Hacker News new | past | comments | ask | show | jobs | submit login
Results of the GitHub Investigation (github.com)
739 points by danielsju6 on Apr 21, 2014 | hide | past | web | favorite | 479 comments

"We didn't do anything illegal, or that would leave us vulnerable to a lawsuit" is about the only content that this blog post contains.

While Horvath characterized much of her woes as being gender-related [1], the investigation could have classified most of them as either unprovable or terrible-but-not-provably-sexist (in particular, the behavior of the Preston-Werners).

I doubt it will ever be clear what actually happened. Theresa Preston-Werner's response [2] spends more time avoiding topics than actually covering them. Tom Preston-Werner likewise [3] makes sure to reinforce the fact that GitHub is immune to lawsuit while providing no real details. I'm sure there are plenty of GitHub employees who have a strong opinion, but enough of them seem to have an ax to grind in one way or another that it's hard to trust that testimony.

[1] http://techcrunch.com/2014/03/15/julie-ann-horvath-describes...

[2] https://medium.com/p/2fe173c44215

[3] http://tom.preston-werner.com/2014/04/21/farewell-github-hel...

You're right. It will never be clear what actually happened. I think Internet message boards create the perception that outcomes like that are rare. They're not: they're the norm. That's how it's supposed to be. We don't get to know everything and we need to work within the limits of our knowledge.

The only problem for GitHub now is finding a way to attract talent. If your best response to

"You have a hostile work environment."


"We don't have a provably illegal hostile work environment."

then that doesn't inspire great confidence when evaluating it as a place to work.

If you want to know if GitHub is a hostile work environment according to women who work there, take a poll of current and past female employees, including Horvath.

I did. So far it's working out in GitHub's favour. But maybe I missed something, so do your own research.

That's interesting - want to give your numbers?

I would think, however, that any sort of reasonable minority calling it a "hostile work environment" would indicate a problem.

In theory this sounds like a good idea but in the aftermath of such drama, most women will not speak up. They'll lie to protect themselves instead. It makes sense and is totally understandable. Most women are not like Julie, which is why we're hearing so much about it.

I think this can have positive outcomes for GitHub, if they allow it. And if Julie does. Right now we're just in the "public fighting" phase.

The best part is, 15% of GitHub's employees are women, and only 6 of them are developers. So you could actually do a really accurate survey with a small sample size!

That's not actually a response to my post, which is about polling female employees and not men.

What a drama queen. Hard to take her seriously with these antics.

Yes, this is a common rhetorical tactic used to dismiss the opinions of women when they address issues of sexism publicly. Thank you for demonstrating this disingenuous method of discourse so ably.

No, but denouncing everything as sexism is. Her issue is with another woman. That argument doesn't apply here. Unless you're suggesting that both me and the founder's wife are sexist.

I love all the random people piling on as though they're intimate with the parties or facts involved, taking 140 characters as a single data point to pair with their prejudices to draw a line to a foregone conclusion. It's a very strange time in the course of human development.

I believe they hired HR and put new policies in place. Chances are this incident will make it a better place to work than before.

True. Chances are also that our collective estimate of how great a place it is to work at are now more accurate.

That probably says more about the mythological status they had before than about the reality now, but it of course will have an impact on their ability to hire though.

It also should have, and it's normal, and it's how startups turn into big-corps, and that's just the way things are.

The sad truth about culture is that a sustainable culture will feel much more like your parents home than your college dorm; and that will never change... because it's a good thing.

"The sad truth about culture is that a sustainable culture will feel much more like your parents home than your college dorm; and that will never change... because it's a good thing."

That is the single best line I've read about work culture in software companies in......ever.

This does depend on how dysfunctional your parents' marriage was. Though, I suppose a marriage in which both partners feel trapped is sustainably dysfunctional in that it won't end.

And this speaks, in many ways, to the purpose of HR. It's not good enough to say "We don't think we have a hostile work environment", or "Asking around seems to show that we don't have a hostile work environment". You need to be able to say: "Here's why there is no way we can have a hostile work environment, and how we're taking action to ensure we don't". Part of it is policies, part of it documentation of events, part of it is ensuring that employees feel they have a way to resolve situations.

I read Github's statement as: "We don't really have any evidence of anything, so we're not going to say anything because we might get sued by one of the involved parties." That situation isn't a good one to be in (and letting an organization get into that situation is serious negligence on the part of leadership).

> You need to be able to say: "Here's why there is no way we can have a hostile work environment, and how we're taking action to ensure we don't". Part of it is policies, part of it documentation of events, part of it is ensuring that employees feel they have a way to resolve situations.

I'm skeptical. The fact that there is a documented procedure isn't nothing, but it's not that much more than that. I suspect if I went back and counted, a strong plurality of the "I worked in a hostile male environment" accounts I've read occurred in companies with HR departments and explicit sexual harassment policies- GitHub was pretty unique. I've worked in ten-person companies with an HR person.

What an HR department does is make sure management doesn't get sued. The culture of the company isn't something they can control by fiat.

HR is a dangerous force like that, you bring it in to prevent discrimination, and before long it exists only to hold open the door and collect signatures for anyone who registers a complaint.

But does anyone actually think Github has a hostile work environment? There is a difference between misunderstanding and systemic hostility.

I would submit that at least one person thought it was a hostile work environment.

At every company in the world you can find at least one person who hates their job or has problems with their coworkers. I'm not sure they are the person you go to for a fair opinion.

> the investigator did find evidence of mistakes and errors of judgment.

GitHub isn't denying that there were problems and isn't claiming that her story is a complete fabrication. They merely said they don't believe they will lose a lawsuit over it. If anything, they validated that her opinion was fair

If you read Theresa Preston-Werner's post (linked above), she claims that the "mistakes and errors of judgment" were completely unrelated to the harassment story, but were discovered during the harassment investigation.

That's Theresa's claim (if we are going to play he-said-she-said we might as well be consistent). The official response does not suggest that the errors of judgment were unrelated to the subject at hand

The official response doesn't say anything about the errors of judgment being related or unrelated.

That's a good point, though: from our perspective it is still just he-said/she-said (er, she-said/she-said), and I guess it will always be. I guess it just depends on who we (individually) feel is more credible.

Based on Hovarth's public behavior, I'm not feeling too great about her story...

What makes Horvath's claim have any more bearing than Theresa's? What happened to "innocent until proven guilty"?

A priori, Horvath's claim has no more bearing than Theresa's. That part is very clear and it takes a very strained interpretation of my words to conclude I automatically assumed Horvath was correct.

My first comment was in response to onewaystreet's comment "At every company in the world you can find at least one person who hates their job or has problems with their coworkers. I'm not sure they are the person you go to for a fair opinion." The statement seems to imply that it was sour grapes and not an actual systemic problem that led to this situation. My response was that Github's official response admitted that there were problems (explicitly, mind you) but they believed they would win a legal case if it came to it.

My second comment was in response to kelnos's comment 'If you read Theresa Preston-Werner's post (linked above), she claims that the "mistakes and errors of judgment" were completely unrelated to the harassment story, but were discovered during the harassment investigation.' That comment gave Theresa's story much more credibility than Horvath's. Now, this would be a standard he-said-she-said were it not for the fact that Github's reply doesn't refute Horvath's allegations. In fact, Github's reply implicitly refutes Theresa's claim: after all, if what she were saying is true, the official response would have made it clear that the investigation uncovered issues unrelated to the situation at hand.

> if what she were saying is true, the official response would have made it clear that the investigation uncovered issues unrelated to the situation at hand.

That is not obvious, and I think it is impossible for us to figure out why the PR agency/HR/management/investors/lawyers that crafted this statement was not more specific and what it means that they did not say something. Only reading the report itself or getting a full summary of it can help with that.

They also don't say anything about the Preston-Werner's suppression of the truth about the moon landings.

Because tech companies have never followed any significant rules regarding employment, most tech companies are de facto hostile work environments, even if they try not to, because of the behavior of individuals toward each other. There's a culture that is changing, if slowly, but this is basically always the case.

IMO what it means is that people should work extra hard not to contribute to a hostile work environment, or expect to be perceived as contributing to a hostile work environment at randomly unpredictable points in their lifetime.

I think a lot of people do.

I can make that same accusation at any company you can think of, and the best response they could hope to give is "no, we aren't a bad place to work."

I'd say the fact the offending party no longer works at GitHub is reason enough to give them the benefit of the doubt. Of course if this happens again, I'm willing to revisit that opinion.

Shit does happen, regardless of the majority of one's coworkers best intentions.

Can you show me a work environment that is not hostile to anyone?

