WingNews logo WingNews
top | item 37504912

(no title)

hp6 | 2 years ago

While the topic is intriguing, I dislike the use of "public services" for this type of research. For instance, adding substances to a water reservoir to study their effects is unacceptable, without permission or supervision. Similarly, conducting such research without Wikipedia's permission/supervision should not be accepted.

discuss

order

kmeisthax|2 years ago

Someone tried something similar but with higher risk: inserting security backdoors into the Linux kernel. They were caught and (AFAIK) their entire school was permabanned from sending pull requests.

tobyjsullivan|2 years ago

I'm of quite the opposite opinion. Within reason (importantly), I believe any public service, which is also managed by an anonymous, decentralized community, ought to be under test constantly and by anyone. What's the alternative, really?

Imagine if it was taboo to independently test the integrity of bitcoin for example.

The sibling mentioned the linux kernel case. I admit that one felt wrong. It was a legitimate waste of contributor time and energy, with the potential to open real security holes.

I don't pretend to have reconciled why one seems right to me and the other wrong.

dataflow|2 years ago

> Imagine if it was taboo to independently test the integrity of bitcoin for example.

> The sibling mentioned the linux kernel case. I admit that one felt wrong.

> I don't pretend to have reconciled why one seems right to me and the other wrong.

The "how" is what matters here, not just the "what". "Testing the integrity of Bitcoin" by breaking the hash on your own machine (and publishing the results, or not) is one thing. "Testing" it by sending transactions that might drain someone else's wallet is quite another. Similarly with Linux, hacking it on your own machine and publishing the result is one thing. Introducing a potential security hole on others' machines is another. Similarly with water: messing with your own drinking water is one thing. Messing with someone else's water is quite another.

hp6|2 years ago

I think the key difference is supervision, is there another party keeping an eye on what is tested and how. And maybe insuring no permanent damage is done at the end.

dredmorbius|2 years ago

That's frankly one of the first thoughts that came to my mind.

I've asked the author about ethical review and processes on the Fediverse.

That said, both Wikipedia and the Linux kernel (mentioned in another response to this subthread) should anticipate and defend against either research-based or purely malicious attacks.

tetris11|2 years ago

If it's a mature product, you should be able to pick it up and rattle it without it breaking. If it's still maturing, then maybe the odd shock here and there will prepare it for maturity?

viknesh|2 years ago

I think one would have to weigh the pros and cons of this kind of research. In particular, the main cons (IMO) are:

* users are misled about facts * trust is lost in Wikipedia * other users/organizations use this as a blueprint to insert false information

Harm 3 seems to be the most serious, but I suspect it has happened/will happen irrespective of this research. As opposed to the water reservoir example, these harms seem quite small by contrast. I would have liked to see a section discussing this in the blog post, but perhaps that's included in the original paper.

hakre|2 years ago

Everything was reverted with 48 hours, your arguments might all apply theoretically but given scope, size, practice and handling, I wonder - apart from the theory - what your opinion is how they practically apply for this case.