this post was submitted on 11 Mar 2025
679 points (99.3% liked)

Technology

66073 readers
4760 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
679
Developer convicted for “kill switch” code activated upon his termination (arstechnica.com)
submitted 1 day ago by WetBeardHairs@lemmy.world to c/technology@lemmy.world
101 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] GhostlyPixel@lemmy.world 132 points 1 day ago (3 children)

This kill switch, the DOJ said, appeared to have been created by Lu because it was named "IsDLEnabledinAD," which is an apparent abbreviation of "Is Davis Lu enabled in Active Directory."

Lu named these codes using the Japanese word for destruction, "Hakai," and the Chinese word for lethargy, "HunShui,"

[Lu]’s "disappointed" in the jury's verdict and plans to appeal

No, this guy is cooked, there’s even evidence of him looking up how to hide processes and quickly delete files, absolutely no way an appeal would work out for him, I don’t think an “I got hacked” argument is going to work.

[–] snf@lemmy.world 8 points 20 hours ago* (last edited 20 hours ago) (1 children)

It's actually kind of worrisome that they have to guess it was his code based on the function/method name. Do these people not use version control? I guess not, they sure as hell don't do code reviews if this guy managed to get this code into production

[–] TAG@lemmy.world 2 points 3 hours ago
  1. I assumed that the code was running on a machine that Lu controlled.
  2. Most companies I have worked at had code reviews, but it was on the honor system. I am supposed to get reviews for all the code I push to main, but there is nothing stopping me from checking in code that was not reviewed (or getting code reviewed and making a change before pushing it). My coworkers trust me to follow the process and allow me to break the rules in an emergency.
[–] db2@lemmy.world 73 points 1 day ago (1 children)

It would only work if he owned the code and the company stopped paying. There's lots of precedent for that.

[–] Lv_InSaNe_vL@lemmy.world 6 points 21 hours ago (1 children)

Still probably not. The code also deleted files, deleted accounts, and created infinite loops which took down large chunks of the network and infrastructure.

You could take your code, but you can't take down the company.

[–] db2@lemmy.world 4 points 21 hours ago

Yeah he's screwed then.

[–] rottingleaf@lemmy.world 51 points 1 day ago (1 children)

I take it he hasn't heard about "hiding things in the open".

That would be, for example, using a constant of some near year in "end time" column meaning unfinished action.

Or just making some part that will inevitably have to be changed - "write-only", as in unreadable. Or making documentation of what he did bad enough in some necessary places that people would have to ask him.

So many variants, and such obvious stupidity.

[–] Tramort@programming.dev 10 points 1 day ago

That's an amazing point, actually