It took 'over 80 different developers' to review and fix 'mess' made by students who sneaked bad code into Linux

Re: not just umn.edu

Making submitting bug fixes to an Open Source project prohibitively difficult would probably be the worst outcome of this debacle.

It's already annoying enough having patches ignored for months without being asking for bank account and social security details.

Re: not just umn.edu

Those other identities / personas won't be "trusted" by the kernel developers, so there's no reason to worry about them. They were only successful because they were associated with a group that has been reliable and trustworthy in the past. Unless they have similar connections to other organizations, it's a non-issue.

Re: not just umn.edu

And I wonder how much code is being sneaked in by the NSA and other 3/4 letter agencies?

Open Source seems to have descended into Open Farce.

Re: not just umn.edu

They didn't do this for security. They do review all the PRs that get merged, so it's not a case of blindly trusting someone from a domain name. This is a method of indicating displeasure with the university. The university approved the study which they consider offensive, and they're hoping that the block on it will indicate to the interested parts of the university that the Linux kernel developers aren't pleased with what they did. Anyone at the university can still contribute by using a different email address. It's not in any way intended to be a security feature.

Re: not just umn.edu

The banning of the UNM email addresses was not just to punish the individuals but the University that approved the project. The board that approved this project are both idiots and incompetent.

It will be difficult for UNM to recruit new CS students with this ban in place and hopefully it will also impact their ability to garner financial support. One can only hope!

Re: not just umn.edu

Yea, but never mind all of those from all those State Actors in China, US, Russia, Iran, UK, Israel, etc.

Re: The only sane thing to do

"You. Do. Not. Fuck. Around. With. Critical. Infrastructure."

The someone should tell Red Hat to have a sit down with Lennart and have the big boy pants talk again. The world relies on Linux as a server OS, he needs to stop treating it like his own personal desktop OS.

If you are thinking about introducing major breaking changes, ask first, then LISTEN. Building is the last step, not the first.

Re: The only sane thing to do

So the Linux patch validation infrastructure was so bad that a bunch of dippy college students was able to upload bad patches into the kernel.

Yes, what they did was bad, but why has no one called the Linux maintainers onto the carpet? Instead of them looking at their processes and find out what needed to change, they decided to come down on the entire University of Minnesota and punish them.

If this had been Microsoft that had punished the University everyone would be screaming bloody murder.

But apparently the Linux guys are held to the same standard.

Re: The only sane thing to do

I still have an active umn.edu account. I find it bemusing that thanks to this event, any submissions I make to the kernel will be rejected. I'm inept enough of a programmer that any of my submissions should be rejected anyway.

Re: The only sane thing to do

Oiseau,

Like Doctor Syntax said when this was news here at ElReg:

You. Do. Not. Fuck. Around. With. Critical. Infrastructure.

Linux is in a bit of a grey zone in this regard. The Linux kernel devs give absolutely no guarantees whatsoever on Linux's integrity, correctness, etc. And that is entirely fair enough, it's a volunteer OSS project. Thank you all who participate.

However, they do seem to want to be seen to be "doing things properly". And then the likes of RedHat layer their own veneers of professionalism on top, but they also pass on the same license exclusions about reliability, and so forth.

So the people owning all the risk where it's used in critical infrastructure is the owners of that infrastructure. I'm one such person.

And I agree, I don't particularly care for how this whole thing has been handled. I'm not going to complain to the kernel devs about it due to the inevitably of the conversation about aforementioned license terms and conditions and volunteer status.

However, it's incidents like this that give RedHat and Ubuntu a serious problem. Thus far they have more or less stayed in lockstep with the Linux kernel project, though RedHat do do a lot of their own kernel maintenance. Thus far that lockstep has been OK. But what do they do if the Linux kernel project disintegrates?

My biggest concern in this regard is that RedHat decide to decouple their tree from the remnants of the Linux kernel project and go it alone. Which potentially means Poettering gets to control it. And it wouldn't be long before Ubuntu are forced into following suit as other projects like Gnome and Systemd start requirimg a RedHat kernel.

What's the likelihood of that outcome? I reckon it comes down to how long Linus Torvalds stays in charge. He can be a deeply unpleasant person, but he does have a tight grip on the Linux kernel project. With him gone, it could be mere months before there's a breaking schism with Lennart leading the pack with the heaviest club.

Now that really is a future to plan for and avoid.

Re: The only sane thing to do

You. Do. Not. Fuck. Around. With. Critical. Infrastructure.

But ill-intentioned people do, all the time. If it's that crititical it's up to the maintainers to make sure that You. Cannot. Fuck. With. It.

You wouldn't expect a bank to allow random strangers to submit financial transactions, even if you could revert them if/when they were detected, so why should the OS that the bank systems are running on be treated any differently?

Re: The only sane thing to do

> I was unpleasantly surprised (very) to learn that pull requests to the Linux kernel code were accepted solely on the basis of its provenance.

But that's true of anything. The validation process is merely another source of provenance. You are just changing who's provenance you are trusting, that is, you are now trusting the provenance of whoever is doing (or wrote) the validation process.

You can't get away from that, at some point you are trusting someone's provenance, whether it be that of someone who peer-reviews the pull request, or the people who wrote the code that does an automated validation (can you trust the people who wrote the compiler or the standard libraries?).

The best you can do is reduce the number of entities who's provenance you implicitly trust, you can't eliminate it entirely.

In almost all forms of development co-operative development structures - ones that assume no malice - are orders of magnitude faster than those that assume malice. In many ways kernel development has been lucky that no-one has tried this before. The effort involved in back filling the development process with mechanisms to ensure this doesnt happen again would be considerable.

Interestingly the people who are going to suffer most are the new chip/ concept developers.

SystemD will find it much much harder to get new 'features' added. Bug fixes like the dreaded buffer overflow will probably be easy to check and approve by normal methods.

Re: 80 devs

the umn.edu domain is not comparable to the gmail.com domain, nor (really) the hotmail.com domain. its more like theregister.co.uk.

Re: Student loan refunds?

Having to put "University of Minnesota" in the education section of your CV is punishment enough, perhaps?

There are however, proverbs about learning and making mistakes which could be construed in a positive light. It is the *learning* aspects of those sayings which is the crucial part, at the end of the day.

Re: Student loan refunds?

There are not many people who will even know this happened, and most who do are smart enough to realize that you can still learn a bunch of valuable computer science stuff without having anything to do with the project. The really smart ones will just check if the applicants were on the paper, which they're almost certainly not, and treat the university as they would have already.

Unfortunately I feel you are right. Was it a stupid stunt? Sure. However it did (apparently) prove exactly their point. The commits were accepted. Yes, revising /checking other people's code is hard work. I know. I force my colleagues to do exactly that, also with my code, and boy did we find stuff (also in my code). It is necessary though. Could I do it for the Linux kernel? No way. It is written in the wrong language for me, and I'm not a good enough programmer to do this (by quite a bit).

So: thanks to the gals and guys doing the hard work! I'll need to start contributing again through a translation project or so.

I would argue that the entire computer science department at this University "Did A Stupid Thing". Possibly extend that upwards to management.

Deliberately inserting malicious code into computer systems without permission is a crime. A University needs to have a system to ensure their research is conducted legally.

So yeah - it's not about a bunch of random kids at a University. It was an official University-approved research project (and not a particularly insightful one at that).

Re: Those saying that this is a reason to distrust Linux...

You may be onto something there. I know of several people who were paid by MS to not work for other companies. They dont really work for MS on anything useful - they are given a sandpit and lots of resources and a good living to keep them amuses but MS has no real use for them. I guess many other large companies do the same. I wonder if they keep them in their sandpits or let them do 'something useful' when they realise they are merely being kept unproductive on purpose.

Re: Those saying that this is a reason to distrust Linux...

Anyone whose opinion even remotely matters already knows about the "get hired in the company and insert a backdoor" attack. It's what security services are paid to do.

That these students were allowed to break the law to "test" something that has been documented to happen a million times before is insane.

Re: Those saying that this is a reason to distrust Linux...

Those saying that this is a reason to distrust Linux...need to bear in mind that disruptive influences could infiltrate any organisation. [...] It could happen to Microsoft, Apple, Amazon, Google, Facebook, etc. etc...

Is it you're assertion that "disruptive" influences haven't already happened to Micros~1? I submit Windows 10 as Exhibit A...err, wait...make that Exhibit V...that Micros~1 is in and of itself a disruptive influence.

But I digress...Back to slamming systemd.

Re: Automated testing..

I'm a bit surprised that there are people who are still against automated regression testing, but perhaps less so that they are unable to articulate their objections.

Yes. If you are known to the maintainers and they trust you, whatever you submit is blindly accepted on faith. If you, meanwhile, have been paid by, say, China or the CIA or the FSB to slip something nasty into the code, there's no way they could know, because they don't check your code.

They may 'review' it to check that you're not doing something really dumb, like using old, deprecated system calls, that sort of thing, but other than that... Help yourself.

Re: I do feel that someone's laying it on a bit thick....

Windows is modular, certainly more so than Linux.