[FRIAM] Meanwhile, back on the troll farms

[Marcus Daniels]

Nick writes:

< Let’s say I was an evil genius and wanted to introduce evil code into a project on github.  What would happen?  >

Typically the person maintaining the project will require modestly-sized patches that are described one at a time.  They will “pull” these changes from the contributors branch into their branch.
They will want the code in a style they are comfortable with, and they’ll want to be able to understand it well enough that they could change it.   It’s like giving an article to an editor.

If the contribution is large and complex, then it may basically need to be taken on faith, and rationalized over time by the maintainer.    That would be the most direct way to get a malicious code into distribution.   Make it too valuable to ignore, but too complex to understand in a short amount of time.   Code that directly performed malicious things would be noticed, but more subtle would be, say, for a government to get someone hired at a large firm, and plan with/for them to leave exploitable holes in the form of non-obvious bugs.

To screw up models like this?   Dunno.   Advisory committees might discourage use of available and relevant data on grounds of expedience or turf.    The remarkable effectiveness of just denying reality seems to work just fine for this administration, so I don’t see why to posit there are any evil geniuses at work.    Also academics can be amazingly petty, caring more about their reputation/citations in their small circle of expert frenemies, than in doing anything that really makes an impact.   It’s probably pretty easy for a biased administration to fan the flames of those conflicts via funding intermediaries to serve whatever political goals.

Marcus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redfish.com/pipermail/friam_redfish.com/attachments/20200507/8b862230/attachment.html>