Re: SETI@home as Malware?

Let's just assume it was one of the many other distributed computing programs, but not SETI@Home. Would this be national news? No.

Re: SETI@home as Malware?

Even if the policy was ambiguous, he was told to remove it and apparently didn't. At that point, he should have been terminated. I do have a feeling that the SETI installation was only a small part of his failings. They found school property at his home, that he apparently wasn't supposed to have there. That's theft. I agree with Prez, the only reason this is news is because of SETI.

Re: SETI@home as Malware?

Of course not, but I think that's part of what makes it hilarious

Re: SETI@home as Malware?

Sounds to me like this guy was just flat out bad at his job, and lazy. Apart from the stolen equipment found in his home, the rest of the article simply makes this guy out to be a shitty guy to have in charge of IT. Malware, I dunno, sure SETI cranks up the power bill, but boinc is something that can easily be disabled/removed by the end user. Of course he shouldn't have put it on there to begin with, but in the end, all of the "damage" he did could have been avoided with intelligent decisions by others, case in point "he didn't install firewalls"... fire him and get someone who will. He got a poor evaluation, where I come from, that means get your act together in x number of weeks, or pack up your desk. This guy did some dumb things, but who is more foolish? The fool, or the fool who allows him to act foolishly?

Re: SETI@home as Malware?

I'm sure we all know that most management that isn't IT aware, most of the time has no idea what IT is doing. They probably looked at it for a while that the network was running and he was probably making excuses for whatever problems were arising. But that only works for so long, and they probably had a third party look over the issues and determine that something else was wrong.

I did see an article yesterday that he was running it on 5000 machines, so I revised my formula in the previous post. It would seem that their estimate of $1.2M is pretty close to losses related to power. I don't see that number as being unreasonable over the course of 7 years.

Our place spends about $700,000/y on electricity.

Re: SETI@home as Malware?

That makes more sense now that they've said how many machines were being used.

Re: SETI@home as Malware?

What she said. I still feel that 7 years is an awfully long time to figure out that there's a major issue. A 3rd party auditor should have been called in after the first poor performance evaluation. But I digress, different entities will run their business as they see fit, my views on performance management do not reflect the majority of businesses, or school districts as the case may be.

Re: SETI@home as Malware?

I agree with you. When anything is "iffy", it is better to be safe than sorry.

Re: SETI@home as Malware?

My 2 cents;

The administrator in question shouldn't have used a personal Seti@Home account; this wreaked of self interest. It would have been better for him, if he had used a generic school account, and not take personal credit for it.

In his defense, ATI bundles Folding@Home with all of its drivers. Most manufactures throw so much boat-ware on new systems these days it becomes necessary to sanitize new systems before deployment. That's fine for a small company, trying to do that for a school district becomes a nightmare.

As far as the power, and equipment wear and tear issue go. One could argue that it is better to keep the systems on, rather than off. It's difficult to perform maintenance on systems while users are activity using them. Power supplies like to stay on, I'm sure you could find evidence that when systems stay on they fail less. Computers generating more heat, means that building HVAC systems, didn't have to work as hard in the winter, but had to work harder in the summer.

In the School Districts defense, the threat of metered Internet still looms heavy. Metered Internet will be the death of distributed computing projects like Seti@Home. If metered Internet becomes fact, then the bandwidth issues associated with projects like Seti@Home, will have to be looked at with a microscope.

Everything has it's place. The science lab would have been an appropriate venue for Seti@Home. Not every computer in the school however. My experience with system administration in an educational environment, has been that the educators I've spoken to, want to keep the environment as open as possible. They are more reactive, than proactive, which could explain a lot of this.

Even to this day, Drexel will process DMCA take down orders, but really doesn't do anything else. There really aren't student firewalls per-say. There is anti-virus(Symantec EP Protection given out freely), initial account creation scans, mandatory anti-virus checks, policies that encourage security, but it really stops there(things may have changed). Administration and faculty I would hope are handled differently.

For example, I had a strong 8 character password on my school e-mail account. It was hacked, and SPAM started going out. I never gave it out to anyone. So that means it was either electronically stolen(other mail account information stored on the computers I used weren't affected), brute forced, or sold my Drexel insiders to spammers (happened after I left the university). My account was never locked, in fact I had to tell them about the problem. I never got a warning of any authentication errors.

Do I think internal power struggles, and personal politics played in to this, most definitely. Having been on the wrong side of politics myself, I can vouch that it really sucks.

Do I think that many of us take liberties with the systems we are entrusted with, yes. I personally have my own infrastructure which in most cases is better that anything that work has. So I have no trouble keeping work and home separate. I tend to be a company person, but that is just me. There are many times when I use home stuff for work; just because it's more efficient to do so. I also work for a small company, and try and help them out as much as possible, especially in these times.

In work some people can be entrusted with empowerment, others cannot. The larger the organization the harder it is to do this. I think it comes down to the employee empowerment issue. If you can't trust your employees to do make the correct, responsible, and appropriate decisions than stuff like this will happen. I think, in all, it was blow out of proportion. The administrator in question made the right decision by resigning. Management, and their lack of understanding, about the details of technology, continues, and IMHO be the most at fault.

The excuse I don't understand, doesn't cut it anymore. Management needs to understand the duties of the personnel they are responsible for, and ask questions.