Employee "Disciplined" For Installing Bitcoin Software On Federal Webservers

Fluffeh writes "Around a year ago, a person working for the ABC in Australia with the highest levels of access to systems got caught with his fingers on the CPU cycles. The staffer had installed Bitcoin mining software on the systems used by the Australian broadcaster. While the story made a bit of a splash at the time, it was finally announced today that the staffer hadn't been sacked, but was merely being disciplined by his manager and having his access to systems restricted. All the stories seem a little vague as to what he actually installed, however — on one side he installed the software on a public facing webserver, and the ABC itself admits, 'As this software was for a short time embedded within pages on the ABC website, visitors to these pages may have been exposed to the Bitcoin software,' and 'the Coalition (current Opposition Parties) was planning on quizzing the ABC further about the issue, including filing a request for the code that would have been downloaded to users' machines,' but on the other side there is no mention of the staffer trying to seed a Bitcoin mining botnet through the site, just that mining software had been installed."

SETI@Home

[SJHillman]

Reminds me of the guy who got fired for running SETI@Home on all the PCs where he worked. Of course, he also (allegedly) stole 18 computers and accelerated the depreciation cycle, etc...

Re:SETI@Home

I worked with a guy who installed SETI@Home everywhere. All the staff complained the computers were slow yet he did nothing. I uninstalled the software for someone on one computer once I discovered what was going on, and the next day he had reinstalled it. He should have gotten fired for intentionally lowering everyone's productivity. He ended up getting fired for something else later on.

Re:SETI@Home

[bws111]

In this case, it IS theft. The whole idea of bitcoin is to generate 'value' by using computing power. That computing power (and the very real actual power behind it) is not his to spend, but he nevertheless was converting it to 'cash' for his own benefit.

SETI also uses very real power (and cooling) to do it's work.

Re:SETI@Home

[es330td]

Back when they offered cash rewards for cracking the RC5 keys our Director of IT installed the software on the servers we used at our firm. While I couldn't prove it was him, I noticed that his username jumped in the rankings so I knew he had some serious horsepower running the software for him and these machines were multi-way UN*X boxes. I mentioned in passing to a colleague that the culprit had impressively jumped in the rankings within earshot of the director. They were uninstalled by the next Monday; I guess he knew he had been found out.

Re:SETI@Home

[plover]

There are two costs: the cost of "computing power unavailable to the organization", and the "additional power consumed". The first would be his impact on systems, and would be extremely difficult to measure. But the second is very easy: measure the increase in machine power consumption caused by running the client. Did it draw an extra 160W per server? Multiply that by the number of servers, and then double it to account for the additional cooling required to remove the extra heat. There's the increase in power, crossed with the electric bill, and Bob's yer uncle. The guy cost them real money.

Re:SETI@Home

[SJHillman]

They did that with the SETI case and figured it to be in the low seven figure range (hundreds of PCs over several years).

Re:SETI@Home

[TheMathemagician]

He should have been fired - well at least disciplined - if he's installing non-business software on company machines without permission. Not because he "stole CPU-cycles" but because he's obviously a loose cannon. Suppose it conflicts with other software? Suppose it hogs memory or other resources? Suppose it contains malware? etc etc

Re:SETI@Home

[tomhath]

There are two costs: the cost of "computing power unavailable to the organization",

This is by far the larger of the two, the other is negligible. People's time is valuable, if you slow down computers on a network you're stealing hours, possibly hundreds of hours or more per week, depending on the size of the employer and how much it's slowed down. That adds up very quickly. Sure, the company can upgrade the network and clients - but that's very expensive too.

Re:SETI@Home

I don't think that's accurate, or, at least, it depends on how well designed the software is. If it runs in a low priority, gets out of the way quickly when some other process wants cycles, the slowdown to users could be very negligible. However, it could still consume considerable electricity.

Re:SETI@Home

[mcgrew]

It reminds me that I'm not Australian and have no fucking clue what ABC is. Australian Bit Coins? Angry Boss Coming? Another Bloody Chump? Australian Bureau of Comfusion?

It wouldn't hurt to spell out the acronym once, unless you're talking about sometheng every nerd in the world would recognize.

Re:SETI@Home

[plover]

But it's almost impossible to measure the impact of the computing power lost. First, were there actual delays incurred because of the mining software, or did the process quickly get out of the way when a higher priority task happened? If there were delays, would they know how many internal users were supposed to be using it, and how much additional payroll burden they had due to those users working overtime because of the delays? Or if they didn't put in any overtime because of the delays, did they accomplish less work? Or were they just annoyed?

