Hacker News new | comments | show | ask | jobs | submit login

We're assuming these are fake, and that someone just got hold of their Facebook and Twitter passwords.

On the other hand, I notice the same statement has appeared on their blog. So maybe it's real. Or maybe their blog was compromised too.

The really suspicious thing is that they don't seem to have confirmed it to a reporter yet, which presumably they'd be willing to do if they were so eager to spread the news that they tweeted about it.

I'm hoping it's a fake, too, but three compromised accounts (Twitter, Facebook, and company blog, all of which are still active) showing the same thing would make this the most well-executed hack I've seen in a while - usually fakes like that are just quick drive-by posts.

The Twitter straw man brigade is already making it into "fired for for speaking out against sexism". I'm really hoping Sendgrid doesn't give them their martyr. And I'm also hoping Sendgrid didn't do that just to surrender to the crazy male attack squad that seems to be so vocal and abusive, not to forget criminal.

On a side note, Twitter has really turned into an absolute sewer, with polemic knee-jerk reactions and utter foolishness ruling supreme. I wish it was the idiots on Twitter who were getting fired - both the threatening jerky men as well as the opportunistic feminist ones.

Twitter has really turned into an absolute sewer

Content-wise, I don't think any service is immune from that - Reddit can be pretty horrible and I was shocked by some of the stuff posted to HN Tuesday & yesterday (though it was quickly cleaned up).

My problem with Twitter is that the brevity and emphasis on the present moment makes for bad social interactions; the faux-urgency of social media in general elevates sensation above substance. It's so easy to get the Internet Hate Machine going, and offers such large ego rewards for people who feel they are able to shape and direct it, that it's become a regular part of discourse. Back in pre-web days when NNTP was in regular use, discussions of contentious subjects were just as vigorous but nowhere near as vicious or reductionist.

Our ability to project our own ideas has significantly outpaced our willingness to consider those of others, it seems.

> I was shocked by some of the stuff posted to HN Tuesday & yesterday

As was I, but it got taken care of. I still wish people wouldn't have downvoted Richards' comments into oblivion though.

However, what's really different on HN is not that sometimes bad things happen, it's that there are a lot of people here capable of considering a balanced opinion and, perhaps most importantly, willing to question the premise of things. Users on HN often did not simply fall in line behind the stereotypical camps that feed on this kind of issue, and I don't see that same capability for actual thought anywhere on Twitter.

By and large we may disagree (hopefully with civility) on conclusions, and those are productive discussions to have, but we're as a community able to examine the issue as a whole. That's a pretty unique and valuable trait.

I'm still marveling at how ridiculously easy it is to create fake wedge issue drama like this, and all of a sudden it's #teamadria on the one side, and creepy macho assholes on the other, without a single neocortical neuron to share between them.

Users on HN often did not simply fall in line behind the stereotypical camps that feed on this kind of issue

Oh god, they do. There are certainly dissenting voices but Hacker News has proven itself time and time again to be unable to examine the issue of gender, or more tellingly, unwilling to. These posts disappearing is not a one-off, there have been numerous instances of people flagging 'difficult' posts on HN, so that we can all continue arguing about semi-colons.

I must confess my knowledge into things that got unfairly flagged away is pretty limited, so you may well be correct. But as I said, the point is not that bad things happen here as well. It's that this is the only place where I actually found worthwhile opinions, whether they may be surrounded by bad ones or not. Maybe the signal-to-noise ratio is still too low, and we need to fix that, but at least it's not quickly approaching zero as is the case on, say, Twitter.

Users on HN often did not simply fall in line behind the stereotypical camps that feed on this kind of issue, and I don't see that same capability for actual thought anywhere on Twitter.

Our definition of "often did not" seems different. And the majority of the response that I saw seemed pretty knee-jerk. (Disclaimer, I actively tried to take a balanced look at the issue, and immediately got downvoted into oblivion for it. But over time people seem to be calming down.)

On the Internet, there is no place to go drink and talk quietly with the reasonable people about complex subjects while the inpatient people, polarized to one side of a multifaceted issue, try to out shout each other. So when I don't say something in a thread that has degenerated, nobody sees me leave.

I do try to leave something in such threads. But nobody is reading them for carefully considered takes on the issue.

