College Fires IT Admin, Loses Access To Google Email, Successfully Sues IT Admin For $250K

An anonymous reader quotes a report from The Register: Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school. In a lawsuit [PDF] filed against Williams in July, 2016, the school alleges that it asked Williams to return his work laptop, which was supposed to have the password saved. But when Williams did so in May that year, the complaint says, the computer was returned wiped, with a new operating system, and damaged to the point it could no longer be used. ACE claimed that its students could not access their Google-hosted ACE email accounts or their online coursework. The school appealed to Google, but Google at the time refused to help because the ACE administrator account had been linked to William's personal email address. "By setting up the administrator account under a non-ACE work email address, Mr Williams violated ACE's standard protocol with respect to administrator accounts," the school's complaint states. "ACE was unaware that Mr Williams' administrator account was not linked to his work address until after his employment ended." According to the school's court filing, Williams, through his attorney, said he would help the school reinstate its Google administrator account, provided the school paid $200,000 to settle his dispute over the termination of his employment. That amount is less than half the estimated $500,000 in harm the school says it has suffered due to its inability to access its Google account, according to a letter from William's attorney in Illinois, Calvita J Frederick. Frederick's letter claims that another employee set up the Google account and made Williams an administrator, but not the controlling administrator. It says the school locked itself out of the admin account through too many failed password attempts. Williams, in a counter-suit [PDF] filed last month, claims his termination followed from a pattern of unlawful discrimination by the school in the wake of a change in management. Pointing to the complaint she filed with the court in Illinois, Frederick said Williams wrote a letter [PDF] to a supervisor complaining about the poor race relations at the school and, as a result of that letter, he was told he had to relocate to Indianapolis.

default judgment

[borcharc]

They got a default judgment against him, they did not win on the merits of the case. Default judgments are not so final when the other party wants to fight about it some more.

Re:default judgment

Default judgement in Indiana against a person living in Illinois. If the guy has no assets in Indiana, the judgement is pretty much worthless.

Re:default judgment

[rtb61]

As a ex-employee he is fully entitled to be a big a dick as he wants with regard to his ex-employer. Not a good idea as it damages you image for future employment but you are now free and the company can only suspend payments to you. What was on the notebook or not on the notebook is truly imaginary.

The reality is google were the dicks for not promptly and properly assessing the case and returning service. The claim should be against google and not the ex-employee. The university in turn should wake up to itself and properly manage it's services to students, clearly working through google is a really, really bad idea.

I give you a hint, ex-employer asks me for anything after termination and quote for consultation services will be provided including the upfront payment demand for the cost of the call, no freebies, not one seconds worth.

Re:default judgment

[Kkloe]

Because you are a moron?

It was clear he had taken company computer without permit and destroyed property(the data within) that was not his(even if he had assumed he could take it and wiped it at once just to not have anything of the school), if you want to leave with company equipment after your employment make sure you have it in letter that you might take it.
Goggle being a dick is good, it shows that they care about the security and will take time if you screw up whoever you are.

Re:default judgment

[tlhIngan]

It was clear he had taken company computer without permit and destroyed property(the data within) that was not his(even if he had assumed he could take it and wiped it at once just to not have anything of the school),

Is it?

I mean, as a sysadmin, he might have a work laptop at home in case he needed to access work from home. Given he was FIRED, I doubt there was enough time to go and reclaim and return all hardware. Heck, maybe security accidentally packed it into his box - it's not like he's going to have time to examine and make sure all his stuff is there.

And if I discovered I still had the work laptop at home, it would be entirely reasonable to wipe it to eliminate any possibility of using it to access work materials illegally. Even the contents of the laptop I no longer have legal right to, so I should just wipe the entire drive to protect myself. I might even video it with the current date to show that at no time after the wipe I had access to company data.

And after you're fired, you're under no obligation to help your former employer. Hell, it might be a fight for the final paycheque which you're owed. And even then many employers will probably try to use that to get your final help (which is illegal).

The important thing is the guy was fired.

Re:default judgment

[Kaenneth]

Which, as an IT administrator, should have been his job?

Re:default judgment

[Kkloe]

He was fired, yes, had he company property, yes(as I assume as they could claim it back), could it still be considered theft, yes, as it is company property, how many year ha had the computer at home, or that the computer was never in company ground, doesnt matter , he is in possession of someone else property.

Re:default judgment

[Kkloe]

Dont base your organization on the cloud?, wtf retarded statement is that, everything comes to how you store the access, who has access and what tools you have to do things. Is it the "clouds" error that godaddy has shitty administration?, or your bosses that somehow wanted to have a cheap deal and used a very bad provider?

Re:default judgment

[rtb61]

My statement was more about principle, rather than this particular incident. In this case the person admitted to having the password and was seeking to extort payment, that is problematic (the information was not theirs to sell, they did steal the by denying access to it by the proper owners). The hardware, well, the employer has to prove it is theirs and the contractual conditions under which they gave the employee that hardware, before they can try to claim it back. Obviously they did not simply claim it was stolen, hence it ownership is questionable, they can only really sue for it's return. Google is still largely at fault for the problem, they simply did the cheap thing, fobbed it off and failed to deal with it properly.

Re:default judgment

[mysidia]

it would be entirely reasonable to wipe it to eliminate any possibility of using it to access work materials illegally.

MAYBE. But their former employee is still under the obligation to deliver all their company security credentials and information; passwords, etc, in their brain or in their possession, required for their operation to continue after the employee is released. And acting to destroy any of the above would clearly be malicious justifying charges against their former employee.

Also MAYBE. But there are a lot of otherwise "entirely reasonable" courses of action which are Illegal.

I mean if you don't have as much $$$ as you want, then it's "perfectly reasonable" to go take somebody else's $$$, But that's why this country has Laws.... and that's defined to be Theft, and it's strongly discouraged.

The burden on not accessing work materials illegally is on the former employee; that doesn't permit them to destroy work data or work computers' operating system installs in doing so.

Re:default judgment

[cob666]

Unless there's an ironclad agreement in place that I have to turn over all security credentials 'in my brain' after my termination (and I would never agree to such an agreement), my ex-employer is going to pay dearly for that information. They should have made sure that somebody else had access to this data BEFORE they fired him. I don't know enough background information about this particular case to know if the guy is really just an asshat but I don't like this trend that system / network administrators are responsible for any type of knowledge share AFTER they have been terminated, without any type of compensation.

Re:default judgment

[tsstahl]

My statement was more about principle, rather than this particular incident. In this case the person admitted to having the password and was seeking to extort payment, that is problematic (the information was not theirs to sell, they did steal the by denying access to it by the proper owners). The hardware, well, the employer has to prove it is theirs and the contractual conditions under which they gave the employee that hardware, before they can try to claim it back. Obviously they did not simply claim it was stolen, hence it ownership is questionable, they can only really sue for it's return. Google is still largely at fault for the problem, they simply did the cheap thing, fobbed it off and failed to deal with it properly.

No, he did not admit to having the password. The contingent offer to help was to work with Google to get the password reset. King Richard move for sure, asking for 200K.

He worked entirely remotely and was the last IT employee remaining when they demanded he move to Indianapolis.

Apparently, there was also a racial discrimination back and forth with lawyers involved, prior to filing suit. The 200k demand was in light of the perceived discrimination.

He returned the laptop when asked for it.

This is not a clear case of holding data for ransom at all.

Ultimately, the primary role of IT is to protect the data. Doing anything else is unethical, and can be illegal (duh, right?). However, a company crying foul after it's own management screw ups does not automatically brand an IT peon as some kind of saboteur.

Re:default judgment

[fedos]

The laptop is irrelevant. They didn't sue him for not turning in the laptop; they sued him for not providing a service after they fired him.

Re:default judgment

[__aaclcg7560]

They got a default judgment on his merit of being an asshole, that's for sure.

If I wasn't an asshole, I would be working in IT.

Re:default judgment

[__aaclcg7560]

[...] destroyed property(the data within) [...]

I routinely wiped the PCs I've used before returning to an employer. Those PCs are reimaged anyway. The Fortune 500 companies I've worked for stored user data on the network, which I leave alone as my data is just spreadsheets that tracked my daily assignments.

Re:default judgment

[TWX]

The organization that he worked for should have required that documentation of these processes be made and provided to non-IT management staff to be retained as part of the disaster recovery plan. The organization should have taken the hit-by-a-bus attitude with regard to staffing, as in, being able to survive if any given staff member or their equipment were lost.

No organization should be entirely dependent on the employment of one person, as that organization suffers if that one person is not there. This particular organization failed to structure itself this way, and as a consequence paid a price for it, and that price should not be further borne by the now-former employee.

