Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What To Do After You Fire a Bad Sysadmin Or Developer

samzenpus posted about a year and a half ago | from the cleaning-up-the-mess dept.

IT 245

Esther Schindler writes "The job of dealing with an under-performing employee doesn't end when the culprit is shown the door. Everyone focuses on security tasks, after you fire the idiot, such as changing passwords, but that's just one part of the To Do list. More important, in the long run, is the cleanup job that needs to be done after you fire the turkey, looking for the hidden messes and security flaws the ex-employee may have left behind. Otherwise, you'll still be cleaning up the problems six months later."

cancel ×

245 comments

Here be Dragons (5, Informative)

Anonymous Coward | about a year and a half ago | (#41929017)

The answer has been widely discussed here: http://serverfault.com/questions/171893/how-do-you-search-for-backdoors-from-the-previous-it-person

Re:Here be Dragons (5, Insightful)

Z00L00K (682162) | about a year and a half ago | (#41929147)

The actions necessary depends on what you mean with "underperforming". If that person didn't do much more than sitting in a corner playing games I would say that there's not much to do, but if it was a person taking shortcuts you need to figure out all traces from that person and remove them one by one. And you can't be sure if that was a skilled person.

If it's bad enough you should treat it as a bad virus outbreak and build a completely new system in parallel with the old and move the business information to that system and cut off the damaged system from the net. It's a dirty and tedious job but someone needs to do it.

This also highlights the need of segmenting the network into different segments, one for sales, another for HR, a third for management and then one or more for the operations so that if one segment is compromised you don't run the risk of having everything exposed. Of course - this goes against the process of using virtualized servers since you can't do physical segmentation on a virtual machine.

Re:Here be Dragons (5, Interesting)

Anonymous Coward | about a year and a half ago | (#41929281)

If it's bad enough you should treat it as a bad virus outbreak and build a completely new system in parallel with the old and move the business information to that system and cut off the damaged system from the net. It's a dirty and tedious job but someone needs to do it.

5 years ago I would not have believed you. That's ludicrous and there is no way a system no matter how touched by an incompetent is so bad it needs to be completely replaced (losing all maturity and buy in etc).

And then it happened. In the form of a manpower resource management tool designed for internal use. Won't go too detailed, but at the worst end of it, after burning the entire budget with the thing only partially finished it was rolled into production. And very soon after it was discovered that for a relatively important part the idiot was actually going in and changing fields in the database himself every day to give the appearance that the thing worked.

The guy who was tasked with fixing it basically came back and said "impossible" .. manager didn't doubt it, thing was scrapped, and a quick and dirty one was built on a shoestring budget to replace it that ended up doing far more than the partially "finished" one that had cost much much more.

Re:Here be Dragons (0)

Anonymous Coward | about a year and a half ago | (#41929375)

I once inherited a PHP system where each site was hard coded with if-thens. So when there was a new site (which was often) you had to change the code... That wasn't the only thing... Stuff like creating unique random numbers that sometimes weren't unique and the idiot had to manually make sure they were.

I'm a crap coder, but I don't write dailywtf material everyday...

Re:Here be Dragons (4, Interesting)

sgunhouse (1050564) | about a year and a half ago | (#41929653)

That's fine for the "or developer" part.

There was a village near here who fired their IT person. She tried to hold the system hostage after they fired her, which obviously didn't go too well for either her or the village council - I forget all the details as it's been a couple of years ago now but it was all over the news at the time. Talk about your nightmare scenaios ...

Z00L00K above is right in general terms - in effect you have a virus or worm where someone has total control of your system. In a worst case, back up the essential data if you can, then do a system rebuild and import you data. No other way to be sure. And of course, make sure they aren't selling your data to your competitor or the Russians or whoever.

Re:Here be Dragons (2)

starfishsystems (834319) | about a year and a half ago | (#41929371)

this goes against the process of using virtualized servers since you can't do physical segmentation on a virtual machine

Ah, but you can. Modern hypervisors (and this includes lightweight Linux paravirtualization containers such as OpenVZ) are able to provide a virtual network for the nodes running under it. Often they have fairly limited capabilities, but anything worthy of the name will support basic VLANs. That's to meet exactly your segmentation requirement.

Re:Here be Dragons (-1, Troll)

symbolset (646467) | about a year and a half ago | (#41929405)

Um, no.

Re:Here be Dragons (1)

starfishsystems (834319) | about a year and a half ago | (#41929491)

Um, thanks for sharing your ignorance [openvz.org] .

Re:Here be Dragons (-1, Troll)

symbolset (646467) | about a year and a half ago | (#41929643)

Don't believe everything you read on the Internet.

Re:Here be Dragons (0)

Anonymous Coward | about a year and a half ago | (#41929673)

To be fair, he was complaining about phyisically segmenting the virtual machines that exist on a single physical machine. Of course, that's fundementally impossible, since these virtual machines share the same computing resoruce. His complaint may be a ridiculous complaint, but nevertheless.

Re:Here be Dragons (1, Insightful)

maxwell demon (590494) | about a year and a half ago | (#41929729)

Wow, that's really an useful and elaborative answer. After reading it, one really has a clue about why hypervisor VLANs won't work.
</sarcasm>

Re:Here be Dragons (0, Flamebait)

symbolset (646467) | about a year and a half ago | (#41929793)

Schooling you is not my job. People pay good money for that service, or they learn their lessons the long, slow, expensive hard way like the rest of us did.

Re:Here be Dragons (0)

Dwonis (52652) | about a year and a half ago | (#41929873)

I'm guessing that you're not a FOSS developer.

Re:Here be Dragons (0)

the_B0fh (208483) | about a year and a half ago | (#41929825)

The koolaid sure tastes good today, doesn't it?

Re:Here be Dragons (1)

Z00L00K (682162) | about a year and a half ago | (#41929853)

Which means that you run it on one single physical server and if you have an admin that's going bad that has access to that server you are really into the crapper.

