Slashdot Mirror
Fate of Terry Childs Now In Jury's Hands
snydeq writes "Closing arguments concluded Monday in the city of San Francisco's case against Terry Childs, the network administrator charged with violating California hacking laws by refusing to hand over network passwords for the city's FiberWAN during a 12-day period in 2008. Childs was charged in July 2008 and has been held on $5 million bail ever since. The highly technical trial, which featured testimony from San Francisco Mayor Gavin Newsom and Cisco Chief Security Officer John Stewart, has dragged on for nearly six months. By Monday, five of the 18 jurors and alternates selected for the trial had dropped out, and the remaining jurors seemed relieved to see the arguments wrap up as they left the courtroom Monday afternoon. They will return Tuesday to start their deliberations. Childs faces five years in prison if he is convicted for disrupting service to the city's computer system by withholding administrative passwords — a verdict that, if rendered, puts all IT admins in danger."
They didn't "allow this person to get complete control of essentially EVERYTHING", they paid him to do it and not tell anyone the password except the mayor.
Technically, he should get a bonus instead of boned
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
> No, I haven't read the links or anything else. But it needs to be said.
Yes, ignorance always leads to well-reason opinions.
No he didn't.
--- "When you gotta do something wrong. You gotta do it right. (Fighter)"
Has the decision come down yet?
If the answer is "no" then you are wrong.
Actually, he didn't. At least, until the jury decides otherwise...
...before posting. The frenzy's already started. People - there's a long story here. Do not rely on this summary to tell you the details. Don't litter the thread with inane "he broke the law and should pay" comments. Your fellow non-readers in-spirit have done so on a minimum of twenty prior threads on this issue.
Please, please learn the backstory before commenting. Think of the children. Plus, some readers are getting on in years (35+). They can't handle the spiking blood pressure.
The fact that the case has dragged on this long and that some of the charges have already been dropped seem to highlight the fact that there is some doubt as to whether or not he actually broke the law.
The written policy was that he only gave the passwords to the mayor in a secure setting.
People besides the mayor tried to get the passwords.
The mayor tried to get the passwords in a non-secure setting.
They grossly over-reacted and were probably trying to violate their own written policies.
If they can force you to violate policies or go to jail for up to 5 years, then you don't want to be in that job since the penalty for violating written policies may be just as draconian.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
The city of San Fran was luck to get someone that has a backbone and some moral fiber. He was protecting the citizens of the city against complete IT ignoramuses who happened to hold positions of authority and leadership. If they were even a quarter as competent as him, his actions would have posed no threats what so ever.
The situation is kind of like you closing the front door of your apartment and the landlord can't figure out how to turn the door knob. Why did you close the front door? Cause the landlord wants to store your neighbors' valuables with the door open for all to see. So now the landlord sues you for holding the house and its contents hostage! Oh and btw, if anything gets stolen, its your fault! _You_ should have closed and locked the door!
YES, the case is really that stupid!
Mod parent down. His job was to keep the network secure, and the people demanding the passwords didn't have a right to know them. He told the mayor instead.
This is, of course, after they fired him without demanding the passwords first.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
It's true! Hence why flat earth theory, a geocentric universe, phlogiston theory, and about 90% of the stuff Aristotle wrote about medicine have all retained their relevancy and veracity after all of these years.
What 12 guys in a room decide they collectively think happened has no bearing whatsoever on what actually happened.
Go green: turn off your refrigerator.
Pity he doesn't have a jury of his peers, so he's basically gonna get crucified by joe & jane blow citizen (good citizens who convict evil hackers like the prosecution wants).
Troll? Seriously? Has to be the worse troll.. mod... ever!
Troll would be for some purposely offensive post designed to provoke a flame war, not a straight-forward opinion like this.
Seriously, I've seen several of these weird "troll" mods lately on slashdot. They usually get undone within a few hours too.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
"He was an employee and this was the city's property and he refused to give up the passwords. Sweet Zombie Jesus"
The city's property? Who the hell is "The city"? Did "The city" appeared and he refused to give the passwords to him (or is it her?)? Or are you implying that since it was "the city's property" he should give the passwords to any citizen that would happen to ask for? Because as soon as he was asked for the passwords by the proper person (the major) at the proper environment (face to face with him without unknown people at sight) he indeed promptly passed them out.
"then IT Managers will be able to hold sway with the passwords."
You can bet no IT Manager would tell the passwords to the janitor no matter how much "the company's janitor" it is.
That's this non-jurors verdict.
Regards,
Jason C. Wells
Are any actual facts in dispute? This seems to be purely a matter of law. Are 12 undereducated laymen really the right venue for this?
A Pirate and a Puritan look the same on a balance sheet.
He essentially served a 2 year sentence regardless of whether or not he is found guilty? Awesome. I knew justice is blind, but I didn't realize that it was stupid too. What there wasn't a tracking anklet available? Really 2 years waiting in jail for a non-violent "crime"?
While I agree with you that the City was irresponsible in not taking precautions against this crime, it doesn't justify the act.
Childs essentially held the City IT hostage. I have little patience for this kind of crap, after firing a little BOFH for being a BOFH, and discovered that the little prick had set up a chron job that regularly checked for the presence of his account in the userid list, and if missing, wiped the entire boot volume.
Fortunately I had the presence of mind to backup the entire volume before allowing the new IT guy to touch anything. The poor guy was only on the job for about half a day before the entire system went down, and for a while there he was sure that would be his only day on the job.
I can see the fnords!
You are not a real, proper IT geek until you've either been fired or quit over this sort of nonsense.
Securing systems from morons is just part of the job.
A Pirate and a Puritan look the same on a balance sheet.
Please give a reference for that.
No, that would be "flamebait".
Flamebait is a subset of troll. Trolls, according to the original interpretation (by my reckoning) are people who make disingenuously ignorant or incorrect posts in order to elicit corrective responses. Really, trolling is just making posts to get responses out of other people.
Good trolls make posts that seem like sincere opinions or sincere misunderstandings, but the entire point of the post is to get people to take you seriously. Hence it's sometimes very hard to determine if someone is trolling or not. This works best when the person doing the trolling is a known expert, so that people who are "in the know" can catch the joke.
People who post flamebait are trying to incite a flamewar, which is slightly different, and usually more obvious.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Demand a waiver from all employers..Maybe it takes things like this to get you all to organize. Otherwise live with the verdict if it goes badly.
For justice, we must go to Don Corleone
The city should be smacked upside the head for sure over this case, but not for the "reason" you mentioned - and while your smacking hand is still warm, smack yourself one for not reading "the links or anything else" and then commenting that "it needs to be said," and clearly not understanding Child's job (or seemingly much else about this case).
With your aptly demonstrated lightning fast reasoning and judgment skills, I think you'll go far in life my friend...
Have you ever considered politics?
But that isn't true. If the written security policy states that that person, even if it is -your boss- isn't to have the password. Then that person doesn't get the password, no matter how many times they ask. Written policies exist to lay down the foundation and rules.
I've been in similar situations back when I was working as a admin. We once had a executive VP demanding we give the password to a machine to someone not authorized to have it (And no, the VP did NOT have authorization or power to change that policy, he was NOT in charge of security). He threatened to fire us. We told him to go ahead, but that the only people who got the password were our replacements or other authorized individuals. He DID have the power to fire us. But that STILL didn't give him the power to demand that password, or that the security policy be changed.
Companies, and I'd imagine city governments too, have policies and chains of commands on all sorts of things. These things are usually written down somewhere so as to be enforceable. And THOSE are the things that matter. I don't remember ever working as a admin where my immediate supervisor had a root password to anything or his boss. But the good ones all knew that it wasn't their job to know those things, they paid me to keep those secure from people who asked. Even if that meant some pip-squeak with a highly placed friend.
It is real simple: Whoever owns the systems, and their designated agents, have a right to have access.
Yeah, say that with a straight face to the guy demanding the root password because he read "it was important", and you got a call last week from him asking you to change his desktop wallpaper because "it got stuck". IT admins not going in for that kind of non-sense is a compelling reason why large sections of the internet don't slide off the side of the planet in a dribble-like fashion.
This guy was responsible for critical public infrastructure -- infrastructure that kept working for months after they fired him. They broke it repeatedly after gaining access, and it took hundreds, if not thousands, of billable hours to repair the damage that happened when those owners and their "designated agents" got their hands around the gooey core of the network.
Justice is about harmony, not law and order.
#fuckbeta #iamslashdot #dicemustdie
It is real simple: Whoever owns the systems, and their designated agents, have a right to have access. If they ask you for access, give it to them. It's that simple.
It so simple, it sounds like that's exactly what Terry Childs did. He may have withheld access from a "designated agent" for a while, but he had no way of verifying exactly who the designated agents were. Would you suggest he just take their word for it?
Give me Classic Slashdot or give me death!
It's not as clear cut as that. From what I understand, we was operating under a specific protocol for release of the passwords, that excluded the possibility of him handing them over to his bosses at their request.
So what's more important -- following the established rules, or doing as your boss says? In a perfect world (not that we operate in one), the rules are more important than the individual. If the boss wanted the passwords directly handed over, then the boss should have gotten the rules changed to allow that.
Just because someone is your boss doesn't make you their slave. And if you believe your boss is doing something wrong, it is morally incorrect to do as you are told, even if you document your protests.
Although, it does seem likely the guy was being a jerkwad... that doesn't mean he was an incorrect jerkwad, or a jerkwad acting illegally.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Welcome to America. My 18 year old daughter is getting charged with a FELONY for kicking a door. She was trying to get the jammed door open to get back to her work area, the asshole federal building superintendent called up his asshole brother cop and he wrote it up. She did no damage to the door, they have no evidence, the cop was not even there. (Illinois it's a level 4 felony for doing damage under $500.00 to a federal building. $0.00 is under $500.00)
I'm paying $400.00 an hour to get this dropped because of raging Police and Court stupidity. The DA in that district is a idiot that thinks he needs to be "tough on crime". This should have been thrown away the second the officer turned it in, but new laws require them to pursue everything a cop turns in.
I personally have nothing but contempt for the joke that is our judicial and legal system.
Do not look at laser with remaining good eye.
His supervisors wanted the passwords.
The Mayor wanted the passwords - secure or not if the Mayor of the city you work for wants a password, you give it to them. I work in the public sector and while the head of the agency isn't my supervisor, if she asked for a password that she didn't need, I'd write it down for her.
http://www.cio.com.au/index.php?q=article/255165/sorting_facts_terry_childs_case&fp=&fpid=
"First, despite the many news reports claiming that Childs had shut down all or part of the city and county of San Francisco's network, what actually happened was that Childs refused to provide his superiors the passwords to the city's core FiberWAN network, effectively preventing them from administering the network."
"Following the completion of the FiberWAN, Childs looked upon his creation as art -- so much so that he applied and was granted a copyright for the network design as technical artistry. Skeptical of his colleagues' abilities, Childs became the sole administrator of the FiberWAN, and the only person with the passwords to the routers and switches that comprised the network. This state of affairs was widely known throughout DTIS, and Childs was the only point of contact for changes, troubleshooting, and overall management of this network."
I've looked around and around and see no references to this written policy, just that he'd only agree to give them to the Mayor in person.
Did he do half of what the City of San Francisco said he might do? Nope, but should he have given up the passwords to his damned supervisors? Yes.
This is what the City of San Francisco gets for letting a felon run their network.
"The possession of ammunition may have raised flags with the police, because 25 years ago, at the age of 17, Childs was arrested and convicted of aggravated burglary, and spent four years in a Kansas prison. In 1995, prosecutors said, Childs was again arrested in Kansas and charged with aggravated assault and carrying a concealed weapon. The case was reduced to misdemeanor weapons possession"
I think, what most lay people don't understand is that the rule: 'Don't give out passwords indiscriminately' is equivalent to the Hippocratic oath for some IT admins, particularly those in charge of large networks. If he just handed out passwords insecurely, that would cause more damage than Childs locking down the network for a brief duration. I'm inclined to believe that he was acting in the good faith of his job, particularly because he was willing to be arrested over being fired/becoming redundant. I seriously hope he's cleared, because he performed his job to the letter.
The people who demanded the passwords were Terry Child's supervisors.
Big man saves the day!
I have worked for small companies in the past where I was the sole administrator. My solution to this was to store a PGP encoded file on a shared drive with the passwords in it, locked with my asymmetric key and one with a random password. Either one would open it. I put the plaintext password in an envelope, sealed it, signed the envelope and had my boss sign it. The envelope got stored in the company safe and I could inspect it at will. If the seal was intact I knew I was the only one with the passwords and was still responsible for the system. If the seal was broken, it was agreed I did not have any responsibility for damage that might have been caused.
This gave my employers the confidence that they could recover from a disaster (hit by a bus, win the lottery, etc) and gave me the confidence that I didn't have to rule out assistance from well meaning but unskilled bosses when something broke.
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
The city of San Fran was luck to get someone that has a backbone and some moral fiber. He was protecting the citizens of the city against complete IT ignoramuses who happened to hold positions of authority and leadership. If they were even a quarter as competent as him, his actions would have posed no threats what so ever.
This has been discussed many times, and I regret to inform you that your argument does not hold water. While it's a nice story to imagine this 'geek hero' standing up against the system, it's an airbrushed, romanticized version of the truth. This dude was out of line, end of story. He decided to try to flex his muscles, and he got taught a very valuable lesson that many could learn from. It was not his place to determine who was "competent" enough for the information.
The situation is kind of like you closing the front door of your apartment and the landlord can't figure out how to turn the door knob. Why did you close the front door? Cause the landlord wants to store your neighbors' valuables with the door open for all to see. So now the landlord sues you for holding the house and its contents hostage! Oh and btw, if anything gets stolen, its your fault! _You_ should have closed and locked the door!
Worst (and most confusing) analogy EVER! That's really saying something on Slashdot. Although, to humor you, the landlord has a right to inspect his premises at any time, even if you're living in the apartment. Remember, the landlord owns the place, you're just paying him/her to borrow it. You've totally lost me when you go off about him "not being able to open the door" and "storing neighbors' valuables" though.
they are a far better choice than 12 college graduate lawyers that think they are educated but really know nothing about technology.
Honestly, I have met a lot of lawyers and they firmly believe they know everything because they went to a lot of college.
Do not look at laser with remaining good eye.
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
They ceased being his superiors they second they fired him, which was before they asked for the password, if I recall the other stories about this correctly
Who owns those systems? Not his boss -- the City does. And the City did not give his boss authority to get the passwords directly from him. The City established a set of rules for transferring the passwords, and his boss tried to circumvent those rules.
This guy's boss was not acting within the rules established for him to act as a proxy for the City (if we're going to follow your ownership logic). So who's acting responsibly... the guy who chose to follow the rules despite the risk of adverse personal impact? Or the guy who wanted to ride roughshod over the rules in the interest of expediency?
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
The City. Townsville. Where the Powerpuff girls live. You know.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So, if your boss said give me access to erase all the fraud I been doing, you are ok with that, cause the policy said so? Wait till shareholders get a bead on that and you end up in the same boat as this guy. That's pretty much what Fastow did in the Enron case.
Well, sort of - for various reasons, he refused to give up the passwords to his bosses because he decided (correctly or not, of course, is for the jury to decide) that the only person authorized to receive the passwords was Mayor Newsom. Now, I'll note that, if his interpretation was that the "city" owned the passwords, you could make the argument that, if that's the case, he could also interpret that as broadly as humanly possible and give everyone in San Francisco the passwords; after all, if the network is owned by the city, that means its *public* property, not just the private property of Mayor Newsom or select city employees. Realistically, he adopted a particularly narrow and self-serving interpretation of city policies to suit his own agenda, a point which the city is trying to make in court.
Ultimately, Childs is, at best, technically correct. It doesn't change the fact that he rules lawyered himself a rather convenient bit of job security, even if it proved to be temporary. This case won't put "all IT admins in danger" unless "all IT admins" work in places where there are no sane, documented policies regarding password handling and sharing and where ownership of IT equipment is rhetorically ambiguous.
And some of us are 55 +, with GOOD blood pressure, and we don't like the noobs comments who don't bother to get the full story either.
The GP has a valid point though. What if the admin got hit by a bus and died? The city would be in the exact same position. In my opinion that's just straight up bad management.
I don't believe in karma, I just call it like I see it.
Apparently you've never worked anywhere with a serious security policy. I've had a few jobs where I could only give my passwords to the security officer(in a sealed envelope, every time I changed them) or my replacement. Giving them to my immediate superior or his immediate superior would've gotten me canned or jailed, even if told I would be fired.
Indeed, not doing so once got me promoted to my boss's position after I reported it:)
The "city" is the City of San San Francisco, his employer.
The city's representatives, who wanted the passwords, are Jeana Pieralde, the head of security for San Francisco DTIS and the DTIS CIO, not the janitor or anyone off the street.
> his guy was responsible for critical public infrastructure -- infrastructure that kept working for months after they fired him.
But he wasn't responsible for it after he was terminated.
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
He did his job. He followed the letter of the law, and has already spent quite a bit of time in jail for doing his job properly. This is (once again) mental instability run wild. Just a week ago I heard of a terrible plane crash in which case nearly 100 senior government officials died when the leader of the country (who shall remain anonymous) perhaps (and we can only guess) ordered the pilot to land in dangerous situations. The now deceased leader had ordered pilots to do dangerous things before, and they refused before, only to lose their job and reputation and face the wrath of the state. This one obeyed and nearly 100 died (including the pilot). Getting back to this case, the mayor clearly overstepped his bounds, and did not follow his own rules. If it were an airplane instead of a computer network, many could have died. There are rules in place to protect all parties. Its when ass-hat administrators over step their bounds of authority and common sense, that disasters occur. Its one thing to be voted in, but being voted in doesn't mean that they are suddenly experts in everything. There are technical things in this world that require technical expertise. Ignoring that fact can cause royal disasters like this. Why this guy has spent so much time in jail is absurd. My wish is that the city lose its entire IT staff, and that they get HaXored till there is little left to protect (and then all the elected officials lose their jobs and face equal jail time).
