For developers in similar situations, where the corporate overlords make your life miserable; use dead man’s triggers Instead of a simple killswitch: manually start handling certificates, introduce memory leaks that you can easily clear, have excessive disk filling logs that you can daily clear, and all kinds of other stuff that is a perpetual dumpster fire that you extinguish as part of your job. Oh, and don’t forget to forget commenting and documenting. The next developer should instantly learn the pressure they have been putting on you.
Submitted 1 day ago by cm0002@piefed.world to technology@lemmy.zip
Comments
x00z@lemmy.world 1 day ago
peoplebeproblems@midwest.social 1 day ago
Errr
That’s EXACTLY why I did that in the past. It wasn’t an accident at all. Nope. It was future proofing my job. Completely intentional.
chicken@lemmy.dbzer0.com 1 day ago
I’d like to imagine countless instances of this that we never hear about because there just isn’t anything concrete to write a news article about
x00z@lemmy.world 23 hours ago
Well the guy from the article is named David Lu and added a function with the name
IsDLEnabledinAD. That by itself deserves an article.
quick_snail@feddit.nl 1 day ago
You’re an asshole
x00z@lemmy.world 23 hours ago
I have been burned out by project managers way too hard to have any respect for the capitalist tech world. I have 15 years of programming experience yet I’m literally looking for a job on a farm or warehouse.
mrgoosmoos@lemmy.ca 19 hours ago
yes, you’re right, we should always bend over and spread pu cheeks to appease our corporate overlords no matter the situation
morphballganon@lemmynsfw.com 1 day ago
They’re not saying to do this at any/every job, just shitty ones with shitty people
amzd@lemmy.world 1 day ago
4 YEARS?! And gaming companies can just build a kill switch into their game and get no penalty?
WoodScientist@lemmy.world 2 hours ago
The difference is, the rich and powerful do their crimes with lawyers. A contractor could actually write something into their contract that allowed them to install such a kill switch. And it would be perfectly legal. No different than if you stop paying for a software license and the program stops working. But regular employees don’t have the leverage to demand such a kill switch. Maybe more programmers should form unions. Write it into the contract that if the contract ever expires before a new one is signed, the union has the right to remotely activate a kill switch, shutting down crucial operations within the company. As long as this was all disclosed and signed to, it would be perfectly legal.
Blackmist@feddit.uk 11 hours ago
Tesla build them into fucking cars.
wetbeardhairs@lemmy.dbzer0.com 1 day ago
Dipshit. Just do bad coding and leave timebombs that could be considered an accident.
Elechicken@lemmy.ca 1 day ago
I mean, there’s a reason he got fired and it wasn’t because he’s a genius…
Mouselemming@sh.itjust.works 1 day ago
Yeah, name it after the boss, not yourself!
quick_snail@feddit.nl 1 day ago
That just makes you a bad developer. And ripe for firing.
Alph4d0g@discuss.tchncs.de 14 hours ago
Sounds like he could have been a bit more creative in implementing this. Having something immediately traceable back to a username is no bueno.
possiblylinux127@lemmy.zip 3 hours ago
If he was smart he would not of done this in the first place
WoodScientist@lemmy.world 2 hours ago
Is it even possible to do this in a way that can’t be tracked back to you? Unless you’re a Hollywood hacker that will rig something up to literally burn down the building the server the malicious code is contained on, there will always be some fingerprints left behind in the software. And there will almost always be a relatively short list of possible suspects. Even at large companies, there won’t ever be more than a handful of people with the skills, motive, and access needed to pull something like this off. Oh, the company’s entire database suddenly and mysteriously deleted itself? I wonder who caused that, maybe the disgruntled sysadmin we just fired? There really aren’t that many suspects in situations like this. And once you’re a suspect, they can get a warrant, seize all your computers, and scour them to dig up even more evidence against you. Hell, even just documentation of ill will against your old employer would be evidence in court. You better hope you really left no trace, otherwise you will be found out very quickly.
GreenShimada@lemmy.world 2 hours ago
He 100% didn’t think this would result in criminal charges. A lot of people don’t think through the “how will this company with lawyers react to my petty nonsense?” when doing stuff like this.
spankmonkey@lemmy.world 1 day ago
The defendant breached his employer’s trust
The company breached employee trust when they fired a bunch of people during a “realignment”.
Four years is far too long. If he had run over the CEO in the parking lot he wouldn’t have gotten four years.
bhamlin@lemmy.world 1 day ago
It’s because they can quantify damages that way. Because you legally cannot put a value on the life of a “human” (still unsure if CEOs are human, but legally they still are), it’s just “murder” and not “you cost us eleventy billion dollars in downtime.” One is more negotiable in terms of damages than the other.
DeathsEmbrace@lemmy.world 19 hours ago
Then Ceos should be treated and charged with every crime a company commits or this is another class problem I’m going to solve.
AmazingAwesomator@lemmy.world 1 day ago
company ruins life of employee: stonk
employee ruin company: immediate imprisonment
SwimmingInTheeStars@lemmy.world 1 day ago
I mean the guy was just laid off. They didn’t “ruin his life.”
peoplebeproblems@midwest.social 1 day ago
He was employed for 11 years.
IDK about you, but if I get laid off, my life changes significantly by the next missed paycheck.
msage@programming.dev 21 hours ago
What’s the difference between a lay off and firing people?
rumba@lemmy.zip 16 hours ago
What he did was brazen and stupid but 4 years sounds a bit excessive. Unless the journalist is under reporting what happened, he didn’t do any long-term damage just probably knocked them offline for a day and required somebody to come in and manually reset the drsm account in the domain controller.
But in a fit of rage and passion he built out booby traps and put his name all over everything. He wanted them to know it was him, How do you absolutely denied himself plausible deniability.
All he had to do was pretend he was inept and replace service accounts with his own login. Push 90-day password resets on the account for ‘security’. Set up a house of cards out of security certificates.
The company probably walked into that court with a technically competent team of lawyers and a bunch of expert testimony, he probably had a state defender.
roundup5381@sh.itjust.works 1 day ago
Have to make an example of them lest the surfs realize they have power
Krudler@lemmy.world 1 day ago
I actually cannot believe you have any upvotes for this type of comment.
If computers and networking were not involved, and we lived in the 1970s, this would be the equivalent of setting off a remote bomb in every factory across the country for your former company when you get fired.
Blue_Morpho@lemmy.world 1 day ago
It is in no way a bomb. If this was the 1970’s, it would be the same as changing the combination on the safe and not telling anyone the combination after being fired.
the_q@lemmy.zip 1 day ago
You live in there modern world and see how things are going and your can’t believe people support the destruction of established systems? Ok.
peoplebeproblems@midwest.social 1 day ago
And how many people died or were injured? How much damage to property occurred?
Looks to me like he just wasted time and hurt revenue. That’s not any of the above.
Alaik@lemmy.zip 1 day ago
I’ll agree to start imprisoning people for using their job to affect profit when CEOs start getting jailed for affecting the profit of those laid off.
Sprocketfree@sh.itjust.works 14 hours ago
I’m curious what this crowd thinks is an appropriate punishment here. No priors, found guilty, caused some lost revenue (which I have to admit doesn’t mean you actually lost revenue). So, should they even be sent to jail? House arrest? Or do we just want consistency in punishments?
rumba@lemmy.zip 2 hours ago
Honestly, it’s kind of hard to tell. We’re missing a hell of a lot of intent and access to the evidence here.
If he was just straight up vengeful, He should have been on the hook for the lost wages they paid for all the people that were knocked offline. The cost of whatever contractors they used to repair the problem. 6 months jail time and some psychiatric review.
If he had the intent of blackmailing them, then felony and probably pulling his work visa.
As it sits, even if he had some way to keep his right to work here, there are a few that would touch him with a 10-ft pole. He’s required to disclose felonies as part of the hiring process pretty much everywhere. Anybody prospective employers are going to be extremely reluctant to give him any work that would afford him access to their network.
jonesey71@lemmus.org 10 hours ago
He should get a corporate level penalty. He made X dollars while working for that company but did something wrong while making that money. He should have to pay back .001% of his profits as a fine and the illegal stuff he did should then be ignored/forgiven. That is what corporations get as a penalty when they break the law, I think it should be applied when they are the victims.
possiblylinux127@lemmy.zip 3 hours ago
Usually a moderate prison sentence and a fine
5-10 years most likely
tazeycrazy@feddit.uk 1 day ago
No one reviwing his code? Sounds like a timebomb in its self.
andyburke@fedia.io 1 day ago
This was my first thought. Just zero code review going on? Some random server only that dude knew about? tf kind of controls these people have in place?
Oh right, none of the shit the company should have had.
Instead of jail time, the government should consider giving this guy whistleblower status and investigating the corp for negligence.
Sprocketfree@sh.itjust.works 14 hours ago
Idk kind of standard practice to have free reign of the place in certain positions. In my entire career working for billion dollar companies it wouldn’t be hard to bury anything like this. In fact I’ve done forensics on someone that did. Very few places outside government practice zero trust. Hell I’m sure the government fails to do this all the time too.
Alaik@lemmy.zip 1 day ago
Gotta stay “lean”.
thedruid@lemmy.world 19 hours ago
Good. Some one should sponsor and hire this guy.
Jimbabwe@lemmy.world 1 day ago
Kinda heroic, ngl. I think the prison sentence is appropriate, but if I was let go after 11 years, I’d harbor fantasies of doing something similar. They’d stay fantasies, though.
al_Kaholic@lemmynsfw.com 1 day ago
Prison? For shutting down the computers? How many lives were lost because of his actions, how many were saved?
tazeycrazy@feddit.uk 19 hours ago
Lives lost is not the test of what was a crime and what was a prank. This could have done a lot of damage to everyone who worked there and any of there clients. The company could have done more but they can’t micro manage everyone nor should they.
Jimbabwe@lemmy.world 1 day ago
I don’t know what his former company does, but it’s easy to imagine scenarios on both ends of the spectrum. From processing Bejeweled microtransaction payments to ER intake or ambulance dispatch. Doesn’t really matter in the end. Software is everywhere and we all use it. Unless the company is so bad that damaging it is a political act of defiance against evil (I’m looking at you, Nestle, Blackwater, etc), then there’s really no good argument for employees burning shit on their way out.
Mouselemming@sh.itjust.works 1 day ago
Good, make sure you document that. Then be sure any such thing that accidentally happens is named after the person who most deserves to be pruned.
Jimbabwe@lemmy.world 1 day ago
Got it. MouselemmingFromLemmyKillswitch.exe pushed to production
LibertyLizard@slrpnk.net 1 day ago
Kinda funny. 4 years seems excessive to me but what do I know.
hodgepodgin@lemmy.zip 1 day ago
this was stupid. A career ending move. no one’s gonna hire someone who wrote a logic bomb at their last job.
thedruid@lemmy.world 19 hours ago
Yeah they will.
WoodScientist@lemmy.world 2 hours ago
He’s going to end up running a consultancy where he charges absurd sums to give talks to corporate leaders on how to prevent this sort of attack. 😁
dastanktal@hexbear.net 1 day ago
This is really well executed, too bad he didn’t know enough to protect his identity.
Still, so much for that reduced cost of labor.
If more people reacted like this companies wouldn’t be so fast to lay people off
lichtmetzger@discuss.tchncs.de 1 day ago
I imagine you must be quite skilled to be able to manage your whole-ass company (and run their systems into the ground). So it shouldn’t be a problem to get another job after being fired.
Why fuck with your own life, just because of your own ego and a drive for revenge? That guy must’ve watched too many animes.
thedruid@lemmy.world 19 hours ago
Because the rich and elite are powerful because people fear them.
Show them we aren’t afraid. Thus guy will vs hired in no time
Florn@hexbear.net 1 day ago
Should have done a dead man’s switch instead
altphoto@lemmy.today 16 hours ago
Slow enshitification is easier and blameless.
TempermentalAnomaly@lemmy.world 11 hours ago
Image
Image