From: Weikeng Chen <w.k@berkeley.edu>
To: tytso@mit.edu
Cc: anna.schumaker@netapp.com, bfields@fieldses.org,
chuck.lever@oracle.com, davem@davemloft.net, dwysocha@redhat.com,
gregkh@linuxfoundation.org, kuba@kernel.org, leon@kernel.org,
linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org,
netdev@vger.kernel.org, pakki001@umn.edu,
trond.myklebust@hammerspace.com, w.k@berkeley.edu
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg
Date: Wed, 21 Apr 2021 13:27:40 -0700 [thread overview]
Message-ID: <CAHr+ZK8xp5QU8wQHzuNkJdsP20fC=nW4B33gwMUwHY82f_u5WA@mail.gmail.com> (raw)
[This is the email that Theodore Ts'o replied to, but it fails to
reach the email server due to not using plain mode. Here I resent.]
(Note: this thread has become a hot Internet discussion on China's Twitter.)
I am a graduate student working in applied crypto, and CoI: I know one
of the authors of the S&P paper.
Some thoughts.
[1] I think the UMN IRB makes an incorrect assertion that the research
is not human research,
and that starts the entire problem and probably continues to be.
It clearly affects humans. I think UMN IRB lacks experience regarding
human experiments in CS research,
and should be informed that their decisions that this is not human
research are fundamentally wrong---
it misled the reviewers as well as misled the researchers.
---
[2] Banning UMN seems to be a temporary solution. I don't disagree.
But it still might not prevent such proof-of-concept efforts: one
could use a non-campus address.
It might be helpful to inform the PC chairs of major security
conferences, S&P, USENIX Security, CCS, and NDSS,
regarding the need to discourage software security papers from making
proofs-of-concept in the real world in wild
that may be hurtful, as well as concerns on the sufficiency of IRB
review---some IRB may lack experience for CS research.
Some conferences have been being more careful about this recently. For
example, NDSS accepts a paper on
a browser bug but attaches a statement saying that the PC has ethical concerns.
See: "Tales of Favicons and Caches: Persistent Tracking in Modern
Browsers", NDSS '21
---
[3] Let us not forget that the author is using their real campus
address and is open to such pressure.
Thus, I think the authors, as students and researchers, have no bad faith;
but they are misled that this experimental procedure is acceptable,
which is not.
Sorry for jumping in...
Weikeng
next reply other threads:[~2021-04-21 20:28 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-21 20:27 Weikeng Chen [this message]
[not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com>
2021-04-21 19:49 ` [PATCH] SUNRPC: Add a check for gss_release_msg Theodore Ts'o
2021-04-22 7:50 ` Eric Biggers
-- strict thread matches above, loose matches on Subject: below --
2021-04-07 0:16 Aditya Pakki
2021-04-07 15:34 ` J. Bruce Fields
2021-04-08 15:01 ` Trond Myklebust
2021-04-08 15:24 ` Olga Kornievskaia
2021-04-08 16:02 ` Trond Myklebust
2021-04-20 7:15 ` Greg KH
2021-04-20 17:10 ` J. Bruce Fields
2021-04-21 5:10 ` Leon Romanovsky
2021-04-21 5:43 ` Greg KH
2021-04-21 6:08 ` Leon Romanovsky
[not found] ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com>
2021-04-21 8:15 ` Greg KH
2021-04-21 10:07 ` Sudip Mukherjee
2021-04-21 10:21 ` Greg KH
2021-04-21 11:58 ` Shelat, Abhi
2021-04-21 12:08 ` Greg KH
2021-04-21 12:19 ` Leon Romanovsky
2021-04-21 13:11 ` Trond Myklebust
2021-04-21 13:20 ` Leon Romanovsky
2021-04-21 13:42 ` Steven Rostedt
2021-04-21 13:21 ` gregkh
2021-04-21 13:34 ` Leon Romanovsky
2021-04-21 13:50 ` gregkh
2021-04-21 14:12 ` Leon Romanovsky
2021-04-21 18:50 ` Alexander Grund
2021-04-21 13:37 ` J. Bruce Fields
2021-04-21 13:49 ` Leon Romanovsky
2021-04-21 13:56 ` J. Bruce Fields
2021-04-22 19:39 ` J. Bruce Fields
2021-04-23 17:25 ` Leon Romanovsky
2021-04-23 18:07 ` J. Bruce Fields
2021-04-23 19:29 ` Leon Romanovsky
2021-04-23 21:48 ` J. Bruce Fields
2021-04-24 7:21 ` Leon Romanovsky
2021-04-24 18:34 ` Al Viro
2021-04-24 21:34 ` J. Bruce Fields
2021-04-25 0:41 ` Theodore Ts'o
2021-04-25 6:29 ` Greg KH
[not found] ` <20210426133605.GD21222@fieldses.org>
2021-04-26 13:47 ` J. Bruce Fields
2021-04-22 8:10 ` Sudip Mukherjee
2021-04-22 8:27 ` Greg KH
2021-04-21 12:51 ` Anna Schumaker
2021-04-21 14:15 ` Leon Romanovsky
2021-04-21 15:48 ` Theodore Ts'o
2021-04-21 17:34 ` Mike Rapoport
2021-04-22 3:57 ` Leon Romanovsky
2021-04-21 22:52 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHr+ZK8xp5QU8wQHzuNkJdsP20fC=nW4B33gwMUwHY82f_u5WA@mail.gmail.com' \
--to=w.k@berkeley.edu \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dwysocha@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pakki001@umn.edu \
--cc=trond.myklebust@hammerspace.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).