I respectfully disagree, but that's because I'm in a couple of communities that are very, very cleverly moderated and have very rigid curation guidelines that the mods are careful about.

You still get people trying to shout at each other, but they usually do so from a distance, and not within the community. I'm perfectly happy with that.

HN has moderation (flags/upvotes etc.) but a much less rigid set of curation guidelines (see "Six Degrees of Hacker News"). This results in a much wider set of "well I think HN should be X", and therefore more meta-arguments about the different Xs rather than staying on topic, whatever "topic" means to each individual.

On reflection, you are right. I am actually in an online community that does do this, and even has a Metatalk section intended for talking about such things. I suppose I was engaging in hyperbole, born out of a sense of frustration. Thank you for pointing that out, and if you want to tell me (perhaps privately) about your communities, I'd be interested.

What startup opportunity lies in channeling discussions in a more productive way? Is there a smart approach to this?

Reddit for adults basically, with ruthless moderation. Attract a good audience, then sell ads to that desirable audience.

Lots of people who are sick of the juvenile content and comments on Reddit would leave, but there's nowhere to go. Build an awesome community by tolerating absolutely no shit.

"with ruthless moderation"

Yea, but that seems to just push the problem one degree away..."Quis custodiet ipsos custodes"-type situation. I've been part of a few niche forums over the years that have ruthless moderation, and it's not a fun place to be a lot of the time.

http://paleoplanet69529.yuku.com/ is a forum for primitive skills discussion, and by far the most civil and "adult" forum I've been a part of...I have no idea how they do it.

I love their rules though: http://paleoplanet69529.yuku.com/topic/16448/Welcome-to-the-...

If it's for adults why not charge to get in? It works for somethingawful.

Their funnel is an absolute scream: http://forums.somethingawful.com/showthread.php?threadid=322...

Note: this is not meant to imply somethingawful is for adults. Just that they charge to get in and moderate ruthlessly.

I ruthlessly moderate a reddit - to the limit of my free time. People that need moderating exceed my ability to read and delete comments. Our ban list is huge. The eternal September is, truly, eternal.

Now there's a nick I haven't seen in a few years. #distributed, right?


If you don't plan to provide significantly different mechanism for discussion, I don't see why you'd want to build completely new site instead of utilizing Reddit by making your own subreddit with the "ruthless moderation" you want. That's the real power of reddit, that it is as much a platform as it is a community.

There are shitloads of other general interest forums on the web that have strong moderation and less juvenile content. They're all just small forums - they don't get the critical mass of Reddit so they stay small. It's far from a wasteland out there.

So, metafilter?

Depends. I closed my account last fall because I got tired of the personal abuse that pervades political threads. I'm pretty argumentative, true, but I found that forum to be increasingly aggressive and negative in tone.

Doesn't ruthless moderation just lead to rebellion? If HN had let this story go instead of censoring it the world wouldn't have ended. But now people are wondering (at least I am) about the mod's motives.

If they're willing to remove stories they don't like do they also promote their friend's projects or squash competitors?

In this case I have some sympathy because they were worried they were spreading false rumors but honestly it does sort of make me think twice about what I read here.

Isn't that Quora?

Which HN hates?

What, you think it's physically impossible that someone could reuse a password on more than one service, or register them all with a single Gmail account?

No, it's just incredibly unlikely that someone hijacked four different services and have been able to keep the owners locked out of their accounts.

You only have to hijack one account if the password across all four services isn't unique.

Yes, but the owners have four different support lines to call to get their account back, so the odds of it staying compromised is that much lower.

How do you explain that nobody working there is talking about being hacked? Do you think everybody there was using the same password for their Twitter accounts, Facebook, etc...

Or just automate the reproduction across multiple outlets. I use a FB app that posts tweets to my timeline for example.

That's a really oddly worded statement - we've fired someone, but we're still processing the information over the issue.

I don't believe this is fake, as much as I wish it was. They are still updating their Twitter and status blogs and I'd assume if it was fake, they'd see it and at least delete it. I've attempted calling and speaking with them directly through various direct extensions but no one answers.

Maybe I'm being stereotypical here, but not only is this a well-executed hack, it has well-written copy. Which is not standard for malicious hackers looking to make a point.

