Slashdot Mirror
Before You Fire the Company Geek
An anonymous reader writes "A new 'insider threat' survey by the US Secret Service and Carnegie Mellon University finds that 82 percent of people who hack their company 'exhibited unusual behavior in the workplace prior to carrying out their activities.' A somewhat amusing writeup at washingtonpost.com points to a bunch of more interesting gems hidden deep in the study, including: 'Almost all - 96 pecent - of the insiders were men, and 30 percent of them had previously been arrested, including arrests for violent offenses (18 percent), alcohol or drug-related offenses (11 percent), and non-financial-fraud related theft offenses (11 percent).' The blog post also notes that 86 percent held technical positions at the companies: '...if you're going to fire someone (particularly company geeks who have the motive, means and access to inflict pain on your computer systems) make double sure you cut off their e-mail and network access at the same time you hand them their walking papers.'
The survey went on to say that the remaining 18 percent of people 'exhibited unusual behavior in the workplace while carrying out their normal daily activities.'
Don't cha know...
The NSA: The only part of the US government that actually listens.
Seriously, though, sabotaging your former or current network is just a plain dumb idea, especially if it is/was your job to keep this sort of thing from happening. In the final analysis, the only real thing an I.T. professional possesses is their reputation. Trash that, and you'll find it difficult to secure further employment.
____
~ |rip/\/\aster /\/\onkey
They're assuming we already haven't taken control of everything else... who needs email when you control the elevators and doors... :)
Don't anthropomorphize computers, they don't like it.
make sure they don't run the email system first.
The revolution will NOT be televised.
Should be from the-captain-of-the-obvious-department.
'exhibited unusual behavior in the workplace prior to carrying out their activities.'
Refering to management?
Kiss my bass.
- 96 pecent - of the insiders were men
:)
- The insiders ranged in age from 17 to 60 years (mean age = 32 years)
OSTG user statistics (Including Slashdot).
- 97% of OSTG readers are men
- average age is 29
Too bad OSTG doesn't have crime statstics for Slashdot readers
I think we should have this for our next poll!
Worst arrest of your lifetime:
1. Never. I'm a law abiding citizen.
2. Never. I run away.
3. A few misdemenors
4. Violent offense
5. Alcohol or drug-related offenses
6. Non-financial-fraud related theft offenses
7. I'm writing this from death row.
8. I stole the money, burned down the office and now live on a beach in Fiji with my red stapler.
94% of Repubs and 21% of Dems voted to renew the Patriot Act
.. remember to give him a wedgie, for old times sake.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Also, if you're going to fire an accountant, it's a good idea to audit the accounts they dealt with particularly carefully, and if you're going to fire a security guard it's a good idea to collect their pass and master keys as they leave.
Of course, not screwing staff so badly that they are prepared to risk retaliation is also a good move.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Hmm, statistics. I wonder how those numbers compare to people who simply work in IT and don't hack? I'd say 96% being men isn't all that unusual, and I would not be surprised if 11% of the general population has alcohol/drug offences already.
The problem with stats is that they generally never give you a baseline. Without that they are meaningless.
not to mention the CEO's SSN and criminal records ...
-- Tigger warning: This post may contain tiggers! --
Sounds vaguely familiar...http://www.theregister.co.uk/odds/bofh/
I found the "Any" key.
Muuuuuuuuuuuuuuhhhhhhhhhhhhhhhhaaaaaaaaaaaaahhhhhh hhhhhhhaaaaaaaaaa
Fear the wrath of the Geek!11!!1111!!!
The smart geek will keep an emergency back up admin account around. While it may sound like he's planning something evil with it (AKA fuck with me and I fuck you over, which it could be used for). He could also be making sure theres always a back up if things goto hell and someone tries gains access and tries to take out all the admin accounts.
It's like keeping a spare house key hidden in the garden or getting a second set of keys cut for your car and keeping them in a safe place.
I like muppets.
New study determines criminals exhibit criminal behavior...
...you don't even have to be capable of hacking anymore. Act strangely enough and you can subtlely extort your company for continued employment. What a great idea!
This is, after all, almost an order of magnitude more effective than screening for alcohol, drugs, or felony convictions.
-+-+-+-+-
Don't blame me for posting like a PHB. This is how they think, and the fact that it gives them a business excuse to play Charlie with his IT Angels probably won't hurt either.
Lacking <sarcasm> tags,
If your boss is a big enough Dick to fire you when you didn't deserve to be fired, he'll get his eventually.
Just sit back and be patient.
I had to wait six years but it was worth it when the MF fell off a ladder at home and crippled himself.
It does eventually come around.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Make sure you have another geek at least as good as the one you're going to fire, to do the security checks first before you break the news to them. Otherwise you could have all sorts of interesting surprises on your network; who would think to connect a break-in months later with a terminated employee who didn't seem all that upset when he/she left?
After all, revenge is best served cold, right?
Paleotechnologist and connoisseur of pretty shiny things.
So you're saying that many of the people stupid enough to get caught, thus contributing to this survey's statistics, had been caught before doing other things? Can you say "self-selecting group"?
Nerd Rock In Progress
Now the good news: almost all of them got caught.
Well, no... almost all of the ones they know about got caught. How many incidents were simply covered up? How many of the really good ones made it look like a typical software-gone-bad-and-erased-the-data?
We all know that crime statistics are highly skewed by the reporting process...
500GB of disk, 5TB of transfer, $5.95/mo
I guess I get it as far as policy goes, but I experienced this a year ago from a large corporation when I got laid off... My manager came to my desk and did the perp walk with me to the office. Told me that in the interest of cutting cough costs the company was willing to offer me a one year severance package and let me go.
I said, "You're offering me a one year severance package???" He looked confused, but said, "yes".
I said, "Well then I respectfully decline your offer.... I would like to continue working for this company."
He said, "It's not optional."
I said, "Then you're not offering anything to me, you are doing something to me."
A couple of notes about the treatment therein:
In my career at this company I had received the highest award given by the company and was flown to a special ceremony to present my project and receive that award.
Bottom line here: you don't have to be a criminal, act like a criminal, or even be suspected of being a criminal to be treated like one....
Unusual behaviour? How do you define that, especially considering the fact that we are talking about geeks here? I, for one, would not want to meet your average geek acting more unusally than usual in a dark alley. Unless unusal behaviour among geeks is acting usually, of course. Then I'd invite them over for tea.
I hear there's rumors on the Slashdots
"30 percent of them had previously been arrested, including arrests for violent offenses (18 percent), alcohol or drug-related offenses (11 percent), and non-financial-fraud related theft offenses (11 percent)."
These numbers also represent the population of the United states as a whole. Yes 30 percent of the US population has been arrested before. more than 20% have a felony on their record and so on. So to paint these people as anything other than ordinary citizens is silly. They simply represent the whole equally as the whole represents itself. Nothing unusual here.
What if you are the ONLY one that controls the access to system? You can't say to that person, "We need your root password because we're going to fire your ass and we need to change it so you can't access the system anymore. Oh, and by the way, can you show us how to do that?"
It's like "looking busy" at your employment - it's actually easier to do real work than to fake it. - bmo
So what if they cut off their email and computer privileges at the company? They are GEEKS. They run the system, they probably made the system. If they want to get into it bad enough, they will (should have backed up all that pr0n before).
Nothing can stop them if they really get pissed off and want to get into the system..
That means that, if you need to get your computer fixed, get it done the next two days, or it will be months before it will get fixed.
So 41.16 were acting wierd, 41.65 had grievances?
And 100% researchers show signs of random rounding up or down based on mood even within a single study.