Same thing if the hosting server itself gets compromised.

Re:Here be Dragons (4, Insightful)

Alex Belits (437) | about a year and a half ago | (#41929935)

You forgot about hypervisor exploits.
If you must use hardware separation, you ***MUST*** ***USE*** ***HARDWARE*** ***SEPARATION***.

Re:Here be Dragons (1)

jhoegl (638955) | about a year and a half ago | (#41929547)

Easiest answer:
Run an audit.
That is what I do. I run an audit on all access methods and devices and change the Pwd while I am at it.

Re:Here be Dragons (4, Insightful)

Anonymous Coward | about a year and a half ago | (#41929609)

I would also advise, informing your legal team of the decision. You could also hire a security firm (one with a good reputation) to scan your network for security flaws. If you take enough measures to protect your customers data then even if he does have a backdoor it won't come back to hunt you. Additionally consider instead of having a single admin consider having an admin team that watches each others actions, that way you are less likely to have a single admin ruin everything for you.

Re:Here be Dragons (5, Insightful)

mjwx (966435) | about a year and a half ago | (#41929635)

Easiest answer: Run an audit. That is what I do. I run an audit on all access methods and devices and change the Pwd while I am at it.

The easiest answer, pray.

A bad (as in lazy, surly, abusive) sysadmin who left traps will leave them in places not detectable by an audit.

I have yet to go to a business as a sysadmin where they didn't use default passwords (P@ss1234, now how many businesses use that gem) which are on just about every device or local admin account. The smartest businesses had a different default password for each type of device/account but you end up with password reuse across a pattern of devices and accounts. The thing is, almost no business will go around and change this on every single device/server when someone who knows the password leaves.

I left my last position on less than amicable terms (basically they were setting me up to get sacked by giving me impossible tasks, so I chose to leave). The CEO had no clue, but my boss understood I knew the public IP addresses, domain admin/root passwords and router passwords of our 5 biggest clients off by heart. I could see the fear in his eyes when I left (it was senior managements decision to sack me, they wanted to downsize without having to pay anyone out). Of course I'd never actually do anything harmful to that business (they were doing that well enough on their own) but anyone who employs a sysadmin knows that you need to hire trustworthy people and treat them well or it will turn around to bite you in the arse.

Hiring good people and not pissing them off is pretty much the only defence.

Get ... (0, Redundant)

Anonymous Coward | about a year and a half ago | (#41929031)

a long rope and hang yourself! Seriously you should've put a lot more thought into this as sysadmins mostly hold the keys to your kingdom!

oh, first post btw :-p

No easy answers (2, Informative)

Anonymous Coward | about a year and a half ago | (#41929033)

This is one of those things that there are no easy answers for. The Right Answer(tm) is to have good policies, compartmentalization of duties, and mandatory time off (to allow for auditing) so that problem scenarios can be avoided before the fact.

Slowly (2)

AK Marc (707885) | about a year and a half ago | (#41929035)

It takes time. You have to audit everything. He could have installed a keylogger on the CEO's machine, for all you know. Or a hidden modem line on a server. If you really expect sabotage, you have to inspect everything, and that takes time, or lots of money.

Even more slowly (4, Funny)

MrEricSir (398214) | about a year and a half ago | (#41929059)

In fact, your entire corporate structure is at risk. How do you know he didn't engineer a brain virus that allows him to use the company's board members as flesh puppets?

He might have even used telepathy to cause major investment banks to sell him all of their shares of the company for pennies on the dollar. He might already own the company. It's best to double check.

In fact, he might be standing behind you right now, brainwashing you with lasers.

Re:Even more slowly (5, Funny)

Pseudonym Authority (1591027) | about a year and a half ago | (#41929161)

In fact, he might be standing behind you right now, brainwashing you with lasers.

Impossible. My hat is made of the finest tin and aluminum foil on earth, and is wrapped so tightly that my very hair was crushed. No one could brain wash me (with terrestrial technology at least).

Re:Even more slowly (4, Funny)

q.kontinuum (676242) | about a year and a half ago | (#41929571)

Another victim of the tinfoil-conspiracy... :-( Or maybe you are part of the conspiracy by advocating it? Did it ever occur to you that tinfoil hats might cover you from alleged hostile brain control waves from satellites thousands of kilometers away, but otoh forms a nearly parabolic antenna to the whole communication wires and infrastructure below pedestrian lanes just a couple of meters away? And coincidentally only relevant people will be affected, since only they are likely to wear - wait a minute, there is someone knocking at my door, I will write more later.

Re:Even more slowly (5, Funny)

Anonymous Coward | about a year and a half ago | (#41929707)

Have you checked for electrodes in the inside recently? The new tinfoil manufactured in Taiwan comes with built in RFID and WIFI.

Re:Even more slowly (1)

zaft (597194) | about a year and a half ago | (#41929349)

Frickin' LASERS!

Re:Even more slowly (3, Insightful)

symbolset (646467) | about a year and a half ago | (#41929471)

It is not that hard to set up a service on a Windows server that provides backdoor services. If you have domain admin rights tunnelling rdp or somesuch through it is trivial. They can use outbound polling of http or dns or even ntp to violate your firewall. You can give the service rights of some other person like the cio for example. Those guys usually demand the keys to the harem. From there you can remote to any server or desktop, do literally anything. These tools are readily available and open source, and every serious enterprise IT pro should have and understand them because often your first job is locking out the last guy.

Re:Even more slowly (2)

maxwell demon (590494) | about a year and a half ago | (#41929789)

Or think of a small hardware device attached somewhere to the network (can be hidden anywhere where you can get LAN and power) which only listens (so it cannot be detected by the stuff it sends or by taking up an IP) and sends interesting things over the mobile phone network. Probably the network will have lots of interesting unencrypted information (after all, it's internal and cable, so why have encryption overhead, right?)

