Slashdot Mirror
Ex-SF Admin Terry Childs Gets 4-Year Sentence
Robert McMillan writes "You remember Terry Childs, right? He was
finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law."
Now that he's been sentenced, does this mean that more accirate details about the case will finally come to light? A lot of what I've read seemed to be mostly hearsay with hard facts hard to come by...
cat:
Screw with your gov't overlords.....then prepare to be punished.
Especially when you read the story of one of the jurors who has a CCIE (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html). This wasn't a case of some PHB demanding access to something he shouldn't have. This was a case of an egomaniac sysadmin trying to make himself irreplaceable by locking everyone else out. When called on this he refused, bluffed, and finally lied.
For me, the lying part is where it clearly went to criminal levels. I suppose some of the other things he did (like store the WAN config only in memory, not saved to flash and keep the only backup on his laptop) could possibly be justified as just being paranoid and poorly educated in actual security practice. However when he gave his supervisors false passwords, lied to them, to me that showed clearly that he knew he was in the wrong. He knew he was supposed to give up the passwords but wouldn't.
Hopefully it'll be a lesson to other sysadmins to consider that at work, the computers are not yours. They don't belong to you. They belong to the organization you work for. Part of that means the origination gets to decide who has access. You can (and should) have input in to that, and should make sure it is all documented, but ultimately the systems belong to them and you need to do as they say.
As IT workers, our job to is provide service, not prevent it. We need to do what we can to ensure people can get what they need. It is a service industry, like it or no.
I know I just just skip past this comment, but I do wonder why so many people on here seem to think being raped is funny. You might think the guy did wrong; you might also think that justice has really been served, and hey that's your right, we're all allowed an opinion. But he's not some big-in-the-game criminal that destoryed people's lives, so I really fail to see why joking that he should keep his arse to the wall is at all funnny.
cat:
What if he had died in a car crash? Think of the pile up of work then!
Silly!
what if he just forgot the passwords?
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Agreed. America is supposed to be a civilized country. Why would anyone believe that it is appropriate to allow prisoners to be raped by other prisoners?
People joke about this and even seem to hope that it happens. This is disgusting and wrong. We have Enlightened articles about cruel and unusual punishments. Prison is supposed to be a loss of freedom, not a loss of basic human rights.
Hoist Number One and Number Six.
He will likely do only 6 months of actual jail time and he can declare bankruptcy to avoid the $900K claimed by the city. By this time next year, he can exercise his control freakery at KFC protecting the Colonel's secret recipe.
I really don't get it. What's supposed to be funny about it?
Most (all?) jokes are based on setting up a premise and then surprising the reader/listener by somehow violating that premise. What the premise and the surprise supposed to be with the "PMITA prison" and rape "jokes"?
HAND.
This just goes to show how asinine most "anti-hacking" laws are. Most were written in the 1980s during a big moral panic about "hackers" bringing down the telephone network, corporate networks, and western civilisation as we know it. You can very easily get more time in jail for, what most would consider a prank, than for rape or other violent crimes.
It is interesting that in this case Terry Childs did very little actual damage but got 4 years. In fact more damage was done when the prosecutor decided to publish a list of working passwords for the cities computer network. Just goes to show the kind of technophobic old people working in the city offices and in law.
I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.
Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail. Even if he did deserve jail he already spent a year inside before the trial (for some ungodly reason) and that was more than enough time served for this. The only reason they kept pushing this is to avoid the huge lawsuit if they failed to get a sentence longer than the time he already spent inside.
My impression is that there are separate facilities for white-collar criminals, so he probably won't have to interact with rapists and murderers. Am I being optimistic?
A policy should have been in place that defined who the business owner (management) of the resource was (network in this case). It is the responsibility of management to ensure that they define who has a business need for access (and have it documented), and it's the responsibility of the tech grunt to run the system (or network) for the business owner.
The key point is that as a non-manager type person, if management says jump, get it in writing and jump. Management is ultimately responsible for the system and network to the business. If management has made bad choices or decisions, it's their fault and if the request or actions leading up to the failure are documented, that admin can refer to that.
All organizations should at least have a documented policy of who can have access to resources and that the business owner of the resource can be easily determined. The business owner needs to be someone who is legally responsible to the organization (i.e. an executive, or someone high enough in management).
As a system administrator, you should insist on having this documented just to protect yourself. If you suspect that there is some management decisions that could jeopardize the operation of the system, document it, report it to the business owner and let them make the final decision (with documentation).
In the case of Terry Childs, had this been documented, he would have been able to either say that the person who was requesting the passwords did not have a business need (and would be able to back that statement with documentation), -or- if the person did have authority to have access, he could have simply have documented why it was a bad decision, hand the passwords over and walk away from it.
Yes there is a pride element. You've spent years building up a system and making it shine, but unless you are running your own business, you are not the legal owner of that system.
Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.
You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.
Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.
You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.
You and I may see the difference, but can your luddite boss and his luddite lawyer? You might think that laws and court rulings are based on responsible understandings of the facts, but then you would be wrong.
Hoist Number One and Number Six.
Making jokes the way Americans do about "pound me in the ass prison" indirectly condones the fact that such a prison system exists. Heck, how many tv shows have a cop quickly whispering into the ear of the just arrested (and hence not convicted eg innocent) perp about what's going to happen to him in jail?
People replying to my sig annoy me. That's why I change it all the time.
Mr. Childs DID have a peer (or more realistically a better) on his jury. One of the jurors has a CCIE and works in network. See http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html for the details. Also remember that it takes only one juror for a mistrial. All jurors have to agree for a conviction.
The problem is that he flat out broke the law, and it was pretty obvious he knew he was doing wrong, he just thought they couldn't touch him. He had become infected with the sysadmin diesase of thinking that he owned the systems and could do as he pleased, and that he could make himself indispensable.
So sorry, but don't try and pass this off as "stupid jurors." The man had someone with the peak of network training sitting on his jury.
If things aren't well documented at your work, push to get them documented. This is better for everyone involved. Have it clearly spelled out who can have access to what and under what circumstances.
For example where I work, the policy is that all shared passwords have to be kept in a safe that my boss has. Under normal circumstances, he is the only one with access. I don't know the circumstances that someone higher up can get access, since that really isn't my problem. However it is all well laid out. So long as my boss keeps the passwords there, he's in the clear.
So if you are in a situation where you are one of the few, or the only person, with access to something critical, make sure it is done right. Check and see if there is a policy and if so follow it. If not, work to have one created. It'll keep you in the clear and make everything much easier. You then don't have to ponder "Should this person get access," you have a policy that states it.
From a purely ethical standpoint, he wasn't very. As for a four year sentence given the nature of the crime, personally I think that's incredibly absurd and yet equally indicative of the judicial system in the US.
Well I'm just not sure how to respond to such obstinance. There is plenty of information out there as to why the jury voted as they did and what law was broken and so on. If you are unwilling to read and understand that, I can't help you. Some people just want to be paranoid, I guess.
Also this "Luddite boss" thing really reeks of ego mania. Far too many sysadmins think they are the Smartest Motherfuckers in the Universe and that there is no way their boss could possibly understand any of this because he's not as good at tech. Turns out that's often not the case, a manager may understand technology and more important the limits of their own knowledge about technology just fine. They may well be an intelligent individual, just with some different skills than yourself.
I'm not saying some aren't dumbassess, but then so are some sysadmins. I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.
The network for the city of San Francisco will now be managed forever by an outsourced company with a phalanx of lawyers. No single individual will ever accept the liability of the clusterf@&! which is San Francisco bureaucracy. The cost of this trial is minuscule to the ongoing costs which will be incurred paying for outsourced network overhead.
Every mans' island needs an ocean; choose your ocean carefully.
In my company the precedent is that when you are fired, you are no longer allowed to log onto your computer. Basically security comes/watches you pack from your desk and then you must leave, it's standard practice. They don't want to hear about passwords, etc.. they want you to get your stuff and leave. I would consider my obligations done if that happened to me. Because most passwords are in a textfile on my hard disk and many I don't remember.
But also my passwords are mostly for personal accounts so they can just go and create other accounts. But anyway when the escort you out like an animal I would end my obligations right there. Anything else, "sorry I don't remember, I'd need to poke around my computer to find it..oh wait I wasn't permitted back on...well good luck".
I was thinking the scenario was as follows: 1. He was employed as the sys admin and as such had obtained the focus to be the top person responsible for protection of the network. 2. His reluctance to give up the passwords was caused by his position that those people wanting the passwords were unskilled and had proposed not-safe activities on\to the network and so he deemed it the safest move he could have done to save himself from being responsible for any resulting damages, as well as to protect the network, not to cough them up. 3. His employer then searched for the passwords, which should have been accessible by someone else in the chain of responsibility, and received none because said employer had not already had in place the safeguards necessary to avoid this very situation (which, ultimately, is what created the situation in the first place). 4. He then continued to refuse based upon the reasoning stated in #2, above, after speaking to (people) claiming, mostly, "principals" as reason-enough, but also that the use of the network was not being 'denied', -so how could they charge him with denial of service, AND based upon the fact that he was doing, in every aspect of consideration, EXACTLY as he had always done regarding his position and protection of the network, based upon the processes and procedures and safeguards in place during his entire time of employment. 5. Employer found itself in awkward, perhaps embarrassing predicament and could not, based upon the man's 'principals' (which were cause for him to be hired into the position to begin with) force him to allow the not-safe-for-the-network access, and decided to go with what the State wanted to do, prosecute the man as an example. 6. He was arrested and charged under CA's new laws. 7. He lost. No mention of improprieties in the actions of the court have been heard, so what is there to 'appeal'? "All" should now be 'noticed' of this possibly happening to them. All should now be prepared to 'give-up' your principals when\if it comes out that your employer is\has been slacking in its responsibilities regarding this type of situation. (which may also mean disqualifying yourself for REAL responsible jobs in the future.) All should take note to make sure that the job you are in, and all future positions, is one where the employer IS already taking the safeguards.
cjacobs001
It isn't about PASSWORDS it is about ACCESS. He had sole access to some systems, including some very critical ones. He wouldn't turn over access. In some cases, this would have meant creating accounts for other people. In other cases, this would have meant handing over the password. Remember that some things like root or enable have only one password.
So the issue wasn't that he wouldn't give up his own personal password, the issue was that he was denying the rightful owners of the systems (the city) access to those systems.
Also please note this all started way before he got canned.
"How the fuck is this news?". Really. Slashdot readers are vastly outnumbered by the dumbasses out there, who luckily we don't keep track of. Why should this one be any different? Seems he's a slow news day's go-to story.
Look at my sig.
Anything can be found funny, from a certain point of view.
On the other hand, I rather doubt that refraining from making the jokes would lead to imminent abolition or reform of those institutions.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
America may be civilized in the broadest sense of the term, but it is anything but civil. When you have a "civilization" where keeping people imprisoned is a $40 billion a year industry, and prison wardens allowing criminal activity inside their institutions as a cost-effective means of self-policing, you're going to have people getting raped and your going to have people coming out of prison much worse off than when they went in.
"Turned Out" is an interesting and disturbing documentary about the dynamic of prison sex and rape http://www.youtube.com/watch?v=M4_uvvcaDqw
of course, after posting I read http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] for the details, and maybe my thinking has changed somewhat, BUT, not as to the employer being ultimately prepared with proper polices and procedures. more coffee!
cjacobs001
but you don't give them over the speaker phone and in a big group you make so if some messes up you are not at fault.
Not to mention letting the big guys get free sex whenever they want.
he was not fired they moved him and gang rushed him for the passwords.
$200,000 to get some real IT guys in there as they locked 1 of ones who where left there after lay offs.
I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.
It's also bad engineering. If the system is so fragile that you're the only one who can work on it, then you're doing a bad job. What if you get hit by a bus? What if you decide to quit so you can accept your dream job? Whatever you build should be (at least mostly) maintainable by any other average practitioner with similar credentials.
we needs tech jury's for cases like this or some kind 3rd party IT resource that can tell the jury about how stuff in the case works and give out real world setups are setup and work not book cases based on what you see in the M$ tests.
This.
The people who really ought to be having a miserable time in prison get a free pass to carry on tormenting and hurting other people for their own amusement. Other people who have nowhere to escape and nobody to turn to for help.
No sig today...
The problem isn't the joke, the joke is fine. The problem is that it's really going to happen, that we all know it and that we do nothing about it
No sig today...
Once you leave a company, you don't have to support shit as long as you haven't signed some stupid contract forcing you to do so. If they have the passwords and can access THEIR systems, they can do what they want. Of course if they call you back, you can always charge them out the ass in consulting fees, but you don't HAVE to come back and work for them. They can always hire someone else if you don't wish to work for them. This isn't indentured servitude.
You're messin' with my Zen Thing, man.....
The process of "being fired" does not end your responsabilities with you stopping to work and going out of the building. It ends only when you :
1) gave back all physical object the firm loaned to you within the execution of your work (laptop, cars, etc...)
2) gave back all access key in your possession (be it physical, RSA keys, or electronics)
3) gave back all financial access you had to (firm credit card for example), and I may pass a few others.
If you do not think so, you are a "terry child in waiting", as in, risk prison if you think you can skimp on your responsability. being fired don't mean you can keep stuff from the firm, be it unique key knowledge (like passwords), or physical items.
It actually pretty dumb to think so. About as dumb as somebody keeping a laptop at home after being fired.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Prison is supposed to be a loss of freedom, not a loss of basic human rights.
Liberty is a basic human right.
Who ordered that?
Is assault & battery funny? Of course not, but it is when the Three Stooges did it. Is gun violence funny? No, but we laugh when Yosemite Sam does it. Bad things are funny. Really bad things not so much, and there's no real objective way to draw that line, but something like a male criminal getting it in the pooper...well, pretty overdone, not too funny, and in the end you would hope it doesn't happen as the punishment would be nowhere near close to fitting the crime (I would certainty hope they're not holding him with violent criminals who would do that sort of thing), but I don't get all the righteous indignation over merely mentioning it in some sort of attempt at humor.
1) Never take a government job.
2) Stay out of California.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Probably because for so many prison turns into a free ride, easy time, then get back out and go back to the same effed up lifestyle of disrespecting the society they live in. It's different for everyone, but it seems that going to prison is not such a big deal, and the fear of being arsch-raped is. But this is missing the point.
Why he was sentenced, found guilty, or even on trail is the question. What did he do wrong? I think his supervisors are at fault for not keeping tighter guidelines for him to follow, and that is that. SyCraft-Fu puts it well, "Hopefully it'll be a lesson to other sysadmins to consider that at work, the computers are not yours."
rm -rf ms/*
It's news because it worries us now that instead of being one office politics clusterfuck away from being fired we are one office politics clusterfuck away from being jailed if we can't keep our temper.
If reasonable people were involved it would either never have got to trial or been a simple one day case if he was clearly in the wrong. Instead it was untrustworthy weasels out to make an example of him that never giving him a chance to hand things over even if he wanted to until the Mayor could get time in front of the camera.
From my point of view his obligations to the employer ceased the instant he was fired. I don't feel that any justice at all took place in this affair. Our courts and laws have gone over the edge. What is more serious? A drunk driving incident in which no serious injuries took place or failure to hand over a password? Justice may supposed to be blind and level but nobody ever suggested that justice should be as stupid as a stone.
They did the right thing and the criminal Terry Childs will do some time in jail.
correct, but you're supposed to keep all of the others. Also, you're not supposed to have them in a manner which is entirely notional because you don't have the means to force the issue (see restricting prisoners access to the courts).
FGD 135
With unrestricted physical access to the system, the other IT people couldn't defeat Terry Child's password access?
That should have been the work of only a few hours and that's being generous. A talented person could do it in minutes.
I don't get it...
Were the people asking for the passwords *NOT* the lawful owners of the system or something? If not, why didn't they ask the owners instead of going through the sysadmin?
When you are being a sysadmin on company equipment, the company still gets to know what the root passwords are. It's THEIR computer, for chrissake... not his, so what on earth would made him think that shouldn't be the case here?
Or am I missing something about this that makes it easier to sympathize with the guy?
File under 'M' for 'Manic ranting'
The fear of prison rape appears to be one of the main reasons to avoid getting jailed. It's quite barbaric the way our society uses sex as punishment.
4 years in prison for not giving out a password for 12 days? Insane.
Frankly, I'm not sure I agree what he did constitutes a crime. The city not knowing a password is hardly a "denial of service". Aren't the people who came up with this crazy scheme where ONE person knows the passwords equally at fault? Perhaps they should be charged with a DOS crime.
Assuming for the moment this constitutes a crime, a reasonable sentence for something like this would be 90 days in jail. To put this into perspective, in 1999 Kevin Mitnick got 46 months in prison for to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication. (He also got 22 additional months for violating the terms of his previous release for computer fraud).
So yah, a 4 year sentence is batshit insane.
AccountKiller
Par for the course in 2010 America.
He may not have used the best judgment politically in dealing with this, and yes - people have pointed out the need for proper documentation, which I completely agree with, but ultimately he was just doing his job too well...based on what he's said, it looks like he's wishing he had "gotten out sooner," but I wonder if that means he wishes he had compromised his principles. I could understand if he lost his job, people do lose their jobs over bullshit political workplace workplace situations all the time, but JAIL! and likely losing his CCIE?
There was no "denial of service." I hope he appeals, wins and is somehow able to rip those involved (and/or the city) a new one...
I am sure there will be people who have never been responsible for maintaining a network that other depend on and who have never had to deal with the practicalities of dealing with inept senior management playing political games with your work and your responsibilities who will comment on this and suggest that "he got what he deserved," but they're likely the same sort of assholes he had to deal with who precipitated this mess, and are certainly wrong.
This is fucked.
On the other hand, I rather doubt that refraining from making the jokes would lead to imminent abolition or reform of those institutions.
Welp, it won't immediately fix the problem, we had better just give up entirely.
There's no way to instantly clean up the oil spill on one fell swoop, only a mix of methods carried out over time, guess we should just give up and leave it.
Check the facts.
When he was first asked for the passwords he was still an employee. He was just supposed to do a different job.
But I forgot: If you would refer to the facts, you would have to admit that Terry Childs is a stupid, paranoid egomaniac, and we can't have that, right?
"Well, Mister Childs, it looks like you shouldn't have acted so...
*puts on sunglasses*
...childish."
YEAAAAAHHHHHHHHH!
That's not worth four years. Many first time rapists don't even get that.
On the other hand, I rather doubt that refraining from making the jokes would lead to imminent abolition or reform of those institutions.
But using the joke as an opportunity to discuss the seriousness of the issue, and to raise awareness that this is something that is wrong and need to be fixed is worthwhile and may contribute to the eventual correction of the problem.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Being an admin with all the 'keys to the kingdom' doesn't mean you're somehow special. What happened here is no different than a bank teller refusing to unlock the cash drawer for a manager. The only thing I would find excusable and appropriate is if you refuse unless the request is put in writing. Once someone upstream in the food chain demands something, the consequences become their problem.
boycott slashdot February 10th - 17th check out: altSlashdot.org
Nope, the second I'm fired I don't have to give them anything. Not one thing. Fired is fired.
Have you had to deal with many PHBs? Corporations are full of them, and most I wouldn't trust to install XP without fucking it up. True story- I used to have lunch and do hired gun work for an old Linux sysadmin named Glenn. Classic gruff sysadmin that really knew his foo. He told me about how he had to miss our lunches the week before because he had to deal with the PHB put in charge, ended up being drug all the way to regional headquarters and threatened with firing, and for what? And I quote "You have NO RIGHT to block my emails from Melissa! Who I speak with is NONE OF YOUR BUSINESS!" That's right, he was nearly fired for refusing to let the Melissa worm loose on the network. lucky for Glenn the regional guy wasn't a retard and had actually kept up on what was then current events, so he turned to Glenn and said "Is he talking about the worm? You're kidding, right? You told him it was a worm, right? I got drug out of a meeting...for this?" and then proceeded to give the PHB a real bitching and gave Glenn and his wife a steak dinner on the company.
So I've learned NEVER underestimate the stupidity of a PHB. I've dealt with PHBs that would sticky note passwords all over the damned place, but God fricking forbid they don't have access to a password because that's YOUR ass. That is why I gave up dealing with corporate and instead run my little shop. The pay isn't nearly as good but I don't feel like bashing my head against a wall several times a day either. While I agree that he should have handed over the passwords I too worry about where exactly does a job officially end legally with this precedent. What if you hand over the passwords and your setup is too complex for the moron the PHB hires? Can YOU basically be forced to come in and train the moron or be blamed with network "tampering"? If it is one thing we have seen with the courts, common sense rarely plays a part. Also 4 years is total bullshit, I've known guys that have damned near beat someone to death in a fight that got less.
ACs don't waste your time replying, your posts are never seen by me.
Care to state the lie and the proof of it?
Lots of people like butt sex. And if everybody gets it, then it's not unusual, is it?
Yes. Didn't you read the procedures? Seems like you didn't.
NO. Neither the authorised policeman, COO nor the boss were allowed to have the passwords.
READ THE FRIGGING DOCUMENTS.
Why was Terry guilty? Because arseholes like you ask questions like "Are you seriously claiming that none of the following : the COO, your boss, or a properly authorized police officer, have a right to hear the passwords of the systems you're administering ?"
Lets say you say in a public place to your COO the passwords. Lots of people overhear it.
Does that sound safe and secure to you???
Frigging idiot.
I am very critical of Terry Childs actions and think, that those can at least be interpreted as criminal act. But 4 years for such a bagatelle case? What do you do with a real criminal? There was a lot of incompetence on the city side walking around which enabled such a situation. I think he was afraid of loosing his job and overstepped his legal options. But what do you do who does this to steal money or with the intent to cause damage? Shoot him?
People who drive under the influence of alcohol and kill someone get away with less.
I think the punishment is out of proportion.
CU, Martin
Think about it.
His managers are not blameless in this. He should never of gotten to the point where he had sole access to critical systems. It may of been hard to predict he'd jump on the crazy train, but all companies should plan for their employees being hit by a train....
See, here's the criminal thing.
You say he deserves time in jail and the reason why he deserves it is he's a criminal and he's a criminal because he's spending time in jail.
Juries are there to say "The reason for this law is not to stop THIS sort of thing happening", but judges HATE that. It doesn't respect their authoritah. So in this case, as in so many others, the judge gave CRIMINALLY NEGLIGENT instruction to the jury.
The Judge is a criminal.
When are we going to see him in jail?
The owner of the city of San Francisco network isn't the mayor or some manager in the city administration, those are only the administrators. The true owner of that network is the people of San Francisco.
Your analogy would be like this: is it right for an employee to refuse to tell the combination to the safe in the diamond store to some unknown persons on a phone conference?
Terry Childs wasn't denying access to the owner or to the legitimate users of the network, he was denying access to a bunch of incompetent managers.
At one point there was an allegation that Childs had sabotaged the system to the extent that there were no backups from which any particular device's configuration could be recovered and the devices were configured such that they wouldn't operate correctly without reprogramming following a reboot. Did anything ever come of that claim?
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Here's an interesting deconstruction of the idea:
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Not exactly true.
If you happen to have keys to company doors on your keyring, you are required to return them. If you happen to have been given a company car, you are required to return it.
Just because you have been fired does not mean that you are free to keep whatever company property you may have in your possession. The question then becomes whether passwords are considered company property.
Also, as pointed out elsewhere... An administrator that had so little common sense as to not plan for his untimely demise (as in others already have those passwords should he suddenly die), should really be considered as nothing more than a bumbling fool by real professionals.
And yes, I believe most people would consider any code or other work-product on your computer but not yet committed to source control as company property (they already paid you for providing it) so you must help them access it. Yes, most company network admins can do this with their accounts and that can be considered good enough.
Quoting Carlos Mencia "How the fuck is this news?".
Who said it first, though? I know that guy steals most of his act...
[UID-HeinzIntel]
So... Mr Childs.. was it worth it? Was being an asshole worth 4 years of your life?
This can be rationalized any number of ways if you want to discard the facts, but the bottom line is that he was entrusted to do certain duties for his employer and instead he *purposely* caused them huge financial damages. If he vandalized over $200,000 worth of city property he'd be in the same boat as he is now.
Part of business continuity is ensuring such continuity. If you are the sole keeper of high level passwords, you should be recording hard copies when there are changes and storing them in your employer's safe or safe-deposit box. Period. Not only did he not do this, he purposely REMOVED other administrator's accounts, denying them access.
Unless you are the owner of the business, you have no place putting your employer in such a precarious position. You could walk out the door after work on any given day and be killed in a car/bus/plane crash.. or simply shot by someone that thinks you're an asshole. Your employer has the right to be able to continue business in the event of such a circumstance. They own the equipment, not you.
certain slashdotters are proclaim terry child's innocence or expressing sympathy for him, when if he did the same actions, in another profession, you would be busy declaring his guilt and excoriating his behavior
if you are such a slashdotter, congratulations: you are a prejudiced person
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
It's also bad engineering. If the system is so fragile that you're the only one who can work on it, then you're doing a bad job.
That would not be bad engineering, but bad management. I agree that you are not doing a good job, but it is up to his manager to identify and correct it before it becomes an issue.
Managers have responsibilities too and need to foresee these types of problems and make sure the work is being carried out with sufficient human and material redundancy. Also, HR should hire only qualified people who are actually capable of working in a team. Good people cost money, bad people cost even more in the long run. However most managers only care about numbers now and lower the expenses as far as possible to get the maximum amount of bonuses or make them look good for their managers.
IT guys are often seen as disposable lower than blue collar hired help. However when something goes wrong, it is always the lower IT guy that gets the blame as they were supposed to be all knowledgeable and should have foreseen and prevented the issue.
Back on topic. This person went out of line by changing the passwords and then later not disclosing them to others. There are ways to securely disclose them if that was an issue, or as soon as he left/was fired, the keys did not belong to him anymore. That being said he should not be facing up to 4 years of jail time if he did not do this with malicious intent or to enrich himself. Mostly one can quickly distinguish a good sysadmin from a bad one. Look at his/her documentation, see how much information and knowledge (s)he shares with colleagues. If they score bad on both even after you (as manager) asked them to improve, you know you have a time bomb on your hands.
So unless he deceived his direct and hiring managers, they should be facing the music together with him. Leading positions should be again about responsibilities and not just perks.
Prisoners rape each other, commit assault against one another and occasionally murder each other. Extortion is even more prevalent than rape in US prisons, because it is also present in minimum and medium security prisons. You can scream and shout about how all of this violates human rights you want. And claim that we are turning a blind eye to a problem. But it is simple really, we do not have the capacity to imprison and monitor so many people. We've overloaded our prisons and understaffed them. We've lost control over our prison population and at this stage we're just trying to keep them from escaping or murdering each other too often, with only limited success.
If you have go to an American prison you'll just have to get used to violence, and tolerate things like rape to survive (although it is quite rare in a minimum security prison). Pretend you're taking a vacation to some lawless country.
“Common sense is not so common.” — Voltaire
The owner of the city of San Francisco network isn't the mayor or some manager in the city administration, those are only the administrators. The true owner of that network is the people of San Francisco.
Formally true, but legally and practically meaningless.
The keys can't be surrendered to the "people of San Francisco" but only to their elected or appointed representatives.
Would you care to try for Double Jeopardy, where the stakes are higher?
>Prison is supposed to be a loss of freedom, not a loss of basic human rights.
Prison is also supposed supposed to be about rehabilitation... although there's some 25% of Americans who don't believe prisoners should be rehabilitated (which translates into, "don't let them out...")
Both Maryland and Indiana explicitly declare that juries consider both law and fact.
Maryland's constitution says, "[i]n the trial of all criminal cases, the Jury shall be the Judges of Law, as well as of fact." Indiana's Constitution say a criminal jury “shall have the right to determine the law and the facts.”
A cop can choose not to arrest. A prosecutor can choose not to prosecute. Even a judge can (in limited cases) direct a not guilty verdict. Why should a jury not be allowed to nullify?
by this precedent I can sue AT&T for DoS by selling me 6Mbps and delivering only 4Mbps. Those pretty boys need to discover what happens to grifters.
For the rapists it's a perk to while away the long nights, one that the guards mostly turn a blind eye to. ...and that's almost worse than the fact that people are being raped in the first place.
No sig today...
Today's prisons don't rehabilitate anybody.
They don't even deter people - most criminals simply don't believe they're going to get caught.
I think prison should only be for violent offenders, people who would hurt others. Everybody else should be tagged, privileges taken away (eg. no going out partying) then made to do community service and fix the country up u bit. That would be far more rehabilitating than being locked in a place full of people who are constantly attacking you (both verbally and/or physically).
No sig today...
The concept of what a prison should be like has shifted back and forth, over time.
Most prisons in the US have some name ending in, "Correctional Facility," as historically there's been at least some pretense that people going to prison are supposed to be educated and cured of their antisocial traits, and come out as law-abiding citizens.
The current concept, sometimes explicit, is that prisons should be as horrible and cruel as possible. Thus, education programs are cut, amenities are cut, and officials turn a blind eye towards sadistic behavior on the part of the guards. Prison guards setting up fights between prisoners and betting on them, or putting members of violently opposed gangs or racist groups in the same cell, are particularly notorious.
So when I hear the jokes about prison rape, usually with some smirking, I shudder, as it implicitly endorses sadistic prisons. That isn't my concept of justice.
>Prison is supposed to be a loss of freedom, not a loss of basic human rights.
Prison is also supposed supposed to be about rehabilitation... although there's some 25% of Americans who don't believe prisoners should be rehabilitated (which translates into, "don't let them out...")
More like 99%. The rest of us think they should simply execute all felons and save us all a lot of hassle.
Advice: on VPS providers
Rape Cage Up In This Shit!
That is the most laughable yet hauntingly accurate of the American way of life that I have ever heard!
When he was first asked for the passwords he was still an employee.
You're leaving out the fact that the person asking for the passwords wasn't authorized to have them, by city policy.
However even if that's not the case, you have to relinquish the passwords when you leave.
His contract said to whom he could hand over the passwords. Those were not the people who came asking for them, or threatening him, or arresting him. When they finally got the person to whom he could release the passwords (the mayor), he did.
If the system is so fragile that you're the only one who can work on it, then you're doing a bad job. What if you get hit by a bus?
So what is the good practice for this?
A technical writer told me that when he documents a system, they put the critical passwords in escrow, perhaps in a sealed envelope in a safe.
I wouldn't trust passwords sealed in a safe unless I had tested them. And I can imagine how one set of passwords in one location in a safe might not be enough. They wouldn't survive a disaster like the World Trade Center, or New Orleans floods.
If the system is so fragile that you're the only one who can work on it, then you're doing a bad job
You know that Childs was being let go of his current position and relocated elsewhere, right? Maybe they did see that, and that's why he no longer was going to be their network engineer. Then when they ask him for the passwords to fix his 'bad job,' he, in not so many words, told them to fuck off because they're morons.
That's faulty reasoning. The people who don't mind prison life aren't the ones getting butt-raped. The people who don't fit in are. Butt-raping, and any other prisoner v. prisoner battery tends to affect those for whom prison life is already the worst. Prison butt-rape is extreme bullying in an environment where bullying is condoned by the administration. As bullying, it IS funny, once you manage to suppress your pesky sense of altruism.
This.
The people who really ought to be having a miserable time in prison get a free pass to carry on tormenting and hurting other people for their own amusement. Other people who have nowhere to escape and nobody to turn to for help.
I see the justice system as inexplicably unbalanced as well. Why are nonviolent crimes pursued more vehemently than violent crimes? Why spend billions jailing, say, potheads, and other perpetrators of victimless crimes, rather than a hard push to eliminate violence and murder? How can any nonviolent crime with no victims that are physically violated ever be equal or worse than any violent crime? Why is any man allowed to punch any other man in the face, and 99% of the time its unprosecutable, and the victim is punished for not "sucking it up?"
The Admin and the Engineer
"Ain't no twelve pickpockets gonna judge THIS guy!"
Say it right: "Nuc-le-ah Powah".
There is a major principle of employment here that the city violated most grievously: don't put the cart before the horse, or, first socks, THEN shoes. If you are an employer, you must act tactfully and intelligently. Childs should never have been fired BEFORE relinquishing the information that only he had that they needed to replace him or continue operating their network. They should have HIRED someone to replace him BEFORE they fired him, and told Childs that the new guy was his backup, and needed all the access he had. Once his responsibilities were duplicated, that very Friday, they should have cut him his last check and escorted him off the grounds, during which time, the new guy would be securing, and replacing, all the passwords. They are punishing Childs a bit too harshly because his employers were incompetent.
The Admin and the Engineer
Don't go to work in Kalifornia and take your (personal) business elsewhere.
---- Booth was a patriot ----
While I am an advocate of the pursuit of rehabilitation, I would argue that the first and foremost justifiable purpose of imprisonment is to protect society from antisocial individuals. Furthermore, most people in the US think of prison as punishment. To us, punishing is more important than any kind of purposeful action. We don't even care if the punishment actually discourages future anti social behavior. Sadly a majority of us (mostly those on the right in my opinion) would bite off their nose to spite their face.
One of these days I'm going to cut you into little pieces. - PF
The answer to your question is that most people don't believe that prison rape is appropriate. Nor is it sanctioned under our law. It is a crime in every state, but where you have a concentration of criminals, you have a concentration of crime. Prison rape is not inevitable (except in movies). "Only" about 2% of prisoners in the US are raped.
That rate climbs over 10% when you are talking about juvenile prisoners -- boys -- who are incarcerated with adults. This is about the same rate of sexual assault perpetrated at juvenile detention facilities by staff (12%), but in adult prisons involves a much higher chance of HIV transmission. The rate in juvenile facilities also includes coercive but less violent abuse (e.g. threatening to extend the prisoner's sentence if he does not engage in sex acts). In any case Mr. Childs is unlikely to be raped in prison given his age and the type of facility he will likely be in.
I should point out that the prison rape figures are still alarming, especially serious given the extraordinarily high rates of incarceration we have in the US, especially of children. About 3/4 of a percent of the US population is in prison, by far the highest rate in the world.
I bring the juvenile issue up because surely this is a litmus test of barbarism. Proponents of more frequent and longer prison sentences often advocate trying juveniles in adult courts. However they do not (saving anonymous Internet fruitcakes) argue that sexual assault of child offenders is something that ought to be sanctioned. I have certainly met a few rare individuals who believe that rape is part of the "cure", but I don't think many law and order advocates endorse this view -- at least not in public. I'd say that their attitude to this problem is more one of indifference. All things being equal most would rather it didn't happen, but they consider it a tolerable problem if the apart from that public safety and justice for victims are promoted.
The argument advocates typically make is that the public good is served by removing criminals from society. In the case of transferring youth to adult prisons, it is also asserted that they will receive longer sentences, keeping them off the street longer, and that the harsher conditions in adult prisons will "scare them straight". There is intuitive appeal in these positions, but they are not confirmed by studies of states where juvenile "transfer" laws have been passed. Juvenile crime rates have not dropped relative to states not having such laws, so it is probable that not enough youths are removed from the streets to make a difference. While sentences in the adult system are indeed longer, time actually served is not, and when released youths who have been spent time in adult prisons actually re-offend at a higher rate. However, even where it can be shown that juvenile transfer laws don't keep young offenders off the street longer, expose them to prison rape, and discharge them with higher rates of recidivism and sometimes HIV, I would not expect such laws to be repealed. People want these laws to work.
This brings me back to the question of why the problem of prison rape is so much larger in the US than the rest of the civilized world. The appalling things that happen in US prisons (particularly to young people) aren't a sign of intentional barbarism in US laws. Nor are they a sign of the barbarism of Americans as a whole, although we certainly have our share of law abiding citizens who are depraved enough to enjoy the prospect of prisoners being raped (some states more than their share).
These abominations are the result of a culture that values problem solving, even in the case of problems that are unsolvable. When we are faced with a problem that must be managed rather than solved, we still look for a solution. If a rationally defensible solution evades us, we look for a dramatic action to take. In such cases a harsh action seems plausible to us, even if it costs a tremendous amount of money (as our huge prison systems do).
T
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
People have thrown the keys in the toilet and flushed after being fired.
No one ever got four years in prison for doing it.
*disclaimer* I do not agree with people being raped in prison. Having said that, I believe a lot of people are okay with it and even encourage it because today's prisons are hardly a punishment to most career criminals. Many prisons are more crime college than punishment. Criminals go in ametuers and come out pros. Hell, nowadays after watching gangland, half of the guys on there claim that going to prison is what gets you cred on the street. We're not only teaching the criminals how to do what they do, we're giving out diplomas in the form of prison tattoos and rap sheets that they can use as resumes for their hometown gangs. I guess people who hope for rape and such are hoping that while being punished... something unpleasant or punishing happens. Even if it isn't the government doing it.
And you're leaving out the fact that Childs had CC'ed the person asking for passwords a week earlier, on an email containing a list of usernames and passwords that he had set up. What changed in the intervening week, where the guy who you claim "wasn't authorized to have them, by city policy" was deemed an authorized user by Mr. Childs, and the day he was fired, when suddenly Mr. Childs decided he wasn't authorized?
For all the people claiming that giving out passwords constitutes "working for free after you've been fired," stop and consider this: what constitutes more work - saying (or writing) down one sentence - "The password is XXXXXXXXX", or enforcing your version of an employers' security policy for them after you've been let go ? Less than 10 seconds of writing or speaking, versus a 4 year jail term, and years spent in courts over a ridiculous semantic issue?
Please don't assume this was bad engineering. I was in a position, last month, where a system engineered by others and with various management influences, was done in a very precarious way, despite my repeated warnings. This left me as the only one who had a chance in hell of cleaning up the mess when the inevitable disasters struck: I was blocked, by written management orders, from properly documenting and labeling the system.
So of course, when it inevitably crashed, the only hope was me, becuase I'd quietly stashed configuration printouts in my desk, along with the cross-connection diagram. This is because I was _blocked_ from providing good docs: they were deemed an "inappropriate use of my expensive time". The fact that I'd done so, anyway, quietly, saved quite a lot of corporate money and I had to not take any credit for it when the "incident review" happened lest I get competent people, like me, fired.
If you don't own it, it's not yours.
It sounds so simple when you say it. It's pretty obvious that if it had been this way, there would have been no legal case.
"Give us the passwords" ...."
"I can only release the passwords to specific authorized individuals, who are
"Ok, we'll get one of them to call you."
Serious? Seriousness is well above my pay grade.
I heard that he refused to let private companies mine the database, but bribes had already been paid to his bosses. His lawyers told him he has no proof. So the one guy doing the right thing has been put in jail, and now the SF database is open to accidental password sharing. I wonder how much it costs to get access now? A lunch and 5k?
Imagine his job was being a pizza delivery guy, and the pizza company owned the delivery car. And then after being fired he refused to hand over the car keys to the duty manager because he was too dumb or incompetent to be able to deliver the pizza in less than 30 minutes without crashing the car and embarrassing the company.
Sure he was trying to protect the integrity of the holy 30 minute rule, but it was no longer his job, or his problem, he should have handed over the keys.
If you don't risk failure you don't risk success.
A certain point of view?!
"They were pure niggers." – Noam Chomsky
There's a lot more to the case than what people have read on slashdot. If you read the actual interview with the juror, you may gain some insight as to why this turned out the way it did. I found this part interesting...
IDG News: Going back, what was the one step he could have done to avoid prison?
Chilton: If he would have simply said, "I will create you an account and you can go in and you can remove my access if you want." If he had created access for someone else, I think that would have resolved it. If he had not decided to leave and go to Nevada a few days later and withdraw US$10,000 in cash, [Childs did this the day before his arrest, while under police surveillance] I think the police may have let it continue on as an employment issue and not a criminal matter.
I agree, it's not fine to wish someone to be raped, but as a joke that does not affect what will happen to him in jail...
Actually, it does. It's because people treat it as a joke that this continues to be a problem. If it were taken seriously, then there would be more efforts made to stop it.
... and then they built the supercollider.
Childs was clearly one of the mad hatter primadona sysadmin types. I've had to deal with these sorts of delicate geniuses before. They may be really bright (though they're usually never as bright as think they are), but they're such self-important pricks.
The company I work for has but one IT guy, and that's me. In fact, I've just been promoted to organization-wide IT manager, dealing with six locations, three of them about 11 hours drive away from me. The first thing I have been instructed to do is centralize critical data; network maps, configurations, and yes passwords, where my managers can get at them. I've been writing a rather large manual on all the procedures, server functions, etc. that I've put in place over three and a half years, including every single script, cron job, wjatever. It's a daunting project, but the whole point at the end of the day is that if I get hit by a bus they can get someone else in and keep the whole thing running. The company needs to be able to keep its IT systems functioning even in a case where I won't be available beyond the end of my employment to help out or even relay important information.
The way Childs had stuff was utterly irresponsible, violating very basic principles of contingency planning. He may be an incredible router programmer and whatever else, but the way he had critical system information stored (in his head no less) indicates a self-important maniac who, while somehow bullshitting himself into believing he was doing it all for his employer, was in fact putting them in a position of potential disaster if he should be killed or incapacitated.
So good riddance. Maybe a few years in prison will teach him the most important lesson; humility.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Take out the technology. Repeat the conversation with, say, combination locks. I'm still on the side where not answering a question by a former employer shouldn't land you in jail for 4 years.
Learn to love Alaska
I read the law a number of months back, so I may be remembering one that wasn't the one he was convicted of, but my recollection is that the law they used required that he cause some damage. They never claimed anything that sounded like damage. In fact, their claim of damage is like suing the neighbor kids for $50,000 because they hit your window with a rock and it didn't leave a mark. Well, you can't be sure the double-pane window didn't get a leak, so you hire someone to come in and check. Of course, to check whether it did requires that they re-fill it with argon, which is more expensive than just replacing the window in the first place, and they find there was no actual damage, but you get a bill for $50,000 for all the work. Then suing the kid for $50,000 because you reacted when they might have caused some damage.
I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.
When people say "just give back the keys" I think that tech people will understand it better. But then, I come here and read the comments and I'm quickly corrected. He was charged with causing damage, and he caused no damage (that's not to say he didn't cause cost, but he certainly didn't cause any damage). But the split here is not far off from the general public or the jury. "He's an ass, so he should get 4 years in prison." Then they work really hard to find some law to charge him with and make it stick. Keeping keys from someone doesn't deny them a "service" and the law requires damage be done, and not letting someone into a closet just so they can see what's there isn't a damage, even if not giving the keys requires that they then call a locksmith.
He should have been sued, not arrested. He didn't break a law, but he did conceal information from someone who had a right to know and took good faith steps to obtain it. And if I was the judge on that one, I'd order he turn over the keys and pay court costs (but not the inflated "repair" costs).
Learn to love Alaska
When he was first asked for the passwords he was still an employee.
So, rather than arguing that a former employee should be sent to jail for not talking to their former employer, you find it more acceptable that a current employee gets sentenced to 4 years for telling their boss to go screw themselves? And that's better how?
I see no conceivable reality where 4 years in jail is acceptable punishment for the crime of being an ass.
But I forgot: If you would refer to the facts, you would have to admit that Terry Childs is a stupid, paranoid egomaniac, and we can't have that, right?/i>
That's the real crime here. He was an ass, so he should get 4 years. Who cares what the charge is, you don't mess with The Man, so he got what he deserved.
Learn to love Alaska
4 years and the possibility of a 900K fine?
I am sorry but this is a classic case for jury nullification. His "crimes" in no way fit the punishment nor is this justice.
If you happen to have been given a company car, you are required to return it.