If programs would be read like poetry, most programmers would be Vogons.
Short of a felony conviction, that's hard to do. We're a migratory culture and the fact is that no ex-employer wants to do a competitor a favor by giving them information about a candidate -- especially when any negative comments could result in a lawsuit.
Lacking <sarcasm> tags,
Logs? What logs?
Too bad they didn't do a story on those people that machine-gun the HR department, and give us the breakdown there.
Zhrodague.net - I do projects and stuff too.
When I was let go from AOL-TimeWarner they cut me out of my email and server access before the phone call (I had a feeling more than just a server crashed that day) - then they wanted to have a security guard escort me out and watch me as I pack my box of belongings - thank g-d my cow-orker offered to watch, rather than a guard. Sure take precautions but don't make people feel like criminals!
I think that the submitter of the article wanted to say "angry nerds" and not "company geeks" in the title. Every single company geek that I've ever known was a harmless person who did not mind being overemployed and undervalued. Nerds, on the other hand, did not last too long due to their inability to socialize and fit into office culture.
For this particular reason, I prefer not to deal with zealots or opinated freaks who are usually easy to spot during the first round of interviews. So far, it was easy for me to spot who I did not trust with a pencil and a piece of paper, let alone a production server.
I had to do this once for an employee that was being let go. The managers first called myself and one of the other administrators into the office and explained that we were to change all the root, admininistrator, and shared login (administrative but not OS related) passwords and disable the employee's accounts. When we got up to leave the office, we passed the guy coming down the hall to meet with the manager. When we were just about done with the lockdown, the guy was escorted to his desk and allowed to gather his possesions and then escorted out of the building.
Best poll idea ever. I haven't laughed so hard in a while.
If you're firing a administrator you really have to go through the entire network they had access to and check every system for things like email responders, cron jobs, scripts. Ugh it's a huge task. It's really fairly simple to add a difficult to find backdoor to someones network.
Deleted
That's quite coincidental. The company I work for fired a sys admin last week for drug abuse, and we are at this very second combatting a DoS attack from him. He's also using our servers to route spam to all over the place hoping to get our servers listed on spam blacklists so that we can't use corporate mail.
interesting....
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I'm suprised to find (just checked) that my former boss, in a small business I sysadmin'd at, still has the same email password - 1.5 years after me being laid off. Even thou I remember the pswd it remains confidential, w/ no reason for abuse (the drop off in business wasn't his fault, and they treated me pretty good during the good times).
Just wish someone there had the sense to take care of such things!
try { do() || do_not(); } catch (JediException err) { yoda(err); }
When I fired the sysadmin, we not only cut off all of her email and network access, we forced a 100% password change to trigger immediately, and manually went to everyone with VPN access and watched them do it right at that moment with secure passwords that we assigned to them.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
Here's what the survey doesn't say. That sometimes employers decide to retaliate against employees who point out problems or cause what management thinks is trouble. These employees often find themselves the targets of investigations.
All surveys like this do is give ammunition to corporate management to investigate who they want, when they want, expect even less privacy and create conditions of employment so egregrious that the IT worker becomes chattel.
As it is, there are systems to monitor web surfing, chat conversations, phone conversations, VOIP decoders for phone conversations that aren't analog, cameras, keystroke loggers, mail server agents that look for keywords, policies against the use of encryption, etc etc.
With blood tests and mandatory screenings for crime history, blood history, pretty soon genetic history of family disease (company insurance is expensive you know they don't need any cancer heads) there will be no part of a worker's life that isn't controlled by the corporation that employs them.
Surveys like this one cull fear in IT shops, fear of insider attacks, of competitive disadvantage brought about by unscrupulous employees. When, in fact, it's employers for the most part who engage in espionage and frame workers. It's easy and efficient. Want to get rid of that guy nearing his pension? Put some kiddie porn on his hard drive.
We don't need any more tools to spy. We need some fucking national legislation to curb the uncontrolled police state that exists inside the corporations of the world.
Higher capacity (more than ten) clips are now more available due to a recent law change. Hollow points aimed at chest and head should achieve a good kill count, while the limbs will just result in a lot of injuries. Ideally you should finish your spree with a suicide. Aim the barrel into your mouth pointing upwards. Obliterate the brainstem.
Using ear protection and even body armor is recommended. You don't want any discomfort before you kill yourself.
Transcend Humanity. Please.
'Uh, Ted, as our only IT guy, could you go ahead and disable your own e-mail and network access; we're firing you this afternoon.'
As a footnote, "Cybercrimes" have been demonized sufficiently to be lumped in with outright "terrorism", despite the poorly defined actual damages such crimes cost. Trespassing in a system is enough to land you in prison, so if you're a geek and get laid off/ fired/quit it's probably in your best interest to avoid former employer's systems.
Now, sending an assesment of their systems' security holes along with a request for a positive reference is a different story...
"wow. our last day at initech."
... they wanna ban us on capitol hill - cos it's DIE MOTHERFUCKER DIE MOTHERFUCKER DIE STILL...
"can't believe they had security escort us out. like we're going to steal something."
"*beat* i stole something"
"oh yeah. guess we all did."
"no. i stole something else."
"what did you steal?"
"call it... a going away present."
if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
in the name of all that is holy can we please not have a multitude of "I'm soooo powerful" posts from disgruntled technical support monkeys and other assorted computer janitors. Just don't do it folks, that sort of thing was played out before there even was a WWW, no need to go there again.
Don't fire Michael and Samir. Especially if they have a friend named Peter - who checks out that chick on channel 9. Whooo!
doesn't she look like anne?
... that I never even attempted to go back and hack the company I was fired from even after a very long time there!
Remember, I am your friend !
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Yeah...apparently, God pushed him off a ladder.
____
~ |rip/\/\aster /\/\onkey
When I left my old company as a regular worker, I was surprised that my user account was still active a month later. This was after the company had several incidents of firing a Black temp who arranged for a friendly co-worker to log into their account to send out an email about how the Latino supervisor was a racist slave driver. That starts an email thread where everyone jumps in claiming that it was all true. Then HR would start a lengthy investigation to prove that it wasn't all true. I heard that the company's solution to that problem was to take email accounts away from the temps and promote the supervisor to manager. Go figure...
I've actually had to do this twice - once when a Sys Admin changed departments (bizarrely enough to become an asbestos surveyor), and again when we dropped a contractor. In both cases we changed all passwords before informing them. What makes it difficult is getting all the passwords out of them first - asking them to write down all their passwords and document all their systems tends to arouse suspicion... Then again, the ethics of management at my place are apallingly Stalinesque.
"If he were a plant, people would roll him up and smoke him."
Of the people in the technical field who hack their computers, an overwhelming majority of them are Men... let's see if I can re-write that statement.
Of the people in the technical field, an overwhelming majority of them are Men...
Seems like "hacking the company computer" is irrelevant... I'd even bet that the percentage is about the same.
Ok, so let's continue. Of the people who hack the computers (assuming they have been arrested and convicted of the crime, establishing guilt), a minority of them have been arrested before.
How much you wanna bet that of all criminals, about 30% of them are repeat offenders?
Gee, more meaningless statistics from a university.. who woulda thunk it...
When I was let go, they did disable my accounts and email. They also changed the administrator passwords and the passwords of everyone in IT. I advised them at the time that they should require that everyone change their password. But they never could recognize good advice when it bit them on the ass. To come to the point, about a month later, I was to able to get in to retrieve some personal files and email with no difficulty (nothing business related, probably never should have had the stuff on their server to begin with). If I'd been inclined, I could have wiped out everything, and with their piss-poor backups, they'd have been toast.
It's been over two years now, but I'd be willing to bet that I could still get access through an account or two whose passwords have yet to be changed.
Oh joy, 1 in 10,000 commit the crime and now we're all under the inquisition (demonstrating to us how, motive, and purpose). Or will be anyways once the article makes it to Wall Street Journal and Newsweek.
The steps beyond walking him out should be done by another techie, and not just an MCSE.
ALL passwords should be obtained before he leaves, and ALL should be changed immediately to randomized strings.
All user accounts should be audited.. if its not supposed to be there, remove it or change its passwd.
Audit all incoming ports.
Force EVERYONE at the company to change their passwords to newer better ones. Any techie at a company remembers many others' passwords, especially if its like their last name etc.
Take immediate backups of important servers and keep em seperate.
Or you could simply give him a fat severance package.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
...if you're going to fire someone (particularly company geeks who have the motive, means and access to inflict pain on your computer systems) make double sure you cut off their e-mail and network access at the same time you hand them their walking papers.'
It seems to me the real way to address the problem is to do a background check when you hire these people.
You can fire me, but then some good old fashioned time bomb code will execute.
Doh, did I say that aloud!
If a company is above board and decent dealing with employees, it will seldom encounter insider attacks and will be fully justified prosecuting them. Notify an employee of an impending layoff when the decision is made. Don't give bogus performance reviews just so that you can fire someone without giving them the severance package. Don't expect people to work overtime training their overseas replacements.
:-)
On the other hand, companies that use underhanded tactics should be barred from suing ex-employees that are doing things just comparable in sleaziness. Don't expect to get back those nice gadgets that he took home
Its getting interesting how slashdot seems to be linking google ads with its story content now (see below)
Ads By google
Free Address Histories
Free Public Record Search/Results. Full Background w/Criminal $20.
www.ZabaSearch.com
Online Background Check
Perform a Background Check on Almost Anyone.
Records-Search.Net
Background Checks
Do Background Checks on Anyone. Get Criminal History Records now!
www.SafeSpy.net
Top 10 Reasons To Procrastinate
10.
In the company I work for, the IT guys are some of the most peaceful, least-freaky individuals present. They seem to genuinely want to help me if anything is messed up. I'd worry more about firing janitors. Those dudes can DO shit to toilets that would rock your world...and leave your office smelling like New Jersey in the spring.
It's not as simple as that. Most companies should run their systems with the mentality that everyone is out to get them. The goes double for bigger companies. Backups and security should be of great importance. Employees should not be given access to things that they should not have access to, especially if their activities are questionable. Passwords that that person had access to should be changed and memos should be issued informing everyone that person is no longer with the company. If access was gained through someone elses account that person must be disaplined. If there are known flaws in the system, fixing those flaws should be put as high priority. Never allow such a person to have a high level of access and never allow such a person to be the only person with root. Occassional check ups on what activities are going on and checking logs should be done.
The company should take some responsability to this as well, after all if the person has a history of violence, criminal activity and overall bad references, why the hell would the company hire them and think they would think about the best interest of the company?
Everyone hates statistics, but its not the stat itself thats bad, it's the interpretation. In this case, we're looking at the demographic of digitially destructive perps. Sure, it would be nice to have a full breakdown indicating the trend of male vs females or first time offenders, in the IT population and in the general population. But, we don't. We have to make do with the perfectly useful statistics (for the purpose of describing the offenses). I don't see a problem there.
In many IT things, there is an 80% rule: ...
1)About 80% of Security is people and policy
2)About 80% of Knowledge Management is people and policy.
3)
Lots of research has shown that 80% of stolen "confidential information" is done by personel who work for the company.
Just remember, Tech is ~20% of the solution. Bad management is about 80% of the problem;)
Cutting thier access really doesn't help. Because I have a HUGE list of usernames/passwords stored in the old noggin.
These numbers also represent the population of the United states as a whole. Yes 30 percent of the US population has been arrested before. more than 20% have a felony on their record and so on.
I call BS on this one. Prove it.
I don't know what the actual numbers are, but I know you're way off. A good friend of mine was a police officer in an anti-gang unit in southern CA. Even within bad neighborhoods the statistics weren't this bad.
Every company over a certain size has a Milton.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
You just watch your mark and when something bad finally happens to them, you can be happy about it.
I think it's really important to differentiate "fire" -- hey, this guy is really bad for us and we need to get rid of him ASAP due to some actionable offense -- and "lay off" -- hey, we have a redundancy, or something.
When firing geeks (having had to do this once), I think you need to do so with extreme prejudice -- take away access while they're talking to HR, lock down, etc.
When laying off geeks, I prefer for the rules to be different. The person has done nothing wrong, we don't think they're an active threat and, until about five minutes ago, we trusted this person with our data -- because, presumably, we believed them to be honourable people. They've not stopped being honourable people because we've laid them off, and we shouldn't treat them as such.
Been laid off twice in my life:
First time was while I was responsible for a large group of geeks. We merged with another company and on the last day of the merger activities, I had the conversation with HR. New CIO had his own person and figured (accurately) we wouldn't get along. HR wanted to walk me out, I wanted to stay the evening because we were concluding a month of activity connecting the two companies. Ended up going up to the President of the company and saying "hey, I was responsible for this, I want to see this finished." He said "hey, no problem. Nothing personal." I stayed, we finished the connections, and then we went out and got stinking drunk.
Second time was at a financial services company which was, by far, the most paranoid, employee-hostile company I've ever worked in. Thankfully, the CIO was far more sane. When he was forced to let me go, and I packed my stuff, I offered him the opportunity to look through what I was taking to make sure nothing was inappropriately taken (they didn't watch me pack). he declined, for the "hey, we trusted you until ten minutes ago" reason above.
Just gor treated in an ugly way by Procter & Gamble
My God, have you been reading some of the comments being posted here on Slashdot? I'm reading comment after comment after comment about how people are 'protecting themselves' 'just in case' and how others 'got even' with 'that evil company'. It seems to me that surveys aren't really needed to generate fear; a good number of IT people are doing a pretty good job of doing that on their own.
The 97% male thing is fully expected, though. I bet that the other 3% are visually indistinguishable from males.
Whoever corrects a mocker invites insult;
whoever rebukes a wicked man incurs abuse.
--Proverbs 9:7
I had a similar incident, I reported a serious payroll security error to pay roll, the next day HR was talking to IT and management in the same room, then I get called over.
Then they fired me a week later for various things that were on my computer, saying I broke policies in their hand book, when the hand book clearly say that I could do 6-8 of the listed things.
The problem was never fixed, the companies records still can be tainted, and they fired me because they feared I would access the records.
When I came into work I wasn't allowed to login to a computer, phone, or use anyone else's terminal. I dedicated 2 years to the company and they decided to slap me because they couldn't trust me.
Most of my friends at the company said I should of left them a surprise, taken down the network, sabotage here and there, but I couldn't imagine doing it.
They lost one of their best employes as far as I'm concerned, I hope the worst for the company after the my last friends leave.
I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
Spammers I worked for did just that. "Oh, since I'm the manager, I should have sudo access.."
Then when the "It's just not working out" crap from the newbie manager (the silk suit wearing little prick) comes, you realize exactly why they demanded access to particular machines.
Otherwise, I'm sure that forcing the new sysadmin to do a quick password recovery wouldn't be too far off the mark.
"The study examined 49 insider attacks, carried out between 1996 and 2002"
... The results are questionable as there is not enough data for reliable statistical analysis.
49 cases in 6 years
if you're going to fire someone (particularly company geeks who have the motive, means and access to inflict pain on your computer systems) make double sure you cut off their e-mail and network access at the same time you hand them their walking papers.'
well, duh!