Re:Even more slowly (0)

Anonymous Coward | about a year and a half ago | (#41929841)

You forgot how he can use mind-control. This is only what he wants you to think!

Re:Slowly (1)

JWSmythe (446288) | about a year and a half ago | (#41929649)

    Don't forget back doors, layoff scripts, and manual tasks that were never documented.

      Not every security hole is as obvious as a modem sitting on a rack. But some are. I found one at the last place I worked. Literally a modem sitting on top of a server, in a corner of the server room. No one knew the purpose behind it. I notified the necessary parties (dep't heads), and then unplugged it mid-day Monday. I expected complaints fairly soon after. There were none. Somehow, it had been there for quite a while (judging by the dust). Somehow no one noticed that they were paying for an extra phone line for years.

Re:Slowly (4, Insightful)

fahrbot-bot (874524) | about a year and a half ago | (#41929911)

I hope you are joking. "Under-performing" doesn't mean "idiot" or "turkey" or imply incompetence or malfeasance as TFS would have us believe. To the contrary. someone capable of doing things requiring the type of audit you suggest would probably not be an under-performing employee.

Re:Slowly (2)

Z00L00K (682162) | about a year and a half ago | (#41929927)

Modem lines are so yesterday - an access point put away somewhere configured to not advertise it's name would be a great hole.

Don't forget that some printers can communicate over wireless connection too and they can be a great attack vector. Add to it that it's easy to set up a VPN tunnel. And if it's a tunnel over HTTPS it's not easy to detect - especially if the traffic is low.

So it will be a pain in the butt if you want to stay safe. Lock each client to receive IP address over DHCP depending on MAC address. That way every client will get a first level of authorization. Change the IP address series if a breach occurs or is suspected - that will cause rouge access points to lose connection. Set the printers on a separate network segment so if they are compromised the only stuff that can be accessed is what's going to be the stuff that's printed and then - printers doesn't need to access the internet outside the site anyway, which makes it harder to utilize a compromised printer.

Using internet proxies are useful too - you can add filters in the proxy server to shut out traffic to unwanted sites. Whitelisting, greylisting and blacklisting should be the way - some sites can be whitelisted like news sites, greylisting for sites like Facebook and blacklisting of porn sites.

Using Wireshark to look for unusual traffic may work, but it's very hard on the networks today to decide if traffic is really unusual or if it's just some application that runs some protocol of it's own. Often printers runs many protocols at once by default, like IP, IPX and AppleTalk.

The primary thing that you need to consider - how much time will it take to inspect and correct compared to a clean re-install. It may be cheaper and faster to do a clean re-install.

Blame them! (5, Insightful)

crafty.munchkin (1220528) | about a year and a half ago | (#41929037)

After all, everything wrong with the place is the fault of the last person to leave!

Re:Blame them! (5, Interesting)

TheGratefulNet (143330) | about a year and a half ago | (#41929057)

its been my experience that people are generally pretty good, some better than others, but I rarely run into an evil person.

companies, otoh, ...

Re:Blame them! (3, Insightful)

aekafan (1690920) | about a year and a half ago | (#41929159)

Odd. My experience has mostly been the opposite. Also, companies are made up of people, how can they be evil, if the people in them are not?

Evil companies (5, Insightful)

Anonymous Coward | about a year and a half ago | (#41929229)

Companies are large organizations. Each person in the organizaton may concienciously do their job with good intent but without seeing the bigger picture (not their job) and therefore without knowing the consequences of their actions. The people at the top who, in principle, see the bigger picture, are often so far removed from the details of what is happening that they too do not know what the company is doing, except in respect of the shareholders and overall finanical performance. So, the company runs on policy and no one knows what it is doing. The company can be uber-evil when everyone in it is as nice as can be.

The company is more/other than the sum of its parts.

Re:Evil companies (2)

PiSkyHi (1049584) | about a year and a half ago | (#41929435)

> The company can be uber-evil when everyone in it is as nice as can be. This. In a kind of paradoxical way, many people know this to be true, but cannot proclaim it and some will argue against it for fear of losing their job. They all appear as nice as can be. It's endemic.

Re:Blame them! (1)

MightyMartian (840721) | about a year and a half ago | (#41929289)

There is no lack of research on how large groups of normally decent people can behave in a highly immoral fashion. Peer pressure and dominance hierarchies are powerful forces for coercion, not to mention more mundane explanations like greed.

Re:Blame them! (0)

Anonymous Coward | about a year and a half ago | (#41929715)

How do you take a bunch of generally non evil people to make an evil structure? You make a specific structure designed to insulate people from the effects of their decisions, then create a bunch of layers so that people make decisions like shooting a bunch of puppies one step at a time.

Re:Blame them! (0)

Anonymous Coward | about a year and a half ago | (#41929815)

Also, companies are made up of people, how can they be evil, if the people in them are not?

It is very simple, actually. All that is needed for evil to reign is to train people that ignoring Not My Problem under any circumstances is A Good Thing.

Re:Blame them! (1)

crafty.munchkin (1220528) | about a year and a half ago | (#41929211)

I envy your experience, I've worked with some truly evil people.

idiot? (5, Insightful)

Anonymous Coward | about a year and a half ago | (#41929041)

Real mature there guy... With an attitude like that. You'd better have alot of backup plans in place. It sounds like you are a shit place to work for.

Do us ALL a favor. Name your company. So we can avoid it.

Re:idiot? (5, Insightful)

93 Escort Wagon (326346) | about a year and a half ago | (#41929089)

That was my immediate impression as well. When I hear/see the phrase "fire the idiot", my first thought is "was this guy the problem, or is it the workplace?"

Re:idiot? (1)

Anonymous Coward | about a year and a half ago | (#41929325)

As the same time, I've worked with some people who it took way too long to get rid of.

