday, I sent you an email asking about this.]

The TAB report on the UMN affair

Posted May 7, 2021 16:45 UTC (Fri) by deater (subscriber, #11746) [Link] (1 responses)

it depends if you count tweeting at the paper authors "reporting"

here's discussion of the issue in November
https://twitter.com/SarahJamieLewis/status/13306189193762...
after the paper authors had deleted the original tweet.

The TAB report on the UMN affair

Posted May 7, 2021 19:27 UTC (Fri) by nedu (guest, #50951) [Link]

As it turns out, I received an email from Rene this morning (7 May 2021 08:25:25 +0000), but entirely due to my own fault, I hadn't yet seen that reply when I posted my comment about 8 hours later.

Nevertheless, I do hope Rene takes the opportunity to discuss these late November thru first of December events here.

The email referenced in the TAB report itself contains a link to an archived Twitter exchange from 21 - 22 November 2020.

https://web.archive.org/web/20201122173246/https://twitte...

Please do scroll up to see the beginning of that Twitter exchange -- although I'm interested in discussing Kangjie Lu's tweet at the bottom, where he says, among other things:

> The paper will be available soon. [...] I can share a copy with you in email.

The TAB report on the UMN affair

Posted May 6, 2021 11:25 UTC (Thu) by Homer512 (subscriber, #85295) [Link]

I feel like even beyond any questions of ethics, kernel devs just don't need to tolerate this kind of behavior. I mean, we have a whole code of conduct which can be summed up as "Don't be an asshole."

The report mentions the case where a reviewer wasted their time trying to mentor the bad-faith contributor. In my opinion, the researchers should compensate the reviewers for their time spent.
The same goes for the last set of patches which were in good faith but so crappy that they were indistinguishable from bad faith acting. The reviewers are not beta-testers for these people's research projects. This isn't some newbie dev who needs a bit of mentoring. This is a whole research group that should have internal procedures and reviews before code leaves their department.

If the UMN acts in a way that wastes more dev time than it contributes, the kernel devs don't need to tolerate UMN devs in their community.

YES people take this seriously

Posted May 8, 2021 16:30 UTC (Sat) by david.a.wheeler (subscriber, #72896) [Link] (2 responses)

Short answer, YES. People DO take this seriously. You may not care if you're experimented on without your consent, but other people do care very much. As soon as you do experiments in the US, there are a number of rules and guidelines that are required, once humans are subjects. It can be drugs, it can be behavioral research, whatever, it doesn't matter.

The key in the US is the The Belmont Report: Ethical Principles and Guidelines for Protection of Human Subjects of Biomedical and Behavioral Research (1979), which says, “Respect for persons requires that [experimental] subjects... be given the opportunity to choose what shall or shall not happen to them… the importance of informed consent is unquestioned... the consent process [contains] information, comprehension and voluntariness [and generally includes the opportunity to] withdraw at any time from the research.” The Belmont Report is widely cited in the US as an ethical framework, it's the basis for the "Common Rule" required by US government agencies for federally-funded research.

A follow-on report, the Menlo Report (2012), was published by the U.S. Department of Homeland Security Science & Technology Directorate, Cyber Security Division, and outlines an ethical framework specifically for research involving Information and Communications Technologies (ICT). The Menlo Report adapted the original Belmont Report principles (Respect for Persons, Beneficence, and Justice) to the context of cybersecurity research & development, as well as adding a fourth principle, "Respect for Law and Public Interest." A companion report to the Menlo report provides case studies. Note that the Menlo report, since it built on the Belmont Report, also strongly emphasized the need for informed consent.

The IEEE released a statement that the paper "did not follow [ethical] guidelines". That's pretty harsh stuff in this space.

The good news is that UMN has agreed that this was a mistake. The paper's been withdrawn, and they're working to prevent recurrence. So while this affair was unfortunate, I think it's on its road to resolution.

YES people take this seriously

Posted May 11, 2021 6:24 UTC (Tue) by epa (subscriber, #39769) [Link] (1 responses)

I very much care about being experimented on. I'm just questioning whether a duff patch submission, or an April Fool's joke, or an advertisement placed in the press to see who's interested, are really on the same ethical scale as actual "experiments on humans" involving medicines, or surgery, or real world deception. By conflating the two and and trying to escalate this rather trivial timewasting into a serious ethics breach, I think people are trivializing the very serious matters that the Nuremberg Code, Belmont Report and so on are addressing.

I think penetration testing and test social engineering attacks are fairly common practice, and they don't have the consent of those who are being tested, not of the individual employees at least. My workplace regularly sends deliberately false messages as a phishing test to see who clicks on them. It's annoying, but I would not try to place it on the same ethical scale as administering drugs to employees without their consent, or deliberately depriving them of sleep to see what happens.

