laitimes

"Delete library" does not divide the position, why frequent thunderstorms?

author:51CTO
"Delete library" does not divide the position, why frequent thunderstorms?

Delete the library to leave, delete the library to ask for salary, delete the library to vent anger... The fire of deleting libraries has burned from local databases to the cloud and open source, and it is inevitable in the IT circles at home and abroad. Paragraph-like deletion events occur from time to time. I have to say that the data is very full, and the truth is very bone.

Event review

Recently, a well-known Internet company in Shanghai ushered in the final judgment of the "deleted library and run road" bridge section. The court sentenced the defendant's employee, Wang Mou, to 10 months' imprisonment.

In March 2021, criminal suspect Wang joined a well-known Internet company in Shanghai to engage in computer system research and development, responsible for the research and development of some rules and codes of the company's online shopping platform. After 3 months, Wang was dissuaded by the company due to the unqualified probation period, and on the day of leaving, without the permission of the company, he privately deleted all the system codes that were about to be launched.

A few days later, the company prepared the system to run the operation party found that the code was deleted, can only urgently postpone the launch, and pay tens of thousands of yuan to hire a third-party data company to restore data, organize employees to rewrite the code, to ensure the subsequent online operation of the company's system.

In order to vent his private anger, Wang Mou violated state regulations by deleting the data stored in the computer information system, with serious consequences, and his behavior had violated the provisions of the second paragraph of article 286 of the Criminal Law of the People's Republic of China, and was suspected of the crime of damaging the computer information system.

Article 286:[Crimes of Damaging Computer Information Systems]

Whoever, in violation of State regulations, deletes, modifies, adds to, or interferes with the functions of a computer information system, causing the computer information system to fail to operate normally, and the consequences are serious, shall be sentenced to fixed-term imprisonment of not more than five years or criminal detention;

Whoever, in violation of State regulations, deletes, modifies, or adds data and applications stored, processed, or transmitted in computer information systems, and the consequences are serious, shall be punished in accordance with the provisions of the preceding paragraph. Whoever deliberately produces or disseminates computer viruses or other destructive programs that affect the normal operation of a computer system, with serious consequences, shall be punished in accordance with the provisions of the first paragraph. Where a unit commits the crimes mentioned in the preceding three paragraphs, it shall be fined, and the persons who are directly in charge and other persons who are directly responsible for the crime shall be punished in accordance with the provisions of the first paragraph.

Lose both

The legend of the jianghu has a long history, both "the anger of the great god at the end of the road", "the hardship of the strong man to ask for wages", "the embarrassment of willfulness after drinking", and of course, there is no lack of "self-redemption of the handicapped party". But the ending in the legend seems to be no different: "Deleting the library is cool for a while, and the iron window is tearful."

At the beginning of the year, Marak, author of the well-known open source tool Faker .js, deliberately destroyed the open source libraries on GitHub, emptying all the code and leaving the word "endgame" in the commit. In addition, another library he developed, colors.js was also affected. After the deletion incident, Marak's own GitHub account was officially banned, causing an uproar.

  • In November 2020, Wu Mou, a programmer in charge of product technology development, operation and management of a company in Shanghai, deleted the company's data in order to ask for a salary, resulting in the loss of user behavior log data in the "Zhuzuo" App developed by the company, so that users could not read its design and decoration renderings and 3D models in the app. Wu also deleted more than 27,000 pictures and model files made and uploaded by registered users. In the end, Wu was found by the court to constitute the crime of damaging the computer information system and sentenced to 11 months in prison according to law.
  • In September 2021, Shannon Stafford, a 50-year-old HEAD of IT technology in the United States, was dissuaded for failing to perform and subsequently deleted all of the company's stored information, resulting in a sentence of twelve months and one day in prison. In addition, he needed to pay $193,250.1 (about 1.32 million yuan) to his former employer.
  • At the beginning of 2021, the "chain home deletion library running away" incident also set off a huge wave in the IT industry! On January 6, the Beijing No. 1 Intermediate People's Court issued a criminal ruling in which former chain employees deleted 9TB of the company's data due to dissatisfaction with job adjustments. The chain family spent a total of RMB 180,000 to restore and rebuild the financial system, and the employees successfully "sent themselves in" for 7 years.
  • In August 2020, a former Cisco employee maliciously deleted 456 virtual machines after leaving the company, resulting in a loss of up to $2.4 million to Cisco, who faced a five-year prison sentence and a $250,000 fine.
  • In June 2018, the director of a technology company was sentenced to 2 years and 6 months in prison, suspended for 3 years, due to dissatisfaction with the company's layoffs, deleted some key indexes and some tables on the company's database, resulting in a direct economic loss of 2.25 million yuan.
  • In September 2018, a senior engineer at SF accidentally deleted the online system database and was finally fired.

Of course, the most influential in China is last year's "Weimob deletion" incident. The protagonist of the story single-handedly nearly destroyed the entire SaaS service industry.