That's not true. You are not required to "return it" in that if you are home and they call and fire you, you are never required to drive the company car back in, give them the keys, then have to walk home. That's what they expect with a rental car, but the rules are different for company property. If they authorize you to take it off the property indefinitely (and indefinitely doesn't mean forever, but for no definite time - so that permission ending at termination of employment doesn't affect the use of the word "indefinitely"), then you are authorized to possess it (no matter what they say over the phone or in letters from lawyers) until they make an attempt to actually collect it. If they call and say return it, you tell them to stuff it. If they show up for it and you know it's them and don't get the door, then you committed theft. So be careful when talking about legal things when the common way of wording things might technically be wrong (you having to return it implies that you are the one that returns it, rather than you are required to allow them to collect it, which is the true legal standard).
Learn to love Alaska
He will also most likely be raped(I know don't joke about it...)
Guy's like that usually become some cell mates bitch or end up doing favors for him.
I think you'll find many of the truths we hold to be self-evident depend largely upon ones point of view.
Scientists point out problems, engineers fix them
altslashdot.org: The future of slashdot.
The first golden age of computers is over. The assholes own the playing field. They have owned it for awhile.
But here's a question: Is Terry Childs one of the assholes, or not?
The court documents are like 1500 pages long. Quick summary: -He was hired just to design and not build. No passwords needed. -They then hired him to build but not maintain. Passwords used were temporary and never production and didnt need to be entered in database. -They slowly and vaguely had him start to maintain while building. There wasnt a point where it was like 'we need your password for database' -He then became the lead maintainer but never had official password policy and was never asked for the password. He goes for years like this. -He gets a new boss who is a power tripping idiot who has no clue. Except he is the boss and should be God of his dominion and demanded child's password. -The boss is denied several times and eventually gets angry and fires him on the spot. Childs contacts union or whatever and gets his job back because it's wrongful dismissal. -Couple months go by and he goes in late night(IT does this too much lol) and finds an unknown woman accessing his secure stuff and she gets treated like a security threat as she is one. -Turns out she was legit but they get real pissed off and start to find a way to get him fired. Typical government worker bullshit. -Battle of the giant ego with tons of power vs douchebag government workers happens and he goes to jail because the cops are retarded and are easily manipulated.
Dude- it's about justification. This man is a hero. He could have taken the easy road but he didn't. He might be an egomaniac. That doesn't change the fact he is making the world a better place by stepping up and defending the rights of persons to be free. You are not subject to the government or anybody else once you've quit or been fired. Anything you've done prior should not subject you to some there after either. If he had done something destructive then there is civil court to go after him for it. A simple failure to write down passwords or refusal to do his job or do his job may be grounds for termination and that should be it. Yes- people can cause allot of damage. If you have people with power and you don't want them to abuse it then write that into the contract somehow. If 70% of the money you make fare in the form of $$$ and the rest stock you won't destroy the company that lets you go even if you hate them. It'll only hurt you too.
seems to me i just heard of an attempted murder....the person attacked is still alive, despite being shot...and the person got less time than T.C. I mean WOW, try and kill punishment than not handing over a password....I'm thinking your statement of "unbalanced" needs to be modded up. Here is a question I'd like some comment on: Shouldn't crimes with an actual victim have a more sever punishment than victim-less crimes?
What am I missing here? I feel like there is an aspect i'm not considering.
Those who can, do.
What am I missing here? I feel like there is an aspect i'm not considering.
There is an economics to fighting certain victimless crimes... the DEA, for example, bad asses that they are (absolutely no doubt of that, do not mess with), would not be nearly as strong if medical cannabis were legal. It's the easy bust, like grinding out a living rather than taking the big score. They're human too, and I guess they deserve an easy day once in a while.
Other drugs, such as prescription drug crime, has a different situation. Oxycontin, miracle drug for those in terminal pain, is highly abused. But it is highly abused as a direct result of the Big Pharm pushing it through doctors. So, we have pregnant women robbing pharmacies because of the greed of Big Pharm.
Crimes like video piracy are pursued because of the power of lobbies like the RIAA.
There are precious few lobbies against murder, rape or assault. Perhaps there are grassroot sorta movements, with lots of people, but Big Money beats a big roster every time.
If only it were possible to somehow... restore the integrity of our lawmakers and enforcers bosses.... But SCOTUS saw fit to turn money into speach... and make nearly everything 'interstate commerce,' even if it isn't sold nor cross state lines... these must be fixed, I think. Our Founders never would have agreed with that. People (not 'citizens') first, Freedom second, security third, and money is barely mentioned in their highly instructive documents.
I think Jefferson was right about revolution. Problem is, I don't think anyone can do better than they did, so I am fearful of what would replace our increasingly more facist society. Remember the pro football strike? That was one of teh coolest seasons evar. I'd like to see a law banning professional politicians, or anyone self-seeking election. It should be law that only those that don't seek office can be nominated and elected... ... well... just a crazy idea.
Also, and this is way way off subject, but as a society advances, the younger members of society get smarter, younger, with better education. We should pull out all the stops in elementary and secondary education, and really dig into the kids, and prepare them, make the best of them our leaders between the ages of, say, 21-35. The young are more ideal, less greedy, less likely to be coerced. Lets face it, their brains are just better than older brains, once their wild horses are broken. We should eliminate nearly every politician over the age of 40... but if they're awesome and wise, then they become the clerks and the advisors, rather than the other way around, because what we really have are invisible wonderkind writing speeches and policy that the older politicians simply sign their name to, take credit for... there are no more brilliant statesmen like John Quincy Adams or Woodrow Wilson left. What we have are handsome suits propped up by hollow ambition.
The Admin and the Engineer
I can't believe the amount of horse-manure going around this thread, along the lines of "he got what he deserved" etc.
To me, Terry Childs behavour was the epitome of professionalism. Any job I've had so far, HR didn't have access to production IT systems, and rightly so. Terry Childs was trusted with the credentials necessary to do his job. That he is now being jailed for refusing to betray that trust, by disclosing such passwords to HR, who shouldn't have such passwords, is beyond insane.
I've also read a lot in this, about the gobshite in the jury having a CCIE. It's a sad state of affairs, that such a certificate seems to be more worth mentioning than any experience the gobshite had.
This case twists the definition of "denial of service" beyond all reasonable limits.
freedom isn't a basic human right?
sucks to be you
So what you're saying, is that civilisation and the taxes and justice system needed to maintain said civilisation = rape and death? I'm sure anarchy would be so much better, where do I sign up to the teabagger party?
Last week I listened to a Things You Missed In History Class podcast re: Alcatraz. They said that there was an infamously strict warden that did not allow any prisoners to talk, in their cells or in open areas such as the mess hall. While this rule was in place, prisoner violence was at an all-time low, essentially you can't as easily piss someone off and get shanked if you can't talk to them. Eventually the prisoners all started talking: they couldn't throw them all in solitary.
I'm not saying all prisons should be silent, just pointing out an interesting factoid.
I think one of the biggest problems is that prison has become an industry and guards are underpaid. I'm not saying they should be paid six figures, but they should be more bribe-resistant to smuggling in contraband.
When you sympathize with stupidity, you start thinking like an idiot.
Guess what, even without being raped, prison is still unpleasant. The majority of people who have been there don't want to go back.
Of course, once you've been convicted of a felony, you won't be able to get a job that pays a livable wage. In fact, this is fair. There aren't enough decent jobs to go around, and it is fair that the law abiding have dibs.
So, you have a felony conviction and no one gives you a chance, except people who need a second story man or an enforcer or something.
