[2], p. 30: "Predation by nonnative and/or nuisance species. Predators, such as nonnative cats, dogs and foxes, as well as native crows and ravens, that are thriving in human-altered environments. The City policy of
removing cats and foxes has been effective and beneficial for the
burrowing owls."
[3]: "There are many factors that could explain the low numbers. The owls are ground-nesting, living in holes hollowed out by squirrels. That can leave them vulnerable to a long list of predators, including foxes, skunks and raccoons. Feral cats are considered the worst of the lot, preying on owls as well as the small birds and rodents that make up the owls' main food supply. In fact, a released cat last year ended up mauling one prolific male owl, Kleinhaus said."
[5] appears to concern burrowing owls in Black Hills National Forest, which is substantially different from Mountain View.
[9] does not call out cats specifically, but does recommend "[r]educing adult mortality rates by preventing the use of harmful rodenticides near
occupied habitat and reducing the threat from non-native predators" on p. 22.
Preservation plans - when they even mention cats - put them dead last on the list of reasons.
>[2], p. 30: "Predation by nonnative and/or nuisance species
YES, dead last, right after:
- Systematic and regular grading on a large scale destroys prime foraging
and nesting habitat
- Insufficient high-quality foraging habitat
- Insufficient mowing during the breeding season to maintain nesting
habitat
- Disturbance by vehicles going off-road, leading to erosion (of habitat)
- Formal and informal trails and unofficial roads in owl habitat
Notice anything common with al of the above?
>The City policy of removing cats and foxes has been effective and beneficial for the burrowing owls
Yeah, the city thinks it's doing a god job as the population went down to zero. Also, notice the foxes. Also, notice that these were not the neutered cats in Google's TNR program that were potentially dangerous. Also...
[3]: Great, evidence of one owl being mauled by a cat. Again, notice that this is the last thing mentioned.
[5]: Oh, so this is different. Just like feral, un-neutered cats roaming the city are different from neutered cats fed by Google's TNR proram. Anyway, again, cats aren't called out.
[9]: "does not call out cats specifically" - isn't that what I said?
Citation 3 of the linked paper is https://twitter.com/who/status/1243972193169616898. I don't see how a tweet by the WHO beginning with "FACT: #COVID19 is NOT airborne" can be construed as anything but a denial that COVID-19 is airborne.
IANAL, but the claim that this research was exempt under 45 CFR 46.104(d)(2) seems suspect to me. (i) doesn't seem to apply because Linux kernel developers are required to go by their real names for licensing reasons (cf. the rules regarding Signed-off-by). (ii) seems dubious given that the authors themselves argue that they need reviewer consent to release information about the authors' malicious patches. Note in particular that both exemption categories are concerned with what information the researchers have ("information ... recorded" in (i), "any disclosure ... would not" in (ii)), not what they publish, so the idea that they need consent to publish this information seems to imply that they needed consent to collect it.
My biggest point of confusion from article is that regulation(s) do not require explicit consent from human subjects on use of there's time, irrespective of what information is collected.
I don't think the attack described in the paper actually succeeded at all, and in fact the paper doesn't seem to claim that it did.
Specifically, I think the three malicious patches described in the paper are:
- UAF case 1, Fig. 11 => crypto: cavium/nitrox: add an error message to explain the failure of pci_request_mem_regions, https://lore.kernel.org/lkml/20200821031209.21279-1-acostag.... The day after this patch was merged into a driver tree, the author suggested calling dev_err() before pci_disable_device(), which presumably was their attempt at maintainer notification; however, the code as merged doesn't actually appear to constitute a vulnerability because pci_disable_device() doesn't appear to free the struct pci_dev.
This is not to say that open-source security is not a concern, but IMO the paper is deliberately misleading in an attempt to overstate its contributions.
The ethics in big-lab science are as dire as you say, but I've generally got the impression that the publication imperative has not been driving so much unethical behaviour in computer science. I regard this as particularly cynical behaviour by the standards of the field and I think the chances are good that the article will get retracted.
FWIW, Qiushi Wu's USENIX speaker page links to a presentation with Aditya Pakki (and Kangjie Lu), but has no talk with the same set of authors as the paper above.