From what I am reading --
Article only states he refused to hand out the network admin passwords to a room and speakerphone full of people he felt were unqualified. There was no mention of who exactly wanted the passwords -- or if a follow-up attempt by 'a superior' was made while not on speakerphone. If he is in trouble for JUST the refusal to give the password out on speakerphone and in a room with a dozen people, I'd give him a pat on the back and a bonus for proper IT security.
When I was an IT assistant at a high school, I'd pull the same stunt if my boss (or the principle) asked me on speakerphone to give out the local admin passwords on the computers to a dozen people (Staff, teachers)...
Just like Terry (If i read correctly)... I'd be protecting the computers and the network security by withholding the admin passwords from people unqualified to have admin access without admin intelligence in the field (i.e. not sticky-noting the local computer password to the monitor on the computer for kids to see)
Already was hard enough keeping kids from installing kazaa and other security hazards without admin rights... give out the admin password to a dozen non-IT security-unaware people? yeah right....
One of terry's listeners probably would have put the admin password on a stickynote to his work and home computers..
No I'm not.
--- "When you gotta do something wrong. You gotta do it right. (Fighter)"
Being judged by twelve random people is as close to 'objective' as possible. I can only imagine the systemic biases that would arise from 'professional' juries, or 'expert technical' juries. Would you want a FOSS defendant judged by a jury from MS or Apple? Vice versa? Or as you seem to allude to, a world of bench rulings like the dark ages? Or a world where lawyers bid for the good opinion of a jury comprised of other lawyers? Disgusting. I'm immensely glad to have the right to be judged by average people, not because I harbor any romantic notion of them (they tend to be dolts), but because the alternatives are far worse.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
In case you haven't noticed, the principle of "innocent until proven guilty" is still in force. That means that until and unless the jury finds him guilty he is to be considered innocent.
Good, inexpensive web hosting
we know what we must do, right?
never a better time....
If you know your boss is doing fraud, but didn't say anything about it.. either you're IN on it, or you should have already called the Feds.
PS: That's what backups are for.
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
No, you have it wrong... He was not a jerkwad that refused to give his poss the password......
HE HAD NO BOSS.
They already fired him! This is such a big point.
Then they realized that they were idiots who had only one person working on the entire network... And no one else knew the first thing about it.
That was the superiors fault, not his.
THEN they asked this guy, who worked his butt off on the network only to be fired by a 'superior' who doesn't know a network from a CPU, who already tried to get him fired without cause 'because he is a quite type who does not fit in'.
"Um, hey, yea, you don't work for us anymore, and even though I don't actually know what your job was I decided you don't know how to do it...
And even though it would actually be breaking our own rules and possibly the law.... Um yea' will you give a room full of unauthorized people and a open conference call your admin passwords to the entire city wide network?"...
THEN they arrest you? Then they say that because he could VPN from home when he got calls in the middle of the night he was 'hacking'.. Etc.
Read up on the case.
If I get fired I won't screw anything up, but I sure as shit am not giving my 'superior' one more second of my time. I have no legal responsibility to do or say anything my 'superior' wants... Even if he is the butt buddy of some cops and DA's.
I think, what most lay people don't understand is that the rule: 'Don't give out passwords indiscriminately' is equivalent to the Hippocratic oath for some IT admins, particularly those in charge of large networks. If he just handed out passwords insecurely, that would cause more damage than Childs locking down the network for a brief duration. I'm inclined to believe that he was acting in the good faith of his job, particularly because he was willing to be arrested over being fired/becoming redundant. I seriously hope he's cleared, because he performed his job to the letter.
You could always give those passwords to me and I'll be happy to hand them out to the proper people ;-)
Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
Just that simple, huh? So let's say the Dean for Admissions demands you give him the organization-wide root or domain admin password. Will you? What if it's the dean for admissions, two members of the board of trustees, the chief of campus police, and a computer lab tech from the biology department, and all want you to give the password to the lab tech?
If the policy states you shall not give the password to anybody but the CIO, and all of these "designated agents" come to you and demand the password... are you going to give it to them?
Let's say you quit your job, and three days afterward they call you asking for the passwords. How do you know if the policy changed? Maybe the CIO was fired. How do you know these are still the "designated agents"?
These are the types of problems that arrise from this prosecution. The law gives organizational policy the force of law, without realizing its limitations. So before you tell us to "shut up", you might want to think about the ramifications of that first.
Yes, ignorance always leads to well-reason opinions.
This is /., so your sarcastic comment would be correct.
Except that the contract of Childs said that he was not allowed to tell anyone but the mayor. They were asking him over a teleconference, where he didn't know who was on the other side (except that the mayor was not). He was thinking that he would be liable if he did give over the password.
At least, not anymore. And he refused to hand the passwords over to those who were. Consider what a finding in favour of Childs would mean; any admin upset about termination could hold on to their passwords out of spite.
The city does have some culpability. They should have ensured at least one other person had the passwords, in case Childs was hit by a bus.
The No True Scotsman would like a word with you and your "real, proper IT geek". I'll warn you in advance - it involves kilts, commando-style, and bagpipes.
A vote for me is a vote for...hey, who the hell are you, you suspicious looking person? Security, I don't like the looks of this guy. Get his information and prepare him for deportation. ;-P
Sent from your iPad.
It's funny that you think you're safe because of policy. As another has already said better, so did he.
Oh, but that won't happen to anybody else, right?
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
The people who demanded the passwords were Terry Child's supervisors.
Not if he had already been fired.
In a pure legal sense yes... but you are still free to your own opinions.
OJ Simpson was found not guilty of double homicide... a sizeable number of people out there firmly believe that he did in fact commit the acts he was accused to. Should we be punished because we do not agree with the jury?
Help Brendan pay off his student loans
What I don't quite understand is how Childs was hired by The City to begin with given his criminal past.
http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case?pp=2&fp=&fpid=
Sure, he was convicted of burglary when he was only 17, so I'm not sure if he was classified as a juvenile under Kansas law. He was then charged with misdemeanor weapons possession years later.
The guy did his time, so I'm not holding anything against him peronsally....I just find it surprising that a government agency would hire someone with that kind of record.
If you post as Anonymous Coward, don't expect a reply.
Just for him, or for every disgruntled former employee who's petulantly holding on to city property?
It's a half-right half-wrong situation. What happens if he gets hit by a car, and no one has the passwords? Bad news, lots of wasted time and money. But giving the passwords up to an idiot supervisor just because they asked? Bad idea as well. This isn't the military, just having someone be your superior does not necessarily give them the right to your keys.
given that he was already fired, I would say the rules are more important that the boss. The rules are usually binding even after you are fired.
It does sound like he went about it the wrong way and that probably had a lot to do with him having a chip on his shoulder. If his boss had asked and he had said "Im sorry, but your own policy dictates that I give these passwords only to the mayor under these circumstances" then this probably would have been cleared up that day. I'm sure he was more of an ass about it... probably because he was pissed about loosing his job. But if he followed the policy to the letter it really doesn't matter if he is a total dick.
God knows some real sociopaths have gone free because they didn't violate the letter of the law.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
while the analogy sucked massively, you didn't do all that much better. a landlord does not have the right to inspect the premises at any time, renters have a right to privacy just like homeowners. Specifics vary from state to state, but I don't know of a single state in the US that allows a landlord to indiscriminately enter a rented apartment without notice.
http://real-estate-law.freeadvice.com/landlord_tenant/security_deposit_privacy.htm
The dumber the jurors, the more it comes down to who can afford the best lawyer.
Go green: turn off your refrigerator.
Actually your landlord argument varies by area and contract.
In my experience, with apartments, the management is generally allowed to come inspect as needed. They frequently are checking smoke detectors, leaks from other units, etc. They run into, for example, situations where a leaking pipe in an upper unit causes water damage in a lower unit.
With homes, it's less common for the open access verbage to exist. The more you spend on a rental home, the better (generally) the verbage is for your privacy.
To extend this, the police interviewed my ex-mother-in-law regarding someone who was renting a room. They *wanted* to go into his space, but were legally obliged not to because he had leased that space. She couldn't even legally enter it. Even with her permission, they couldn't go into the room. A little later (like a couple hours), they did secure the proper warrants, and returned. They politely asked to gain access to the room because they did have the proper paperwork.
Serious? Seriousness is well above my pay grade.
Anything can happen in a jury trial, but it's hard to believe that Child's will lose this thing. The district attorney needs to prove two things (at least):
That Child's acted maliciously, that he was trying to cause harm to the network. I have seen no real evidence that supports this idea. The city tried to say that he did it to keep them from firing him.
They also have to prove that his actions actually caused damage. This is problematic because the network never actually went down, his actions didn't cause damage. The city uses the twisted argument that the fact that they were unable to prevent Childs from accessing the network was damage enough, that Childs was the one they needed to defend against.
I did not sit through the trial, but it's hard for me to believe that many juries would find this to be true beyond reasonable doubt.
Qxe4
You do not have a real, proper God Complex until you've either been fired or quit over this sort of nonsense.
Securing systems from anyone who's not you and therefore considered an inferior being is just part of the job.
FTFY.
> No, I haven't read the links or anything else. But it needs to be said.
Yes, ignorance always leads to well-reason opinions.
But at least they will be completely unbiased! :)
The organization's policies are no longer any of your business once you leave their employ. They're not law. If they want to violate them, that's their concern, not yours.
I thought policy was just to cover the asses of the people who make requests like this, and set aside whenever they want something counter to it?
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
A written policy can't fire you and won't be there to help you get your job back. When in doubt, do your job (though it helps if you can get the request in writing to CYA later).
God invented whiskey so the Irish would not rule the world.
He was a EX employee and had no responsibility to give anyone anything.
If they could not figure out how to work around it they were incompetent and obviously he should not have been fired, but instead given a peer or three to help run the network.
Woo! Big miss! The landlord (by default) CANNOT just come in without proper notice, at least by PA Landlord-Tenant Law.
Either way, the analogy doesn't apply at all. Childs wasn't leasing anything here. It would be as if the landlord here had a maintenance man who changed all the locks, and then wouldn't hand over the master keys to another maintenance man because the landlord wasn't there to say it was OK.
And that is still simplifying it WAY too much.
I cant say for sure what the policy was in this case, but there are plenty of places that have a policy that would preclude you telling your direct supervisor your password. In a federal, top secret environment doing so could easily land you in prison.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
Wait, you mean his fate is in the hands of 12 clueless "average" citizens?
He is truly fucked.
12 undereducated laymen may also think they know about technology. Remember Michael Hegg, whose stated "expertise" was that his wife is a sysadmin?
The COO of his organization asked for the passwords.
If the COO of your organization can't get the passwords who can?
You're talking about a boss of bosses here, there is one man higher on the good chain than the man that asked for the passwords in his organization, to go any higher than that you have to outside the organization to its parent ... i.e. the mayor.
You guys really need to get over this 'he was right' bullshit.
You REALLY think they took him to jail because he said 'I'm not giving them to anyone but my boss'? ... rather than just getting his boss?
Seriously? Are you that retarded? I have several ocean front properties in Arizona I'd love to sell you. 150 acres, $1 each, beautiful ocean view. You can take them all for ... hell, for you ... $100. I'm doing a sale for gullible morons this week.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Apparently you've not participated in Voir Dire...
In theory, you're right. In practice, however, it's not quite the same thing.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
FTFY.
But ya, a few years of school doesn't mean you know everything on all topics. That's why competent employers like experience. ... and staying with the topic, a jury of your "peers" doesn't mean that they are actually educated in the topic being discussed. I would be a competent peer on a whole variety of topics, but if I was on a jury for medical malpractice I would understand part of it, but definitely wouldn't understand standard operating procedure. That would be spelled out by both sides and their "expert" paid witnesses, so SOP would be skewed towards their side of the case and I would be at the mercy of dumb luck to guess which one was more reliable.
Serious? Seriousness is well above my pay grade.
Yes, because its hard to point out a few mistakes inside millions of correct assumptions.
Perhaps you should learn to read. He said:
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Who on earth modded this interesting??
For the record, people mod posts interesting because they find them "interesting" not because they are correct. And complaining about modding is childish.
This has been discussed many [slashdot.org] times [slashdot.org], and I regret to inform you that your argument does not hold water. While it's a nice story to imagine this 'geek hero' standing up against the system, it's an airbrushed, romanticized version of the truth. This dude was out of line, end of story. He decided to try to flex his muscles, and he got taught a very valuable lesson that many could learn from. It was not his place to determine who was "competent" enough for the information.
The important point is that he was asked to give up that information after he was fired. In a sane world, Childs would have been able to tell them to fuck off because he as no obligation what so ever to work for free for his former employer. Btw, this is one of the many reasons IT workers should be unionized. Unions could have layed down the ground rules to abusive workplaces like this and fined them for millions for their transgressions. Companies don't own you for life.
Football Odds
A number of facts are in dispute, or at least the interpretation of a number of facts, and that's why this case potentially "...puts all IT admins in danger..."
The city claims that Terry took a number of nefarious actions that endangered the network. They claim that he installed multiple modems connected to the network to allow him to access it without logging or auditing. Connecting a modem to the console port of a router or switch is a common back-up access method. It's the only way you can remotely get to a network device if the network is down. When you connect, you still need the username and/or password to get into the device and that access can be logged. It's no different from connecting your laptop directly to the console port.
They claimed that he disabled password recovery on network devices to prevent the city from accessing them. But all of the devices where password recovery was disabled appear to be devices that could not be physically secured. Disabling password recovery is, again, a common practice for devices that are physically accessible.
They claim he had sniffers installed on his computers in order to snoop on the network. How many network admins out there DON'T have a sniffer program installed for troubleshooting the network?
After he was arrested, his pager was taken and it went off with an alert from one of the routers. The city claims this was unauthorized access to the network. Again, it's extremely common for network admins to have monitor programs that send out an email or pager alert in the event of a failure.
I agree that Terry handled the situation poorly and was probably a bit of a jerk. But the city's attempts to pile on the charges in an attempt to get back at him do threaten to set dangerous precedents that could come back to bite any system or network admin.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
Childs essentially held the City IT hostage.
Please explain your statement.
The mayor had a policy to not give anyone else the passwords but him.
Childs did NOT give the passwords to others.
Childs DID give it to the mayor, as the mayors policy stated to do.
Where from those facts to you jump all the way to holding anything hostage?
Is your wife holding your house hostage because she won't give a copy of your keys to a random kid down the street that asked?
> If the COO of your organization can't get the passwords who can?
Well that would depend on the policy that is in place.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Expert for the part where he did not keep system-level admin passwords in the database held by security, as explicitly required. Which would have prevented the entire face-to-face confrontation.
Yes all suspicious looking persons will be shot on site, given a fair trial, and then promptly hung.
"He is so stupid. And now back to the wall!" Moe Szyslak
technically correct; The best kind of correct.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
He insisted on meeting the mayor in person to hand over the password. That's not rational or defensible.
Pity he doesn't have a jury of his peers, so he's basically gonna get crucified by joe & jane blow citizen ...
The downside to treating everybody as equal before the law is that everybody is everybody else's "peer" for the purposes of jury selection.
"Jury of his peers" is from British law - where the Magna Carta established the right of Lords to be tried by a jury of other Lords in disputes brought by the King, to keep the King from arbitrarily convicting them of made-up crimes and seizing their estates. Later it was extended to the other classes of "Englishmen".
When it comes to the US, while many of the legal principles came across, the explicit legal distinctions among classes of citizens, based on heritage, occupation, government position, etc. were explicitly banished from US law. We were left with free, slave/involuntary servant (a class later eliminated except for those convicted of crimes), non-citizen, and "untaxed Indian" (effectively citizen of an independent country called a tribe who hasn't opted for full US citizen status).
About the closest we have to "peer" in jury selection is the requirement that the trial take place in the community where the crime occurred unless the DEFENDANT requests it be moved elsewhere and the judge agrees he can't get a fair trial in the original location.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
He was just being a dick. He used the policy as an excuse but 'the mayor tried to get the passwords in a non-secure setting' is just fucking bullshit.
They aren't nuclear launch codes and it was the highest man on the totem pole.
Smack his ass back to reality for it and remind him how unacceptable it is to do what he did.
You can argue that he was right ALL day long, but I dare you to make that argument at a job interview. There will be VERY few places that will side with you on that one.
He effectively held hostage ... for 12 days ... the keys to a large chunk of infrastructure. You know what, you're right, we should let admins do whatever they want cause they know best. Admins should just run the country rather than doing their jobs as their told.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I get the same thing here at my company in IT security - lower-level store managers across the country who (supposedly) decide that one of their employees is loafing off too much and want their Web history for the past week or so. Or maybe they just want to know, how can I tell?
Of course, we don't use proxy authentication so it's insanely hard and time-consuming to even find that data with a degree of certainty, but even if I can, no way am I giving that up to somebody who I don't even know is definitely that person's manager.
We finally decided enough was enough, and now we categorically refuse to provide any information whatsoever unless an actual investigation incident is created with Human Resources, and only Human Resources can make the request. Problem solved on that one!
Another great one: a few years ago I helped on a worldwide Active Directory deployment for a company made up of many sub-companies. Anyway, this bunch of Battlin' Business Units distrusted one another so much that they actually paid our consulting company to be the only entity with Enterprise Admin credentials - of THEIR own AD forest! So I've somewhat been in this situation, and believe me, we also specified very carefully how that credential would be turned over and to who. Luckily this company didn't press the issue at all.
But he wasn't responsible for it after he was terminated.