Re:default judgment

[Cederic]

turn over all security credentials 'in my brain'

If the security credentials are only 'in your brain' then you've already demonstrated actionable neglect.

Your job is not to have the admin credentials. Your job is to assure that the company has the admin credentials and you're merely using them and/or managing them.

Re:default judgment

[Altus]

We can't be sure, but every employment agreement I have ever signed included a provision for transfer of information in the event of separation.

Re:default judgment

[mysidia]

Unless there's an ironclad agreement in place that I have to turn over all security credentials 'in my brain' after my termination [SNIP]

It's not after termination. A sysadmin has no right to have created and fail to disclose security credentials
for someone else's property (company systems) in the first place. The actual trespass on company property occurred while the person was still employed, At the very moment the admin created or changed the password without permission and didn't provide that to management, they committed an act of sabotage.

You should be so lucky IF you turn over all the security credentials in your brain, then your employer may agree not to sue you for everything you own and more.

my ex-employer is going to pay dearly for that information.

Nope. You're going to pay dearly, in many ways, if you fail to provide that ex-employer that information.
Also, Demanding payment for something you were legally required to have told them and/or had permission to do is Called Extortion or Ransom. That makes you no different than the Bloody CryptoLocker that scrambles peoples' files and demands Cash in exchange for the unlock key... in fact it's 99% almost exactly the darned same thing.

Unless there's an ironclad agreement in place that I have to turn over all security credentials 'in my brain' after my termination (and I would never agree to such an agreement),

Such agreement is in the standard Employee manual verbiage these days.
Chances are you have already agreed.

Re:default judgment

[cusco]

If you are the only person who can access an account then you've already demonstrated incompetence. If rather than being fired tomorrow you get run over by a bus your employer is equally screwed. Ensuring that the data can't be retrieved from your employer-supplied computer is even more asinine.

Re:default judgment

[cwsumner]

He worked remotely using that computer.

He says he did not wipe it before sending it back.

Likely, the IT at the collage wiped it (routinely) when it came back, and now doesn't want to admit it lest -they- get fired.

He also says that he was not the one who set up the account, someone else set it up with his name (for the collage).

If he used the password set in the computer, after they sent it to him, he might have never known what it actually was!

Re:default judgment

[NateTech]

That depends upon the company's policy regarding storage and availability of those credentials. Many aren't smart enough to create encrypted escrows for a "rainy day" and don't want employee credentials stored ANYWHERE, even in an escrow. In some admin jobs, especially highly secure ones, if you provided credentials to be put anywhere BUT your brain, you could be fired. But those places also aren't stupid enough (like this place) to ever allow all system access to dwindle down to a single person, ever.

What an idiot

[realmolo]

ALL sysadmins have thoughts of what they would do as "revenge" for getting fired. Hoarding passwords is something that has occurred to all of us, at one time or another. It's such an easy thing to do.

But you can't do that stuff. It's unethical, and immature, and unprofessional. Not to mention, you'll end up getting sued, and YOU WILL LOSE.

This guy sounds like a whiny little bitch, and he never should've been hired in the first place. When you hire sysadmins, you need to hire people that seem trustworthy, first and foremost.

Re:What an idiot

[ASDFnz]

ALL sysadmins have thoughts of what they would do as "revenge" for getting fired.

It is never crossed my mind so not quite all.

Re:What an idiot

Good plausible deniability there. I see what you are doing... Sure... You've "never" thought about it once...

Re: What an idiot

Depends, did he explicitly try and lock them out? Wiping a laptop doesn't count. If policy is to save admins passwords on laptops then the school is at fault for having dumb policies. Why should the admin be required to even acknowledge the schools existence after termination? If they wanted the password they should have got it before they fired him.

Re: What an idiot

[mattyj]

Maybe because it's the ethical thing to do, and perhaps he'll want to work in IT some time in the future. But that ship has probably already sailed.

My guess is that this guy is in his early 20's, first IT job probable, and doesn't realize the ramifications of what he's doing, career-wise.

I'm old enough to have been laid off several times, and most of those times I forgot to document something or whatever, and I helped out my former comrades when asked, well after my termination, because you build a rep in this business and this childish garbage will follow you around forever.

Re:What an idiot

[networkBoy]

It sounds like someone else setting up the account used Williams's personal email to link him in, and he never removed it (likely because a lockout could ensue). I am not so sure that he is really to blame here.
Any equipment that has seen any mixed personal/business use has always been forensically wiped prior to returning to my employers.
None have ever complained.

Hoarding passwords is a dick move and not okay.
Even as PO'd as I am at my former employer, if I was in a similar situation I would have made them the offer of:
re-instate my work domain account and email, give me a cube for a week, and pay me as a contractor on a 1099 for that week.
In exchange I'll use my personal email account that someone else (apparently) linked to unwind this and remove my access after adding someone else and verifying their access works.

That is reasonable and prevents me from working for free, disentangles the mess, and most importantly to the court system, doesn't look like an extortion attempt.

Re:What an idiot

[Oligonicella]

You have far less reason to doubt his claim than the "ALL sysadmins" claim which, since it's an absolute, is undoubtedly false.

Re:What an idiot

O COME ON...SERIOUSLY? You have such little integrity that you actually believe that anyone who has ever been a sysadmin covets keeping passwords or even fantasizes about it as revenge?

You know its been said that the 'measure of a man is not what you do when people are watching but what you do when nobody is watching'...I really hope I never interact with you.

There are still people in this world that have morals/personal integrity that they live by both in thought & deed regardless of who may or may not 'know' they are doing so.

Re: What an idiot

[Desler]

They would have contacted Google like they did in this case.

Re: What an idiot

[Desler]

It was not his property to wipe.

Re:What an idiot

[aaarrrgggh]

That is kind of the right way to do it, but the reality is the "escort out the door" policy on firing people. (There is no rational way around that which adequately protects the employer both in terms of damage and liability.) The established process for this type of thing, which works pretty well, is a password escrow system where ultimate passwords reside (root and the like). I have seen digital and dead-tree versions of these systems, and personally prefer the dead tree variant: seal password book in envelope signed by senior system administrator who wrote down the passwords, place that envelope in a second envelope signed by legal counsel, and then place it in the president's safe. A third witness level is a nice to have on both envelopes. When the senior administrator is fired, quits, or dies, all the passwords need to be changed, so you open the escrow and validate the signatures, and get to work. The weakness is that as you update the keys-to-the-kingdom you have no proper means of redundancy or control.

Re:What an idiot

[Tesen]

ALL sysadmins have thoughts of what they would do as "revenge" for getting fired. Hoarding passwords is something that has occurred to all of us, at one time or another. It's such an easy thing to do.

But you can't do that stuff. It's unethical, and immature, and unprofessional. Not to mention, you'll end up getting sued, and YOU WILL LOSE.

This guy sounds like a whiny little bitch, and he never should've been hired in the first place. When you hire sysadmins, you need to hire people that seem trustworthy, first and foremost.

Look the issue here is simple:

1) Their IT management sucked and he was allowed to use a personal email account for his admin duties despite their "rules" (rules can always be made up after the fact). So I would fire all the way up the chain of command to the CIO/CTO.

2) They _fired_ him. The caveat to that statement is he wiped a laptop that was not HIS property.

If he had simply returned the laptop and refused to help them, no harm no foul - you do not owe your past employers ANYTHING especially if they fire you. So yes, he messed up and damaged their property.

Re: What an idiot

They'd get a default 250k judgement against him.

Re: What an idiot

I'm with you. I left my sys admin job with everything documented and in good order. Because I was actually good at my job. And I knew I wouldn't be fired or have a hard time finding a job.

Just be good at your job.

Re: What an idiot

[Crashmarik]

I'm with you. I left my sys admin job with everything documented and in good order. Because I was actually good at my job. And I knew I wouldn't be fired or have a hard time finding a job.

Just be good at your job.

Good at your job is fine if you are leaving and looking for another job. When you get sideswiped by idiots a few rungs up on you it's a different story. When they view contracts as challenges in how hard they can screw you, that's even worse.

Re:What an idiot

[quetwo]

That wasn't really the case here. The IT shop apparently had a crew of a dozen or so people. They all had admin rights on the Google domain plus some root admin account. When they fired Williams, (according to the court docs), the laptop was sent back with the root account set to auto-login. Apparently the company they had outsourced the IT to either wiped the machine or did something to it where the root account got locked out or the password changed. The only other account that had admin access was William's personal google account (which was supposed to be removed from admin rights).

He didn't want to work with them anymore to help them recover their admin account, which they screwed up. They ended up suing him. He ended up losing because he didn't show up to all the court dates, because he couldn't travel to Indiana because he was not able to take his kid with him to Indiana (because of a ruling from family court).

If he would have shown up to court, he actually would have won. It was the school's responsibility to secure their property before firing him (including logins, etc.) They didn't, and they can't expect him to even answer his phone after they separated. He was actually in the right, by law, to ask for compensation for working with them, as a new contract work for hire. This is pretty standard case law, and the LRB has postings about it all the time. Now, he could have been in the wrong if there was a policy about not associating the domain admin account with your personal account, but that clearly wasn't the case since it was well known that it was done and they didn't bat an eyelash about it.

Re:What an idiot

[0100010001010011]

Has it ever crossed your mind what would happen if you got hit by a bus? It sounds like the school didn't have proper succession protocols in place.

They fired the admin. From that moment forward he wasn't in charge of doing anything for them. If they needed access to something they should have thought of that before hand.

Re:What an idiot

[edtice1559]

Hoarding passwords for revenge might actually work. You could claim that you forgot the password especially since it was quite some time between when he was fired and when he was asked for the password. But to then "offer to help" in exchange for money, it's no longer revenge but rather extortion. He's lucky not to go to jail.

Re:What an idiot

[ASDFnz]

Has it ever crossed your mind what would happen if you got hit by a bus?

All the time.

As a sysadmin most of my job is planning for contingencies and that is one of them. The hardest part of that is making sure that I keep my contingency up to date with all of the correct credentials needed AND that someone can access and implement it.

Every now and then I hit up the people responsible just to make sure they can access everything they need.

Re: What an idiot

[dbIII]

It was not his property to wipe.

Unless it was. Bring Your Own Device is a thing now despite obvious complications like this.

Re: What an idiot

[orlanz]

Any equipment that has seen any mixed personal/business use has always been forensically wiped prior to returning to my employers.
None have ever complained.

Folks should be careful when they do this. In the US legal framework, a personal asset that has been heavily tainted by business use is basically treated as a business asset. The only obligation the business has is to pay fair value of the personal asset.

So wiping corporate data to remove your personal data should only be done if that is OK with the company. Removing your personal data is fine. Not mixing personal and corporate data is best.

This doesn't apply to most other countries that lean the other way. European countries actually lean the taint the other way. Corporate assets can be treated like personal (but still owned by corp) if there is personal data on it. Asian countries don't really care about corp vs personal.

Re: What an idiot

[Miguelito]

Right.. because simply filling in a few blanks that you, yourself left (to help out previous co-workers you might even get along with fine)... vs doing an entire job based off 1 day's work is EXACTLY the same thing. *sigh*

Re:What an idiot

[Sri+Ramkrishna]

Uh, no.. it would never have occurred to me to do that.. mostly because my department would not be so callous (that would be the HR people or corporate) and they were my friends. I wouldn't do that to them, and I would lose respect as well. So if you do this, you are definitely not someone I want to hire.

Re:What an idiot

[hey!]

Actually it's worse... or rather stupider. He offered to fix it (which really is just involves filling out and submitting a web form) if school settled a lawsuit for $200,000.

Now let's assume this guy is totally in the right as far as the claims in his lawsuit are concerned. That doesn't give him the right to hold his employers' systems hostage until he gets what he wants. Those systems still belong to them.

What was he thinking? Of course the courts are going to order him to hand over the metaphorical keys to the system. And the judge isn't likely to be sympathetic after this. On top fo that any future prospective employer is going to find out about this the instant they google "Triano Williams".

Based on the levels of stupidity and assholery displayed here, I'd be amazed if he weren't in the wrong.

Re: What an idiot

[ASDFnz]

They have a second set of staff? Sounds like they could cut staff in half, outsource it to h1b and then fire you to cut costs by 75% over all.

No second set of staff, the ones we have are well trained and unlikely to all get hit by a bus at the same. Most of them could step in and take over my duties at any time and I can step in and do their jobs as well. Even so, we keep a good repository of documentation and procedures so any half decent sysadmin can at least keep things going by himself until he gets the hang of things and a new team gets put together.

I even have all of the documents put together as to what sorts of people whit what skills and experience we need in order to replace every one of us.

We don't have h1b where I live but we do have immigration. Fortunately, work culture where I live and work isn't like it is in the US and we go for quality over cost. Having said that, there doesn't seem to be much wrong with the quality of immigration here either, we employed two more immigrants since December. Training them up right now.

Re:What an idiot

Thank you for an awesome explanation.

This all points to yet another huge moronism of our court system: having to show up for court in person. I know there are countries in Europe that base many cases on filed documents and written statements. At the very least the courts should use something like skype if they really feel they have to, but the written story should have been enough for the judges. A court local to the IT guy's residence could have deposed him and witnessed his statements.

Re:What an idiot

[Billly+Gates]

O COME ON...SERIOUSLY? You have such little integrity that you actually believe that anyone who has ever been a sysadmin covets keeping passwords or even fantasizes about it as revenge?

You know its been said that the 'measure of a man is not what you do when people are watching but what you do when nobody is watching'...I really hope I never interact with you.

There are still people in this world that have morals/personal integrity that they live by both in thought & deed regardless of who may or may not 'know' they are doing so.

Not only that but if you do have these thoughts then perhaps you should take a step back and re-evaluate your life and line of work? Sounds like it is time to get another job if any employee gets this angry with her or her employer or frustrations with the day to day job.

I have never thought about doing such a thing in the I.T. field. However, I have had angry thoughts about these things on past employers. I quit these jobs as I figured at this point I may not be a good fit for the company culture or position I am in. Also angry bitter negative attitude people are almost ALWAYS the ones who GET FIRED. Even if you are competent if you do not love work then you will suck at it or just be the guy no one wants to do business with. Either way your career at that employer is hosed. Time to leave on your own terms rather than HR for your next opportunity.

Re: What an idiot

[Billly+Gates]

Then leave.

I have been there done that. Having a negative attitude and being bitter is grounds for termination.

Even if you try to suck it up your language, mannerisms, and reactions to stresses show someone no one wants to do business with. Guess who then gets the poor performance evaluation or let go? YOU.

Part of being competent at your job is loving your company and what you do. It is part of integrity. Yes, I have experienced bad things both sides from me my employer to myself reacting angrily. At this stage I update my resume and leave. I figured if I do not do it now it will be made for me by HR firing me and now lowering my value as I have to explain in my next job interview why I have hole and went happened at my last employer. Boy, you do not EVER want that! It is a kiss of death.

I have never wanted to do such things as keeping passwords or screwing any employer. Even the ones I left I was angry at management, but did not want revenge. If I ever get to that stage it is sickening to myself, employer, and coworkers and nobody wins in such a situation.

Re:What an idiot

There are two thoughts any sysadmin should have:

• if it was me, how would I break into this system
• how could I damage the company

Then think how many of those things you could do by accident if someone persuaded you they needed your help whilst drunk or, in many cases, merely by being knocked down by a bus and spending three months in hospital. The end result of this thinking should be.

• more regular, better more distributed backups
• better ways to recover from disaster
• more privilege separation and protection against everyone, including yourself

An inexperienced young sysadmin may never have these thoughts, however the first time one of his colleagues leaves in bad circumstances he will be forced to have them as he tries to work out what his colleague might do now. If you haven't had the thought about what you could do for revenge then you aren't a serious experienced sysadmin.

Re: What an idiot

He didn't blackmail anyone. Don't be such a cunt.

Re:What an idiot

[silentcoder]

If you want to make it harder for somebody to break into your house - what is the first step ?

Oh right, it's asking "How could I break into it right now".

Thinking of how one could take revenge does not imply any desire to act on those thoughts - it implies doing your due diligence as an admin by looking for weaknesses in the setup that need to be fixed and fixing them before somebody else can exploit them.

So, sorry, but if you've never sat down and thought "how could I take revenge on this company if they fuck me over" - you are not doing your JOB. Because it means, if somebody else (rightly or wrongly) feels they have been fucked over, you won't know what revenge they may want to take, and you won't have put the systems in place to prevent it.

Re: What an idiot

[silentcoder]

>What would have happened if he'd been hit by a bus?

To answer your question I set up an experiment in which over 3000 people were hit by a bus under laboratory conditions. I carefully monitored the outcomes in all cases and can report my preliminary findings. With 99% probability, when a human being is hit by a bus, that human dies. The full paper will be submitted to NATURE for peer review and publication later this year after dealing with some anomalies in the test data (in one case... the bus died).

Re:What an idiot

[houghi]

There is a difference between 'ALL' in science and 'ALL' in daily language usage. I also had fun pointing these things out when I was 12 or so.

It also has crossed your mind while reading it, so the ALL stands.

Re:What an idiot

[cdrudge]

The hardest part of that is making sure that I keep my contingency up to date with all of the correct credentials needed AND that someone can access and implement it.

Well it sounds like the guy in the story didn't do that. He probably should be reprimanded or fired or something. They just need to be sure to do it AFTER he fixes the situation because they're screwed if they do it before. Oh wait...

Re: What an idiot

[NeoMorphy]

I totally agree with you!

You need to be professional and think about your career. You train to keep your skills up to date, you maintain a network of contacts in the field and work on having a good reputation. Why sabotage that work with a vengeful act that will probably hurt you more than your target. You might even feel bad about it later when you reflect upon what you did.

He was probably was young and still thinking "job" and not "career".

Re:What an idiot

Why can't the court case be in defendant's state? It's unreasonable to expect him to relocate.
Why should an ex-employee be accountable for an outsourced vendor's bad support and security practices?
This case is wrong on so many levels, and is presented very one-sided.

Re: What an idiot

Part of being competent at your job is loving your company and what you do.

Found the guy from 1960.

Sorry, Your company no longer loves you and what you do. If some executive decides a quarterly bonus could come from it, you'd be out on the street faster than you can say "I'm a competent and loyal employee". And you might be surprised how hard it can be to obtain an equivalent position once you've been terminated.

The fact that you have a chokehold on critical corporate assets will mean nothing to them, because they know what that's like, but unlike sysadmins, they negotiate their salaries and termination contracts based on the fact that they could screw over the company whereas sysadmins meekly allow themselves to be ushered out th door.

Re: What an idiot

[Lord+Kano]

Part of being competent at your job is loving your company and what you do.

What kind of Stockholm Syndrome bullshit is this?

I'm good at what I do. I enjoy what I do. I'm on good terms with my employer but I do not love it. It's misguided and unhealthy to love a company. A company won't love you back. A company can't love you back.

LK

Re:What an idiot

[Lord+Kano]

Has it ever crossed your mind what would happen if you got hit by a bus?

Every organization should have a "Won the powerball" or "Hit by a bus" insurance policy of some sort. Namely, a second or third person with the same level of access to every system.

Allowing one person to have the power to cripple your organization is a recipe for disaster.

LK

Re:What an idiot

[hey!]

Not according to the summary, but let's go with your interpretation of events. He wanted $200,000 in consulting fees for what? Spending literally one minute filling in a web form changing the admin's email address on an account. Still stupid: he should have demanded $2 million, because that's a never-get-hired-again dick move.

Re:What an idiot

People with actual integrity are an incredibly small minority now. At least in my experience anyway. Probably because it is, in today's society, a 'losing" strategy.

Re:What an idiot

[0100010001010011]

Allowing one person to have the power to cripple your organization is a recipe for disaster.

In every article I've read that's exactly what happened with this organization. They fired everyone for refusing to locate to Indianapolis.

He was the last one standing and they fired him then Administration tried to play IT and log into their old accounts and got themselves locked out.

At my job the second I'm no longer employed your IT problems become not my problem.

Re:What an idiot

[The-Ixian]

This has been how I leave jobs. I delete my own access prior to walking out the door.

My own access is just standard user rights like everyone else. The administrator account(s) remain. However, admin accounts are never enabled for remote access.

Re: What an idiot

[thegarbz]

If policy is to save admins passwords on laptops then the school is at fault for having dumb policies.

If only there were experts which could be hired to be on staff to address these kinds of silly policies. Shame the entire industry has no such people.

Re:What an idiot

[mandark1967]

A post like that deserves a real name next to it, not A/C, so you can be recognized for a clear, well-thought out response.

Re:What an idiot

[tsstahl]

Mod parent up. Guy may have been a jerk after the fact, but the company put their foot in the bear trap willingly.

Re:What an idiot

[AmiMoJo]

These days a lot of people seem to be worried about being replaced, perhaps by offshoring or just by someone cheaper. In that case, there is little incentive to make the system robust enough to survive your exit from the organization.

It's long been the dream of everyone in tech. Become so essential to the business, usually by being the only one who can perform a vital function with no possibility of replacement within standard notice periods.

Good wages and conditions are a great insurance policy and motivator.

Re: What an idiot

The one bus that died must have hit Chuck Norris.

Re:What an idiot

[AmiMoJo]

Another way of looking at it is that the school needed to employ him again to help them recover from their mistake. It was their mistake, they locked themselves out through incompetence (relying on auto-login). He declined to accept their contract due to the pending lawsuit against them, but offered to reconsider if they settled it.

Re:What an idiot

[__aaclcg7560]

ALL sysadmins have thoughts of what they would do as "revenge" for getting fired.

Whenever I get let go on a contract, I never consider revenge. I feel sorry for that company letting go of one their best IT workers and look forward to the 40% raise at the next company.

Re: What an idiot

[networkBoy]

This is corp property I'm talking about no less.
All my employers have had a "Personal use" policy that I strictly follow, e.g. my posing on /. here.
I never store business critical *anything* on my computer, nor do I store personal critical anything on my computer.
My laptop is used as a disposable asset; upon return it's wiped.
That said, I think the only reason I've never had grief about said policy is that my last email to my boss has always been the UNC path to all data, source, docs, etc.

Re:What an idiot

[networkBoy]

Yes that's the right way, but in this particular case it looks like something caused a lockout and his personal email is the failsafe. While that should *never* happen, it did. I would then handle it as I said.

As to the escort out mentality: I agree with it. of 100 people you let go, 99 can be saints, but that 1 devil will cost you more than the 200 weeks of pay you "lost" by just paying them not to show up their last pay period.

Re:What an idiot

[DarthVain]

I have a similar story if a very minor one. I was visiting a friend in Ottawa, and wasn't sure where he lived. I thought I found the place, but prior to parking around back I parked out front to go knock on the door to make sure it was the right building. I didn't notice but I happened to be parked in front of a fire hydrant (which is illegal). So my buddy came to the door and we were chatting for a few moments and he mentioned that he though I was getting a parking ticket behind me. So I walked over and explained the above the the parking officer. He agreed and said not to worry about it and made a show of ripping up the ticket.

Fast forward several months later I get a court summons, in Ottawa (hundreds of km from where I actually live) that basically said pay this fine (60$ I think it was) or show up for court, failing to show up was an admission of guilt. Apparently the Officer never canceled the ticket. I got in a written fight with the City of Ottawa over the issue, and they brought in the Officer who then decided to lie about everything. I was left without recourse.

My options were to either pay the 60$ ticket knowing I was in the right, or travel to Ottawa incurring expenses of hundreds of dollars for the privilege of defending myself. In the end I had to eat my rage and just pay the stupid fine. It really comes down to how important the decision is to you VS the expense you are going to incur defending yourself. In my case it just didn't make any sense. In the context of this story he probably should have traveled to defend himself. From the sounds of it however he had other factors influence his decision (custody decision with his kid), which really adds another level of unfairness to the whole affair.

Re: What an idiot

[Billly+Gates]

Not Stockholm. Stockholm is BE HAPPY YOu HAVE a job!

I am advocating leaving if you are not passionate as those are always top performers who are always pleasant when shit hits the fan rather than whine and make excuses.

You can say that is screwed up but it's reality unfortunately. Who wants to be forced

Re: What an idiot

[buchanmilne]

"Hoarding passwords is something that has occurred to all of us, at one time or another. It's such an easy thing to do.

But you can't do that stuff. It's unethical, and immature, and unprofessional."

But, what if you have no other option? What if you weren't actually hoarding, but became the last staff member with rights by attrition, and management didn't show any interest in ensuring administrative continuity (by not filling vacancies etc., or making the effort to see ), even after being informed.

I work for an ISP. Google provides ISPs access to some tools, which require a Google login. Our company doesn't use any Google for business products. Our company doesn't have a policy regarding credentials for 'cloud' services that can't use your company email address. So I used my personal gmail account (like my colleagues and our manager).

Is it my fault if my manager locks himself out after I leave the company, or doesn't bother getting his account linked along with the rest of the team?

I don't think there is a clear-cut case for malicious or negligent behaviour on the side of the employee, but it seems pretty clear that they actively worked him out. In many countries that would have been illegal and he could have sued for unfair dismissal and gotten a year's salary with only a few hour's effort and no significant costs.

But you Americans seem to want to punish any worker who has picked a bad company to work for (what else can explain your lack of basic worker's rights protecting them from vindictive companies such as this one seems to be).

Re: What an idiot

[Huge_UID]

(in one case... the bus died)

And then a four foot cop arrived with a five foot gun.

Re: What an idiot

[buchanmilne]

"The biggest mistake that happened in the original article was the violation of company policy of registering his own private email address for the administration account. Because of that move, the school (in my opinion) was justified in suing the guy."

I don't know specifically in this case, but in some cases in my position I have access to some work-related features on Google and Facebook linked to my personal accounts. Since our company has no products/services from either, I can't really do anything else except possibly make a dedicated account for that one purpose.

If my manager fires all my colleagues, then me (and forces us out to avoid paying severance), then locks himself out of his account, why should it be my responsibility to help him recover from this situation that he created?

Re:What an idiot

[Delwin]

> most of the critical passwords at my enterprise are already shared

... You do realize that this means that anyone who has the shared admin passwords can, and likely will, do untold damage on the way out?

Re:What an idiot

[Cederic]

Hmm. Fantasising about shit I might do in revenge is one of the ways I stay sane.

Not doing it is the key differentiator, not whether I think about it.

Anyway, designing a undetectable logic bomb is bloody good fun. You don't have to actually implement and deploy it.

Re:What an idiot

[PrimaryConsult]

If fired your only responsibility is to forget every last thing about that job, immediately. If there is no human redundancy already (there should always be multiple people capable of doing the same tasks) they deserve exactly what they got, which so far seems to be a half million dollars in losses. The employee "got hit by a bus" or "won the lottery" protections also work for firings. They clearly were unprepared for any of those scenarios.

Re:What an idiot

[aaarrrgggh]

You have to use a separate domain for recovery, otherwise what do you do when there is a domain-level issue? Granted, you should do something like admin@university-recovery.space ideally, which is separately administered, hosted, and registered from the main domain... but few places have the foresight for that...

But, the issue would not have been a problem if two people had administrator rights to the domain, even if one was a second ghost account in a safe... ideally with one-time pad recovery codes as well.

Re:What an idiot

[hey!]

Sure, that's a *way* to look at it. But if you were considering this guy for a job, is that *the* way you'd look at it?

Re:What an idiot

[david_thornley]

The measure of a man is at least related to what the guy does when nobody's looking, not what the guy thinks. I like thinking up ways to scam the system, and I'd never carry them out.

Re: What an idiot

[david_thornley]

That depends on the company. Some companies have the attitude that they'll take care of their employees, and their employees will take care of them, and get better work for it. However, you can never count on it continuing, particularly in a publicly held company.

Re:What an idiot

[david_thornley]

I had a manager once who said that he had no objections to a lottery pool as long as he was included. If all of us called in rich one morning, he didn't want to have to go to work and cope.

Re:What an idiot

[david_thornley]

The company probably didn't order the sysadmin to have their gmail administration linked with his personal email. That is sabotage. They have no right to ask the guy to do anything other than compensate for his malfeasance on the job.

Re:What an idiot

[cwsumner]

It sounds like someone else setting up the account used Williams's personal email to link him in, and he never removed it (likely because a lockout could ensue). ...

If the password was set up on the laptop, and he used the laptop to access it, he might never have known what the password was. It would just show as a line of "stars".

They probably wiped the laptop when it came back, as usual, and screwed themselves.

Re: What an idiot

[david_thornley]

He demanded $200K to let the school use its own stuff. Why don't you consider that blackmail?

Re:What an idiot

[david_thornley]

Look on the bright side. If you'd gone to Ottawa and pled your case in court, it would have been your word against the police officer's and you would have spend money, taken time, and undergone stress for the exact same result.

Re:What an idiot

[david_thornley]

The ex-employee isn't responsible for possibly malicious incompetence by his ex-employer, but tying his personal email account to the school's gmail account was his own failure.

Re:What an idiot

[cwsumner]

,,, The caveat to that statement is he wiped a laptop that was not HIS property. ...

He says he didn't wipe it. They almost certainly wiped it (routinely) when they got it back, but don't want to admit it now.

"Not repairable" probably just means they wiped the OS and it won't boot...

Re:What an idiot

[Lord+Kano]

I prefer for one person in the office to choose not to participate in lottery pools. I want that one person to tempt fate for my possible benefit.

LK

Re:What an idiot

[networkBoy]

yes, you do.
I have three email accounts, two I don't host and they are used as backup accounts for my domain hosting account (which is itself hosted on my own domain). If, for whatever reason, I lose my domain, then I'd also lose my primary email, but would be able to use the 3rd party email as a second authenticator.

Heck the Uni could have just had "uni.recovery@gmail.com" and a secure password and they'd be okay. Preferably with a U2F key or two linked to it, and said key(s) in a safe.
-nB

Re:What an idiot

[Anonymous+Cow+Ward]

So you're saying that all absolutes are absolutely false? Hmm...

Re: What an idiot

[simondistintive4944]

My credit score was 5Â10 a friend recommendÂed me to 1dataexit feÂw weeks later my scorÂe shot 760 Âit sounds fake but I can assurÂe you it's magical ÂtÂhier services are awsÂome Â1dataexit@gmail.comÂÂyou will be thankful for my referal or phÂone them at Â+1 262 777 8270Â.Â

Terry Childs...

Reminds me of Terry Childs.... Not sure it's so malicious as of yet. There are a lot of idiots who can spin their own lack of technical knowledge into supposed misdeeds.

Sometimes people just assume you are to blame because you were simply the one who "did something" to the machine before they came along and messed it up.

I had a boss who was given my password to the company laptop but contacted me accusing me of locking him out after employment because the machine booted with numlock emulation and if you aren't aware it replaces standard keyboard keys with numbers... U=4,I=5,O=6 etc. I literally came in, turned off numlock emulation with the Fn hotkey, typed exactly what was on the paper, and walked out simply to dismiss a potential lawsuit.

Some people are just stupid.

Dude plays race case, threatens upper management..

[xxxJonBoyxxx]

From the letter linked to in TFA summary:

>> The culture of American College of Education (ACE) has become very toxic over the last 6 months and seems to affect only the African American demographic of our college. I know our HR manager is relatively new and may not know the history of the college regarding a few past discriminatory practices that were resolved by legal actions...I suggest that all members of upper and middle management at the company take diversity and sensitivity training.

How does that read? "I want less racist managers and if you don't make me happy I may find an attorney to help me play the race card..."

Maybe he had a point, but I could understand how a lot of people in the college might be looking to drive him out, regardless of his IT skills (or lack thereof).

Agree and disagree

Agree that he shouldn't have to help them reaccess the account IF he had given them the password as he said he did.

Disagree that for 200k he would unlock it for them. Fails the sniff test, and sounds like he screwed them on purpose.

Re: Agree and disagree

Does it really matter if he didn't give the the password? This is Software as a Service... Google should support their paying customer which is the school. The school writes the checks, they should just get the password reset by Google.

Re:Agree and disagree

[dbIII]

Disagree that for 200k he would unlock it for them

It's the Trump way of doing things. Don't get upset when a lowly serf tries it as an "opening bid".

Re:Agree and disagree

[jabuzz]

Nope he was refusing to do any further work for them till all outstanding legal action between them was resolved. This is a perfectly rational and entirely reasonable position to take.

Re:Agree and disagree

[__aaclcg7560]

Disagree that for 200k he would unlock it for them. Fails the sniff test, and sounds like he screwed them on purpose.

I've worked at one company where management fired a long-term programmer responsible for a dial-up server. He refused to turn over the password until he got paid $250K. Management threatened to take him to court. But he had negotiated a clause in his contract to cover a situation like this. So the company paid him because it was cheaper than a lawsuit.

Re:Agree and disagree

[david_thornley]

Not if the situation was his fault in the first place.

"Race Relations"

Why is everyone in higher education so fucking paranoid and sensitive about this shit? Go to an American university and everyone is walking on eggshells and freaked out about racially offending someone or another. If it's not race then it's gender. Everyone is going crazy.

Re: "Race Relations"

Uh, we've lost three fucking wars in the last decade. The current generation of college graduates sure as fuck haven't won a war, and the result of letting the Islamists win IS genocide occurring now.

Re:"Race Relations"

[quonset]

Compare this generation to the generation that fought WWII.

You mean the generation who literally, in the truest sense of the word, would attack a black guy if he was talking to a white woman? The ones who tried to bar blacks from integrating into a white university and which the National Guard had to come out and protect the kids who only wanted an education?

You mean that generation?

Re: "Race Relations"

[Oligonicella]

More like one in four, so no.

Re:"Race Relations"

[Nemyst]

Well, actually, you're contradicting yourself here. In a way, they are morally superior, specifically because social values evolve. They will continue to evolve, yes, so hopefully our children and grandchildren will be even more morally superior (much the same as we hope they'll be technologically superior, have better health and so on). That doesn't in any way change that what they said was entirely true.

Plus, the point wasn't to assert moral superiority, but rather to point out that nostalgia goggles tend to conveniently hide the unsightly elements of the past.

Re:"Race Relations"

[dbIII]

Social values evolve

And not just from "bad to good", really just towards different.
Consider the attitude of the WWII generation to torture and the attitude of the current one fed on "24" and similar shit. In many ways the people 100 years ago would judge us and find us wanting. That was one of the minor themes of John Birmingham's World War 2.1 books which open with a 21st century naval fleet ending up in the middle of WWII.

Re:"Race Relations"

[ShakaUVM]

>You mean the generation who literally, in the truest sense of the word, would attack a black guy if he was talking to a white woman?

Not everyone back then was a Democrat, dude.

Re:"Race Relations"

Applying contemporary morality to situations and circumstances of the past is like saying someone was a bad doctor in the 1950s for not sending a patient in for an MRI.

Re:"Race Relations"

[silentcoder]

Eeeeehhh WRONG !
At every point in history, no matter how bad society looks to us, there are voices sounding LIKE us. For every past evil there were people speaking out against it AS IT HAPPENED. So there was NEVER a time it was OKAY to do those things and there were ALWAYS people saying it's not.

Columbus set up a slave trade and committed several mass slaughters as soon as he met native Americans. The death toll from his actions is estimated at 5 million people in 50 years.
BUT At exactly the SAME time that was happening: Bartolome De Las Casas was out there saving their lives. Politically advocating for them to have equal rights, calling for an end to slavery.

No, these things were always evil, and there were ALWAYS people saying so. All that changed is that it took decades (or centuries) for the majority to listen to them.

But being the ones who are following in the spirit of those who demanded better of mankind, and demanding better of our own peers now... no my friend, we will NOT be looked at the same way. Homophobes and Transphobes will. We will be looked at like I look at Las Casas.

When it comes to how you treat other people there IS a clear morally superior and morally inferior line - and that line is clearly defined and has been for 3000 years. You're just standing on the wrong side of it and you imagine everybody else does too.

You think there were no whites in America in the 1940's and 1950s who were utterly disgusted with the behaviour you're describing ? You think there weren't some white people on the busses with the freedom riders, standing in solidarity with them, getting beaten up with them ?
They are always there. A few months ago in South Africa when black student protestors marched on parliament to protest fee increases - a row of white volunteers walked at the front of the march, not because they were in charge: but so if the police got brutal there would be white people between them, they were there as voluntary human shields.

So - go fuck yourself telling me this generation isn't capable and prepared to fight, not prepared to face severe violence from deadly armed enemies (that same policemen, remember, were the ones who brutally massacred 34 strking miners just brief while before). This generation is happy to be human shields to protect those without a voice so they can speak up. To put their lives on the line so that others can get a chance to be heard.
There has never been a generation MORE like the greatest generation than this one. The babyboomers were a disgraceful bunch of fat slobs who were extremely happy to use every government handout they could get (or invent) to raise their own lives up, and then dismantled those very same systems so that the next generation wouldn't have them (because once they didn't need them anymore, they didn't want ot fund them anymore). Now considering that they only got to use these things in the first place because the greatest generation WAS funding it - they were the exact opposite of that generation.

The only thing that changed - is what they consider worth fighting for, the world is different. They don't want to kill Muslims because they know you're an idiot to be afraid of Muslims. They don't want to bash gays, and they don't care if their friend has a penis under her dress. They do care about you not making her difficult life harder and they WILL fight to protect her.
And if need be - they will stand in front of her so you have to shoot them first.

Re:"Race Relations"

[cmdr_klarg]

>You mean the generation who literally, in the truest sense of the word, would attack a black guy if he was talking to a white woman?

Not everyone back then was a Democrat, dude.

Yesterday's Democrat (or Republican) is not anything like today's.

Re:"Race Relations"

[lgw]

People used to believe that natural evolution was from the worse to the better, making us the "most evolved" life form. Pure arrogance of course - evolution doesn't work that way.

Re:"Race Relations"

[david_thornley]

Consider the attitude of the WWII generation to torture

Yes, consider it. Don't assume it. Soldiers of all countries did some pretty horrible things.

Re:Dude plays race case, threatens upper managemen

[kamapuaa]

Maybe it was a legitimate complaint?

Holding passwords hostage isn't the answer, but nothing inherently wrong with bringing attorneys into it. No company wants to hire or even interview tech workers over 45, and Slashdot is happy to talk about lawsuits with regards to that issue.

And in fact you do the opposite

[Sycraft-fu]

You have a plan should you get killed or otherwise be unable to provide the passwords. Where I work, in addition to there being more than one IT staff, all the passwords are safely locked away where the Dean can get at them, if needed. We make sure that even if we are all gone, whoever comes after can get access.

These days the university has policies to that effect but we did it before then because that is what you do. You have a disaster plan, and that plan includes what happens if you aren't around.

Re:And in fact you do the opposite

Well, that's not only an amazing display of immaturity, it's also an amazing display of ignorance of modern wiring codes.

The hard drive would be easily recoverable in the scenario you describe.

At least microwave it, or put some 16 penny nails through the platters.

Don't they teach you kids anything these days?

Re:And in fact you do the opposite

[argumentsockpuppet]

When I go on vacation, I like to go places where there is often no phone or internet service. If there is anything that my department cannot handle while I'm out, that's a problem. It's a problem I fix as soon as possible. It's been quite a few years since anything that "needed" my attention turned out to be something besides "we didn't bother reading the documentation." I expect a backlog of issues they couldn't handle as efficiently as I could, but nothing they couldn't do if they just read and learned more.

My predecessor once bragged that my employer would never be able to keep him from being able to log back in. He left on "good" terms, so I didn't have to immediately ensure that wasn't the case. That was nice since it did take me more than a month to ensure his access was truly disabled without interrupting any services. My replacement shouldn't need more than a day.

If I'm ever hurt, I expect my job to be waiting for me when I get back. I don't expect it to visit me in the hospital or at my home when I'm recuperating.

If I win the lottery* one day, I expect to call HR and let them know that I'll come in for an exit interview after a few months in a tropical resort. I expect them to miss me and need to pay three times my salary for my replacements. I expect to get invited to office Christmas parties.

*I don't expect to win the lottery. I don't buy lottery tickets, but according to the way I understand math, my odds of winning are exactly the same for planning purposes.

Once in a while I get a call from somebody who wants to sell IT in a box type outsourcing. I don't dismiss the idea out of hand because there's a lot of scut work I wish I didn't have to spend time on, but so far, I can't rationalize the cost. I know they can't replace us, but sometimes I think it would be nice to separate our true work from the work that just fills the low priority moments. There's a very slim chance that somebody with a poor sense of what we actually do will get one of those calls and think they can save money by replacing us. In our offices, I expect that idea to be dismissed immediately, but maybe personnel will change or somebody will make a stupid decision and I'll get to hand over the passwords to my replacement. My next employer will have a dozen references vouching for me and in three months I'll get offered my old job with a salary high enough to make me, at least briefly, consider taking them up on it.

Re:And in fact you do the opposite

[grep+-v+'.*'+*]

Be careful with this -- don't forget to UPDATE those physical envelopes when necessary. And that still doesn't solve intentional breakage where someone changes then absconds with the new controlling credentials.

A stored-in-a-safe envelope is still a single point of attack, albeit good for emergencies. If you want to distribute the password and know you have time to recover it, see Shamir's Secret Sharing Scheme or overview for how this would work. Basically: for T total users force a quorum subset Q of them to agree to use the password. A non-quorum won't work but it doesn't take all T users to recover it either. Personally, I'd use Multipar to generate the details.

And that's only good for passwords. It's better if you can create alternate groups and accounts with different rights (least privilege) and farm those out for daily use. At work in MS AD, we mothballed the original "God" Forest account and schema master and used other just-as-good proxies and groups for daily and special admin.

The idea was that way if anybody not in the original group successfully took over the tree/forest (or we managed to shoot ourselves in the foot!), there was one "hidden" unused account that still had overriding rights over everything that could be used for recovery. Also, "Administrator" was a false ID -- it didn't do anything and had auditing turned on for any failed attempts. No one used it, so if someone TRIED: something is definitively wrong.

