You know, I was just trying to show some compassion. I find it sad that someone could be that much desperate. I personnaly found my brother hung in his bedroom 10 years ago, so
I guess there's not much to say...
takes a very different meaning to me than the moderators or you could have seen in this comment.
I've known relations who have opted for suicide, or who have been hospitalized to prevent them. None as close as immediate family, so I can't begin to understand the pain, but in my own way I can dimly see.
One thing that makes this sort of thing doubly painful is that the sorts of minds that can consider suicide a real possibility are often very very close (and sometimes the same) as the minds that are brilliant.
We talk of genius and madness being a razor's edge away from each other, not because it is poetic but because it's true. But you don't have to be a genius to be that razor's edge away from self-destruction. You only have to have a similar biochemistry and/or neurology. There are dozens of conditions linked both to creative talent and self-harm.
Of course, not all suicides are for that reason. Utter despair (which I guess is still biochemical, but it's not a permanent condition) is another reason. There are doubtless many others.
I guess this sort of intellectualizing of suicide is my own way of dealing with the pain I have, for all that it's nothing compared to that of those close to such victims. So long as I intellectualize it, I can imagine that there will someday be solutions which help such people and prevent such tragedies happening.
by Anonymous Coward
on Tuesday June 09, @10:57AM (#28266775)
Please. This guy obviously does not speak English as his first language... probably French. When you speak his language as well as he speaks yours, go ahead and be a grammar Nazi.
But if you really are/that/ stressed about your job [...]
It might not have anything to do with on-the-job stress. It seems that there were some other things going on in his life at the time. Lots of people, when their personal lives go to shit, begin to define themselves, more and more, by their jobs. When the rest of their life sucks, their job is where they are valuable, potent, skilled, respected, and needed.
If you lose that, and you begin to think that your job performance is just as terrible as your performance in the rest of your life, That's when you find people at risk for suicide; they've just had their last leg kicked out from underneath them.
For some people, a job is the only good thing in their life. Failing at that, as they perceive they've failed at every other aspect of life, is sometimes enough to drive someone over the edge. And no, a job at McDonald's won't mitigate that feeling.
Typical. You do know that most places, you'd be lucky that a full time, minimum wage, McDonalds job will pay for a one bedroom apartment and food for yourself per month. That doesn't include utilities, transportation, clothing, etc.
Now imagine the single mom with two children. Imagine the 68 year old woman who takes care of her husband who had a stroke.
It isn't as cut and dry as "Stop being gluttonous"
But if you really are/that/ stressed about your job, even a job at McDonalds might be better even if that means you can't afford that 50 inch plasma.
I would be glad to take a job at McDonalds or Starbucks if it only meant that I would not be able to afford a flat-screen TV... I'd be like Kevin Spacey in American Beauty... hanging out with the kids all day, flipping burgers or making frappuchinos in a no-pressure job.
However, I choose put up with my current job because I have a wife and two kids that deserve more from me.
My opinion is suggesting someone work at McDonalds, which is virtually impossible for an american citizen, is about as cold hearted as suggesting someone work at a call center, which is virtually impossible for an american citizen, more or less for the same business reasons.
I've worked at both McDonalds and a call center, and I'm an American citizen.
I think your definition of "virtual impossibility" is similar to VAserve's definition of "virtual machine security".
A man in the middle of his mid-life crisis, quits his hated job and gets a job in McDonalds...he also gets a boner about his teenage daughter's friend, but lets be honest, this is Mena Suvari (at her prime!) we are talking about!
His wife, in the middle of her mid-life crisis, gets into an affair with a coworker
His daughter, in the middle of her teenage crisis, hates them both
I really don't see Lester (the protagonist) as a role model; I for one, don't plan to quit my job. However, I can empathize with his feelings and the situation he's in.
Sure but there *are* other jobs, sure, it might mean taking a job in something that isn't your specialty, taking a job thats "lower than you", etc. But if you really are/that/ stressed about your job, even a job at McDonalds might be better even if that means you can't afford that 50 inch plasma.
Spoken like someone who hasn't had to deal with the job market in quite some time.
The economy right now is in rough shape. My son has been looking for a job for six months now with no luck. He isn't looking for anything amazing - just retail, labor, or food service, or something basic like that. Folks aren't hiring.
And your typical McDonalds job isn't going to cut it these days. Most food service/retail positions will be minimum wage, which doesn't go very far. They'll also be hourly, not salaried, so you're screwed if you get injured or sick. They'll also be part-time - your schedule will change from one week to the next so you'll not have reliable income, and there'll be absolutely no benefits.
We're not talking about whether or not you can afford a 50" plasma. We're talking about whether or not you can keep your house and/or car. Whether you'll be able to afford to feed your family. Whether you'll be able to pay the assorted bills.
