Linux-NFS Archive on lore.kernel.org
 help / color / Atom feed
From: Weikeng Chen <w.k@berkeley.edu>
To: tytso@mit.edu
Cc: anna.schumaker@netapp.com, bfields@fieldses.org,
	chuck.lever@oracle.com, davem@davemloft.net, dwysocha@redhat.com,
	gregkh@linuxfoundation.org, kuba@kernel.org, leon@kernel.org,
	linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org,
	netdev@vger.kernel.org, pakki001@umn.edu,
	trond.myklebust@hammerspace.com, w.k@berkeley.edu
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg
Date: Wed, 21 Apr 2021 13:27:40 -0700
Message-ID: <CAHr+ZK8xp5QU8wQHzuNkJdsP20fC=nW4B33gwMUwHY82f_u5WA@mail.gmail.com> (raw)

[This is the email that Theodore Ts'o replied to, but it fails to
reach the email server due to not using plain mode. Here I resent.]

(Note: this thread has become a hot Internet discussion on China's Twitter.)

I am a graduate student working in applied crypto, and CoI: I know one
of the authors of the S&P paper.
Some thoughts.

[1] I think the UMN IRB makes an incorrect assertion that the research
is not human research,
and that starts the entire problem and probably continues to be.

It clearly affects humans. I think UMN IRB lacks experience regarding
human experiments in CS research,
and should be informed that their decisions that this is not human
research are fundamentally wrong---
it misled the reviewers as well as misled the researchers.

---

[2] Banning UMN seems to be a temporary solution. I don't disagree.
But it still might not prevent such proof-of-concept efforts: one
could use a non-campus address.

It might be helpful to inform the PC chairs of major security
conferences, S&P, USENIX Security, CCS, and NDSS,
regarding the need to discourage software security papers from making
proofs-of-concept in the real world in wild
that may be hurtful, as well as concerns on the sufficiency of IRB
review---some IRB may lack experience for CS research.

Some conferences have been being more careful about this recently. For
example, NDSS accepts a paper on
a browser bug but attaches a statement saying that the PC has ethical concerns.
See: "Tales of Favicons and Caches: Persistent Tracking in Modern
Browsers", NDSS '21

---

[3] Let us not forget that the author is using their real campus
address and is open to such pressure.
Thus, I think the authors, as students and researchers, have no bad faith;
but they are misled that this experimental procedure is acceptable,
which is not.

Sorry for jumping in...

Weikeng

             reply index

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-21 20:27 Weikeng Chen [this message]
     [not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com>
2021-04-21 19:49 ` Theodore Ts'o
2021-04-22  7:50   ` Eric Biggers
  -- strict thread matches above, loose matches on Subject: below --
2021-04-07  0:16 Aditya Pakki
2021-04-07 15:34 ` J. Bruce Fields
2021-04-08 15:01 ` Trond Myklebust
2021-04-08 15:24   ` Olga Kornievskaia
2021-04-08 16:02     ` Trond Myklebust
2021-04-20  7:15 ` Greg KH
2021-04-20 17:10   ` J. Bruce Fields
2021-04-21  5:10     ` Leon Romanovsky
2021-04-21  5:43       ` Greg KH
2021-04-21  6:08         ` Leon Romanovsky
     [not found]         ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com>
2021-04-21  8:15           ` Greg KH
2021-04-21 10:07         ` Sudip Mukherjee
2021-04-21 10:21           ` Greg KH
2021-04-21 11:58             ` Shelat, Abhi
2021-04-21 12:08               ` Greg KH
2021-04-21 12:19               ` Leon Romanovsky
2021-04-21 13:11                 ` Trond Myklebust
2021-04-21 13:20                   ` Leon Romanovsky
2021-04-21 13:42                     ` Steven Rostedt
2021-04-21 13:21                   ` gregkh
2021-04-21 13:34                     ` Leon Romanovsky
2021-04-21 13:50                       ` gregkh
2021-04-21 14:12                         ` Leon Romanovsky
2021-04-21 18:50                         ` Alexander Grund
2021-04-21 13:37               ` J. Bruce Fields
2021-04-21 13:49                 ` Leon Romanovsky
2021-04-21 13:56                   ` J. Bruce Fields
2021-04-22 19:39                     ` J. Bruce Fields
2021-04-23 17:25                       ` Leon Romanovsky
2021-04-23 18:07                         ` J. Bruce Fields
2021-04-23 19:29                           ` Leon Romanovsky
2021-04-23 21:48                             ` J. Bruce Fields
2021-04-24  7:21                               ` Leon Romanovsky
2021-04-24 18:34                               ` Al Viro
2021-04-24 21:34                                 ` J. Bruce Fields
2021-04-25  0:41                                   ` Theodore Ts'o
2021-04-25  6:29                                     ` Greg KH
     [not found]                                       ` <20210426133605.GD21222@fieldses.org>
2021-04-26 13:47                                         ` J. Bruce Fields
2021-04-22  8:10             ` Sudip Mukherjee
2021-04-22  8:27               ` Greg KH
2021-04-21 12:51       ` Anna Schumaker
2021-04-21 14:15         ` Leon Romanovsky
2021-04-21 15:48           ` Theodore Ts'o
2021-04-21 17:34             ` Mike Rapoport
2021-04-22  3:57               ` Leon Romanovsky
2021-04-21 22:52 ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHr+ZK8xp5QU8wQHzuNkJdsP20fC=nW4B33gwMUwHY82f_u5WA@mail.gmail.com' \
    --to=w.k@berkeley.edu \
    --cc=anna.schumaker@netapp.com \
    --cc=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=davem@davemloft.net \
    --cc=dwysocha@redhat.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=kuba@kernel.org \
    --cc=leon@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pakki001@umn.edu \
    --cc=trond.myklebust@hammerspace.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-NFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-nfs/0 linux-nfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nfs linux-nfs/ https://lore.kernel.org/linux-nfs \
		linux-nfs@vger.kernel.org
	public-inbox-index linux-nfs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-nfs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git