Re:And in fact you do the opposite

[david_thornley]

Yup. I've seen questions about what I want at my funeral. It seems to me that that is very definitely Not My Problem. I'll make suggestions about my birthday party or what I want for Christmas or things like that, that I'm likely to be present for.

Re:And in fact you do the opposite

[argumentsockpuppet]

for planning purposes

caveat: noun - a warning or proviso of specific stipulations, conditions, or limitations.

Re:Dude plays race case, threatens upper managemen

Maybe that's because the majority of slashdotters don't need to worry about waking up black or female. Waking up old, however, awaits us all...

Re: Blacks are sociopaths

Transferring admin credentials to new staff is expected behavior. He was trying to hold them as leverage in his unlawful termination suit. He's extorting them and hoping for a quick settlement - that's the story here, not them getting a judgement against him.

need more details

[v1]

If his account wasn't the controlling account, and the school really did lock themselves out, they started the problem. If he used rng for a good strong master organizational email password, and it got wiped as the laptop got returned, he may not have it to return. (one wonders about the state of the school's backups...) As an employee you can't just assume the school is going to go retard on you and require you to provide copies of stuff they ought to already have. To the school's credit, he ought not to have wiped the computer before returning it, that's his bad.

When I last changed jobs, it was well known that I had copies of work-related data on personal drives, as I mirrored them to several around the shop for everyone to use the tools and data on. I was asked to delete that data on my personal drives when I left, which I did. I found out months later that the GM went on a wiping spree, intent on nuking ALL the service drives. (bright lad, that one) I was asked later by the SM if I had that data. nope. The SM finally found one last service drive in an old service machine that had been replaced and mothballed, saving enormous headaches. If they'd have lost that data for good, tough. NOT my problem.

It does sound like Williams isn't going out of his way to be cooperative, but it also sounds like the school is expecting more than they are entitled to in the way of cooperation. Will need to get more details on both sides. Even if he "violated policy" while he was working there, that'll be tough to find any legal liability over. You fired him, that's what you do when they violate policy. That doesn't also mean you're allowed to fine, sue, or break his knuckles after you've parted ways.

Re:need more details

[ruir]

Buy a dictionary and look up the word fired, it might be a novel concept to you.

Re:need more details

[Cramer]

On my personal equipment? Outside the company? AFTER I no longer work there? ABSOLUTELY NOT

Once I'm no longer employed there, I should not have any of my former employers "important data." My passwords are my passwords; I will happily change them to whatever you want before I leave, or your admins can use their admin powers to reset them. (I'm not stupid enough to use my employee account for system/role processes. My personal account does NOT run the backups, builds, etc.) If you no longer have any other admins, well, that's a problem of your own making. (probably. unless you have a Terry Childs around)

Last day is this Friday

Last day is this Friday, and I am feverishly working to plug as many holes as I can. What management doesn't realize is we don't have a leak so much as it turns out the boat was made out of salt and it has been raining for six months.

I have no idea if they'll be contacting me after I leave to see if I can throw them a life preserver. But I do know this: the price of life preservers is going up.

That said, I'm not scuttling the lifeboats, but if I were, I'd deny it and try not to get caught in the act.

Re:Last day is this Friday

[wildstoo]

Last day is this Friday, and I am feverishly working to plug as many holes as I can.

Ugh. TMI, dude.

Forma Pauperis

[speedplane]

This is going to be a tough fight. Williams just filed for Forma Pauperis, which means she can't afford the filing fees. Good luck winning this one without having high-dollar attorneys. https://www.docketalarm.com/ca...

Boo Hoo

[valnar]

I have no problem with companies or schools paying the price for foolish behavior. No backup to the guy who was up to speed before they fired him? Shame on them.

Re:Boo Hoo

[Attila+Dimedici]

I tend to agree with you, but to be fair to them, he had been working remotely for years. There probably wasn't anybody left who knew what he did.

Re:Boo Hoo

If you fire someone without even knowing what they do, you better hope the only answer was "nothing", or that's a damn fool move.

"I don't know this person. Get rid of them and cut off all access as normal"
".... They were the WHAT???"

Re:Boo Hoo

[Cramer]

Lots of companies do that. Especially when it's IT workers, as the bean counters and pencil pushers have literally zero understand of what IT does. Everything "just works", and they have no clue how or why. And they don't care; when shit breaks because there's no long anyone there to keep it running, obviously the person they fired is to blame.

Re: Blacks are sociopaths

[thundercattt]

If he was fired, they would not give him opportunity to pass along credentials to new person. They'd tell him Friday at 4:59pm to get out and then escort him to the door like a criminal. After said treatment, I wouldn't help them for free either. Without dollar bills, my memory gets veeeeery fuzzy

Re:Dude plays race case, threatens upper managemen

[Attila+Dimedici]

I want to first say that there is enough lack of information in this article that it is impossible to reach any conclusion without a heaping load of reasonable doubt.

That disclaimer having been made, this sounds like a situation where the sys admin became a malcontent because he was left out of the loop on a lot of things,,,something which often happens when someone works remotely. He claims they refused to promote him to management, likely because he was working remotely and they did not think it was practical for him to manage people he never saw (they may have been wrong, but I understand why they felt that way). As for the secret meetings he alleges, I doubt they were secret. There were probably a bunch of meetings they did not mention to him because they were not directly related to his job and not worth setting up a way for him to attend remotely. Then they probably forgot to include him in some meetings they should have because A) he worked remotely and B) they had not invited him to the other meetings (the latter which there was no reason to include him in).

Having read the whole story, it reads like there was a change in administration and the new administration did not like that Williams worked remotely and was trying to find a way to get rid of him if he would not move to where he could actually come into the office (something he could not do). I think he read the writing on the wall (Sidenote: by the time the writing is on the wall, being able to read it does you no good) and wrote his letter in an attempt to intimidate them into leaving things the way they were.

My skepticism for his account of things is not because I do not think it could have happened that way. My skepticism is because the story is almost entirely from his side of things and everything still has explanations that do not require malice on the part of the Institution or its staff.

What good is Software as a Service

If the company providing it can't/won't reset your accounts when a manager leaves. That's the point of paying Google bucks for this.

Re: What good is Software as a Service

Oh, I'm absolutely positively sure there's a process in place to officially request account credential reset with proof of ownership via the company subscribing to the effected service. Maybe they didn't ask Google, or perhaps they just wanted to make an example out of him in the event he was withholding OTHER important information.

Re:What good is Software as a Service

[zerocommazero]

Google for Education is free. You get what you pay for.

Re: Blacks are sociopaths

That's been my experience as well.

Actually, when I got fired (after training my H1-B "assistant") most of my things were already in a box in security's arms by the time I got out of the office - barely took five minutes too. They pretended my trackball was their property as well, never got it back. Old walkman either.

Two months later I get an email demanding my personal (not work) email password because they'd occasionally sent me documents through it - even though they were warned not to do so - and had lost some. Not "could you send us some of those old docs we'd mailed to your personal address", let alone a "please?", no, a piece of snailmail from legal accusing me of stealing my own hotmail address. That I've had since highschool.

Re: Blacks are sociopaths

The big failing here is that IT policy didn't have this information located in a safe place and/or shared with a second person ahead of time. Had the admin been hit by a bus rather than fired, they'd have zero recourse available.

It's no surprise that they've got broken IT policy, it's a for-profit online school that provides graduate teaching degrees - not exactly a top-flight school.

The idiot is elsewhere

[dbIII]

If it was not an outsourced service then local physical access solves the problem if the ex-employee is not available.
If it is an outsourced service it should be to a provider that will listen to the person paying the bills instead of refusing to deal with anyone other than the ex-employee.

When something like this escalates to the point where someone is going to jail I'd say there are multiple fuckups and a scapegoat who probably deserves jail far less than some of the others involved.

After the ridiculous situation with Terry Childs in S.F. I checked with others to make sure that if I was going out the door for any reason they wouldn't need to ask me for a password (and that nobody could accuse me of withholding one), but few have made sure that such a transition would be as smooth.

You can do the right thing and have left the passwords with the top level of management or whatever, but unless someone else can prove you have done so you are vunerable to scapegoating which may be what this situation was.

I just want to know if the Laptop was REALLY

[aussersterne]

wiped and disabled, or if he just ran Linux or *BSD on it and everything is still there, they just figure "not Windows or Mac, ergo broken, he must be trying to fvck us."

Ha! I had the same thing happen to me.