The Facebook statement isn't that good. For example, this wording...

While we generally are sensitive and confidential with respect to employee matters, the situation has taken on a public nature.

...is extremely unlike the words usually used by a company dealing with a controversial employment matter. It's more like the puffery used in 419 scams.

Exactly, that's what I was thinking, too. Trolling on a hacked account is almost always clearly distinguishable from the legitimate content there.

Clearly it does.

It might be unlikely if this were over a random [anime,gaming,furry,...] convention, but these are people at the leading edge of web technology. Given the audience, it's entirely possible someone within it could orchestrate such an attack.

That tweet is unsigned, where all others are. They clearly have a well-enforced policy of tweet signing, but the firing tweet has none. FB posts have the same signing--except the post about the firing. The blog and status portal sites have the comment under clear user accounts, so it doesn't look like they're trying to have a unified front on it, as might be implied by unsigned tweets and FB posts.

Because nobody uses the same credentials for all their accounts?

Don't get me wrong, I don't think it's fake, either. But a healthy dose of caution and skepticism doesn't hurt.

Not really. You just have to get access to one of those services the publishes to all your accounts.

I know, but in practice this almost never happens in a typical drive-by trolling.

I think they're dealing with more than trolls at this point. Solid DDoS to sendgrid and to her blog, seems to say a lot more than just threats and images. If this is fake, it's sure clean.

Hi pg, SendGrid just posted a status update to Twitter and another update to their status page on their website (outside their blog) so all signs point to SendGrid accounts _not_ being compromised. Could you reinstate the posts to the front page again?

Why bother? Isn't one thread enough space to discuss this pitiful situation?

All SendGrid/Adria Richards threads have either been deleted or shadowed.

Agreed, but we don't need a front page full of ten threads on the same subject with 10 conversations going on repeating the same arguments.

This hasn't been a problem before. There have been cases where the front page has been all about a single event (Aaron Swartz/Steve Jobs come to mind), and there have been cases where there are multiple stories on the front page that all repeat the same argument (like the 3 anti-EA stories on the front page at the same time last week).

This story is of interest to the community, is directly relevant, and is still being censored. There's not a single post about this on the front page.

I agree that it's a story of interest to the community here. And it should be discussed, I just don't see the need for many threads on the precise same topic.

I think Steve Jobs was totally different given the impact of his life.

Whereas this story is about who we (the tech community) are, how we treat each other, and what our daughters can expect if they join the tech industry.

But yeah, the iPod's important too.

Maybe you can't read, but the previous comment said that ALL Adria Richards threads have been killed, which is true.

There's no need for you to be so rude in claiming that I can't read. I read what he said and all I argued would be that one thread would be enough. There's no need to have a front page full of stories which are all essentially the same (of the TechCrunch/VentureBeat etc. repeating of the same things).

I get the feeling you're fighting a losing battle re. rudeness...

A compromise isn't necessarily an exclusive lock on posting rights, so the existence of other credible-looking non-controversial posts, after the posts-in-doubt, does not verify the provenance of the posts-in-doubt.

I'd wait for a reputable journalist -- someone who actually picks up the phone, or visits SendGrid, and talks to someone there they knew already as a person with corporate authority -- to confirm.

Venturebeat also reports that SendGrid is getting DDOSed.


A look at Richards' personal page also shows a CloudFlare DDOS splash page before serving up the site.

The assumption that they're under attack is reasonable. What's true today will remain true tomorrow.

They're under a _DDOS_ attack. Assuming that their Facebook account, Twitter account as well as website was compromised just so the hacker could create a post announcing Richards's firing is a bit much, I think.

I wonder if this (the possibility of SendGrid's website and every social media account being compromised) isn't the only motive behind the deletions. Maybe the mods are looking to avoid drama or protect Richards? I don't know. If their stated reason is their only motive, will they bring the posts back to the front page once SendGrid confirms?

> Assuming that their Facebook account, Twitter account as well as website was compromised just so the hacker could create a post announcing Richards's firing is a bit much, I think.

That is what DoS attacks were originally used for. Hose the target, then run your attack. It was more typical for attacking clients trying to use network services. In this case it's a PR blitz meant to look like an authentic message.

