- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
My Fr1st Fr1st?
Admin
"Rich’s employer knew exactly what they had to do: they fired Rich."
Sadly, they might have little practical choice in some jurisdictions (IANAL). Executing programs on somebody else's computer without their consent can be a criminal offence.
Admin
OK. Hands up those of you that couldn't see that coming.
what? no-one? huh...
captcha: veniam - It's like venom, when administered by your employer.
Admin
Wanna bet that "openness" was listed amongst the company values?
Admin
Yeah, exactly, what did he expect to happen? Falls under the categories of 'funny', 'gutsy' and 'suicidal'.
Admin
The real WTF is that you can't just host websites on your own machines and need to use hosting companies.
Admin
Unfortunately absolutely, but shouldn't this have got to the punchline ('Initrode moved their site over to his employer...') at the first sign of the Hosting Company's nonsense ('That’ll take 4–6 weeks.')? Fix that!
Admin
And the lesson for Rich is: least said, soonest mended.
TRWTF is the old hosting company making a$$es of themselves. Once someone proves you that your "high security" is just a sandcastle, shut the f... up and fix it, don't bring it out to the world.
Admin
Well, now Rich has quite the story to tell.
Totally worth it.
Admin
TRWTF is ENFJs.
captcha: oppeto - After being dragged into yet another meeting with vendors and executives fawning over each other, I didn't have much oppeto.
Admin
Of course, now that Rich has been fired, he's free to blab to the world the real names of the individuals and companies involved and publicly humiliate them - if they harass him in any way.
I would.
Admin
I tried Initrode.com and couln't find it. They must have gone out of busienss since this article was posted. Funny, I wanted to try out their file uploader :-)
Admin
Admin
Quite sure that was a play on the company from Office Space that Samir and Michael work for after the fire at Initech.
Admin
It’s Perl, not PERL, despite the existens of backronymic expansions.
Admin
That's because the name has been changed to protect the innocent. The company is, in fact, Initech :D
Admin
Wait, so Rich shouldn't have mentioned the giant security hole in the client's site? Just sit back and wait for someone to exploit it? Wouldn't he get fired for finding it and not telling anyone?
Admin
Rich probably learned his lesson and keeps his mouth shut now....
While quietly searching for other companies that have their web site hosted by the same hosting company and exploiting similar security holes to make some real profit now.
Admin
pet peeve
Admin
Clearly the right thing to do would have been to anonymously but publicly demonstrate the security flaw.
Preferably by redirecting one or more of the hosting company's customer's websites to their competitor's.
Admin
Moral of the story being: don't hack and tell.
Instead, get on some forums and tell random people how to hack them. Let others hack the hell out of them... and THEN point out the consequences.
Admin
Except he didn't do any damage or act with any intent to harm or unfairly profit.
The law is more fair than you think. A good lawyer could show he acted in good faith.
Admin
Yeah, sorry, you can only perform "security tests" on your own stuff unless you have written permission, also known as a get-out-of-jail-free card.
Rich's motives don't matter in a world of lawyers and politicians who don't understand the technologies they try to control. He had to be fired. Any employer with a clue would be forced to reach the same conclusion.
Admin
Let me guess, you have to hack the galactic server.
Admin
If I were Rich I would contact <someone important> in the customer and tell the whole story, adding at the end: "I was the only guy in this whole project that took your company's interest at heart, yet I was the only one who has been screwed at my former employee. You can put pressure on them to get the idiot who decided to fire me fired and force them to hire me back. I could be a valuable ally to you from inside."
It might result in nothing, but he won't lose anything for trying.
Admin
A law that absolutely disallows messing with someone else's computer without permission is not as stupid as it might seem. Consider this analogy:
But that match might have started a major fire.
Admin
You make me sad. :(
Admin
Perl is the name of the language, perl is the name of the interpreter, and PERL is someone screaming in all caps.
Admin
The point being missed is that "Rich" was fired to avoid a civil suit, not criminal prosecution. And regardless of what the law said in whatever jurisdiction this took place, as a civil matter resulting in a vendor losing a contract, it was a very serious matter that, depending on the details of the contracts, Rich's company was likely to lose if they backed him.
Even though the vendor absolutely deserved to not only lose the contract, but have it folded into razor-sharp corners and shoved up their collective ass.
Admin
So even though the vendor was at fault for having no security, they could have sued Rich's company, and won, because...?
This is like when a burglar sues homeowners because they get hurt breaking through a window.
Admin
In the end Rich is better off because after he washes his hands of this whole episode he gets a job doing contract work for a WTF of a company being paid to wade through all of the WTF the company has produced and will continue to produce despite Rich's encouragement, which will largely result in the company keeping Rich very comfortable ($$$) for many years to come.
Admin
Aphorism is now my word of the day. I must use it in a sentence somehow.
Admin
I like to think Rich was hired soon after, he sounds competent. Hopefully at a better company for more pay. His boss should have written Rich a positive reference letter, explaining that he helped land a large account (just not how he helped land it).
Admin
It is getting late and you see a shop that says it is closed but you notice the door is unlocked. You then go into the store to tell the owner that he forgot to lock the door and he is at risk of being robbed. At this point you have trespassed and can be charged. Yet, if you happen to notice a stranger in there clubbing the owner, and enter and take down the stranger, you will be considered a hero and not a trespasser.
Intent is the same, but law rarely if ever gives a damn about that unless it can be used against you.
Admin
...but it isn't called PERL.
See first section of perlfaq1.
Admin
Lessons learnt: play dumb, especially with dumber companies and leave a paper trail.
Especially when there's the suspect that someone is sabotaging things.
Admin
Given that certain editors are known to enhance these supposedly true stories for dramatic effect, I'd love to hear from the original submitter on whether he was actually fired.
Admin
I was going to add "it's not PERL it's Perl", but I see I was beat by four others.
But just because it can't be said enough times... it's not PERL, it's Perl.
Admin
What they should have done is just changed his job description or whatever, pretend it was a demotion (but let him do the same work) and then tell the stupid hosting company "Oh that guy? Yeah we busted his ass down to QA. He'll never see a line of code again." when in reality nothing has changed.
That's how you stick it to idiots like that.
Admin
Admin
Also, Nobody in here gives a fuck what gets capitalized in the word "perl".
Admin
Duh. Obviously it's PERL. Practical Export and Retrieval Language, abbreviated to P.E.R.L. or PERL for convenience. Duh.
Admin
Admin
not unless that is their one and only customer.
Admin
From http://en.wikipedia.org/wiki/Perl ... "Though Perl is not officially an acronym,[4] there are various backronyms in usage, such as: Practical Extraction and Reporting Language.[5]"
From http://learn.perl.org/faq/perlfaq1.html ... "What's the difference between "perl" and "Perl"?
"Perl" is the name of the language. Only the "P" is capitalized. The name of the interpreter (the program which runs the Perl script) is "perl" with a lowercase "p".
You may or may not choose to follow this usage. But never write "PERL", because perl is not an acronym."
OK, now everybody shut up about the correct way to write "Perl".
EDIT: Lest you accuse me of being a fanboi or the like: I loathe Perl with a passion. It's largely a subjective thing, of course, but there you are...
Admin
All of the above is true, unless you get some silly HR recruiter that calls it "Pearl", and wants many years of experience in it. An interesting contest to read all those job descriptions and laugh.
Admin
I don't understand. The pussy company can still sue Rich's company, regardless of Rich still being there or not. That wasn't the answer. Both companies are pussies, along with their management.
Admin
It's only fair that a company cannot dodge a lawsuit by firing an employee.
Admin
It would be a better outcome if Rich got hired by the customer. But that could easily lead to other lawsuits as both the employment contract as well as the contract between the two companies may forbid that.
Admin
I don't know it is serving your webpage and is configured to run scripts that have been uploaded? I can see a third party website being an issue but "hacking" your own website even if hosted by someone else? I'd fight that.