One of the biggest stories to come out in the tech industry last week was the deliberate bad patches to the linux kernel which got the University of Minnesota banned from future contributions to the Linux kernel.
When reading the article I was reminded how incredibly broken the tech industry is. I say broken because a group of people thought that it was ok to experiment on an Open Source Project without express permission. This shows that the leadership of the Computer Science faculty, and possibly the Doctoral candidates lack any form of empathy… and possibly shows how there is a lack of ethics being taught. To “experiment” on a project and the people who maintain it is not ethical. At least to me. There is a reason that security experts are taught that about responsible disclosure to make sure that problems are managed in a meaningful way to protect all parties. This was not done, at least from all the articles that I have read.
One of my friends, Ashley Hunsberger, has done a fantastic talk at Selenium Conf Berlin entitled “The death of liberal arts”. In this talk Ashley talks about how, with a testing twist, how humanities subjects can improve the way we approach our problems in the technical world.
Open Source projects already get a lot of people abusing them regularly, complaining that their poorly written bug reports are not being actioned, or that something they are benefitting from for free isn’t working the way they expect. 99% of the time the contributors are doing this in their free time. And the 1% who are paid to work on Open Source? They don’t deserve to be treated badly either. They will go above and beyond to try help but they are not to be abused. I’ve said it before that you should “hug a developer or don’t be a dick” and have even described what harassment can look like. Abusing Open Source developers just encourages people to stop doing open source.
Circling back to the original reason for blogging, the experiment could have happened if it had been planned with a little bit of empathy. I feel a social engineering project like that could be useful and a lot can be learned to improve the security of software in the Open Source world. A simple mystery shopper approach when the professors propose the subject of the dissertation with the open source project and get unanimous buy in from said open source project would have been sufficient.