Neither did he, upon being fired, have any remaining obligation to the company, which is rather the point of the case: Is it unlawful to withold passwords from the employer after termination? I mean, it's one thing to change the password to what they ask, it's another to give up your password, which might be usable on other things that don't belong to them (like your personal data). It's bad practice, sure, but a real one.
#fuckbeta #iamslashdot #dicemustdie
In which case he is effectively breaking several state and federal anti-hacking laws that Kevin Mitnick was happy to get created for us.
You really don't want to take that route as a defense against any lawyer with some knowledge of the history.
Just holding the keys to a computer system you are not authorized to hold is a felony offense.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Wow... Just wow.
In times like this, I think the media is your best friend. Surely, there has to be some local investigative TV reporter who likes going after government excesses. If I were involved, I'd play it to the max and do everything humanly possible to get this retarded governmental behavior plastered all over the the 6:00 news, and use the investigator to go after the state reps and senators to put pressure on these buffoons.
You and your daughter deserve public apologies and reparation from everyone involved (who in return each deserve a firm kick in the ass) The only way it's going to happen is to make it visible. Just sayin'
Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
Heh... What's there t' warn about... Real IT Geeks wear kilts properly anyhow.
Would you suggest he just take their word for it?
Clearly, Childs knew who those people were. Whether they had "access" or not should have been cleared up the first day that they were able to make him sit in jail.
I don't know about you, but the people who are allowed to put me in jail are welcome to the passwords to a system that I don't even manage any more. If he wanted to make sure that he was held blameless, he could have made a request to have it entered into the record that he was giving the password up under protest, but that he was respecting the order of the court that he divulge the information. What worse could the city do to him than throw him in jail for a longer period than some felons get?
Most employment agreements do have clauses that require you to provide information and assistance to your previous employer even after termination (they are supposed to pay you for your time, but giving out a password really wouldnt qualify).
What is at issue here is the security policy and the question of whether or not Childs was required to give out the password to his supervisor or, as he claims, only to the mayor. It seems like this should be pretty cut and dry if there is a written policy, but apparently its more complicated than that.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
Yes, The City did appear, or at least its duly elected representative, 'The Mayor of The City', who told him to give up the keys, to which he refused sighting some more bullshit about it being an unsecured facility ....
There are also several other people that represent the city and most likely are legally allowed to assume responsibility of infrastruction in the case of emergancies, the City Manager is the first that comes to mind.
This really isn't that hard to comprehend if you're older than 8 years.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
It's simple, when your superiors ask for the password, GIVE IT TO THEM.
When you're threatened with arrest, GIVE THEM THE DAMNED PASSWORD.
If he'd tried this at a company you probably would not have heard of Childs.
No reference? Right in the middle of the "don't" list in the City's policy is "Do NOT disclose passwords to your boss".
Here, I'll quote it for you:
"...If the COO of your organization can't get the passwords who can?"
If the policy states clearly, *in print* that the passwords should only be given to the mayor, fuck the COO and anyone else (except the damn mayor) who asks for them. *that" is what he was paid to do and that is what he did.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
If he left the job (willingly or otherwise) and then divulged the root password to someone who wasn't supposed to have it, he'd definitely be walking on thin ice.
"The use-mention distinction" is not "enforced here."
Does anybody actually have a copy of that contract? I keep hearing this, and I'm wondering whether it's true, or a distortion by his lawyer, or just some oft-repeated bullshit by those that want him to be a hero.
The world's burning. Moped Jesus spotted on I50. Details at 11.
you know it's technically illegal to kill someone, but the law allows for justifiable homicide.
this guy took over the system to protect it from the rest of the idiot users who, like the rest of the City employees, are incompetent.
I WISH I was on the jury. I'd vote innocent of all charges.. until he was acquitted or the judge declared a hung jury. I can understand his position. My mother does not get admin privs on her machine..
Point of order:
You LOSE your job.
You LOOSE your bowels.
A screw is LOOSE.
IT IS NOT TIGHT.
Is it really that fucking hard to get?
I've been following the story off and on, and the one thing I get hung up on is the crime charged. IANAL but if the crime he is accused of is "disrupting service" - shouldn't this have been thrown out a long time ago? Disrupting service = outage. If no outage was incurred, what service was disrupted? Yes they could not make changes, but the system continued to run. If I abstract this to my personal network... forgetting my network password does not create a disruption of service. Certainly an inconvenience, but I remain connected to the interwebs.
I work in the public sector and while the head of the agency isn't my supervisor, if she asked for a password that she didn't need, I'd write it down for her.
What would you answer, if she then asks why you violated policy?
Now, in the public sector, things usually aren't as strict as in the private sector but there, tests like that are certainly not unheard of.
Can you tell me that password again?
These are the types of problems that arrise from this prosecution. The law gives organizational policy the force of law, without realizing its limitations.
This is the real problem. Without that, the concerned admin wouldn't have to care about policy - certainly not after they've left their job.
The landlord has a right to inspect his premises at any time, even if you're living in the apartment.
What you've said, is simply not true in any city that has strong renter's rights. My landlord has to give us notice before he just comes walking in (24h or something). If you had a landlord who was just walking into your apartment, you should have put a stop to it immediately.
Nonsense. Your BOFH specifically added something to the system explicitly to cause damage if he was terminated.
Unlike the BOFH you got rid of (who actually WAS out of bounds) Childs secured the network and then followed the broken security policy as well as he could. At most, he was a pain in the ass. His managers were demanding information that according to security policy they were not entitled to. They wanted him to reveal it to a great many people all at once on a conference call no less. Guess who would have been on the hook if one of those managers (in typical manager fashion) said to himself, this IT stuff isn't so hard, I'll just make this little change and BOOM! net is dead.
The network never did go down until after the password was handed over. That is, they managed to screw it all up exactly as Childs predicted. The only reason he's not on the hook for that is that he was in jail at the time.
A proper written policy would have specified more than one person to hold the key passwords and/or a vault to store it in in written form (preferably with a tamper evident seal). Personally, I prefer people log in under their own credentials and then sudo as needed, but a lot of network equipment only supports the one true password model.
To those who repair computers, your two best friends are a guy at work and a friend from church
Being a spelling & grammar Nazi is a sign you do not poses the intelligence to contribute to the conversation
He is a living being. Part of the role of humans (rather than computers) is to deal with situations where you can't just Follow the rules. If all it was was 'following the rules' it would be computerized.
I have never worked somewhere that my supervisors did not have access to system passwords.
I regularly supply them with updates to the passwords for our systems that have them.
Its called being a good admin. NO ONE PERSON EVER holds the ONLY SET OF KEYS to the system. That is fucking retarded administration and anyone doing it needs to be fired.
If you allowed the situation to exist where no one had the passwords then you failed in your job. You should have known the policy was retarded and worked to get it changed.
You can make all the arguments about policy and chain of command you want, but the reality of it is policy is regularly broken when it doesn't actually fit the situation.
Whats more interesting is why we aren't talking about the fact that thier policy required THESE PASSWORDS TO BE RECORDED IN A SAFE MANNER THAT HE DIDN'T ACTUALLY DO.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
This has been discussed many times, and I regret to inform you that your argument does not hold water.
And yet it might pass water. Or at least pass water on the argument.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Ah - thanks for adding to the list of incorrect assumptions for me by appending one of your own; namely, the assumption that I am either illiterate or failed to take note of the weasel-word "often" in the commenter's statement and, upon perceiving it, would immediately share the commenter's ambiguous interpretation of the word. Bravo, sir!
If he left the job (willingly or otherwise) and then divulged the root password to someone who wasn't supposed to have it, he'd definitely be walking on thin ice.
Not really. It's only a crime to access a computer unlawfully, not tell someone how to. Unless, of course, you're inciting them to or advocating criminal activity. Case in point; it's perfectly lawful for you to own a gun or a chemistry set, but not shoot someone or detonate an explosive.
#fuckbeta #iamslashdot #dicemustdie
With respect to the "alternatives are far worse", you might want to read up a bit on how the legal system is implemented in The Netherlands and the rest of Europe or any other western civilizations around the globe for that matter.
The best case against your "juries" or dolts as you call them is to ask yourself how any higher courts work in the US. Do they have juries? I didn't think so.
His boss was Information Security.
This wasn't "sharing" which is what the policy discusses, this was demanding it because he was an administrator with the only password.
By this policy he shouldn't have given the password to the mayor of San Francisco, hell he still should have it and that part of the City's network should be unmanaged.
It is real simple: Whoever owns the systems, and their designated agents, have a right to have access. If they ask you for access, give it to them. It's that simple. You don't have to give them your password, you do have to give them a password that gives them access.
Let me provide you with a real world example:
Edward Diego should have never been given access to Shodan. Sure, a hacker gave him access, not one of the station admins, but that's quibbling. The main point is that stupid people shouldn't mess with AIs controlling space mining lasers and robots.
Not unless you act on your opinion or express it in a way which can be interpreted as either slander or libel.
Good, inexpensive web hosting
Good lord, I had no idea I was going to get modded into oblivion for this comment....ROLLBACK!!!ROLLBACK!!!
If you post as Anonymous Coward, don't expect a reply.
They've served .5 years * 12 people = 6 people years!
I think you're missing the point. The original policy is to give the passwords to no one except for the mayor in a secure setting. If it was me, I don't care if the President of the United States, or the Pope was asking for those passwords. It isn't happening. I will give those passwords to the mayor, in a secure setting. Only. Ever. Period. I work in a larger governmental institution than a city. If I were to simply pass the keys to my entire department to the head of Security and the CIO, I would be jailed for knowingly/willingly compromising the security of the organization. I'm sure this is a similar situation, damned if he did, damned if he didn't. It looks to me like the CIO and head of Security just got pissy that they were not considered competant enough to run the system in the minds of its designer.
Although, to humor you, the landlord has a right to inspect his premises at any time, even if you're living in the apartment. Remember, the landlord owns the place, you're just paying him/her to borrow it.
I don't know of any state in the US where this is true. Certainly not in mine (TX).
I have found there are just two ways to go.
It all comes down to livin' fast or dyin' slow. -REK, Jr.
It is perfectly rational when that is exactly what his contract told him to do.
So you're saying that Childs had a duty to withold the passwords from Richard Robinson, the chief operations officer for the city's Department of Technology and Information Services.
Childs had ideas above his station, like other bad admins. When the IT COO asked with HR and cops in the room it should have been forthcoming. Even if it led to problems it was no longer his responsibility.
Ten bucks says if he gets off the case he'll have a job as an iPhone hardware tester at Apple.
APPLE EXEC: "Where's the 5G prototype?!"
CHILDS: "I will personally hand it to Mr. Jobs and only Mr. Jobs only, as I can't trust the rest of you with such sensitive technology!"
Random Thoughts From A Diseased Mind (Not For Dummies)
Though hosted on a San Francisco government site, that document self-identifies as being the product of a trade organization composed of County sysadmins (and it does not list the "City and County of San Francisco" as one of the Counties whose members contributed.) Indeed, "San Francisco" doesn't appear in the document at all.
Can you also post a link to a place on the site where the city says they adopted this document as their policy?
(Also the quoted text doesn't support the allegation that the password was only to be "disclosed to the mayor in a secure setting". "Mayor" doesn't appear in the document, and "chief" only appears as part of "chief information security officer", not "chief executive".)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Is it unlawful to refuse to return keys after termination? To return a company-owned laptop? To return an id badge? Normally, you aren't allowed to leave without turning these things in at human resources but if you don't have them on you, you'd better get them and return them, no? In this case, he did the intellectual equivalent of putting his own lock on his office door, and refusing to give the key to anyone.
Michael J.
Root, God, what is difference?
Most jobs I've had made me sign a nondisclosure agreement for which the protected information included passwords.
"The use-mention distinction" is not "enforced here."
In cases where security is sensitive (such as a city-wide WAN) and the manager is not actually qualified to work on the hardware (common enough with MBAs), they are not entitled to the password and if they had an ounce of sense wouldn't want to know it. They may be entitled to order an admin to share the password with a new admin. In such a situation, telling a manager the password may be (and should be) grounds for termination.
Forgetting all of that, this was an employment issue. It is not against the law to disobey an employer. Their recourse is to fire you. The only exception is military service.
May be if SF had that policy. There would be no story.
In the end they did it on the cheap with no oversight. If he was hit by a city bus they would have the same problem.
90% of what they accused him of was his job. The rest is not terrorism.
Um, so your "real world" example is from a video game? A damn good video game, I'll grant you, but still...
He refused to hand over passwords when ordered to do so by his superior and his superior's superiors.
It was illegal to do so - he could easily have imagined going to jail for doing exactly that.
Little did he realize that following the law, could also lead to jail...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Disobeying your manager is not a crime.
That's not the point... a FELONY for kicking a door? What's next, going to jail for littering? /me thinks it's a little excessive
(oh, and I'm posting with my ID, not as AC)
I've got better things to do tonight than die.
> his guy was responsible for critical public infrastructure -- infrastructure that kept working for months after they fired him.
But he wasn't responsible for it after he was terminated.
But it kept working after he was terminated.
In my state (Ohio) it's a law that you must be given 48 hours notice before the owner or someone on behalf of your apartment building can enter your apartment. There are exceptions for certain situations, like fire, and possibly your leaking pipes scenario if it was bad enough.
my UID occurs in pi starting at the 384,199 digit after the decimal point.
Because as soon as he was asked for the passwords by the proper person (the major) at the proper environment (face to face with him without unknown people at sight) he indeed promptly passed them out.
I would have insisted on the dome of silence before handing the paswword over to a mere mayor...
Being judged by twelve random people is as close to 'objective' as possible.
No, it's as close to random as possible, and as far from biased as possible, but it's purely and utterly subjective.
And what happens if (as is the case for Childs), some middle manager with no actual ownership or rights demands the passwords? Throw in that telling them violates policy. Suddenly giving your manager the finger is a crime? Too many managers have a god complex as it is without declaring that their word is actually law!
The important point is that he was asked to give up that information after he was fired.
Incorrect. Please read the case history before repeating misinformation.
I think, what most lay people don't understand is that the rule: 'Don't give out passwords indiscriminately' is equivalent to the Hippocratic oath for some IT admins
No kidding; every time I get a user who starts saying "do you need may passsword? It's Fluf-", I start plugging my ears and loudly saying "NO NO NO NO NO". Once they stop, I explain: 1) never share your password 2) when it is absolutely truly necessary, like life or death, never say it out loud unless you're in a cone of silence, watch the person you shared it with, and change your password immediately after they're done. 3) I don't ever want to know your passwords, ever.
Your view of this is rather strange.
Just that simple, huh? So let's say the Dean for Admissions demands you give him the organization-wide root or domain admin password. Will you? What if it's the dean for admissions, two members of the board of trustees, the chief of campus police, and a computer lab tech from the biology department, and all want you to give the password to the lab tech?
When either a direct-line supervisor or someone as high up the food chain as you are supposing here asks for something you pretty much give it to them. Or get fired on the spot with good cause. So of course you give it to them and let them take the heat for the consequences. Network down for a week? So what? It isn't the admin's problem to explain this to everyone.
If the policy states you shall not give the password to anybody but the CIO, and all of these "designated agents" come to you and demand the password... are you going to give it to them?
If the "designated agent" is really authorized, heck yes. About the only way out of this that I can see would be if all you had was someone claiming to be "designated" and the CIO was completely unavailable to verify. Again, doing your job means following directions, even if those directions seem utterly stupid. Covering your ass is a well-known tactic, but refusing to cooperate because of some inflated sense of self-importance is stupid and gets you fired.
Let's say you quit your job, and three days afterward they call you asking for the passwords. How do you know if the policy changed? Maybe the CIO was fired. How do you know these are still the "designated agents"?
And if you have quit, why do you care? If the passwords were not changed the moment you left, it is pure and simple negligence. So all you have is obsolete information that is about as secret as yesterday's newspaper.
These are the types of problems that arrise from this prosecution. The law gives organizational policy the force of law, without realizing its limitations. So before you tell us to "shut up", you might want to think about the ramifications of that first
First off, you do what you are told to do through the organization structure. If you aren't doing that, you get fired for cause. Period. Insubordination is never a good idea and it is a lousy career move. If you have to, you get a real nice CYA document from some higher-up so that you can always say you were just doing what you were told to do, no matter how stupid it sounds. In this case, Terry's job wasn't to protect the city from the Mayor and the Mayor's questionable directions. And openly defying in the manner that was done has consequences that Terry is just finding out about.
My guess is that no matter what he is charged with, the jury looks at it and says he is an self-important idiot that was insubordinate. In 10 minutes they will have a "Guilty" verdict.
So give the password to a PHB and he blows the network up and you take the blame that is ok?
He *was* authorized to hold them. It was a large part of his job description.
When he was fired, they never asked him for the passwords. What was he supposed to do, whack himself over the head until he forgot them?
When the cops came looking for him for what was effectively their mistake, he clammed up (as he should've), since they nor the low-level guys gunning for them had any right to know the information. He said from the start that he'd tell the mayor, and he told the mayor when they let him.
Had he forgotten the passwords the moment he was fired, he wouldn't be in this mess. This is their fault.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
The moment Childs was threatened with jail by a credible governmental threat, then he should have surrendered the passwords.
Dude is a hardhead.
Sure about that?
You are not a real, proper IT geek until you've either been fired or quit over this sort of nonsense.
Securing systems from morons is just part of the job.
Even if said morons are the people that hired you? Imagine if you hired a locksmith to install locks on your house. When they finished the job, they refused to hand you the keys because they don't trust you to keep your house properly secure. Would that be okay?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Whoever owns the systems .... have a right to have access.
Who can and cannot have access is specified in policy.
I was under the (possibly mistaken) impression that your two quotes neatly summarized his trial. Written policy and contract ordered him not to give out passwords to any random elected official, and an elected official ordered him to break the written policy and contract. Remove all the technology and its an ancient story.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
My a priori experience with Voir Dire is that it eliminates people who have any opinions of anything at all. Consequently juries tend to consist of wishy-washy, apolitical, shallow twits.
And I am still thankful for them vs. the alternatives.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
Of course the facts are in dispute. That's the only thing a jury is there to determine. When a jury says "We find so and so guilty of such and such", what has actually happened is the judge has told them "These are the points of law - if A, B, and C are true, the defendant is guilty. If any one of them is not true, the defendant is not guilty." The jury decides the facts beyond a reasonable doubt (it is impossible to decide beyond all doubt), and if all the facts meet the definition of guilty, they find the defendant guilty. If not, they find him not guilty.
The only reason there is a trial is because the facts are in dispute. That's why someone says "Not Guilty" when charged with a crime - they are disputing the facts the prosecution has presented.
The wiggle room for getting off on a case is completely different from what people seem to think it is. It's not the law that gives the wiggle room, it's the facts. If the jurors are not 95% sure a fact is true, then they assume it is false.
Because of this, I would much rather have a group of people who have common sense than any sort of technical experts judging the case. Generally, whether or not something happened is only a portion of the case, and often times whether a person intended to do any harm is just as important as actually doing any harm. In that situation, highly technical people are often horrible judges of character and motivation, and they could really fuck you over because they are stuck on some stupid detail that doesn't matter.
I sat on a jury for a felony theft case, and I was pleasantly surprised at the quality of the jurors, considering the pool they were selected from. All the shitheads and dumbasses were weeded out by one party or the other, and the jury was pretty solid.
It's also worth noting that whether or not the guy stole the thing he stole was not in question - the defense didn't even bother trying to deny it. They basically argued that it wasn't worth $500, and not a felony, and therefore could not be held guilty for felony theft. Double jeopardy being what it is, the state would not have been able to come back and charge the guy with a misdemeanor, so it's a good thing he was found guilty. ;)
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
It also isn't hard to comprehend that by breaching his obligation to not reveal the password to anyone but the Mayor, through a secure channel, by revealing it to the Mayor on an insecure channel with many "respected" witnesses, that he could be in trouble for breaching policy.
If the policy says something, it is hardly his fault that he fulfilled it.
Would you whine at/about sudo if you messed up your sudoers file and locked yourself out?
Running for office on a "get tougher on crime" platform has been going on for as long as I can remember. Every new candidate takes this on as a campaign slogan - being tougher on crime that the incumbent.
My point being, is it any wonder after so many iterations this tactic, that the classification of anything short of belching in public has become a felony?
I'd like to think that one day the trend will reverse itself and at some point, some rational sense of "punishment fitting the crime" to prevail.
Unfortunately, the older I get and the more I see the way that many voters are simply ill-informed, mindless pawns to be manipulated by the parties they subscribe to, the less optimistic I become.
Sometimes the light at the end of the tunnel is the headlight of an oncoming train.
In my experience, dumb jurors rarely make it onto the jury box. If it's good for the prosecutor to have an idiot on the jury, then it's bad for the defendant and the guy gets tossed. The opposite is also true. So, what you end up with is a reasonably sound jury - unless of course the entire jury pool is dumb as shit, in which case the defendant and prosecutor and judge are all probably dumb as shit too, so it doesn't really matter.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Horseshit. Refusing to comply with an order when that order is illegal or against the rules that both parties operate under is definitely justified.
So it's all about CYA? That's weak, man. What if Terry was truly interested in maintaining security over the systems? What if Terry suspected his boss would plant evidence to condemn him?
I don't want to invoke Godwin's law, so I won't directly. But you do understand the implications of what you're saying, right? That as long as you're following orders and documenting that you believe it's against the rules, then you're OK, because it's the easiest way out for yourself?
Screw that. Principles are more important than CYA, and I've put my money where my mouth is on that issue on more than one occasion.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I would support jailtime for littering. Very SHORT jailtime, but nonetheless. It disgusts me to see some asswipe toss a fast food beverage cup out his car window into what little green area we have left.
Poor means hoping the toothache goes away.
None of those are examples of ignorance. Each of those was a best fit to the available data. A flat earth fit well if you only had very local data. The geocentric model of the solar system provided very good data for practical purposes. And phlogiston did a decent job at predicting most qualitative and effects of combustion and some quantitative effects as well. To call people ignorant for doing the best they could with data is not at all fair. If someone today is a geocentrist or a young earth creationist they probably are ignorant. We can call them ignorant because the data is available and they have not learned about it. But using the same labels for people who knew everything that was known at the time is a different category.
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
And Firefly.
Jailtime would cost money. I would go for a fine, a *big* expensive fine. Actually, most places have laws against littering, they're just not enforced enough.
I've got better things to do tonight than die.
Those courts don't determine facts of law, they determine process and constitutionality. They can say a procedure was followed incorrectly by a lower court, or they can determine that law is unconstitutional, and therefore overturn the ruling or nullify the case, but they cannot overturn the facts determined by a jury.
The only body permitted to determine fact of law in the US is the jury. Technically congress can too, with their hearings, but those amount to fuck all and are completely irrelevant with regard to the rest of the law.
That's also why the higher courts never, ever hear an original case. It absolutely must come through a lower court first.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
A written policy can't fire you and won't be there to help you get your job back
One would hope that the courts would be there to get you a metric butt-ton of lost earnings when it becomes apparent that you were fired for insubbordination which didn't happen. (In the same way that Lt Foo isn't supposed to follow Capt. Bar's orders when they countermand those of Maj. Baz)
FGD 135
The higher courts don't have juries because they are not being asked to decide guilt or innocence. That's what a jury does. Higher courts only decide whether the application of the law as written was correct or incorrect (or if the trial itself was flawed, or if the law itself is unconstitutional, etc. but never guilt or innocence).
Considering that the Supreme Court of the Netherlands can't even decide the constitutionality of laws I wouldn't look to them as much of a model for anything.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
Eh, my landlords are welcome to come into my apartment whenever they wish. They'll just need to bring a locksmith or a heavy sledge hammer, and a very fast person with a tranq gun. The first thing I do in any apartment is change the locks, install two deadbolts (top and bottom of door) and my dogs are not on a leash or kenneled when I am not home. There is a warning sign stating there are dogs in the apartment and they will bite.
The jury's job isn't to decide whether they think he's guilty or not, but to decide whether there is doubt of his guilt. It is entirely possible that the entire jury believed he was guilty but was not sure enough of it to convict him.
Well, having followed this story since it first broke out, I do believe that Terry Childs correctly followed the written policy of the city, which was that he should not give his password to anyone, including his supervisors, and that the only person that he was allowed to divulge them to was the Mayor, which is exactly what he did while he was in jail.
If you take your job seriously, then it means going against your superiors when they try to break written policy. You're not always going to be shielded by the "but I was following orders" defense. Your supervisor is also supposed to follow written policy. So if your supervisor breaks that policy and asks you to do the same, then you are just as liable.
Here are a couple of comments that describe the city of San Francisco's password policy and how in this interpretation, he did his job and is being unfairly punished.
The people who demanded the passwords were Terry Child's supervisors.
This point is moot, since the people who demanded the passwords were no longer Terry Child's supervisors. They had already fired him before they asked for the passwords. And any password request has to be in writing, which they did not do either. They asked him over a conference call, with unidentified people in the room.
Best "String" Ever!
Agreed. Isn't there another element to prove? That the askers had a right to the passwds? There is more than reasonable doubt they did not.
This looks much more like a case of false arrest and malicious prosecution. Childs got under someone powerful's skin (congrats&condolensces!) He has suffered serious damages 500k$ (bailbond) + lawyers (500k$?) plus lost earnings . I foresee a multi 10M$ lawsuit once Childs is acquitted. And given the venom of the City's persuit, they will not settle but get hammered by a verdict they will appeal ad nauseam.
why isn't this modded interesting?
Which media?
There was a time when reporters really cared about getting stories to the public. They even attempted to elucidate some measure of "truth", using certain ethics and journalistic principles which they held dear.
Today, thanks to the concentration of media ownership in the hand of a very few corporations, and the subsequent gutting of news departments and purging of investigative journalists, the news has become little more than a collection of press releases and political hit pieces. Syndicated columnists make up a larger part daily newspapers than ever before and local television news has become five minutes of fires and arrests wrapped around 10 minutes of network stories wrapped around 15 minutes of commercials.
Everyone is chasing the 24 hour news-free news cycle. There is no one left to report stories like this one.
You are welcome on my lawn.
My a priori experience with Voir Dire is that it eliminates people who have any opinions of anything at all.
I was summoned for jury duty a few weeks ago, and made it a point to express opinions during the selection process (a coworker of mine had the same theory that you are expressing, and I was interested in testing it). I wasn't trying to get out of serving, so the opinions were reasonable. I was still selected.
I think in at least most cases, the point is not to eliminate anyone with any sort of opinion, just people who either have extreme opinions related to the case or who seem to have little room in their minds for doubt that their existing opinions are correct.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
The No True Scotsman would like a word with you and your "real, proper IT geek". I'll warn you in advance - it involves kilts, commando-style, and bagpipes.
You forgot haggis! No True Scotsman would forget haggis! Hand in your True Scotsman card and GTFO laddie!
My own family members have had different experiences with the process, but it's all anecdotal and of course entirely subject to the nature of the jurisdiction and of course the very personalities of the selectors/selectees. No point in playing the 'who's got the better anecdote' game.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
You've obviously never served in the military. The rule there is, follow your last order. So in reality. Lt Foo wouldn't get in trouble for following Capt Bar's orders that went against Maj Baz's, though his captain might. But he would get in trouble for not following them in the first place.
God invented whiskey so the Irish would not rule the world.
I wonder if there is an achievement for getting both "0" and "5" posts in the same topic? :-)
I can see your point on flamebaiting but still don't think the parent post was a troll.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Littering hurts everybody who lives in the environment (in other words, just everybody).
Kicking a stuck door to open it and getting charged with a felony for it helps taxpayers by showing that their tax dollars are going to waste on administration and personal grudges rather than maintaining infrastructure - in this case failing to maintain the door, and wasting the time of the police officer who took the complaint, the court clerks who have to process it and finally the magistrate's or judge's time.
I hope the young woman turns around and sues based on defamation of character, harassment, hostile workplace, not to mention heavy punitive damages well into seven figures for undue stress and suffering, and that the town council takes those fines out of the asshole administrator's budget rather than assraping the taxpayers. Why? Town officials need to be taught a lesson and learn that simply being on the doll is not carte blanche for harassing citizens.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
So then you think it's alright for them to go in with a scalpel and take those bits of IP back out of your skull? Because we're talking about non-physical items here, not keys. And quite frankly if they don't have a method in place to reset the passwords themselves without the original administrator of those passwords, then it's their own damn fault.
Any piece of hardware that doesn't have a method of retaining the configuration WHILE changing the password is either stupid, or intended to be highly secure. If it's the latter then it should probably have a short list of people having access to the passwords. In the case that it DOES have a short list of people, that group of people should not be fired BEFORE REQUESTING THE PASSWORDS NECESSARY TO RETAIN THE CONFIGURATION.
From everything I've been able to read regarding this story, this was exactly what happened. It'd be like having an officer with a higher rank demanding information from you, a lower ranked officer that was above his clearance level, AFTER dishonorably discharging you from duty, without first ensuring all such information was no longer in your possession.
Uhmm yeah right, and you're the bad guy :D
Besides, if you wish, you can just have them indemnify you in writing.
Put everything in writing to cover your ass if you like, but you don't get to hold on to things until someone n levels above you gives you a personal audience.
I have been fired for this by a COO coincidentally. Only the owners of the company had the right to ask me for the access to the system they put me in charge of and he convinced them I wasn't doing my job. So after I was released from employment by 12 days, they contacted me to figure out how to get back in. (Not that the paperwork wasn't already filed per the policies I had written) After getting the shaft I wasn't so keene on doing consulting work for free. Rumor has it their business is suffering due to that COO and he got fired. Might even get my job back, all things considered.
Yes, yes he did, if the COO is supposed to get those passwords the password policy should be changed to allow it. Even if the COO were supposed to get those passwords, they should be given out in person and in private, not over the phone with HR and cops listening.
He was just being a dick. He used the policy as an excuse but 'the mayor tried to get the passwords in a non-secure setting' is just fucking bullshit.
Following policy is not an excuse, it's the right thing to do. If the mayor tried to get the passwords with 15 unauthorized personnel within earshot, it's a non-secure setting and he should not have given it up.
The city policy expressly states that you should not give your passwords out to your boss. The only people who were to receive the passwords were those who required the passwords to fulfill their daily job duties. Childs was the only person on staff who fit that description, and as such, it was against policy to give out the passwords to anybody else (except the mayor in a secure setting).
He may well have been a dick, and he probably could have diffused the whole situation, but that doesn't mean he isn't right, and it doesn't mean his bosses should be allowed to throw him in jail for following policies that could very well have landed him in jail for not following.
They aren't nuclear launch codes and it was the highest man on the totem pole.
There very well could have been legal ramifications for handing out those passwords to unauthorized personnel. That includes his bosses.
I've got a news flash for you - in 12 days, management that doesn't know shit about networks can really fuck things up bad if they are allowed to mess with it. They were the last people he should have been giving access to, and anybody who actually works with this equipment knows that.
Imagine what would have happened if he had immediately turned over the passwords, management started mucking about, and they accidentally shut down half the network? You know what would happen then? This guy would have been fired for violating City policy, and possibly held legally responsible for the costs incurred. God forbid anybody should die in the process, then he's really fucked.
The fact is, from what I can tell anyway, Childs did the responsible thing but his bosses went on a fricking power trip and had him thrown in jail without ever following the proper procedure for any of this. The assholes here are the management, even if the guy is a dick.
Admins should just run the country rather than doing their jobs as their told.
Just want to point out that this guy is on trial precisely because he was doing his job as he was told.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
You know, just about anyone has the power to put you in jail for a day, just takes a bit of work and some creative story telling.
And city policy was to not give out passwords to anyone who did need them to perform their daily job duties. It even explicitly states as a bullet point to not tell your boss your password.
Just because they were his supervisor does not mean they were authorized to know the password, and it does not mean he was permitted to share it with them.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf
Now you can, and you're absolutely right.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Check out the big brain on Brad!
I found this article helpful:
http://www.infoworld.com/d/data-management/sorting-out-fact-fiction-in-terry-childs-case-310
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Beyond a reasonable doubt is only the theoretical requirement, people are unlikely to vote not guilty if they think the defendant is guilty.
Strangely, although what you says is logical, I don't think they actually have to prove that to convict under the law. As long as he fulfills the requirements that the law prescribes, he can be convicted. Thus whether he was authorized or not plays no part in the case, other than as evidence to whether he was acting maliciously or not.
Qxe4
Um, so your "real world" example is from a video game? A damn good video game, I'll grant you, but still...
"Funny" is often more memorable than "informative".
Except that the half dozen other people who were on that teleconference were definitely not authorized to know the password.
They didn't ask him again until after they'd had him arrested.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
They were in the same city.
Is there a particular reason the mayor couldn't get to him in less than one day?
I'm in a huge city-- 150 miles across-- and I could get to any part of it in under 2 hours. I regularly travel across it for situations a lot less important than this.
If you are liable for security, you don't want to be told, "That person who told you on the phone that they were the mayor? Well, they actually were not the mayor."
I'm very suspicious and I've not been defrauded or phished or whatever.
If the network was so important that they can imprison this guy on charges (no proven crime- no lives at stake) for over a year, then it's reasonable that the network admin would want to give the password to the appropriate person (in this case, the Mayor) directly and securely.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
The problem is, he did only give the password to the only designated agent according the the policies of the owner of the equipment. His supervisor, the security person we not designated agents according to the only document that mattered. the cities policies. He followed policy and yet is still on trial, after being in jail on $5,000,000 bond for more than a year. He followed the rules and because that pissed some people off he has lost more than a year of his life and is facing more time lost. Maybe you would give your passwords out to anyone, if so I hope I never work with you or with any company you work for, but I am very careful with the passwords I have been entrusted with and only people that would get those passwords are designated in written company policy.
Well, when someone at a C-level asks the IT admin person for some password there are really three choices:
Those are pretty much the choices. There is no #4 where you get to "do the right thing" and walk away a free man. The fact that he had already left the organization meant his real responsibility was over. Trying to "save the organization from itself" almost never gets you anywhere and carries huge risks. Terry is about to experience the result of these huge risks.
My guess is the jury takes about 10 minutes to return a guilty verdict.
It's hard for me to believe that a jury could possibly understand what you just said.
If fact, they probably will not and he will be found guilty and everyone will move on (well, except the convicted). This is just some obscure case about a "hacker" and nobody will give a damn because it's all about those cave dwellers that don't do anything (other than keep everything working; if only they knew).
Put everything in writing to cover your ass if you like, but you don't get to hold on to things until someone n levels above you gives you a personal audience.
If "n" and "personal audience" are defined in policy, then yes, I do. In fact, even if I don't want to, I'm required to. Childs wasn't some Mayor groupie looking for his "Ohmygawd! I just talked in private with the Mayor!" moment. Maybe by the time he finally talked with the Mayor he was a little grumpy from being held in jail, and he was less cordial so it might seem like he was telling the Mayor to kiss his feet, but the impression I get is that he was concerned that his prior boss was *bad news* and that he (Terry) should follow the rules and only let the Mayor have the password.
I have never worked somewhere that my supervisors did not have access to system passwords.
I regularly supply them with updates to the passwords for our systems that have them.
Its called being a good admin. NO ONE PERSON EVER holds the ONLY SET OF KEYS to the system. That is fucking retarded administration and anyone doing it needs to be fired.
What about the situation another poster in this thread described, wherein he was ordered by some pompous "Executive VP" to give the passwords to some other unauthorized person?
Sure, in some 10-person company, your logic makes sense, but in a larger organization, just because you're some VP or whatever doesn't mean you can make up rules as you go along, especially for employees that aren't under your org tree and don't report to you. Of course the IT Director (or VP of IT, or CIO, or whatever that company calls him) will have access to the passwords in any decent organization. He's the boss of IT, so the buck stops with him, and he should have access to all IT-related resources. But that doesn't mean the VP of Marketing gets access to them too, or that he can order some random IT admin to give the passwords to his personal secretary.
Trying to kick open a door in a federal office building.
What's next, going to jail for littering?
If by "littering" you meant "spreading 1000 pounds of tickertape around the hallways of a federal office", probably. If you mean "dropping a cigarette butt on the street corner", no.
You can't consider just the act and ignore the context.
You probably haven't sat on a jury yet. Most people on the jury are not Mr. Childs' intellectual peers, they are his citizen peers. A person is suppose to be innocent until proven guilty, but too many folks from the general population tend to believe "if there's smoke there's fire; he must be guilty if he's charged for something." Sure it is the job of the defending lawyer to try to filter as many of those as possible out of the pool, but the DA's job is to fill the pool with as many of those as possible. Then we've got jury members who don't know jack about the technical details or the law, so they just go with their gut instinct on the people on the stand and the lawyers. Which lawyer did a better job of saying stuff? Hell, some members even go by what the lawyers wore.
No, sadly, our American justice system claims to be a fair system, and perhaps it is compared to others, but it is really a tyranny of ignorance and money. Mr. Childs likely doesn't have the money to really fight this (since he couldn't afford the $5M bail), so it boils down to his luck of a jury pool. Considering what I've read of his luck, that isn't much luck at all. Guilty or not, he could be serving time. Many other folks are rotting in jail without ever having committed the crime they are "guilty of" because the person's "peers" believed they were.
I hope that Childs will be found innocent of all charges, and he can fight back against the city. I just don't believe that facts are enough.
You can tell who around here works as a technical admin and who doesn't. You can also tell who works in information security and who doesn't.
Hoist Number One and Number Six.
So.. he's already served over 20 months for something he may or may not be guilty of. If they just manage to drag out the case another three and a bit years it won't matter if he's found guilty or not!
And people wonder why we complain about the legal system.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
... the cop was not even there ...
Were you there, or are you just taking your daughter's word for what happened?
Each side only gets to toss so many though, right?
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Unfortunately, no matter how much the legal system claims that you are innocent until proven guilty, the opposite is most often the case. You are treated as guilty as possible, up until your trial proves your innocence. Unless you end up in Guantanamo. Then you get no trial. You get no chance to prove innocence. You get held in horrible conditions indefinitely because of an accusation of guilt, without proof. Welcome to the US Legal System.
Isn't this why countries such as France have completely abolished juries, and judgments are rendered solely by Judges (who, under French Civil Code, are inquisitors rather than arbiters, and are professional judges, not promoted lawyers like in our system)?
Of course, that has its own problems, like the fact that one crappy judge will make a lot of bad verdicts, but it does seem better than your fate resting on the opinions of the stupidest people the court could find.
He insisted on meeting the mayor in person to hand over the password. That's not rational or defensible.
Actually that is the only way that he could transfer the passwords. Policy for password transfer stated that no passwords were allowed to be transferred over the phone or by email. Thus, the ONLY way to transfer the password was in person. Which is exactly what he did when he spoke with the Mayor in person.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Ultimately, Childs is, at best, technically correct.
Good. Technically correct is the best kind of correct.
I'm not being facetious, I just like my public servants to obey their contracts to the letter.
This is what the City of San Francisco gets for letting a felon run their network.
I know what you mean all felons are unfit for society, even if the crime they committed occurred half a lifetime ago and has nothing to do with their current job. They should all be executed upon conviction, right?
That's not the point... a FELONY for kicking a door?
Trying to kick open a door in a federal office building.
You can't consider just the act and ignore the context.
Are you trolling with that line?
Because you just did EXACTLY that.
When information is power, privacy is freedom.
In times like this, I think the media is your best friend. Surely, there has to be some local investigative TV reporter who likes going after government excesses.
Sorry, but Walter Kronkite is dead, and there is no such thing now as an "investigative TV reporter". The only place you'll ever find an "investigative reporter" in the USA is on some small, independent website, and as their resources are very limited (as it's mostly hobbyist or extremely low-budget), there's only so much they can do, and most people will never hear about them.
Most "reporters" these days don't even know the W's: who, what, when, where, how. Critical and obvious details are constantly omitted from "news" reports that I read from major news sources like AP. It's utterly pathetic.
If you want serious reporting, you'll have to invent a time machine.
You might have a point if they were not allowed to discuss the case among themselves, since they are, any randomness will have a hard time against peer pressure.
Analogies don't equal equalities, they are merely somewhat analogous.
So a Colonel, two spooks, a Major and a Private walk in, and the Colonel demands you hand the Private the launch codes to your missile station. Your orders are that the codes shall only be handed over to no less than a three-star General. Do you (a) hand over the password, because well heck they must have a pretty good reason, or (b) tell them to go find a three-star General?
And yes, I realise Childs was not military, let alone a missile station operator. He did however have the keys to city infrastructure, and he believed (rightly or wrongly) that the people asking for the passwords were unauthorised. At what point should some CYA document (even if worth the paper it's printed on) be more important than refusing an unlawful order? When should principles be tossed in favor of convenience? What shade was the grey in Childs' situation?
Once he was terminated, his only obligation was to return anything of theirs. If they want to violate their own policies, that's none of his business.
The most he could reasonably do would be to insist his former boss put the request for passwords in writing, and to notify the mayor of this. If the mayor ignores the notice, he has no cause to withhold the passwords.
Ya' know a fast food cup doesn't bother me nearly as much as a cigarette butt. If I had a dollar for every single time I saw an asswipe toss one of THOSE out the window I'd be rich. Pull up to most any intersection, open a door, and look at the curb - it's disgusting! Hundreds upon hundreds of butts at some intersections like little snow drifts. These things are smoldering when tossed too, lovely. I can count on one hand the number of times I've seen something like a cup tossed out however I see butts thrown probably every other day. I think jail time is a bit much but maybe some steep fines that are actually enforced? I'd support that over bogus speed traps to increase revenue that's for sure!
P.S. I think Terry will and should be let off. Everything I've read about this that wasn't sensationalized aka not mainstream media has led me to believe the guy was really just trying hard to do his job and protect the network. I think he took it a little too far but I hope the jury comes forth and blasts his crap management before letting him go....
Build it, Drive it, Improve it! Hybridz.org
Even if the facts are not in dispute, different juries can reach widely varying conclusions. Law is not equations.
Insubordination is never justified.
So your boss's boss isn't your boss as well? It's insubordination no matter what you do.
Getting an email saying the boss was knowingly circumventing procedures would have absolved Terry of any hint of wrongdoing no matter what happened.
No, it would have simply provided proof that he is incapable of handling the responsibility given to him. In fact it would be proof that not only his boss but also he broke the established rules. In a properly working company, your boss would get reprimanded or talked to for the request and you'd be told to let them know if your boss tried to get even. In fact a properly working company with such policies would have your boss make such requests just to check security. If you give him the password than you fail the test and get reprimanded.
Intellectual property, despite common claims to the opposite, isn't real property. For one you can't forget physical property out of existence...
Analogies don't equal equalities, they are merely somewhat analogous.
For a municipality, a "policy" is adopted by the decision-making body at an open meeting as a resolution. Technically, it's a law and the City cannot ignore laws just because they wrote them. A policy binds the decision-making body just as much as its employees and the citizens of the municipality. If Childs was allowing such a policy, his ass is 100% covered.
(Rules may vary, this works in Canada and the US)
Captcha: Breathe.
The damages totalled $0.00. That itself is reason enough to not pursue legal action.
And another - where is this cited? Who reported this? Nothing I've seen has said this and I read most of the Inforworld and Computerworld reporting. If you saw that crap on CNN I wouldn't give you a dime for it...
Build it, Drive it, Improve it! Hybridz.org
Sure the policy can get you fired. You broke the rules and can face the consequences of that. Your job was to follow the written policy and you clearly failed to do it.
It can also perfectly well keep you from getting fired. You alert those who made the policy of the situation and then it's up to them to review the case.
Juries are in no way considered objective by competent legal scholars. While I'm not a lawyer, I did just attend a day long symposium on one common legal phrase that is widely subjective, "a reasonable person". (http://www.lclark.edu/law/law_reviews/lewis_and_clark_law_review/spring_symposium/2010_Schedule.php).
It was very fascinating listening to different professors/scholars describe how varied jury results can be depending on background. A completely balanced jury, some conservative, some liberal, some religious, etc.. an "average slice" of America, for instance, does not approach objectivity, but rather only approaches consistency in ruling. State by state, a case with fact set A, will always result in conclusion B by the jury. It doesn't mean that the ruling was "correct". To an all conservative jury, the ruling of the "balanced jury" would seem very wrong.
Objectivity is very hard for the legal system to build into a jury trial. Especially when you ask jury member A to answer a question like, "Was what Person A did reasonable?". It is mainly the responsibility of each juror to try to be objective, and that requires someone to be intelligent enough to know what is personal bias, what is objective fact, what the law is asking you to decide, etc..
Now, a good judge can explain very carefully what things, and what things only, matter to the decision at hand, but studies present in the symposium above showed that more detailed/explanatory jury instructions had ZERO effect on jury outcome. Personal bias based on self declared values was the primary factor.
What I took from the symposium, is that you better have a lawyer that knows how to pick a jury favorable to you.
I have never worked somewhere that my supervisors did not have access to system passwords.
I regularly supply them with updates to the passwords for our systems that have them.
That is policy at my work. No one gets the root passwords without filling out the proper paperwork, including getting supervisor signatures, and approval from the IT lead of the systems which the password is to. The IT lead approval entails having demonstrated the technical knowledge for that specific system(s). You could be someone who has 20 years of IT experience, but if you can't show that you know how that particular system is setup, including knowing what major services it runs and the systems and processes that rely on the server, you won't get root.
NO ONE PERSON EVER holds the ONLY SET OF KEYS to the system. That is fucking retarded administration and anyone doing it needs to be fired.
We have a process in place where root passwords are stored on a secured system. Access to the system heavily restricted. Once you login to the system, a custom shell is run which prints out the list of passwords that you have been approved to have access. The actual full list is not available to everyone. The full list is encrypted and maintained by programs developed in house which give the ability to add new systems and their corresponding passwords, update passwords to existing systems, and add/revoke the users from viewing that particular system. A history of old passwords is also maintained (and is part of what is printed out on the screen to the people who connect). The list is maintained by our Accounts group who are in charge of keeping track of all accounts on all systems and maintain the paperwork/databases showing who has access to what, and are in charge of creating and removing the accounts on all systems (i.e. if someone is fired, the Accounts group disables the person's accounts on all systems that they may have one).
You can make all the arguments about policy and chain of command you want, but the reality of it is policy is regularly broken when it doesn't actually fit the situation.
But that is just it, policy did fit the situation. The policy said he could not give the password to his boss. Due to a single-point of failure, he was willing to give the password(s) to the person allowed by policy to have them, which was the Mayor, but only under the proper way, which meant in person. We don't allow passwords to be transferred in any other manor either. If you need your password reset, the only way to get what we reset the password to is to physically go to a designated password coordinator in your area. They have strict policy for giving you the new password which is done in closed door office and the password is shown to you on a computer screen, and/or where you then have the ability to change the password (in accordance to password complexity policy).
Is this all overkill, not really. Especially for any location which deals with as much money as a large city does, or with protected information, or any of a number of other reasons (maybe it is a secured government network which handles classified information, etc.). A GOOD IT admin knows that protecting the data from idiots is their number one job priority.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
I don't see this as affecting IT admins at all.
You've never worked for a clueless CEO who demanded via company policy access to all the passwords then logged in (remember this is a clueless CEO) and fiddled about with everything, trying to remove all the access restrictions so he could access high speed Pr0n on bittorrent and activate all the dark ports so he can plug in all his mates and have a LAN party in the office; thus bringing the network down in the process. He never did get his LAN party. In this case when the network comes down it's no the clueless CEO who takes the blame. It's the lowly IT manager who should have designed his network better. And yes, I was dragged over the coals over the fact that said clueless CEO completely destroyed the network and required about a week's worth of work to put everything he'd destroyed back to good.
There is a reason that clueless managers don't get passwords. It's because clueless managers oftentimes (not always) have a God complex and think the rules do not apply to them.
Personally I think the guy was right not to hand out the master passwords to what was essentially a clueless manager. Where you have a problem is that he needed to hand out the passwords to someone; there is the old hit by a bus scenario.
Not commenting on the case - but I can attest to having been in situations where I had passwords that neither my boss nor his boss were permitted access to - the only other person with access was the owner.... and that policy came from the owner.
It's not common, it's not normal - but it happens, and has to do with domain expertise and risk mitigation.
Always have a procedure in place to deal with the possibility of an "irreplaceable" employee getting hit by a bus. (I once took over a position at Intel where the former employee had died suddenly of a heart attack, leaving a CVS file locked. We decided to leave it locked in memoriam.) In this case, establishing a procedure for hand-off of the passwords long BEFORE firing the only employee that knows them would have been a no-brainer to any competent IT manager. In my book, if you fire me without notice for no reason, I'm not obligated to do ANYTHING after I walk out the door -- should have gotten those passwords in the exit interview if you needed them. Granted, Childs was a paranoid dick, but the managers created this situation themselves -- they should have known better.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Out of curiosity, what would you do if the CIO asked for access with several grad students present? Cause that's pretty much what happened in the case of Childs. In my company this would lead to a separate conversation between just the COO in my case since I report directly to him. At that point I would make him/her aware of the risk involved in exposing passwords with 3rd parties present at which point they could voice that they still want me to give them access. Management makes lots of boneheaded moves and it is up to us to limit the damage they can cause. Yes, the owner has access to all files but that doesn't mean I give him full access. He once deleted 200gigs worth of contracts because his VPN had momentarily lagged and clicked the wrong buttons. Of course I have systems in place to recover from this but the bottom line is that you have to protect them from themselves. If that data goes missing they aren't going to take the blame afterall.
Well... if a voice on the end of a speakerphone claims he's the COO and there's a half dozen other halfwits standing around when the question is asked umm NO!
Or if someone who says he is the COO is standing in front of me with an open speakerphone to some halfwit with another dozen halfwits standing around eagerly awaiting my password then NO!
If I'm asked to provide my password after having been fired and am no longer employed then NO!
If instead the written policy states that I can give my password to the COO and I meet with this person 1v1 with perhaps a single witness and I'm employed at the time then yeah I will give the password in exchange for a written document that's witnessed stating that I am no longer responsible for the account I've just handed over a password for.
Now which of these scenarios do you think occurred in this case?
Build it, Drive it, Improve it! Hybridz.org
This keep cropping up in this thread, and I don't know why. The policy is online, and does not contain the word "Mayor", or the phrase "designated agent", or any of the many other things that are supposedly in it. So he did not follow policy in this respect.
What is in the policy is the actual policy for system level passwords, and the enable password for network kit is definitely a system level password. It states:
"All production system-level passwords must be part of the security administered global password management database."
Simple, clear, and Childs was definitely in breach of it: only he has these enable passwords, and did not put them in the database.
For him to argue that the rules for personal passwords applied to system-level passwords and take it to ridiculous extremes - well, this was always bound to end in tears.
In the case of OJ I wouldn't worry about being sued for either.
Please don't pass judgement on our judicial and legal system until AFTER the verdict has been passed on your daughter. I have a tough time believing a jury or judge would be swayed by the testimony of the police officer, if the events happened the way you say they did. Regardless of the actions of the police and prosecutor, she'll get a fair crack in court.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
Ultimately, Childs is, at best, technically correct.
“Technically correct is the best kind of correct.”
-- Bureaucrat #1.0
Well said! I'm sick of all this CYA stuff. I see it everywhere and people seem to think it allows them to do whatever bullshit they want. Course I guess I grew up in an environment where I take responsibility for my actions or lack there of. If I screw up at work I'm the first to mention it to the owner. At that point I discuss mitigation to prevent it from happening again and that's worked out pretty well so far.
We seem to live in an age where mistakes can't happen or someone gets fired and I think that's a terrible place to be. This is why I mitigation systems to handle accidental deletes and automatic rollback for database commands made in error. As a Sysadmin I plan for mistakes of others as well as myself and as a result, things work pretty well.
Charge the defendant with everything you can think of even if you don't believe he's guilty of all of it and then negotiate down to the only charges you had any chance proving in the first place.
It's like raising prices just before a sale marks them down.
The portrayal of the VPN information suggested that Childs should not have had this documentation, even though he was the city's lead network admin and apparently had to maintain these lists as part of his job. But entering the VPN information into the court records made them public -- the San Francisco district attorney's office committed a significant security breach, opening up VPN access to anyone who cared to look at the document. Although the passwords alone were not enough to provide complete access to the city networks, they did constitute one part of the VPN's two-phase authentication configuration.
(link) I wonder if the someone from the DA's office will stand trial for whatever laws cover such a broad and incompetent breach of security. Seems fair, after all, considering what they're doing to him. And before anyone says "Hey, they're lawyers, not IT guys, you can't expect them to have the same level of password security sensitivity that IT folks do, yada yada yada", I'd say that any lawyer that ignorant of IT security has no business involved with this case to begin with.
I have some doubts about Child's story, but stupid stuff like this on the part of the city certainly lends support to his alleged fear of turning over passwords to incompetent city employees.