It's good to call out bad incentive structures, but by feigning surprise you're implying that we shouldn't imagine a world where people behave morally when faced with an incentive/temptation.
I dislike feigned surprise as much as you do, but I don't see it in GP's comment. My read is that it was a slightly satirical checklist of how academic incentives can lead to immoral behavior and sometimes do.
I don't think it's fair to say "by feigning surprise you're implying..." That seems to be putting words in GP's mouth. Specifically, they didn't say that we shouldn't imagine a better world. They were only describing one unfortunate aspect of today's academic world.
Here is a personal example of feigned surprise. In November 2012 I spent a week at the Google DC office getting my election results map ready for the US general election. A few Google engineers wandered by to help fix last-minute bugs.
Google's coding standards for most languages including JavaScript (and even Python!) mandate two-space indents. This map was sponsored by Google and featured on their site, but it was my open source project and I followed my own standards.
One young engineer was not pleased when he found out about this. He took a long slow look at my name badge, sighed, and looked me in the eye: "Michael... Geary... ... You... use... TABS?"
That's feigned surprise.
(Coda: I told him I was grateful for his assistance, and to feel free to indent his code changes any way he wanted. We got along fine after that, and he ended up making some nice contributions.)
Why should we imagine this world? We have no reason to believe it can exist. People are basically chimps, but just past a tipping point or two that enable civilization.
We'd also have to agree on what "behave morally" means, and this is impossible even at the most basic level.
Usually "behave morally" means "behave in a way the system ruling over you deems best to indoctrinate into you so you perpetuate it". No, seriously, that's all there is to morality once you invent agriculture.
Hypothetically if these patches were accepted and was exploited in the wild; If one could prove that they were exploited due to the vulnerabilities caused by these patches can the University/ Prof. be sued for damages and won in an U.S. court (or) Would they get away under Education/Research/Academia cover if any?
Not an attorney but the kernal is likely shielded from liability by it's license. maybe the kernal could sue the contributers for damaging the project but I don't think the end user could.
Malicious intent or personal gain negate that sort of thing in civil torts.
Also US code 1030(a)5 A does not care about software license. Any intentional vulnerability added to code counts. Federal cybercrime laws are not known for being terribly understanding…
Question for the Kinesis folks: does the height bother you at all? I've been considering buying a Kinesis Advantage, but in a comfortable seating position, with my forearms and thighs level with the ground, there's not much space between my arms and legs. I'm currently using a relatively short keyboard, on a keyboard tray, at work, and already find myself bumping the keyboard tray with my legs fairly frequently.
My forearms are tilted upwards very slightly; the kinesis is indeed a bit "high" and my desk has no keyboard tray, nor is the height adjustable. It does bother me in the sense that I would prefer to have my forearms level or tilted slightly downwards. On the other hand, it doesn't feel like my setup is causing any actual discomfort or ergonomic problems.
I use my Advantage directly on my legs without a keyboard tray. In that configuration the height of the Advantage is very nearly optimal. At least for me, it naturally puts my arms into an ergonomically suggested posture with my arms straight down, bent to approximately ninety degrees, my wrists held straight onto the palm rests.
[2], p. 30: "Predation by nonnative and/or nuisance species. Predators, such as nonnative cats, dogs and foxes, as well as native crows and ravens, that are thriving in human-altered environments. The City policy of removing cats and foxes has been effective and beneficial for the burrowing owls."
[3]: "There are many factors that could explain the low numbers. The owls are ground-nesting, living in holes hollowed out by squirrels. That can leave them vulnerable to a long list of predators, including foxes, skunks and raccoons. Feral cats are considered the worst of the lot, preying on owls as well as the small birds and rodents that make up the owls' main food supply. In fact, a released cat last year ended up mauling one prolific male owl, Kleinhaus said."
[5] appears to concern burrowing owls in Black Hills National Forest, which is substantially different from Mountain View.
[9] does not call out cats specifically, but does recommend "[r]educing adult mortality rates by preventing the use of harmful rodenticides near occupied habitat and reducing the threat from non-native predators" on p. 22.