If you're going to fire somebody, it just might be because their behaviour was not up to par. It is only common sense to restrict their behavior when terminating them.
"you're fired. We never want to see you again. your paychecks end today, you deserve no severance pay, and don't even think about asking for a reference. But feel free to access our entire network for the next 48 hours, with full root access." What does go on in some people's heads?
We don't need any more tools to spy. We need some fucking national legislation to curb the uncontrolled police state that exists inside the corporations of the world.
This is getting a bit off topic and political/philosophical, but this type of thing is why I've been advocating a system of law that holds all officially organized groups of people - government bodies, corporations, unions, same difference - to the same rules and standards. When we've got global corporations with as many people as some states or even nations, why shouldn't they be held to the same code of conduct as those states and nations? Give them the same benefits, require of them the same responsibilities. Historically, government bodies don't behave much differently than for-profit corporations anyway...
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
They just treat all out going employees like criminals. It used to be that people would give two weeks notice when leaving and that was OK. Then they started walking people out the same day they gave notice to prevent perceived problems that never occured. Now they bitch that people only give one day notice when leaving and wonder why.
Meeting A, morning = you're getting laid off. Boxes are placed in your cubes and your computers are dismantled while you're in the meeting. Phones are cut off. Network drops are disabled.
Meeting B, afternoon = you get to hear about the layoffs that morning.
I was one of the meeting B folks back in 2001, but boy, did I wish that I was part of A - the severance packages were nice.
Unusual for geeks:
Bathing
Brushing Teeth
Combing Hair
Getting Haircuts
Dressing up (more than jeans and a T-Shirt)
Doing well with the ladies
Seriously, parts of this have applied to many geeks I have known (including me). Would be curious if anyone else has any other things to add.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Drats, and I would've gotten away with it if it wasn't for those pesky /.'ers and their stupid dog!
Why am I on Slashdot? I'm bored. Why am I bored? I'm on Slashdot.
They collected the data but then jumped to a very wrong conclusion and issued a prescription that, IMHO, will cause MORE harm to companies than it will prevent.
The "geek" who has been a major player in running the show will be able to break in and do harm if he wants to. If he's of a criminal or revenge-prone he may already have installed a bunch of stuff - and if he's just doing his job he probably has emergency backdoors and the like in case the normal paths break.
And while ordinary users may not have this sort of access, many of them WILL have been able to accumulate other users' passwords and the like. They too can get in and do damage.
IF you motivate them.
The decision is between giving them notice and an opportunity to gracefully disengage from the company, versus pulling the plug and THEN telling them they're fired. The gentle departure versus the knife in the back.
As someone who has been in the business for decades, I have been laid off from time to time. The usuall procedure has been to give notice and allow the soon-to-be-ex employee to gracefully shut down or redirect his correspondence, clean out his virtual desk, and take advantage of the company email for the first phase of his job hunt. Doing this creates warm fuzzies all around - the social net is intact, mutual recommendations will be forthcoming at all opportunites, if the company ever had need for me again (eventually it did) I'd hire on with no qualms.
Exactly ONCE I've had the no-notice shutdown. By a PHB who did it that way "because that's how it's done". (No doubt he'd seen trade journal articles like the one above.)
I was furious.
I COULD have done major damage to the company's IT infrastructure - but for my scrupulous honesty in business dealings (even with scumbags).
As it was, when the PHB in question later did a startup and found himself in need of my talents, I didn't even bother to reply to his offer. How can you trust someone like that? You can imagine how I advised anyone considering hiring him or going to work for him.
Now imagine doing that to someone who is not just able, but willing, to take revenge for any slight. These people are NOT rare - if you have a hundred employees, chances are you have at LEAST one.
As a friend who was a union organizer once said to me: "The workers will give you what you ask them for. Ask for quantity and you get quantity. Ask for quality and you get quality. Ask for trouble and you get trouble."
The surprise plug-pull is asking for trouble.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Also, we find it best to fire people on Fridays. Studies have shown there's less of a chance of an incident.
9. CowboyNeal.
73% of the statistics are made up
Python script to convert photos into "artsy" portraits: http://p2pbridge.sf.net/pyPortrait/
This is exactly why the movie Minority Report sucked. After all that happened with Tom Cruise's character, he was still able to get back into the building using the retinal scan as access. That point in the movie killed it for me because I knew all his access privileges would have been revoked as soon as the crap hit the fan for him. People just don't think about that kind of stuff sometimes.
...All I can say is that my life is pretty strange...
In the US this is not true, at least as a general statement. Under the doctrine of At-will employment you can be fired at any time for (almost) any reason.
Many of these posts talk about the need for company-wide security measures, but it's awefully hard to demand immediate action from business partners/customers if the employee happens to have access to things over there too.
So yeah, cover the internal systems but make sure business customers are immediately notified of the employee's termination in case accounts beyond the employer's control exist.
A syllogism consists of a conclusion that follows by necessity given that the preceding two premises are true. You give an example of affirming the consequent, but the form of the argument given doesn't follow as such. It was primarily a case of exhibiting that the sets of two ideas, that, while each idea in a set is similar, are not commensurate because of the scope of the statistics.
Well if you don't screw over your employees when you fire them, then they probably won't screw you over. I mean, there is a nice way of doing everything. Give the person two weeks severence (at least), give them good references, be nice about it....yea they will be upset (who wouldn't be if they get fired) but at least it will reduce the chance of them wanting vengeance upon you.
I mod down so you can mod up. Your welcome.
No, he is saying he greased the ladder.
I have a linux box named allevil. So when I'm admining, I'm the root of allevil.
Nobody at my office could lock me out if their lives depended on it.
Vote Quimby!
Also, in almost every state, even the notice itself (written) is optional. The exceptions are generally state employees or employees with contracts explicitly demanding written notice.
This is too funny. This exact scenario just happened at the company my friend used to work for (my friend wasn't fired, his co-worker from IT was and they just called my friend looking for help).
Mike, did you write this Slashdot story after getting fired and hacking your old company?
My lame blog.
Amen, brother! And you can pick out the angry nerds responding to the article. The whole idea of "I deserve this job, pay me and leave me alone" was never true, but after the wretched excesses of dot com era, somehow an awful lot of people got that stuck in their heads. Now that they have to do actual (gasp!) work and deal with (horror!) people, the angry nerds are finding that there are plenty of other qualified company geeks who are more than happy to do the work and deal with the people without being antisocial assholes.
And those are the guys (and girls) that I hire. Believe me, there's a lot to be said for a shop where everyone gets along most of the time.
That's if they find the 6 back doors and the hole I put in the firewall.
...And that's called Job Security...
_______________________________
"I'm not Conceited...I'm just a realist..."
...is when the company fires the only *smart* IT guy and does not find a replacement or replaces him/her with someone that has no idea what they are doing. This could lead to the new guy futzing things up and having the PHB launch an investigation on the guy that they canned.
Anyone ever have that happen to them?
At the bottom of this page:
All syllogisms have three parts, therefore this is not a syllogism.
The sad part about this is that geeks are getting laid off more often than they get laid...
...is not really the fact that "disgruntled former employees can damage things." If you read the case studies (and not the statitics), you see that MOST of the attacks could have been prevented by better policies, and the decisions that made the companies in question vulnerable were ones that could have been addressed.
By the time you're contemplating firing someone, it's a little late to start wondering if there's a trapdoor in your system...