YES people take this seriously

Posted May 11, 2021 6:56 UTC (Tue) by amacater (subscriber, #790) [Link]

If your workplace regularly sends fake phishing emails to see who clicks:
1. It will have been signed off by somebody senior at some stage that this is appropriate.
2. It will be an authorised exercise.
3. It's probably a condition of employment that, if you're at work/using work systems then you are taken to have consented to terms of appropriate use of the system. You probably have signed up to terms of use at some point/had them pointed out to you.
4. That set of terms will permit login/security monitoring if appropriate.

If 1 and 2 don't apply, then somebody else is in breach of 3 and 4 :) If none of these
apply, you're in a similar position to the kernel devs. here.

The UMN researchers may have been unknowing/careless at best: devious and exploitative at worst. Their IRB may have been on the ball and questioned everything they saw before allowing it or they may have been unsighted/misled/not understood the scope of the work. The combined effect was that their actions impacted a bunch of third party developers, caused work, created a degree of mayhem. That's not OK.

A bunch of far smarter people than I am can argue the exact cost and harm but it's left a sour taste in the mouth for major kernel developers who are the people I rely on to provide me reliability and security every time I start my machine.

The TAB report on the UMN affair

Posted May 7, 2021 0:04 UTC (Fri) by sjj (guest, #2020) [Link] (1 responses)

Yeah, computer scientists should not try to do social science without partnering with people who know what they are doing. Law professors and economists round out the "how hard can it be?" caucus.

The TAB report on the UMN affair

Posted May 7, 2021 8:40 UTC (Fri) by Wol (subscriber, #4433) [Link]

> Law professors and economists round out the "how hard can it be?" caucus.

Along with amateur statisticians ... :-)

I seem to remember a big expensive trial we had, that got overturned on appeal on the basis "the Judge didn't understand statistics, and thought he didn't need expert advice".

Cheers,
Wol

The TAB report on the UMN affair

Posted May 5, 2021 21:57 UTC (Wed) by plugwash (subscriber, #29694) [Link] (2 responses)

Trying to understand the power balance here.

Is my understanding that Linus retains ultimate authority over what code does or does not go into Linux correct?

If-so Do we know anything about Linus's position on this issue?

Has Linus said anything on the umn issue? Has linus accepted or rejected Greg's revert patches in his tree (which I understand is considered the master Linux tree)?

The TAB report on the UMN affair

Posted May 6, 2021 19:53 UTC (Thu) by ssmith32 (subscriber, #72404) [Link]

No. Greg K-H maintains the stable branch.

https://en.m.wikipedia.org/wiki/Greg_Kroah-Hartman

Most people get their kernels from distros who can follow stable or Linus' branch, and often will carry their own patches, and perhaps some other mish-mashed combination of a bunch of things.

So I would tell you just to Google: but that would have prevented me from noticing that Mr. K-H's pic on Wikipedia is him sitting.... in Nuremberg.. coincidence is a funny funny thing.

The TAB report on the UMN affair

Posted May 7, 2021 2:56 UTC (Fri) by tytso (subscriber, #9993) [Link]

Greg's revert patches are going through the normal review process. They were reviewed by developers and when the original UMN commit was found to be valid, he dropped the corresponding revert patch. In cases where the UMN commits were found wanting, the revert commit was kept, and when appropriate, a fix-up patch was added that _correctly_ fixed the problem was added.

When the review process is completed, they will be submitted to Linus, and given the huge amount of work and review done by a large number of kernel developers, I would expect that Linus will take the patches, since they will be a strict improvement to the Linux kernel.

Tom's Hardware reported the following after they had interviewed Linus:

Saying the University of Minnesota's ban from contributing to the Linux kernel has been a popular topic of conversation among the open source community would be an understatement. Now, Linux creator Linus Torvalds has weighed in on the issue, and his response was milder than one might expect.

Whatever he did seems to have worked. Torvalds reportedly told iTWire that "I don't really know what to say" about the University of Minnesota ban. "I think the email thread is likely the most relevant information. [...] I don't think it has been a huge deal _technically_, but people are pissed off, and it's obviously a breach of trust."

The TAB report on the UMN affair

Posted May 6, 2021 9:24 UTC (Thu) by dottedmag (subscriber, #18590) [Link] (3 responses)

No kidding?

If I find a suspicious set of commits submitted into a project I work on, then “raising possible incidents with the TAB” will be the last thing on my mind. First ones:

- Immediately revert everything suspicious, even by association, until cleared;
- Notify anyone you can who might have used the code that it may contain backdoors.