In February 2021, Weimob was maliciously deleted by an employee, the online service failed, and the Mini Program of the main business merchant collapsed completely, and the business of 3 million merchants implicated by this basically stopped. After that, Weimob and the joint service provider recovered the data, and it took seven days and seven nights to retrieve the deleted database data. However, due to the negative impact, the cumulative market value of Weimob has evaporated by more than HK$3 billion. As for the impact on many merchants, Weimob said that it has prepared a compensation of 150 million yuan to compensate users. The employee confessed that this move was due to personal reasons such as unsatisfactory life and inability to repay online loans after drinking, and was eventually sentenced to 6 years in prison.

"Delete library" does not divide the position, why frequent thunderstorms?

Rather than regard "deleting the library and running away" as a legend, it is better to say that this is a "two-sided tragedy" that is constantly staged. On the one hand, it is the "fish dead net broken" and "jade burning" type of anger, on the other hand, it is "the dead sheep to make up for the prison" and "the vitality is seriously injured" type of enterprises.

The "dead end" truth

Of course, there are also those who do not delete the library, but choose to force the code to be made public by the whole people. For example, in April 2019, Bilibili (Station B) was leaked by the source code of the background project of the website. The source code is published on the GitHub platform, but is not hosted under the official organizational domain of Station B, but is created by the user of "openbilibili", and the code base is called "go-common".

But whether the library is deleted or not, the truth behind it is the same: the lack of trust.

Looking closely at the causes of these deletions, although there are various kinds, there are nothing more than these three kinds of -

  • Employees of the company are treated unfairly (salary cuts, demotions, layoffs, high-intensity overtime, others), and retaliatory psychology
  • Enterprise data rights management is missing
  • Programmer's own reasons (handicapped, personal, etc.)

Nowadays, words such as "digital intelligence" and "digital transformation" are spread throughout the streets and alleys, and when employees lose trust in the enterprise, "data" will easily become a bomb prop in the "grievance bureau" of the two, how ironic!

The trust mechanism of some enterprises is very extreme. Or, don't trust any individual, only the processes and systems: constrained by the processes and systems that are solidified. Or, management is missing and permission granting is confusing.

Often, a good trust mechanism is constantly iterative, and it is necessary to iterate processes and systems at any time as the external environment changes.

For enterprises, the deletion of the library runaway incident has made them realize that the company's anti-risk ability lies not only in the business model and supply chain, but also in the technical capabilities that support these: whether the architecture is perfect, whether the data is secure, and whether the management is benign.

But for the programmer group, it is far from being as simple as the process and permissions of data manipulation. Employers are overly chasing business goals such as profitability and speed, but they lack the necessary humanistic care for the growth and life of programmers, which will lead to such embarrassing tragedies.

The cloud can't save trust

A few years ago, whenever there was a "delete library" incident, technical experts in the industry would give a lot of suggestions: architecture backup, decentralized management, process management, safe house, operation supervision, etc., and often brought one: to the cloud.

However, can the cloud really prevent or reduce the occurrence of "deleting libraries"?

Admittedly, the insurance coefficient of data placed in the cloud is still relatively high. Because the cloud has enough public resources as a support. Among them, snapshots and remote replication disaster recovery services are good features provided by the cloud. When data deletion occurs, you can use snapshots to quickly restore or roll back to a historical moment, and then use other methods to make up for the latest data state, and the cloud remote replication disaster recovery service is also a more mature technology, compared with the local implementation of disaster recovery, the initial investment is more cost-effective.

However, the deletion of libraries in recent years shows that the cloud database cannot avoid the occurrence of "deleting libraries and running away". Because the cloud only solves the problem of technical architecture, but does not solve the problem of the trust mechanism of IT people who are closely related to the enterprise.

At the end of the day, it's itself the last barrier to database security. Adhering to professional ethics is the final bottom line, and if technicians can't do this, even the best defense processes and mechanisms will eventually "break the defense".

Contradiction resolution mechanism

Business for profit, since the beginning of the establishment of the enterprise will be profit and income as the basic goal of development, so in many cases ignore the employees who grow together with the enterprise. A large amount of work pressure and unreasonable and fair personnel treatment will not only reduce the work efficiency of employees, but also bring negative emotions such as irritability and disgust. The long-term neglect of this by business managers will eventually exacerbate the situation and hinder the harmonious relationship between enterprises and employees.

But the law cannot be flouted, and even if a technician has more hardships, he should not test the law by example. The solution to violence will eventually harm others and harm oneself.

Here, we call on enterprises to pay more attention to the growth of internal employees, give employees due humanistic care, and improve the mechanism for resolving contradictions. IT people should also abide by professional ethics, do not make wrong decisions because they are "unhappy for a while", and cause irreparable losses to others and even society, and they will also be imprisoned.

Write at the end

From the "rm -rf /*" deletion command to the cloud "bing chaos", deleting the library run is no longer a joke. For technical people, deleting the library is cool for a while, but it is self-deprecating, which can be said to be very unworthy of losses. For enterprises, in the face of illegal and malicious operations such as "deleting libraries", once an accident occurs, it will cause quite terrible consequences.

Behind the incident, in addition to the technical architecture, operational authority and process, how to re-examine the trust issue between enterprises and employees is worthy of attention and deep consideration.