Slashdot Mirror
San Francisco Just As Guilty In Terry Childs Case
snydeq writes "Deep End's Paul Venezia follows up on the Terry Childs sentencing, stating that the City of San Francisco is as much at fault in this case as Childs is. 'The way that the San Francisco IT department has been run is nothing short of abysmal, and that has been pointed out time and again by anyone paying attention to this case,' Venezia writes. 'Plenty of dirty laundry was aired out in court as well, yet through it all, the city has had a full-court press on Childs, and being both the plaintiff and the prosecution it spared no expense to drill Childs into the ground.' Worse, perhaps, is the disproportion of the sentence, when compared with recent convictions for intended malfeasance on the part of several notable rogue IT admins."
"Printable version". TFS's link is to a two page version with six paragraphs per page.
Free Martian Whores!
Frisco's policy in this case is: "Punish what you can't understand".
Karma cannot be described by words alone.
Every time I read something positive pertaining to the American justice system I seem to be two years older than the last time. How does he possibly deserve four years in prison for this?
"Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
You can skip reading TFA; all of it that's relevant to the headline is in the article summary.
Most of the article is pointing out other people who did worse things and got lighter sentences. Frankly, I think that's a useless argument; for any crime, you can just about always find someone who committed a greater crime and received a lesser sentence. So what?
I think there's a lot of an interesting dialogue to be had about the Terry Childs case, but this particular article doesn't add anything to that discussion.
What level rogue was the admin, anyway?
"rogue IT admins" are the only thing worse than, "mall ninjas." *Dunt, dunt, duuuuunt!*
Sure, the SF IT department may be getting managed into the ground. Sure, maybe the city is as much to blame for everything as Childs is. But none of that matters now, does it? Nobody is going to file a case against SF city. Nobody is going to punish the SF IT department. Nah, the city will get to walk away scott free, continuing to practice poor procedures. All the wild, Childs has to live with his sentence as a convenient scapegoat. This case just serves a little more proof the the justice system, on all levels in this country (at least if you live in California) is completely FUBAR.
Motorcycles, Robots, Space Gossip and More!
Did a good job? The guy was keeping passwords and router configs in his head. He may be the best IOS programmer around, but that isn't the mark of a good job, that's the mark of an incredible idiot.
The world's burning. Moped Jesus spotted on I50. Details at 11.
It's good to be the king.
It must have been something you assimilated. . . .
Wow, a nuanced view of the problems.
Before this post gets modded as a troll or flamebait, it is my humble and sincere view as someone born and raised outside the USA, that Americans are often obsessed by finding a single cause for a problem and the idea that there might be multiple causes is rarely explored.
The real "Libtards" are the Libertarians!
Lots of people have to work under supervisors who are total idiots. That doesn't give anyone the right to sabotage their supervisor or their company. What he did was basically blackmail: "Let me talk ot the mayor or I'll keep you locked out of your network." You can't let the guy off easy just because he happened to be harmless. Next time, you might not be so lucky.
The problem lies in that most US people seem to equal justice with revenge.
FTA: "When faced with dangerously incompetent management, it's best to just look for another job."
I found this a very telling statement. If your management are bozos, don't try to change them or point out their bozo-ness. Just pack up and move on. They hold all the cards. You will be punished for trying to fix anything that makes them look bad.
How very sad and defeatist.
- Jasen.
This is a "productive. talented person"? Whether or not the city was run poorly (it is a city government, so it probably was) the fact is that he was holding the router and password configs hostage. Forget him getting fired and everything that happened, what would have happened if he got hit by a bus? He can claim that the other people were idiots, but idiots with access is better than a single person with access who dies, because then no one has access. I can even sympathize with holding the passwords, but what the hell would the purpose of not committing the router configs to memory be? So every time there is a power outage or a router needs to be rebooted they need to call him? That isn;t a good admin, no matter how stupid he thinks everyone else is.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
I would suggest it isn't so much an "American" trait as it is a convenient news tactic in America. People naturally want answers to questions. The neater and tighter the answer, the more readily it is accepted by the masses, which, of course, means that the news makes more money because they are more trusted. Simplicity is a hallmark of human (not just American) thinking - this takes different forms in different cultures. The main Western logical process is distinct from Eastern varieties but simplicity within the given culture is the tendency. Looking at modern history books covering the Renaissance and comparing them with 19th century history books of the same, we have a much broader viewpoint than those writing in the 1800s had. This is in part due to different access to resources, but in part due to the development of thought over time away from the natural reaction: Simplicity.
Now, with all that said, this is only... one facet of the change in thought patterns over the past century.
Worse it is the mark of a megalomaniac. He was convinced he has made himself indispensable, that by keeping knowledge to himself, and endangering the systems in doing so, made his job totally secure. He though he ruled the roost and nobody could fire him. He found out the very hard way he was wrong. As the saying goes "The graveyards are filled with indispensable men."
The most important think in an IT person is that they are trustworthy. They have amazing access, and this that comes amazing responsibility. They need to be trustworthy to not abuse that access. He did, badly so. As such he really should never work in IT again. He's shown that he can't set aside his ego and such a person has no business having system level passwords.
Most Americans I've met are actually very rational people who are willing to consider others' viewpoints. It's not until you get into the court and political systems that things start to fall apart.
They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
Well, guess what. No matter how much you may think it, generalized poor management is not actually a criminal offense. Whereas, denial of service is.
Justice is not about fairness. It's "did you break the law, and if so what's the stated punishment?"
Was the ordinance used to convict him fair and reasonably applied? The only opinion that matters is the jury's, and they thought it so.
IMHO, Childs may have started out with the best of intentions in his "stand", but it escalated into a pissing match. And you really can't out-piss senior municipal managers and politicians, so you can indict Childs for picking a losing fight.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Agreed. But does he deserve four years in prison? In most other professions, this would lead to a civil lawsuit and a fine, not a prison term on par with that of a violent offender.
"Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
Well... San Francisco gave his boss the authority to ask and receive those passwords. What the boss does with those passwords are between his boss and San Francisco.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
The Economist ripped the US a new one last week for locking up too many people, many of them non violent offences. It wasn't so long ago that people were hanged for stealing a loaf of bread, but we backed off from excess punishment (probably a little too far in some cases). But the United States the trend seems to be regressing thanks to grandstanding politicians and bloodthirsty voters who won't countenance even the slightest hint of being "soft on crime". With the way things are going, I truly think that the US will soon bring back public executions before long and will be indistinguishable from countries like Iran in how they deal with crime.
Drill baby drill - on Mars
"rogue IT admins" - I find that phrase humorous for reasons I cannot explain.
That's a typo. This IS San Francisco we're talking about - they almost certainly meant to say "rouge IT admins".
Its City property. And yes, its their equipment to be an idiot with. While Childs was following the policy to the letter, he should have realized his boss was a power hungry idiot that wasn't about to let his minion make him look like an idiot, and just handed over the passwords, packed up his shit and said "See ya!"
Insert funny smart-ass comment here.
That's actually not true.
http://slashdot.org/comments.pl?sid=1633482&cid=32008096
one of us actually was on that jury
Non impediti ratione cogitationus.
Whether he does or doesn't will be up to his lawyer to convince on appeal. The broader point here is that a whole lot IT guys seem to blindly be supporting him because he followed the letter of his contract to insane degrees. They paper over the fact that if this guy had been hit by a bus, his employer, the City of San Francisco, would well and truly have been up a creek without a paddle.
If this was such a big concern for Childs, why didn't he have these key passwords and router configs in the Mayor's office. Surely the Mayor has a safe or some other secured storage whereby this critical data could be securely stored in the event that the Mayor had to appoint someone else responsible. Where I work we have a safety deposit box where the originals of all the purchased software is stored, as well as a CD and hardcopy of all the passwords are stored. While it would probably be a bit difficult to keep going without me around, the guy that comes in after me would have a reasonably decent head start.
However harsh the sentence may have been, the fact is that Childs was a shitty IT manager. Being an IT manager is about a helluva lot more than being a clever router hacker, it's about documentation, about appropriate systems, and just as importantly about assuring, for whatever reason, that a smooth transition of IT management from one person or another can be accomplished. Childs didn't set up that damned network to benefit his employer, he set it up so that he was the cornerstone, and while the city has to take a lot of blame for not keeping a better eye on him, he violated some very basic tenets of sound IT operations and management. AS I've said before, I wouldn't hire the guy to manage a popsicle stand, I don't give a crap how brilliant he is.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I'm betting the Governors involved would treat him as any other convicted criminal and Childs would add a few more years onto his sentence for escape/flight.....
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Try translating your argument into a different context. What if he wasn't employed by the government - should the punishment carry the same weight? What if he worked in a different field? It seems to me that if either of those conditions were different, he would have just been fired. After all, if a major company gives one person the password to their corporate bank account, and they won't tell it, did they really just steal hundreds of millions of dollars?
"Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
(1) Childs was wrong. You don't withhold passwords from your employer. It's his property, and he's allowed to be an idiot with his own property.
Please cite a legal authority for your assertion that passwords are "property". Since they are intangible, I can only think that Intellectual Property laws would have bearing on that assertion. But, since the passwords were neither patented nor trademarked nor copyrighted (copywritten?), I don't see how your assertion can hold up.
In any case, even if you could make a "property" argument, that's not the basis of his conviction. He wasn't convicted for stealing the city's "property". He was convicted under an "anti-hacking" statute. Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-users, only that his inaction (i.e. his initial refusal to disclose passwords after his employment was terminated) temporarily inconvenienced administrators, until they could complete their password-recovery procedures. That's clearly not the scenario that the statute was meant to cover, and this turned out to be an incredibly novel precedent for applying "anti-hacking" rules to a run-of-the-mill employer/employee confrontation.
I don't think it's an exaggeration to say that this precedent endangers all of us in the IT field -- taken to its extreme, it means employers can lay claim to anything that ex-employees know, if it helps them run their systems or their networks better. Passwords, code optimizations, little quirks in configurations of various systems/subsystems, the list goes on. All of these are now potentially fair game for employers to force ex-employees to divulge, if they can make a plausible claim that -- however indirectly -- they are necessary to deliver services to their end-users. If the ex-employee refuses to comply, they're in violation of an "anti-hacking" statute. Silence = hacking. Wonderful.
What is even more amazing is there was a (supposedly) tech-savvy member of the jury, who should have been able to explain what a crock this was, but was swayed by the tech-illiterate arguments of the prosecution and thus could not, or would not, prevent this travesty of justice. He's even posted here on /. trying to rationalize his actions, and his vote.
I suspect, however, that some peer pressure was involved here, as often happens on juries (I know this firsthand from one of the juries on which I've served).
What if he worked in a different field?
He works in IT. Specifically, as a sysadmin like myself. That is extremely relevant to the case, and the fact of the matter is, as sysadmin, the very first rule is to never be the only one with access. Maybe put the password in a sealed envelope in the CEO (or Mayor's) safe, but make sure that several people know about the envelope.
Battlemaster--Game with friends in medival realms
I wasn't attempting to measure the justice, or lack of justice, in the sentencing. You do bad enough to go to the courts, well, be ready for whatever comes down. There's nothing in most legal traditions that require every sentence for a crime be identical. It will be up to Childs' lawyer to try get the sentence overturned, reduced, new trial, whatever.
What I'm commenting on is the way in which a lot of guys around here just endlessly defend Childs, at best only giving a brief nod towards the fact that he had inadequately secured key data for a rather large organization's IT infrastructure. Part of the fault must surely be that there wasn't enough oversight, that he had been given too much power with too few strings, but even so, in his position, even taking his extreme view of the chain of command, a sensible IT administrator would have taken steps to assure the integrity of the infrastructure.
Imagine if Childs had been killed in a car accident days before city officials made their demands? Would you be defending him? Would any of the IT guys who post here be defending him? He's the classic model of a prima dona, a self-important delusional nutcase who whether out of some megamaniacal urge, or out of simple self-interest, made sure that he was indispensable. If I take the latter view, then yes, he deserves some judicial censure, whether jail time, or whatever. If the former, then what he needs is psychological help. Whatever the case, he's a shitty IT guy, pure and simple. I don't know him personally, but I know his type, the too-clever-by-half hacker types. These guys are dangerous to put in charge of any critical infrastructure.
The world's burning. Moped Jesus spotted on I50. Details at 11.
What if you worked at a nuke plan and your boss wanted the codes over the speakerphone and you did not know if people on the other end where able to run the system and you know that your boss was not able to run the systems.
2) Having been convicted, I would have run away. There are a lot of decent IT jobs in the Northeast..... almost 3000 miles away from the SF Government's reach. No different than running from Spain to Poland to start a new life.
US Constitution, Article 4, Section II, Clause 2:
"A Person charged in any State with Treason, Felony, or other Crime, who shall flee from Justice, and be found in another State, shall on demand of the executive Authority of the State from which he fled, be delivered up, to be removed to the State having Jurisdiction of the Crime."
You achieve nothing in your interstate flight but a quarantee of conviction on a new and stiffer felony charge.
You will be doing hard time even if your prior conviction is overturned.
You mean kind of like how a lot of non-Americans like to find the property of "being an American" as somehow intrinsically to blame in so many situations?
All people need to simplify. You will never understand everything, so you research carefully the things that interest you, and everything else needs to be ignored or fit into a bite-sized piece of intellectualism that you don't need to give any thought to. Nationality has nothing to do with it.
What do you mean "so what"?
First there's the question of precedent.
Second there's the question of just punishment
While the city may have a shitty IT setup, is that illegal? Probably not. However what Childs did WAS illegal.
That is the difference. I know that some geek types seem to think the law should be whatever strikes them personally as fair but that isn't how it works. Childs broke the law, he was tried and convicted of it (and one of his jurors had a CCIE so none of this "stupid jury" bullshit).
If the city is being negligent then a lawsuit can, and should, be brought against them. None of that makes what Childs did right or legal.
Please, please would all Slashdot posters go and READ UP ON THE CASE before posting. The facts please, not the opinions form mother Slashdotters. So much uninformed kneejerk here. Slashdot itself had some good links, including one to an interview with aforementioned CCIE juror. How are you any better than the people you like to look down upon if you cannot be bothered to get your facts straight for something you have strong emotions about?
"They paper over the fact that if this guy had been hit by a bus, his employer, the City of San Francisco, would well and truly have been up a creek without a paddle."
Which is a management issue, not a technical one, so the one to blame must be a manager. Was Childs in a manager-level position or in a "mere" technical one?
"However harsh the sentence may have been, the fact is that Childs was a shitty IT manager."
Truly so. But was he in a managerial position to start with? All I can find about him is that he was a "network administrator", a "network engineer" or an "IT administrator", never a manager, so he was not the one to say how the passwords should have to be managed nor the one to deal with policy violations. In fact, as per this reference (http://blogs.sfweekly.com/thesnitch/2010/08/terry_childs_sentenced_hacker.php) it seems clear that upper SF management agree this being a case of bad management: both Terry's direct manager and the security manager were displaced (they are not fired -yet, probably not to ashame that very SF upper management).
The dude wouldn't turn over passwords when ordered by his Senior Associate. That's just insubordinate in any circumstance, regardless of the job, and will get your ass fired in most places. Terry could have handled things differently if he didn't trust his immediate supervisor, but he didn't. He chose to lie all the way up the food chain and took the for-the-good-of-the-network chip on his shoulder with him.
boycott slashdot February 10th - 17th check out: altSlashdot.org
What's he going to do, get another IT job and offend again? They should have given him community service. The guy's career has already been wrecked.
We are way too much about jail in California and the US. You shouldn't go to jail unless you are violent, or an incorrigible repeat offender. California is bankrupting itself putting taxpayers in jail for crimes like these and for smoking, it is fucking crazy.