Every work environment has hostilities. The only way they each differ is in who is the recipient of the hostilities, the degree of hostility present and if that hostility is illegal or not.

In that sense, the statement "We don't have a provably illegal hostile work environment" means exactly nothing, making Github no different than all the other workplaces you are evaluating.

There are three sides to every side of a story... TPW's side, JAH's side and the facts. Given that all we really know are TPW's side and JAH's side and that we have no real facts beyond admitted errors in judgement, we really have no more information upon which to base judgement than before. I know of no company in the world provably immune from errors in judgement, do you?

In other words, you and everyone else should evaluate github based on everything else you know about github and completely discount this entire debacle, since it has not shed light on anything that isn't as equally possible at every other company you may be considering.

> Can you show me a work environment that is not hostile to anyone?

That strikes me like saying that all sex is rape, it's just a matter of how violent or unwilling.

Thank you for contribution. I'm trying to figure out which of the common relevance fallacies it falls under if anyone can help? Here are the possible options as I see it.

* reductio ad absurdam

* red herring

* strawman

* non sequiter

Reductio ad absurdum is actually a completely legitimate method of argument. There is nothing fallacious about it whatsoever.

Thanks for that. Went ahead and googled "reductio ad absurdam vs strawman" to learn how the two differ and realized I erred including it in the list. Since the person I replied to either meant to replace my premise with one I do not hold or change the subject slightly, so it's either a strawman or a red herring.

RAA is actually viewed with some skepticism in some branches of logic (not so much because it is invalid but because it can be more easily misused in arguments where the underlying assumptions are not apparent). RAA is kind of analogous to the Axiom of Choice if you like — some logicians go out of their way to avoid it.

Not disagreeing with you, just raising a point.

Here's a relevant link:


Incidentally (a further parallel to the Axiom of Choice) Intuitionist Logic is also referred to as Constructive Logic.


One branch of constructivist mathematics eschews the axiom of choice, and all do not allow proof of existence by RAA on non-existence.

Surely other women work there. Time will tell here, won't it? The story is dramatically more powerful if other women come forward. I don't know that it lessens things if others do not but it does create some interesting questions to those brave enough to ask them.

> The story is dramatically more powerful if other women come forward.

This is dangerous logic. The court of public opinion is a feedback loop. If an unconfirmed accusation gets no traction then the most hardcore wrongdoers will escape justice because everyone is too afraid to come forward. At the same time, if a confirmed accusation goes unquestioned then someone who has made a false or exaggerated accusation has a huge incentive to cajole friends into making confirmations that are also false or exaggerated, and the more false accusations are made the easier it is for the original accuser (or the likes of Nancy Grace) to convince others to make further false accusations.

That's why these issues are so contentious. Getting to the real truth is practically impossible because people form an opinion first and then produce evidence that comports with it, and that misleading evidence influences the opinions of others who do the same thing until the truth and the story have no relation to each other.

It's an issue where you have to choose between punishing a lot of innocent people (and increasing the power and thereby occurrence of false accusations) or allowing a lot of guilty people to escape punishment. There isn't a good answer, and that makes people angry -- especially if you're one of the innocent people who was punished or one of the victims of the guilty people who weren't.

If this is a true systemic problem, the next person better be sure to actually collect evidence/proof of what happened and then clearly present facts instead of resorting to histrionics.

If this whole thing were as bad as JAH has made it out to be, I would have imagined we would have already seen damning emails and other written correspondence backing up here allegations. As a company that doesn't most of its work asynchronously through written prose, it's not like github doesn't have oodles and oodles of written correspondence that would support her position better. There's email, pull requests, chat, etc. Given the duration of employment, she must have plenty of things to point at. If she didn't she should have made sure that some of the offending interactions were captured in written form at least once.

The best talent probably won't be so quick/shallow/naive to pass judgment so quickly.

It probably will challenge their recruitment of women though.

The "best talent" would probably rather work at a company without these kinds of allegations than at one with them. They might be unfounded, but why take the risk? If you're the "best talent," you've got a lot of other options.

The best talent would rather work on interesting problems and products. The fact that there may be some wrongdoing happening in some far corner of the company that is almost personal between the parties involved should be so down the list of reasons to work at a company.

The answers to these questions are still true today:

* does github make a great product? yes. * does their product make software development and open-source better? yes * are there interesting problems to work on there? yes. * would I be working with very talented people there? yes. * based on what we know as facts or admitted to as facts, would taking a job at github subject me or people I care about to these injustices? AFAICT that's no more likely than at any other company comparable to github in terms of the benefits of working there. Anyone working at github is there at will. If they feel wronged, they can leave, which means I don't have to worry about people I care about being wronged.

The only way my mind would change on this is if I see a voluntary exodus of talent from github over what happened. Absent talent leaving in the current hiring market, we can only come to the conclusion that these wrongdoings were isolated and personal.

Let's keep an eye out for who has left since March 15th, 2014 or so and leaves over the next 3 months. Of that cohort, discount TPW, JAH and anyone who leaves to join TPW's new venture. With the remaining figures, then check if that churn rate for github is any higher than it would have been had this event never happened. If it is not, then this whole issue is pretty much irrelevant.

The problem is that every (large enough) company really does have issues like these, no matter where you go. And it's not that they should be ignored but what should be looked at is the infrastructure to resolve them.

They're hiring new HR people, GOOD. They're adding training for employees (probably much to the annoyance of those employees), good.

These means that it'll be easier to make the places safer and better for everyone. That's what I'd look at.

Interestingly enough, I'd say that smaller startups suffer from larger biases. Basically if the founders don't like you for some reason or another, you're in for shit. If a "CTO" who worked at the company since the beginning doesn't like you, you're fucked as well. And there's no HR to turn to.

This definitely does weigh into many people's consideration I think.

However, determining how people will decide when put to such a situation is difficult. Speaking personally, I would certainly be wary, but I'm not going to dismiss a potential employer outright over something I don't have the complete facts about over one story.

I think it's not so much the allegations of a hostile work environment that would keep people away, it's the idea of working a company with ridiculous drama that looks like it came out of a bad high school movie. It indicates an unhealthy number of non-grown ups in positions of responsibility.

So "women" and "best talent" are mutually exclusive? Classy.

That was absolutely not my implication - that is an incredibly dishonest commentary on my post.

It's probably not what you meant to say, but it is a plausible reading of the actual text - it's just a slightly awkward phrasing that appears to say 'the best talent won't care, but women might' which casts them as disjoint groups.

I cannot believe the over-sensitive linguistically challenged group that must be downvoting that. Boy, doesn't it suck to know that sometimes words join together to have meanings and occasionally it includes one you weren't thinking of? Best approach is to say 'oh oops, I didn't mean that' and learn to construct your sentences better for next time. Worst approach is to deny that it could have meant that and learn nothing.

news flash: 80% off work environments are hostile.

Followup: that statistic is 75% made-up.

As a lawyer friend once told me regarding lawsuits: "People who hunger for the truth will go to bed hungry."

I agree, with the exception of "that's how it's supposed to be." As defined by who? Knowing what happened and understanding why makes deciding on a resolution possible. The suggestion that keeping those things vague is somehow desirable is hard to fathom, unless your perspective is that of an abusive employer who doesn't want to have to change his or her practices.

Human interaction is not black and white (don't read into that). While this situation will never be totally transparent to the vast majority of us, the necessity of working within our limited knowledge does not imply our knowledge should necessarily be limited.

I like to call this outcome a "non-answer answer". Very common in the corporate world.

Don't forget this link, the anonymous GitHub employee response to Horvath's claims: "Facts Conveniently Withheld".


Have there been any confirmation this is actually a Github employee? Because as far as we know, this could just as well be a troll.

And here's Theresa Preston-Werners side of the story:

What every founder fears - https://medium.com/p/2fe173c44215

To be honest, the entire problem IMO was always with the wife, Theresa Preston-Werner. She should have known better and I think it comes from her lack of professional experience in the workforce.

FULL explanation: It comes down to the unrestricted access that was granted. It introduces a person with extreme power but carries no responsibility with regards to work or culture. The end result is what we have today. This type of culture is actually very prevalent in asian companies (where families have unrestricted access) and have been demonstrated to be extremely detrimental. Theresa Preston-Werner blog post is extremely telling where she says "I have many close friends at GitHub, and I certainly had reached out to them when I began to build my company". My wife made the same mistake at her first job (trying too hard to be friends), except that she was an individual contributor and not the wife of the CEO. Her co-workers could just tell her off and she quickly learned the balances that were necessary. It's obvious that Theresa had no experience of this kind and had too much power for people to say "no".