Then, do they know about the time spent by external users (customers, who aren't being paid by ABC?) Did the external users have a bad experience, such that they refused to use the site and instead conducted their business via very expensive postal mail or drive to the offices and complained to expensive humans? Were there service issues opened and handled due to poor response times?

The amount of electricity consumed can be documented, which makes it a "hard" cost, one that could easily be presented in a courtroom. The reduced access to the resources may not be documentable; therefore it's really a "soft" cost, and isn't recoverable.

Re:SETI@Home

[Teancum]

Both Seti@Home and the default client for Bitcoin operate at the lowest thread priority possible (at least for a standard high level application that doesn't go into kernel mode). They are designed explicitly with the goal in mind to not get in the way of other programming tasks and should take up the CPU computing time normally performed by some other sort of idle process that most operating systems have when there is nothing else for the CPU to be performing.

In terms of "people's time is valuable", that is utter bullshit. This software will not steal hours and in both cases the network bandwidth is negligible as well. Network bandwidth might be a lesser issue to worry about, but these are very lightweight protocols.... Seti@Home especially. Browsing one web page per hour is going to suck up far more bandwidth, and don't even get started on any multi-media content like streamed audio or video.

In terms of CPU bandwidth, this would be CPU cycles that the computer would otherwise be doing absolutely nothing anyway. There is a very slight overhead in terms of having a few extra threads for the CPU to manage that otherwise wouldn't be there (very small overhead but is still there none the less) and these processes do take up a small portion of the RAM on the computer as well which could impact performance of some applications that are poorly written or are memory hogs. If you are running Microsoft Windows, the Windows Explorer program itself is such a wasteful hog of resources that any other application like Bitcoin or Seti@Home are marginal noise by comparison, much less if you are running something like MS Office. Linux is a bit more lean but even then a GUI shell of almost any sort also tends to chew up a whole bunch of system resources that put to shame anything these other applications perform... and both software packages can be operated in command-line only mode as well to reduce system impact.

One other side issue is simply software systems interaction. As much as you hope that modern operating systems keep data and code separated from one application to the next and some strong memory protection to keep programs from clobbering each other or impacting each other in competition for "system resoruces" of various kinds, sometimes weird interactions happen between various applications that can sometimes produce unexpected results. Simply having this software on a computer might cause a software glitch merely by being there. It certainly introduces more potential bugs to a computer system. On the other hand, these software packages are heavily tested and bugs which would crash your computer with something like the Blue Screen of Death would likely have been found and fixed with popular software packages like Bitcoin and Seti@Home, where my first guess for a BSOD would be something else and putting these applications as nearly the last thing to consider for system trouble shooting. Regardless, I've uninstalled this kind of software on systems I've used when trying to do software development if only to reduce the number of variables that might be causing problems with my software.

The problem is that many modern computer systems have a reduced power option when they are idle, even if it is for just a fraction of a second. In particular the Bitcoin software tends to do some rather high performance mathematical routines that require parts of the CPU to be powered that otherwise wouldn't be in a low-power mode, or perhaps really push the GPU to be performing calculations that can be very energy intensive. For older computers, this is something that wouldn't even be noticed as the CPU power consumption on older CPUs was rather constant but for the newer computers it can mean a doubling of power, certainly causing more heat to be generated and if they are in an air conditioned server closet that increased power consumption is something that could potentially be rather significant and even noticeable to an outside observer like a comptroller who notices that power consumption has increa

Re:SETI@Home

[Teancum]

This guy was disciplined... at least according to the original article.

I've installed software like this on computers where I had permission to install various kinds of applications on those computers and was told to use my own judgement in those situations. It wouldn't hurt for a Director of Information Technology to set policies on distributed computing projects of various kinds as it relates to the organization in question, and in the case of Bitcoin it could be argued that any work units that are found should belong to the company and not to the technician who installed the software, but otherwise I fail to see what the problem is here?

Installing stuff like this without approval of the director if such approval is expected for any outside software package is something actionable, but there is no indication that this particular technician had any such requirement at all.

In terms of your concerns about memory consumption, CPU bandwidth, and malware issues, I think you are being overly paranoid about the issue. Bitcoin can be compiled from source code where a source code audit can be performed, and Seti@Home is pretty reputable as well. Concerns about malware are completely unjustified in this situation. That sometimes Bitcoin work unit search software can be installed through malware is a side effect that has nothing to do with deliberate installation of this kind of software on a computer system where permission is granted.

If anything, software like this is a good way to "stress test" a computer and has some very useful features that would even be desirable in a business computing environment. For projects like Seti@Home, you can even count the resources being used in this manner as a charitable "in-kind" contribution to a bona fide 501 (c) 3 non-profit organization and accounted for in various ways that could provide a financial benefit to a for profit company if they wanted to perform the necessary accounting. Since it would be using computing resources when the company isn't using them, it also has otherwise a negligible business impact.