I prefer rogues to imbeciles because they sometimes take a rest.
at least you get a trail unlike some other places
Bullcrap.
He did NOT put his own lock on the door when he left. He did not refuse to hand the password over to anyone; he DID refuse to violate the written security policy of his former employer. He DID refuse to hand the password over to JUST anyone; when he was asked for the password he told the person requesting the password that policy prohibited him from providing the password to anyone except authorized people, and he DID tell the person making the request who was allowed to make the request as per policy.
Under the very same anti-hacker law that Childs is being tried for breaking, had he given the passwords to the wrong people after his termination he could be held criminally responsible.
In other words, you don't give the keys over to the janitor when you are terminated, you give the keys over to the authorized representative. If he is in a situation where he doesn't know exactly who is authorized, then the right thing to do is to hang on to them until he knows that the person he is giving access to really is supposed to have access. You can get yourself in an assload of trouble for not doing this. To get in an assload of trouble even if you do it puts IT administrators between a rock and a hard place.
Once an authorized representative requested the passwords, he gave them to him. The mayor was almost certainly higher than necessary to get this done, but he may have been the only person Childs knew for a fact was authorized and could and whom he could also verify the identity.
These were passwords to Cisco routers and switches. He didn't lock anybody out, nobody else was ever authorized access in the first place! The first article to come out about this case said Childs changed everyone else's password and only granted himself access. That's patently absurd - the Cisco equipment they were using only takes two passwords - one to get into the router/switch, and one to make configuration changes. That's it. There are no other passwords to change, and he kept them the same accross the entire network. Because there are no other passwords to change, it is absolutely critical that only those who need to know the password know the password. According to company policy, nobody else needed to know the passwords, since he was the only one who worked on the equipment, and therefore nobody else was authorized to know the passwords. The city policy expressly forbids giving the passwords to your boss if your boss is not already authorized to know them.
The way it sounds to me like it happened was something like this: Childs's bosses wanted the passwords because they did not trust him having sole possesion of the passwords. He refused to give them the passwords because they were not authorized to know the passwords. At this point, instead of calling up someone who was authorized to receive the passwords (the CISO, according to city policy) and having Childs give them the passwords, they held a big meeting - including a teleconference - and demanded he give up the passwords or they would fire him. They may have done this because Childs was being a dick about the whole situation, but the fact is even if there was an authorized individual he could give the passwords to at this meeting, he couldn't share because there were unauthorized people present. At this point, they fired him, and when he refused to give the passwords up (because the people asking were still not authorized) they had him arrested under California's anti-hacking laws. They drummed up all sorts of nonsense charges, but the only thing that had any chance of sticking was the password issue, and even then it took a year and a half to build the case. In any case, as soon as he was able to give the passwords to an authorized individual - and only an authorized individual - he readily gave them up.
It's worth noting that things were running smoothly until the guy's bosses were finally able to access the system, at which point things started to break because they didn't know what the hell they were doing.
Kinda makes you think the policy was there for a reason, huh?
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
All he'd have to do is have the requester warrant, in writing, that they are acting as an agent of the organization.
Besides, I really, really doubt the mayor signed off on any policy requiring him to take direct action in low level network administration. That's just some nonsense Child's wrote up.
technically correct; The best kind of correct.
Best quote ever. And in the world of law, it's so true that it's not even questioned.
"When either a direct-line supervisor or someone as high up the food chain as you are supposing here asks for something you pretty much give it to them. Or get fired on the spot with good cause"
I've been at jobs where I have several master passwords which I am not allowed to give to *anyone* - the only other person who has them is the owner of the company. There is a manager or two in between us in the organization, but those particular passwords and policies were very clear.
Line-managers of various sorts in between me and said owner did ask for access to things on occasion, as well as directors and whatnot from completely other departments - and in such situations, rather than be combative, I would explain the situation delicately and respectfully, and then we would handle the situation however we saw fit - whether that meant we both went to see the decision maker, whether that mean they would raise it on their own, or whether they wanted me to raise it for them....
I'm a sysadmin. I am a facilitator, and a protector of someone else's assets - not a power-hungry dictator.
Even if the owner of the company walks in and asks for access to "everything", to which of course he is entirely entitled, I will try to find out what's up and what he really needs. I might explain why, while of course it's his stuff and I will give it to him on his insistence without question, there are some risks he's exposing his organization to by doing this. This has, so far, universally led to a "Huh, those are great points, I hadn't thought of that, nevermind.... all I really need is X.
Straw man arguments are lies.
Well on the bright side if Terry Childs get convicted it should make social engineering of passwords away from our vicitims much easier :)
I remember many years ago during a merger one of the non-technical administrative staff with no prior warning sent an email to admins in various offices asking for administrative passwords to all systems (SMTP EMAIL) ... it pissed off layers of management when everyone rightfully replied f*ck you. In my opinion anyone who clicked reply and sent the passwords should have been fired on the spot. I don't understand the specifics of this case... To me it seems odd -- while there may have been god complex issues I would be very surprised if there were not also real human management/incompetence/stupidity issues.. How would any competent manager allow such a situation to even be possible in the first place?
I mean what if Terry died in a light cycle crash and something did go horribly wrong requiring enable privledges to fix? Would Terrys rotting corpse have really been held responsible? I've heard of failing upwards but this is grossly incompetent.
Regardless possibility of sending someone to jail for 5 years for sitting on a password for 12 days while hurting noone while acting in what you believe to be the best interests of the city seems like behavior I would expect from the government of a backwards 3rd world country.
You handle it gracefully and politely, while covering your ass. You point out that the current policy says you'll get fired for just giving out the passwords - so you ask your boss for some guidance on how to resolve the situation properly - their need for access and your concern about policy (or whatever). You work together... not against each other with policy as a hammer.
I think you have a bad analogy, since in some states, chemistry sets are iffy, since they have illegal uses.
Unfortunately it comes down to the employer did not have a comprehensive IT security plan, which should have included business continuity.
There should be procedures to escrow the master passwords.
There should be procedures for the steps to be taken once an employee is to be terminated, starting even before they are given notice.
The employer did not have these items.
I don't know the defendant, so I cannot ascribe motives to his actions, but I suspect that in such a situation, especially if the termination was iffy and for alleged wrongdoing, I would be severely tempted to indulge in schadenfreude by providing copies of the appropriate policies with the relevant sections marked with a neon colored highlighter.
You have to admit that lack of planning on your part does not an emergency on my part create.
That is what it boils down to. The employer fired him, and he adhered to the letter of the policies that bound him.
I think that the prosecution has already proven, early on, that possession of the passwords is not sufficient to gain access to the devices; the access has to be done from specific management stations, and without the remote VPN access, that just cant happen.
There is only one rule, The Golden one (He that has the Gold makes the rules; not the do unto others one), and after more than 20 years as a lawyer I think he holds the system in contempt as well, after being a True Believer, ultra straight edged, right wing, NRA/RNC boyscout for most of his life.
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
And it would still be spelled "Sci Fi". Marketing drones... the hosers.
"They will return Tuesday to start their deliberations. Childs faces five years in prison if he is convicted for disrupting service to the city's computer system by withholding administrative passwords — a verdict that, if rendered, puts all IT admins in danger."
This is true, this puts all IT admins who exit their job angrily, hijack the system and lock everyone else out in danger.
I mean, who hasn't been there, right? I mean, one could just leave the job gracefully but something something something freedom.
Actually the Dutch system isn't all that bad. One good thing is that judgments are not made up by people in a locked room, who flipped a coin to decide for all we know. The judge's decision comes with argument that explains how he arrived at his verdict. If his reasoning or application of the law is flawed, or his weighing of the evidence is biased, this will be reflected in the court ruling. An appeals court will not only examine process, the admissibility of evidence, or the credibility of witnessesin any particular case; it will also examine the reasoning behind the final verdict. And just like plaintiffs and defendants in the US can toss jurors, in the Netherlands they can toss judges if either side thinks they are biased.
It's not all good though: you pointed out the strange position of our constitution and the fact that it is perfectly legal to make unconstitutional laws in our country (we do have a few of those). But the most insane (and recently hotly disputed) rule is that lawyers of any stripe can (after due selection and screening) be asked to sit as a judge in case real judges are in short supply.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Nope, he need merely say "evil hacker", blow a lot of smoke, and the jury will convict.
I agree. I never said Childs was at all diplomatic about it or even that his approach was the most constructive.
However, being abrasive or politically inept are not crimes either.
Then, as you probably know, there's the case where the manager is an ass and had a bad morning so that even the most polite request for clarification or orders in writing is seen as intolerable insubordination. That will be when you are really glad he can't have you tossed in jail over a job dispute.
FTFY.
Probably my first off-topic post after years reading slashdot, but I must say that FTFY stuff is getting a bit tiring. It doesn't sit well with me to quote somebody's words and alter them. Better to quote honestly and explain how you think your opinion differs, which it would seem you don't disagree anyway. FTFY seems very arrogant to me--there was really nothing to fix in his post because what he said was actually true in his experience, and most reasonable people would agree with him. There's probably not one post ever submitted that couldn't be "fixed" by someone in some fashion, and then what kind of forum would it be? Just a bunch of FTFY's, over and over and over... blah! Am I being picky? hmmm
(which btw, people further up the food chain, including the highest ranking person there, told him to ignore in this case)
The highest ranking person there doesn't mean shit if the highest ranking person there isn't authorized by the city to make such a decision.
What happens if you give the passwords to someone who, according to the IT Security policy which you had to sign a binding legal agreement to uphold, is not authorized to have the password and it leaks out, putting the entire infrastructure at risk?
What then? That's pretty much exactly what happened here. The people who were telling him to ignore the policy did not have the authority to tell them to ignore policy - it was binding on them too!
I'll tell you what happens if he gives the passwords to people he shouldn't. In the case of a private entity, not only can you be fired (and rightly so), but if your actions led to the leaking of information that must be kept secret by federal privacy guidelines then you can be held criminally and civilly liable as well. In the case of a government entity, it's almost a certainty that you can be held criminally liable. This system absolutely had sensitive data on it, and it was part of his job to make sure it did not get out.
So what the hell are you supposed to do? Give up the passwords in spite of security policy and go to jail when stuff breaks or private data leaks, or refuse to give up the passwords and go to jail anyway? What the fuck man? I'll admit, it sounds like Childs was being a dick about the whole situation, and had he been more diplomatic he could have diffused the whole thing early on, but what if it's your bosses being dicks, and nothing you do to try to do things the right way works. I've seen office politics, and some people know how to stir up a shit storm in a hurry to get rid of someone they don't like.
In any case, nobody should lose two years of their life for no better reason than they were being a bit of a dick at work.
There are REALLY simple ways to handle these solutions.
You're right, and they were laid down in policy format, and his bosses didn't follow them.
When are admins going to realize they are nothing more than computer janitors?
That's funny, they get paid a hell of a lot more than janitors do.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Woo! Big miss! The landlord (by default) CANNOT just come in without proper notice, at least by PA Landlord-Tenant Law.
First of all, I didn't say anything regarding whether or not the landlord must give notice, merely that the landlord does indeed have the right to enter (yes, even according to your PA Tenant-Landlord Laws). Pretty much all state laws provide for landlord inspection, granted many have qualifications (i.e. must give 24 hour's notice, broken pipe, etc). However, having worked in the multi-family Real Estate business for 10 years in my past, I can tell you that there is a lot of fluidity with regard to interpretation on this law. I can't count how many people have tried (and failed....all of them) to drum up some right-to-privacy lawsuit because they felt that they could keep the landlord out of their place at any cost. It just flatly isn't true. Also, if you really want to get down and dirty, there are those types who might go in and "create" a broken pipe which would give them the "emergency" they need to go it. Not saying it's ethical, but I've seen it happen.
You are right that the landlord analogy doesn't really apply, and neither does your anecdote. In fact, the Terry Childs case would be like if the maintenance man changed all the locks but refused to give the master key to the landlord (not another maintenance person). If you'd read the facts of the case, you'd know that it wasn't some "unauthorized" person who was asking for the passwords:
I find the European legal systems, including the Dutch one, to be inferior to the US legal system. What makes you think they are better?
Justice is about harmony, not law and order.
Have you ever actually interacted with our "justice" system?
Friend of mine drew his sidearm to prevent a VIP from entering a nuclear reactor, on a destroyer, as I recall, because the VIP lacked credentials. My friend was a CPO. VIP was a 2 star. And quite livid. A week later, the 2 star's boss (a three star) sent a commendation.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
The judge provides all the explanation, reasoning, and application of the law that's needed. The jury can only render a verdict within those boundaries.
Think of the jury something that's there in addition to the judge, not something that replaces him.
No, I did not. The poster said "for kicking a door". That leaves out a considerable amount of context. She wasn't kicking just ANY door, it was a door into a federal office building.
It's a sham debate tactic to leave out the critical bit of information to make the situation look ridiculous. It's common on /.. "She was arrested for PUTTING ON LIPSTICK!" Yeah, ok, that sounds silly. "She beat up the salesperson at the cosmetic counter, stole the lipstick, shoved a few people out of the way as she ran out the door, and then put on the lipstick". Not so ridiculous to be arrested, huh?
How about this one. "Boston coed held at gunpoint for wearing a sweatshirt." Oops, did we forget, this was a sweatshirt with blinking lights sewed in, she was asked by an airport employee about it (and the clay object in her hand) and she ignored the questions, was approached by security people who she tried to ignore, and was finally stopped only after they held their weapons at the ready (not pointing at her.)
Yeah, it was also the door into her place of work, but does that matter? Why should an employee get to kick in the door to a federal office building? The proper course of action is to call the maintenance people and report the door, not blast through it yourself. So, when someone tries to shorten the story a bit too far, I think it's fair to remind everyone of the missing bit.
And the fact that something so absurd has to go so far, with no legal safeguards against such abuses is not contemptible?
Well, that's the thing: in my locale at least there's a couple journalists who would take this on. Your point is well made, though. It's going downhill fast.
Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
Somehow, I think we're missing a part of this story. Was there a fight just before she happen to kick the door in? Was there an history between the superintendent and her? What Federal Prison was this in???
Imagine that you're a general contractor, doing home improvement work for Bob and you hire a locksmith to install locks. Whey they finish the job, they refuse to give the keys to you, and only to Bob, because they're worried that you might make your own copies before you give them to Bob? Do you have them arrested and thrown into jail, or do you just have Bob get the key from them?
How about the same situation, but now you're Bob. You come home, your general contractor is out to lunch, and the locksmith has just finished up, but he doesn't actually know you, just the general contractor and so he won't give you the keys? Once again, do you treat this as a criminal situation, or do you just call your contractor and have him sort it out with the locksmith?
Once again, same situation, but now you're the locksmith. You've just finished up. Neither the contractor, nor Bob is around, but Bobs ex-wife arrives. You've met her before, so you know who she is. She seems to be free to come and go when she comes by shuttling their child back and forth. She even was even in charge of the renovation project, even picking out the new doors and doorhandles you've just installed locks in. However you've never actually seen her there when Bob wasn't home and you don't know if she's actually supposed to have her own key. She insists that you give her the key. Company policy says that you're only supposed to give the key to the homeowner, and she doesn't seem to quite fit that definition. So, you insist that you'll give the key to Bob and he can make her a copy. So, she calls the police and has you arrested and thrown in jail. Then Bob comes to your cell and you give him the key as you said you would. Then you get held over for trial with bail set ridiculously high even though you're not a flight risk, on the justification that you could break into Bob's house even though the locks have been changed again. Let's face it, of course you could break in, you're a locksmith, but what have you done that makes anyone think you'd be likely to?
If it's an actual jury of his peers, ie, IT professionals, system admins, etc, then I'd agree with you.
If it's a random selection of people off the street like usual, he's pretty screwed.
What's next, going to jail for littering?
Yes. It's only a matter of time until some green-nazi tries to characterize throwing a cigarette butt out the window as eco-genocide and they try to lock you up for it.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
I see you're going for the Aspergers defense.
Well, if you read further, I said more. It wasn't just a FTFY. It's not just lawyers who believe they are smarter than the average citizen because they've gone through college, plenty of folks believe the same thing. Then again, some people are just humble, and you don't know that they are college educated. They have learned a lot, and behave at my level, so they are truly a peer. I knew one person who wanted to be called "Master ..." because he had a masters degree. Of course, he was working a lowly support job (like, low in the whole scheme. I'm not berating support folks.) Spending years and thousands of dollars for an education doesn't make a person any better, it only bought them a certificate to hang on the wall to imply that they are better.
I met a good friend of mine at a job we worked at together. He was senior management, and I worked my way through the ranks for a while. From his actions, I knew he was very good at what he did. It wasn't until years later that I found out about his education. He doesn't hang it on the wall to say "respect me", he proves through his behavior that he knows what he's doing, and he has earned my respect. Through my actions I have earned his respect also.
Serious? Seriousness is well above my pay grade.
A completely balanced jury, some conservative, some liberal, some religious, etc.. an "average slice" of America, for instance, does not approach objectivity, but rather only approaches consistency in ruling. State by state, a case with fact set A, will always result in conclusion B by the jury. It doesn't mean that the ruling was "correct".
Well, fuck me, I always suspects brilliant legal minds didn't understand the concept of "consent of the governed", now you've confirmed it. There is no 'correct' ruling EXCEPT that which a jury reaches.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
No, I did not. The poster said "for kicking a door". That leaves out a considerable amount of context. She wasn't kicking just ANY door, it was a door into a federal office building.
Wow, you are amazing. What the poster wrote was, "My 18 year old daughter is getting charged with a FELONY for kicking a door. She was trying to get the jammed door open to get back to her work area,"
As in she kicked a jammed door that she had every right to pass through.