I generally believe anyone in the right role and with the right management/team can be useful. But every once in a while you get someone who is just useless. Most of the time it is more an attitude thing than a capabilities thing, however there was one very notable exception of someone who was a nice guy, really tried, but basically just couldn't do the job. He ended up getting rotated around because no one really wanted to get rid of the guy.. but you didn't want him contributing code to your project. Eventually the inevitable came and it really sucked..

Re:idiot? (5, Interesting)

Anonymous Coward | about a year and a half ago | (#41929527)

As the same time, I've worked with some people who it took way too long to get rid of.

Ah, haven't we all.
I've been in the unenviable position of having to cover for several 'idiots' higher up the sysadmin foodchain who should have been 'let go', I got so pissed off with the nonsense (e.g. why the fuck was someone who hadn't a clue about Linux managing a whole bunch of Linux servers on paper, when I was doing it on a daily basis as an adjunct to the servers I was looking after) and left myself eventually for pastures new..and left them to deal with it. No doubt I'm now the idiot (à la OPs comment) as far as that lot are concerned (and, no doubt so was my replacement who only stuck it out for about 10 months). .

Whilst I'm at it, here's another true story. One job I had, I set up a Hard disk based backup server, as a backup to our main backup server (a networked tape library) for one of our Linux servers. Everyone was informed, location of server and UPS in one of the comms rooms flagged on network maps (and, it had a big fucking label on the front along the lines of 'Secondary Backup Server - Don't touch'.)
Six months or so after I leave that job, get a phone call, the third hand HDs on the Linux server failed (they were warned in writingthat fitting these disks wasn't a good idea, but hey, that's another story), the tape backups didn't have all the data, so where was the backup server I set up?. I name the comms room, the server name/IP number, there was a couple of minutes silence at the other end of the phone, 'oh, the network manager removed that machine from the network three months ago.'
So again, I'm probably OP's 'idiot' (and the writer of the article pointed to's 'turkey') for that, and probably got the blame for the disks failing.

Ex employees are such wonderfully useful scapegoats to cover up the inadequacies of those still employed.

Finally, OP and the writer of the article pointed to are both idiots and boors.

Re:idiot? (1)

Anonymous Coward | about a year and a half ago | (#41929437)

Seems to me the workplace is the problem. The organization should not be putting someone that is incompetent and malicious in charge of important systems. If a hospital allows someone to do brain surgery on people before figuring out whether they really can do brain surgery or not then the hospital is the main problem. Worse if the hospital keeps allowing that person to do brain surgery when he can't.

And as a CEO said, the CEO is at least partly responsible for almost everything including hiring the idiots (whether by hiring the people who hired the idiots or directly, or by not firing the idiots who hire idiots). I know other bosses who say similar things.

Re:idiot? (0)

Anonymous Coward | about a year and a half ago | (#41929769)

Many companies seem to do fine while having incompetent and malicious upper management. Why should the lower echelons be any different?

Re:idiot? (2)

cloudmaster (10662) | about a year and a half ago | (#41929443)

I'm still trying to figure out how an "idiot" and "turkey" was retained for long enough to have any significant impact. Usually an "idiot" becomes pretty obvious as soon as he tries to do anything complicated enough to justify asking this question.

droppings (1)

blymn (621998) | about a year and a half ago | (#41929051)

Been there done that, tried my best to clean up but every now and then you would find another "dropping" - the reaction I had was exactly the same as when you are wandering down the street and suddenly step in a dog dropping, same sort of revulsion and disgust at the filthy mess you just blundered into and now have to clean up.

maybe he isn't such an idiot? (1)

Anonymous Coward | about a year and a half ago | (#41929065)

Hmm, maybe he wasn't such an idiot.
I saw people fired after they asked for more money. Which they could very well have deserved.

In my opinion, based on the extensive history of watching the corporate reality, people who learned the rules of the game best survive the longest. They aren't necessarily the brightest, just learned how to play the system.

Re:maybe he isn't such an idiot? (4, Funny)

bug1 (96678) | about a year and a half ago | (#41929083)

Quickly leave the island before the dinosaurs escape.

First thing's first (1)

Revotron (1115029) | about a year and a half ago | (#41929069)

I'm going to take a "good people turn bad" approach to this one.

Scan for intentional backdoors and accidental gaping, well-known flaws with a fine-tooth comb. They may not have seemed too bright on the job but even an underperformer has enough insight into operations to find a way to mess up your day.

Perhaps pose it as a question to your better admins. "Knowing what you know, if you had to crack our system/application, how would you go about it?" Whatever their answer is, find a solution and implement it.

Re:First thing's first (3, Informative)

symbolset (646467) | about a year and a half ago | (#41929623)

Nope. When the bad guys have got root on your PC the only way to restore confidence in it is to rebuild it from a trusted image. Likewise if your network admin has gone untrusted on your infrastructure you burn it down and build it new again. Nuke it from orbit. It's the only way to be sure.

Frankly that's not near enough to stop a real determined jerk with skills, but thankfully we are rare. Don't hire us in the first place if you can avoid it.

After?! (2)

Culture20 (968837) | about a year and a half ago | (#41929087)

Changing passwords after? Change them while they're in HR's office or just before.

Re:After?! (1)

xenobyte (446878) | about a year and a half ago | (#41929821)

It's never that simple. Backdoors are so easy to install, and I've personally seen automated scripts hidden in standard features that created a backdoor several weeks post-firing. That way the changed password was worthless, and even the search for backdoors in the days following the firing was futile. So changing passwords and a thorough search for backdoors was a waste of time.

Bottom line: You can't be sure when it comes to admins. Either part on amicable terms or reinstall everything - or chance it...