Read the case studies. You see issues like "only having one person with root access", "not having a clear and comprehensive policy on HOW to cut off someone's access", "allowing phyiscal access to machines logged on as root with no protected screen saver," "Not checking for trapdoors," "Not checking that accounts are actually owned by who they should be owned by," etc...
The takeaway that most of us should take from this study is NOT "who do we think is most likely pull a nutter and take down the system?" It's "what sort of access/activities are most likely to be used by a disgrunteled former employee, and how can we prevent those activities?"
Read the case studies, and see what sorts of actions people took. Then think about "if someone wanted to do this to my network, could they? And if so, how would I stop them?"
By the time you're setting up the exit interview with HR for your soon-to-be-departed employee, it's too late to start thinking about this.
When you hire their replacement, be SURE that the replacement is competent enough to do the job.
Recently the "public domain" department fired the lead manager that engineered and maintained the CG channels across the state. the VP fired him and hired a replacement that is manager only with ZERO tech skills. Now they are whining that they have nobody to take care of their gear, refuse to spend money to have it fixed and are trying to pawn off the responsibility to other departments instead of tellingthe VP that she is a screw up and needs to either hire another employee to fill the need or fire the one they hired and hire someone who is capable of doing the job.
many times the "Geek that was fired" is replaced with someone that is horribly underqualified for the position but had an impressive list of certifications and holds a Masters Degree... nevermind it's in hotel management, let's make him the Technical Manager!
If your company has a strong reliance on the employee to be ejected, be damn sure you start NOW in getting information you need to operate from him/her. nothing like finding that all his files are GPG'd on the company computer and all you get is a "number is no longer in service" when you try to contact him.
Do not look at laser with remaining good eye.
Just walk away when the human-resources situation can't be repaired. Any mysterious problems in their systems, they'll think of people who had access to them but left on bad terms. No matter what the actual technical problem turns out to be; it's just human nature.
Best policy is to make sure the network administrator locks you out of every last system you had access to. Remind them of any logins they may have forgotten about to make sure this gets done. You want to be a million miles away from any future technical problems they might have.
org.slashdot.post.SignatureNotFoundException: ewg
Damn, that's harsh.
How long did it take you to bounce back and find other work?
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Fire me if you will. But hear my warning, for I have written shell scripts that shall replace you all, and on my last day they shall be loosed upon you all!
(insert dramatic music here)
Muw-ha ha ha ha!
If you're so stupid the references you give are going to say bad things about you, you deserve to be unemployed.
Forever.
One stat not presented was business types included in this survey. From personal experience I've seen small businesses (less than 150 employees) without a centralized HR presence do very stupid things when getting rid of staffers in the know. I don't know if this is consistent with other larger companies that are but my current employer (with the central HR) tends to be better about killing access first, getting rid of them second.
This is the OJ Simpson fallacy.
Statistically its the p(A|B) (the probability of A given B when the correct statistic is p(B|A)- the probability of B given A.
If you think of them as overlapping circles inside a unit circle (ie a Venn diagram) you can quickly see that they do not have to be related in any way other than that one cannot be zero and the other non-zero.
...if i had points.
It's illegal to fire someone because of their age. I'd send a friendly letter from your lawyer asking, "Were other people who had less seniority than my client terminated to cut costs? If no, why was he chosen? Why wasn't he offered a similiar position within your company if his department was closed?"
As the baby boomers age, I'd say this is going to become a common thing. Corporations who lie about their financial status to terminate expensive senior employees should be prosecuted very harshly.
Good guess?
You forgot the security guard's gun, of all things.
just means he can ride the subways all day long muttering about crap because that is where his new home will be.
There no disability cheques. There is no safety net of any kind left to pay for anything.
Like the sing on the Prarie Home Companion: "We're all Republicans now."
If he DOES need help, he'll end up being treated in a prison psych ward.
But only if he's arrested in the right state.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Oh, wait.
That absolutely critical bit of information isn't in there, now is it?
As you implied and I'm going to say:
This is an absolutely piece-of-crap study that's as useless as tits on a bull.
Sabtage helps.
All those salaries were insured so the company actually recoup the losses on death benefits, survivors' expenses, recruiment of replacements, all expenses except whatever the company the company deigns to give out to the grieving widowers, widows and orphans.
Getting offed at work by an irate fellow employee who has finally snapped is all part of the plan made up by that big underwriter in the sky.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
"In a study of corporate fraud and pension raiding scams, all the offenders were middle-aged white men who played golf." Nasty piece of work, these middle-aged golf-playing white men -- let's throw them all in jail to be on the safe side.
Unlimited growth == Cancer.
I'm fighting a bad case of the giggles right now. :-)0
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
And they say slashdot's a waste of time...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
1) Don't hire whacked out people with a bad mental health or violence record for a sensitive position. These things are easy to check up on your know.
-and-
2) Don't be such a shitty company that your employees hate you.
You'll notice this is almost the same basic advice you'd give to someone on the dating scene to avoid messy breakups - don't date psychos, and don't treat the other person badly or there will be hell to pay later.
11*43+456^2
Yeah most people at my company need help every week getting into their own system, much less keeping me out.
Just make sure you don't make the doors *sigh* every time they open and close, please.
When I last got laid off my employer immediately cut off my e-mail and network access. The result was that I couldn't check in the latest version of my source code. Their loss.
Obviously if he's perpetrated something like this in the past it will show up, but the most rudimentary HR checks should have this show up as well. (either under investigation for a felony or a convicted felon)
What are you going to weed them out on, prior convictions in the last 10 years? For what sort of conviction? Is a drug offender going to sack the system? That's a big unknown. Someone convicted of extortion, more likely.
But like our finance gurus like to say - past performance is not a guarantee of future results.
You better watch out, there may be dogs about . .
What percentage of these people wore black trenchcoats, huh? And where's JonKatz when we need him?
My wife works for [insert biggest pharma company in the world here], and has for about 6 years. I used to work for them as well for 5-6 years myself. They were good when I was in, then things got "International", and I resigned quick before the walls started coming down.
In my wife's department (Cancer Biology), there are people who have been there for literally decades. They're so entrenched, they know every system, process, procedure ever made there. If you want to know an answer to some complicated question, these people will know it... and if they don't, they definately know who WILL know.
One person in particular had been there for 34 years, 11 months.. and they were going around looking for ways to "cut costs" in her department.
When you retire at 35-years or more into $PHARMA, you get a nice fat severance. Something like $100k/year for every year there + your stock earnings and benefits cashed out, which amounted to over $1M for this person. That's $100k * 35 + $1M (that's over $4.5M total to retire upon).
They fired him...
...30 days before his 35-year anniversary with the company. He got $60k total as a severance. They didn't want to have to pay out his retirement and severance, so they let him go 4 weeks before he would have earned it. If he had known, he probably could have used up 4 weeks of his vacation to eat up the time instead, but he never saw it coming. Nobody did.
... after putting in 35 years with the company .
This kind of stuff sickens me.
Make sure there's a witness to that offer or make it in writing. You'll really put glue in their gears when they try to sue you a month later because merely firing you didn't magically fix the company.
The survey went on to say that the remaining 18 percent of people 'exhibited unusual behavior in the workplace while carrying out their normal daily activities.
I'm surprised it wasn't 100 percent. Have these guys not looked in their IT room for a while? I've had bosses love to give tours into our server room, but they absolutely cringe when the tourees catch even a glimpse of us or even !gasp! want to talk to us. Seems they knew that "unusual behavior" was par for the course.
Yikes.
"The greatest obstacle to discovery is not ignorance - it is the illusion of knowledge." - Daniel Boorstin
One of the remaining 4% was Chloe O'Brian from '24'. And now that she knows how to use a machine gun, nobody dare fire her!