The first and only priority of any project is its users, not a committee somewhere. Risking users’ security for the sake of appeasing some bureaucrats from universities is not.

The TAB report on the UMN affair

Posted May 6, 2021 11:08 UTC (Thu) by Homer512 (subscriber, #85295) [Link] (2 responses)

What exactly are you referring to? Banning further patches and reviewing all old ones so that they may be reverted was Greg's first reaction. But you can't just blindly revert 400 patches made since 2018.

The TAB report on the UMN affair

Posted May 6, 2021 11:21 UTC (Thu) by dottedmag (subscriber, #18590) [Link] (1 responses)

Well, yes, you can. That's prudent at the signs of foul play.

The TAB report on the UMN affair

Posted May 6, 2021 13:28 UTC (Thu) by gspr (subscriber, #91542) [Link]

Certainly not blindly. It may require a lot of work.

A big thanks for a whole lot of work

Posted May 6, 2021 16:20 UTC (Thu) by nedu (guest, #50951) [Link] (1 responses)

I spent a good chunk of time yesterday going through the report on the emergency re-review, so I can only imagine the amount of work that's gone into producing it.

Because I first saw the report over on LKML yesterday, I responded off-list by email with a few review comments, and in the first one of those, I said I'd post a public comment over here when I'd finished reading it.

Well, I went to sleep last night still not quite done going through the report, but at this point, I do think a big round of appreciation is in order for everyone who took time to produce this report: Thanks.

Lot of work, agree - the TAB report lists 85 reviewers

Posted May 8, 2021 16:33 UTC (Sat) by david.a.wheeler (subscriber, #72896) [Link]

I agree, a big thanks is in order. If you look at the TAB report, you'll see that they thank *85* Linux kernel developers for their re-review of UMN code. That's a tremendous amount of work in a short time.

The TAB report on the UMN affair

Posted May 7, 2021 15:05 UTC (Fri) by calumapplepie (guest, #143655) [Link] (3 responses)

I find the use of Google Drive somewhat annoying, though I do understand it (easy filesharing service). Files in google drive are vulnerable to linkrot, and are difficult to automatically archive: if you visit archive.org for these files, you get an endless loading screen. If google ever changes their URL scheme, or decides to delete a bunch of rarely accessed files, or gets , these letters will be gone. Then, Mr. Future Historian writing the history of the Fedebian Starship Operating System Kernel will be unable to read them.

Repalacing */edit and */view with */preview produces a reasonably archive-able version: not quite the .PDF source, but still pretty OK. Getting the original pdf files archived in an easy way would be harder. Fortunately for Sir Future Historian, the /preview pages for these specific documents have been preserved in the in the internet archive by some random person who then referred to that in a comment on an LWN article.

The TAB report on the UMN affair

Posted May 7, 2021 15:43 UTC (Fri) by tytso (subscriber, #9993) [Link] (2 responses)

I've seen links to web pages and pdf files saved in content management systems (such as what is used by the Linux Foundation) that have become inaccessible because when the CMS is changed, the links break. When you migrate to a new CMS, maintaining old links links is *hard*. You would think that would be easier to just dump pdf files into a static directly and let that be served up by Apache, but for large organizations, it's hard; the people who manage content generally don't have the technical ability (nor would it be safe!) to give them ssh access to the organization's web server. This is why large organizations use CMS systems, whether it's WordPress, or Drupal, or other systems.

All things considered, Drive links have a likelihood of being stable more than many other alternatives. If people really cared, I suppose the another good alternative would be archiving them in a git repo. When you push it out to some git server, such as github or gitlab, it's still not guaranteed to be stable (both of those are companies that could go away, or the user's account where the git repo was hosted could go away for any number of reasons), but at least it would be easier for multiple copies of the archive to be easily replicated. Does the Internet Archive support archiving git repos for posterity? Maybe it's something they should consider.

The TAB report on the UMN affair

Posted May 7, 2021 15:48 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

> Does the Internet Archive support archiving git repos for posterity? Maybe it's something they should consider.

I don't know about IA specifically, but LWN has had articles on archival efforts before. Found just one, but maybe the others were just Brief mentions.

https://lwn.net/Articles/693471/ "Preserving the global software heritage"

The TAB report on the UMN affair

Posted May 7, 2021 16:26 UTC (Fri) by calumapplepie (guest, #143655) [Link]

Github archived all their (active) git repositories (as of Febuary 2020) underneath a mountain: see https://archiveprogram.github.com/ .


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds