Slashdot Mirror
San Francisco Just As Guilty In Terry Childs Case
snydeq writes "Deep End's Paul Venezia follows up on the Terry Childs sentencing, stating that the City of San Francisco is as much at fault in this case as Childs is. 'The way that the San Francisco IT department has been run is nothing short of abysmal, and that has been pointed out time and again by anyone paying attention to this case,' Venezia writes. 'Plenty of dirty laundry was aired out in court as well, yet through it all, the city has had a full-court press on Childs, and being both the plaintiff and the prosecution it spared no expense to drill Childs into the ground.' Worse, perhaps, is the disproportion of the sentence, when compared with recent convictions for intended malfeasance on the part of several notable rogue IT admins."
"Printable version". TFS's link is to a two page version with six paragraphs per page.
Free Martian Whores!
You can skip reading TFA; all of it that's relevant to the headline is in the article summary.
Most of the article is pointing out other people who did worse things and got lighter sentences. Frankly, I think that's a useless argument; for any crime, you can just about always find someone who committed a greater crime and received a lesser sentence. So what?
I think there's a lot of an interesting dialogue to be had about the Terry Childs case, but this particular article doesn't add anything to that discussion.
What level rogue was the admin, anyway?
"rogue IT admins" are the only thing worse than, "mall ninjas." *Dunt, dunt, duuuuunt!*
Sure, the SF IT department may be getting managed into the ground. Sure, maybe the city is as much to blame for everything as Childs is. But none of that matters now, does it? Nobody is going to file a case against SF city. Nobody is going to punish the SF IT department. Nah, the city will get to walk away scott free, continuing to practice poor procedures. All the wild, Childs has to live with his sentence as a convenient scapegoat. This case just serves a little more proof the the justice system, on all levels in this country (at least if you live in California) is completely FUBAR.
Motorcycles, Robots, Space Gossip and More!
Did a good job? The guy was keeping passwords and router configs in his head. He may be the best IOS programmer around, but that isn't the mark of a good job, that's the mark of an incredible idiot.
The world's burning. Moped Jesus spotted on I50. Details at 11.
It's good to be the king.
It must have been something you assimilated. . . .
Wow, a nuanced view of the problems.
Before this post gets modded as a troll or flamebait, it is my humble and sincere view as someone born and raised outside the USA, that Americans are often obsessed by finding a single cause for a problem and the idea that there might be multiple causes is rarely explored.
The real "Libtards" are the Libertarians!
The problem lies in that most US people seem to equal justice with revenge.
When, seemingly, most of our judges seem unable to read and comprehend, which is both the easiest to understand and the highest law of the land, the US Constitution, how can you expect any other result?
But the Constitution doesn't mean what it says. It's a living document that evolves over time. That's why we only allow people with law degrees to decide what it means. Following the plain text of the document? That's crazy talk.....
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I would suggest it isn't so much an "American" trait as it is a convenient news tactic in America. People naturally want answers to questions. The neater and tighter the answer, the more readily it is accepted by the masses, which, of course, means that the news makes more money because they are more trusted. Simplicity is a hallmark of human (not just American) thinking - this takes different forms in different cultures. The main Western logical process is distinct from Eastern varieties but simplicity within the given culture is the tendency. Looking at modern history books covering the Renaissance and comparing them with 19th century history books of the same, we have a much broader viewpoint than those writing in the 1800s had. This is in part due to different access to resources, but in part due to the development of thought over time away from the natural reaction: Simplicity.
Now, with all that said, this is only... one facet of the change in thought patterns over the past century.
Worse it is the mark of a megalomaniac. He was convinced he has made himself indispensable, that by keeping knowledge to himself, and endangering the systems in doing so, made his job totally secure. He though he ruled the roost and nobody could fire him. He found out the very hard way he was wrong. As the saying goes "The graveyards are filled with indispensable men."
The most important think in an IT person is that they are trustworthy. They have amazing access, and this that comes amazing responsibility. They need to be trustworthy to not abuse that access. He did, badly so. As such he really should never work in IT again. He's shown that he can't set aside his ego and such a person has no business having system level passwords.
I am not even sure I would call the punishment legal. They really shoehorned a law designed for something else into this case. In many ways he is getting punished for following his employer's rules when politics said he should have broken them.
Agreed. But does he deserve four years in prison? In most other professions, this would lead to a civil lawsuit and a fine, not a prison term on par with that of a violent offender.
"Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
The Economist ripped the US a new one last week for locking up too many people, many of them non violent offences. It wasn't so long ago that people were hanged for stealing a loaf of bread, but we backed off from excess punishment (probably a little too far in some cases). But the United States the trend seems to be regressing thanks to grandstanding politicians and bloodthirsty voters who won't countenance even the slightest hint of being "soft on crime". With the way things are going, I truly think that the US will soon bring back public executions before long and will be indistinguishable from countries like Iran in how they deal with crime.
Drill baby drill - on Mars
"rogue IT admins" - I find that phrase humorous for reasons I cannot explain.
That's a typo. This IS San Francisco we're talking about - they almost certainly meant to say "rouge IT admins".
By that time, he'd already committed what he was convicted of.
Childs refused to record passwords, in direct violation of policy. When being moved from his current job, he refused to hand over passwords etc. in any environment, again in direct violation of policy. He then prepared to leave town without handing them over.
No competent sysadmin sets things up so he's the only person with the passwords, so that the network is simply screwed if he's hit by a bus. Childs went one further: he had the password for a file on his personal laptop that had the passwords in it. Had his laptop been destroyed, or the file system corrupted, the passwords would be lost.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Whether he does or doesn't will be up to his lawyer to convince on appeal. The broader point here is that a whole lot IT guys seem to blindly be supporting him because he followed the letter of his contract to insane degrees. They paper over the fact that if this guy had been hit by a bus, his employer, the City of San Francisco, would well and truly have been up a creek without a paddle.
If this was such a big concern for Childs, why didn't he have these key passwords and router configs in the Mayor's office. Surely the Mayor has a safe or some other secured storage whereby this critical data could be securely stored in the event that the Mayor had to appoint someone else responsible. Where I work we have a safety deposit box where the originals of all the purchased software is stored, as well as a CD and hardcopy of all the passwords are stored. While it would probably be a bit difficult to keep going without me around, the guy that comes in after me would have a reasonably decent head start.
However harsh the sentence may have been, the fact is that Childs was a shitty IT manager. Being an IT manager is about a helluva lot more than being a clever router hacker, it's about documentation, about appropriate systems, and just as importantly about assuring, for whatever reason, that a smooth transition of IT management from one person or another can be accomplished. Childs didn't set up that damned network to benefit his employer, he set it up so that he was the cornerstone, and while the city has to take a lot of blame for not keeping a better eye on him, he violated some very basic tenets of sound IT operations and management. AS I've said before, I wouldn't hire the guy to manage a popsicle stand, I don't give a crap how brilliant he is.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Precisely. Whatever else Childs is, he's a shitty administrator. Do you think the city's chief comptroller has the only set of keys to important confidential accounting files? Do you think the city's chief personnel/HR officer has the only set of keys to personnel files?
As much as all of us IT guys have our moments of self-delusional self-importance, we are, at the end of the day, simply another aspect of any given organization's total infrastructure, and are bound by the same rules, and by the same basic set of good practices. You keep copies of keys, passwords, pass codes, whatever in a secured place. You don't keep them on laptops. You don't keep them in your head. You make damned good and sure that if you were hit by lightning the next morning your employer can assure continuity of operations. That is the most fundamental job anyone in a position of any kind of managerial authority in any organization has.
The world's burning. Moped Jesus spotted on I50. Details at 11.
You mean kind of like how a lot of non-Americans like to find the property of "being an American" as somehow intrinsically to blame in so many situations?
All people need to simplify. You will never understand everything, so you research carefully the things that interest you, and everything else needs to be ignored or fit into a bite-sized piece of intellectualism that you don't need to give any thought to. Nationality has nothing to do with it.
While the city may have a shitty IT setup, is that illegal? Probably not. However what Childs did WAS illegal.
That is the difference. I know that some geek types seem to think the law should be whatever strikes them personally as fair but that isn't how it works. Childs broke the law, he was tried and convicted of it (and one of his jurors had a CCIE so none of this "stupid jury" bullshit).
If the city is being negligent then a lawsuit can, and should, be brought against them. None of that makes what Childs did right or legal.
Please, please would all Slashdot posters go and READ UP ON THE CASE before posting. The facts please, not the opinions form mother Slashdotters. So much uninformed kneejerk here. Slashdot itself had some good links, including one to an interview with aforementioned CCIE juror. How are you any better than the people you like to look down upon if you cannot be bothered to get your facts straight for something you have strong emotions about?
Furthermore, justice AND revenge both do not mandate prison and/or being subject to physical or sexual abuse. There are many things that can be done in BOTH cases besides the obvious one. Prisons cost too much money and have too much lobbying pressure to maintain or grow the punishment/revenge system we have today.
Having pedophile tattooed on your forehead should be enough...
Terry Childs is going to have career problems for life, no need to waste money holding him in a cage as if he was a wild animal threatening the peace - or even put an invisible fence around his house is not worth it.
Democracy Now! - uncensored, anti-establishment news
Please cite a legal authority for your assertion that passwords are "property". Since they are intangible, I can only think that Intellectual Property laws would have bearing on that assertion. But, since the passwords were neither patented nor trademarked nor copyrighted (copywritten?), I don't see how your assertion can hold up.
/. trying to rationalize his actions, and his vote.
True. The servers were property and he was withholding access to that property.
Essentially what they got him on was "denying services to authorized users", which takes quite a bit of intellectual contortion, since no-one ever proved that his actions directly prevented services to any end-users, only that his inaction (i.e. his initial refusal to disclose passwords after his employment was terminated) temporarily inconvenienced administrators,
The administrators are authorised users as well. They are authorised at a higher level. Why does the anti-hacking statute not cover this?
But the law doesn't really work like that. Intent is quite important. It seems likely that Childs deliberately arranged things in such a way that it would be extremely difficult for his replacement to administer the servers he had a right to administer.
What is even more amazing is there was a (supposedly) tech-savvy member of the jury, who should have been able to explain what a crock this was, but was swayed by the tech-illiterate arguments of the prosecution and thus could not, or would not, prevent this travesty of justice. He's even posted here on
He had access to all the evidence, and had an explanation of how the law works rather than the interpretation of a computer user, expecting the law to work like a computer and have no flexibility in interpretation at all.
I've seen many people fight and lose in that situation. It was never pretty, and it didn't work.
However, after the 5-10-15th person leaves a department and tell HR that disagreements with management was their reason to leave, Someone might do something about it. I just saw it happen a few months ago. People were even refusing headhunter calls alleging that their network claimed that the work environment was unacceptable.
If the next level of management fails to realize the problem after most positions becomes revolving doors, they'll go under anyway.
That's right. If he had been smart he would have just "deleted all company email, caused the email servers to spew out spam, and intentionally crippled at least some servers, rendering them inoperable" like Stephen Barnes did and been out of jail a year ago. Or perhaps he could have "deliberately and painstakingly attempted to sabotage the company he worked for, intentionally writing scripts to destroy valuable data" like Yung-Hsun Lin did and he would be out of jail in three more months.
But he got a much harsher sentence despite having not caused a single minute of outages on the network he was accused of conducting a denial of service attack on. Maybe someone ought to write (or read) an article comparing these widely disparate sentences.