San Francisco admin Terry Childs must pay nearly $1.5m for bringing down the city's network for 12 days. On Tuesday, according to the San Francisco Examiner, Superior Court Judge Teri Jackson ordered Childs to pay the City of San Francisco $1,485,791. Childs got four years' prison last year for effectively locking city …
He didn't trust the officials?
If he had sensible grounds for that mistrust, and explained that to them, then what's he doing in prison? He should be held up as an example of 'doing things right'.
If he didn't trust them for something like 'they're Republicans and I voted Democrat' then that's a different story...
>> If he didn't trust them for something like 'they're Republicans and I voted Democrat' then that's a different story...
No. It's not. It's also a good reason to open fire.
As I understood it, Childs did _not_ "bring down the network", as you put it. In fact, the system suffered no downtime at all, and remained completely operational, despite Childs being locked up for some time. The only access which was prevented was for administration of the network itself.
The $900,000 was supposedly spent on auditing the system (they weren't doing that anyway?) and regaining access to said system (how much does a mayoral visit cost?).
They had to do a full audit of the sytems becuase he may have left a booby trap somewhere in it?
Audit is good
Surely they we doing audits anyway.
Exactly how do they expect him to pay it from jail? They need to make him work it off doing BOFH work. Morons, the lot of them.
The Classic Contest
BOFH versus Bureaucracy...
Bureaucracy always wins.
No, no it doesn't....
...can the legal system change facts, like numbers that are in court record?
Ah, right, it's my country's judicial system at work.
Doesn't really seem fair.
But then, most damages assigned on yon side of the pond don't.
No he won't
He's had jail time and his career is basically over because he's a dick, how is he supposed to come up with a million and a half dollars?
Of course, he won't have 1.48 million dollars.
Interesting factual 'entropy'
As I clearly remember he didn't 'bring down the network' indeed, it was remarked how it remained perfectly stable all the time the court case was ongoing.
I believe the first demand for the passwords came via a telephone call after he was dismissed - would YOU hand over a city's security to an invisible caller? Then, I think they expected him to send them by e-mail.
Also, the 'richard craniums' nicely proved his point by making the passwords known in open court BEFORE bothering to change them.
Yes he made mistakes, and was a bit on the arrogant side, but certainly not criminal. This judgement will probably have a hidden knock on effect. The REALLY good network engineers won't want to work for such numpties.
Sorry about the caps, but El Reg doesn't support either embedded HTML or BBcode.
Sorry about the caps, but El Reg doesn't support either embedded HTML or BBcode.
So use CAPS if you MUST.
Or /emphasise/ or *embolden* or _underline_ text. You could even -strike-out- or perhaps yabber away^W^Wcorrect yous^Hrself. But really, occasional USE of CAPS is Perflectly Acceptable for the Discerning Commentard[tm].
How does that work then?
"Hello? Mr Bank Manager? Oh, Hi. Look, I've got into a spot of bother and need to borrow some money please." "Weeeellllll, about $1.5M should cover it". "Monthly income you say? Hmmm, well, I don't actually have a job at the moment, but my outgoings are really low...Hello...? Hello...?"
Joking apart, how does someone earning, what, £40k ish? pay a fine of $1.5M?
Too invested in his 'creation'
As I recall the details, he refused to give ANYONE the password(s), thus becoming the sole judge and jury as to who was going to be allowed to access the network the City paid for and paid him to build.
Secondly, he set things up so that a power recycle (in order to regain control and/or due to a normal power loss) would end up with the current configuration being lost. He was found to have done this intentionally.
The money spent was for Cisco and/or others to try to reconstruct the config without crashing the environment in the process.
Eventually he gave up the password(s), but the public safety of the City had been put at risk (911 system being part of 'his' network) for weeks.
He is far from a hero.
What many of the commentators on this disgraceful affair seemingly fail to grasp is the underlying unethical behaviour of the consultant and the almost certain fact that this has reduced the chances of any of them scoring a similar position while the managers who remember it are still in place.
This man is no hero as one (and at the time of reading, only one) person has said. He is a criminal who has materially damaged the freelance SA profession's reputation along with his own.
Why anyone who makes a living in the same field would applaud his behaviour is beyond me. I certainly wouldn't hire anyone voicing support for Childs' position for fear the same elastic ethics would be in play between us.
And I shouldn't have to tell professionals that.
Idiot, but I can understand why he did it...
I seem to recall he was accused and fired on the basis of incompetence by his employer... part of his defence was that if he was so incompetent how come it required the manufacturer many days, with physical access to equipment to "break into the network"... In other words he clearly wasn't incompetent at his core job role. However his managers who failed to ensure they had root access to their own systems could clearly be considered to be at least naive if not incompetent.
I in no way condone what he did, and in my opinion it was grossly unprofessional and tarnishes all professional network engineer's reputations, but I can understand his argument and his grievance against his employer.
Miscarrage of Justice
Perhaps there's something I'm unaware of here, but from what I've heard, I think that any technologist, who sides against Terry Childs, is guilty of Professional Treason. I think this particularly applies to the Network Administrator who was on the Jury on that trial.
As a systems administrator it is his professional responsibilty to secure access, and to err on the side of the networks security. It should be fairly obvious to anyone who has an IQ with two or more digits, that such access should not be given to anyone who asks for it without the proper authority.
Stevie is right about one thing - I fail to grasp what is unethical about protecting access to the network, from people who in his professional opinion should not have had access to the network. If I recall correctly, he did hand the passwords over to the city mayor upon request. Can you please clarify, what exactly is unethical about refusing to hand passwords over to anyone other than the proper authority? I shouldn't have to ask a Professional that.
This case should have been the beacon of hope, that despite the burocrats, that if you stick to your professional, and ethical responsibilities, then with a little help from the courts, the truth will set you free. Unfortunatly, it seems that when burocrats, overestimate their own importance and worth, then truth and justice get packed up, and thrown out the window, leaving behind a cloud of despair.
You seem to overlook a few facts...
He WAS asked by 'the proper authority', his management, to 'hand over' the passwords. What 'proper authority' would you suggest is more appropriate? The Vatican? The President? Bono? Sonny Bono?
He was required by professional ethics to ensure the network was maintainable by SOMEBODY if he got hit by a Muni bus (a likely occurance in SF).
... and for the rest of the commentards, the fine is not based on what he can afford, it is based on the costs incurred by the City to mitigate the risks associated with his actions; specifically the need to bring in high-cost contractors to try and unwind the situation without crashing things in the process. He booby-trapped the environment, which a perusal of past articles will illustrate.
By some of the posts on here.
Contrary to those commentards that have forgotten that Simon T's BOFH articles are merely fiction and wish fulfilment - the guys first duty was not to some warped ideal of securing the network. It was a contractual duty to provide access on request to his senior management. Something he failed to do for weeks. His place should have been merely to note that he supplied access under protest, end of story. The failure to do so was indefensible and and immediately invalidates any
noble purpose he had.
Yea we all have a tiny cheer inside for him sticking it to the man - but let's be honest by his recorded behaviour he was probably an absolute prick to manage, work with or for, with obviously the worst kind of sysadmin god complex.
Serves him right. Although the fine is a joke and merely a paper exercise.
You may unleash the downvotes now.
The whole thing was a calamity on both sides. It read as though someone in management either got wind of the practices Mr Childs was employing (i.e. not documenting passwords, setting up 'access devices' or 'back doors' and implementing configuration loss on reboot of remote routers), got the wrong end of the stick and over reacted setting off the unfortunate series of events that lead to Childs being gaoled. Or they took a personal dislike to him, ultimately leading to the same fate.
The way his 'dismissal' was handled would have freaked me out. Not being told what was happening or why and ending up talking to detectives and senior representatives of the city, all without mention of being dismissed would make me clam up. That said, I have a copy of system access passwords in a sealed envelope in a work safe and I document the system configuration.
Errors were made on both sides. Mr Childs came across as an arse. His managers came across as idiots. Neither knew how to deal properly with the other and the 'city' went down the legal route with ridiculous charges and just couldn't be seen to back down despite most of the charges being dropped as ridiculous (i.e. installing 'back doors' turned out to be remote access so the remote routers et al could be configured if they had been tampered with and rebooted thus losing their configuration).
Their is a whole load of fail in this case and it makes for interesting and jaw dropping reading that it ever got so far. Yes Childs was an arse. Was he difficult to work with, by all accounts yeah, he was a weirdo. Did what he do warrant 4 years in gaol? No, I don't think so. At least not unless equally harsh treatment was metered out to those who escalated events in the first instance (which as far as I know it wasn't).
So after all that why is he now being punished again?
Um am I missing an interesting point here
but after being dismissed, where is his legal obligation to tell his former employees anything, other than possibly "blow me". As long as you can say. It's in the password safe or yep that was documented you have no further legal obligation to tell the fuckers anything.
This bit does concern me
His employers have no process in place to ensure passwords are kept in the company, and changed when a senior employee leaves.
So they sack him, then realise he was the only one who knew the passwords, that nobody thought to get them from him before he left, and (obviously) they haven't been changed.
So because of his human instinct to tell the guys who are ultimately responsible for not maintaining the passwords (his management) and who just sacked him to go do one he is jailed for 4 years and a $1.5m fine.
