deleted by creator
A 55-year-old software developer
… and…
Lu had worked at Eaton Corp. for about 11 years when he apparently became disgruntled by a corporate “realignment” in 2018 that “reduced his responsibilities,” the DOJ said.
So he was 48 at the time he started this. Was he planning on retiring from all work at 48? I can’t imagine any other employer would want to touch him with a 10ft (3.048 meters) pole after he actively sabotaged his prior employer’s codebase causing global outages.
I’m sure DOGE is actively considering hiring him.
Weird that these protections exist for corporations that aren’t actually people but no protections exist for the person who was fired.
Exactly my thought. A corporation destroys people’s lives by firing them? Nothing. Someone actually pushes back? Suddenly the government gets involved.
We never left serfdom.
Everyone you have ever met is a servant of the ruling class.
You have never met a ruler and probably never will.
Eg pictures of dozens of police protecting tesla dealerships
yeah it’s pretty crazy. almost like government is for some things and not others, and knows it, like maybe laws were always just an excuse and tool for victim blaming. or something.
The amazing thing is that the government doesn’t get nearly as much tax income as you’d expect from these hugs companies. It’s almost as if the politicians have some other, secret motivating factor. Oh well, I guess we’ll never know.
wait, are you saying that there’s this class that are the beneficiaries of governments and laws, and it’s the same as the class that doesn’t suffer any limitations when they do stuff that the governments and laws don’t like?
and that we’re in this other class, that the laws and stuff exist to punish, but has to fund them and pay for them, or we get punished for that too?
that’s fucking crazy.
And how our legal system is setup to best defend the wealthy.
They are the protagonists of democracy after all.
Democracy™®
Manifest!
“Are you waiting to receive my limp penis!?”
I worked for a company once that installed a remote-activation killswitch in their drivers, as a secret weapon to force the customer to stay current on their maintenance contract.
The CEO was a fuckup however, and the code killed their system even without being activated - resulting in a bunch of angry phonecalls and some of the most egregious lying I’ve ever heard.
god, he was a piece of shit
Sounds like lawsuit territory
Koala tea internal code review practices
I’d argue that he gave them extra code, a bonus if you will.
That’s hilarious.
So when company do it it’s fine but when we do it to companies it’s not?
Naturally. Advantage, privilege and money should only be in the hands of those who run large companies or better.
If that made you angry, bear in mind that’s what most top level company executives think. Well, actually they don’t think it, they know it unconsciously as the true order of the universe they inhabit and they get really uncomfortable should it even look vaguely like someone might be trying a competing philosophy to their own.
To be fair though, most people get really uncomfortable when something might undermine even part of the philosophy they live by.
Literally the same day as HP *activating a “kill switch” code for their printers.
what happened?
(updated with a link)
This kill switch, the DOJ said, appeared to have been created by Lu because it was named “IsDLEnabledinAD,” which is an apparent abbreviation of “Is Davis Lu enabled in Active Directory.”
Lu named these codes using the Japanese word for destruction, “Hakai,” and the Chinese word for lethargy, “HunShui,”
[Lu]’s “disappointed” in the jury’s verdict and plans to appeal
No, this guy is cooked, there’s even evidence of him looking up how to hide processes and quickly delete files, absolutely no way an appeal would work out for him, I don’t think an “I got hacked” argument is going to work.
It would only work if he owned the code and the company stopped paying. There’s lots of precedent for that.
Still probably not. The code also deleted files, deleted accounts, and created infinite loops which took down large chunks of the network and infrastructure.
You could take your code, but you can’t take down the company.
Yeah he’s screwed then.
I take it he hasn’t heard about “hiding things in the open”.
That would be, for example, using a constant of some near year in “end time” column meaning unfinished action.
Or just making some part that will inevitably have to be changed - “write-only”, as in unreadable. Or making documentation of what he did bad enough in some necessary places that people would have to ask him.
So many variants, and such obvious stupidity.
That’s an amazing point, actually
It’s actually kind of worrisome that they have to guess it was his code based on the function/method name. Do these people not use version control? I guess not, they sure as hell don’t do code reviews if this guy managed to get this code into production
- I assumed that the code was running on a machine that Lu controlled.
- Most companies I have worked at had code reviews, but it was on the honor system. I am supposed to get reviews for all the code I push to main, but there is nothing stopping me from checking in code that was not reviewed (or getting code reviewed and making a change before pushing it). My coworkers trust me to follow the process and allow me to break the rules in an emergency.
He fucked up. But it’s also kinda funny.
Up to 10 years is crazy. Sure, what he did was wrong, planned and malicious, and they claim it cost them tens of thousands of dollars. But 10 years? This is crazy for something that at worst would be a yearly salary of a single employee.
Fucking capitalism.
“allegedly costing hundreds of thousands of dollars in losses.” It seems he was already messing with the systems while he was still working there. This is not a case of malicious compliance or they fired the only guy who knew how something worked. He was actively sabotaging the company’s network.
“he apparently became disgruntled by a corporate “realignment” in 2018 that “reduced his responsibilities,”” So it’s not even like the company was being evil as they fired him while he was on PTO to take care of his daughter with leukaemia (or something). He would’ve been better off finding a new job if he was unhappy. Instead he made things far worse.
But 10 years is way too high. Especially for a victimless crime with alleged “values” of loss. But otherwise he gets no sympathy from me.
he should have tried to overthrow the government, or stole classified documents. that’s a drastically lower sentence
allegedly costing hundreds of thousands of dollars in losses.
Also it’s sabotage, which might attract heavier penalties than mere theft?
Actually for federal sentencing, property destruction is punished under the same table as theft. It’s mostly measured from the amount of loss to the victims, whether the person actually profited from it or not.
Fair enough.
Having known victims of vandalism I can say it hurts more than theft.
nothing he did was wrong.
“Up to 10 years” is the maximum possible for that type of crime. Actual sentencing guidelines for a $500k loss for a first time offender will probably come out to about 2, maybe 3 years.
In order for the recommended sentence to hit 10 years, we’d have to be talking about damage of over $550 million, or something like a long criminal history.
Substantial disruption of critical infrastructure would get someone to around 5 years, as a reference.
Now to make it worse, ask this, “If the corporation did 10 times this amount of damage, but to the general citizens of the country, how many people would go to jail?”
That’s right 0 people would go to jail! And they would only be fined for no more than 10% of the profit they made while doing it. Maybe someone like a jr director of operations gets tossed in jail, but he wasnt really apart of the club.
Nah they would have added more fees to subsidize the protections they weren’t going to put in place. Then reach out to the government for subsidies to put these protections in place. Then give bonuses, stock buy backs and when it happened again, they’d raise the fees installed previously and consider making the upgrades if the fine threatened is high enough, if not they’ll pay the fine and buy back more stock and run an ad campaign to make the company look better.
Don’t F with the power grid.
owned by the Ohio- and Dublin-based power management company Eaton Corp.
https://en.m.wikipedia.org/wiki/Eaton_Corporation
Sentences are always harsh for anything to do with those who provide for public utilities.
@null_dot@lemmy.dbzer0.com has a comment about sabotage, which was likely a factor combined with this to drive max recommended sentencing.
and unlike dennis nedry, he didn’t have to get killed by a dinosaur to do it.
I developed a spreadsheet for a company I worked for a few jobs ago. When I left I used a picture of Dennis to lock everyone out of the spreadsheet but only for one day, months after I left. Stupid idea, but felt good.
Edit: this was it:
I had created a few things on Google sheets that my coworkers were using. It wasn’t anything groundbreaking, but one was a spreadsheet I’d made that had all of our driver’s availability to assist with scheduling. The sheets were on my personal account, and we didn’t end on good terms, so I just locked them all out. It was funny getting all the texts asking for access the next day. I told them to make their own.
I’m the lone human being who understands the code behind the byzantine financial operation of my org. No kill switch necessary.
Pro tip: your poorly thought out business rules can lead to stupidly complex processes.
I work on a small team and recently realized my boss is falling victim to survivorship bias. Another colleague and I handle our work, which is mission critical to the org, competently and fairly opaquely, only raising issues as they arise. However some other members of our team have less critical but more visible work that they tend to bungle. The department invests hiring dollars, training efforts, and materials purchases in service of remediating those issues. But my colleague and I are both burned out, eyeing the door, and fully aware there’s no one who understands what we do or is capable of doing it within our organization - aside from each other, but our respective scope of work is non-overlapping and there’s truly not wiggle room to cross train or support each other’s work. I’ve said all I know to say to leadership about this issue but they seem willfully ignorant.
When one of us goes, I think the other will follow quickly. Hiring takes almost 2 months at my work, so the gap/lack of knowledge transfer will make for a huge shit show.
You burning out is a process failure. Work normal hours and let shit fail 🤷♂️. Say the reduction in hours is “health related” so they can’t pry.
It’s not quite like that. My workplace is surprisingly good on the hours, they just aren’t great on responsibilities or scope.
It’s… a lot of work in very broad specialties, with little backup.
Every person that has worked in a sysadmin type role, has joked about doing something like this. Very few actually carry through with it. So, in a way, I kinda like this guy for actually doing it, even if he didn’t cover his tracks very well.
Tbh, what shocks me the most about this is how sloppy this appears to have been executed.
