Friday, March 22, 2013



Extortion works
.
It all started at the PyCon Conference in Santa Clara this past week when a couple of guys made a couple of crude jokes about “forking software repositories” and “big dongles.” A dongle is a piece of hardware with some software present on it that’s used as a key to unlock software so that one may use it. Its purpose is to prevent unauthorized copying and distribution. In this instance, the reference to the term was anatomical rather than cryptographic. The inappropriate jokes violated the conference code of conduct.

Adria Mitchell, who sat in front of the men, reported them to the conference administrators who escorted them out of the session. She also snapped their picture and posted comments about the incident to Twitter and her blog. http://butyoureagirl.com/14015/forking-and-dongle-jokes-dont-belong-at-tech-conferences/http://butyoureagirl.com/14015/forking-and-dongle-jokes-dont-belong-at-tech-conferences/

Adria Mitchell wasn’t just any old blogger or conference attendee, though. She had a fairly influential position in Developer Relations at Sendgrid, a company that sends bulk commercial Internet communications. Her position in Developer Relations is important in the events that transpired.

One of the men was let go by his company, PlayHaven, in response to the post. After his dismissal, the man who was fired allegedly posted that he was a father of three and that he was disappointed because he really liked the job. Developers responded by demanding on the pastebin site that Mitchell also be fired.

On Thursday, March 21, Sendgrid came under a distributed denial of service attack and a number of developers cancelled their accounts. Adria Mitchell’s personal site also came under attack and she received death and rape threats. By afternoon Thursday, Sendgrid issued word on Twitter and Facebook that they fired Mitchell. The Sendgrid Facebook post stated, “Effective immediately, SendGrid has terminated the employment of Adria Richards. While we generally are sensitive and confidential with respect to employee matters, the situation has taken on a public nature. We have taken action that we believe is in the overall best interests of SendGrid, its employees, and our customers. As we continue to process the vast amount of information, we will post something more comprehensive.”

What’s the take-away from this? Well, like I said, I think we can certainly take away the fact that extortion works. Sendgrid’s site was down for most of the day on Thursday, the day that many newsletters and press releases are sent. The company capitulated to the demands of its attackers.

However, Ms. Mitchell didn’t fire the man who lost his job, PlayHaven did. Nobody targeted PlayHaven.

We can expect to see litigation come out of this—criminal, civil, employment and commercial. Websites and services were hacked. Distributed denial of service attacks took down services that lost thousands, if not hundreds of thousands of dollars. People were threatened with physical harm. People lost their jobs, perhaps wrongly. Companies didn’t have their e-mailings go out on time due to Sendgrid being down. And for what? Because a couple of guys made some inappropriate sexual comments at an industry conference. Perhaps we can all learn something in hindsight from this about the value of treading lightly. While this is an extreme example, it is the reality of our world today. A simple post caused this damage. Before any of us acts or renders advice in response to a situation, we really need to give pause and consider the possible ramifications of our actions.