Fired Techie Created Virtual Chaos At Pharma Co.

itwbennett writes "Using a secret vSphere console, Jason Cornish, formerly an IT staffer at the U.S. subsidiary of drug-maker Shionogi, wiped out most of the company's computer infrastructure earlier this year. Cornish, 37, pleaded guilty Tuesday to computer intrusion charges in connection with the attack."

How he got caught.

[will_die]

For those wondering how he got caught, he accessed the servers from his home also for the McDonalds just before he accessed them he purchased some food using this credit card.

Re:

[1s44c]

For those wondering how he got caught, he accessed the servers from his home also for the McDonalds just before he accessed them he purchased some food using this credit card.

That seems amazing stupid.

Re:

[Hazel Bergeron]

(1) He will not be incarcerated for anything like 10 years;

(2) Incarceration's looking like a fine alternative to the next decade in the wild. Especially in countries with more lenient prison systems (the US is bad but not as bad as the Middle/Far East; the UK is better than all of the above).

Re:

[JosKarith]

Unless you've been convicted of using Facebook to incite a riot that never happened...
http://www.guardian.co.uk/uk/2011/aug/17/facebook-cases-criticism-riot-sentences

I disagree.

[CountBrass]

I have to admit that my initial reaction was the same as yours.

And then I spent some time thinking about it.

First, riots on previous days had resulted in people being injured and even murdered, robbed and people's homes and business destroyed.

And then these guys come along and try to arrange more of the same, knowing full well the results of those riots.

Second, I got to thinking: who are the worst? The rioters who get caught up in the heat of the moment or the cowardly little turds at the back of crowd eggi

Re:

[NatasRevol]

My vote is the cowardly little agitators are considerably worse.

I fully disagree. That's not making people take responsibility for their own actions.

Those rioting/destroying property are responsible for their actions. If they were incited by others, it's still their damn fault.

You should be punished for your actions, not words. But then, there is no freedom of speech there, or really anywhere anymore, so they may as well be punished too. Similarly, everyone who uses the 'four boxes of freedom' sig should be carted off to jail - it's promoting shooting of those in of

Re:

[Hazel Bergeron]

With all respect, a drunk driver is not necessarily any safer to be around than a rapist or a murderer. Indeed, an otherwise law-abiding man who murders once out of passion could be much safer than any number of people convicted of more minor offences.

Anyway, there are different prison security categories, but not based on the criteria you're implying.

Re:

[cusco]

It never happened to you or anyone that you know, did it? Rape is not the same as assault (or battery, which is probably what you meant). A rape starts with an assault, proceeds to battery, then unlawful restraint, and generally kidnapping, before anyone's clothes are even removed. Then it gets worse. The rapist's intent is not to get laid, it's to destroy the other person.

Re:

[Anonymous Coward]

That's bullshit, McDonalds doesn't sell food.

Re:

[Runaway1956]

And, did he also use his own computer, probably running Windows, which keeps logs of contacts? Or, did he use a LiveCD, do his dirty deeds, then shut down the computer?

I know for certain that if I were to do something like this, I would NOT use an installed operating system, and I would MOST CERTAINLY not use a Windows system! Not even from a public computer, from a library, or senior citizen's center!

Re:

[Intron]

and of course you would remember to spoof your mac address? wear a mask when you pass the parking lot security camera? put stolen license plates on your car? wear gloves the whole time?

There are a lot more traces left than just Windows log files.

Re:

[bsDaemon]

Unfortunately, if there are vSphere clients that run on something other than Windows, I am apparently incapable of finding them on VMWare's website. I think vSphere 5 will have a Linux client though. So, the best he could hope for it using a VM and then resetting it back to a snapshot after use.

Re:

[darkmeridian]

For those wondering how he was in a position to cause such mayhem: "Cornish had resigned from the company in July 2010 after getting into a dispute with management, but he had been kept on as a consultant for two more months." *slaps forehead* The guy had issues with management and resigned, so they let him stay on for two more months ... because?!

However, the attack did not attack "vital" systems like research lab data. It affected emails, sales systems, and the like. Sure, that's annoying, but it was "onl

One by one?

[MrQuacker]

Damn, he took his time. Musta felt good though.