Sham debate tactic indeed, in your self-confident arrogance you couldn't have done a better job of demonstrating your point if you had tried.
Why should an employee get to kick in the door to a federal office building? The proper course of action is to call the maintenance people and report the door, not blast through it yourself.
Nobody is permitted to think or act for themselves. Exactly the kind of people we want working for the government. As the man also wrote, and which you also left out of your version of the 'context' was that absolutely no damage was done. Even more context you left out - the law is about damaging federal property not simply applying a bit of percussive maintenance.
When information is power, privacy is freedom.
Somebody mod this up.
I'm not a lawyer, but I play one on the Internet. Blog
I'm a smoker, and I put my butts back in the cig pack when I don't have an ashtray at my disposal.
So yeah, cig butts should be considered as littering, same as candy wrappers
I've got better things to do tonight than die.
Justice is about harmony, not law and order.
Mod me down for off topic, but there is something so true about that statement that I can't get it out of my head.
So yeah, cig butts should be considered as littering, same as candy wrappers
More specifically - butts are made of plastic very much like candy wrappers and thus are not bio-degradable.
When information is power, privacy is freedom.
Wow, you are amazing. What the poster wrote was, "My 18 year old daughter is getting charged with a FELONY for kicking a door. She was trying to get the jammed door open to get back to her work area,"
That appeared in an earlier article. What I quoted above is what I replied to. "a felony for kicking a door?" No, sir, not "a felony for kicking a door", "a felony for trying to kick open the door to a federal office building." If you can't see the significant difference between those two statements, I'm sorry, I can't help.
As in she kicked a jammed door that she had every right to pass through.
That may be. But kicking in a door you don't OWN, or trying to, is not the correct response to a door that won't let you in. In any case, it wasn't just "kicking a door".
Let me ask you this: you go to the ATM and try to take out all your money. There's a $300/day limit, so you can't. You go get a lockpick, pick the lock on the ATM, remove an amount of cash equal to what you have in your account, and close it back up. The cops arrest you. It's your money! You're just "thinking and acting on your own." You are "arrested for making an ATM withdrawal" when you report the incident to /.
Is it not relevant how you got the money? I think it is. YMMV. But to claim that you were "arrested for making an ATM withdrawal" is an incorrect description of the event.
Nobody is permitted to think or act for themselves. Exactly the kind of people we want working for the government.
You've got to be kidding. You want people working for the government who choose not to call the on-site maintenance people whose job it is to deal with stuck doors, and instead choose to try to force the door open themselves?
I want you to note that I didn't say she should go to jail, only that the claim that it was "a felony for kicking a door" was an incomplete description, and no, I didn't leave out the stuff about "no damage" and whatever, the poster I replied to did. It's lucky that there was no damage. As for what the law is, I don't doubt that attempting to kick in the door to a federal office building is a felony crime, no matter how little damage there is.
Now, the horse is dead. Your turn to beat it.
When either a direct-line supervisor or someone as high up the food chain as you are supposing here asks for something you pretty much give it to them. Or get fired on the spot with good cause.
But not arrested. If your boss asks you to do something against the "code" (company policy, personal ethics, whatever), you can always tell your boss to fuck off and get fired. But he did that and got arrested.
Insubordination is never a good idea and it is a lousy career move.
But, unless you are in the military, insubordination is also not illegal. I'm confused on this point, as you are defending throwing someone in jail for two years for damaging a network that worked just fine until he did give the passwords to someone else, at which time they (or their agents) broke it.
He was in jail for almost two years for doing what he thought was his only legal/contractually-allowed action. It isn't about whether they can just fire you for being an ass. That's irrelevant. It's whether they can throw you in jail for following written policies you boss finds inconvenient.
Learn to love Alaska
"Your honor, The jury finds the defendant innocent, due to the fact that his password really was, 'It's actually a passphrase'. He responded to every request for the password by telling it to them - it's not his fault that they thought he was being arrogant. In reality, he was being completely cooperative.
Furthermore, we request that the city be ordered to pay a large amount of money, say the $5 million that they required he come up with, to Mr. Childs. Because they are such fucktards."
When you're dead, you don't know you're dead. It only affects the people around you. Same thing when you're stupid.
In the US, we have the *right* to a jury, not the requirement for it. If we don't want one, we can ask for a bench trial.
What if you commit a felony, because your other choice is also a felony. Which course of action do you pick then, then?
Can you be Even More Awesome?!
Being judged by twelve random people is as close to 'objective' as possible.
Except it's not "random." Attorneys from both sides generally get to throw out people for all sorts of reasons, usually including some peremptory challenges where they don't have to give a reason at all for throwing someone out. If you were doing a poll on public opinion initially with a random sample, but you let Republican and Democratic representatives choose to throw out a significant number of those sampled for any reason they wanted, would you still consider the sample to be "random"? Would you still trust the result of the poll?
I'm immensely glad to have the right to be judged by average people, not because I harbor any romantic notion of them (they tend to be dolts), but because the alternatives are far worse.
First off, they aren't necessarily "average people." In any high profile jury, they are people generally selected by jury consultants to either be likely to agree with a particular side or else be open to suggestion in particular ways. Generally, people who think for themselves, whether smart or stupid, aren't considered. The "average" person has nothing to do with it. These are the people most likely to be swayed by lawyers.
Second, what "alternatives" have you considered? You cite a few examples which obviously have their drawbacks. Does that mean that there couldn't possibly be a theoretical alternative that you haven't considered? For example, what about a hybrid system that incorporated some of the desired characteristics together -- perhaps (for instance) combining some people trained in law with those "average people," even just as advisors. We give appellate courts the power to overturn rulings for all sorts of technical reasons (sometimes they just need an excuse to make a larger political point), but the actual juries of "dolts" (as you put it) have to make their way through the complex legal arguments that are often put before them with little guidance. Judges have to be careful if they are even asked a question of law, since an improper instruction to a jury could be cause for a mistrial. So, without any guidance, and if the juries actually are "dolts," then they likely will vote for whichever side put on a better show, or the side that confused them the least, or something like that. Is that really the best justice?
I don't claim to have a complete answer. But I'm certainly not going to claim that the system we have is better than all possible alternatives.
Welcome to America. My 18 year old daughter is getting charged with a FELONY for kicking a door. She was trying to get the jammed door open to get back to her work area, the asshole federal building superintendent called up his asshole brother cop and he wrote it up. She did no damage to the door, they have no evidence, the cop was not even there.
Is this the same asshole federal building superintendent who repeatedly made sexually suggestive remarks and advances to your eighteen year old daughter and who threatened her with legal problems if she didn't accede with his lascivious demands?
*hint* *hint*
That appeared in an earlier article.
Says the man complaining about context.
When information is power, privacy is freedom.
The overall policy is.... 'They wrote the policy not him'
They can void the policy with a new policy and I don't think there is a policy in place that says a policy has to be written to void a older policy.
What if he were to die in an accident or something else also before he was ever able to give out the passwords.
The city's policy probably predates all this and I am sure the cities legal team knows the rules better than this guy, it's San Fucking Francisco. Not some little town we are talking about here.
The whole thing seems to be revolving around this 'non-secure settings'; I dunno what that means but what the hell does this admin want to hand over the passwords in the Fort Knox gold vault.
I remember being stuck at a light where the red light wouldn't change late at night forever, a police officer pulled up and said "go ahead and go, it does this sometimes".
Bob's wife's name is Alice.
What do I win?
The Govt's policy specifically mentions not giving passwords to your boss. It also mentions not discussing them over the phone and not discussing them in front of a group of people. http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf
Build it, Drive it, Improve it! Hybridz.org
Isn't that also the same woman he claimed he caught sneaking around office spaces and he claims removed a HDD from an employees computer without having notified anyone she was going to be doing so? If so then yeah I'm not sure I'd be coughing up passwords to her either. Especially since policy specifically mentions not giving passwords to your boss, over the phone, or in front of groups of people.
Build it, Drive it, Improve it! Hybridz.org
They didn't "allow this person to get complete control of essentially EVERYTHING", they paid him to do it and not tell anyone the password except the mayor.
I have to disagree. If you read more about the circumstances, it seems Terry Childs is a egomanic trusting no one to have anything to do with the network but himself. This is an extremely dangerous situation and a liability for the city. They have every right to get access to their own equipment, and to not do so would be irresponsible.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
Put your friggin butt in the car ashtray - thats what its there for.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
Think of it this way. You've got a major city to run and one guy - ONLY ONE GUY knows the passwords and he refuses to let ANYONE else know what it is, or even disclose how the network is configured. This is a massive liability and yes he should be forced to share control or be charged.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
What's next, going to jail for littering? /me thinks it's a little excessive
That depends. Was the littering documented with 8x10, color, glossy pictures?
Can you be Even More Awesome?!
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
Pfft. I'd rather watch a sequel to "Rock Monster" than 90% of the drivel that makes its way across the pond under that title. If that's what Britons (and their associated peoples) think is good quality writing.....
Can you be Even More Awesome?!
Policy says don't give passwords to your boss, don't give password over the phone, don't give password in front of others. they asked him for the password in a room full of people and an open speakerphone and he refused. Somewhere in there either before or after this he was fired. Once they fired him he was under no obligation anyway IMO but in any case he was following the written policy! The policy also stated that you could be in for both civil or criminal proceedings for not following the policy...
You should also note that one of the folks asking was a woman he'd caught sneaking around office spaces she had no business being in and he claims he caught her removing a HDD from a computer, that's part of what started all of this. For all he knew they were attempting to hack passwords or plant evidence. After having been caught she claimed it was part of an investigation but no one was notified about the investigation ahead of time. considering the sorts of data that network protected wouldn't you be a bit suspicious and paranoid?
http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf
Build it, Drive it, Improve it! Hybridz.org
those were left in a laser copier in a police department (sex crimes)
I've got better things to do tonight than die.
One problem there is that person was both not in his chain of command and had also been caught in the act of removing the hard drive of Mr Childs actual supervisor without permission or authority.
In such a situation a superior of both of them has to resolve the situation, but instead in this case it degraded into stupid office politics then escalated into involving the police.
Wow, he summed that up perfectly and did it as an AC. I'd mod that to the Moon if I could - well done AC!
Build it, Drive it, Improve it! Hybridz.org
The actual county policy document
In section 4.1 (page 32) we see...
"All production system-level passwords must be part of the security administered global password management database."
I don't see this as affecting IT admins at all. Certainly doesn't affect me.
Wow, I found the center of the universe! Wait up, let me get a picture!
Here all the passwords are kept in a safe by my boss, as is required by university policy. Who can and cannot have access is specified in policy
Until recently, I was an IT admin. I assure there was no such (enforced) policy.
I assure you people cared about passing audits, and the *appearance* that we follow policy.
My next assignment before leaving was to assist in setting up 20+ servers, each running internet-wide FTP and TELNET, if you are wondering where I am coming from...
This post really is from 2010. I am completely serious.
You are not a real, proper IT geek until you've either been fired or quit over this sort of nonsense. Securing systems from morons is just part of the job.
I just recently made the cut!
"Woohoo! Three-day weekend!"
Where I come from people have started bushfires by throwing butts out the window of a vehicle. It's a fine if you get caught doing it even if a fire isn't started. If you didn't get caught in the act and your smouldering butt happened to start a fire then you'll be going to jail for at least 10 years when you do get caught. It has happened before and probably will again.
Send the passwords in writing to the mayors office. Have it notarized and sent by registered mail if you really think something is up.
What they then do with them is none of your concern.
You are obligated to return any of their property in your possession, and that could include passwords.
If he had a work laptop, they could require him to make reasonable effort to return it. Comparing sending an email to "slavery" is absurd.
I did not sit through the trial, but it's hard for me to believe that many juries would find this to be true beyond reasonable doubt.
Juries can get thing _very_ wrong: O J Simpson.
I'm a smoker and outside the main city areas of Australia most people would consider throwing a butt out of the window tantamount to arson. In other places it may not be as serious but IMHO the selfish pigs that keep their own car clean by littering public highways should be put to work cleaning it up. I think 1km of highway per butt seems fair.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Stop Feeding the Trools!!!!!
It can be hard to foresee how people will take certain opinions. I suspect there are too many people here who self-identify with a sys-admin protecting passwords. I mean, founded or not, why not ask the hard questions? you even provided a source.
For a far more extreme example, you see the same kind of behavior throughout the country with citizens rooting on wanted criminals. They somehow feel that they are closer to the criminal than to the cops, even in cases where nothing could be further than the truth. They find it easy to fall into the us-versus-them mentality. Reality is just not that simple.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
That's a very good question, actually. After all, they didn't have the presence of mind to have a contingency plan for their passwords. Did they even think about their passwords at all?
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Two wrongs don't make a right.
Of course two wrongs don't make a right, but if someone is being a complete asshole you might find it possible to overlook such things in order to make their life a nightmare.
He may well have been a dick, and he probably could have diffused the whole situation, but that doesn't mean he isn't right, and it doesn't mean his bosses should be allowed to throw him in jail for following policies that could very well have landed him in jail for not following.
True. But it does mean that I and many others like me aren't going to get all up in arms about it, because most people don't feel sorry for dicks.
Mod parent down. His job was to keep the network secure, and the people demanding the passwords didn't have a right to know them. He told the mayor instead.
This is, of course, after they fired him without demanding the passwords first.
Help me understand - is there a reason why the city should have to ask him first? I'm not sure it's germane to the case, but the fact that you're fired doesn't relieve you of responsibilities, such as NDAs, following city security policy (his own defense), or distributing necessary information to your employer.
Japan still has bench rulings (jury trials were only just introduced here, they're rare, they're used only in the most important cases, and the jury are only "advisers" to the judges) and its legal system isn't in the dark a... oh, wait.
Actually, I think you're just not reading it. She kicked at a stuck door in an attempt to get back to work. I've certainly kicked the frame of more than one jammed door - especially since you can't hipcheck a glass door.
From the parent:
God bless America.
In the UK, employees have rights. Firing an employee improperly is a sure fire way to get yourself sued.
Terry Childs would be the one taking the district to court, if this happened over here.
Finally had enough. Come see us over at https://soylentnews.org/
If you're no longer employed there, it doesn't matter. Just give up the passwords to HR or whoever asks for them. Their policy no longer applies to you; what are they gonna do, fire you? Though I can't blame the guy for trying to save them from their own stupidity, but it's more than they deserved.
"Chairperson Robinson announced that DTIS internally hired the new Security Manager, Jeana Pieralde. He stated that a memo went out asking departments who their IT security contact person with the plan to implement a security IT work group within the City"
Why are there no reports about others involved in this case?
"The office from which Pieralde removed the hard drive belonged to DTIS Security Officer Nancy Hastings (who naturally was not present in the office because the "security audit" was being conducted after hours.)
Terry Childs had returned late to the offices (which do include his office and do not include Jeana Pieralde's office) at about 5:15 P.M. to find Jeana Pieralde (who does not work in those offices) taking a hard drive from one of Terry's co-workers offices. Terry photographed this act with the camera in his cellphone.
Jeana Pieralde then involved DTIS Deputy Director Rich Robinson. Rich called Terry and told him to stop taking pictures.
Three days later (Monday) both Rich Robinson and Jeana Pieralde filed complaints of threats with the San Francisco police department and Police Inspector James Ramsey was assigned to the case. No charges have ever been filed against Terry Childs for the alleged threats (which included the statement "I'm ready for you Rich. Or I can come up to your office.")"
"5. Mr. Childs clashed with the new Security Manager on the subject of authentication and control, which led to poor formal review"
In early June, Terry Childs sent repeated complaints of incompetency regarding a supervisor (Herb Tong) to that supervisor's superiors. When nothing was done about the informal complaints, Terry Childs filed a formal complaint regarding the supervisor (Herb Tong.) It was several weeks later, on the 20th of June that the reported clash with the new (position created and filled just this year) Security Manager (Jeana Pieralde) occurred.
The Security Manager position was new. Jeana Pieralde was promoted from a prior position within DTIS to the Security Manager position. Jeana Pieralde no longer worked in the same offices with Terry Childs. He returned to those offices on the evening of June 20th, 2008 after normal office hours (which end at 5 P.M.) to find Jeana Pieralde removing a hard drive from someone else's office. She claimed to be performing an unannounced audit.
Jeana Pieralde is the author of a proposed security policy for the city which is still waiting for committee review. That security policy, if accepted, may one day give Jeana Pieralde specific authority to perform audits and perhaps even to have administrative control over city communications networks.
Please dig deeper into this story"
Really depends on the responsibility.
They are written to persist after termination so it's not surprising that you're obligations persist.
To be honest, don't think you have to follow policy after you're not employed anymore. Legally, he probably could have given the password to the secretary on the way out by shouting it to her from the door. Of course, he probably would have been held responsible for any issues that happened afterwards. It's a good idea to CYA because the last guy who left is always the one at fault.
It's nice, but I'm not certain there's any legal mandate to tell a former employer anything. As of the moment they stop paying you, the employer has no legal right to compel you to provide them with any information. If they want you as a consultant, great. If they want you to be nice & walk them through the system - sorry, it's a pay-to-play world folks.
I believe they can toss as many as they can justify. They only get a few that they can throw out without offering an explanation.
This is, of course, after they fired him without demanding the passwords first.
People keep repeating this, but the news articles (and the arrest warrant affidavit) say he was asked for the passwords before he was fired.
Tried ACLU?
Actually, he was less in harmony with his bosses, than he did everything according to law (written policy).
Patents Drive Free Software as Hurricanes Drive Construction Industry
I'm curious... how do you feel about the fact that much of continental Europe doesn't have jury trials? What is your opinion on the question of whether it's possible to get (generally speaking) a fair trial in continental Europe?
