- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I always thought it was Pwrite Eonce, Read, Lnever.
Admin
Really? Because I'd argue that its easier to outsource all of that than to host (and support it in house).
Think about it, Server Hardware is Expensive, Becomes Obsolete, needs Loads of power/security/cooling.
using a web host you get to lease your hardware so when its old you simply upgrade your package, power/Security/cooling/backups/support all covered in the monthly cost.
Im surprised there are as many small companies hosting their own sites as there are (Obviously some companies have reasons for doing it, but unless your are in the business of hosting sites already, for a corporate web site - why have the hastle?)
Admin
Yes, he did vandalize the site as the story is told here. He uploaded content that the owner of the server specifically disallowed and changed the publicly available site. While it may not have been malicious, it's closer to hotwiring the car because you wanted to leave before they gave you the key.
Admin
Admin
At the risk of posting a serious comment, this is exactly what Rich was being encouraged to do if the precedent is being set that he be fired for privately testing the vendor's security for them.
It's unacceptable that Rich should be fired because the vendor company is run by incompetent morons.
Admin
Of course, this still comes down to "how much justice can you afford?". Rich might have a great chance at winning a lawsuit, but he would still need to fight (and spend) to get that settlement. In contrast, the company will just send their in-house lawyers out to drag proceedings as long as possible.
Add the fact that Rich is unemployed at the end of the story, and it's very unlikely he has the wherewithal to go to war against his previous company.
Admin
C: Get Rich to change his name. (Maybe to Modest?)
Admin
Oh, I don't dispute that under the circumstances a company might fire someone to avoid litigation. "We should in all justice win this case" != "We will win this case" != "The cost of settling < the cost of going to court".
Admin
And that's the real WTF: A web hosting company that disallows uploading Javascript![B]
That is at least a "surprising limitation" (to call it in modest language) and it is certainly not Rich's job to deal with it when they came up with that lame excuse. Just call up his Boss "Hey, they won't let upload us Javascript! Is that really in their contract? If yes, fire the person who signed that rdiculuous contract! If no, just threaten legal action on [b]them for not fulfilling their contract!".
A webhosting company that claims you cannot upload Javascript on the webspace you fucking pay them money for? Are you serious?
Admin
No, after parting ways like that, Rich would be a sucker to want to work there again. Even worse would be for word to get around to his former employer, the customer, and hosting company that he was trying to blackmail his way back in. (No, I don't think "blackmail" is the right word, but it could be perceived that way.)
But, Rich was also a sucker for lining up to be the patsy this way. Strike #1 was hiding the hosting company's reluctance to work with them from the customer. Strike #2 was exploiting the security hole he found. Strike #3 was having nothing in writing when the shit hit the fan.
Admin
It seems that you are new to our world. Rich found an easy & efficient way to do his job & avoid conflict. Instead of using it and keep his employer, the client & the adversary (hosting company)happy and\or pacified he chose to poke a stick in the eye of one company, involving his employer in a legal and changing the future from a safe peaceful place to a chaos of probabilities, setting in motion big changes that he WAS NOT GETTING PAID TO MAKE BIG CHANGES. Rich is an asshole.
Admin
I did not receive the money along with my last paycheck. I wasn't in an urgent need of money, so I waited to see if I was going to get the money the next month, assuming that they might process it as just another paycheck.
I still didn't receive the money, so I contacted them. They said they didn't have to pay the money to me. So I contacted my labor union. The labor union send a letter to the employer. I don't know the exact wording of that letter, but it only took a couple of days from when the letter was sent before I received my money.
Admin
Admin
Oh that was so...
Wait for it...
Rich!
[You can groan now]
Admin
Admin
If i was in this situation, i take my javascript (.js), renamed it to text (.txt) and put in a url routing & translation module. problem solved.
Admin
Admin
Has anybody yet commented on the real WTF here?
That the vendor, i.e. the hosting company, was supposed to specialise in security and yet you could run scripts on their machine simply by uploading them as images?
Admin
Admin
How would this have played out if Rich had gotten initrode to sign on for a security audit of their site? Certainly he couldn't be legally culpable?
Admin
TRWTF is that firing Rich satisfied the hosting company. How does firing Rich make them whole? If I were suing another company and they fired someone, I'd take that as an admission of guilt and just sue harder.
Admin
Okay, I don't know if anybody noticed this, but PERL isn't the right form. It's perl for the interpreter, Perl for the language, and pErl on Apple machines.
Admin
It’s Perl, not PERL, despite the existens of backronymic expansions.
The real scripting name was changed to protect the guilty.
captcha: saepius - frequentious.
Admin
Oy! Sue 'em back for misrepresenting their security standing!
Admin
news flash, if you have bought and paid for hosting the majority of places are renting you hardware...which means running scripts on said hardware is against no laws.
Admin
How is it criminal to expose stupidity? If they left a 'back' door (really a front door in this case, with neon arrows pointing inside) open, then they have (effectively) given consent for anyone to execute code on their servers. Every (good) web developer should also be a pen tester, and Rich didn't even destroy the fools' system; he was not only doing his job right, but also doing it like a hero! Further, neither business nor security interests should ever, ever stand in the way of development and innovation. 4-6 weeks to audit a simple revision for security?! Now that's criminal.
Admin
He was allowed to upload a javascript. The server let him do it. He was allowed to run scripts on the server. The server let him do it. He didn't have to change anything already on the server.
How did he make it through the conference call without saying "I put it on the server using the tools you gave me"?