I surely hope there's more to this than meets the eye because in my eyes he's left, he has no further responsibility to that company. What if some server just failed without good backups, would he be expected to go in and fix it after being sacked too - whats the fine for not going in when you don't work there anymore?
The moral of the story is...
Don't piss off your tech guys. They can exact vengeance in ways too terrible to contemplate.
The moral is not to act like someone who think that BOFH is a documentary. Apart from anything else, it gives the normal, professional IT guys a really bad name.
Enough blame to go around here,..
Yes he needs to provide access to the control of the network based on approval from a legitimate authority; his mistake was assuming he was that authority. Whether he likes his boss or not, he has to toe the line or the chain of command breaks down and anarchy reigns. He used the network access passwords as a token in a power battle with management and he lost - hey, thats what happens when you try to play games like this with the big boys.
What his boss should have done is covered his bases before suspending him, ensuring that an alternate adminstrator had the passwords or compelled him to open access. He should have had senior management in the room when the passwords were requested, covered his ass with legal advice beforehand and had the meeting recorded and security present.
What the Admin should have done is read the writing on the wall, handed over the passwords and started applying for other jobs. If he couldn't feasibly get another job, maybe he isn't as good as he thinks he is.
I have encountered petulant techies like this one before, who walk out of meetings rather than answer a question, claim illness every time a request is made of them, or point-blank refuse to provide information, knowing there is little way of disproving their claims or compelling them to comply.
Dickhead got what he deserved, stay in jail and rot, numpty.
Should be easy for him to pay
He was employed by the public sector. If its anything like the public sector here in the UK, the real value of his pension fund is probably worth more than the fine and the city can grab that.
Go on, ask any UK whiti-collar council worker to get an independent actuary to value their pension. They either wont beleive the answer or will be too embarassed to tell you when they learn what the average UK private sector worker is able to put away.
"Go on, ask any UK whiti-collar council worker to get an independent actuary to value their pension. They either wont beleive the answer or will be too embarassed to tell you when they learn what the average UK private sector worker is able to put away."
I think 1974 called and asked for its pension figures back.
You obviously havent encountered the more recent numbers, say in the last 15 years.
@AC 19/5/11 8:35GMT
That might apply to a few brown nosers in central government in London but certainly not to the rest of the public sector.
I shouldn't have ventured to speak without first remembering I am in the same community as those who thought it was "normal" for a person to remove the back seat from a car and hose it out.
Let me pose a thought experiment. You lose your front door keys and sensibly call a locksmith to replace the tumbler drum in your (keyed-alike) door locks. You pay the locksmith.
The locksmith, being a "very conscientious" person, refuses to give you your keys because you demonstrably cannot be trusted with them.
Without the keys you cannot get into your house. The locksmith hasn't stolen anything, and promises to give your keys to anyone you suggest who he agrees is responsible.
Are you a happy camper, or are you on the phone first to a new locksmith and then to Visa arguing a chargeback?
Try this thought experiment.
Some bloke calls up a locksmith and claims he lost his keys. The locksmith cuts him a new set and the man uses them to enter YOUR house and steal all your stuff. He never proved to the locksmith that he actually was authorized to enter the house. Was the locksmith negligent?
An Ode To Locksmiths
Stevie, didn't they fired him, then asked for the keys. To make your scenario work, you would have to fire the locksmith, not pay him, then demand the keys.
Also, why is this a criminal case, it should be a civil case. There should be no jail time.
Contractor is working on my mansion, puts in a security system, doors/locks. Before he gives me the keys, I fire him. He doesn't give me the keys. Jail time?
Contractor is working for the city of SF, puts in a security system, doors/locks. Before he gives the keys, he gets fired. He doesn't give me the keys. Jail time? 4 ?!?!? years! ?
I don't know about you....
But every employment agreement or consulting contract I've signed has a clause to the effect that any company property in my possession must be returned to them upon termination of employment.
That includes tangible assets and intangible assets.
The fact he 'created' the password doesn't mean it isn't company (or in this case City) property, to which they are legally entitled. He was being paid when he created it, it was in the context of his employment, it belongs to his employer and fired or not he is in breach of his employment agreement.
The fact that he did this to a 'company' who runs the court system* he was about to be tried in shows how big an idiot he is.
* San Francisco is unique in California in that it is both a city and a county. The counties own/run the local courts, which in this case = City and County of San Francisco.
"The fact that he did this to a 'company' who runs the court system* he was about to be tried in shows how big an idiot he is."
Kind of implies you accept the fact it isnt justice at work, its the machinations of a corrupt system that have hammered him...
Just shows he can be wrong and an idiot at the same time.
You're committing a crime if you hold somebody up at gunpoint.
If that person is an undercover cop, you're unfortunate.
If that person is a cop in uniform, you're stupid.
He just held up a cop in uniform.