undefined | Better HN

0 pointsthaumaturgy13y ago0 comments

taligent's primary complaint seems to boil down to Linode not making a public statement about the problem until after one of the affected individuals had taken his case to Reddit.

I don't think that's an unreasonable complaint. I'm still a pretty enthusiastic Linode customer, but that incident bothers me a little bit too. I have to wonder if they would have addressed the problem publicly at all if the story hadn't made the rounds on the social news sites.

You shouldn't question his motives unless you have something more solid to go on than, "unhappy former customer".

0 comments

3 comments · 1 top-level

jspthrowaway213y ago· 2 in thread

Things take time to investigate and fix. The investigation was probably underway when the story went around. Rushing something out, be it a fix, release, whatever, is risky and a good way to be wrong (which is worse than deliberate). Imagine sending out a press release saying that you fixed it and the incident repeating itself an hour later.

Usually, I side with "better eventually than never".

I agree on the root complaint, and it is valid, but OP did pretty directly say that Linode did not notify customers about the issue, implying to this day. That's demonstrably false, and I don't like to see Hacker News threads turn in to a whirlwind of fairy tales.

My conclusion regarding OP is based largely upon his behavior in the forum thread I linked. I actually remembered him by name when I saw his comment, which should say something.

thaumaturgyOP13y ago

Alright, I scrolled through all 16 pages of the singularity of stupidity that was that thread. I don't see anything in there by taligent that stands out. About the worst he did was let himself get dragged into a personal fight in the first few pages. (I wonder now which one of the users you were in that forum thread. sednet?)

You linked to the email exchange between Linode support and one of the affected customers. You know that Linode already had an idea that they had a problem before the rest of their customers found it. Do you think it would have been so unreasonable for Linode to at least put up a message on status.linode.com, "We are investigating an incident of unauthorized access to one of our customer Linodes, we will update this as we investigate it"?

And I don't read that implication from taligent's comment here. I think it's obvious that he's saying that they didn't bother to let their customers know when the incident occurred.

Basically: he thinks they didn't handle the disclosure on that matter in a way befitting its seriousness, and he thinks that they've done nothing to show that they'll handle it differently in the future. I agree on both counts. As he said in the forum thread, what makes this so frustrating is that Linode has been so spectacular in every other regard.

He's right also to point to the CloudFlare post-mortem as an example of Doing It Right. Surely you see the stark difference between CloudFlare's handling of their incident and Linode's? We still don't know the exact nature of the compromise (former employee? Did Linode have an externally-accessible customer service interface? What happened), nor do we have any idea what they did about it, other than that they say they "will be reviewing our policies and procedures to prevent this from ever recurring" -- an extremely wormy statement that will still be true even if they choose to change nothing at all.

I don't like to see HN threads turn in to a whirlwind of pointless personal attacks. Let's just discuss the facts, OK?

jspthrowaway213y ago

I find it interesting that you're imploring me to discuss the facts when I started this thread by calling out incorrect "facts". I'm the only one that seems to be interested in the black and white facts, whereas you'd prefer to alter the OP's words so that they become facts.

What you're interpreting from his statements certainly isn't obvious, as it's just the way that you interpreted it. I interpreted it differently, using only the words that he typed and not filling in any of my own as you have -- I think you realize that, too, since you italicized your additions.

> (I wonder now which one of the users you were in that forum thread. sednet?)

I do not post on the Linode forums.

Fine, you're right; I might have been a little harsh on taligent, but I'm perpetually annoyed by crusaders who latch on to one mistake so strongly that the surrounding facts of the mistake begin to distort in their memory. If you're going to have a problem with Linode, back it up with the truth -- we get enough of alternate reality with politics.

1 more reply

j / k navigate · click thread line to collapse