It all depends on the context of how the software was installed and as you said, permission to perform that act.

Re:SETI@Home

Australian Broadcasting Corporation.

Public funded national Television and Radio

Re:SETI@Home

[PuZZleDucK]

Australian Bureau of Comfusions great! ... Can we keep that one?

ABC => Australian Broadcasting Corp... I think it's close to your NPR content wise but is funded by the Govt.

JavaScript Miner?

[gox]

A wild guess is that he just embedded js code in there to mine some coins. Or WebGL? I wouldn't call it an "installation" and I don't imagine he put malware in there.

Re:JavaScript Miner?

[SJHillman]

Depends on how you define malware. Some people would consider malware to be anything that runs on your computer without permission or knowledge. The "mal" part would be where it uses your system resources that could otherwise be allocated to programs you want to run.

Re:JavaScript Miner?

It depends on your definition of "malware".

Re:JavaScript Miner?

[K.+S.+Kyosuke]

There are some antispamming systems that force the client/message sender to perform some useful computation before they, e.g., accept the message to be sent, with the server verifying that the computation actually took place. A spammer would have to perform an outrageous amount of computation to have his messages sent, while an ordinary user wouldn't even notice the background process running while he's typing away. Perhaps with this idea generalized to a broader set of client/server applications, the engineer could have said that he did it to improve the security and fair use policy of the servers (and keep the bitcoins :-)).

Re:JavaScript Miner?

[ArsenneLupin]

Busy computers consume more electricity. And electricity costs real money. Now some this up over all the customer who unknowingly lost a couple of cents like this, and suddenly we are talking real money. One of the rare cases where the "theft" label is appropriate for a digital crime.

Re:JavaScript Miner?

[kelemvor4]

Busy computers consume more electricity. And electricity costs real money. Now some this up over all the customer who unknowingly lost a couple of cents like this, and suddenly we are talking real money. One of the rare cases where the "theft" label is appropriate for a digital crime.

So basically, he spent other people's real money in order to steal virtual money. I have to agree, theft.

Re:JavaScript Miner?

[mug+funky]

dragon dictate?

Re:JavaScript Miner?

[gox]

Yeah, this is obviously theft of electricity/computing power.

I'm not sure you'd have to to seek users' consent though, just like the online ads don't need to, but it should have been made explicit. Therefore it is stealing.

The "malware" part, I don't know. If we call it that, then a lot of scripts fall in the gray area. There are a lot of things that websites do without knowledge or explicit consent of the user, that a user may or may not want. This specific case is immoral (let's call it theft of computing power) but technically it's not malware. You can just stop visiting that website, just like how you avoid sites with tens of flash animations, which probably consume more power than web-based Bitcoin mining.

Re:JavaScript Miner?

[Dishevel]

Fucking /. crowd gives this guy a +5 insightful for speaking the obvious and not being able to think.
Awesome.

Re:JavaScript Miner?

While we're at it, we should go after people that go door-to-door espousing their religious beliefs or selling products. If everyone on their route has a doorbell, that can turn into some pretty serious cash.

If we continue down this path then reading this from your place of employment makes you guilty of the same transgression (unless you're paid to browse Slashdot, then my apologies). Over the course of your career, I'm sure you wasted quite a bit of your employer's electricity -- make sure you turn that overheard light off when you leave the office.

Re:JavaScript Miner?

[quenda]

Many times I have court myself typing the wrong homonym. Like won part of my brain is dictating phonetically to the dumb typist lobe.
Nobody else does this? The odd thing is it is very obvious on proofreading, unlike a lot of other typo's that are easily mist.

Re:JavaScript Miner?

[Dishevel]

Well good then. Mod me down.
Fact remains that the GP here is an illiterate that was able to pass himself off to the mods as +5 insightful.

Re:JavaScript Miner?

[SA_Democrat]

I have seen exactly this problem when I am compose-typing, never when I'm copy-typing. My guess, like yours, is that the part of the brain that is doing the thinking, is in someway communicating with the part of the brain which does the typing, through a mechanism that is similar to the way the brain processes heard speech. I'm glad that you've posted this, it's nice to know that the phenomenon is not just in my imagination. Thanks for that.

Re:JavaScript Miner?

My browser initiated code to render your comment without my specific permission.

Re:JavaScript Miner?

[PuZZleDucK]

Qui modificantia Immutationes?

Duh?

I don't know how it is down under, but in the US federal systems are "For Official Use Only" meaning if you use them for personal gain, you're in hot water.