Facebook and Twitter taken over takes a while to get back into the hands of the real owners. If someone got a fake message cached by cloudflare and then took down the backend, it could leave a false message hanging around until the target can get the service restored.

Why the hell would someone do this? Who knows. Probably a dejected neckbeard with mental problems who feels like causing a shitstorm.

It's possible that the server that was compromised also held access to their Twitter and Facebook account. Depending on what backend they might be using, they could have it configured to allow posting to social media through a control panel rather than through facebook.com or twitter.com. In this situation, a compromised backend control panel would mean an attacker has access to their social media accounts as well. I've seen similar attacks first hand in the past.

They use HootSuite according to the tweets. I think it has an API that can be tied into anything, including blogs and announcement systems.

See this: http://blog.sendgrid.com/sendgrid-statement/

Check the author, it's posted by the CEO.

Just because a blog post was written on the CEO's account doesn't mean the CEO wrote it. PG has said they think it's a fake, and a blog post on the site is consistent with that.

I'm not sure I agree, but still.

How realistic is it really that Sendgrid's official Facebook, Twitter, blog, and status site were all compromised simultaneously?

If you compromise the Gmail account of the person that controls all of them- quite realistic.

Honestly, if an email service provider gets hacked on all public channels due to an email password being hacked, you should probably factor that into decisions about what email service provider to use.

The weakest link is always the user.

In the event that an account was compromised, I'd put money on it being 100% due to a naive user.

Which makes me wonder why everybody races to sign-up for ancillary services like Mailbox which just open up additional vectors of attack on people's most-sensitive account.

Maybe because they like the app more than they fear identity theft.

But how realistic is it that there would be no statement at all from the company about the accounts being compromised?

Pretty realistic. Compromises tend to be pretty far-reaching because often the weakest points are single points of failure for many system (email accounts especially).

Hmm, given that one of those is compromised, I'd say it's more likely that the rest are as well--Bayesian reasoning and all that. (Yeah, I don't actually know much about probability :P.)

People share passwords all the time. Also, if somebody's computer or email account was compromised, chances are that would also give up the credentials for all of the sites.

Their blog at least is running wordpress, from wordpress.com. It's possible that they did get compromised somewhere since all of the things seem to be external to them that they did get compromised and they weren't entirely aware of it right away because of the DDoSing. I can't imagine though that they can't have heard of this by now and aren't trying to do something about it if it's fake.

It's quite realistic. Or rather, the possibility that SendGrid's official Facebook, Twitter, blog, and status site all use the same password is quite realistic, and if that's the case then you only have to compromise one site to get them all.

They most likely share the same password so that multiple sendgrid employees can post to each of the pages.

No modern legal department would ever let a business make a statement that direct about an employee termination, and certainly not in the active voice. They wouldn't dare; the risk of a lawsuit is much too high. "Adria Richards is no longer working at SendGrid" might be credible, but "SendGrid has terminated the employment of Adria Richards" is not.

There is almost certainly not a legal department at a startup of 60 people. I agree it's a very dumb thing to do legally, but I've seen lots of small companies make lots of legal mistakes, and could easily picture a founder freaking out that he's sheding users left and right and making a rash move.

As a startup lawyer (and a social media lawyer at that) I couldn't agree more. Even big companies make some unbelievably stupid mistakes when rushed to "do something."

considering they were paying her for PR as a "developer evangelist" I think they should be able to make a fair case for her dismissal.


If they fired her, it's an accurate statement.

What would she sue for?

The most likely angle of attack would be privacy law: public disclosure of private facts.

I don't know if this would stand up in court, but it doesn't have to stand up in court if the lawyers can drag it out long enough. In this particular case, that tips in her favor, because the odds of this case escalating to celebrity status are high. That scenario is every corporate lawyer's nightmare, because with celebrity status comes reliable financial support.

If she really was fired, if I were company counsel, I'd be more concerned about the employment law issues vs. the public statement. They did keep the post brief and factual, and I don't see anything actionable about it.

It would be helpful if there was a way to show the reasoning behind deleted submissions. Like a quick note on [dead] pages that explains why it was killed, just like you did here. That way, people won't keep resubmitting the same story over and over, which makes it easier on everyone.

"if there was a way to show the reasoning behind deleted submissions"

I don't know why they don't do this but I can see why they might not do this.

By stating a reason you then invite questions around the decision and waste time in addressing those questions. By not stating a reason many decisions like this will simply go unquestioned in a "nothing to see here move along" kind of way.

However, as this post illustrates, not posting a reason also invites questions around why the post was deleted.

It's entirely possible they let her go due to the DDoS, as an attempt to save their company. She shouldn't complain if her presence is fucking the company so much (even if not her fault), especially if given generous severance and/or a promise to rehire later. Even if she's not at fault at all, Sendgrid the company is in mortal peril due to her presence, and it's not fair to customers/coworkers/founders/investors.

Regardless of the rest of this nightmarish mess, I find the idea that tech company individual hirings/firings could or should be influenced by the troglodytic dregs of the script kiddie community to be chilling.

If she has been fired because they're being DDoSed, that's a miserable precedent for anyone who works at a tech company.

Her role is Developer Evangelist. I imagine she's being let go because they viewed her behavior as unprofessional for that role. References to 'large dongles' are not inherently sexist, at least in this context. And for her to publicly humiliate a developer for that amounts to SendGrid vouching for her actions, given her role.

Granted you're just saying that _if_ it's because of the DDOS this is inappropriate. I'd agree, but I doubt that's the reason, unless it is just what happened to draw their attention to this.

If her role is 'developer evangelist', then she's doing her role - being an evangelist about the developer culture. Evangelists 'spread the message', which is exactly how she behaved here.

For what it's worth, I think 'evangelist' is a stupid title and 'advocate' is better. Yeah, 'evangelist' sounds cooler, but evangelists get in your face about unprovable stuff and harass you until you comply - not something you want to evoke in your job title. The standard joke about door-to-door evangelists is that you shut the door in their face.

I find the idea that tech company individual hirings/firings could or should be influenced by the troglodytic dregs of the script kiddie community to be chilling

I totally agree. It feels like a sort of toxic leakage of what should be safely contained in disreputable corners of the internet.

Still, doesn't that just feed the mob mentality? And can't Richards' supporters launch a DDoS as well?

So what you say is possible, and a panicked company might throw an employee overboard, but at the moment (11:13am pt) I still wouldn't rule out account-compromise-and-hoax.

>"And can't Richards' supporters launch a DDoS as well?"

The sentiment around places where "DDOSers" might hang out is pretty heavily against her. Remember, a programmer got fired for a harmless joke, at a programming conference, thanks to an over-zealous "evangelist".

This whole situation is ludicrous.

People who oppose her are more likely to DDoS anyway just for lulz, really. I suspect the lulz here are now self-sustaining, rather than an actual attempt at influencing policy.

Someone on their twitter feed mentioned 5 hours of downtime and that it's affecting his business.

I'd have switched already, because I can't see this getting resolved before next week at the earliest. There are just too many ways to continue to disrupt an ESP -- DDoS on the web, DDoS against SMTP, spam against people who fail to do proper DKIM/SPF, etc. Email deliverability isn't exactly the most reliable part of the Internet even normally, and when large numbers of motivated trolls have declared you the enemy, ...

Switching to Mailgun (for high value stuff) or Amazon SES (for low value/cheap) is pretty easy.

Don't negotiate with terrorists.

That only works when you are dramatically more powerful than the terrorists, though.

I'm not sure I agree. As soon as you reveal you're open for business like that, it's an invitation to be shaken down endlessly.

Normally you negotiate with the first one while hardening everything to take them on if it is attempted in the future. That's why the fledgling USN got the Constitution-class, or in this case, harden, develop better HR policies, and get cloudflare or prolexic.

If SendGrid's Twitter account had been compromised, they'd have told someone by now. So I guess this is real after all.

Gah, this is just an absolutely terrible succession of events. These guys definitely did not say anything that was that harmful. Their jokes may have been crude, and they may have been loud, but that only makes them annoying, not sexist. Adria has every right to post about her annoyance, but her claim for it being sexist is exaggeration. The companies reacting to this by firing the two developers is absolutely wrong, and then the community's sexist responses to Adria is just disgusting. And then Sendgrid brings the whole debacle full circle to fire Adria too? What is this, amateur hour?