We try very hard to live well within our means. We've got a very affordable mortgage on our house. We bought a used car a few years back and paid for it in full, with cash. We don't have a lot of expensive hobbies. We don't have a pile of debt. But if I lost my job we'd be pretty much screwed.
The odds of me being able to find reliable employment before our savings ran out aren't good. Like I said, folks around here aren't hiring. We could sell the house, if necessary, but I don't know that anyone would buy it. There are plenty of "for sale" signs around town and I don't see them disappearing very quickly. There aren't a whole lot of luxuries we could cut back.
It's a very scary situation to be in, and we aren't even under a pile of debt. I can't imagine what it's like for some of the folks out there.
You get too hung up on that material bullshit, to the point where you take your own life rather than alter your social circumstances? That's pathetic.
If you think that most job-related suicides have anything to do with material possessions, you're mistaken. Often, a person's job is the only thing in his life that is working at all. For most people, a job is more than a simple paycheck, it's a source of self-esteem, and feelings of potency, competence, and respect.
If every facet of your personal life takes a huge dump on you, you might start feeling powerless. But, if you have a job where you can feel powerful and in control, it's easy to recognize that those feelings of powerlessness are a result of those circumstances, that you are not intrinsically powerless.
But, take away that job, and the emotional support it brings, and you may just have removed the last thing standing between healthily handling life's disappointments, and believing that you are fundamentally powerless to affect change for the better, in your life.
It's very easy, at that point, to stop seeing yourself as a resilient victim of circumstance, and begin to recognize that perhaps the only common thread in all your life's problems is you. For some people, that's when the line is crossed, and suicide is contemplated. It has nothing to do with material possessions, just feelings of guilt and powerlessness.
The core premise of Existentialism is very simple: most people spend their entire lives lying to themselves, and living in a world of imaginary restrictions. It's herd behaviour.
If you build your self-image on something outside of your self you are giving up your right to self-determination. Other people are making your decisions, and deciding how your life is going to be. Your boss can decide, on a whim, how you get to feel about yourself.
The whole problem is that we get trapped in this societal notion of how it's supposed to be, of all the things that we have to do. You have to realize that all those obligations are things you put on yourself. There is nothing you can't walk away from.
Depressing ass philosophy, right? But its still useful. I got stuck in a bitch session with my boss a couple of weeks ago which basically boiled down to, "I'm pissed that the stuff that corporate assigned to you over my head has taken precedence over this thing I wanted you to do."
And in the middle of it, I unclipped my badge and tossed it on my desk, and looked him in the eye. And he shut his mouth, turned around and didn't bother me again for the rest of the week. He could fire me, no problem, but he feared those consequences more than I did, and he knew it.
When you define the boundaries of yourself, and you understand that your choice governs your life, and you know it profoundly, there is a freedom in that that scares the shit out of people who let their lives be defined by others.
That philosophy can work for a single person, but only at a cost: you'll never be able to make binding commitments. If you want to exercise your freedom to get married, or have kids, you've accepted obligations that you can't just walk away from (or, at least, you really shouldn't). If you want to keep your freedom to risk your job, without being a complete and utter jerk, you have to pass on some things that make some other people's lives deeply meaningful.
Or, to put this another way, if you can't (or won't) choose to enter an obligation you can't walk away from, you don't have as much freedom as a person who can.
Personally, I chose to get married and make a commitment, and we chose together to have a kid. This means that I chose certain obligations. The form of the obligations is guided by societal notions, but the choice was mine in both cases. These choices do govern my life, in ways I fully accept. I'm as free as you are, aside from acknowledging that there are consequences for decisions freely made.
You can't truly blame Milw0rm for a person being depressed and committing suicide.
However, reading their security notes on it, they did hear back from the developer...they simply declared that it didn't happen fast enough and decided unilaterally that the "Vendor appears uninterested".
I have very mixed feelings on security firms releasing exploits to the public just to try and get results. In my (admittedly limited) experience, more bad has come from releasing exploits publicly than good.
I have very mixed feelings on security firms releasing exploits to the public just to try and get results. In my (admittedly limited) experience, more bad has come from releasing exploits publicly than good.
-JJS
But once you've informed the supplier, and allowed enough time for a fix to be created, tested, rolled into a patch, QAed, released to clients and tested+installed by clients, what other alternative is there? Quietly forgetting about it and just hoping that you are the only people who know about the issue and no black-hats out there will find it is simply not an option.
Why is it not an option? It isn't the best option, which is to announce that an exploit exists, but not release the details.
I'm not blaming their actions for the guy's death, but the people who lost servers and data have every right to be angry. It would have been far easier for them to announce that an exploit exists so customers could get out of a bad position instead of releasing the code which guarantees the end result we see here (For the customer, not the owner of LxLabs)
But once you've informed the supplier, and allowed enough time for a fix to be created, tested, rolled into a patch, QAed, released to clients and tested+installed by clients, what other alternative is there?
You're assuming the bolded part is true. Reading through the information on Milw0rm's own site [milw0rm.com], it appears they had an email exchange with someone at LXLabs for two weeks, then decided on their own to release the information. Two weeks is not nearly enough time to even decide if something like this is worth looking at, let alone find a fix, develop it, test it, implement it, and push it to all clients.
I hope the guys at Milw0rm get sued into oblivion over this. Their actions were completely irresponsible and directly led to millions of dollars of damage, potentially billions of dollars of damage (over 100,000 accounts were destroyed, assuming those accounts spent on $10 per month on hosting that's millions of dollars in damage to the hosting provider alone). VAServ is based in the UK and LXLabs is based in India; I have no idea what the laws are like in those countries, but let's hope Milw0rm faces criminal charges there over this.
Security research is an important field and requires a certain level of trust, accountability, and responsibility for it to function properly. By releasing this information publicly without sufficient notice, Milw0rm breached those traits and deserves to suffer the consequences for doing so.
Someone sends a random, out-of-the-blue email saying "hey we hax0red your code, lol" and you expect the recipient to pop tall and check out their site immediately? Are you serious?
And what contact information was needed? Obviously Milw0rm talked with someone at the company, so they already had contact information. Could it be that Milw0rm was talking to a customer service agent who didn't appreciate the severity of the problem because, gee, I dunno, Milw0rm didn't bother to track down contact information for the right person(s)?
Assuming milw0rm did contact the correct person/people at LXLabs
That's a huge assumption and not one I'm willing to make. However, I am willing to state, without reservation, that Milw0rm are a bunch of asshats who deserve to be sued into oblivion over their callous disregard for the safety of the customers using this software.
That's really the worst part of all of this. Most of the people hurt by this had no control over the software getting fixed, had no idea there was a problem until it was too late to do anything about it, and were completely innocent of any mistakes. And yet Milw0rm doesn't care one fig about those people and just releases code that sends their lives and businesses into a tailspin. How do you defend that kind of behavior and call yourself a professional?
Sounds like the guy needed some more help than he got to get to grips with his personal situation. Anyway...
The flaws include SQL injection vulnerabilities and flaws that create a way for hackers to gain file access to files hosted on a vulnerable system.
There is no excuse for SQL Injection vulnerabilities these days. The problem is well known and publicised, the solutions are well documented. This is a problem that is solved by altering how you code, that results in neater code with less errors. If you can't use prepared/parameterised statements and insist on building SQL command strings out of user supplied data, then... well, err, I can't say "you deserve to hang" in this case can I?
His sister and mother both committed suicide by hanging 5 years ago. He may have had a genetic propensity towards suicide.
Culturally, Indians have a very heavy emphasis on honor and responsibility. The failure of the software is only the outermost layer of true damage. Each of those compromised VMs is a failure to satisfy a customer at best, and a grave violation of the trust between vendor and customer.
When it comes to suicide, why hanging? It seems like a really hard way to go. Maybe the person wants to suffer to pay back his debts before death.
Not really. Plenty of people commit suicide in their late 20s or later, which leaves a decent slice of breeding time, depending on how early you start. Particularly with modern social structures(where orphans are incrementally less likely to starve in Dickensian workhouses) you can fairly easily pump out surviving children at greater than replacement rate, even if you are dead by 30.
Also, a "propensity" toward suicide isn't necessarily fatal, depending on life conditions. If you don't run into much serious stress, a tendency to respond badly to stress is largely harmless. If your son gets it and runs into a series of nasty business reversals, it'll bite him.
I think it is quite disturbing with all of the disrespectful comments on this article. I could Mod some of this, but not all of it. The guy obviously hit hard times with death of two family members by suicide and the tanking of his company. It is clear he had depression in his family and was not able to bear all of this hitting him. It is sickening that so many of you think it is a joke.
It is sickening that so many of you think it is a joke.
Sickening, but not surprising. Civilization has always been a thin veneer on top of barbarism, and it barely keeps our worst instincts in check. Remove via anonymity the social cues that inhibit these instincts, and we end up with the appalling comments here.
>Killing yourself pretty much removes your right to a lot of sympathy.
Bullshit. People with mental illness deserve your sympathy. The idea that suicide was some kind of rational selfish response is stupid. Clearly, he had a lot of suffering if he felt he needed to kill himself. These people deserve our sympathy not our disdain. Hopefully, we can teach people, especially young people, that mental illness shouldnt be shameful and if they suspect they have it then they should get treated - not hide it away and have it lead to suicide like this guy.