Furthermore, justice AND revenge both do not mandate prison and/or being subject to physical or sexual abuse. There are many things that can be done in BOTH cases besides the obvious one. Prisons cost too much money and have too much lobbying pressure to maintain or grow the punishment/revenge system we have today.
Having pedophile tattooed on your forehead should be enough...
Terry Childs is going to have career problems for life, no need to waste money holding him in a cage as if he was a wild animal threatening the peace - or even put an invisible fence around his house is not worth it.
Democracy Now! - uncensored, anti-establishment news
I like that rule, I wish it could always be the case too! I'll give you a real life example of my situation. I created said envelope with all the key passwords and sensitive documentation to allow another to step in should I be hit by a bus. It was placed in the safe in the CFOs office.
You may or may not have guessed it but the CFO was fired and his position was removed. Since this was an executive decision they of course waited until way too late to tell me. The COO and Controller emptied the safe and now I do not know where that paperwork wound up. I changed my critical passwords and VPN encryption keys. Then the time came where they wanted the list of passwords. I asked them where the old list was and I haven't heard anything since.
Now for my own sanity I still keep a copy of the records but it is no small feat to change all the sensitive passwords so I keep them in the safe of the owner who has already twice forgotten that he has it. He asks me for it personally sometimes. If the time came I don't believe he would know its in his safe.
This is why I can feel at least some sympathy for Terry Childs although he definitely didn't act in any way professionally. He deserves to be punished but his punishment doesn't fit the crime given what's been brought to light about his management.
My other question is why in a city the size of SF was there only one person responsible for critical city infrastructure? If two people had been working together the whole time then the project would never have been in jeopardy unless Childs managed to corrupt the second guy which I guess is possible if some the ineptitude of management was in fact true.
So 4 years is just and appropriate because he was a shitty admin and had a bad attitude?
I may not personally feel sorry for him (haven't given that aspect much thought), but this is clearly a gross miscarriage of justice, and that outrages me regardless of the target.
couldn't have been that high, though I guess the city of SF MIGHT be classed as a raid boss.
"Boss, I can't give you those codes over speakerphone. Call me back on a regular phone and I'll give them to you.
Doesn't matter. It's his system. You hand over the codes. And if you truly believe he can't run it, you quickly drive out of the blast radius.
Go put a chain and padlock on your neighbor's gate and see if you get in any trouble. You haven't stolen his property, so everything should be a-ok, right? (Heck, you haven't even trespassed, since he has to warn you once before it's a crime)
He denied access to the replacement administrators. They are authorized users of the system's configuration utilities.
Only because you're trying really, really hard to turn this into something it's not. Not turning over the passwords blocked the new adminsitrators from accessing the systems, just as if he DDoS'ed the management ports.
Plenty of dirty laundry was aired out in court as well, yet through it all, the city has had a full-court press on Childs, and being both the plaintiff and the prosecution it spared no expense to drill Childs into the ground.
Wow, that metaphor is more confused than an eel at a hovercraft convention. The word on the street is that Infoworld editors are sharper than tacks, but when the rubber hits the road it seems the prose flies like a banana.
OK, consider if he were to behave like that in a bank. In a bank, he could hold money hostage, and cost the bank a fortune. So most banks implement separation of duties policies to prevent stuff like this, and their procedures would prevent a megalomaniac from rising to this position in the first place.
So we know there are proven procedures to protect a company from malicious admins, and those procedures are not secret. They could have been implemented by his bosses in city hall. But they weren't. Yes, his boss should be held liable for not adequately ensuring safeguards existed, and he should have been fired as soon as they jailed Childs. (That he wasn't stinks of favoritism, but those kinds of shenanigans are pretty much how every corrupt city operates under the covers.)
I'm pretty sure the punishment wasn't levied for the refusal to cooperate while he was employed, or of how the system did or didn't work after he was gone. The reason he got four years was how he behaved after he was ordered to turn them over by the court. You can generally piss off your boss and risk only your job, but lesson 0 is don't mess with the courts. They are the exact set of people who have the authority and ability to get revenge, and they love to show it.
For that matter, I doubt that either the courts or the city wanted anything to rush in this case. I'm sure they figured he'd get off with time served, and they wanted to ensure that he got plenty of that to begin with. The longer he sat in a cell, the more punishment he'd receive, regardless of the eventual outcome. That part is a complete abuse of the justice system, but when it's perpetrated by the justice system itself, well, there's nothing an individual can do except run against the scumbags in the next election.
John
And all of it could have been avoided if Childs actually knew what being a system/network administrator actually meant.
More importantly the four year sentence could have been avoided if the courts actually upheld the constitution and laws of this country. Instead its much more common for the 'authorities' in any branch to react on a personal level, and really stick it to the people they don't like regardless of whether or not its appropriate. THAT is the real crime here. Personally I keep that in mind- and stay out of trouble. It bothers me a lot that people in power are allowed to act is such a petty and spiteful manner and are given a pass because 'the guy was a jerk'. Right, cause its only ok to be an asshole when you're in charge...
Please cite a legal authority for your assertion that passwords are "property". Since they are intangible, I can only think that Intellectual Property laws would have bearing on that assertion. But, since the passwords were neither patented nor trademarked nor copyrighted (copywritten?), I don't see how your assertion can hold up.
/. trying to rationalize his actions, and his vote.
True. The servers were property and he was withholding access to that property.
Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-users, only that his inaction (i.e. his initial refusal to disclose passwords after his employment was terminated) temporarily inconvenienced administrators,
The administrators are authorised users as well. They are authorised at a higher level. Why does the anti-hacking statute not cover this?
But the law doesn't really work like that. Intent is quite important. It seems likely that Childs deliberately arranged things in such a way that it would be extremely difficult for his replacement to administer the servers he had a right to administer.
What is even more amazing is there was a (supposedly) tech-savvy member of the jury, who should have been able to explain what a crock this was, but was swayed by the tech-illiterate arguments of the prosecution and thus could not, or would not, prevent this travesty of justice. He's even posted here on
He had access to all the evidence, and had an explanation of how the law works rather than the interpretation of a computer user, expecting the law to work like a computer and have no flexibility in interpretation at all.
" Then the time came where they wanted the list of passwords. I asked them where the old list was and I haven't heard anything since."
You realize that this is dangerously close to Childs' attitude.
When they asked you, you should have (as I would) informed tham that they had a list of the passwords from the CFO's safe. You have since changed them, knowing the safe was 'compromised', and you did not know the disposition of the contents. And then you should have delivered without hesitation, to the CEO, owner, or their authorized agent, the new passwords. And perhaps a written admonition to notify you whenever a critical exeuctive or manager is dismissed, so that you can take appropriate action.
When I was installing small-business systems, it was expected, mandatory, that I leave the business owner with those passwords and access details. When we provided access for our clients, the router configs were delivered on floppy (this is a while ago), and passwords again made delivered as well. Where they had a trustworthy or critical telecom or cable provider, they also got a copy of passwords. All of these also got a disclaimer, that if the passwords were compromised or given to unauthorized agents, or changed without notifying us, our responsibility for the functionality of the system, and SLAs, terminated as of the action, not on date of notification. I had two or three incidents where the passwords, etc., were misused or compromised, and we did not have any real difficulty with the client. Once they changed providers and the new provider ran roughshod through the network with predictable results. We explained the policy, and they clammed up. The owner blamed us, but in a year we were 'back in'... In anothe case, the owner changed consultants and ditched us, and made the changes in the middle of the night without notice. Hey, it's a 'Haitian divorce'. When he did notify us, we of course offered all asssistance, and saved the new player a lot of time figuring things out. That old boss saw no value in further annoying disgruntled customers or competitors. But if a client ever asked me for passwords, they got them. It's their system. If they really wanted to mess it up, they paid for it.
Oh well, my $.02
deleting the extra space after periods so i can stay relevant, yeah.
If thats what happened we might consider thinking about it that way, but thats not what happened.
What happened is the nuke plants policy is to put all those codes in a known secured location so that authorized personal can get to them. Instead he didn't do that, then when they wanted to move him over to being a janitor since he clearly wasn't a good admin he continued to refuse to follow policy and then refused to do anything else citing policy as his excuse.
You don't get to not follow policy then use it as your excuse.
You either follow it or you don't, he was picking and choosing to suit his agenda at the time.
He also would never have been hired to work at such a location because they have better screening policies to prevent megalomaniacs from being that close to such potentially dangerous equipment.
This situation wouldn't arise at a nuclear plant ... they would have shot him much earlier on for all the shit he was doing against policy.
You might want to get some facts about the case ... like what he actually did and what policies he was/wasnt' following.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Childs wasn't just a jerk. He was an incompetent. The big mistake was ever letting the guy have even the smallest amount of meaningful responsibility.
The world's burning. Moped Jesus spotted on I50. Details at 11.
The point that I haven't heard anything since is pointing out that they screwed up and didn't want to admit it but couldn't point the finger anywhere else. I suggested to the COO and the CEO/Owner that we just keep it in a safe at his house. I regularly work up there too so it makes keeping the thing up to date relatively simple. Make no mistake, I am never the only person that has a production password.
I definitely hold the people responsible accountable and the chain of command is jacked here as I've been through four bosses in seven years. When the new IT director came aboard per the owner's instructions I did not give him full access. I slowly increased his access as I felt comfortable with his abilities and now he has the same level of access I have which coincidentally means I can finally take a vacation. This I very much enjoy!
Childs is to IT as Hustler is to free speech. If it applies to the "worst"of us it applies to the rest of us.
So he was bad at his job. But here's the question you're only giving a brief nod to: is being bad at your job a crime worse than murder?!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
exactly! He DID give the passwords to the network's "owner" that was the Mayor within "reasonable" time, less than a week after being locked in jail. And he did so without any kind of civil court order to turn over the "property" so the city never actually established in court that they OWNED the property they accused him of "stealing". The PROPER procedure to follow would have been to get a judge to issue an order for Childs to turn over the "property", then they would have easily had him for contempt of court and could have sweated him in jail for as long as it took. As the DA and IT manager never LEGALLY ASKED for the passwords in any kind of binding manner his prosecution was literally under false pretexts, a waste of money, and abuse of official power.
Childs wasn't just a jerk. He was an incompetent.
Are still on that?
If being incompetent in IT is a felony, we need a hell of a lot more prisons.
He certainly sounds incompetent, but he's in jail because hes a jerk- and thats _wrong_.
It what way is he worse than the person that started it all off - the woman the was caught by Terry Childs in an office she shouldn't have been in and removing the hard drive of the person responsible for network security? Certainly authority was given later after the person responsible for network security resigned, but it looks like Terry Childs is a very minor case of overstepping authority in his own department. The entire thing is petty office politics in a disfunctional workplace escalated to the point where they put someone that did not roll over instantly to an unusual instruction into jail.
Think about that stupid ambush meeting tactic and you'll see there was no way there could be a good outcome - hand over the passwords to unauthorised people and he's in deep trouble, and it turned out waiting until the unauthorised people were out of earshot was deeper trouble and a media circus (met by the Mayor and a publicity agent instead of his boss, technical consultant, or anybody else interested in doing the job instead of camera time).
While a notebook full of passwords in a safe would have answered this problem, consider that the entire password issue is mainly a beat up because he handed them over anyway, and that anyone competant enough to work on the devices that had physical access to them could change the passwords anyway. Configuration information gets lost, but nobody gets locked out forever and THEY HAD THE PASSWORDS IN LESS TIME THAN IT TOOK TO GET A REPLACEMENT FOR HIM ANYWAY.
So that's it - jail for not handing over passwords to the wrong people and sitting and waiting for somebody else to turn up. I think you need to reconsider whether overblown emotive words like "megalomaniac" actually fit the situation. I suspect you are bringing in a pile of your own baggage from IT restrictions you suffer from and demonising this man as a Bastard Operator from Hell.