I want to add, I think there was an overfocus on gender issues by all parties (victims, plantiffs, media & company) in the first place. When I read the original article, I felt that regardless of the incident, Julie Ann Horvath was just pulling out the gender card. This was a mistake since it gave Github an easy way out to simply deny the gender-based accusations without any wrong doing.

Despite, being found not guilty of the harassment accusations, questions popped up regarding Tom’s judgment in a separate area. We learned that unnamed employees felt pressured by Tom and me to work pro-bono for my nonprofit.

The whole issue wasn't merely (the alleged) harassment as much as it was the appearance of 'undue influence'. The admission that GitHub forced out the co-founder for this very reason--all the while stepping clear of the topic of sexual harassment--is basically the crux of the matter.

I sort of feel that if this anonymous posting was 100% accurate, then the cofounder wouldn't have resigned. Better if the people involved came out and told the truth.

Not necessarily. Even if Horvath was the original bully, inappropriate retaliation can still get you fired.

Also, it may have come out in the investigation that the founder gave his non-employee wife way too much inappropriate latitude inside the company. She's conceded that she went too far with her activism around her startup. But especially if she crossed boundaries and had inappropriate access to private company information (as Horvath said she claimed), the founder could take the fall for enabling that.

She's conceded that she went too far with her activism around her startup.

That's a nice way of putting it.

If his statement is to be believed then his resignation did actually have nothing to do with JAH's allegations. I'm not saying that anyone is lying here, just that the anon posting is plausible. I agree with you that it would be better if everyone just told the truth.

I agree with you that it would be better if everyone just told the truth.

Out of the mouths of babes...

Let's not go there. Incorporating random anonymous posts will only make things worse.

For all we know Julie-Ann started dating someone close to Theresa Preston-Werner who shared that he, and several others, slept with her and could even be the father of Tom's child and then refused to distance himself from Theresa. When she shared this sad state of affairs in her private love life with some colleagues she was suddenly requested to meet with Theresa and....

See how that's both consistent and perfectly plausible yet still went from bad to worse pretty quickly? These things are messy enough as they are; let's not make them any messier than they need to be.

>if Julie wants to share this story so publicly then everyone should at least have all of the story

the whole thing is crass and distasteful to my british sensibilities, but if this the future of how conflict in internet corporations is represented, then we shouldn't be surprised to see allegations from all sides. The key skills that we as audience have to develop is critical thinking, impartiality and a good sense of decency.

we shouldn't be surprised to see allegations from all sides.

The line is drawn at "anonymous internet sources". At least in the sense of euclidean geometry, that is not a "side" of the argument as much as it is a literary device to create an infinite attack surface.

Since you don't have a means of contact in your profile, I'm just going to tell you directly. That was an incredible turn of phrase. Really nicely said.

Anyone speaking against Horvath would be publicly attacked, and GitHub employees aren't allowed to speak of the matter. Unfortunately anonymity is the only option.

We shouldn't be surprised, still, but we should be more on our guard when looking at the sources from any angle.

How about it being true? You still want to ignore that? Or are you too biased?

Is a source any more reputable just because it's not anonymous?


A named or pseudonymous source necessarily has an associated reputation, but an anonymous source has no reputation at all.

A reputation for lying is stronger evidence that the information might be false than is no reputation at all.

I disagree. We must treat every anonymous source as if it has that reputation for lying, as otherwise a source can simply become anonymous to improve the credibility of their lies.

Until, of course, a source presents evidence, at which point we evaluate the credibility of the evidence instead of the source.

Not really...

Even taking all emotion out of it, a story from a source that is probably a lie convey s more emotion than a story from a completely unknown source.

Maybe not by definition, but it's almost irrelevant because a not anonymous source is so much easier to verify / disprove. Sure, in theory an anonymous source could be 100% accurate, but since they are very tricky to back up, they almost always have the effect of stirring the pot without resolving anything, and thus quite often appear as nothing more than attempts to do just that. And after a while, people unsurprisingly start to treat them as such.

Well, certainly it's significantly more credible if it's an actual Github employee putting their name on it and standing behind that sort of statement. At least in that case you would hope that the possible repercussions of making such a bold lie would prevent most people from lying about something like that.

I doubt there will ever be any clear explanation on what happened. Two sides of the story basically tell two different stories. As someone mentioned in the post, Julie posted some tweets in response to Github's announcement today. (https://twitter.com/nrrrdcore)

1. Bullying someone into quitting: Illegal.

2. Asking an employee to relay private conversations between her and her partner: Illegal.

3. Justifying the harassment of an employee because of her personal relationships: Pathetic.

4. How does it feel to make money for liars and cowards?

5. Pushing women with strong opinions out of your company because they disagree with you is wrong.

6. What number am I on? Oh yea, how do you sleep at night?

7. Leaving GitHub was the best decision of my life.

8. There was no investigation.

9. There was a series of conversations with a "mediator" who sought to relieve GitHub of any legal responsibility.

10. Whose reasoning included "would it surprise you to hear that [your harasser] was well-liked?"

11. No, no it would not.

12. Women at GitHub who sprang forward to defend the men who harassed me, it is naive to think the same thing cannot and will not happen to you.

13. Best of luck rolling the dice.

14. A company can never own you. They can't tell you who to fuck or not fuck. And they can't take away your voice.

15. Unless you let them.

16. Hmmm still no mention of the man who bullied me out of our code base because I wouldn't fuck him. Too popular to be accountable, I guess.

You can never know which side of the story is true, but it's worth noting that one side of the story looks crazy and the other does not.

It's hard to quantify the smell of crazy, but we can start with an overwhelming interest in insulting the other party, and the claims stretch credibility. For example, consider the claim that a man "bullied [her] out of our code base because I wouldn't fuck him". This is a very strong statement and it seems unrealistic that investigators, lawyers, and other people within Github would come forward with "no evidence" of such things happening. On the other hand, it's the sort of thing you would say to appeal to the Internet social-justice-warrior crowd. Even the phrasing smells like something you'd read on Tumblr or a r/shitredditsays comment thread.

I don't think I can make a strong inference about what actually happened, but I would not treat this whole kerfuffle as a useful source of information about gender issues in technology--except that this is another example how powerful accusations concerning touchy issues can be, even when there is "no evidence" for them.


Her responses also failed to address the fact that one of the co-founders resigned.

So at the end of the day we have someone spewing vitriol; and someone stepping down from a prestigious position as a show of good faith. That's the only evidence I have and it doesn't reflect well on Julie at all; I can only imagine what it's like to work with a person who spits out expletives at that cadence.

When bullying or harassment occurs in any environment unless there is intervention it will not stop. There is ample opportunity to collect evidence beyond hearsay. What proof has either side provided?

That actually sounds extremely plausible to me. I mean, I don't think the guy literally said to himself "she won't fuck me, revert!"

What I imagine happened is some guy at work had a crush on her and made an awkward pass at her. Maybe he tried to smell her hair or something, I don't know. She shot him down, then he got all butthurt and started undoing her commits on the projects they worked on together. Because they were painful reminders of her.

From his perspective, he's a sensitive guy who just got rejected and isn't coping well. But to her, he's the guy deleting her code because she wouldn't fuck him.

That doesn't seem crazy at all to me. It seems totally possible, and just the kind of situation competent HR departments are supposed to prevent and mitigate.

She isn't helping her case with this ranting list. I'm certainly not saying that she's acting out some kind of "hysterical female" trope, but she is kind of acting in a kind of stereotypically "hysterical female" way. Legal counsel would probably suggest she stick a cork in it rather than make herself look bad.

Men are also capable of angry twitter explosions with the properties I'm talking about. I don't see why you felt the need to bring up the "hysterical female" stereotype. It doesn't add anything to the conversation.

Being labeled as a "hysterical female" or "that girl" is an often stated concern of women who speak out against workplace harassment.

(I am speaking in general and totally not referring to any specifics of the situation here.)

A lot of internet feminists and others have pointed to the gender dimensions of the issue. I figured it made sense to address it straight off. Since she is kind of ranting.

I would rant if I had to deal with shit like that, too, assuming that her account is accurate.

Ah yes; you know exactly how you would react if everything you've worked for for several years vanishes into thin air just because your CEO's wife has boundary issues and your company doesn't know how to deal with shit like that.

    "Pushing [people] with strong opinions out of your company 
    because they disagree with you is wrong."
FTFY. This may or may not be a truism. Circumstances matter. If you are trying to steer a ship of several hundred people in one direction and you have one loud naysayer with poor tact, you are justified in pushing them out of the company. Should you listen to their opinions and give them adequate consideration? Certainly. But if they are being disruptive and toxic, pushing them out is acceptable. Allowing someone acting in a visibly toxic way to remain at the company is poor leadership. I say this as someone who was once that toxic person and also as someone who has raised concerns about the deleterious effects of toxic colleagues.