The honorable way out is working in the ruins to try and rectify your mistakes, not quitting when the road gets hard.
I suspect it's much easier to say this when you're not the one having to travel that road. No offense to you is implied by this observation Mr SatanicPuppy, but from a smaller degree of personal experience, it is easier said than done. The depression I entered after my brother's death (sorry, no details for/.) has had some long lasting effects on me, even if it was 11 years, 7 months and 2 days, 15 hours, 30 minutes ago.
Not saying I disagree, but still, easier said than done.
but I gotta respect this guy's dedication to the job. If we could get American CEO's to take this level of responsibility when their companies completely faceplant, the world would be a better place.
Some rather unpleasant comments coming off of you lot.
The poor chap sounds like he'd had a bad decade, and this just topped it off.
When your business collapses overnight (which is what happened here), you're facing god knows how many lawsuits (which is what would have happened here) and the people you'd turn to for support are dead... Well, I'd imagine what follows are some rather sobering thoughts.
My heart goes out to his remaining family, and those of you modded "Funny" should go gargle some engine coolant.
Actually, this has almost nothing to do with attacking VMs and more to do with the simple fact that LxLab's code is an extremely poorly written piece of crap from a security standpoint that leaves the VM wide open to attack. Having read through the 24 sample exploits when they were first published on milw0rm, the errors are pretty damn fundamental and indicate a complete ignorance of many of the established best practices in secure coding. It was just a matter of time before one of LxLab's users got hit and hit hard; frankly I'm surprised it took so long.
The only thing that I found surprising about the attack on VAserv is that the perpetrator decided to blow away the servers instead of subvert them for sending spam or hosting related websites; 100,000 web hosts have got to be worth quite a few dollars on the right market. While it sucks to be VAserv or one of their customers right now, it's probably better things went this way than the alternative for everyone else. Of course, it's just a matter of time before the next users of LxLabs HyperVM gets hit - if they haven't been already - and at least some of them are almost certainly going to be end up doing something less than legitimate.
"Oh, please. They had sufficient time for a relatively simple exploit to be patched. This guy stalled them with vague non-responses and shit never got done, so milw0rm posted it publicly. That's what security folks do. It's not their fault that he decided that fixing the software he put his reputation behind wasn't worth it."
Well, not exactly. There is a raging debate over whether this is an appropriate tactic, and this incident will go down in the security text books as an example of why the debate exists. Opposite your opinion is something like, "That's what publicity seeking sociopathic nerds, masquerading as [security folk] do."
There is a fundamental tension between wanting to know if a system you own is vulnerable to some defect, and wanting to keep the exploit code out of the hands of The Bad Guys(TM). In this case, however, it seems pretty clear that simply knowing the name of the product (not even the version) was enough, exploit code wasn't required (as it sometimes is when scanning large numbers of systems that might be at indeterminate patch levels, for example).
There are quite a few actions one could take between "notify the vendor" and "release exploit code" which appear to have been skipped. That's irresponsible, not, "what security folks do".
Frankly, I don't understand how organizations or consultants who do this kind of thing manage to stay in business. If you were a big company with a bunch of interlocking IT systems and limited resources, would you hire someone who had a track record of publishing exploit code before patches were available? Suppose this consultant found some issues, which your organization couldn't respond to as quickly as you would like? Does that consultant become a risk to you now, simply because you didn't fix something in a manner timely enough to suit them? How do you know they wouldn't publish details of your vulnerabilities, because some snot nose punk with an inflated sense of self-righteousness thought you were ignoring him?
I don't operate that way, and neither do any of the fine security consultants who work for me or with me. I work discretely with my clients until they get their problems fixed. That sometimes means doing a lot more work than *should* be required to get the attention of a vendor. However, it has never yet meant publishing exploit code prior to patch availability.
If I'm reading this right, the point of the web application is to manage the VMs. If it didn't have privilege to manage (or destroy in this case) the VMs, it would be pretty useless.
Well (Score:4, Insightful)
Re:Well (Score:5, Informative)
I suspect that this was the result of a lot of bad things going on in his life, and not just because of the software issues.
Parent
Re:Well (Score:5, Interesting)
TFA: "Ligesh [from LxLabs] was also still coming to terms with the suicides by hanging of his sister and mother five years ago."
I suspect that this was the result of a lot of bad things going on in his life, and not just because of the software issues.
And very likely a genetic predisposition to suicide [scienceblog.com] as well.
Parent
Re:Well (Score:5, Insightful)
How does a genetic predisposition for suicide propagate...?
Parent
Re:Well (Score:5, Insightful)
I guess there's not much to say...
takes a very different meaning to me than the moderators or you could have seen in this comment.
Parent
TO ALL Re:Well (Score:5, Informative)
Parent
Tragic (Score:5, Insightful)
I've known relations who have opted for suicide, or who have been hospitalized to prevent them. None as close as immediate family, so I can't begin to understand the pain, but in my own way I can dimly see.
One thing that makes this sort of thing doubly painful is that the sorts of minds that can consider suicide a real possibility are often very very close (and sometimes the same) as the minds that are brilliant.
We talk of genius and madness being a razor's edge away from each other, not because it is poetic but because it's true. But you don't have to be a genius to be that razor's edge away from self-destruction. You only have to have a similar biochemistry and/or neurology. There are dozens of conditions linked both to creative talent and self-harm.
Of course, not all suicides are for that reason. Utter despair (which I guess is still biochemical, but it's not a permanent condition) is another reason. There are doubtless many others.
I guess this sort of intellectualizing of suicide is my own way of dealing with the pain I have, for all that it's nothing compared to that of those close to such victims. So long as I intellectualize it, I can imagine that there will someday be solutions which help such people and prevent such tragedies happening.
Parent
Re:Tragic (Score:5, Funny)
Hmmm. Now can you come up with a solution that geeks can actually use in the real world?
Parent
Re:Well (Score:5, Insightful)
Until then, stfu.
Parent
They comitted suicide... (Score:5, Informative)
five years ago, not a few months.
Parent
Well (Score:4, Funny)
Re:Well (Score:5, Funny)
Parent
Re:Well (Score:5, Insightful)
Yea, Jesus. Someone take their job a little too seriously?
If you ever seriously think of killing yourself over your job, it's time to get a new job.
Parent
Re:Well (Score:5, Insightful)
If you ever seriously think of killing yourself over your job, it's time to get a new job.
Probably good advice generally, but I wonder how many of those defaulting on their mortgages due to a layoff will react positively to hearing it.
Sometimes that shitty job is all you've got.
Parent
Re:Well (Score:5, Insightful)
But if you really are /that/ stressed about your job [...]
It might not have anything to do with on-the-job stress. It seems that there were some other things going on in his life at the time. Lots of people, when their personal lives go to shit, begin to define themselves, more and more, by their jobs. When the rest of their life sucks, their job is where they are valuable, potent, skilled, respected, and needed.
If you lose that, and you begin to think that your job performance is just as terrible as your performance in the rest of your life, That's when you find people at risk for suicide; they've just had their last leg kicked out from underneath them.
For some people, a job is the only good thing in their life. Failing at that, as they perceive they've failed at every other aspect of life, is sometimes enough to drive someone over the edge. And no, a job at McDonald's won't mitigate that feeling.
Parent
Re:Well (Score:5, Insightful)
Now imagine the single mom with two children. Imagine the 68 year old woman who takes care of her husband who had a stroke.
It isn't as cut and dry as "Stop being gluttonous"
Parent
Re:Well (Score:5, Insightful)
But if you really are /that/ stressed about your job, even a job at McDonalds might be better even if that means you can't afford that 50 inch plasma.
I would be glad to take a job at McDonalds or Starbucks if it only meant that I would not be able to afford a flat-screen TV... I'd be like Kevin Spacey in American Beauty... hanging out with the kids all day, flipping burgers or making frappuchinos in a no-pressure job.
However, I choose put up with my current job because I have a wife and two kids that deserve more from me.
Parent
Re:Well (Score:5, Funny)
My opinion is suggesting someone work at McDonalds, which is virtually impossible for an american citizen, is about as cold hearted as suggesting someone work at a call center, which is virtually impossible for an american citizen, more or less for the same business reasons.
I've worked at both McDonalds and a call center, and I'm an American citizen.
I think your definition of "virtual impossibility" is similar to VAserve's definition of "virtual machine security".
Parent
Re:Well (Score:5, Insightful)
The way I saw the movie it was about:
A man in the middle of his mid-life crisis, quits his hated job and gets a job in McDonalds ...he also gets a boner about his teenage daughter's friend, but lets be honest, this is Mena Suvari (at her prime!) we are talking about!
His wife, in the middle of her mid-life crisis, gets into an affair with a coworker
His daughter, in the middle of her teenage crisis, hates them both
I really don't see Lester (the protagonist) as a role model; I for one, don't plan to quit my job. However, I can empathize with his feelings and the situation he's in.
Parent
Re:Well (Score:5, Insightful)
Sure but there *are* other jobs, sure, it might mean taking a job in something that isn't your specialty, taking a job thats "lower than you", etc. But if you really are /that/ stressed about your job, even a job at McDonalds might be better even if that means you can't afford that 50 inch plasma.
Spoken like someone who hasn't had to deal with the job market in quite some time.
The economy right now is in rough shape. My son has been looking for a job for six months now with no luck. He isn't looking for anything amazing - just retail, labor, or food service, or something basic like that. Folks aren't hiring.
And your typical McDonalds job isn't going to cut it these days. Most food service/retail positions will be minimum wage, which doesn't go very far. They'll also be hourly, not salaried, so you're screwed if you get injured or sick. They'll also be part-time - your schedule will change from one week to the next so you'll not have reliable income, and there'll be absolutely no benefits.
We're not talking about whether or not you can afford a 50" plasma. We're talking about whether or not you can keep your house and/or car. Whether you'll be able to afford to feed your family. Whether you'll be able to pay the assorted bills.
We try very hard to live well within our means. We've got a very affordable mortgage on our house. We bought a used car a few years back and paid for it in full, with cash. We don't have a lot of expensive hobbies. We don't have a pile of debt. But if I lost my job we'd be pretty much screwed.
The odds of me being able to find reliable employment before our savings ran out aren't good. Like I said, folks around here aren't hiring. We could sell the house, if necessary, but I don't know that anyone would buy it. There are plenty of "for sale" signs around town and I don't see them disappearing very quickly. There aren't a whole lot of luxuries we could cut back.
It's a very scary situation to be in, and we aren't even under a pile of debt. I can't imagine what it's like for some of the folks out there.
Parent
Re:Well (Score:5, Insightful)
You get too hung up on that material bullshit, to the point where you take your own life rather than alter your social circumstances? That's pathetic.
If you think that most job-related suicides have anything to do with material possessions, you're mistaken. Often, a person's job is the only thing in his life that is working at all. For most people, a job is more than a simple paycheck, it's a source of self-esteem, and feelings of potency, competence, and respect.
If every facet of your personal life takes a huge dump on you, you might start feeling powerless. But, if you have a job where you can feel powerful and in control, it's easy to recognize that those feelings of powerlessness are a result of those circumstances, that you are not intrinsically powerless.
But, take away that job, and the emotional support it brings, and you may just have removed the last thing standing between healthily handling life's disappointments, and believing that you are fundamentally powerless to affect change for the better, in your life.
It's very easy, at that point, to stop seeing yourself as a resilient victim of circumstance, and begin to recognize that perhaps the only common thread in all your life's problems is you. For some people, that's when the line is crossed, and suicide is contemplated. It has nothing to do with material possessions, just feelings of guilt and powerlessness.
Parent
Re:Well (Score:5, Insightful)
The core premise of Existentialism is very simple: most people spend their entire lives lying to themselves, and living in a world of imaginary restrictions. It's herd behaviour.
If you build your self-image on something outside of your self you are giving up your right to self-determination. Other people are making your decisions, and deciding how your life is going to be. Your boss can decide, on a whim, how you get to feel about yourself.
The whole problem is that we get trapped in this societal notion of how it's supposed to be, of all the things that we have to do. You have to realize that all those obligations are things you put on yourself. There is nothing you can't walk away from.
Depressing ass philosophy, right? But its still useful. I got stuck in a bitch session with my boss a couple of weeks ago which basically boiled down to, "I'm pissed that the stuff that corporate assigned to you over my head has taken precedence over this thing I wanted you to do."
And in the middle of it, I unclipped my badge and tossed it on my desk, and looked him in the eye. And he shut his mouth, turned around and didn't bother me again for the rest of the week. He could fire me, no problem, but he feared those consequences more than I did, and he knew it.
When you define the boundaries of yourself, and you understand that your choice governs your life, and you know it profoundly, there is a freedom in that that scares the shit out of people who let their lives be defined by others.
Parent
Re:Well (Score:5, Insightful)
That philosophy can work for a single person, but only at a cost: you'll never be able to make binding commitments. If you want to exercise your freedom to get married, or have kids, you've accepted obligations that you can't just walk away from (or, at least, you really shouldn't). If you want to keep your freedom to risk your job, without being a complete and utter jerk, you have to pass on some things that make some other people's lives deeply meaningful.
Or, to put this another way, if you can't (or won't) choose to enter an obligation you can't walk away from, you don't have as much freedom as a person who can.
Personally, I chose to get married and make a commitment, and we chose together to have a kid. This means that I chose certain obligations. The form of the obligations is guided by societal notions, but the choice was mine in both cases. These choices do govern my life, in ways I fully accept. I'm as free as you are, aside from acknowledging that there are consequences for decisions freely made.
Parent
Mixed feelings (Score:4, Interesting)
You can't truly blame Milw0rm for a person being depressed and committing suicide.
However, reading their security notes on it, they did hear back from the developer...they simply declared that it didn't happen fast enough and decided unilaterally that the "Vendor appears uninterested".
I have very mixed feelings on security firms releasing exploits to the public just to try and get results. In my (admittedly limited) experience, more bad has come from releasing exploits publicly than good.
-JJS
Re:Mixed feelings (Score:5, Informative)
I have very mixed feelings on security firms releasing exploits to the public just to try and get results. In my (admittedly limited) experience, more bad has come from releasing exploits publicly than good.
-JJS
But once you've informed the supplier, and allowed enough time for a fix to be created, tested, rolled into a patch, QAed, released to clients and tested+installed by clients, what other alternative is there? Quietly forgetting about it and just hoping that you are the only people who know about the issue and no black-hats out there will find it is simply not an option.
Parent
Re:Mixed feelings (Score:4, Insightful)
Parent
Re:Mixed feelings (Score:5, Insightful)
But once you've informed the supplier, and allowed enough time for a fix to be created, tested, rolled into a patch, QAed, released to clients and tested+installed by clients, what other alternative is there?
You're assuming the bolded part is true. Reading through the information on Milw0rm's own site [milw0rm.com], it appears they had an email exchange with someone at LXLabs for two weeks, then decided on their own to release the information. Two weeks is not nearly enough time to even decide if something like this is worth looking at, let alone find a fix, develop it, test it, implement it, and push it to all clients. I hope the guys at Milw0rm get sued into oblivion over this. Their actions were completely irresponsible and directly led to millions of dollars of damage, potentially billions of dollars of damage (over 100,000 accounts were destroyed, assuming those accounts spent on $10 per month on hosting that's millions of dollars in damage to the hosting provider alone). VAServ is based in the UK and LXLabs is based in India; I have no idea what the laws are like in those countries, but let's hope Milw0rm faces criminal charges there over this. Security research is an important field and requires a certain level of trust, accountability, and responsibility for it to function properly. By releasing this information publicly without sufficient notice, Milw0rm breached those traits and deserves to suffer the consequences for doing so.
Parent
Re:Mixed feelings (Score:5, Insightful)
Assuming milw0rm did contact the correct person/people at LXLabs
That's a huge assumption and not one I'm willing to make. However, I am willing to state, without reservation, that Milw0rm are a bunch of asshats who deserve to be sued into oblivion over their callous disregard for the safety of the customers using this software. That's really the worst part of all of this. Most of the people hurt by this had no control over the software getting fixed, had no idea there was a problem until it was too late to do anything about it, and were completely innocent of any mistakes. And yet Milw0rm doesn't care one fig about those people and just releases code that sends their lives and businesses into a tailspin. How do you defend that kind of behavior and call yourself a professional?
Parent
Can we stick to the tech? (Score:5, Insightful)
My condolences (Score:5, Insightful)
Depressed person with problems kills himself (Score:4, Informative)
Sounds like the guy needed some more help than he got to get to grips with his personal situation. Anyway ...
The flaws include SQL injection vulnerabilities and flaws that create a way for hackers to gain file access to files hosted on a vulnerable system.
There is no excuse for SQL Injection vulnerabilities these days. The problem is well known and publicised, the solutions are well documented. This is a problem that is solved by altering how you code, that results in neater code with less errors. If you can't use prepared/parameterised statements and insist on building SQL command strings out of user supplied data, then ... well, err, I can't say "you deserve to hang" in this case can I?
It may have been genetic (Score:4, Interesting)
His sister and mother both committed suicide by hanging 5 years ago. He may have had a genetic propensity towards suicide.
Culturally, Indians have a very heavy emphasis on honor and responsibility. The failure of the software is only the outermost layer of true damage. Each of those compromised VMs is a failure to satisfy a customer at best, and a grave violation of the trust between vendor and customer.
When it comes to suicide, why hanging? It seems like a really hard way to go. Maybe the person wants to suffer to pay back his debts before death.
Re:It may have been genetic (Score:4, Interesting)
Also, a "propensity" toward suicide isn't necessarily fatal, depending on life conditions. If you don't run into much serious stress, a tendency to respond badly to stress is largely harmless. If your son gets it and runs into a series of nasty business reversals, it'll bite him.
Parent
potential upside (Score:4, Funny)
Hopefully the sites lost were those abandoned blogs, even better if they were active blogs.
The guys pic (Score:4, Informative)
The guys pic
http://i41.tinypic.com/zjdqgy.jpg [tinypic.com]
RIP
Disrespectful (Score:5, Insightful)
Re:Disrespectful (Score:5, Insightful)
Sickening, but not surprising. Civilization has always been a thin veneer on top of barbarism, and it barely keeps our worst instincts in check. Remove via anonymity the social cues that inhibit these instincts, and we end up with the appalling comments here.
Parent
Re:Disrespectful (Score:5, Funny)
Civilization has always been a thin veneer on top of barbarism, and it barely keeps our worst instincts in check.
Yes, but if you look under the Barbarism, you actually find two layers of humanitarianism.
You don't need a sense of despair; just a good belt sander.
Parent
Re:Disrespectful (Score:5, Insightful)
>Killing yourself pretty much removes your right to a lot of sympathy.
Bullshit. People with mental illness deserve your sympathy. The idea that suicide was some kind of rational selfish response is stupid. Clearly, he had a lot of suffering if he felt he needed to kill himself. These people deserve our sympathy not our disdain. Hopefully, we can teach people, especially young people, that mental illness shouldnt be shameful and if they suspect they have it then they should get treated - not hide it away and have it lead to suicide like this guy.
Parent
Re:Disrespectful (Score:5, Insightful)
The honorable way out is working in the ruins to try and rectify your mistakes, not quitting when the road gets hard.
I suspect it's much easier to say this when you're not the one having to travel that road. No offense to you is implied by this observation Mr SatanicPuppy, but from a smaller degree of personal experience, it is easier said than done. The depression I entered after my brother's death (sorry, no details for /.) has had some long lasting effects on me, even if it was 11 years, 7 months and 2 days, 15 hours, 30 minutes ago.
Not saying I disagree, but still, easier said than done.
Parent
I don't know if its been said yet... (Score:4, Insightful)
Woah. (Score:5, Funny)
Wow. Nice crowd. (Score:5, Funny)
Some rather unpleasant comments coming off of you lot.
The poor chap sounds like he'd had a bad decade, and this just topped it off.
When your business collapses overnight (which is what happened here), you're facing god knows how many lawsuits (which is what would have happened here) and the people you'd turn to for support are dead... Well, I'd imagine what follows are some rather sobering thoughts.
My heart goes out to his remaining family, and those of you modded "Funny" should go gargle some engine coolant.
Re:There's yer problem... (Score:4, Insightful)
Backup your own damn data. If you trust your webhoster to do it for you, you're a lost cause.
Parent
Re:There's yer problem... (Score:5, Informative)
There is only so much due diligence you can do if their claims [lxlabs.com] are not true [milw0rm.com].
Phillip.
Parent
Re:Damn... (Score:5, Funny)
That's like putting your mission critical servers in a garden shed with holes in the roof.
What??? It's not a cheap way to get my server water cooled???
Could this explain my high hardware failure?
Parent
Re:Who else? (Score:4, Interesting)
Many/most (cheapvps, fsckvps, etc.) are reselling VAserv stuff, so a lot have been hit hard.
If they're using HyperVM, stay the hell away.
Parent
Re:VM Attacks (Score:5, Interesting)
The only thing that I found surprising about the attack on VAserv is that the perpetrator decided to blow away the servers instead of subvert them for sending spam or hosting related websites; 100,000 web hosts have got to be worth quite a few dollars on the right market. While it sucks to be VAserv or one of their customers right now, it's probably better things went this way than the alternative for everyone else. Of course, it's just a matter of time before the next users of LxLabs HyperVM gets hit - if they haven't been already - and at least some of them are almost certainly going to be end up doing something less than legitimate.
Parent
what security folks do (Score:5, Insightful)
Well, not exactly. There is a raging debate over whether this is an appropriate tactic, and this incident will go down in the security text books as an example of why the debate exists. Opposite your opinion is something like, "That's what publicity seeking sociopathic nerds, masquerading as [security folk] do."
There is a fundamental tension between wanting to know if a system you own is vulnerable to some defect, and wanting to keep the exploit code out of the hands of The Bad Guys(TM). In this case, however, it seems pretty clear that simply knowing the name of the product (not even the version) was enough, exploit code wasn't required (as it sometimes is when scanning large numbers of systems that might be at indeterminate patch levels, for example).
There are quite a few actions one could take between "notify the vendor" and "release exploit code" which appear to have been skipped. That's irresponsible, not, "what security folks do".
Frankly, I don't understand how organizations or consultants who do this kind of thing manage to stay in business. If you were a big company with a bunch of interlocking IT systems and limited resources, would you hire someone who had a track record of publishing exploit code before patches were available? Suppose this consultant found some issues, which your organization couldn't respond to as quickly as you would like? Does that consultant become a risk to you now, simply because you didn't fix something in a manner timely enough to suit them? How do you know they wouldn't publish details of your vulnerabilities, because some snot nose punk with an inflated sense of self-righteousness thought you were ignoring him?
I don't operate that way, and neither do any of the fine security consultants who work for me or with me. I work discretely with my clients until they get their problems fixed. That sometimes means doing a lot more work than *should* be required to get the attention of a vendor. However, it has never yet meant publishing exploit code prior to patch availability.
Parent
Re:Narrow escape (Score:5, Insightful)
If I'm reading this right, the point of the web application is to manage the VMs. If it didn't have privilege to manage (or destroy in this case) the VMs, it would be pretty useless.
Parent