[aussersterne]

I owned a small consulting company in the late '90s and we were hired to do some work for a VPN vendor. We had to sign a rather onerous NDA and then they stiffed us on payment after six months' work and proceeded to ship what we had built anyway. The "separation" was acrimonious and involved court just so we could get paid.

Two years later, the president of the company contacts me begging for archival copies of what we'd produced, as they suffered some sort of catastrophic event and had lost a lot of source code.

I rather gleefully told him that (a) I had to take him to court to get him to pay me for shipping our work last time around, and (b) as per the NDA that they made a serious issue of in court, we had dutifully wiped everything we had ever worked on for them, and good luck.

I smiled for about a month after that.

Re:Ha! I had the same thing happen to me.

[...]we had dutifully wiped everything we had ever worked on for them, and good luck.

Did you actually do that? If so, impressive.

I smiled for about a month after that.

Given the circumstances, I probably would have done it too. :)

Captcha: intrust

Re: Blacks are sociopaths

[Sri+Ramkrishna]

I'm not sure who is supposed to be responsible in a termination that was immediate against a hostile worker.

Never crossed your mind?

[Bruce66423]

Really? That makes me doubt you are a good IT tech, because you don't think of all possible options. It's fundamental to the job of IT to consider as many possibilities...

He could always move to AFRICA...

.. but that would be just awful, wouldn't it...
He'd have to live around his own kind, free from 'racism'...

As soon as I saw the name "Triano", I knew what this would be about.

Re:Dude plays race case, threatens upper managemen

[cdrudge]

Waking up old, however, awaits us all...

Speak for yourself. I plan on dying a young 400 pound hacker good at cyber.

As tempting as it may sound....

[gatkinso]

...you don't get to run off with the root passwords. They are not your property, and you will end up on the wrong end of the shit stick.

Re:IT layoff war stories

[gatkinso]

>> hoping I had kept a copy

THAT sounds like a trap to me.

Got what they deserved..

[nanospook]

I can picture the Dean, the Lord of the campus, just saying "He's not gonna move here?, He's fired today. That will show him." *Just think Animal House* They got what they deserved. He was the IT Admin. They should have worked with him to transition him out in a careful and respectful manner. Then he would have made sure everything was kosher before signing off for the last time. i did read he immediately returned the laptop that had the password on it. They flushed it..

Makes every IT person look unprofessional

[ErichTheRed]

Whenever I see stories like this, and there are a lot of them, I'm reminded that the executive crowd is seeing the same news. Has anyone ever stopped to consider the possibility that part of the offshoring and outsourcing has been to mitigate against the "anti-social jerk sysadmin" issues? I'm not perfect, but one thing I do as part of my job is to be as professional as possible. There are always bad apples, but it's rare to see stories about a lawyer stealing client funds or a doctor intentionally mistreating patients. Actually in this case, the equivalent would be a fired corporate lawyer taking all their clients' paperwork and lighting it on fire to spite their bosses. I'm sure one of the big selling points of the Tatas and Infosyses of the world is that their customers have a legal contract and that they have very "compliant" employees compared to the average US-based IT guy (in the exec's minds.)

Revenge is never the best course of action, no matter how much of a dick someone is to you. In my particular sub-specialty in IT there are maybe a thousand or so people who really know everything end to end and rotate from employer to employer. If I pulled anything like this, I guarantee I'd never get a job in my field again -- I've been working for 20+ years in the business and keep running into the same people over and over -- and they talk to each other! The IT field is smaller than most people think, especially when you get beyond the first-level support jobs.

Re:Dude plays race case, threatens upper managemen

[fedos]

I think the point, which you do a good job of demonstrating, is that racist shitbags are idiots.

Re:Dude plays race case, threatens upper managemen

[AmiMoJo]

If you read his lawsuit (linked in TFA), he claims that he was given management duties without the matching promotion. He also claims there were typical pressure/bullying tactics like making him account for his time in 15 minute blocks. And this was the guy who apparently held the keys to the (email) kingdom...

Of course he might be lying, but it would be pretty dumb to file a lawsuit making easily verifiable claims like the 15 minute thing or the nature of his work, which will be documented on both sides, if they were not true. In any case, that's what the court is there to sort out.

To me it sounds like they treated him badly, which made him paranoid about secret meetings and stuff happening without his knowledge. In typical lawyer fashion every random suspicion and allegation is thrown in to the initial lawsuit, because it's better to start with everything and have much of it dismissed than to try to add stuff in later.

Re: Blacks are sociopaths

[interkin3tic]

I left a job and got another month's paycheck. I e-mailed them letting them know their error. Heard nothing back until 8 months later, I get an angry e-mail accusing me of ignoring repeated efforts to contact me about it, and a vague threat about taking me to court.

These repeated attempts were e-mails sent to my old work e-mail. The one they automatically shut down immediately after I quit. They had my phone number, stable e-mail address, updated address, and my boss was still in contact with me weekly.

Re:Dude plays race case, threatens upper managemen

[gosand]

Maybe that's because the majority of slashdotters don't need to worry about waking up black or female. Waking up old, however, awaits us all...

Do not regret growing older. It is a privilege denied to many.

And I strongly disagree with the GPs assertion that there is "nothing inherently wrong with bringing attorneys into it."
That seems to be such a pervasive sentiment that it has made our society one that actually believes we need lawyers to behave like reasonable people. It's a self-fulfilling prophecy that has been created by - you guessed it - lawyers.

offshoring and outsourcing F* up blame the last w2

[Joe_Dragon]

offshoring and outsourcing F* up blame the last w2 guy who used to be in staff. "Jay" can't mess up he's best tech is the line from the offshoring and outsourcing places when in truth jay is just that guy's made up us name and he is just an script reader. And your app does not work with our base image it's not our fault.

Re:OFF TOPIC

[omnichad]

Have you ever installed a Slashdot reading/viewing app? The app may have claimed the URI scheme but didn't clean up after itself after you removed it.

Re:Dude plays race case, threatens upper managemen

[Cederic]

Shit, most employment contracts include 'and any other tasks that might be assigned'. Mine does. I do all sorts of shit that wouldn't traditionally be considered part of my role. Being asked to do management tasks? So fucking what? He should be grateful for the chance to gain the experience.

As for filling in a timesheet.. "Please complete a timesheet each day" is a shitty request but it's not bullying. I fucking hate timesheets and if I don't fill one in my manager gets shit from the CIO. I could cause her that grief but it's not going to end well for either of us.

It sounds to me like they treated him like an employee. Welcome to paid fucking employment.

Re:Dude plays race case, threatens upper managemen

[erapert]

Waking up old, however, awaits us all...

Actually, not waking up at all is what awaits us.

Re:Dude plays race case, threatens upper managemen

[david_thornley]

As long as everyone's reasonable, and things are defined sufficiently well, there's no need for lawyers (although you might do well to have one to look over written agreements). When people get unreasonable, or agreements are fuzzy, getting a lawyer can be a good move.

Part of the problem...

[cwsumner]

Part of the problem here, is that no one at colleges rates except the degreed Professors.
Others are Students, who are paying and therefore have some small status, and Serfs. Who, is everyone else!

They are generally good people. But if you deal with them, keep in mind that you are dealing with the local aristocracy and act accordingly.

And in many collages, they know nothing about anything technical...

Re:Dude plays race case, threatens upper managemen

[gosand]

People are afraid of our legal system, and things are usually about making sure you can defend yourself against a lawsuit.
I had a friend who got a million dollar umbrella insurance policy when he put in a pool - just in case of a tragedy where a neighborhood kid drowned, he didn't want to be sued. The fact that you and a lot of others probably think "that's not a bad idea" means that lawyers have weaseled their way so deeply into our society that it's now the default behavior.

Just think about that. And watch things in your daily life. Our legal system is built to sustain the profession of lawyers. And do they actually make things better for everyone else, or just themselves?

Re:Dude plays race case, threatens upper managemen

[david_thornley]

Lawyers are useful. They can provide advice for people accused of crimes. They can help people through complicated legal situations. They can help stop those situations from coming up.

If a couple of people write up a contract about anything complicated, there's lots of room for vagueness. A lawyer can help write that contract so each party knows what the contract says and means, and if that's done right there's no reason to take the contract to court.

I think the problem with the litigious society is not so much lawyers, although there are problem lawyers, but people seem sue-happy. When I slipped on an improperly maintained sidewalk and hurt myself, there were people who weren't lawyers telling me to sue. (It really wasn't that big a deal. I wrote a letter to the people who were responsible for the sidewalk and told them to do better in the future.) The lawyers I've had the most contact with generally try to avoid lawsuits.