How you say something matters as much if not more than what you are saying. Given the tweets and posts I've seen from JAH, it's pretty easy to imagine prior behavior that others would have considered toxic.

Yeah...sometimes Twitter just isn't the best place to make a cogent argument:

> 1. Bullying someone into quitting: Illegal.

If that bullying falls under the legal definition of harassment, then yes, it is illegal. But that's kind of begging the question a bit (e.g. Bullying someone is illegal because it is harassment). The thing is, some/much what Horvath described was assuredly captured in electronic records. If she believes something is illegal, and she is not afraid of speaking out, she should take the next step and file a lawsuit.

> 2. Asking an employee to relay private conversations between her and her partner: Illegal.

OK not sure what that refers to. Again, Twitter is not great for these things.

> 3. Justifying the harassment of an employee because of her personal relationships: Pathetic.

Who justified what?

> 4. How does it feel to make money for liars and cowards?

OK and then the rest of this seems like free association. I agree that a third-party investigation instigated by the accused is not automatically the truth, but neither are accusations. The word illegal has real meaning and if Horvath has the proof, then let's see it, rather than have a TechCrunch retelling be the canonical source of facts.

Some of it is contradictory [7,5 vs 1], and some sounds like outright crazy emotional, attention-seeking drivel [16]. Definitely not helping make her case.

Going by the TC account (and taking the account there at face value) it sounds very much like bullying of an individual rather than anything gender-based. What's missing is why they got so paranoid about her as a potential troublemaker in the first place before they (allegedly) started handling it like chumps.

This story (unfortunately now dead on Hacker News) claims to fill in what's missing:


Money quote:

Around the end of 2012, Julie started dating a close male friend of the cofounder’s wife and didn’t like that they were close. She asked them to stop being friends and when they would not end their relationship, Julie started telling coworkers that the wife had affairs and that the cofounder’s newborn child was not his. She told this to multiple coworkers directly and also to the wife through her boyfriend.

This is where the wife reached out to her and the rest of her story starts. All of Julie’s story involving the cofounder’s wife occurs only after Julie was spreading vicious rumors about him to even new employees.

Of course, if you doubt Horvath's story, what makes this one any more credible to you?

There is little to suggest to us that one account is more credible than the others. Our main take-away here should be uncertainty. We don't know what happened; we can only know what some people think happened. Considering other viewpoints, even anonymous viewpoints^, serves to highlight the inherently uncertain nature of the truth.

^ Non-anonymous viewpoints could perhaps be considered more trustworthy because there is the threat of a libel/slander lawsuit if they are complete fabrications. However on the other hand, all/most of the non-anonymous viewpoints that we have are the viewpoints of people directly involved in the scandal. We can assume that the anonymous viewpoint, if it is not a fabrication, is not from somebody involved in the scandal. However since they were not involved directly in it, it is also possible that they received an incomplete picture of everything... Everything is uncertain. I am reminded of the closing dialog to "Burn After Reading".

It's much closer to how people actually behave.

I don't think I could ever so narrowly define "how people actually behave," personally. I'm not even sure what you're implying the implausible behaviour in Horvath's account is.

Honestly, I found Horvath's account to be fairly implausible from the first time I read it. The kinds of things she alleged don't happen in a vacuum: if what she was saying was true, there should have been a lot of other instances of that sort of harassment, or at least indicators that something like that could happen. Horvath described some very extreme behaviors that just don't appear out of the blue.

The anonymous account just makes the whole store make a lot more sense.

> I don't think I could ever so narrowly define "how people actually behave," personally.

Really? I can. They behave messily and almost always with a keen eye towards advancing their own position, whatever it may be, rational, honest, or otherwise.

> I'm not even sure what you're implying the implausible behaviour in Horvath's account is.

The part where complex, multi-party, interactions are dramatic in the extreme, bad behavior is completely one-sided, and the entire situation ascribed to a simplistic (gender bias) narrative.

That never happens.

Putting the pieces together, what seems to make a more convincing narrative is that Howarth was a bully herself.

> The part where complex, multi-party, interactions are dramatic in the extreme, bad behavior is completely one-sided, and the entire situation ascribed to a simplistic (gender bias) narrative

I am incredibly curious how this doesn't describe the anon account much better than Horvath's, only changing 'gender bias' to 'relationship insanity.' Who has bad behaviour other than Horvath in that account? How is it not incredibly dramatic?

It reads like an episode of Jerry Springer.

Pretty obviously there was a second side to this story. Not at all surprised to read something like this, but it is sad.

Wow. Wait, what? How is this not more widely known?

If this were actually the 'truth' then you could be pretty sure some statements would have been made to implicitly discredit Julie-Ann.

It's also fairly meaningless since if you interpret this story as 'Julie-Ann started dating someone close to Theresa Preston-Werner who shared he slept with her and could even be the father of Tom's child and then refused to distance himself from Theresa; a sad state of affairs which Julie-Ann shared with some colleagues,' it immediately paints an entirely different picture.

Not really; even if that were the case, she still had no business sharing that with work colleagues.

I think its pretty telling that this an anonymous account and that no one is will to attach their name to the Medium post.

Not really. You'd have to be an idiot to attach your name to this given the shitstorm twitter would unleash upon you for questioning the narrative. No idea if it's true but in this environment anonymity is probably the default.

> the shitstorm twitter would unleash upon you

Not to mention the fact that, assuming the writer is indeed a Github employee, the fact that it would instantly place her at grave risk of losing her job.

If this person has proof (documentary, whatever) that their narrative is correct, they should step out from behind the easy cloak of anonymity and show it. Until then, they're really nothing more than a troll.

First feminists take a man's job. Then they taunt people who criticize them to use their real names. Yeah, I see where this is going.

The new Hacker News moderation team is more politically correct than it used to be. You can bet stories questioning tech-feminist narratives will be dead-ed as "non-constructive"

Pretty sure we haven't touched any of the several posts of that article. Users flagged them.

Edit: I checked. It was posted three times. First was deleted by the poster. Second was flag-killed by users. Third is still up but heavily flagged. No moderator touched any of them.

so the hn crowd is mostly pc. no surprises.

Actually the HN community is politically deeply divided. Complaints about its bias thus tend to contradict one another. For example, https://news.ycombinator.com/item?id=7630388 says much the opposite.

Many flags on political stories and flamewars come not from users with opposing politics but from users who, regardless of their politics, don't think HN is the place for them. It's a "pox on both their houses" thing.

There was a great report on BBC World Service about folks wrongly accused and/or convicted of crimes they didn't commit (in one case, a man was on death row for a couple years). A false accusation is as damaging as authorities not paying attention. The sad truth of the human experience is that without direct evidence (video, audio recordings), only the people close to it know how they saw what happened. It's then more important to redouble efforts to preserve justice by investigating thoroughly to attempt to uncover what happened, to not revictimize the wrong party.

I think it's more "We didn't do anything illegal, but we're still firing one of our founders, so clearly something was wrong."

A loud public witch-hunt also counts as a Wrong Thing, so this doesn't really tell us much about what happened one way or the other.

I seem to recall another big fight between Github employees and Zed Shaw of Learn Python the Hard Way fame...perhaps that was a warning sign that HR policies needed to be brought up to snuff or even created in the 1st place...

I don't think a fight between zed shaw and anybody signifies anything. Zed likes to fight.

Zed will standup to anyone being a fuckwit - big difference. Has naught to do with liking conflict.

This. Both Zed and JAH are difficult personalities, but a professional structure should be in place to handle matters which can distract people from work.

GitHub should have implemented a blocking mechanism to stop people inviting Zed to 'dick' projects, and if the rumour mongering story is true, HR should have stepped in and disciplined Horvath.

> GitHub should have implemented a blocking mechanism to stop people inviting Zed to 'dick' projects

They did: https://github.com/blog/862-block-the-bullies

They never admitted to it being a response to the incident with Zed, but the timing was too convenient. That blog post was dated 05/31/2011. Zed's commits to the repo in question happened on 05/28/2011: https://github.com/moron5/dongml/commit/f4b8df910e4048202768...

I'm still trying to figure out exactly what the sequence of events was there.

As best I've been able to work out, whatever juvenile oaf created the "dongml" repo added Shaw to it in order to harass him somehow, and Shaw responded by writing a script to constantly commit changes to the repo which essentially rendered it empty, which seems reasonable both as retaliation in that specific case, and for general reasons of good taste. Then, in response, Github added a feature so that the "dongml" infant could block Shaw.