But seriously, if you're smart enough and determined enough to do this, cant you foresee the outcomes?

tl;dr, Shoulda just spliced an ethernet cable into a power cord, added a "Never unplug this!!!" sticker, and left it by a power outlet. Once the blue smoke is released, the magic is lost.

Re:One by one?

[somersault]

Shouldn't a "too long; didn't read" section be shorter than the rest of your comment? And it should provide a summary, rather than go off on some tangent.

Re:

[ArsenneLupin]

I initially read this as "Never plug this in!", would have been more funny that way. Indeed if someone did plug it in (and someone would... idiots are everywhere...), Mr Cornish would have been able to share his punishment with whomever disregarded this clear instruction...

Re:

[jamesh]

Once the blue smoke is released, the magic is lost.

This is true of people and of computers... guess which one will get you longer in prison of you are found to be responsible for the release of the blue smoke?

Re:

[mehrotra.akash]

Wouldnt it just fry the NIC it is plugged into, or the motherboard at max?

Re:

[Intron]

Most likely it would fry a switch, which would shut down the company network until it was replaced.

Back in the day of a single thick ethernet cable connected to every machine, this would have been really spectacular.

Re:

[mehrotra.akash]

Even in that case, the damage would be limited to a single system, probably covered by warranty.( Like Dell's completecover -- I guess something like that would be there for enterprises)

What he did was much more damaging -- Deleting all the company's servers is well, damaging

Re:

[SteveFoerster]

But seriously, if you're smart enough and determined enough to do this, cant you foresee the outcomes?

Evidently not necessarily. This is why intelligence and wisdom are different ability scores.

Re:

[Bigbutt]

I laughed. Thanks :)

[John]

I hope they throw the book at him

[Viol8]

He could have potentially wiped out some on going expensive research while he was at it and potentially cost lives not to mention jobs at a company that obviously wasn't in the best financial health to start with. This selt centered little prick doesn't deserve any leniency.

Re:

[neokushan]

I believe you know the full story from both sides then, yes? So what was his dispute with the management that made him do this?

Re:I hope they throw the book at him

[ScentCone]

So what was his dispute with the management that made him do this?

It doesn't matter what his dispute was. There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

Re:

[ArsenneLupin]

There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

Yes, burning down your place of employment should only be done in context of insurance fraud, or to help them save costs of properly disposing of dangerous goods. But never for petty revenge!

Re:

[hairyfish]

Of course there is. If you were a former Al Qaeda Terrorist for example.

Re:

[WillDraven]

That's what I was thinking. What if your former employer is planning on doing something that could kill lots of people and the regulators/police/media don't believe you or are complicit in the scheme? Never is a pretty strong word.

Re:

[reitton]

There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

What if they took your stapler and moved your desk in to the basement?

Re:

[mabhatter654]

ADA Lawsuit?
The case you just stated is EXACTLY what they're for.

Easy money for some vulture lawyer... As mich as we dint like them.

Re:

[Tim C]

So, keeping that in mind, you think it to be immoral and illegitimate for me to destroy him and his business, were I in a position to?

Yes, absolutely:

1) There are laws in existence to prosecute exactly his type of behaviour; use them.
2) In destroying his business you are hurting his employees, their families, etc.

Re:

[epyT-R]

people can and do get blacklisted for the wrong reasons all the time. in today's era of no-privacy, it's VERY easy. I'm no socialist, but it should be obvious that any entity in a position of power will abuse it eventually. whether it's corporate or government is irrelevant.

Re:

[iserlohn]

"Reactionary socialist BS"

Do you happen to live in a formerly socialist country (that is now capitalist and prosperous by creating millions of minimum wage jobs)?

Re:

[Viol8]

There was no excuse for what he did. End of.

Re:

[neokushan]

I'm not debating that what he did was right or wrong (it's certainly wrong), all I'm saying is that there is a good possibility that his actions weren't entirely selfish. It wasn't just him that got laid off and we don't have any information on what his initial disagreements with the management were, for all we know they wanted to experiment on baby pandas (yes I know that's unlikely, but the point remains). Saying he doesn't deserve any leniency without knowing the full story is just wrong.

Re:

[circletimessquare]

there's no magical hollywood plotline that justifies his actions. there's no full story needed. some people are just so incredibly selfish this level of vindictiveness makes sense to them. can you imagine what any poor woman would go through/ went through after dating this guy?