Well, with a boss like you... (3, Insightful)

Anonymous Coward | about a year and a half ago | (#41929093)

...it's hard to imagine the relationship went sour,

"...after you fire the idiot, such as changing passwords, but that's just one part of the To Do list. More important, in the long run, is the cleanup job that needs to be done after you fire the turkey,.. "

Culprit? (0)

Anonymous Coward | about a year and a half ago | (#41929095)

"Culprit"? What? This means that the bad developer has no process to back him up (testing etc.). Or are every bad developer handled by "you #" created a bug! you are fired!"

Reassess Your Hiring Practices (5, Interesting)

HellYeahAutomaton (815542) | about a year and a half ago | (#41929121)

You hired this employee. Chances are you started off with a relationship of mis-trust:
  - You did a criminal check on the hire
  - You did a drug check.
  - You did a credit check.
  - You did personality test.
  - You used Shockley style brain-teasers to see if they could do things other than what their jobs entail because you don't know how to measure skill, intelligence, or talent.
  - You interviewed in a style of hazing akin to a gang-bang. .. And you still were too stupid to figure out whether or not you had someone who could do the job right.

Sorry, but the tone of the summary makes you look like an asshole, and you deserve whatever you get. This is your wake-up call.

Re:Reassess Your Hiring Practices (4, Interesting)

Serious Callers Only (1022605) | about a year and a half ago | (#41929701)

Yep. The submission raises more questions about the submitter than the person who just left for me. People who rate others as incompetent with no redeeming features are often incompetent themselves in my experience. The level of paranoia in the submission is also remarkable, but I guess all this checking and for 'hidden messes and security flaws' might be a good excuse for not doing anything useful for the business. Any problems for the next few months can just be blamed on the recent turkey without introspection as to how they might have ended up with this employee or how they might have created such a mess with no-one esle knowing.

If you have decent processes in place, hidden messes and security flaws would not be possible without extreme malice and intelligence (not possible for an 'idiot' and a 'turkey'), if you don't and cannot change the processes, leave, as you should recognise the workplace is dysfunctional (and that starts right at the top of the department and goes all the way down).

It may be too late (5, Insightful)

Floyd-ATC (2619991) | about a year and a half ago | (#41929123)

The article points out many obvious pitfalls on letting an underperforming employee go, but very few of these problems are unique to the particular situation of letting an obviously underperforming employee go. Most IT departments are pummeled to death with impossible deadlines and demands and management thinks that the complaints and warnings are just "the way it is with those lazy bastards". Truth is, anyone who's worked with IT knows that you have to test your backups and failover procedures, do security audits, tear down setups that are no longer used and keep documentation and automation up to date. BUT first we have to finish this project that was dreamed up by the top level management with absolutely no understanding of the technical hurdles involved. And it needs to be finished yesterday. If you want things to be neat and tidy, you're pretty much expected to take care of it on your own time.

she said ... (-1)

Anonymous Coward | about a year and a half ago | (#41929131)

dog dropping
LMAO!!!!

thank you for giving me the giggles

If your department was properly managed... (4, Insightful)

sitarlo (792966) | about a year and a half ago | (#41929139)

...you wouldn't be asking this question.

Beware of Punative Employers (0, Troll)

Anonymous Coward | about a year and a half ago | (#41929157)

Before hiring on to a company, it's important to check if it's a Pump-n-Dump shop. In these cases, a lynch-man will fire and must protect himself from backlash from his victims. Better to first check and not work for such shops, which are common. If you know going in that you're a temp, ask for a higher salary / comission and don't get emotionally attached. Plan your own escape.

Try firing the CIO (0)

dave562 (969951) | about a year and a half ago | (#41929165)

It's one thing to complain about how the guy is worthless and not getting anything to done. It's another thing when he is finally shown the door and the reality that he was worthless and not getting anything done sinks in. Those projects that he was responsible for are still there, and now 6-12 months behind schedule. True story.

under-performing or metrics may them seem to be (4, Insightful)

Joe_Dragon (2206452) | about a year and a half ago | (#41929169)

under-performing or metrics may them seem to be under-performing??

Made to do the work of 2-3 people??

Pulling 80 hour weeks that lead to errors and under-performing over time.

The idiot? (1)

Anonymous Coward | about a year and a half ago | (#41929173)

If this person left back doors and other traps, perhaps they were smarter than you give them credit for. Idiots are easy to clean up after.

Next, you've got to ask yourself why a smart person would build themselves these back doors in the first place.

Blog with tips (5, Funny)

Kwyj1b0 (2757125) | about a year and a half ago | (#41929205)

My first reaction (before RTFA) was that the problem might not have been the employee, but the person doing the name calling. However, the link is to a blog that lists a generic list of precautions to take. Whoever wrote that blog still has some growing up to do, but I'll give him/her the benefit of doubt and assume they were going for humor.

In any case, I notice that HP paid for the content. Now we know why they are in such trouble.

Stop calling them turkeys for starters (5, Insightful)

Anonymous Coward | about a year and a half ago | (#41929237)

The real dangers are often not the fired employee themselves(if you aren't stupid about it) but the employees that remain. Most people will not install any insidious backdoors just on their own initiative, but if you fire someone in a way that upsets the remaining employees, i.e. publicly embarass them, screw them out of money they earned etc., then odds are someone else IS going to try to install something to make sure that they don't befall a similar fate.

Check your wallet!!! (4, Interesting)

dminor14 (2723933) | about a year and a half ago | (#41929239)

I hope he reads this. After a bunch of expensive equipment disappeared under his watch we fired him. The day after, standing around the coffee room I mentioned. "Too bad they fired him, he owed me 50". Three other people suddenly said, "He owed us 50 also." It turned out the same story for everyone. He borrowed 100 and returned 50. (note: some of my best friends are sysadmins so don't get me wrong)

Fire the Abusive PHB (5, Insightful)

l0ungeb0y (442022) | about a year and a half ago | (#41929241)

The submitter comes off as an angry, abusive tool. Maybe he should fire himself for having a hand in hiring an "idiotic turkey" to begin with.
It's likely that the developer wasn't all that bad, but stopped giving a shit after being berated by an abusive asshole for umpteenth time.