You must think in Russian.
I was acting normal - management was acting strangely... Walter do you have the firewall password? (No) Walter do you have the backup logs? (Yes) Walter can you come and meet for the SQL meeting? (I thought we had decided against SQL!!!)
Enough alarm bells yet? And nothing freaks them out worse than standing in front of the shredder for a week before the "meeting" and gleefully shredding useless documents.
The quick brown fox jumped over the lazy dogs back 123456789
if you're going to fire someone (particularly company geeks who have the motive, means and access to inflict pain on your computer systems) make double sure you cut off their e-mail and network access at the same time you hand them their walking papers.'
wow, not sure what to say about this nugget of obviousness. other than.
DUH
At a previous job, I was the only tech staff member who knew how to clear the transaction logs on MS SQL Server. It's not hard to do, but the network admin couldn't even be bothered to do backups more than once or twice a year, which was part of the SQL Transaction log problem.
When users started getting "transaction log is full" errors and they turned to me to have it fixed.
Once the error occurred while I was on vacation, and the server remained down for three days and a weekend until I got back. I was accused of hacking the system. I pointed out that I was in the Middle of New Mexico at the time, about a mile underground. Accusations of setting up a logic bomb (Not the phrases they used, but I'll skip the 20 minutes they needed to describe the concept) flew around for a while.
In the end, the company owner grudgingly admitted that it was probably a maintenance issue, and them reprimanded me for not "trunting the trees" before I left on vacation.
So for the remainder of my time there I just made sure to do a full backup and shrink the transaction logs every Friday. Automated backups were not an option, as there was never enough drive space for more than one or two backups, so I had to move the old ones to a USB 1.1 drive first.
And no, system level automation of such rudimentary tasks was not an option. Don't ask. It's a whole other story.
So I had no reason to hack the system. All I had to do was leave. Of course I documented everything, but I knew no one would bother reading any of it. This is the company that described programmers as "Glorified Typists."
I made sure to not even visit their web site after I quit.
I did however have social contact with a few of the non-it staff members. Seems there were a slew of problems with the servers, specifically with a cryptic error about a transaction log that no one in the company could understand.
In the end they paid a consulting firm to come in and fix the problem, which I'm assuming meant finally automating the backup process and transaction log shrinking.
"Live Free or Die." Don't like it? Then keep out of the USA
I wouldn't consider "laying somebody off" much different from when they quit for their own reasons. Currently, I am leaving my employer for one in a bigger city. I've given my notice, and am hanging on for a little over 3 weeks. As I'm the primary tech and they'll probably need work from me for awhile after, I'd expect that the SSH passwords etc won't be changed when I leave.
Now if I were laid off, same thing. Quite often a layoff is due to financial reasons or suffering from cutbacks. Your boss may want to keep you, your co-workers may love you, but they just can't afford you. I've been laid off and I still keep contact and good relations with my old employer. Heck, if they need me in the future and I've been laid off I'll still be happy to supply expertise (at a cost, of course).
Now the last issue is firing. If we fired somebody , it means they've either been caught doing something very bad (likely repeatedly depending on severity), or generally were jerks in the workplace. In some cases of course it also might be something beyond their control, or a personality conflict with management. Regardless or reason, a firing generally involves bitterness, and anyone being fired should generally involve extra precaution. Once they're gone, they have no access to the system. That's it, done, gone. If I were fired, I wouldn't be inclined to hack my former employer (that just invites problems) but any future calls for assistance etc - likely inevitable - would be met with a resounding hangup.
What i'll point out below is not in any way meant as an guideline to criminal behaviour. It is meant to point out why I believe the Problem is not covered at all by the Study. The Study seems to concentrate on "stupid" former Emploeyes, whom I suppose to have no knowlegde about logging mechanisms or Fantasy. I believe that sabotage happens much more often than it is pointed out, because not all System Admins are stupid and not all Employers which to contact the police. The Point is: anybody sitting at a crucial infromation infrastructure Position is dangerous if you bring him up against you. It might be the your Secretary, the internal revision, the phone lady.
Taken into Account all the legal possibilities.....
0) It is very very very stupid to take revenge in any professional Relationship!
1) It is stupid to chrash the System which you maintained. You are the first suspect.
2) It is stupid to do anything which can be identified as "intention". It would be much more intelligent to construct a "logical bomb" not as a program but plainly by misocnfiguring a partt of the system in a way which COULD have been a non-intended mistake. I will not post any Ideas for that here, but the better Administrators will find a way. Luckily an "better" Administrator is usually intelligent enough not to do so!
3) If you are medium stupid and want to harm them and not do something like 2) just post system internals to an hacker mailing list in Russia.
4) If you are lighly stupid and really want to harm them, just give all the software Companies of which your former Employer runs "not fully licensed" software and hint about that.
5) If you are nearly not stupid and really, really want to harm them, leak Information to the Administration about everything you know how personal data is handled there in a wrong way (e.g. Hospital doctors taking data of the patients to private computers at home using floppy disks) or systematic violation of a certified toolchain (like "Programmers regularly use this small perl script to do something with the code" in an automotive supplier company.....- hmm this where just examples!).
Long story short: it is much better to take revenge (if wanted) legally than illegally.....
There are many cron jobs, but at our little patch of heaven we always talked in hushed tones about "THE CRON JOB". This was the blood curdling revenge that would be automatically be invoked for an unhappy firing.
...Oh... by the way Bob...you should log on to ADMIN123 and delete foo.sh....before midnight Friday."
Cancel passwords, take computers away, have security guards escort us out; it doesn't matter. THE CRON JOB will still wreak its heinous vengeance!!
Of course, if they treat you decently when you go you can always warn them. Like - "The severance check just cleared at the bank and
None of them can see the clouds; The polished wings don't care.
Here's a really old chart with real statistics. It says that going to work is way more dangerous than flying in airplanes OR crashing your car.
I think it's quite clear that we're not talking about people who exhibit rational behavior. If you can break into your former employer, then you didn't do your job. I remember a company I worked for that had this kind of system administrator.
One day we were working on a project for a client that his previous employer had done work for. He showed us the back door that he had created on their system so that he could log in with no record. We didn't take advantage of his little hack and it was, to say the least, a bit disconcerting.
This same sysadmin was canned a few months later. Why? Because he'd been spinning backups the whole time without verifying that they worked. One day he decided to move some filesystems around. He deleted the files, expecting to pull them off backup. Of course, as it turns out, he hadn't backed up a byte of data in the last 3-4 months.
Woops.
Well thats good enough reason for me to go to my boss for medical leave. Especially since I walk to work each day.
I mod down so you can mod up. Your welcome.
I was laid off three years ago. But in my case it was a few months after they tried to set me up for termination on the grounds that I had single handedly endangered the success of the project.
The termination didn't work becuase I came back with eight pages of rebuttal that cited specific meetings where insanely stupid decisions had been made by management with dates, times and direct quotes from those involved. I also let them know that the examples I gave were just the tip of the iceberg from my documentation.
In the end they used down sizing as an excuse to lay me off, along with another employee who had just returned from long term disability.
I didn't sabotage them, but I surely could have. Face it, there are a million ways to screw up your job that could be chalked up to neglegent oversight. And that, I'm sure, is very common among those who feel the need for revenge.
When I was laid off it was obvious they were afraid of any "scenes" so they just wanted me to walk out. They offered to pack my stuff up for me and I could come back later to pick it up, "oh and I believe you have a pager and an ID of ours..." My reply to that last was, "No thanks, I'll pack my stuff up now and take it with me." Meaning you'll get your stuff right after I get mine. Considering the run around I got getting my last paycheck, I can imagine what would have happened with all my property.
