• Shutter bug (unregistered)

    My Fr1st Fr1st?

  • (cs)

    "Rich’s employer knew exactly what they had to do: they fired Rich."

    Sadly, they might have little practical choice in some jurisdictions (IANAL). Executing programs on somebody else's computer without their consent can be a criminal offence.

  • Accalia.de.Elementia (unregistered)

    OK. Hands up those of you that couldn't see that coming.

    what? no-one? huh...

    captcha: veniam - It's like venom, when administered by your employer.

  • (cs)

    Wanna bet that "openness" was listed amongst the company values?

  • Alan (unregistered) in reply to Raedwald
    Raedwald:
    Sadly, they might have little practical choice in some jurisdictions (IANAL). Executing programs on somebody else's computer without their consent can be a criminal offence.

    Yeah, exactly, what did he expect to happen? Falls under the categories of 'funny', 'gutsy' and 'suicidal'.

  • (cs)

    The real WTF is that you can't just host websites on your own machines and need to use hosting companies.

  • Albertini Albertino (unregistered) in reply to Alan
    Alan:
    Raedwald:
    Executing programs on somebody else's computer without their consent can be a criminal offence.

    Yeah, exactly, what did he expect to happen? Falls under the categories of 'funny', 'gutsy' and 'suicidal'.

    Unfortunately absolutely, but shouldn't this have got to the punchline ('Initrode moved their site over to his employer...') at the first sign of the Hosting Company's nonsense ('That’ll take 4–6 weeks.')? Fix that!

  • Pista (unregistered)

    And the lesson for Rich is: least said, soonest mended.

    TRWTF is the old hosting company making a$$es of themselves. Once someone proves you that your "high security" is just a sandcastle, shut the f... up and fix it, don't bring it out to the world.

  • TheSHEEEP (unregistered)

    Well, now Rich has quite the story to tell.

    Totally worth it.

  • Anonymous (unregistered)

    TRWTF is ENFJs.

    captcha: oppeto - After being dragged into yet another meeting with vendors and executives fawning over each other, I didn't have much oppeto.

  • (cs)

    Of course, now that Rich has been fired, he's free to blab to the world the real names of the individuals and companies involved and publicly humiliate them - if they harass him in any way.

    I would.

  • Fool (unregistered)

    I tried Initrode.com and couln't find it. They must have gone out of busienss since this article was posted. Funny, I wanted to try out their file uploader :-)

  • (cs) in reply to Fool
    Fool:
    I tried Initrode.com and couln't find it. They must have gone out of busienss since this article was posted. Funny, I wanted to try out their file uploader :-)
    Probably was anonymize to protect the guilty. One time they forgot to do that, and the website in question got hammered by daily wtf posters messing with it. Also lead to a record setting number of comments.
  • Chris (unregistered) in reply to Fool
    Fool:
    I tried Initrode.com and couln't find it. They must have gone out of busienss since this article was posted. Funny, I wanted to try out their file uploader :-)

    Quite sure that was a play on the company from Office Space that Samir and Michael work for after the fire at Initech.

  • Philip Newton (unregistered)

    It’s Perl, not PERL, despite the existens of backronymic expansions.

  • Pista (unregistered) in reply to Fool

    That's because the name has been changed to protect the innocent. The company is, in fact, Initech :D

  • Kevin (unregistered)

    Wait, so Rich shouldn't have mentioned the giant security hole in the client's site? Just sit back and wait for someone to exploit it? Wouldn't he get fired for finding it and not telling anyone?

  • greyfairer (unregistered) in reply to snoofle

    Rich probably learned his lesson and keeps his mouth shut now....

    While quietly searching for other companies that have their web site hosted by the same hosting company and exploiting similar security holes to make some real profit now.

  • (cs) in reply to Philip Newton
    Philip Newton:
    It’s Perl, not PERL, despite the existens of backronymic expansions.
    Maybe it's Perl when it runs on a PC, but PERL when it runs on a MAC.

    pet peeve

  • Decius (unregistered)

    Clearly the right thing to do would have been to anonymously but publicly demonstrate the security flaw.

    Preferably by redirecting one or more of the hosting company's customer's websites to their competitor's.

  • jarfil (unregistered)

    Moral of the story being: don't hack and tell.

    Instead, get on some forums and tell random people how to hack them. Let others hack the hell out of them... and THEN point out the consequences.

  • hoohoo (unregistered) in reply to Alan

    Except he didn't do any damage or act with any intent to harm or unfairly profit.

    The law is more fair than you think. A good lawyer could show he acted in good faith.

  • Audi Tor (unregistered)

    Yeah, sorry, you can only perform "security tests" on your own stuff unless you have written permission, also known as a get-out-of-jail-free card.

    Rich's motives don't matter in a world of lawyers and politicians who don't understand the technologies they try to control. He had to be fired. Any employer with a clue would be forced to reach the same conclusion.

  • bye (unregistered) in reply to hoohoo
    hoohoo:
    The law is more fair than you think.
    Which extraterrestrial planet (or alternate universe) do you inhabit, and how do I get there?

    Let me guess, you have to hack the galactic server.

  • the beholder (unregistered)

    If I were Rich I would contact <someone important> in the customer and tell the whole story, adding at the end: "I was the only guy in this whole project that took your company's interest at heart, yet I was the only one who has been screwed at my former employee. You can put pressure on them to get the idiot who decided to fire me fired and force them to hire me back. I could be a valuable ally to you from inside."

    It might result in nothing, but he won't lose anything for trying.

  • (cs) in reply to Audi Tor
    Audi Tor:
    Yeah, sorry, you can only perform "security tests" on your own stuff unless you have written permission, also known as a get-out-of-jail-free card.

    Rich's motives don't matter in a world of lawyers and politicians who don't understand the technologies they try to control. He had to be fired. Any employer with a clue would be forced to reach the same conclusion.

    A law that absolutely disallows messing with someone else's computer without permission is not as stupid as it might seem. Consider this analogy:

    • You work for a company that creates physical things.
    • You have a sub-contractor.
    • You suspect the sub-contractor improperly stores petrol.
    • You decide to investigate by striking a match near one of their storage sheds.
    • You start a fire, confirming your suspicion.
    • But its OK, it was a very minor fire, which you immediately stamped out. So, no harm done?

    But that match might have started a major fire.

  • Anon (unregistered) in reply to Cbuttius

    You make me sad. :(

  • Anon (unregistered)

    Perl is the name of the language, perl is the name of the interpreter, and PERL is someone screaming in all caps.

  • Tom (unregistered) in reply to Raedwald

    The point being missed is that "Rich" was fired to avoid a civil suit, not criminal prosecution. And regardless of what the law said in whatever jurisdiction this took place, as a civil matter resulting in a vendor losing a contract, it was a very serious matter that, depending on the details of the contracts, Rich's company was likely to lose if they backed him.

    Even though the vendor absolutely deserved to not only lose the contract, but have it folded into razor-sharp corners and shoved up their collective ass.

  • Kevin (unregistered)

    So even though the vendor was at fault for having no security, they could have sued Rich's company, and won, because...?

    This is like when a burglar sues homeowners because they get hurt breaking through a window.

  • (cs)

    In the end Rich is better off because after he washes his hands of this whole episode he gets a job doing contract work for a WTF of a company being paid to wade through all of the WTF the company has produced and will continue to produce despite Rich's encouragement, which will largely result in the company keeping Rich very comfortable ($$$) for many years to come.

  • Spacebar (unregistered)

    Aphorism is now my word of the day. I must use it in a sentence somehow.

  • TurdCrawler (unregistered)

    I like to think Rich was hired soon after, he sounds competent. Hopefully at a better company for more pay. His boss should have written Rich a positive reference letter, explaining that he helped land a large account (just not how he helped land it).

  • (cs) in reply to Raedwald
    Raedwald:
    Audi Tor:
    Yeah, sorry, you can only perform "security tests" on your own stuff unless you have written permission, also known as a get-out-of-jail-free card.

    Rich's motives don't matter in a world of lawyers and politicians who don't understand the technologies they try to control. He had to be fired. Any employer with a clue would be forced to reach the same conclusion.

    A law that absolutely disallows messing with someone else's computer without permission is not as stupid as it might seem. Consider this analogy:

    • You work for a company that creates physical things.
    • You have a sub-contractor.
    • You suspect the sub-contractor improperly stores petrol.
    • You decide to investigate by striking a match near one of their storage sheds.
    • You start a fire, confirming your suspicion.
    • But its OK, it was a very minor fire, which you immediately stamped out. So, no harm done?

    But that match might have started a major fire.

    Not that good of an analogy since the risk of creating a major fire is not the same as causing permanent damage to the site. A better analogy would be:

    It is getting late and you see a shop that says it is closed but you notice the door is unlocked. You then go into the store to tell the owner that he forgot to lock the door and he is at risk of being robbed. At this point you have trespassed and can be charged. Yet, if you happen to notice a stranger in there clubbing the owner, and enter and take down the stranger, you will be considered a hero and not a trespasser.

    Intent is the same, but law rarely if ever gives a damn about that unless it can be used against you.

  • Darkstar (unregistered)

    ...but it isn't called PERL.

    See first section of perlfaq1.

  • Mike (unregistered)

    Lessons learnt: play dumb, especially with dumber companies and leave a paper trail.

    Especially when there's the suspect that someone is sabotaging things.

  • (cs)

    Given that certain editors are known to enhance these supposedly true stories for dramatic effect, I'd love to hear from the original submitter on whether he was actually fired.

  • (cs)

    I was going to add "it's not PERL it's Perl", but I see I was beat by four others.

    But just because it can't be said enough times... it's not PERL, it's Perl.

  • (cs)

    What they should have done is just changed his job description or whatever, pretend it was a demotion (but let him do the same work) and then tell the stupid hosting company "Oh that guy? Yeah we busted his ass down to QA. He'll never see a line of code again." when in reality nothing has changed.

    That's how you stick it to idiots like that.

  • (cs) in reply to Zylon
    Zylon:
    Given that certain editors are known to enhance these supposedly true stories for dramatic effect, I'd love to hear from the original submitter on whether he was actually fired.
    Yes, he was fired. They had 2 options: A: Deal with a long costly legal battle and not fire Rich. B: Push Rich in front of the bus. Which one did you think they would pick?
  • (cs)

    Also, Nobody in here gives a fuck what gets capitalized in the word "perl".

  • Dave (unregistered) in reply to realmerlyn
    realmerlyn:
    But just because it can't be said enough times... it's not PERL, it's Perl.

    Duh. Obviously it's PERL. Practical Export and Retrieval Language, abbreviated to P.E.R.L. or PERL for convenience. Duh.

  • Nagesh (unregistered) in reply to Dave
    Dave:
    realmerlyn:
    But just because it can't be said enough times... it's not PERL, it's Perl.

    Duh. Obviously it's PERL. Practical Export and Retrieval Language, abbreviated to P.E.R.L. or PERL for convenience. Duh.

    Ain't. Is being gem finding in oysters mouth.

  • null (unregistered) in reply to Pista
    Pista:
    And the lesson for Rich is: least said, soonest mended.

    TRWTF is the old hosting company making a$$es of themselves. Once someone proves you that your "high security" is just a sandcastle, shut the f... up and fix it, don't bring it out to the world.

    not unless that is their one and only customer.

  • (cs) in reply to Dave
    Dave:
    realmerlyn:
    But just because it can't be said enough times... it's not PERL, it's Perl.

    Duh. Obviously it's PERL. Practical Export and Retrieval Language, abbreviated to P.E.R.L. or PERL for convenience. Duh.

    From http://en.wikipedia.org/wiki/Perl ... "Though Perl is not officially an acronym,[4] there are various backronyms in usage, such as: Practical Extraction and Reporting Language.[5]"

    From http://learn.perl.org/faq/perlfaq1.html ... "What's the difference between "perl" and "Perl"?

    "Perl" is the name of the language. Only the "P" is capitalized. The name of the interpreter (the program which runs the Perl script) is "perl" with a lowercase "p".

    You may or may not choose to follow this usage. But never write "PERL", because perl is not an acronym."

    OK, now everybody shut up about the correct way to write "Perl".

    EDIT: Lest you accuse me of being a fanboi or the like: I loathe Perl with a passion. It's largely a subjective thing, of course, but there you are...

  • (cs) in reply to realmerlyn
    realmerlyn:
    I was going to add "it's not PERL it's Perl", but I see I was beat by four others.

    But just because it can't be said enough times... it's not PERL, it's Perl.

    All of the above is true, unless you get some silly HR recruiter that calls it "Pearl", and wants many years of experience in it. An interesting contest to read all those job descriptions and laugh.

  • saluto (unregistered)

    I don't understand. The pussy company can still sue Rich's company, regardless of Rich still being there or not. That wasn't the answer. Both companies are pussies, along with their management.

  • Kasper (unregistered) in reply to hoohoo
    hoohoo:
    Except he didn't do any damage or act with any intent to harm or unfairly profit.

    The law is more fair than you think. A good lawyer could show he acted in good faith.

    The employer made Rich a scapegoat to avoid a lawsuit. Rich should get a good lawyer and sue the company for that.

    It's only fair that a company cannot dodge a lawsuit by firing an employee.

  • Kasper (unregistered) in reply to the beholder
    the beholder:
    You can put pressure on them to get the idiot who decided to fire me fired and force them to hire me back. I could be a valuable ally to you from inside."

    It might result in nothing, but he won't lose anything for trying.

    You need mutual trust between the employer and employee, otherwise it is never going to be a very productive employment. If a company first fire an employee and then take him back, it is going to be very hard for either part to trust the other.

    It would be a better outcome if Rich got hired by the customer. But that could easily lead to other lawsuits as both the employment contract as well as the contract between the two companies may forbid that.

  • The code is broken (unregistered) in reply to Raedwald

    I don't know it is serving your webpage and is configured to run scripts that have been uploaded? I can see a third party website being an issue but "hacking" your own website even if hosted by someone else? I'd fight that.

Leave a comment on “Healthy Competition”

Log In or post as a guest

Replying to comment #:

« Return to Article