Re:Duh?

[SJHillman]

Government issued cars with "For Official Use Only" would seem to be an exception to that. I've seen a Lexus around here with that stamped on it with a car seat and groceries piled in it. Sure, there could be an official reason for that but the odds are against it.

Re:Duh?

[PRMan]

So take a picture of the car and license plate and post it online. Watch the hilarity ensue. (IANAL.)

Re:Duh?

Oh don't get me wrong, of course people are going to abuse "For Official Use Only" equipment/vehicles/etc...and the government is aware of the abuse.

The problem becomes...if you discipline everyone who abuses it...you end up disciplining 95% of your workforce, reducing morale, and getting them to work even less.

So, you have to decide what kind of abuse is tolerable, and what isn't. So while someone may not get in trouble for using their FOUO car for groceries on the way home from work, they would get in trouble for using the car to take a family vacation and drive cross-country.

We all see the waste and abuse. Calling the hotline doesn't do a lot of good unless it's a very serious infraction. And hence why I am posting anonymously.

Re:Duh?

[vlm]

Government issued cars with "For Official Use Only" would seem to be an exception to that. I've seen a Lexus around here with that stamped on it with a car seat and groceries piled in it. Sure, there could be an official reason for that but the odds are against it.

I can authoritatively comment on this, that a TDY car for all intents and purposes can be used almost exactly like a privately owned vehicle. TDY is the govt equivalent of a short to medium term business trip (maybe 1 day to I think a max 6 months). Basically its cheaper for the .gov to act like a car leasing company to itself, than to reimburse .gov employee for a rental car. Which is bizarre, you'd think Enterprise Rentacar would donate re-election funds to politicians to take over that apparently lucrative market, but they haven't done so ... yet. Someday it might happen to eliminate the non-scandal scandal stories.

The law says something like "administrative discretion" so its one of those "character" tests where you can do anything your boss allows but don't do anything stupid. This is really the only rule for a govt car. It can be hard for outsiders to wrap their head around this concept of not having 1000 individual specific rules, and only having a general rule of don't do something your boss thinks is dumb. A remarkable amount of .mil paperwork and regulations to death the stupidest little things and also has no paperwork and regulations for some of the most complicated things. Discretion and good taste...

Get permission from boss to drop kid off at daycare, fine no problemo as long as you have that permission. Drive to an occupy-wall-street protest in a non-official role, or as a protester, um... that might be a problem. Food store/restaurant while on TDY, almost certainly OK, that's the whole point of giving you a TDY car. Dive bar while on TDY, could get you in hot water depending on your boss and local culture and especially your behavior (this can be an addition charge in a conduct unbecoming hearing, or it can just be ignored if the department memorial day party is held at the dive bar). Do anything as a recruiter however tangentially far fetched as long as it directly involves potential recruits, OK. Do almost anything as a recruiter alone in a car without obvious recruit involvement, probably a bad idea.

Re:Duh?

[ArsenneLupin]

Do anything as a recruiter however tangentially far fetched as long as it directly involves potential recruits, OK.

But make sure not to leave any white (... or worse: brown...) stains on the back seat...

Re:Duh?

[vlm]

So while someone may not get in trouble for using their FOUO car for groceries on the way home from work

That's almost the definition of why they give you a TDY car, not abuse of the system at all. Been there driven that. It was not a snazzy lexus but some POS falling apart compact chevy for me. The scandal is why its a lexus, not why its at the grocery store. Cheaper for the .gov to essentially be its own leasing company than for them to reimburse you for a rental or endless taxi. Also think about it... if you bring donuts to a official meeting at any time during your TDY, that grocery trip was now official business. Sgt merely told me not to do anything I wouldn't want my mom to see on the front page of the paper (now a days they probably say on facebook or whatever). This was nearly 20 years ago, things may be different now.

You end up in some pretty twisted logic if you give TDY people a car and pay them a TDY per-diem specifically for food that they can only spend on foot, or something weird like that.

Re:Duh?

[PopeRatzo]

Government issued cars with "For Official Use Only" would seem to be an exception to that.

This only happens in government vehicles.

Nobody ever used a company car for anything but business. In fact, no teenager has ever borrowed the family car to "go to the store for grandma" and then picked up his pals, smoked some weed and then drove out to the Labaugh Forest Preserve parking lot to spin some donuts on the frozen pavement on January 23rd 1983.

That totally never happened.

Re:Duh?

[Sulphur]

So take a picture of the car and license plate and post it online. Watch the hilarity ensue. (IANAL.)

You could start your own Leak site.

Re:Duh?