What was my immediate thought when they said I was being laid off? "Oh thank god! I don't have to come back here any more!" I was already getting another job anyway, so I got a six week paid vacation. And since no one ever bothered to learn how to work the complex conversion programs I had written (input six different kludged up systems into one new kludged up system), the project did fail. I'm sure they told the client it was all my fault.
There's an enormous correlation to hiring males as well. Not only that, but look to the general census figures of prior convictions; I'd be surprised if you have much deviation from societial norms.
You better watch out, there may be dogs about . .
Here in Colorado Springs, it may take quite a while before you piss off everyone but there are some ways to accomplish the feat much more quickly such as a lawsuit against your former employer.
When I first moved to Colorado Springs, I worked for MCI as a contractor. My MCI manager was such an asshat that I got let go after 9 months. When I was looking for other jobs, the prospects seem good and then suddenly vanished not knowing he was badmouthing me. I called his house and decided to inquire on what kind of reference he will give me. He mentioned that I did not deserve a decent reference since I didn't fit into their culture and then he warned me that I was not to use anyone for a reference except for him and on top of that, he told me that he would personally see to it that I would not be able to get another job in town.
The thought crossed my mind of a lawsuit but however, that definitely causes you to get blacklisted beyond the geographical area you are in. I ignored his warning about not using anyone else for a reference and got another job within several weeks. He has been working in a different city for the last 6 years as nothing else but an Executive VP of a major financial company - Wachovia. To this day, I will not use him as a reference.
Recently, working in DoD, there was a person who was fired by the prime contractor. The company I work for is a sub to the prime. This person was caught many times getting into phone sex at a local Air Force Base during the day. He got fired from our company in California a few years back before he moved to Colorado Springs to work for the prime. He showed up one day and was met by one of the managers and company security and was given a box, packed his stuff and was escorted to his car. The manager and security person scraped his AFB stickers off his car/confiscated his badges and when he left, they drove behind him until he was off the base. This person now has a lawsuit filed against the company plus the two people who escorted him out. He had a decent chance to get a different job but that will be gone.
People learn from the feedback they get when they do something wrong (that is why people they react aggresively when rejected/denied learn a lot less: people just don't give feedback to them).
You think it was something he really did wrong, yet when you had the chance to tell that to him, you did ignore him. Even if they are evil PHB types, they still need a way to learn. Would you feel any pity for the next people that get to work with him?
I agree though that treating you emplyees bad will surely backfire. It just depends how hard.
This space is intentionally staring blankly at you
from http://en.wikipedia.org/wiki/Syllogism
A metaphor, in contrast, resembles a form of syllogism called affirming the consequent, which is a logical fallacy:
Grass (B) dies (A).
Men (C's) die (A).
Men (C's) are grass (B).
Anybody in a sysadmin position should know that they have the keys to the company, and because of that, the company has to be very careful about how they release you. As an IT Professional, I absolutely expect the following if I am terminated by the company:
1) While I'm in the meeting, all my access is cut off. I give them my key card to enter the building, and any keys I have to company assets.
2) I receive a check from them for the work I've completed, plus any vacation time left.
3) I am escorted to my desk, my system is already logged out - any personal data or information on my system is my responsibility, they don't need to give it back to me, but it would be courteous for them to offer to burn me a CD or DVD of my stuff. I am allowed to pack any personal books/photos/etc. into a box and
4) I am walked to the door by someone who is responsible to make sure that I actually leave the premesis.
This is in the event of a BAD termination. I expect a few more courteous steps if I quit or am laid off for financial reasons.
Any IT professional should expect this type of treatment. It is not discourteous, it is professional and appropriate. People who get their feathers ruffled because of this type of thing should check their egos...
man rtfm
I lived this one out, years ago.... The beauty of it for many large companies today is, there's this expectation of meeting various quality standards (ISO compliance, etc. etc.) - and your employer can use that as a convenient excuse for why he/she is demanding that you "Document, document, document!" everything that you do.
Sure, these standards rules might dictate that "every procedure you do needs to be documented somewhere" - but where do you draw the line? If all your job really required was following a set of written instructions for each situation that occurred, the only job qualifications H.R. should ever need to look for are people who can read and follow a set of directions.
The stark reality is, they want you documenting your work primarily so they have free training materials handy for your replacement. Other than that, the only sensible documentation they SHOULD have you doing is taking notes for YOURSELF, so you don't have to keep looking the same thing up over and over, if you need to refer back to it for future troubleshooting.
I wonder how many of these 'sabotages' are just a result of ex-coworkers blaming the guy who just left because he makes an easy scapegoat?
A few jobs back, the policy was that once an employee left their homedir was vapourised. The guy who was being promoted to my old position knew I logged in as myself and 'root'. He decided that meant both homedirs needed to go. root's homedir is /.
Needless to say, I got a very angry phone call from my ex-boss accusing me of all sorts of things. Thankfully I had a couple of friends that stuck up for me, and managed to convince him of what had *really* happened.
ah yes, conan the librarian...
Background checks will not catch first-time offenders. If they're really good, the first time will be all they need.
---
The parent poster is describing one extreme.... and IMHO, your post describes the opposite one.
I've been working in computers and I.T. for 15 years, in the midwest, and I'd have to say the overall picture isn't that great - nor is it a case of "the sky is falling!".
What I definitely *do* agree with the parent poster on is that management types enjoy a certain level of what I'd call "automatic employment" that the rest of us "techies" don't get.
As one example. a good friend of mine works for a mid-sized company in the news and stock-market business (won't name any names here). I've hung out with his immediate boss, and a few of his other co-worker friends, and they've all suggested from time to time that I really need to "come work for them". Reality has been different, however. On two seperate occasions now, I've followed the procedures the company requires (putting my resume and info on their web site for H.R., etc.) when they had openings available. Both times, my friends also made sure to talk to the hiring manager about me, highly recommend me, and left copies of my resume on their desk.
In both cases, all of this was ignored (despite the manager assuring my friends that "he'd give it a look"). Instead, friends of the respective hiring managers were hired for the jobs (and word is, they weren't very good fits for those positions either!).
Meanwhile, I met another woman who worked for this firm, except she was a middle-level manager. She proceeded to tell me how it was a great job with good pay/benefits, and she got it purely based on submitting her resume/application - not knowing anyone there ahead of time. I find this is quite common for management types.... They look out for each other and will hire them based on actually having a decent-looking resume and references. For the other stuff, it's much more "who you know" than "what you know".
"Part of that "unusual behavior" was no doubt a result of the employee trying to hit "alt-tab" fast enough to hide their screen when the boss walks by."
My boss is constantly giving me crap for alt-tabbing when he walks by, only in my case it usually because I'm trying to hide gmail or slash- [alt+tab]
. . . session timeout.
Just look at code and comments, and how often they don't match up after a lot of heavy editing ...
I'm not saying something as obvious as
Leave stuff like that hanging around, either with SOMEONE ELSE's NAME on it, or titled BOfH Systems Manual for DummiesWe had a guy do this at a previous company with some "dated" code. I don't remember exactly how he did it, but he had altered the main SQL Query form to say, "If the date is past 10/10/96, do mass delete *" or something. It would have worked, but sadly, you had to have the admin account signed in to do any delete of certain main tables. The first time it went off, it was someone who wasn't signed on with an admin account, and she got some modal that said, "You must have admin access to do this function." So she reported it, and her manager smelled something fishy, so she at first suspected the database had been hacked. While checking the main code, someone stumbled across it. It was part of a malformed winsock call that forced the form to try and call another query that no one had ever seen before. It was then they figured out what had happened.