As far as I can tell, those are just the recommended policies that counties are advised to put into place. It would seem that Mr Child's employers failed to do so (they were also lacking a business continuity plan as I recall).
Yes, because anyone convicted of anything should never be employed ever again. That'll teach everyone not to break the law!
*sigh*. What is it with Americans and this kind of attitude?
I'm in agreement with you here buddy. Like I said, the guy did his time, move on....but given the way things are today, I'm surprised that the city hired him given his record.
If you post as Anonymous Coward, don't expect a reply.
That link doesn't say anything either way about whether he was asked before or after he was fired, only that "events are unclear" for that time period.
I fucking hope they will, it can't be too soon. I want to beat the crap out of every asshole who thinks he has the right to litter public places.
Is that also the document that says do not reveal passwords over the phone, in front of groups of people, or to your boss? Note that they demanded his password in a group with an open speakerphone on the table and it was his bosses asking for it. Also note that he had caught one of those folks sneaking around office spaces unannounced and claims she was removing a HDD from a computer - she fled when confronted. Not the sorts of people I'd be handing over credentials attributed to ME and he thought so too. Since when does not turning over passwords land you in jail? If he was supposed to have those passwords in that database and didn't the result is jail? Why wasn't that policy enforced prior to this confrontation? He may have been an ass but the charges against him are crap.
Build it, Drive it, Improve it! Hybridz.org
This happened in Illinois.. The one state that is more corrupt than Washington DC. Cripes look at the crap the former Governor did and only got caught because of feds wiretapping him, the dead vote regularly in Chicago, and everyone knows about the legendary corruption and stupidity that is rampant in Illinois government and legal system.
Short story, DONT LIVE THERE. Anywhere in that god-forsaken state.
When I was a kid, still a minor, I punched a sign once. The sign is in a park in Lakeport, California (within shootin' distance from here, with a big enough gun) and it's made of wood and at least two inches thick. The sign had a big split in it from weather, so it was covered with acrylic plastic or perhaps lexan (but the scratching looked more like acrylic) and I didn't damage that. A cop named McGraw saw me do it and pursued me around the park and into a parking lot to apprehend me for vandalism. My father actually repaired the sign to avoid having me run through the system. This cop was later busted engaging in a little recreational statutory rape, and busted down a rank or two, I think he was a Sergeant when he cuffed me tight and put me in the front seat of his shitbox cop car, such that in order for there to be room in the vehicle for me I had to lean over and almost put my face on the dashboard.
She did no damage to the door, they have no evidence, the cop was not even there.
Cops can arrest you for even a misdemeanor without witnessing it, if they have reason to believe the crime was committed. In California, the only state in which I am familiar with citizen's arrest laws, any citizen may arrest you for a misdemeanor which they have witnessed, or a felony which they have reason to believe you have committed, even if they did not witness it. I'm not saying you shouldn't be pissed off at this bad arrest, but arresting a citizen for committing a felony on the basis of another trustworthy citizen's assertion is not necessarily an unreasonable thing to do.
I hope very much that you can recoup your court costs, and that your daughter gains a valuable lesson from this (the one I'm talking about is the government is not your friend — it's one thing to know intellectually, and another to have proven) without an inconvenient blemish on her record.
I personally have nothing but contempt for the joke that is our judicial and legal system.
Amen to that.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Yup, and OJ really was was innocent.
Only the naive believe that the Court system is fair and just.
There is a reason they have ALWAYS said that "justice is blind"
More specifically - butts are made of plastic very much like candy wrappers and thus are not bio-degradable.
Ugh, what? Do you smoke True? Butts are made out of fiberglass and paper, and thus are totally bio-degradable. Unfortunately, they contain enough tar, nicotine, and other toxic compounds to present a hazard to wildlife! Drop them in a stream, you can kill a fish. Drop it on the ground, a bird may eat it (they're not very bright, most of 'em... though some birds are fairly well brilliant for what they are) and die of nicotine poisoning. Nobody will miss one bird, but how many smokers are out there tossing their butts? When I smoked (it's been a bit now) I smoked American Spirits, which have a cotton filter as do some other brands, and I still didn't drop my butts... well, OK, a few times, but never out the window. And I didn't even use my ashtray, I'd just keep my last beverage bottle as a butt repository until my next in-car beverage came along.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Help me understand - is there a reason why the city should have to ask him first?
Because California is an at-will employment state, and either you or the employer can terminate your employment at any time.
I'm not sure it's germane to the case, but the fact that you're fired doesn't relieve you of responsibilities, such as NDAs,
Requiring someone to work (disclosing a password is work, however trivial) after they have been fired is slavery. An NDA limits what you can do, it does not require you to do anything. The two are not even slightly comparable. Also, the NDA is not a part of the contract of employment, which is terminated when employment is terminated, although the signing of an NDA may well be a prerequisite for employment.
following city security policy (his own defense),
Actually, it does. He's only still required to follow the law. The only reason he can reasonably be seen to be legally required to turn over the password to anyone is precisely the same reason as the only reason he still needed to follow the security policies; he could be seen as criminally negligent by giving the password to someone else, just as he could be seen to be some sort of criminal by not providing the password to a responsible party in case it is needed to administer the network. If someone was harmed because he gave the password to the wrong party, or failed to give the password to the correct party, that would be actual wrongdoing.
or distributing necessary information to your employer.
If you've been fired, they're not your employer. I'm not sure how much clearer that can be. Remember, California is an at-will employment state. You can be fired at the drop of a hat. You can also quit at any time. Childs' boss, or whoever was responsible for constructing the security policy, should be considered to be criminally negligent for creating a process that does not enable them to recover or change the passwords. Childs should get his court costs paid, repaid for the harassment he has been paid, and thanked for following the security policy. Good luck, man.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Being judged by twelve random people is as close to 'objective' as possible.
The original idea was that you would be judged by a jury of your peers, twelve people of similar standing in the community. Of course, that didn't work out so well, it's basically racist protectionism written into law. So then what we got was twelve people selected by the lawyers for malleability. In either case, the selection has never been "random".
I can only imagine the systemic biases that would arise from 'professional' juries, or 'expert technical' juries.
Yeah, we have this bias already with expert witnesses advising courts which have no fucking idea what they're talking about. Expert witnesses should always come in dissenting pairs.
Or a world where lawyers bid for the good opinion of a jury comprised of other lawyers?
Right now they bid for the good opinion of a jury comprised of people they and their opponent have chosen for the purpose of being influenced by their arguments.
I'm immensely glad to have the right to be judged by average people, not because I harbor any romantic notion of them (they tend to be dolts), but because the alternatives are far worse.
You are not judged by average people. You are being judged by people hand-selected for being suckers. Sometimes an average or even intelligent person slips through the cracks, but don't count on them.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
There was a fugitive named Bucky Phillips who escaped from a New York State prison and was roaming around Western New York. People got a big kick out of it, saw him as a folk hero, printed up "Run Bucky Run" t-shirts, the whole thing.
Then he started shooting at cops, and killed a trooper.
Funny how he stopped being so relatable after that.
--saint
A written policy can't fire you and won't be there to help you get your job back. When in doubt, do your job
His job was to follow the written policy. How now, brown cow?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's tool time.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Regardless of the actions of the police and prosecutor, she'll get a fair crack in court.
Vandalism requires damage. If there's no damage, then there's no vandalism. The fact that she had to go to court over it in the first place is what isn't fair.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Agreed. When people at my office type their passwords around me, I even make a point out of turning my back and looking the other way. I can access everything they can without their password, I don't need them thinking I can do it as them too.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
True. But it does mean that I and many others like me aren't going to get all up in arms about it, because most people don't feel sorry for dicks.
First they came for the dicks, and I said nothing, because I was not a prick.
Then they came for the assholes, and I said nothing, because I was not an ass.
I think you can see where this is going.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The problem is, Childs was asked for the passwords in a room with law enforcement officers and other people who didn't need to know, by people on the other end of a speakerphone who were unidentified. Would you give the keys to the kingdom in this circumstance? I know I wouldn't. If the person authorized to receive the passwords asks me in a closed room with no one else in it, sure, I'll give them up. Nothing less. You should absolutely not give your passwords in front of people who aren't supposed to know the passwords. This is basic security and he is being treated like a witch in Salem for it.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Great hint, there's nothing like wasting police time and conspiracy to blackmail to help your case in the future.
To have a right to do a thing is not at all the same as to be right in doing it
Even if he were fired for violating the written policy, the policy itself, because it is only a notion, could not do the firing. A human being would. Dur.
God invented whiskey so the Irish would not rule the world.
As someone who only an hour ago took a big swig out of a soda can with cigarette butts in it, I implore those of you doing this to promptly dispose of said containers and not leave them laying about so that they might be mistaken for someones fresh beverage.
This is my sig. There are many like it but this one is mine.
Generally, defendants can waive their right to a jury trial and have the case go before a judge, they think that is to their benefit.
It seems that government would certainly like to abolish trial by jury, as it has this annoying tendency to slightly slow the growth of the prison-industrial complex. In blatant contradiction to the Constitutional requirement, SCOTUS has somehow become illiterate regarding the phrase "all criminal prosecutions" and ruled that you don't have a right to a jury trial if the sentence is less than six months -- even if you're facing multiple counts and could spend years in jail. And the state continually tries to keep juries ignorant of their right to judge questions of law as well as of fact.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
To have a right to do a thing is not at all the same as to be right in doing it
The Voir Dire system normalizes juries. When you select people in a purely random way with no intervention, you could easily end up with a jury that is stacked one way or the other by complete coincidence. Of course this intervention creates the possibility of using it to unbalance juries that otherwise would have been balanced, but I think that occurs less often than the aforementioned condition it is designed to prevent. However this is a subjective matter of opinion that would be almost impossible to test.
That juries are composed of people who are likely to be swayed by lawyers is immaterial. That's why both sides have lawyers. Of course people are going to whine about how 'whichever side gives the jury a better show' wins, but that's a jaded and cynical view. Lawyers are there to provide the most convincing perspective that favors their client that they can, but I don't think that it happens very often that their individual talents are so imbalanced that a criminal goes free or an innocent man is sentenced. It still happens occasionally, but anybody who says that the system should be thrown out because it fails a small percentage of the time is a fool. Justice can't be suspended simply because occasionally some people make mistakes. That's the cost of the human condition.
I will say that your 'hybrid' suggestion is a good one, except that I worry that it would in most cases cause the lay jurors to crystalize around the professional jurors through direct or implied appeals to authority, and this would probably frequently negate the utility of lay jurors as a balance.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
In court the DA played a jail house tape of Terry and his girlfirend on the phone. His using the policies as a defense is dishonest and disingenious. He did not even know anything about the CCISDA polices until he had been in the can for months.
IMHO the selfish pigs that keep their own car clean by littering public highways should be put to work cleaning it up. I think 1km of highway per butt seems fair.
We can get more creative than that. First you find out when they started smoking. Then you find out if they've been put to work cleaning up butts before, or not. Then you invent some statistic for how many butts they have probably thrown out of the window. Now put them on the side of the highway until they find that many butts. If they do it again, they only have to pick up a number of butts based on how many they've thrown out the window since the last time they had to pick them up, but now the number goes up exponentially based on how many prior visits they've had to the court for the same issue, plus one (for the initial visit.)
Sometimes some piece of trash floats out from underneath a seat and flies out the window, and that's one thing, but willfully ejecting burning garbage from your conveyance should be punishable by foot in ass. Personally I'd like to see most trash just eliminated; there's biodegradable replacements for nearly everything.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
From what I remember of the story the reason he was charged was because he would not give the passwords to the wrong people. He told them who he could give the passwords too and the still tried to force him ..when the person he could give the password to finally showed up he gave it without and reservation what so ever. He just followed the policy assigned to him to the letter. Even from jail. He did not destory anything, he did cause any trouble than what was thrown on to him by people that were not supposed to have it an tried to force him to give it up. I saw no malice in his actions just a grunt following orders to the letter and it cost him dearly.
Even if he were fired for violating the written policy, the policy itself, because it is only a notion, could not do the firing. A human being would. Dur.
Congratulations, you managed to say several true things without at all addressing my statement. Dissemble much?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
"Racist protectionism" indeed. In the first place, when jury trials were first codified in medieval English law, there weren't really any 'race' issues round about Runnymede in the 13th century. You're anachronistically applying an American-centered standard. And where that is concerned, there was nothing inherently racist about the jury system in the US, it was merely a reflection and extrapolation of the racism of the broader society and the nature of enfranchisement/suffrage in America at those times.
However I do agree that expert witnesses should be presented in dissenting pairs wherever possible.
Even if jurors are chosen for their persuadability, which I don't disagree that they are, that is immaterial to the fact that there are two sides equally attempting to persuade. I think that the instances where personality overcomes evidence are rare enough to be within tolerable limits, especially lacking a better model with which to replace it.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
Way to spectacularly miss the point.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Ugh, what? Do you smoke True? Butts are made out of fiberglass and paper, and thus are totally bio-degradable.
No, I looked it up before posting because I thought they were biodegradeable and I was going to say that until I checked my facts.
They are composed primarily of cellulose acetate a type of plastic that can take up to 15 years to degrade.
When information is power, privacy is freedom.
This sounds like a clear example of the arrogant 'small god' ego that most sysadmins develop. The system belongs to the city. Its not his personal property.
He has no liability for the security of any system at work after he's been fired. If he really was worried about it, he could/should have just asked them to sign a disclaimer of his liability before he handed the password over.
To be honest, if this does endanger all those mini-hitlers that make developers lives hell, then I'm all for it.
http://www.cio.com.au/article/255165/sorting_facts_terry_childs_case?pp=1&fp=&fpid=
Oh...they fired him first, did they?
I missed that part.
Point of Order:
-Get what you want from your employees while they are still your employees.
I still think he was being a jerkwad about the thing. I wonder how his resume will look now?
-JJS
That two weeks severance they give you? They can actually insist you sit at your desk for it if they wanted.
No, the correct ruling is the just and logical one. Just because twelve people think you did something bad and you should be somehow punished, it doesn't make it right 'correct'.
Posting AC from work.
He refused to give passwords out except according to the terms of his employement, which once met, he did. Then, he was accused of actually being a real sysadmin and using the hardware he was given in the manner it was supposed to be used (modems in his office).
The only thing they have on him, according to all the articles linked (I read them all) was the presence of some system related documentation, including user account lists, in his home.
Sounds like he has cooperated at every step with the people pressing charges (his employer) within the terms that *they set*. While there are other allegations, there is nothing that smells of arrest-worthy. Did I miss something?
I am not suggesting innocence or guilt - that is a matter of law and IANAL. I am trying to understand the basis for his arrest and sky-high bail. As a citizen, the criteria for being locked up for more than a year should be comprehensible to the general public, no?
OSXCPA2
You're right. I fear for Mr. Childs. I believe he's done no wrong (I'm a systems admin of 7 years myself) but unless his attorney can turn technical stuff into laymens terms really, Really well, then Mr. Childs will be spending three and a half more years in jail (assuming they do a time already served kind of thing). Of course, they may slap him with different sentenced terms for each count they find him guilty of and give him a hefty twenty or so years in prison. This is sadly how it usually ends up for the innocent in our justice system. But, once again, it all boils down to how good his attorney is at turning technical information into information that the dummies in the jury can understand, which will be a very difficult job indeed. I can picture some grannies and hair dressers and other similar people on the jury and already know that he'll be convicted.
If he gets found not guilty on all charges (which I just don't see happening because of my above comments) then I hope he sues the city for millions and millions of dollars. He should also be able to have others criminally charged for false imprisonment but stupid things like immunity for cops and judges and prosecutors will keep such justice from happening.
I really do wish we could remove all immunity for all members of government (local, state and federal). Even the president should be able to be imprisoned for crimes committed.
Holy crap! You can bet your ass I'll NEVER set foot in that state! That's really, really bad. Once again, we should be able to rapidly remove prosecutors who abuse the laws. There should be a federal law stating that prosecutors (at every level) are forbidden fro using laws for which they were not originally intended.
http://www.google.com/search?client=safari&rls=en&q=alice's+restaurant&ie=UTF-8&oe=UTF-8
Can you be Even More Awesome?!
They are composed primarily of cellulose acetate a type of plastic that can take up to 15 years to degrade.
15 years is a stretch, but it's not that long. Up to 15 years is pretty great, actually, if it doesn't require heavy UV exposure to break down at all, because under heavy UV it takes a whole lot less. Sure, way over at one extreme you've got fruit peels and these corn-plastic bags with angstrom-thick aluminum layers for UV resistance, but there's items produced in nature which will hang around longer than that. The biggest problem with cigarette butts is that they filter out things you don't want in your body, and then drop them into the environment in concentrated form. The other biggest problem is when they are dropped someplace that leads to a waterway, but dropping a cotton one which is guaranteed to biodegrade will cause just as much trouble if this happens.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I'll call your 10 years multifamily experience. =) Won't raise tho.
And you're certainly correct - didn't mean to call you out, except that, well this is /. and real estate isn't really the forte around here!
But you mistook my anecdote: Childs may have had to give up the passwords to the group he met during his original confrontation with HR, etc. (the "other maintenance guy"), but that was not clear, hence the trial. Should he have waited for the mayor the property manager?
That's how I take it from my understanding. He may have not understood that he was authorized and required to give up the passwords to his supervisors, and not just the mayor. Kinda like my prop mgr would find it a little odd if I rekeyed an apartment and would only give the master to the corporate office!
and I'm guessing at first glance you thought Hitler was a good leader for the German people - Moron get the facts before making statements
no matter how good it is, it is human nature always wants to make things better
Oh, you're right. You could save us all a lot of trouble and effort by determining the merits of all the pending criminal cases based on the inadmissable statements made by the defendants fathers. It would save a lot of money.
by Mike Buddha -- Someday the mountain might get him, but the law never will.