Saw your tweet (https://twitter.com/theckman/status/684484772316360705) that linked to this post. Did a quick search to get your technical background and your LinkedIn profile states you used to work for Linode? I think it's important to share that info when you're telling your side of the incident. Your past relationship, if you left on bad terms, could play a role in your motivation to post.
I can absolutely understand your concern. I originally had it in my post, but removed it because I was worried it would detract from the details of our compromise at PagerDuty.
I worked at Linode for just under three years, and worked on quite a few different things there. I started on support and moved on to a development role (including writing ColdFusion). I left Linode on good terms. California is much more enticing than NJ, so I wanted to relocate. Plus I was interested in doing more of an Ops role, instead of working including customer-facing web applications. I'm still enjoying it. :)
I think there are lessons that can be learned whenever a company has some sort of security incident. This is especially true if they are willing to publicly disclose details of the incident. We've wanted to provide what limited information we had, but wanted to wait until we had confirmation that Linode was the vector.
While there is some relief in finally determining what we believe to be the vector of our attack, it's very unfortunate that Linode engineers are dealing with the fallout right now.
so you're saying you wrote the code that was responsible for the breach(es)? It also sounds like you knew about these issues before you left Linode but didn't point them out while you were there?
Where are you reading this? When he says he was writing ColdFusion, he's referring to the framework/programming language. He's not saying he wrote every single line of Linode's management interface.