Would anyone with closer to firsthand knowledge of the incident care to let me know whether I'm on the warm side or the cold?

You're close. Someone added Zed to the dongml repo just to be annoying, and Zed removed himself. But the inviter just added him again, and Zed complained that there isn't any sort of confirmation to indicate, "yes, I'd like to be part of this project," so people can add you against your will, which happened repeatedly to Zed with dongml. Eventually, Zed retaliated with his commit bot, and github apparently looked at that situation and decided that it would be best if they added a feature that let you block other users. However, the idea wasn't that dongml would block Zed's malicious commits, it was that Zed would be able to block the person that kept adding him to dongml. In other words, the github feature wasn't to prevent Zed's malicious checkins directly, but rather block the behavior that annoyed him into making them in the first place.

Zed wrote up a long blog post telling the whole story but I think it's been deleted since.

> Zed wrote up a long blog post telling the whole story but I think it's been deleted since.

The internet has a way of unshutting the whole thing up: https://web.archive.org/web/20130117043748/http://sheddingbi...

and the followup https://web.archive.org/web/20120619005253/http://sheddingbi...

Ah. Judging from the followup, and Zed seemed to be satisfied, I think I was wrong about GutHub: they handled this very well.

Ah. I think I read about it before they'd done that. Thanks for the update.

well, a co-founder was pressured or embarrassed into resigning, no? that's not a lawsuit, sure, or even a firing, but it's certainly a big deal.

Certainly, if it was a case of the guy getting pressured to leave, one could make the case that the company recognized that they had a problem and tried to get rid of said problem in the way that was least likely to get them sued, by asking someone to resign. And really, if you are an executive, and are asked to resign, what are you gonna do? You're gonna resign, and try to make it seem like a voluntary thing. Even if everyone knows you actually got your ass fired, it shows that you are the sort of executive who will play the game and not take down the rest of the company if you get in trouble.

the investigation could have classified most of them as either unprovable or terrible-but-not-provably-sexist (in particular, the behavior of the Preston-Werners).

What would it benefit Github or the P-W husband/wife for the investigation report to have published such a thing? Why air your dirty laundry in public?

It's most likely that the company and its co-founder are on the same page, if only for damage control purposes. (Why break ranks and threaten your brand and stock price, after all?)

There may have been awkward and/or angry discussions in camera. Non-insiders are very unlikely to ever hear what went on in said discussions.

    "While Horvath characterized much of her woes as being 
    gender-related [1], the investigation could have 
    classified most of them as either unprovable or terrible-
One of JAH's claims of gender bias involved a:

    "man who bullied [her] out of [github's] code base because 
    [she] wouldn't fuck him. Too popular to be accountable, 
    [she] guess[es]."
After reading that I figured it's worth browsing through JAH's github account for recent code involving HTML/CSS (since the reverted commit involved CSS IIRC), and what I found would suggest that it's more likely that she made a poor/careless commit. I posted these findings in a comment way at the end of this thread that people are unlikely to see because the parent comment isn't being voted up on. Here's the link to the comment with links to broken or poor commits by JAH:


In light of this other recent commits (by a longtime githubber who would be expected to exhibit much better git hygiene and committing habits), and lacking the content of the actual reverted commit, I would say that the claims of gender bias in this specific case appear dubious at best.

If this other githubber did in fact make such vulgar comments, we still wouldn't have enough information without also knowing if that comment was completely unsolicited and out-of-the-blue, or if it was reactionary to whatever JAH may have said to this person just prior to the comment being made. Context matters. It could have been verbal self defense in response to a verbal attack, which is still unprofessional, but far more excusable especially if the original attack was equally unprofessional and sexually-charged. Given JAH's tact thus far, her character suggests someone who would have started a verbal fight.

TBH it sounds like nothing serious that was blown up big by certain news channels. Steve Jobs could "fire" employees for "fun" in elevator and people were OK with it. But when it comes to gender/racial issues - there is no coming back even if found free of charge. So the people didnt get along - who cares. The company is great, the work they done is great - why anyone should leave? If Ms Horvath didnt felt good in this company - there were thousands of ways to deal with the issues like talking directly to interested parties. And the last one was going to press with them.

For people to settle their differences like reasonable adults really isn't on the menu in the United States lately.

makes sure to reinforce the fact that GitHub is immune to lawsuit while providing no real details

Where is this mentioned?

This thing where people think that investigators you hired are "independent" and that their conclusions carry something similar to the weight of a court of law is ridiculous.

From her blog post:

> We learned that unnamed employees felt pressured by Tom and me to work pro-bono for my nonprofit

It's really hard to take seriously the claims that "my husband did nothing wrong" when

1. He resigned. 2. She's now being accused of shady practices in her own company as well.

This anonymous post from an alleged GitHub employee adds some interesting perspective.[1] It alleges Julie Ann Horvath was actually spreading rumors of a personal nature about the founder's wife before any of this. In other words, Horvath was the bully, and she really didn't like having the tables turned on her.

If true, this would be a very difficult employee to keep at the company. She should have been fired for inappropriate behavior rather than given an elevated role (which she can now use to bolster her case). Very poor handling and it does suggest a degree of naivety on the part of management.

Having said that, the founder's wife also admits that her actions were a role in his departure.[2] It sounds like she had way too much free reign at the company and was making people uncomfortable with her activism around her startup. The fact that she presented herself to Horvath as having a lot of influence and power within the company reflects that. Plus it's a fertile ground for more serious transgressions into company privacy and so forth. Also should've been nipped in the bud early on.

[1] https://medium.com/p/d96f431f4e8e

[2] https://medium.com/p/2fe173c44215

This anonymous post is no better than the unsupported claims by Julie. Unsupported claims on top of unsupported claims.

It does sound like ineffectual people management. By the sound of it there were potentially a number of employee problems at the company, which they basically just ignored.

The fact is that if someone is a bullying douchebag, they're probably going to continue with the same behaviour. (I'm not making any comments as to exactly who was the bully here, as it depends who you believe).

Popcorn time! Seriously.

So, she thinks someone undid her commits because… something. Is it possible that her code was… inadequate? Obsolete? Had bugs? Because, guess what, no line of code could ever be changed without someone calling names. Consider this:

- OMG I am Mexican and this Asian guy undid my commits. He did it because he is racist! Call Techcrunch.

- OMG I am 23 and this 45-year old guy undid my changes. Guess I should call the papers and complain!!!

- OMG I am 45 and this 23-year old guy undid my changes. Guess I should call the papers and complain!!!

- OMG I am gay and this coworker undid my changes. He did it because I am gay and he is straight and he is intolerant!!!

- So I am Armenian and this Turkish guy undid my changes. WHAT THE HELL he did it just because I am Armenian! He hates me!

- OMG I am a woman and this guy undid my changes. He did it because he hates women! Call the police!!!

- OMG I am a man and this woman undid my changes. She did it just to because she is feminist bi0tch!!!

- OMG I prefer functional programming, but this imperative-programming guy undid my changes! WTF what a horrible workplace can I sue someone about this?

Guess what. On a large project, any piece of code may be changed by any number of people. Usually because someone found a bug, or improvement is needed. If you claim that someone changed your code _because_ you belong to some minority or whatever group, you better have some proof. In this case, if I was Ms Horvat’s employer, I would ask her to either prove her allegations, beyond reasonable doubt, in a court of law, or shut up and apologize. Maybe I would sue her for libel, too.

There appear to have been weirdnesses around the investigation, such as Julie Ann Horvath (and other ex-employees) remaining uncontacted until it was wrapping up: https://twitter.com/nrrrdcore/status/453298152569720832

So I don't know how much stock you can place behind the idea that the investigators GH hired, who did not contact ex-employees competently, found them blameless. The resignation probably speaks for more than the investigation does.

So, remember that what Julie says about them not contacting her is itself, and allegation.

Her picture proves nothing, after all.

Your conclusion about "how much stock to place" does not follow, since this allegation has not been proven true.

Having been involved in this sort of thing before, both on the "asked to investigate" and "asked to play witness for an employee side", i'd say the truth always lies somewhere in between, and both employers and employees tend to behave badly.

> the truth always lies somewhere in between

In my experience, the truth usually lies very strongly to one side of the spectrum, and sometimes beyond an extreme (as reasonable people often bend over backwards in giving their version of events, while unreasonable people do not), but you'll never find out for sure.