Re:

[jamesh]

Saying he doesn't deserve any leniency without knowing the full story is just wrong.

As long as you know the full story of _what_ he did, then _why_ he did it shouldn't really matter unless it can be established that he was mentally incompetent at the time eg under duress (family being held hostage etc), having a psychotic episode, really really drunk/wired, upset because favourite TV show just got cancelled, or whatever else counts for "temporarily insane" these days.

Re:

[epyT-R]

if he was fired legitimately, I agree. if he was fired for bs, I don't. then it's the employer's fault beacuse it placed its desire to stick it to the employee over the safety of its customers.

Re:

[Dog-Cow]

Two wrongs don't make a right. Most people are taught this when they are around the age of a first-grader.

I suggest you take some remedial courses.

Re:

[hairyfish]

Or he could've prevented a new strain of pandemic virus from being released and saved billions of lives. Or he could've accidently deleted the winning lottery numbers Or if is Uncle was his Aunty...

I'm impressed he could do that much damage...

[Mysticalfruit]

I usually can only destroy 10 or so vm's before my vsphere client runs out of memory / handles or just segfaults for the fun of it. Needless to say, my displeasure with that vpshere client has caused me to become somewhat of a vsphere command line ninja.

Firstly, it appears this guy was treated poorly and not only is he a nitwit, it would appear that most of his coworkers/management were as well.

Secondly, it's acts of sabotage like this that make it hard for the rest of us to do our jobs.

Thirdly, on a not so serious note... wi-fi from McDonalds? vSphere console? How did he think he was NOT going to get caught? Did he even try to wipe the logs off the vsphere server? Had this guy two brain cells in his head, he could have obliterated their infrastructure and not left a trace of evidence.

Re:

[murdocj]

Having read the article... other than being laid off, what makes you think that the guy was treated poorly?

Re:

[Syberz]

Had this guy had 2 brain cells in his head, he wouldn't have done anything except look at job boards... Why don't people just stick to stealing office supplies like in the good old days?

Re:

[mabhatter654]

THIS is why companies "perp walk" you to the door IMMEDIATELY after you had in the letter to resign. They certainly don't let you come back as a contractor... Unless you are leaving for a scheduled retirement or something amicable.

As much as the "perp walk" seems like a bad thing, it helps make sure YOU don't get accused of crap like this later on.

Re:I'm impressed he could do that much damage...

[BeShaMo]

What's to stop you from backing up their sensitive data and creating your back doors before you hand in your letter of resignation? If you treat your employees well, and create an atmosphere of mutual respect, when the time does come to part ways, the last month or two of employment can be constructively used to tie up loose ends and easing the transition to the next guy. If you, as an employer, have a policy of escorting someone from their workstation the moment they hand in their resignation, you're basically paying someone to twiddle their thumbs while your remaining employees scramble to cover for the guy who now is suddenly gone with no warning, while they must be thinking whether it's really worth it, just to get the same treatment when they are leaving. The "Perp walk" is just as petty a show of revenge as the guy in TFA and as damaging to the future your remaining employees to do their job. The only difference is that it is unfortunately not illegal.

Re:

[adamofgreyskull]

I've never had it happen when handing in my resignation, or seen it happen to anyone I know, or heard about it happening to anyone I know, but perhaps it depends on the events leading up to the resignation? Some people just resign because they want to move on to bigger and better things and not because they've had a spat with management. If you had, or if you were *fired* I can understand it of course.

Is it really common for this to happen over a simple resignation?

Re:

[TheRaven64]

I hope you're joking, because if you can not think of a reason why you might legitimately destroy 10 VMs for your employer - especially if you're using this kind of system where you can easily be managing thousands of VMs - then you probably shouldn't be using a computer.

Never publicly flame

[wiredog]

someone who has your root passwords...

Protect systems from rogue admins too?

[bertok]

Has anyone noticed that every system claiming "enterprise" robustness only ever protect against untrusted third parties or component failure? I think there's an enormous amount of research waiting to be done to develop systems that are robust against attacks by rogue administrators. Think about it this way: a modern distributed cluster can be made robust against nuclear warfare, but not a grumpy admin!

Technologies like the kind developed by internet pirates could be applied to enterprise systems. For example, protocols like Bittorrent are designed to be robust against malicious peers. The lessons learned by Wikipedia (where everyone is an 'admin') could be applied too, such as enforced versioning of all configuration changes.

