>I fail to see you address the point that these kids caused harm to a business
Very well. These kids caused harm to a business. So what's that change? The business screwed up, badly. The agent of destruction is quite irrelevant. Had it been a power failure, backup failure, permissions failure, data leak, or data corruption would PHPFog deserve any less blame? This need to shift some responsibility to a bunch of kids is nauseating.
>I'm just much more impressed with the way that PHPFog is handling their business after the fact than these kids are.
This is another example of the weird HN mentality when it comes to companies "apologizing" (Like WakeMate blaming their Chinese manufacturer for flunky power supplies). Are you actually impressed that a corporation has better PR than a bunch of children? Does that even make sense to you? I'd be impressed if they had managed to actually apologize while accepting all the blame without trying to pawn off the responsibility for their mistakes on some kids.
> This need to shift some responsibility to a bunch of kids is nauseating.
They aren't shifting responsibility. The kids are responsible for their own actions. They did something illegal. They are responsible for it.
Now, PHPFog is also responsible for protecting their customers; they are supposed to provide a secure hosting environment. PHPFog is a victim here, but has also acted irresponsibly with regards to security (not criminally irresponsibly, but if harm did come to their customers due to this, there could be possible civil liability). The fact that PHPFog bears some blame for their security practices doesn't take responsibility off the kids who broke in and vandalized their systems.
With security that lax at PHPFog, it was inevitable that someone would have broken in. In that sense PHPFog was lucky... had these security problems not come up now, and be exploited by little punks with no larger agenda than vandalism, there could have been much more more serious damage later. What if some cyber criminal gang had turned their attention to PHPFog, and been a bit more subtle about the breakin?
I was appalled at the frequent mentions of 'luck' in that blog post. Your job as a sysadmin is to eliminate luck. To eliminate chance. To make _sure_ everything stays running, everything stays secure, everything stays confidential.
No, they are mentioned because they are the criminals who intruded and vandalized the system! Without them, none of this would have happened. There's no shifting of responsibility, since the kids who vandalized their system are responsible for their vandalism.
I can't honestly imagine what kind of moral system you have in which you don't believe that criminals are responsible for their own actions. If someone breaks into your home, is it your locksmith's fault, or the police's fault, or your alarm company's fault? No, it's the fault of the person who broke into your home. Perhaps one of the other parties mentioned was negligent, or perhaps not negligent but they could improve their security practices (install stronger locks, upgrade your alarm system, do more patrols in your neighborhood), but it's still the fault of the person who broke in and vandalized your home.
>No, they are mentioned because they are the criminals who intruded and vandalized the system!
"They" are not relevant in any way! "They" are tabloid meat for an internet drama. "They" are a distraction from the fact that a hosting company had piss poor security surrounding the core product. The entire story could be told without mentioning the hackers by name, or providing any biographical information. The only reason to include them is to distract from the real issue.
Replace "16 year old" with Russian, Chinese etc. Yes, vandals are bad. That's not exactly in question. In question is the sheer gall of PHPFog to shift blame to some kids to try and cover their embarrassment.
I think the blog post should be rewritten. Instead any mentions of the hackers should be completely neutral. Then it will be PHPFog getting out there and taking responsibility for their mistakes.
No distraction. No hand waving. And no tabloid drama.
Agree - creating a tangible identity to the villain is pulling heat off of PHPFrog.
Lets put it this way - a 16 year old kid who got lucky broke their site.
If it was anyone with intent, we would not know.
This is a case study in how to handle a situation like this. Its brilliantly done, inclusive of the comment where he says "the community is standing by us".
Perhaps a little mention would be good, but the way they make it the key points of the post, and so many people commenting on it accept it, disgusts me.
Very well. These kids caused harm to a business. So what's that change? The business screwed up, badly. The agent of destruction is quite irrelevant. Had it been a power failure, backup failure, permissions failure, data leak, or data corruption would PHPFog deserve any less blame? This need to shift some responsibility to a bunch of kids is nauseating.
>I'm just much more impressed with the way that PHPFog is handling their business after the fact than these kids are.
This is another example of the weird HN mentality when it comes to companies "apologizing" (Like WakeMate blaming their Chinese manufacturer for flunky power supplies). Are you actually impressed that a corporation has better PR than a bunch of children? Does that even make sense to you? I'd be impressed if they had managed to actually apologize while accepting all the blame without trying to pawn off the responsibility for their mistakes on some kids.