From: Weikeng Chen <w.k@berkeley.edu> To: tytso@mit.edu Cc: anna.schumaker@netapp.com, bfields@fieldses.org, chuck.lever@oracle.com, davem@davemloft.net, dwysocha@redhat.com, gregkh@linuxfoundation.org, kuba@kernel.org, leon@kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org, netdev@vger.kernel.org, pakki001@umn.edu, trond.myklebust@hammerspace.com, w.k@berkeley.edu Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg Date: Wed, 21 Apr 2021 13:27:40 -0700 [thread overview] Message-ID: <CAHr+ZK8xp5QU8wQHzuNkJdsP20fC=nW4B33gwMUwHY82f_u5WA@mail.gmail.com> (raw) [This is the email that Theodore Ts'o replied to, but it fails to reach the email server due to not using plain mode. Here I resent.] (Note: this thread has become a hot Internet discussion on China's Twitter.) I am a graduate student working in applied crypto, and CoI: I know one of the authors of the S&P paper. Some thoughts. [1] I think the UMN IRB makes an incorrect assertion that the research is not human research, and that starts the entire problem and probably continues to be. It clearly affects humans. I think UMN IRB lacks experience regarding human experiments in CS research, and should be informed that their decisions that this is not human research are fundamentally wrong--- it misled the reviewers as well as misled the researchers. --- [2] Banning UMN seems to be a temporary solution. I don't disagree. But it still might not prevent such proof-of-concept efforts: one could use a non-campus address. It might be helpful to inform the PC chairs of major security conferences, S&P, USENIX Security, CCS, and NDSS, regarding the need to discourage software security papers from making proofs-of-concept in the real world in wild that may be hurtful, as well as concerns on the sufficiency of IRB review---some IRB may lack experience for CS research. Some conferences have been being more careful about this recently. For example, NDSS accepts a paper on a browser bug but attaches a statement saying that the PC has ethical concerns. See: "Tales of Favicons and Caches: Persistent Tracking in Modern Browsers", NDSS '21 --- [3] Let us not forget that the author is using their real campus address and is open to such pressure. Thus, I think the authors, as students and researchers, have no bad faith; but they are misled that this experimental procedure is acceptable, which is not. Sorry for jumping in... Weikeng
next reply other threads:[~2021-04-21 20:28 UTC|newest] Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-04-21 20:27 Weikeng Chen [this message] [not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com> 2021-04-21 19:49 ` Theodore Ts'o 2021-04-22 7:50 ` Eric Biggers -- strict thread matches above, loose matches on Subject: below -- 2021-04-07 0:16 Aditya Pakki 2021-04-07 15:34 ` J. Bruce Fields 2021-04-08 15:01 ` Trond Myklebust 2021-04-08 15:24 ` Olga Kornievskaia 2021-04-08 16:02 ` Trond Myklebust 2021-04-20 7:15 ` Greg KH 2021-04-20 17:10 ` J. Bruce Fields 2021-04-21 5:10 ` Leon Romanovsky 2021-04-21 5:43 ` Greg KH 2021-04-21 6:08 ` Leon Romanovsky [not found] ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com> 2021-04-21 8:15 ` Greg KH 2021-04-21 10:07 ` Sudip Mukherjee 2021-04-21 10:21 ` Greg KH 2021-04-21 11:58 ` Shelat, Abhi 2021-04-21 12:08 ` Greg KH 2021-04-21 12:19 ` Leon Romanovsky 2021-04-21 13:11 ` Trond Myklebust 2021-04-21 13:20 ` Leon Romanovsky 2021-04-21 13:42 ` Steven Rostedt 2021-04-21 13:21 ` gregkh 2021-04-21 13:34 ` Leon Romanovsky 2021-04-21 13:50 ` gregkh 2021-04-21 14:12 ` Leon Romanovsky 2021-04-21 18:50 ` Alexander Grund 2021-04-21 13:37 ` J. Bruce Fields 2021-04-21 13:49 ` Leon Romanovsky 2021-04-21 13:56 ` J. Bruce Fields 2021-04-22 19:39 ` J. Bruce Fields 2021-04-23 17:25 ` Leon Romanovsky 2021-04-23 18:07 ` J. Bruce Fields 2021-04-23 19:29 ` Leon Romanovsky 2021-04-23 21:48 ` J. Bruce Fields 2021-04-24 7:21 ` Leon Romanovsky 2021-04-24 18:34 ` Al Viro 2021-04-24 21:34 ` J. Bruce Fields 2021-04-25 0:41 ` Theodore Ts'o 2021-04-25 6:29 ` Greg KH [not found] ` <20210426133605.GD21222@fieldses.org> 2021-04-26 13:47 ` J. Bruce Fields 2021-04-22 8:10 ` Sudip Mukherjee 2021-04-22 8:27 ` Greg KH 2021-04-21 12:51 ` Anna Schumaker 2021-04-21 14:15 ` Leon Romanovsky 2021-04-21 15:48 ` Theodore Ts'o 2021-04-21 17:34 ` Mike Rapoport 2021-04-22 3:57 ` Leon Romanovsky 2021-04-21 22:52 ` Guenter Roeck
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAHr+ZK8xp5QU8wQHzuNkJdsP20fC=nW4B33gwMUwHY82f_u5WA@mail.gmail.com' \ --to=w.k@berkeley.edu \ --cc=anna.schumaker@netapp.com \ --cc=bfields@fieldses.org \ --cc=chuck.lever@oracle.com \ --cc=davem@davemloft.net \ --cc=dwysocha@redhat.com \ --cc=gregkh@linuxfoundation.org \ --cc=kuba@kernel.org \ --cc=leon@kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-nfs@vger.kernel.org \ --cc=netdev@vger.kernel.org \ --cc=pakki001@umn.edu \ --cc=trond.myklebust@hammerspace.com \ --cc=tytso@mit.edu \ --subject='Re: [PATCH] SUNRPC: Add a check for gss_release_msg' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).