Similarly, multi-party authentication should be an option for critical enterprise systems. It should be possible to mark objects such as VMs or service accounts as "critical", allowing configuration changes only if, say, three admins authenticate together, like in a nuclear launch. This isn't a new concept -- Certificate Authorities often require secondary approval to issue certain types of certificates.

The need will become ever greater as the trend of moving away from tape towards snapshots and replicas accelerates. Do you seriously think Google backs up to tape? Or Amazon? Or any cloud provider? They don't! They just keep two to thee copies of everything, and hope that none of their thousands of administrators ever cracks and does the equivalent of "rm -rf *" on the entire cloud all at once!

Unfortunately, a business with general purpose servers running Windows or Linux are out of luck. Even if someone were to come up with, say, a virtual hosting environment that's robust against even administrators, that wouldn't prevent other mass attacks, such as formatting the SAN (shudder), deleting every object from the Active Directory domain, or my favourite: setting an encryption key on the backups for a month before leaving, wiping the password, and then formatting every server in parallel. Just resetting every password in the system at once is enough to bring most organisations to their knees, and can be done in seconds! How long would it take your organisation to recover from that? You'll just restore the AD from tape, right? Step one: log on to the backup server... err...

Remember: Mirrors won't help. Replicas won't save you. Snapshots can be deleted just like everything else. If the business didn't have off-site tape backups of everything, it's game over.

Re:

[RogerWilco]

Multiple Administrators? I think most companies see IT as an expense that needs to be minimized, so you're lucky if they have one Administrator who is competent.

Re:Protect systems from rogue admins too?

[mallyn]

Good advise; thanks

Here is one small step that was taken by a high end hosting provider

All the systems had locked root passwords; nobody knew the actual root passwords; and they were different for each system.

All root is done via sudo except for the system console, which is in the locked server room

To gain sudo access, this is what happens

First you go onto a secure database that is tied in with the trouble ticket system. You log in using a token. You request root access to server x. The system checks to see that you are supposed to be able to have root for server x and it checks to see that you are working on a currently open trouble ticket for an application on server x.

If the secure database is happy, it sends a message to another secure server (in a different machine room). That system, which has yet another secure database, pulls an ssh private key from the database, installs it as a ssh private key in order to do an ssh shell session with the server you want to get on. That session runs a script that changes the /etc/sudoers to add your name. Along with that, it sets off a cron job that forces the /etc/sudoers fill back to its original configuration after a set ammount of time.

You log in, do sudo, and do your stuff. All logging is done to what I call a toilet paper machine (paper log) in yet another secure room. You are through and log off. You close the ticket. The entire process as described above is done but to restore the /etc/sudoers file back to the way it was. Even if you 'forget' to close the ticket, the timer cron noted above will still revoke your access to sudo and send an email to security.

The secure database servers noted above, each located in its own secure location, require two people authentication to access root. For those machines, the root password is split in half. One half is known by each of two key people. They both need to log in at the same time.

This is about the most paranoid root access that I am aware of.

Re:

[bertok]

Most of their data is pure disk. There's been several articles floating about on the internet about it. Some critical stuff is backed up, like the old-school relational databases, source code, etc... but the vast majority of their data isn't. Sure, they could reproduce their indexes by re-scanning the internet, but how long would that take?

Instant career murder

[dutchwhizzman]

Anyone doing this will never ever be put into a position of trust again. That is, if the potential future employer do a decent check on who's applying for the job. It doesn't matter how mad you are, you will ruin it for yourself if you do anything to harm your former employer.

Re:

[gatkinso]

Getting a decent job is going to be the least of his worries.

However he will be trusted to toss that salad.

I am so mad at my employer I am going to...

[gatkinso]

...make it impossible for some elderly people (along with some kids with cancer, and perhaps a few diabetics) to get their meds.

Oh yeah, and incidentally, cost my employer money.

Douchebag of the Year Award candidate.

"I could have done it better" thread here.

[Kozz]

Seems half the comments here are people who say how stupid this guy was -- that they could have done a much more thorough job of destruction AND covered their tracks better. Shows what kind of geeks we are. ;)

Go ahead, post your "I could have done it better" comments here.

88 servers all on line?

[sgt scrub]

I don't understand. Was this guy the head of the IT department? Did they lay off the entire IT staff? Who was in charge of the IT department? I hope it is the guy stabbing himself in the stomach. What type of moron doesn't have machines storing VM drives separated from the network just in case of catastrophic disaster or intrusion? For the love of Yoda people! Hire a Security Engineer!

Re:

[1s44c]

Well that was totally worth it.

Indeed. Employers can be total asses but what Jason Cornish did was illegal and was going to lead back to him. How did he think he was going to get away with that?

Re:He is looking at 10 years in prison.

[erroneus]

Yes... it's the "how can you get away with it?" question that boggles the mind. If you can't think at least that far ahead, then you should refrain from doing more than "wish damage." (You know, I wish something bad would happen to them because I hate them kinda thing?)

If it were me, I would do something more subtle... something based on a cron job perhaps ... something that runs, clears out logs and other things, mounts VMDKs, deletes random files, exchanges the file names of various random pairs of documents and things like that. It would be weirdness that people would dismiss at first as human error which give the trail time to grow colder and bad backup data to get worse and then at some point just go all-out, destroying itself and the systems -- preferably killing the hardware in some way. Even then the chances of getting caught are pretty good as it would be a careful balance of luck and planning to create this gradual corruption of data that wouldn't go noticed until it was too late... perhaps only corrupt files older than a certain date which are not as likely to be accessed for a long while.I suppose that would be enough to allow the corruption of backups and such along the way...

Anyway, the first thing should always be to plan not to get caught or even suspected.

Re:

[gatkinso]

Yeah... nobody has ever been busted for timebombing their former employers systems.

Re:

[TooMuchToDo]

Only the ones who got caught were busted for it. What? You thought all crime gets reported?

Re:

[maxwell demon]

And if your employer suddenly doesn't let you access the computers again, you know that he has read your post. :-)

Re:

[Lehk228]

The first thing to do is not pull bullshit like this, if you really have to get revenge make an obscene photoshop of your boss and put it on 4chan, otherwise grow the hell up.

Re:He is looking at 10 years in prison.

[Samantha Wright]

Actually it sounds more like a stage magician asking an audience member to confirm, in fact, that there's nothing up his or her sleeves. With that much unprompted "satisfy yourself that there's nothing wrong!" going on, it sounds like he at least knows something.

Re:

[WrongSizeGlass]

He's facing a maximum of 10 years wen he's sentenced. I wonder if he'd still have been pissed at Shionogi 10 years after they laid him off?

I'm not blaming Shionogi, but they certainly made a poor choice to use him as a consultant after he'd resigned due to a dispute with management. I'm sure when they laid him off two months later (along with other employees) it was the tipping point for whatever was brewing inside. When an IT person who has access to everything (or even one server) leaves you need to cha

Re:He is looking at 10 years in prison.

[Z00L00K]

What you really should care about when it comes to IT department is to keep them happy. The cost compared to what can happen when an employee is disgruntled is minor.

And even if you remove/change all passwords - are you sure that there isn't a backdoor somewhere? Especially in a system like Active Directory where login accounts can be "hidden" anywhere in the tree. Also - some accounts can't change password easily since there are services that may depend on them - or that the password also is the encryption key. It's just a ticking time bomb in some cases.

Some of you may claim "You are doing it wrong" when you depend on "unchangeable" passwords - but in some cases there are interdependencies that causes that kind of problem. And the problems can be all the way from a background task that locks the system account because it uses the old password to encryption key based on the password for the backup solution. In some cases it's caused by the third-party software that you use.

Re:He is looking at 10 years in prison.

[SniperJoe]

I know this might not be a popular opinion, but why should a business "really care" about keeping the IT department happy over any other department? Yes, they could do a lot of damage, but so could ANY disgruntled employee who walks in with a gun and starts shooting. Companies should treat ALL employees with respect, not grudgingly cozy up to IT because they feel like IT has them backed into a corner.

The other sense that I get from your statement was that it seemed like you were blaming management here. It feels a bit like, "Well, they didn't keep their IT staff happy, so they brought it upon themselves!" We don't know what the disagreement was, nor who was at fault for that disagreement. People get in disagreements all the time about relatively minor issues. Perhaps Shionogi wanted him to do something one way and he wanted to do it a different way. That's certainly not worthy of revenge. Right now, we just don't know. The simple fact remains that Mr. Cornish committed an act that was unethical and illegal and did substantial damage to the business. Yes, poor management controls and practices allowed this to take place, but they weren't the ones who committed the act.

Re:He is looking at 10 years in prison.

[datapharmer]

I wouldn't blame management for the damage, but it certainly is foolish to not take proper precautions when firing IT staff with administrative access. The damage a disgruntled IT employee can cause these days is akin to burning a building down 20 years ago - you could lose everything.

Re:

[delinear]

Because the IT guys can potentially do a lot more damage to your business (personal injury/loss of life aside) without even needing a gun. And they can do it from the comfort of a beach in some country that doesn't have an extradition treaty with the company's country. It's incredibly unprofessional on the part of the IT guy, of course, and not something I would ever advocate (especially if you intend to ever get another job) but it's certainly in the company's interests to at least part on good terms if yo

Re:

[BitZtream]

Right, and the engineers who design your actual products ... which are the reasons the IT guys exist aren't as dangerous?

The accountants who can drain and send your entire financial portfolio to random places around the world aren't dangerous?

No, IT guys aren't special, you just think you are and you're too ignorant to realize you really can't do anything more than be fucking obnoxious. You can't do anything that someone else in the company can't do better as far as hurting the company.

It is certainly in y

Re:

[C0vardeAn0nim0]

Companies should treat ALL employees with respect, not grudgingly cozy up to IT because they feel like IT has them backed into a corner.

i agree about treating everyone with respect, the part about being backed in a corner is mostly because IT is not the core competency of most company (IT companies like google, MS, oracle, etc. excluded), so manager don't understand computers as well as they understand their product and its market, and humans tends to be suspicious of things we don't understand, this makes it easy to put them in the corner and get concessions from them

Re:

[RichMeatyTaste]

Sorry but this is just another example of a company who has no idea how to properly terminate or control access. First, those service and/or other random accounts should not have the ability to remotely access systems in the first place, let alone domain admin access. Second, thanks to the miracle of PowerCLI/etc changing local passwords across all hosts (VMware in this case since it is the focus of the story) is dead simple, free, and fast. Third, if you are going to term someone with admin access you cut

Re:

[Lumpy]

That does not help. Honestly a highly skilled IT guy that understand virus writing can infect all the machines with a timebomb and you would never know it. IF he did it right and inserted the time bomb into a driver there is nothing you could do to stop it.

It's called paying IT people what they are worth and running background checks. This guy would not have had a squeaky clean past if he did stupid crap like this.

Finally having enough staff so that ANY changes are done with a peer review. I.E. Update

Re:

[RulerOf]

But corporations have no interest in properly staffed IT departments that are paid enough to hire competent and trustworthy people... You get what you pay for.

That has got to be the best excuse I've ever seen to help justify spending large amounts of time on Slashdot while I'm at work.

Re:

[Amouth]

This guy would not have had a squeaky clean past if he did stupid crap like this.

that argument fails for the first offence.

and given that each offence has the same potential - you can only use a mark on a a background as a red flag .. you can NOT use a clean record as a green flag. Companies need to profile new hires - and they need to treat employees (ALL not just IT) with respect.

Re:

[gandhi_2]

the ctrl-H thing isn't as funny or neat as you seem to think it is.

Re:

[Cwix]

Really?
That was pathetic.

Re:

[datapharmer]

Fail. Turn in your nerd card. Seriously though, if you really don't know then you should read up about control character mapping.

Re:

[Canazza]

or modern nerds have moved on from VIM

Re:

[ZeroExistenZ]

VIM is a bit far back. I use notepad.
As a matter of fact, I use a Unix based system (Mac) and run an emulator on it (parallells) to run notepad. Because it makes me feel right at home.

I've coded industry strength software in C# in notepad. And now I'm doing the same in an emulator.

Fluent in C,C++, ObjectiveC, Java, C# and an array of scripting languages and scripting libraries (don't make me laugh the "library solutions" to attack a basic vanilla problem by "modern nerds"...)

The "nerd" is no more, if I see

Re:

[Canazza]

Yes, but when you press CTRL+H in Notepad you get the Find+Replace popup, not ^H or backspace.

Re:

[cc1984_]

Ctrl-H was backspace on paper tape machines. It dates back well before vim: I was using it in 1970, though you had to follow it with DEL to remove the mistype before retyping. It probably dates back to the 19th century.

I hope you're joking.

19th century? Any self respecting geek knows that Vim was around well before that.

Re:

[Intron]

If emacs was good enough for Leonardo da Vinci then it's good enough for me.

(BTW - that's a true statement!)

Re:

[TapeCutter]

It probably dates back to the 19th century.

I have a set of 19th century control characters, hand-carved in oak, great conversation piece.

Re:Who will pay the damages? Compensation?

[neokushan]

And in case you didn't figure it out, "^" represents the CTRL key.

And oddly enough, it's not just VI - the windows command prompt works exactly the same way, open one now and hit CTRL+V (probably expecting to paste something) only to get ^V on your screen instead. But it's ok, hit CTRL+H and it'll backspace for you.

I believe its less to do with VI and it's CRAZINESS and more to do with the legacy of some keyboards not actually having a backspace key. Shock horror, I know.

(Cue the "...back in my day, we had to use TWO keys to backspace!" comments...).

Re:

[Canazza]

What I want to know is why he didn't just ^W

Re:

[Bigbutt]

That was my thought too. I guess we're the only geeks on the site any more :(

[John]

Re:

[murdocj]

As I recall, the old CRT keyboards did have a backspace key, it was just a lot easier to hit ctrl-H. The ctrl key was just to the left of "A" (somehow that got morphed into caps lock, which seems really stupid). So you could hit ctrl-H w/o ever leaving the home row. I think the backspace key was less conveniently located.

But this goes back a few years... it might well be that the first CRTs I used didn't have a backspace.

Re:

[Intron]

Caps lock was added so that enraged AOL users could conveniently type their manifestos for Usenet.

Re:

[maxwell demon]

The reason why caps lock is above shift is that it's the position where it was on mechanical typewriters. And the reason it was there on mechanical typewriters is that it physically fixed the shift key, and therefore had to be on the metal bar connecting the shift key to the carriage.

Re:

[rickb928]

More like some terminal emulations not implemented very well.

Re:

[Gonzoman]

Control H (0x08) is the ASCII code for backspace.

Re:

[psmears]

some keyboards not actually having a backspace key

Close, but not quite... it's more to do with the difficulty of getting the backspace/delete/erase/etc keys to work properly on all the different varieties of terminal that Unix and other OSs used to support: it was very common to have the settings on the computer not match up with your terminal, in such a way that pressing the "delete" key would not delete but instead produce ^H or ^? or some other control sequence...

Re:

[Kulfaangaren!]

I see only one problem with that, USA has laws against slavery...something about a civil war they had a while back...if I remember correctly. :)

Re:

[fuzzyfuzzyfungus]

Eh, I'm sure that if you give Visa's lawyers a call they can probably hook you up with the draft language for a 'Managed Freedom Debt Restructuring Settlement' which would do almost as well...

Re:

[c0lo]

I think that hardly that moron^H^H^H^H^Htechie will have enough resources to compensate his former employer for damages.

What damages? TFA mentions "virtual chaos" - why wouldn't this equate with "virtual damages" and "virtual prison"?

For those not fully awaken, I'm attempting some lame fun on the overuse of "virtual/virtualization". I've seen until now lots of abuses: "piracy is theft", "cloud", cyberwar/cyberterror (BTW, cybernetics [wikipedia.org] doesn't have too much to do with computers) etc. The "virtual chaos" seems a new concept.

Re:

[epyT-R]

maybe employers should treat their employees reasonably and this would happen less often. the employer had all the cards here.. they could've played it any way they wanted, but no. they bated him and then stuck it to him when he bit.

Re:

[jamesh]

all of the account/password/access termination must be done prior to the person knowing that they are to be terminated

That was the joke when I used to work at <big company>... if someone's swipe card didn't let them in the building in the morning someone else would ask "oh... do you still work here?". The swipe cards were just magnetic cards and they did seem to wear out quickly so it wasn't that uncommon... but you always wondered for a second when it failed to swipe first go.

in some office buildings you do not have full cont

[Joe_Dragon]

in some office buildings you do not have full control of the keycard system / locks. That is under the buildings control and lot's of them the building maintenance guys can get in to any room with there keycards / keys.

Re:

[gatkinso]

and then one day you get a raging case of the flu..... or simply oversleep.