E.g. in the Techcrunch piece Horvath says that the founder's wife spoke of having spies, and influencing HR decisions, and so on. I can easily imagine the conversation taking place over drinks, and it could be horribly sinister or it could be someone's not-very-well-judged attempt at humor. But this doesn't mean that "the truth is in-between".

You appear to have had very different experiences than me.

Horvath said the founder spoke of having spies, etc.

The founder says she did nothing of the sort, and blah blah blah I would thus expect the truth is "the founder said she kept in touch with goings-on in the company through friends" or something similarly in-between.

Not "The founder has hired spies that prepare detailed daily reports" (which would be very strongly to one side) or "the founder has no idea what goes on in the company, and knows nobody" (which would be to the other).

IMHO, of course. Maybe you have a different view of what it would mean to lean strongly to one side of the spectrum in that situation?

Nonsense. Her picture probably opens her up to suit, where she lying about the company. At the bare minimum, any lawyer would tell her to not post demonstrable lies about the company, for many reasons. Not least of which is regardless of the whole truth, in any lawsuit (filed by her, or github, or Tom, or Tom's wife, or other parties), opposition counsel will attempt to discredit your whole testimony by finding small lies and tainting you in the eyes of the jury.

So how much stock we can expect to put into such investigations?

You demand a higher standard of evidence than you yourself meet. Especially when you say "always", with zero evidence or plausibility. (And in fact, it's a standard of evidence HN rarely meets, on any subject.) The other poster was ironically much more careful.

First, I demanded nothing. I pointed out one should not assume something is true because someone, particularly someone with a clear interest in the outcome and process, said it.

Second, This is somewhat pedantic. The OP simply assumed what whatever Jane said was true, and then went from there.

Your complaint is essentially that i did not add the words "in every case i have been part of, and every one i know about in sufficient independent detail" in front of "always". All told, that's about 43 cases.

Feel free to pretend i did write that, if it suffices.

If not, feel free to disbelieve me!

An anonymous post on medium by github insiders: https://medium.com/p/d96f431f4e8e

Unfortunate that it is anonymous, but it is still worth reading in my opinion.

This is probably the most relevant article of the 6 or so I've read in the comments. It shows both sides as human and lacking good social management constructs for the situation.

Reading several weeks of Horvath's twitter feed and several articles where she's quoted, it's apparent to me that regardless of what happened at Github, she is a bitter and dramatic individual. That's NOT the kind of person that backs down to the adult-talk at the table.

Again, I don't know what happened at github, and I honestly don't care. What I do know is that I would never hire Horvath regardless of what she could do for the company. Far too much risk, and exemplified with a terribly immature response even if everything she says is true.

Anonymous allegations are worthless unless other Githubbers can confirm this.

Why? You'd still have the same sense of doubt as to whether or not the non-anonymous person is telling the truth. The only extra information you'd have is a) you'd know it was coming from another GitHubber who could conceivably know these details, and b) if you know the person, you can weigh the words against his/her reputation and past action.

Not saying those two things aren't useful, but I would certainly not characterize this anon blog post as "worthless" by any stretch of the imagination. In fact, it makes the whole situation make a lot more sense. The original one-sided account from Ms. Horvath always sounded a bit implausible to me, at least without more information to frame it.

> Why? You'd still have the same sense of doubt as to whether or not the non-anonymous person is telling the truth.

The senses of doubt will only be ~the same if your prior for the probability of "someone out of ~200 github employees would lie about this and attach their name to it" is about the same as your prior for "someone out of the other ~3,000,000,000 people on the internet would pretend to be a github employee and make this up".

The larger someone's prior is for the latter relative to the former, the more worthless an anonymous blogpost is to them.

Adding to what SEMW said: for all we know, this story could be pure fiction, written by the Preston-Warners themselves, or someone else with a strong incentive to do so.

The fact that this story helps everything "make sense" is not a useful heuristic. Anybody can craft this kind of tale, and it might also be playing on our prejudices - the spurned, jealous, bitchy lover narrative.

But, as for myself, I don't have to make any judgment, nor do I want to. I don't want to do is pick a side based on my prejudices and a few blog posts.

By now we all should know that women are routinely harassed in tech companies to a preposterous degree. On the other hand, I've seen cases where mentally disturbed people invent (or self-delude) incredibly detailed narratives of persecution. We could be dealing with a situation where one, the other, both, or neither is happening. If you have evidence that settles the case, by all means please post it.

Something that is clear is that Github's investigation was flawed. And if Horvath really wasn't contacted until late in the process, it certainly makes it look like Github was more interested in a coverup than the truth.

Very good points.

By now we all should know that women are routinely harassed in tech companies to a preposterous degree. On the other hand, I've seen cases where mentally disturbed people invent (or self-delude) incredibly detailed narratives of persecution. We could be dealing with a situation where one, the other, both, or neither is happening.

The thing that irks me about all this is that murky incidents like this, where the alleged victim is (to many) not a very sympathetic character, and possibly acted improperly herself and instigated the whole situation (if the anon blog post is to be believed), does little to help set an example for why the real instances of harassment are so wrong and terrible.

After this, I'm left with a very poor taste in my mouth. GH's investigation was likely somewhat flawed, though it's unclear to what degree. Horvath almost certainly wasn't telling the full story about what happened, and may even have instigated the entire thing, and is using the prevalence of sexism in tech (and the expected knee-jerk community outcry) to attack someone she's (unjustifiably?) angry with. Or maybe everything she's said is true, and the Preston-Werners are terrible people, and GH has/had a serious discrimination problem coming from the top. We'll probably never know.

The whole situation just stinks.

> the alleged victim is ... not a very sympathetic character

> does little to help set an example for why the real instances of harassment are so wrong and terrible.

Ah, but this is why most victims don't go public. Very few of us would look good under intense scrutiny. And I think this whole process has demonstrated how tilted the playing field is, against those who do go public.

Some people say that this is why people claiming to be victims deserve a kind of automatic support. I struggle with that, but only because I've personally witnessed a couple of the rare cases where that empowered someone who was slightly deranged.

It's telling that nobody would attach their name to the article. Horvath's already publicly laughed it off.

What was her alternate version of the missing events? It's hard to believe the techCrunch story when it starts so late in the game.

If I was in a similar position I'd take it to court, but if for some reason I wanted to do trial by media, I'd be gushing with detail.

It's not telling. Whether what you say is true or not, in either case it would be risky to attach your name to something like this.

Sounds plausible, but without a name to back it up it is nothing but hearsay.

Even with a name to back it up, it's still hearsay. I agree that it seems plausible, though, and does make a bit of sense given the rest of what we've all heard.

This whole episode has reminded me that when I start my next company we will have a non-fraternization clause.


Really? I must have missed the part where people were burned alive or had their heads chopped off.

For reference, parent comment was along the lines of "Woah. This is crazier than Game of Thrones!" Maybe an attempt at humor, but it's really not.

obvious that it's z holman.

Based on what evidence?

"Recently promoted to lead the engineering team", which I believed was ZH.

Those details completely change the story. Why not make them public when the scandal erupted instead of a month afterwards? Now that the subject is dead and buried there will probably be no journalistic investigation.

Wow, this actually makes the rest of the story more clear.

Hiring outsiders to investigate your management team for wrongdoing is like hiring outsiders to evaluate your environmental performance or to make recommendations on executive pay - possibly useful if you genuinely want to act on their findings, but equally often used to add a sheen of 'independent' legitimacy to whatever result you want.

Outsiders know what answer you want, and know it's unprofitable to have a reputation for biting the hand that feeds them.

To take a british example, back in 2006 the news of the world hired harbottle & lewis to do an internal investigation of phone hacking. Guess what, they didn't find anything.

Edit: Clarified that if the person paying for the investigation doesn't have a conflict of interest or plans to act on the recommendations, independent (or even non-independent) investigations can produce results.

I wonder if Tom know this.

Or hiring an outsider to perform a security audit. It never works. Right.

Someone hired to do a security audit has a huge incentive to find security flaws- frankly, they'll get a better reputation for alerting the company to them.

Finding bad news when you're a security auditor is good.

Someone hired to do an investigation like this has an incentive to downplay any results. If they agreed with the accusations, GitHub would either have to hide the results, or publicly say "Yeah, we think we were likely legally liable for a hostile and sexually abusive work environment". They would not be taking those auditors out for celebratory drinks.

If the consultant says "Yep, you're in the clear", GitHub can announce publicly how great everything is.

Finding bad news when you're investigating a PR disaster is bad.

How is that even remotely similar in terms of conflict of interest on the part of the buyer?

You know a company hire another companies to perform a check. They usually expect everything ok. Audit comes, it turns out there is a security hole in the software, or your books are off or you threat employees badly. Nobody wants these, yet everybody hires external companies. You think that you can bribe a legal firm to give you a green flag on harassing employees and they gonna risk their reputation on 50K USD? I don't think so...

Accounting firms provide a pretty good counter-example here. Everyone thinks of Andersen, who actually had to close as a result of their "customer-focused" service at Enron, but actually all the "big" firms were implicated to varying degrees in the subsequent unpleasant business with CDOs. Any service business will hesitate to piss off the guy who hires them every year.

This is an exception and a single case does not prove that all of the companies are like that. There is enough money to bribe anybody. As i said, 50K (or so) is not enough for that.

Does two prove it? Here's another fine example: http://economix.blogs.nytimes.com/2014/03/06/how-to-choose-a...

It's a well-known problem with auditor/audited relationships. What the customer wants is a clean bill of health after an easy audit. The auditor needs to be tough enough to maintain a good reputation, but beyond that they are looking to maximize volume. The Economist mentions this every year or two [1], and they're especially concerned when auditing firms do a lot of financial consulting for the audited firms. Then there's an even stronger incentive to make the audit generous.

Another good analogy is medical marijuana cards in states where marijuana is supposedly only for medical purposes. In theory, doctors are careful gatekeepers. In practice, the doctors doing those certifications have a strong financial incentive to certify as many people as quickly as possible. I've lived in San Francisco, and I've never heard of anybody getting turned down for one of those cards.

[1] e.g.: http://www.economist.com/blogs/schumpeter/2014/03/dewey-lebo... or http://www.economist.com/node/954033

Another example from the financial crisis is the fact that many credit rating agencies gave triple-A ratings to CDOs that were later downgraded to junk status. Guess who selects and pays the credit rating agency? As it happens, the very financial firms who originated the CDOs and want them triple-A rated to sell.

See e.g. https://en.wikipedia.org/wiki/Credit_rating_agencies_and_the...

It is widely-believed in the investment banking industry that you can find a firm that will provide a fairness opinion for virtually any transaction. They are a little bit more costly than $50K, but not more than an order of magnitude for small transactions. Mergers and Inquisitions says, "As you might guess, banks never say a deal is 'unfair' – the Opinion is just a rubber stamp to justify the deal to investors."[1]

(For the record, I never saw any unethical fairness opinions while I was in investment banking)

The consulting industry has similar dynamics. They are mainly there to provide evidence in favor of a plan proposed by whomever is their primary contact. See, for example, the article by the BCG consultant at [2]: "What I could not get my head around was having to force-fit analysis to a conclusion. In one case, the question I was tasked with solving had a clear and unambiguous answer: By my estimate, the client’s plan of action had a net present discounted value of negative one billion dollars. Even after accounting for some degree of error in my reckoning, I could still be sure that theirs was a losing proposition. But the client did not want analysis that contradicted their own, and my manager told me plainly that it was not our place to question what the client wanted."

1: http://www.mergersandinquisitions.com/investment-banking-fai...

2: http://tech.mit.edu/V130/N18/dubai.html

Ugh. It is precisely the contractor's place to question the client. "Not my problem" or "just following orders" is the worst thing about consulting. I have, on several occasions, refused to force analysis into expected results. And look at me! I'm still alive! I made more money this year than the previous two combined. Ethics must always be forefront. And if you slip, get back on it, mistakes in the past do not excuse more mistakes.

Oh, it doesn't have to be anything so brazen as them finding a problem then covering it up. It's simply that you agree to a certain number of hours at a certain price, and they run out of hours before finding any evidence of wrongdoing.

Legal firms have lawyer-client confidentiality rules, so if they do find anything, with a bit of care you can bury or lie about their findings with impunity.

Theresa Preston-Werner's response https://medium.com/p/2fe173c44215

Theresa is full of it. I have no idea what happened at Github but she's been telling people in New York she started Omakase because she's "angry with the tech industry." With that kind of attitude it's no surprise Github employees felt pressured into volunteering for her. She has admitted that she's not just someone excited about her new venture, she is beginning conversations with the idea that she knows what's best for the other person and that's working for her/contributing to her charity.

Not to mention that it seems like the tech industry has done a lot for her family's life so it seems strange and ungrateful to respond with anger that other people in positions of less influence than her family has, are not doing enough for the world in some vague sense.

Not to mention the massive hypocrisy that she is raising money from institutional investors as donors to cover operations costs for her non-profit which is ultimately a shakedown on salaried employees. There are things I agree with Theresa about, but asking the ultra-rich for money to support her venture to pressure regular people to give more to charity is nuts.

That does sound like a little more than the boss bringing around the Girl Scout Cookies signup sheet.

This is all conjecture, but this series of events got me thinking about what to learn from this.

I have a feeling Ms. Horvath and Mrs. Preston-Werner completely believe their own interpretations of what happened.

This is a good reminder of how subtle and ambiguous our and others views of the same reality is. In her post Theresa mentions having a blind spot for the obligations that github employees felt for helping her charity, but she didn't see it, she saw friends.

I think this is a good lesson to us all about not only making clear HR polices, but also always giving intentional consideration to how those around us see what we say and do. A kind of intellectual empathy.

In my mind this is the key sentence in her response:

"I was the wife of the CEO, but that never entered my mind when I hung out with any GitHubbers."

That is just not acceptable; it's the equivalent of walking around with a machine gun in your hands and saying that you never considered it might have any impact.

As much as she might have liked it to, you can't wield considerable power over people's lives and have them treat you as though you don't. It just doesn't work that way.

Your comment about ignoring the considerable power you wield over other people and expecting them to hits home for me.

I'm not sure exactly how to phrase it, but I think there's something there in general applicable to the current round of companies which have 'flat' organizational structures, but still aren't hardly employee-owned democratically-managed enterprises. [1] There are owners and bosses, there are people with ultimate decision-making powers (including hiring and firing) and those without, some who have a heck of a lot more salary/equity than others -- but at the same time, the 'flat structure' somehow seems as if everyone's expected to ignore that and act like it's not true.

It's of course not a coincidence that Github is one of the most famous examples of such a 'flat structured' (not not actually democratically-managed) companies.

And I think it's a shame that people will use this as an example of why hieararchy and authority is neccessary. I think it's more about the dangers of trying to make hieararchy and authority invisible when it actually still exists.

Thanks for your comment which helped me start thinking about this, sorry my response is much less coherent. :)

[1] http://en.wikipedia.org/wiki/Worker_cooperative

> I think it's more about the dangers of trying to make hieararchy and authority invisible when it actually still exists.

I want to emphasize this, because it is absolutely a thing that tends to happen even with the best of intentions from all parties. You can't eliminate hierarchy by hiding it.

The difficulty in this for founders is that when you start the company, you need your employees way more than they need you. They have more power than you do at the beginning. And while this slowly changes, it changes even more slowly in a founder's mind.

Don't get sucked into thinking you're peers with your employees when you decide how much they get paid, what work they do all day, and whether or not they keep their job. They don't see you as a peer.

how subtle and ambiguous our and others views of the same reality is


Everyone thinks the message of that movie is "all truth is subjective", but it's not. It's more like "the stories we tell ourselves and others are distorted by our self-image and our interests".

At the end, the movie even explicitly rejects the theory that truth is unobtainable, and that everyone is corrupt. In the movie at least, disinterested third parties who have good intentions can reveal the truth.

You may believe in subjectivity, but Rashomon doesn't.

i'm not sure where you're getting this. the parent referenced a movie, after posting a quote marveling at the different ways people interpret the same reality.

grandparent post was talking about the need for intellectual empathy. i've seen that work wonders in my life. it's like this thread of comments shows the need for intellectual empathy in microcosm.

I agree with your parent that the reference gave the impression of having misunderstood the film

It's like someone is raving about the military, and someone quotes appending Dulce et decorum est below. Not a big deal, but big enough to write a small comment making a correction, just in case.

I don't see it. The quote replied to was "how subtle and ambiguous our and others views of the same reality is".

And if people point out your blind spot: stop, listen and then reevaluate.


No, that's saying that Tom Preston-Werner was exonerated, and that a different problem surfaced during the investigation. It is not necessary for Horvath to have lied for that to be the conclusion reached. Misunderstandings happen.

>The investigation found no evidence to support the claims against Tom and his wife of sexual or gender-based harassment or retaliation, or of a sexist or hostile work environment. However, while there may have been no legal wrongdoing, the investigator did find evidence of mistakes and errors of judgment.

Using the word "exonerated" outright ignores the conclusion of the report. The github hired investigator reported no evidence of legal wrong-doing. Then the company fired/accepted the resignation of Preston-Werner for his "other" mistakes.

I think it's safe to say Github would not admit to legal wrong doing publicly as that just opens them up to legal liability. But to then say "no legal wrongdoing" translates into Preston-Werner being exonerated has to be some sort of joke.

Your scare-quotes around "other" are deceptive, since those other mistakes aren't a mystery.

I apologize if I missed it, but what mistakes did Tom Preston-Werner or GitHub publicly admit to? I just re-skimmed his blog and the github press release and only see denials of very specific terms regarding illegal sexual harassment.

So, just to clarify, you mean the mistake that he made was allowing Theresa to speak to employees of github and make them feel pressured to contribute to her start-up? or was there something else I'm missing?

    while there may have been no legal wrongdoing, the investigator did find evidence of 
    mistakes and errors of judgment
'found them blameless'?

More weirdness than the whole entire thing?

I don't think you can read much in to anything here, GH painted themselves in to a corner and either had to deny the allegations or their seriousness or someone had to get punished.

If she reported something to HR and it backfired, I think she should sue them, I really don't care about the co-founder's wife lurking around too much or who was friends with whom or who was sleeping with whom. That's pretty serious to me, so sue them.

It sounds like Mrs. Preston-Werner was a regular presence at the GitHub office and, according to Horvath, had extensive access to private information throughout GitHub's systems despite the fact that she wasn't an employee. If true, that should certainly be a privacy and security concern to any GitHub customer or user.

> If true, that should certainly be a privacy and security concern to any GitHub customer or user.

We left github private repo hosting when they got VC funding. Because of such a scenario where we could be competing with a company that was funded by the same VC that gave GH money.

Now in a perfect world that shouldn't be a problem because the VC should never access private user data. But well ... as you see it's not a perfect world and if a wife of an employee can browse through customer data than why shouldn't this be true for the guy who gave GH a few million dollars?

She apparently had access to employee data, not customer data. In my experience, businesses will often play a little fast-and-loose with employee data - far more so than customer data.

Though I agree it presents a bad image of GitHub's access control in general.

You moved into a direct competitor or you rolled up your own infrastructure?

I'm curious because if the company is not large, doesn't seem like much of a hassle having your own depository server.

Not the person you replied to, but we're a large company and we're using Gitlab internally, it even hooks up to LDAP which is fantastic. We still use some private Github projects too.

We rolled our own. Git hosting is pretty straight forward. And Gitlab makes it even simpler.

Gitlab is a FOSS self hosted alternative to github.

Wouldn't that rule out any corporation, too? Not much difference between VCs and large shareholders.

I was hoping Github would address this. But the whole post is about HR issues and having an inclusive work environment.

There was never much chance that they were going to be completely open about their findings. It would only made an eventual lawsuit against them more likely to succeed, while likely not doing anything to make people feel better about what happened. The removal of TPW is a pretty huge move either way.

Yeah I'm curious about this myself. Doesn't this create a pretty serious security situation? GitHub isn't a small startup anymore, I would assume they'd have some pretty serious security precautions in place.

They also handle plenty of trade secrets, I'd bet. They have private repos.

With so many self-hosted Github alternatives, and even Github Enterprise (self-hosted Github), I don't feel sorry for anyone having trade secrets stolen if they were hosting via private repos on Github.com.

This is incredibly troubling. How can anyone trust GitHub, knowing that non-employees regularly had access to private information?

What about de-facto board members? Tom was on GitHub's board, it was/is a small company, I don't get how "founder's wife" is not a suitably trusted position. I mean, clearly a bad call in this case, but hindsight is 20/20, and in my small business the husbands of my co-founders are de-facto employees (And in fact board members with significant proxy voting power, simply by state law of common property).

Edit: I looked it up; California, too, is a community property state. Theresa was absolutely an effective board member.

That's not how community property works. Teresa effectively owned an indivisible half of Tom's Github stock via the community property laws, but this does not make her a board member. Board members are selected by the company pursuant to various legal mechanisms not subject to community property laws because a board position is not a "property."

You should really get a better lawyer.

Most corporate startup lawyers have founder's spouses sign release forms for to clearly indicate that they do not have some claim to ownership or equity.


I just drafted a stock purchase agreement for my business partner and I on our new startup and one of the basic boilerplate additions to the stock purchase / vesting agreement is a spousal agreement to the terms of the purchase.

The communal property law only relates during a divorce were the shares are split up between the couple by the courts. Any decently written stock purchase agreement has a first right of refusal for the company to purchase back those shares in the event of an involuntary transfer.

Well, we don't know that. It's an allegation by one person which hasn't been confirmed as being true by GitHub. And presumably after this incident, if it is true, they'll have better security policies going forward.

This is incredibly troubling. How can anyone trust ${CLOUD_OR_HOSTING_COMPANY}, knowing that ${PERSONS_OR_SOFTWARE} regularly had access to private information?

Be paranoid. Encrypt it if you don't want people to snoop.

In my experience it is pretty common for people who bring work home with them not to be super-meticulous about preventing access to the content of the work by their families. How many people do you know who sound-proof their home office so their wife can't eavesdrop on their business calls?

I think I should point out this is a fireable offense in a number of companies. I work with sensitive information every day. I'm pretty sure if allowed someone outside the company to use my machine for anything, I would be fired.

My dad works for IBM doing mainframe repair and installation. He's seen his coworkers fired for allowing unauthorized individuals to use their company laptops. They've gone even further in the last few years in making unauthorized software a fireable offense.

Granted, two data points isn't a lot but there are companies that have enforced policies to prevent sensitive information from leaking.

I should also point out both my dad and I do significant amounts of work from home and we are both required by our companies to use full disk encryption.

Without going to the extreme of secret+ classifications -- in which case you cannot take things home without a secure home office, and move things between them in secure containers -- I don't think employees are fired for failing to lock their home office against their spouse or soundproofing their office against their spouse.

Which is different from saying that the company would fire them if the spouse used their inside-access to harm the company in any way.

My girlfriend works on disclosure projects at a company you've heard of and who regularly has highly-anticipated announcements. I have no idea what she works on, even when she's working from home in the same room as me[1].

1. http://www.officedepot.com/a/browse/laptop-privacy-filters/N...

I think that people that can and do bring work home are employed in fields where one does not need to be super meticulous about preventing access to the work.

You would think wrong.

Very wrong.

You know a lot of people that bring work home because the living room has better reading light than the SCIF?

No, people bring work home because they need to put in some extra hours, but do not wish to stay at the office until 9PM.

So you know a lot of people that take things out of the SCIF because they do not want to stay late?

Depends on what you mean by SCIF. Coworkers bring confidential paperwork/documents home, and remote access over remote desktop software is blessed. However you might get a phonecall from security if you started downloading lots of confidential data directly to your home computer.

There's a pretty big difference between sound proofing your office and giving your wife unfettered access to the corporate network.

How can you "trust" GitHub knowing that employees regularly have access to private information?

Why does anyone trust _______, knowing that employees regularly have access to your private information?

That's the $BB++ cloud question, isn't it?

In short, many vendors go to great expense to vet, audit, and limit the number of employees who could potentially access customer data. Some will geo-locate physically separate systems under separate administration according to regional necessity.

Disclosure: works for such a vendor.

Sure, but this can only be appreciated if the relationship is large enough to have an explicit non-changeable contract and routine auditing. From any lone consumer's point of view, "cloud" providers are black boxes that will probably try to limit the damage a rogue employee can do, but any methods or promises can change overnight based on business needs.

Especially knowing that x% of those employees will have left the company in 5 years, and y% of those will have taken private copies of customer data with them.

i don't trust them. I simply have no choice.

I thought the allegation was she had access to internal chat, not customer data.

Access to internal chat may have given her access to much of GitHub through HuBot. https://hubot.github.com/

Access to emails is one thing. Access to the internal public banter and coordination of work hardly strikes me as worrying based on all the discussions I've seen at my current place of work and past places of work. Any information sensitive enough to keep from your significant other is probably too sensitive for a shared internal conversation system available to all employees. Yeah, there's stuff that you wouldn't want your competitors to know, but for most everyone else with no skin in the business/industry is fairly irrelevant information.

HuBot let's githubbers deploy code to production, amongst lots of other things. In other words, access to internal chat is a much bigger deal at GitHub than it is at your workplace.

I would certainly hope that you can only tell hubot to do something like that if you have the correct permissions. Hubot should not be accepting deploy code commands from anyone except those with the sufficient privileges. If that isn't the case, that needs to be fixed asap.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact