| It's also reactionary. There was social pressure and the threat of being perma-banned as an institution from contributing to the kernel. The decision was made under duress. It's not surprising it was withdrawn. > for experiments on human subjects informed consent is required in advance By such simple logic A/B testing is unethical. And that may be the case. Still, it's not exactly clear in this case where to draw the line and who/what the subject is. There's a comment elsewhere in this thread that sums the situation up better than I can: https://news.ycombinator.com/item?id=26985631. I've read the paper and honestly I have a mixed impression. It certainly is respectful and doesn't come off as "we're going to be super malicious and mega waste everyone's time and fuck with the kernel maintainers for fun and science". It does not aim to experiment with humans in order to study how humans socially react to a breach of trust in a high trust collaboration. That was not their goal at all. Arguably, as laid out pretty explicitly in the paper, the experiment is not on human subjects but rather on a system of collaboration used primarily by open source projects. It happens that the system is operated by humans. Are you testing the humans, or stressing the system? Is making crafted investments in the market for the sole purpose of studying the validity of a hypothetical model unethical? Is it research on humans because the market is a human endeavor operated by humans? These are genuine questions. There are also different ethical frameworks. No harm was caused by this research. In fact, the only real harm to humans has been Greg berating a person (because of their proximity to past research and perceived sloppy patches) who offered legitimate patches some of which actually fixed bugs in the kernel. Clearly Greg didn't even take the time to understand the patches he just categorically dismissed them all because he had a bone to pick. Now the kernel is down a contributor who's contributions clearly have utility. Back to the paper, even if it presents the obvious for people working on open source projects, it, like is the status quo in security research, is the working example of the exploit. In my experience people don't give a shit about perceived vulnerabilities until they become real vulnerabilities. As a kernel user, I actually value this research more than the alleged waste of time it may have caused for maintainers. I'm not the only one who feels this way. Sometimes to effect change you need to light a fire under somebody's ass. So the paper is valuable to some subset of people. It provides utility. It did no harm to computer system or humans. You see what I'm getting at.. there are ethical frameworks under which this paper is clearly ethical (even if you concede it directly and explicitly aimed to experiment on humans, which I debate). Ideally the researchers would have asked Linus and Greg if they could perform the research on their project so they wouldn't feel out of the loop and attacked/culpable when the research was published. I do hope everyone's learned their lesson in that regard. Anyway back to Greg, you're really moving the goal posts. We can agree 100% that the paper is unethical. The fact is simply irrelevant when considering whether it's right to piss on some student at UMN who presented valid albeit sloppy patches to the kernel in a gesture of good faith in order to try and improve the state of security. It's a breach of the kernel's own community guidelines, at the very least! |