If anyone had tried to go, "Oh, I'll sign in as the admin and see if I get the same error..." they would have wiped out over several million records of all our customers. Sure, the databases were backed up, but to restore that would have been a real pain in the ass.
Everyone knew it had to be a certain former employee who was laid off several months earlier, but since there was no CVS in place, they couldn't prove that someone else didn't do it.
Any IT professional should expect this type of treatment. It is not discourteous, it is professional and appropriate. People who get their feathers ruffled because of this type of thing should check their egos.
Since when is expecting courtesy having an ego?
Sure, if somebody threatens a coworker they should be escorted out by armed guards. Everybody expects that, and it is should be done for the safety of everybody else if for no other reason.
Otherwise, treating employees as if you don't trust them tells them that you don't trust them. It speaks volumes.
"Professional" does not mean impersonal, or treating employees as if they are nothing more than capital.
The funny thing is that companies could accomplish most of the security-related goals without destroying the morale of everybody who is left. How about this scenario:
1. Employee is called to his boss's office.
2. Boss explains that he has to be let go. Boss has HR present, but HR is presented as being present in case employee has questions, and generally lets the boss (who has a personal relationship) do the talking.
3. Boss takes employee back to desk for "emotional support" and to help him with anything he needs to carry out. Rest of group gets to say goodbye. It is a sad day, but there is some sense of closure. Everybody gets to say goodbye.
4. Atmosphere is designed to communicate that employee is not persona-non-grata, and that his coworkers shoud feel free to pass on job openings, and generally feel free to maintain contact. Boss can be a part of this as well.
5. Employee is walked to the gate, and helped with boxes to the car by boss for emotional support.
6. Boss tells employee to call him if he needs anything before waving goodbye.
The employee has been supervised the whole time, and doesn't have an opportunity to cause mischeif. Yet, the entire time he is treated personably, and would be somewhat inclined to accept an offer to rejoin the company.
Companies often underestimate the impacts that terminations have on the people who remain behind. Seeing their coworkers treated with dignity will go a long way towards discouraging people from jumping off the sinking ship.
Nobody expects to have free reign inside a company they have just been terminated from. On the other hand, you can at least be nice about it...
What is with the mods that mod down attempts at humour?
emt 377 emt 4
is not from hacking. Remember what happened when they didnt give Milton his paycheck? ALso, don't take their staplers away!
in vita non pacem est
There is no peace in life?
My other first post is car post.
Such is life, moron.
I thought this was standard practice already, no need to tell everyone to treat us like shit.
Go hug some trees.
Yeah well, tell this guy that!
I occasionally teach sysadmin and related topics. One concept I try to impart is "the finger". It's not the finger that flies like a bird, but the finger that points: if you have root, webmaster, Administrator, DBA, or any other privileged (or otherwise) access to systems, then when something happens, the finger that points eventually swings around to you.
I've left a number of organizations under a number of circumstances. In all cases, I document systems to which I have access, the accounts, and request either passwords be changed or accounts disabled. In some informal arrangements, I've taken the step of removing myself from privileged groups (eg: sudo files) and scrambling my passwords (long random sequences, changed and forgotten).
Where affiliated organizations offered systems access, I'll notify the third party, copied my former manager, that access be denied.
I don't want the shadow of a doubt shading me, and I want to make clear that any and all accesss modifications are the responsibility of the organization.
Yagu, it sounds like you got BELLed
Like, "Huh, Dude?"
Sorry, correct link:
http://ash.anu.edu.au/tmp/unlucky.mpeg
I do, however, keep it strictly objective. "Check out case #2337272 at the Fairfax County courthouse for all the information you'll ever need." is a particular favorite technique of mine.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Also, for automated backups that don't take up obscene amounts of disk space, check out rsnapshot. I've got about a gig worth of stuff that gets backed up. I have 7 daily, 4 weekly, and 3 monthly snapshots of that gig worth of data. But it consumes only 2.3G of disk space. Behold the magic of hard links:
Seriously. rsnapshot kicks ass."Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Such is life. But the guy had it coming.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Reggie should have been fired long ago.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Regarding rsnapshot, it's written in perl, so it might have gotten in under the radar. :) But it does use rsync, so then again, you probably would have been screwed.
Ahh well. I'm just glad to know that my mysql log is not going to fill up on me and destroy my mythtv box or something. That would be sad.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
And you're putting words in my mouth regarding execs, so I won't even bother responding to that. I never said it, you did.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
... in my company there's a major outsourcing program underway: Dublin => Bangalore. (That's Ireland, btw, not any of the 8 in the USA.). It affects a department I used to work in before promotion.
I mean, how would the good people in Bangalore gain the knowledge they need to take our jobs, if we didn't train them first? The guys here have known they were losing their jobs for 6 months now, and have been hosting numerous visitors from Karnataka and giving them personal training on their new jobs. If the folks here were given the "marching orders" treatment, the whole support structure would fall down.
There's a price for such good behaviour of course... the people involved received extra cash to stay on till the end, and are getting a very decent redundancy package, plus plenty of time to decide their next moves.
(this is not a
Fortunately, I've only run into this once in my career. A rather small company with an IT department of 1. After I was dumped during a "right sizing" -- went for lunch and was met at the door when I returned by a rent-a-cop who refused to let me in the building but was willing to have a fellow worker supervised while she cleaned out my desk -- the company ran into problems with damn near everything computer related. The kicker was the same HR twit who dumped me calling me at my new job and giving me the chance to repair the "sabotage" I had done or he was calling the police. A couple of hours after I suggested what he could do with his offer and gone home, there came a knock on my apartment door and there were the police. The twit had gone ahead and filed charges over my "sabotage" before leaving the company. After a couple of weeks and getting lawyers involved, charges were dropped. The prosecutor agreed with my lawyer that the fact that most of the documentation for the corporate network existed in two places -- my head and on my corporate desktop which had been wiped by the paper MCSE who was hired to replace me did not constitute deliberate sabotage and I was not responsible for his general incompetence. My belief that I was under no obligation to do anything about the situation after being fired whether for free or as a paid consultant was not a criminal act. And, yes, they ended up paying quite well for this little episode to be settled out of court.
Well, the absurd, the controversial and the unprovable have become the staple of many an internet journalist. I exibit much of this behavior, try to do programming for very long, and honest or not, disgruntled or not, harmless or dangerous, programming can be supremely frustrating and frustration leads to rage and rage leads to the dork side - aka unusual behavior. So, I guess if unusual behavior were the thermometor to detecting a person on the brink of doing somthing foolish and pointlessly harmful, than I guess almost all of us would be locked away. Thing is, looney or not, few who work in a place for very long without making friends, and fact is, no matter how unusual we get, the idea of doing harm this kind of thing is a thing and indirectly hurting co-workers who are also friends, is anathema and sickening to think about. Rather than unusual behavior, maybe they should look to those who are the loners. It's loners who might snap, the rest of us care too much about or fellow workers to do them harm, and care too much about the success of the company, and are too much into the team play of working together to make the company work to even think of doing this kind of thing. PS: We are all losing our jobs at the end of the month, but I have no desire, to harm those closing us down. It was a nice 9 year spate of employment, and despite my impending unemployment at the end of the month, I still feel a certain level of gratefulness that I had the opportunity to work among some of the nices, and best folks I could ever hope to be around. I'm not threatened by reading this kind of thing, most bosses with half a brain would take this statistic with a huge grain of salt the size of montana. Sign me - not a loner.
www.Migrainesoft.com - Computer giving you a headache? We can fix that!