You do what you got to do. In America you are either a criminal or a sucker anyway.
No, he's not a hero. He's an idiot.
Yes, you are subject to the government or "anybody else" when fired. This is such a ridiculous statement it's ludicrous. Your car in the employee lot and the stuff in your desk doesn't automatically become your employers' property because you've quit or been fired. Your employer can't just decide to not pay you your remaining wages because "you quit" or "you were fired," and you certainly have professional, ethical, and obviously - legal - obligations to them as part of the termination process that you are expected to follow - among these, turning over keys and passwords that allow access to sensitive data and systems that your employer still owns.
And even if that were the case, he was not fired until AFTER he refused to reveal the passwords - he was being transferred to a new role, and when asked to give the passwords, he balked, then gave incorrect passwords, then sent an email gloating about how they were no doubt "trying to get access". And for all the people who are clamoring about "but the police weren't authorized users," do you really think this would have ended up this way if he had said, "Look, the police officers aren't authorized users so I can't say the password aloud, but I'll write down the password and hand it to you, the guy who I sent a list of passwords & user names to about a week ago?"
This is not about "Maintain our systems after we've turfed you." This is about, "Give us the keys to our property that are in your possession before you leave." That includes passwords.
Now, is 4 years of jail time a reasonable punishment? I think that's a little harsh. But the man is clearly in violation of ethical & professional standards no matter how you cut it, and richly deserves some form of punishment for that.
It can be management's fault that bad engineering occurs. I'm not assigning blame, I'm saying it's shoddy workmanship, whatever the reason.
> Also this "Luddite boss" thing really reeks of ego mania. Far too
> many sysadmins think they are the Smartest Motherfuckers in
> the Universe
You missed the fact that Childs is a CCIE. As such he was almost certainly the smartest person in his department; and quite possibly the smartest person in the employ of the city government.
Seriously... Cisco does not screw around on their certification exams. Hell, even their lower level certs make their comptia and MCwhatever "equivalents" look like child's play. The CCIE goes far beyond any of that. It's basically the pinnacle of all that is IT.
That he was smarter than his boss is almost a certainty. Anyone who actually deserves to be placed higher than a CCIE would not be wasting his talents in a government job. Of course, that raises the question of why Childs was wasting time in a government job. But it does seem that there was something just not right in his head.
That's not worth four years. Many first time rapists don't even get that.
First time rapists do going into court saying, "I did it. I'm glad I did it. It was the ethical and legal thing to do. I'd do it again!" Oh, and I looked at a few state and federal sentencing guidelines and the minimum for rape with no record varied from 5 to 10 years. Google it yourself.
The difference between democracy and anarchy:
Anarchy is mob rule.
Democracy is mob rule on a national level.
The difference between anarchy and civilization:
Under Anarchy, you must project the threat of violence to keep yourself safe.
Under Civilization, you pay taxes to people who will project the threat of violence to keep you safe.
These statements are the truth of the matter, no matter how much you want to pretty them up. Violence is what makes the world go 'round.
I know it's almost against /. religion to actually read the article, but this is quoted from the fine article:
$900k in "damages" based on the bill the city had to pay to get their network back under control.
It's a little wrong to say a tomato is a vegetable. It's a lot wrong to say it's a suspension bridge.
$900k in "damages" based on the bill the city had to pay to get their network back under control.
My understanding is that the third time he was asked (the first time asked by the person he stated he would give them to), less than two weeks after the first time, he provided the passwords. They paid about a million dollars in two weeks because they were too impatient to wait? And most of that expense was after he provided them with the codes that caused all the trouble. And there was no actual down-time between the first time he was asked and the third time he was asked?
Learn to love Alaska
While it is true that nobody intends for prisoners to get raped, society has a responsibility for what happens in a badly kept prison. It's not intent, but in many cases it may be willful neglicence.
I am not saying Childs did not deserve some punishment but this is way too harsh. Let's say Childs was a Janitor with keys to the city's data center entrance. Let's say Childs changed the lock to the data center entrance when he was about to be fired. Let's say Childs took the only key to the data center with him and refused to give it back to his boss. Would a janitor deserve 4 years in jail for that? No jury in the world would give out such a sentence to a janitor. But, because Childs is in IT he got 4 years. The general public including lawmakers has a phobia against anything computer related. They have an anxiety about it.
I did some part time work for a client who had his business run by someone on a contract. He didn't know the passwords to his own site, and, if the contractor died, he'd have had one hell of a time attempting to resurrect his business. After speaking with him about this, that contractor at least allowed that the password would be available to one other person. (to me that was near incompetence, as if both died, the client would lose a large portion of his income.) I told him he should at least have the passwords available to him, perhaps in a sealed envelope in a safe deposit box he had access to, just in case.)
Comment removed based on user account deletion
They should /attempt/ to keep him in jail for the rest of his life, that'd be a fair sentence for attempted murder.
However even if that's not the case, you have to relinquish the passwords when you leave.
His contract said to whom he could hand over the passwords. Those were not the people who came asking for them, or threatening him, or arresting him. When they finally got the person to whom he could release the passwords (the mayor), he did.
The problem with the contract is that it didn't explicitly state who was authorized to receive the passwords. The contract literally stated they could be handed over to an "authorized user."
This was compounded by the problems of identifying an authorized user, as the city didn't have clear records or direction who was authorized and who was not. Eventually the Jury decided that the person asking was authorized by the previous emails sent and received by Childs.
Not exactly true.
If you happen to have keys to company doors on your keyring, you are required to return them. If you happen to have been given a company car, you are required to return it.
Just because you have been fired does not mean that you are free to keep whatever company property you may have in your possession. The question then becomes whether passwords are considered company property.
Also, as pointed out elsewhere... An administrator that had so little common sense as to not plan for his untimely demise (as in others already have those passwords should he suddenly die), should really be considered as nothing more than a bumbling fool by real professionals.
And yes, I believe most people would consider any code or other work-product on your computer but not yet committed to source control as company property (they already paid you for providing it) so you must help them access it. Yes, most company network admins can do this with their accounts and that can be considered good enough.
Either way, this was a case based on denial of service, not theft of property. Childs was never accused of having the routing equipment at his house, he was accused of preventing access to the equipment housed on the city property.
With that in mind, it becomes a much different case than the theoretical previously put forward.
Consider a paint locker, which contains paint needed to maintain a ship's surface. Paint lockers tend to accumulate explosive fumes, and great precautions are taken to prevent ignition of the fumes. For example, special shoes are required to prevent sparks from scuffing.
The person responsible for the paint locker refuses to hand over the keys. You can't drill the lock out, as it would present a large fire risk to the rest of the crew. Technically he will hand over the keys to the correct authorized person, but you forgot to detail who that person is when you assigned him the task.
While not a perfect analogy, at least this example is closer to the Childs case.
He would've been much better going to a Federal Prison like most computer crime law violators go. He'd almost certainly have gone to a Federal Prison Camp (minimum security - low level criminals, non violent drug offenders, white collar criminals, and the like) given his (lack of a) record and his crime.
Federal Prisons already have a low incidence of rape (Federal PMITA prison jokes notwithstanding), and even a geek would have to really work at being victimized to stand a shot at it happening to them in an FPC.
But he went to state prison, and rape is rampant there.
Here in Las Vegas we had an FPC (now closed) at Nellis that was (in)famous for being a cushy place to go, by prison standards.
Just because it CAN be done, doesn't mean it should!