taligent's primary complaint seems to boil down to Linode not making a public statement about the problem until after one of the affected individuals had taken his case to Reddit.

I don't think that's an unreasonable complaint. I'm still a pretty enthusiastic Linode customer, but that incident bothers me a little bit too. I have to wonder if they would have addressed the problem publicly at all if the story hadn't made the rounds on the social news sites.

You shouldn't question his motives unless you have something more solid to go on than, "unhappy former customer".

Things take time to investigate and fix. The investigation was probably underway when the story went around. Rushing something out, be it a fix, release, whatever, is risky and a good way to be wrong (which is worse than deliberate). Imagine sending out a press release saying that you fixed it and the incident repeating itself an hour later.

Usually, I side with "better eventually than never".

I agree on the root complaint, and it is valid, but OP did pretty directly say that Linode did not notify customers about the issue, implying to this day. That's demonstrably false, and I don't like to see Hacker News threads turn in to a whirlwind of fairy tales.

My conclusion regarding OP is based largely upon his behavior in the forum thread I linked. I actually remembered him by name when I saw his comment, which should say something.

Alright, I scrolled through all 16 pages of the singularity of stupidity that was that thread. I don't see anything in there by taligent that stands out. About the worst he did was let himself get dragged into a personal fight in the first few pages. (I wonder now which one of the users you were in that forum thread. sednet?)

You linked to the email exchange between Linode support and one of the affected customers. You know that Linode already had an idea that they had a problem before the rest of their customers found it. Do you think it would have been so unreasonable for Linode to at least put up a message on status.linode.com, "We are investigating an incident of unauthorized access to one of our customer Linodes, we will update this as we investigate it"?

And I don't read that implication from taligent's comment here. I think it's obvious that he's saying that they didn't bother to let their customers know when the incident occurred.

Basically: he thinks they didn't handle the disclosure on that matter in a way befitting its seriousness, and he thinks that they've done nothing to show that they'll handle it differently in the future. I agree on both counts. As he said in the forum thread, what makes this so frustrating is that Linode has been so spectacular in every other regard.

He's right also to point to the CloudFlare post-mortem as an example of Doing It Right. Surely you see the stark difference between CloudFlare's handling of their incident and Linode's? We still don't know the exact nature of the compromise (former employee? Did Linode have an externally-accessible customer service interface? What happened), nor do we have any idea what they did about it, other than that they say they "will be reviewing our policies and procedures to prevent this from ever recurring" -- an extremely wormy statement that will still be true even if they choose to change nothing at all.

I don't like to see HN threads turn in to a whirlwind of pointless personal attacks. Let's just discuss the facts, OK?

I find it interesting that you're imploring me to discuss the facts when I started this thread by calling out incorrect "facts". I'm the only one that seems to be interested in the black and white facts, whereas you'd prefer to alter the OP's words so that they become facts.

What you're interpreting from his statements certainly isn't obvious, as it's just the way that you interpreted it. I interpreted it differently, using only the words that he typed and not filling in any of my own as you have -- I think you realize that, too, since you italicized your additions.

> (I wonder now which one of the users you were in that forum thread. sednet?)

I do not post on the Linode forums.

Fine, you're right; I might have been a little harsh on taligent, but I'm perpetually annoyed by crusaders who latch on to one mistake so strongly that the surrounding facts of the mistake begin to distort in their memory. If you're going to have a problem with Linode, back it up with the truth -- we get enough of alternate reality with politics.

I get that you're annoyed. I'm trying to convince you to be less annoyed. You and I have had perfectly reasonable discussions in the past; I'm surprised that you're responding this way to someone else.

I think it should go without saying that we should read other users' comments as charitably as possible. You say that my reading of his comment is "just the way that [I] interpreted it", but then you bless your interpretation of his comment as being "the black and white facts".

But English is messy. It carries nuances and context and hidden clues. Worse still, everyone has the attention span of a coked-out gnat now. Brevity is supposed to be the most important property of a statement, so we don't go around explicitly writing in all of the nuances and blanks and context. Thus it's natural to omit something like, "when the incident occurred" from the end of every statement. (Which, by the way, I italicized as emphasis; even a cursory glance at my comments page would have clued you in that I do that habitually.)

Your interpretation assumes (emphasis again) that he was deliberately lying.

You called someone a liar.

Publicly.

Based on your interpretation of what they said.

Whereas I assume that it's more likely that he was simply being brief.

Maybe you're right and I'm wrong. But, I'm unwilling to assume that someone else is a liar when there is clearly room for misinterpretation of what they said, just as I'm unwilling to assume that anyone that I'm talking with here is an idiot. (Although, I'm becoming more willing to assume deliberate obtuseness and argumentativeness ... not apropos of anything in this thread.)

I don't want to brow-beat you for your reply to him, but you're still thinking of him as a "crusader", and you're still assuming that the facts are "distorted" in his memory. When I asked to stick to the facts, I meant that it would have been sufficient to say simply that Linode notified the 8 affected customers and posted a statement to their site about the incident.

That would have left room for both you and him to be right, instead of accusing him of grandstanding and being a liar and a crusader and so on and so forth.

And most importantly: whether or not we agree on his characterization of what happened, he does still have a legitimate point. Linode did not handle that incident admirably, it can be contrasted starkly with the way that CloudFlare handled their incident, and Linode is still compounding their initial error by not taking steps to correct their handling of future incidents -- all points from my previous comment which you completely ignored, in favor of continuing to attack another user here.

HN needs to calm down just a tiny little bit.

Sorry for picking on you today.