

Ask HN: How to safely extricate yourself from a contract? - arresteddev

I was asked to fix a mess of infrastructure &amp; code and for the most part I have, but the company hosts thousands of installs of an open source php app that gets hacked daily.<p>I have tried to communicate the danger of this to the owner, but he is oblivious and gets angry at me for telling him the risk.<p>He refuses to upgrade the php apps, and as a result there are countless known exploits running on the server.<p>He also has a really bad habit of acting like me giving him good technical advice is annoying him and that I am bothering him by pointing out very serious problems.<p>He has thrown tantrums and raised his voice when I  try to solve this problem.<p>I want out, but I am worried that these hacks will destroy his business and that he may try to sue me, even though I did not create the problem and I have tried to solve it.<p>I have a clause in my contract that disclaims liability, but am not operating via an LLC, a rookie mistake I know.<p>I like the other employees at the company and feel bad leaving them in the lurch, but the anxiety &amp; depression from this job is killing me.<p>What would you do?
======
anigbrowl
As long as you're working there, put your risk advisories in writing, and
address any and all concerns about them in writing. Don't be political about
it, use fuzzy terms like, well, 'risk advisory' rather than using
loaded/hyperbolic terms like 'danger' or 'countless', so as to do your job of
communicating without making it confrontational. It sounds like your boass
feels he's getting the blame for the situation, doesn't know what to do, and
is dumping his stress upon you. This is bad management, of course, but he
probably doesn't have it in for you personally, he just wants you to make the
problem go away.

Try quantifying the performance loss involved, and the mitigation/maintenance
cost. Mention and quantify replacing the PHP apps as an afterthought but don't
make an issue of it (eg 'Doing A and B will cost C...and finally doing X and Y
will cost Z. I recommend I and J, unless you want to re-examine the notion of
replacing the PHP apps in which case the cost would be closer to Q and R.').
So, rather than giving him a problem (ugh) and requesting a green light for
your solution, give him several solutions and let him pick one, but present as
low a level of decision pressure as possible.

I'm not a lawyer and this isn't legal advice, but my gut feeling is that he's
most unlikely to sue you even if you quit - chances are you don't have
sufficient resources to make the expense worth it, so the main risk would be
to your reputation. At bottom this sounds like a people problem, and it's not
all that uncommon for a deicison-maker to 'shoot the messenger' who brings
them bad news - hence my advice to focus on the actionable solutions rather
than offering a single unpalatable prescription that makes him feel like the
situation is out of his control. Think back to successful interactions between
the two of you on other technical challenges and see if you can identify what
factors allowed the two of you to work together effectively there, and look
for a way to replicate those factors in this new context.