Re:Fire the Abusive PHB (1)

evil_aaronm (671521) | about a year and a half ago | (#41929795)

Agreed. If the lack of oversight was so bad that the situation deteriorated to this level, then there's no way that it's just the "turkey's" fault. Someone is supposed to be watching the hen house (?). Sure, we're supposed to be professionals, but management still has to do their job, instead of mail it in and bitch when they find out they got caught with their pants down.

Re:Fire the Abusive PHB (4, Insightful)

MacTO (1161105) | about a year and a half ago | (#41929809)

You are being a tad too gentle on management in this case. Anyone who uses that sort of language on a public website is showing a lack of professionalism that goes beyond incompetence. Professionalism in the workplace exists for a bunch of reasons, one is to maintain cordial relations between people who work together so that you don't end up with a tit-for-tat culture in the workplace.

C'mon people FOCUS (1)

Anonymous Coward | about a year and a half ago | (#41929253)

All the comments I see so far give examples of people being charged with being incompetent and maybe it was not the case.

Lets focus on the real case, where the person being fired is in fact a major problem. Just like airliner catastrophies these seldom have one cause, the person probably has multiple major problems. For example he can't code and he is an arrogant loud mouthed prick, and he is also one of those jackasses who thinks he is very very smart but is actually never right. Perhaps he is one of the worst forms of IT prick, a nazi druid.

Maybe I'm a bit biased, but .... (5, Insightful)

King_TJ (85913) | about a year and a half ago | (#41929273)

I tend to side with the critics here, asking if maybe management (including possibly the person posting the original question) are really the ones to blame?

I've worked in I.T. for something like 25 years now, for companies big and small, though the only times I've held a title of "manager", I was really only tasked with managing outside consultants or developers. I've always preferred being relatively "hands on" with the problem solving and system/network administration tasks at-hand, vs. spending my day in meetings and typing up Excel spreadsheets trying to explain what the "team" was doing.

Bottom line? Sure, there are a LOT of people out there trying to get hired in I.T. as support people or sysadmins who REALLY don't know what they're doing. If more companies would let the people actually DOING those jobs interview these people, they'd be able to weed out far more of the bad seeds before they even started. What I see, time and time again, is some I.T. manager who thinks he's simply "too busy" to interview some potentially really good people who apply for positions, and then he gets in a panic when it comes down the wire and he absolutely can't go without employing another person any longer. He winds up asking H.R. to find him someone good, and of course they don't know squat about I.T. so they pick through the resume submissions based on "standard issue" criteria like the college degree they claim to have, or the number of certifications they list. If he does "second interviews" with these pre-selected people, he may just be trying to pick the best of a bad bunch at that point.

But another problem is with how the I.T. workers are managed. You can have some really top-notch people working for you, yet they're made out to be clueless, inefficient screw-ups because they're actually trying to use their brains to decide which tasks on their plates are REALLY most important to the company. Meanwhile, some upper management character is throwing fits about relatively inconsequential items his ego demands be put "front and center". If you're busy working a difficult problem affecting a whole division of the company and by doing so, you didn't get some new computer issued to somebody first thing in the morning ... guess what usually happens? It's that idiot in I.T. who caused the employee not to have that shiny new PC on their desk on time. Nobody's even aware of the work the I.T. guy was actually in the middle of doing.

And here's the kicker.... You can say all you like about this simply being a "lack of communications" issue. "If management was simply kept informed about what I.T. was doing, everyone would be better off." But so many computer problems are of a "need to fix this yesterday!" level of importance, your good I.T. rank and file employees are going to concentrate on getting that done -- not on getting sidetracked with emailing status updates to key people. Management needs to realize that a certain level of TRUST is required here. You have to say, "I don't really know what Joe Q. has been doing the last few days, but that's ok. I trust Joe Q. because when I make an effort to find out if anyone feels Joe helped them with their issues, I get loads of positive feedback that he did." Micro-managing I.T. is almost never wise....

Re:Maybe I'm a bit biased, but .... (5, Insightful)

Cytotoxic (245301) | about a year and a half ago | (#41929373)

I enjoyed that rant. We tried to solve the problem of IT setting priorities by forcing all of the department heads to prioritize their top 3 items each week. As an example of what we were dealing with, our CFO took a month to put together his list and came back with 5 items on his "top 3" list of projects. After we started to work on his priorities he came back with a new top priority to add to the list. So we put it ahead of #1 on the list and "Project Zero" was born.

He wasn't alone: the president of the company had a meeting with us about a huge initiative he wanted to undertake immediately. Starting the next week he put other items that were more pressing (but not important) at the top of his list. He did this every week. Every week we warned him that we were not going to work on his other project because he was prioritizing these other things this week. Every week he said he understood and signed off on our statement of work. A year later he got pressure from the board of directors and threw us right under the bus. Called me into a huge meeting to yell at us for not getting his project done "in over a year". I calmly produced 60 pages of signed off work orders from him, proving that at every turn he decided to have us work on something else and he bore the full and sole responsibility for the project's delay. You know what? Nobody cared.... I believe the direct quote was "I'm tired of excuses. I expect results, not excuses."

Lesson learned. Don't work for crazy people.

Re:Maybe I'm a bit biased, but .... (1)

Anonymous Coward | about a year and a half ago | (#41929759)

I've had this experience more times than I want to admit. I agree with your conclusion, unfortunately it's hard to simply not work for "crazy people" everyone will throw you under the bus, and your coworkers give nothing but their (silence and worthless) support because they want their next paycheck more than their "sacred honor."

Anything IT (support, administration, development/consulting) used to be my dream job, but the thrill is looong gone. Unfortunately, it's hard to change gears from what you already do well and anyways, to what?