[mug+funky]

it's not a government site. not at all.

it's a tax-payer funded TV/radio network plus 24 hr news service. it's like the BBC, but in australia (get it? the ABC?).

stupid summary is misleading.

Re:Duh?

[vlm]

Yeah that happens, and falls in the "do anything your boss allows but don't do anything stupid" superset of rules, although its also covered by the "don't do anything you wouldn't want your mom to see on the front page of the newspaper".

From personal experience, everyone seems to have heard some story about how a hot female recruiter got all the guys to sign up, but no one has anything more than "I heard" and a lot of wishful thinking / daydreaming.

I was thinking more along the lines of stories I've heard about recruiters driving kids with F-ed up families around so they can clear up their paperwork, like drive the kid to the DMV to get his ID card or to a Dr for an appointment to get an asthma waiver. I predict the level of this activity depends on how many applicants they get per slot and the state of the local economy, and especially the ratio of "recruits signed up this month" vs "monthly quota".

Re:Duh?

[es330td]

now a days they probably say on facebook or whatever

Given the stuff people put on FB I am not so sure I would recommend this yardstick...

Re:Duh?

[characterZer0]

There is a difference between using your parents resources and using the citizens' resources.

Re:Duh?

[idontgno]

And what if "your parents resources" happens to be Mommy's company car?

Bad on Mommy, of course, if she let you take the car, since I assume most company car assignments limit authorized drivers to the assigned employee... but again, if Mommy didn't give permission to take out the car, the situation devolves into Grand Theft. So, taking your folks' ride out for a joyride is bad for you and for them. Thanks.

Re:Duh?

if Mommy didn't give permission to take out the car, the situation devolves into Grand Theft.

No, it doesn't, at least not in my state or any other I know of. Theft is defined at common law to include intent to permanently deprive the owner of -- so unauthorized borrowing isn't theft. Grand theft auto (or your state's equivalent) is a statutory crime, but it maintains that distinction, and there's a separate, lesser statutory crime (a misdemeanor here) pertaining specifically to joyriding or other taking without consent, where the vehicle is abandoned afterwards.

Re:Duh?

[Teancum]

If you don't mind it showing up as the lead headline of Drudge Report or Huffington Post, I suppose that is the current real yardstick.

I'd agree with you on FB and Twitter though. I swear some people post messages each time they take a dump.

Re:Duh?

Yes, for one thing your parents won't be dumb enough to put you through a six-hour session to be sure you didn't waste a nickel.

Caught caught

Sounds like a no no to me.

No wonder gov't doesn't get it

[bersl2]

This guy was going to fill the Federal budget deficit, but no, all the stupid bureaucracy gets in the way.

Re:No wonder gov't doesn't get it

[bersl2]

Aw, damn, Austrialian Federal government. If only.

Re:No wonder gov't doesn't get it

Isn't it great when you forget to RTFA on your way to being a snarky jackass and end up tripping over your own non-joke?

installation directory

[vlm]

All the stories seem a little vague as to what he actually installed however — on one side he installed the software on a public facing websever, and the ABC itself admits 'As this software was for a short time embedded within pages on the ABC website, visitors to these pages may have been exposed to the Bitcoin software' and 'the Coalition (current Opposition Parties) was planning on quizzing the ABC further about the issue, including filing a request for the code that would have been downloaded to users' machines,' but on the other side there is no mention of the staffer trying to seed a Bitcoin mining botnet through the site, just that mining software had been installed.

Sounds like hopeless journalist-speak for "he had access only to /var/www not /usr/local, so ... he put it in /var/www"

My guess is whatever they use to monitor their systems watches /usr/local and /usr/bin like a hawk but trying to watch /var/www would be chaos depending on what the marketing and graphics art dept uploaded this week or whatever, so they don't watch /var/www.

This does have a minor chilling effect in that I'm not a complete moron, so before commissioning any new hardware into production at work (or home) for years (decades?) I've run memtest86+ and bonnie++ (I'm old enough that I ran the original memtest86 and the original bonnie back in the day). I've occasionally considered that running a BTC miner would be a good CPU cooling test as a third item, but stories like this do kind of discourage me at work.

My suspicion is the practical financial matter of $. Back in ye olden days when I started BTC mining a CPU miner could generate quite a few BTC per month and over the past couple years the exchange rate has stabilized at $5/BTC so that is a substantial chunk of change per month. However for all practical purposes a software BTC miner is currently pointless, just warming up the CPU. I haven't checked the difficulty rating but I know its increased a bit from the mid double digits when I started in BTC. So as a disciplinary matter they probably couldn't decide to bust him for running unauthorized sw (which given his "highest levels of access" might mean he's authorized to authorized BTC sw, making it a bit complicated) or bust him for attempting to use govt property for personal gain but not actually getting any gain, or bust him for actually earning some BTC however unlikely that seems. Doesn't Australia have the same "might is right" style of employment laws we have in the US where they can just fire him for not being a team player or spending too much time in the can?

Re:installation directory

[Charliemopps]

Where I work, we do not run ANYTHING that has not been approved by our legal department and gone through a vetting process.

Re:installation directory

[vlm]

Where I work, we do not run ANYTHING that has not been approved by our legal department and gone through a vetting process.

Which brings us right back to the

which given his "highest levels of access" might mean he's authorized to authorized BTC sw, making it a bit complicated

Also I've worked at places where PHBs like to quote that kind of rule as a iron-fisted law, but when pressured they have no idea how the real world works or even what their demand means. End user visible application level changes, most of the time yes. Somebody wrote a two line shell script or the distribution maintainer upgraded the /bin/ls command, never. Internal/contracted software developers and sysadmins can write and run whatever they want, and pretty much install anything they want as a "dev or testing" tool, as long as its completely isolated from the active production servers.

Its kind of like confusing how only a handful of corporate officers and PR people are allowed to make official media statements, vs any rank and file guy can pick up any telephone and "make a statement" to his wife that he needs to stop and buy some mustard on the way home from work.

That inherently fuzzy boundary is probably how this guy got to play with a BTC miner for awhile.

Re:installation directory

[Teancum]

I think such a policy is stupid, but it would depend on the kind of business or organization that you work for, how sensitive the data is that you are working with, and in general the nature of the company that you work for as well.

If your company deals with high end client financial data involving transactions of billions of dollars or is involved with highly classified (above Top Secret clearance information) government information on some given computer systems, I'd agree that a strong vetting process is very important.

If you are running a public facing web server that contains just a few published white papers and other mundane reports and is otherwise just a public relations tool, there is no reason to be nearly so paranoid.

If on the other hand you are working for a computer software development team that is trying to stay on the bleeding edge of software technology and you are trying to encourage experimentation and innovation, telling a group of software engineers that they need to go through a legal department in order to even run your own in-house developed software (much less some really cool stuff from outside of the company) is even counter productive to the point I would promise that your engineering development group will fall behind the competition and will soon find themselves out of a job because your company already has a foot in the grave and is waiting for the final death knell to hit. You might even want to start writing up your resume ASAP as you will soon be out of a job yourself.

There are some contexts and situations where you do need to be concerned about people installing software, and other times where it doesn't matter at all. Apple Computer, IBM, Microsoft, and several other major companies all have groups within their companies running software like Seti@Home or Folding@Home, so something like Bitcoin wouldn't be completely out of the question either in terms of legitimate experimentation and pushing limits on computer technology and trying to figure out how stuff like that works. A company like IBM has policies in place to tell you which computers are available for software experiments like this and which ones are completely off limits for doing stuff like distributed computing.

I don't know anything about the company you work for, and the policy of that company may be justified given the context of what you do. You also shouldn't presume that should be a universal policy though.

Re:installation directory

[reason]

Doesn't Australia have the same "might is right" style of employment laws we have in the US where they can just fire him for not being a team player or spending too much time in the can?

No. http://www.fairwork.gov.au/

stupid

[slashmydots]

Before know-nothing morons start commenting on this article, here's some truth from an actual bitcoin miner. Mining software has no public facing interface when ran from a website. He also was not trying to send out a virus to mine for him or he'd be arrested and fired. He was simply using the CPU and GPU cycles to mine coins and make money.
This is exceptionally stupid because if it was CPU mining, well my i5 chip can hit 8 million hashes per second and my single overclocked 5830 Radeon card can hit 315 million, making it almost 40x faster. So assuming it was a faster modern Xeon, let's say 2x the speed, if the company owned 40 servers and he ran it nonstop on all of them at 100% CPU usage (not likely) then he should have instead bought 1 5830 for about $90 on ebay and mined coins himself. What an idiot.
It is possible that the servers had AMD/ATI cards that he was using without much performance impact on the website(s) but google "bitcoin hardware mining comparison" to see just how awful cards that aren't optimized for gaming do at mining.

Re:stupid

[Nursie]

No, it was exceptionally stupid because he doesn't own the equipment or pay the energy bills, regardless of what the bitcoin outcome was.

Re:stupid

[cHiphead]

Before you smart ass bitcoin miner kids think you know everything, Website Bitcoin Mining. ;)

Site visitors do the mining, multiple a little slice of power times x million visitors over x amount of days and your localized mining is tiddly winks. This uses the website visitor's machine to mine coins (and this particular example is terribly inefficient itself but the idea is there, someone with the know how could really go the distance for their own mining operation). This can be exceptionally more efficient that running a local mining op on a single machine/small cluster if you have a relatively trafficed website it is running from.

You are focused on high speed precision mining instead of scaled general mining. A pressure washer vs. a regular water hose, the water moves faster through the pressure washer but put 5,000,000 hoses together and you can push insanely more total water per second than a handful of pressure washers.

Re:stupid

I like how the first guy is completely wrong but is sitting at a +5 Insightful, and you have posted the correct version along with an actual citation proving you're correct... yet sit at a paltry +2.

Bravo, slashdot, bravo.

Re:stupid

[Solandri]

Better analogy: Robbing a bank of $100,000 vs. stealing 1 cent from each of 10 million visitors.

Re:stupid

[slashmydots]

Hey look, someone who doesn't know about bitcoins commenting on the story. Call me now, miss Cleo is waitin'! I didn't mention that there's a java based browser miner that doesn't work very well because of two things. First, that wouldn't make him a penny since operating a pool based on it with a hard coded pool target is ultra low money for the operator, people simply mining for you would never happen, and there are 3 distinct reasons why it can't run silently without a user's knowledge that I won't even go into. So I don't think that's what it was. Also, I don't believe the story referenced that type of software anyway.

Re:stupid

[slashmydots]

Well, there's that, lol. That sort of reminds me of all the people who say they have an advantage because they get "free" electricity. Yeah, until their landlord/roommates/parents see an energy bill. Two 5830's overclocked were almost 1/4 of my energy bill so I would think the person paying for your "free electricity" would catch that and make it not so free. The same goes for hardware that you don't own, like you said. Someone will see the energy bill or even just the resource usage logs.

Re:stupid

A pressure washer actually uses LESS water than the same hose would by itself.

Re:stupid

[cHiphead]

there are 3 distinct reasons why it can't run silently without a user's knowledge that I won't even go into

Bullshit alert.

The java miner runs fine hidden on a site, I played with it a bit to see just how it acts. It can run silently with minimal effort on the host's part. The story is light on technical detail and your smart ass-ed reply assumed it was one particular scenario and you painted yourself as someone who was knowledgeable. I pointed out your glaring omission and now you 'wont even go into' what are apparently '3 distinct reasons'? List them and lets explore why or why not.

Don't see the problem

[SoothingMist]

Sounds like a benign non-event to me.

ABC != Federal

[OzPeter]

Federal implies "of the Federation", which in the context of Australia implies the government. However while the ABC being the state broadcaster is funded (and owned) by the government it is not a federal organization. The ABC is independent of the government, so saying that the bit coin software was installed on federal servers is disingenuous to say the least. In fact after reading TFA's I can't see anywhere where it specifies exactly on what servers the software was installed other than some "web servers".
 
And once again the summary is a joke. You explain what "the coalition" is, but don't explain what the ABC is. I feel sorry for the people who pay for this site.

Re:ABC != Federal

[OzPeter]

Actually I did find a statement as to what servers were affected: From The ABC didn't sack bit coin miner

The ABC stipulated that its Grandstand Sports website was affected by the Bitcoin operation for a short period, but there was no further impact on the broadcaster’s website or its distribution operations.

Hardly a "federal" server unless the government is in on sports.

Not firing someone with skills is bad?

So the story is that they didn't fire this guy? Perhaps his manager has some common sense and realizes he has some valuable skills, and that firing him would be ultimately bad for the company.

Of course, common sense has no place in this world any more. Some higher up will probably come along now and fire the both of them to get some momentary glory before they realize they have to spend 5 times as much replacing them and miss some important deadlines because of the time consumed.

Re:Not firing someone with skills is bad?

It's not a company, they are federal employees.

Fire both of them.

Re:Not firing someone with skills is bad?

[TheCarp]

Harsh punishment is always popular. People like retribution, whether it makes sense or not.

Never mind if no harm was caused, never mind if it was just a silly lapse in judgement. Fire people, prosecute them, send them to jail....why? Because you can?

Re:Not firing someone with skills is bad?

I could insert some random crap into one or more of my company's websites. My job is to have the skills to do this - I have the needed access to do so because my job is to maintain these sites. Knowing how to do this doesn't make me anything special, and inserting something into production that isn't supposed to be there doesn't make me somehow special, unless you consider a lack of ethics and common sense to be somehow special.

Only fair

[PopeRatzo]

Employee "Disciplined" For Installing Bitcoin Software On Federal Webservers

They made him live on bitcoins for a week.