That's what I don't understand - where the hell did sexism come into this? Telling dirty jokes is not sexist. Women tell dirty jokes too. This whole thing doesn't make any sense at all.

There's a new tweet on their feed which seems to be a legitimate status update and the previous one about the firing has not been deleted. This could be cleverness by someone who compromised the account or it could indicate the announcement was in fact true.

Another point for 'not fake':


That's from a conversation on the Live Chat option on their site from a few seconds ago.

Sendgrid seems to be in control of their twitter account. https://twitter.com/SendGrid/status/314794418660065281

Is there a systematic process to follow before being allowed to kill a submission?

The feeling of censorship is real, although unintended.

In this day and age, thats probably because no reporter ever called to ask and verify.

You're assuming a zebra event. But this is looking very much like a horse.

It's not fake. They just confirmed it on their site:


My post on this was deleted as well:


Just because it's written on their blog doesn't make it true


Suppressing what a lot of us consider news based on assumptions seems extremely presumptuous.

I kind of think you're wrong, they've carried on tweeting status updates about the outage after the termination tweet

If it's scheduled from Hootsuite then it doesn't matter; it will still post.

>We're assuming these are fake, and that someone just got hold of their Facebook and Twitter passwords.

I saw threads on /b/ last night where people were rallying the troops to attack her and everyone associated with her. I really wouldn't be surprised if they managed to compromise a few accounts.

Another clue that supports Send Grid has been hacked is that on Adria Richards' twitter she says that Send Grid supports her.


Note that SendGrid didn't once themselves state that they support her, which could actually support the firing hypothesis more.

That was posted before everything blew up.

It wouldn't be the 1st time her published opinion differed from reality (re the "forking" comments not being said in a sexual context[1]).

But then in this new age of media, it seems sensationalism is more important than facts presented with civility.

[1] https://news.ycombinator.com/item?id=5398681

What seems more suspicious is why the termination of an employee would be so public -- on all major social networks -- rather than a formal dismissing on the website or to a reporter.

Perhaps I'm uneducated on the topic, but it still seems suspicious.

I agree. Turning the conspiracy dial up one more notch and assuming that SendGrid is caving to a DDOS attack, a very public dismissal might be a requirement imposed by whoever is behind it.

It's not 'very public' on their behalf, it's just publicly announced, if it's true. They haven't gone into details, they've just said that she's been terminated.

Faster turnaround - the people being angry are going to see it straight away, and aren't going to constantly reload an unrelated website to see if there's been a development.

This is most certainly not fake.

Why would you delete stories that you think are fake, without any facts indicating they are fake?

I can't articulate it well, but for some reason this strikes me as a odd, especially since these stories ended up being true.

Exercising caution and what looks an awful lot like journalistic integrity standards? I don't want this to come across as a back-handed compliment, but I'm impressed.

They have posted new status updates regarding the service to Twitter, and left the message regarding firing Adria, so I am not sure it is a fake.

I would expect denial from one of the founders or Adria if this were the case "hey guys ignore that post, we're hacked!"

Considering a lot of corporate protocol and the pace at which this is happening... 1) I think they're holding off on all comment besides what we're seeing (if it's real), and 2) I agree with the person who says that no legal department would allow this to happen. I've followed SendGrid closely for a few years and this seems very uncharacteristic.

Startups aren't like IBM, they don't often consult a "legal dept" (I doubt one exists at a company of 60 people), and often fly by the seat of the founder's pants. Either way it's really bad for SendGrid.

True, but I do know they have dedicated HR staff and Isaac Saldana et al don't seem to be that loosey-goosey, if you will, about decisions like this.

On the other hand, there seems to be little other than a few messages about status updates. Even if it seems uncharacteristic, it's looking more and more to be true that she was terminated in a very ugly and public manner.

Also, just checked: they do have a General Counsel, Michael Tognetti. Whether he was involved or not, I don't know. It was pretty ballsy to go about this the way they have, if you ask me.

I agree!

PG: has anyone tried reaching out to SendGrid to give a comment? I'm sure if you gave a call they'd say something :)

I tried, and they did respond that it was true:


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact