"PHPFog built a castle out of sand and you're upset that a wave came and demolished it."
Your analogy is slightly off. A wave is an act of nature: this is more along the lines of a jealous kid who knocks down someone else's sandcastle because he can't build his own.
"I don't get angry at my dog when he shits in the house. Being angry at something that can't understand only satisfies the urge to shift blame."
While some HN posters might feel the the 16 year olds involved in this incident have the same mental capacity as your dog, I'd like to give them slightly more credit. ;)
I can only speak for myself here, but I do think the people involved in compromising PHP Fog should be punished. No, I don't think they should get life in prison (</hyperbole>): I hope they can learn from their mistakes. However, they did commit a crime, as they've admitted both here and elsewhere online. They should be capable of understanding that their actions have consequences, so I think some consequences are in order. What those consequences should be is up to PHP Fog.
Your analogy is slightly off. A wave is an act of nature: this is more along the lines of a jealous kid who knocks down someone else's sandcastle because he can't build his own.
In terms of moral culpability, sure. But when I put systems on the internet, I basically treat "intrusion attempts" as in practice part of the environment, like "mosquito bites" are in Texas. Perhaps they're best thought of as kids knocking down sandcastles rather than ocean waves, but their ubiquity makes them feel more like ocean waves, because you can basically assume that there are tons of those kids, and they're going to kick at your sandcastle every day.
The fact that there's a whole ecosystem of bots running automated intrusion attempts makes them feel a little bit force-of-nature-ish as well. If you lived in some neighborhood where thousands of roving robots were constantly checking doors to see if they could find an unlocked one, you'd have to treat "roving robots" as a quasi force of nature. Well, either that, or come up with a policing method that finds the controller of the robots and shuts them down, but I have relatively low hopes for how much of a dent "cybercrime" policing will make in the overall online-intrusion ecosystem.
From the perspective of security protection, intrusions are an act of nature. You should be no more surprised at an especially strong wave than you are at an exceptionally immature child.
"Act of God is a legal term for events outside of human control, such as sudden floods or other natural disasters, for which no one can be held responsible"
Do you think nobody can be held responsible for this breach?
My point is that you must treat intrusions as an inevitability when trying to counteract intrusion. And anyone who builds a sandcastle should be aware of the ocean. The kid's breaking into this account is embarrassing.
Just because we can hold individual humans accountable (and should) doesn't mean we shouldn't have the perspective of "CONSTANT VIGILANCE."
Certainly should have to treat intrusions as inevitable in designing the system, but there still is responsibility on the part of the intruder.
I lock my door because I consider it inevitable that someone will eventually try and break in. However, if someone does break into and vandalize my apartment, I sure as hell would consider them responsible and not consider in an act of God.
I never claimed it was acceptable. Only that it was irrelevant. Why should anyone besides PHPFog's lawyer and the kids' parents care? It's because PHPFog chose to play PR guru and throw the drama into their postmortem as a distraction.
Does it matter to you if some kid in Australia is brought up on charges? No?
Does it matter to you if a hosting company is competent in securing their servers? Yes?
Any discussion of who did the hack servers no purpose other than to distract from the only issue that matters to anyone which is PHPFog's security.
Your analogy is slightly off. A wave is an act of nature: this is more along the lines of a jealous kid who knocks down someone else's sandcastle because he can't build his own.
"I don't get angry at my dog when he shits in the house. Being angry at something that can't understand only satisfies the urge to shift blame."
While some HN posters might feel the the 16 year olds involved in this incident have the same mental capacity as your dog, I'd like to give them slightly more credit. ;)
I can only speak for myself here, but I do think the people involved in compromising PHP Fog should be punished. No, I don't think they should get life in prison (</hyperbole>): I hope they can learn from their mistakes. However, they did commit a crime, as they've admitted both here and elsewhere online. They should be capable of understanding that their actions have consequences, so I think some consequences are in order. What those consequences should be is up to PHP Fog.