Pretty Lax

[Greyfox]

The guy was essentially embezzling -- stealing company resources for personal gain. I'm pretty sure most employers will fire you and file criminal charges for that. He's very lucky to just get off with a slap on the wrist.

Re:Pretty Lax

[Teancum]

It wasn't really embezzling though. He put the mining software onto the web pages being served by the company running as a background processes in Javascript. The company itself didn't really spend much by way of resources other than a few extra lines of Javascript being pushed out by an HTTP request.

Instead, he was "stealing cycles" from all of the customers who visited the website and running down their web client performance. Considering much of the trash that sometimes is found on many web page these days, it wouldn't surprise me if it might have even been a performance improvement or at least just a wash in terms of any real damage being done to the customer's/client's computers viewing these web pages.

The unethical part (not really illegal as I don't know what law was really broken with this issue) is having the Bitcoins mined on potentially millions of computers and having those Bitcoins flow into his personal Bitcoin hash key (sort of like an account but not really).

The funny thing is if this same developer had simply installed the software on the server running as a background process, he likely would have been completely undetected and would have been able to get away with the "tweak" to the system.... and it would have been more legitimately embezzling as he would have been taking CPU cycles and network bandwidth for personal gain. Had he cut his supervisor into the action or had the Bitcoins be used as a revenue source for the company as a whole... he might have even received a promotion out of the whole thing.

It makes you wonder how many websites are doing this kind of thing, which should be a larger concern.

Re:spo8gge

[oodaloop]

I hope this is a bot that continually posts random non-sensical comments. But if this is a real person, and you're reading the comments to your posts, please go see a counselor. Seriously. I think you have some issues.

Incorrect Headline

[SJ2000]

The headline is disingenuous, the servers belonged to the ABC (Australian Broadcasting Corporation) and whilst they are funded by the government, they are independent due to the Australian Broadcasting Corporation Act of 1983. ABC's Corporate Structure and the Charter of Independence and Accountability.

Access Level?

It's kind of scary that someone who had "the highest levels of access" was still able to do his job with that access restricted. Because if he didn't need that access why did he have it in the first place?

Re:Access Level?

[Teancum]

It is likely that his job duties were changed around so he didn't have access to the same kinds of equipment. That his skills are somehow still valuable is true, but he was "put on the bench" in a big way and certainly was given a negative job performance evaluation on his annual review (or will get one).

I've seen that happen more than once, including people who've earned their way back to trust again at a later date (hopefully wiser due to the process).

He Punished Himself

[Beardydog]

I can't think of any more fitting punishment than the measly trickle of bitcoins he would have seen out of this scheme.

That makes me curious...

as someone with access to some national supercomputers, how fast can hopper mine bitcoins? Only one way to find out.
$ qsub xminebitcoin_mpi.hopper.pbs
PBS Job Id: 8005323.hopper02

Macca played & approves racist song & is t

Australia All Over's "Macca" remained in the chair, each Sunday morning, ie, after complaints were lodged against his playing & commenting "approvingly" about a song that calls for killing "those men without shoes" (ie, Australian Aboriginals).

Macca's "punishment" - NIL. Instead of the sack, etc. he got a bit of retraining (presumably, with lunch provided...?)

No, once a person is "in" the ABC or AU Gov't "family" it's a "job for Life" they can look forward to.

Consider the [tired, old & aging] Philip Addams (Adams?), who can only think to calmly "pooh pooh" the worst of atrocities, reported to be happening in the world, rather than probing the program's interviewee of the day for more creative solutions, that might have been tried.

IF many Australians are depressed, it's got to be - in part - due to folks like Macca & Addams...

Compare with any similar show(s), eg, on CBC or any of California's NPR program counterparts... eg, FORUM (from KQED, San Fran, Calif.)
and you'll think you're listening to a think-tank team brainstorming up new & innovative ideas, by comparison to ABC's "oldies" but -not- always goodies.

Taxed?

[phorm]

In Canada, you pay taxes based on your "personal use" of a work-supplied vehicle.
This includes if you take the office vehicle to/from home (unless you don't have a centralized workplace AFAIK, for example if you're a delivery driver). Mileage should be assessed and at the end of the year you're expected to pay extra based on the percentage that was "personal" VS "work-related" travel.

The part that sucks for some people is that the actual "benefit" (what you pay taxes on) is based on the purchase value of the vehicle. So if your employer paid $50k 10 years for the vehicle, but is now a beat-down rattle-trap... you're still paying taxes based on a $50k valuation. Depreciation is *not* taken into effect. If the employer bought it used 1 year ago at the depreciated value, then you only pay based on that purchase price.

In that case, you're better with the Chevy than the Lexus :-)