"Management: treating our MVPs like shit.since well before the French Revolution!"

Re:Maybe I'm a bit biased, but .... (1)

Anonymous Coward | about a year and a half ago | (#41929379)

the only times I've held a title of "manager", I was really only tasked with managing outside consultants or developers

That's still a serious role. Managing external contractors is a skill.

Re:Maybe I'm a bit biased, but .... (3, Insightful)

starfishsystems (834319) | about a year and a half ago | (#41929453)

Micro-managing I.T. is almost never wise.

Ain't it the truth? On the other hand, there is a lot of knowledge sharing to be gained from respectful listening. If you have weekly operations or status meetings, make sure that someone from IT is at the table. Everywhere I've been where that was the practice has been a pleasant and effective workplace. When systems are running well, they're essentially invisible, and this is a highly desirable state of affairs. It's quite the opposite of neglect, but if there isn't active communication about what's going on, how do you ever expect to tell them apart? (Until it's too late, of course, and the chronically-underfunded, under-appreciated infrastructure finally falls down hard.)

Also fire his boss. (1)

Anonymous Coward | about a year and a half ago | (#41929369)

Usually "under-performance" is due to a bad motivator. :-)

Fire his boss, he probably spend more time shoveling papers or making "Strategies " than handling his subjects.

lolwut (2)

Iniamyen (2440798) | about a year and a half ago | (#41929387)

Culprit? Idiot? Turkey?

Oh, and "under-performing" instead of "incompetent"? (Which is the word the article used.)

Trying to figure out if submitter is PMSing or just bad at paraphrasing.

You don't (0)

Anonymous Coward | about a year and a half ago | (#41929393)

Anybody who did that might just as easily have left a dead fish or even time bomb up inside the drop ceiling. Or they might just come back and shoot you. All your stuff should be committed in some kind of revision control. Go back and check his commits from the weeks leading up to dismiss, or when the trouble started if you can pinpoint it. Good luck finding the time to do that though.

An abusive employer? (4, Insightful)

Ozoner (1406169) | about a year and a half ago | (#41929423)

By using terms such as "culprit", "idiot", and "turkey" you indicate that you are a big part of the problem.

Only gross mismanagement would let you get into such a mess in the first place.

It sounds like he is well rid of you.

Re:An abusive employer? (3, Insightful)

geminidomino (614729) | about a year and a half ago | (#41929479)

Maybe a case of projecting my experience onto the submitter, but it came off to me like he's the poor bastard who has to clean up the mess, rather than the boss. Having been in that boat myself (and still, to this day, occasionally find slushy little coiled piles of things like "converting" AM/PM to 24h format using 13 chained "if/then/else" statements) I'm willing to give a lot of leeway for "frustration venting."

Re:An abusive employer? (3, Insightful)

tg123 (1409503) | about a year and a half ago | (#41929625)

By using terms such as "culprit", "idiot", and "turkey" you indicate that you are a big part of the problem.

Only gross mismanagement would let you get into such a mess in the first place.

It sounds like he is well rid of you.

Parent post should be modded up +5 insightful.

I agree this poster does sound like a very poor manager or the company he works for has management issues.

What training programs do you have in place ?

Was this person doing a poor job because of company work practices ?

Was he faking that he knew what he was doing because no one showed him how to do it properly ?

If these above questions could be answered then I think you would find that you would not need to be asking what to do after your Sysadmin / developer went off and found greener pastures.

Re:An abusive employer? (0)

Anonymous Coward | about a year and a half ago | (#41929797)

Amen to that

Make him leave on good terms (3, Interesting)

cstdenis (1118589) | about a year and a half ago | (#41929489)

There isn't really any practical way to be completely sure, but one thing that can help is to not give him reason to want to attack the company.

Lay him off and pay him out a good severance pay and he is much less likely to leave disgruntled. There may also be other parting perks besides pay that can generate good will depending on the person.

This also give the added benefit of when something breaks in the old obscure undocumented part of the system only one person knows, that one person may be more willing to help. Tho how beneficial this is depends on how useless he is.

As for the technical stuff, only way to be sure with sysadmin is rebuild all the servers from scratch (an extremely time consuming task of course).

For programmer, the whole team should be doing regular code reviews anyway looking for any security bugs. Maybe an extra code audit would be a good idea.

Simple enough (1)

AchilleTalon (540925) | about a year and a half ago | (#41929539)

Give me a gazillions boxes and I will fix everything.

You also need to fire the idiot who hired them. (1)

Anonymous Coward | about a year and a half ago | (#41929559)

How can incompetent people can get into technical roles if appropriate hiring practices are followed?

I fired a sysadmin (2, Insightful)

Anonymous Coward | about a year and a half ago | (#41929569)

Prepare, and execute quickly.

After too many actual shouting conflicts with others, and numerous lies ("even I will have trouble upgrading X11") he had to go. First I arranged for our previous guy, who had gone off to be a consultant while finishing his PhD, to return (at his new rate+housing) for continuity. Then I spent 3 hours with the firee, discussing in detail why he had screwed up in so many ways. I gave him the option of quitting or being fired, he chose the latter for unemployment benefits.

We went to his office, I told his assistant to change all the root passwords, and said clearly that I knew he could screw us anyway. That helped a little, and he was so unaware of his misbehavior that no bombs were left behind. My previous guy was on site the next day.

We eventually hired an excellent professional. He's still doing a great job there through many changes after 20 years, although I left that organization a few years after that hire.

You can bet on it (2)

aglider (2435074) | about a year and a half ago | (#41929591)

you'll still be cleaning up the problems six months later.

The real issue is not the low productivity techie. It's that there's no manager with enough knowledge and skills to ... manage techies.
Techies are seen somehow as "lone wolves" or "wizards" that "just do the (right) things".
My solution?
Hire a manager with the real knowledge (an former techie) and let him both manage and work with the younger techies.

The first rule (4, Insightful)

codepunk (167897) | about a year and a half ago | (#41929645)

I have been in IT for nearly 25 years now and have learned a few things along the way. The first rule is that most employees referring to others as idiots, turkeys, incompetent etc need to look first in their own seat.

It is generally a reaction I expect from a dev or sysadmin covering his own faults by passing blame to others. I find most people just want to do what they where hired to do and do it well and given the proper chance and assistance will do just that.

In the last 5 - 10 years though it is generally a result of understaffing and insane deadlines causing less than desired results.

Re:The first rule (3, Insightful)

WillKemp (1338605) | about a year and a half ago | (#41929711)

I agree. There's nothing an incompetent manager likes more than a scapegoat.

its not after... it is before you fire him (1)

johnsyd (204693) | about a year and a half ago | (#41929647)

the most important is the before you fire any System Admins, they must reveal all super user passwords and remote access system must be all secured...all router and customer datafiles protected before you fire him. He must not have no backdoors or rogue wifi to your system and the after the actual fired bit... it is very important that you use that flashy thingy that Men in Black has.

CELEBRATE (0)

stanlyb (1839382) | about a year and a half ago | (#41929669)

Organize a party, day and night, with a lot of drinks, and women. And Beeeee haapppyyyy, no more woooorrriiieesss.

Turkey farm (2)

WillKemp (1338605) | about a year and a half ago | (#41929699)

I'd start by sacking the turkey that hired the turkey in the first place, and/or the turkey whose piss poor management skills allowed the situation to get so far out of control that someone needed to be sacked.

This is why you fail (3, Insightful)

Dunbal (464142) | about a year and a half ago | (#41929717)

when the culprit is shown the door.

But the person who hired him still works at the firm... that's the real "culprit".

Wrong question... (0)

Anonymous Coward | about a year and a half ago | (#41929721)

...correct question:
What would you do if you were a bad admin and wanted to destroy the company if you were fired ? ...then look there, if there is nothing either your imagination is bad or the man is not a real threat...
case A. ask someone more paranoid than you (and btw. you are then not competent for the job)
case B. ...oh wait, there is no case B.

Been down this path... (5, Interesting)

Kelerei (2619511) | about a year and a half ago | (#41929813)

One of my previous employers, a while back, employed an individual who I will henceforth refer to as the Office Freak From Hell (it had various freaky habits: no personal hygiene, odd behavioural patterns, that kind of thing). I kind of ignored it at first (except to avoid it as much as possible), until it was moved over to my team. It didn't take me long to realise how useless it was -- his code was often delivered late, and was always of a poor quality (example: using strings as every variable type -- really, what the FUCK?). Between my manager and myself, we tried to mentor him, correct him and all of that -- we couldn't fire him straight away as South Africa has really fucking stupid labour laws which makes firing a tedious and difficult process at best (and you'd better not slip up, otherwise the fucktard can successfully sue for damages and the old position back). Meanwhile, I was searching for alternative employment (although mainly because software development in Durban is a dead-end industry, the OFFH was a major contributing factor), received an offer that I couldn't refuse from a company in Cape Town, and put in my resignation. I still had to work a calendar month's notice period though (Americans, things work differently over here!).

That's when things got interesting.

My manager and I started the process of handing over all my projects -- most to the rest of my team, but a few went to the OFFH. It didn't take long for the OFFH to piss off one of my soon to be ex-clients to the extent where top level management got involved, the OFFH was finally pulled into a disciplinary hearing (wasn't fired, but received a final written warning), and I had to step back in and clean out the mess. The next day, the OFFH put in for leave on the Friday coming up, went away... and never came back. It was formally dismissed for absconding shortly afterwards.

That's when we found what was really going on. To summarise:
  • - The code that would be pushed through to production was often not the same code checked into the source code repository, and the production code was riddled with security holes, backdoors, and that kind of thing. (Since I used the code in the repos for code review purposes, I never picked this up.) A few months after I'd worked my notice period and left, I heard that they ended up writing new, parallel systems and chucking everything he'd worked on, while doing their best to maintain it until the parallel system was complete. (Side note: I left on friendly terms, and I still keep in contact with those guys.)
  • - When we went to try to get source code from his machine (see point above regarding the source repos), we discovered a whole lot of background services constantly maxxing out the CPU. We never found out exactly what they did, but given other discoveries, this pretty much resulted in the network team dropping everything and performing a full security audit of absolutely everything.
  • - He would often tag in after hours and during weekends. I remain convinced that he was up to absolutely no good during this time, particularly as I am in possession of an IRC log detailing an intrusion he was involved with on the South African XBox 360 fansite around mid-2009.

So, while we thought we were dealing with mere incompetence, in truth, the OFFH was a malevolent fucktard.

All of us involved has learned our lessons -- personally, I'm far more security conscious, and the folks I worked with are far stricter regarding who they hire, development practices and policies, and that kind of thing. As for the OFFH, it seems to have vanished into thin air...

It can be worse, lots worse (1)

Anonymous Coward | about a year and a half ago | (#41929839)

We fired a database admin who seemed to leave without issue. Did the usual steps to check for everything, no problems found until... The police turned up three years later armed with a search warrant for the CIO's office and the IT department. They knew right where to look in the hidden nooks and crannies of the server room, under the lift out floors for example and above the door frame of the CIO office. What did they find you ask? USB pen drives loaded with child porn! The CIO is arrested the manager is arrested the IT staff put through the ringer. Upper management cleans house. We, what was left of the IT staff, always suspected the fired database admin who had access to all these locations. The police got an anonymous tip. We suspect that at some point he planted all these drives around as insurance then waited several years and informed the authorities telling them just where they should look. Cases against the CIO and manager are still pending.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...