4

The US military wants to understand the most important software on Earth (MIT Te...

 2 years ago
source link: https://lwn.net/Articles/901254/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

The US military wants to understand the most important software on Earth (MIT Technology Review)

[Posted July 14, 2022 by corbet]
The MIT Technology Review has posted an article on a program within the US Defense Advanced Research Projects Agency to identify threats to open-source code.

The ultimate goal is to detect and counteract any malicious campaigns to submit flawed code, launch influence operations, sabotage development, or even take control of open-source projects. To do this, the researchers will use tools such as sentiment analysis to analyze the social interactions within open-source communities such as the Linux kernel mailing list, which should help identify who is being positive or constructive and who is being negative and destructive.

(Log in to post comments)

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 18:00 UTC (Thu) by NightMonkey (subscriber, #23051) [Link]

Hmm... So, this will make more "lists" I can be on that I have no ability to contest? Now, the United States has 'no-fly' lists, will we soon have a 'no-code' list? And will the Pentagon decide if a developer can submit code to the Kernel, rather than the Kernel devs?

Of course, they probably won't address one of the biggest threats to 'open source code', namely, large corporations and governments who add "negative and destructive" friction onto individuals who are participating, or would like to participate, in Open Source development and communities. Can forcing engineers to run a locked-down Windows environment for 8-10 hours a day be seen as such a threat? ;) Call the Pentagon! :D

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 18:18 UTC (Thu) by aklaver (guest, #62352) [Link]

"... such as the Linux kernel mailing list,which should help identify who is being positive or constructive and who is being negative and destructive.". Well they are picking target rich environment. So does this mean rejecting patches identifies you as a security risk?

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 18:28 UTC (Thu) by NightMonkey (subscriber, #23051) [Link]

'“This subject kills me,” says d’Antoine of the quest to better understand the open-source movement, “because, honestly, even the most simple things seem so novel to so many important people. The government is only just realizing that our critical infrastructure is running code that could be literally being written by sanctioned entities. Right now.”'

This subject kills me, too. So, at a certain level, all code is a math expression (where it is either compiled or interpreted down to machine code). So, if an Iranian or North Korean, Russian soldier or Ukranian Azov Battalion member, or Israeli or Palestinian, or a clerk in the Pentagon says "1+1=2", does that change the truth of it? Other parts of the article basically hint at a worldview that colors the very openness of the development process as a threat.

Many people, myself included, appreciate the openness of F/OSS because the code doesn't care about your flag, your location, your mode of living, your love or hatred of arugula, or the color of your skin, or your place on the gender spectrum. Or even if you are a dog. :D (https://en.wikipedia.org/wiki/On_the_Internet%2C_nobody_k...'re_a_dog)

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 23:38 UTC (Thu) by gerdesj (subscriber, #5446) [Link]

Well at least the article stops short of accusing everyone of being closet commie bastards. Who on earth allowed that piece of tripe to worm its way out from the 1950s and rewrite itself in 2020s terms?

When you see that sort of nonsense coming out of a well respected org such as MIT as a puff piece then you know that you had better avoid being "undesirable" and start being a better person. This bloke: https://www.technologyreview.com/author/patrick-howell-on... is one role model for you who can trot out this sort of drivell without whincing.

I understand that one must dumb down somewhat when communicating with the hoi polloi and other generally unwashed types but this is an article that clearly explains to children that we can't trust open source code because we can read it at any time. You can't blindly go around trusting something you can delve into and review yourself. You should allow adults to do that for you.

I'm acutely aware of many of the flaws that turn up in FLOSS - I follow dozens of bugzillas etc and mailing lists that exhaustively discuss how to deliver next month's bugs effectively and on schedule. I have some insights into the sheer effort that say jra goes to to screw up my Samba experience or some of you lot do with delivering Linux and that corbet bloke and his dodgy website.

I also get to tread the Patch Wednesday (yes weds not tues - "let he who is without fear ...") treadmill with absolutely no idea what is going on but I do it anyway: yay - CVEs with serious sounding flaws and some jolly exciting write ups but I can't look at the code - its a bloody cargo cult thing. Getting to the bottom of some of the weirder corners of Windows is quite a challenge - for example: AdminSdHolder - who knew, until you knew! What a load of cobblers.

https://techcommunity.microsoft.com/t5/ask-the-directory-... - Why would you? That's wankery in action - We've bodged a solution/papered over some cracks and expect you to do some weird shit. Soz/lol, that's the thing you engage when you do things like create a service account that can only change passwords without being a domain admin. You fiddle with perms on a LDAP container object to give rights to a user type object and ADUC can't do that sort of thing (lol).

Anyway, I doubt that the US military hasn't noticed where their software is coming from nor how it is written.

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 18:33 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

So... Patches delivered via ICBMs?

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 18:38 UTC (Thu) by amacater (subscriber, #790) [Link]

https://en.wikipedia.org/wiki/ICBM_address maybe? [Which in turn looks like a straight copy from the Jargon File entry].

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 20:07 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Apparently, my idea is not novel. USPS has already done mail delivery via a rocket: https://www.popularmechanics.com/flight/a21601/usps-first...

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 18:40 UTC (Thu) by pebolle (subscriber, #35204) [Link]

> [T]he researchers will use tools such as sentiment analysis to analyze the social interactions within open-source communities such as the Linux kernel mailing list, which should help identify who is being positive or constructive and who is being negative and destructive.

Likewise, from today's Security quote of the week:
> Detecting hate speech is a good proxy for terrorist radicalisation. In 2018, we thought we could detect hate speech with a precision of typically 92%, which would mean a false-alarm rate of 8%.

Both quotes immediately triggered my "Snake oil" alarm.

(I do hope my alarm is calibrated correctly, because I find the approaches advocated in those quotes creepy beyond belief.)

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 22:38 UTC (Thu) by Wol (subscriber, #4433) [Link]

> Likewise, from today's Security quote of the week:

> > Detecting hate speech is a good proxy for terrorist radicalisation. In 2018, we thought we could detect hate speech with a precision of typically 92%, which would mean a false-alarm rate of 8%.

The follow-on to that is good, though ...

In 2022, now we understand the problem better, our ability to detect hate speech has gone DOWN...

Cheers,
Wol

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 19:58 UTC (Thu) by amarao (subscriber, #87073) [Link]

The best way to classify people is to see who is writing tabs instead of spaces. Those are very different groups with very little common ground and with almost no shared values.

The US military wants to understand the most important software on Earth (MITTechnology Review)

Posted Jul 14, 2022 20:57 UTC (Thu) by flussence (subscriber, #85566) [Link]

So to enact this understanding they're going to... outsource it to some of the least understandable software on the planet? Sure, throw some Machine Laundering at it, have the computer hallucinate an interpretation that reinforces existing (and probably horrifically bigoted) biases. Nothing good will come of this.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK