> Didn't she inject code into an unrelated internal extension?
Depending on your definition of code, that's probably not the case. She added an entry to a config file that contained a mapping of urls to messages. Such as:
Also, Google generally trusts engineers and it's not that unusual to have an engineer writing and deploying code. So essentially it was her job to work on and deploy this extension. I believe that had the message been an April fools day joke she wouldn't have been fired.
So in my opinion arguments that others have made (not you) that: "this was a unauthorized code change therefore obviously she should be fired on security grounds and charged with violating the CFAA too, it doesn't matter what the message was" don't really hold water. There's also an argument that she used some sort of "emergency" deployment mechanism, but that doesn't really hold water either. Honestly it's not that unusual to see people deploy some package when they need it rather than wait for a scheduled job to deploy it.
I think the grey area she was operating in boils down to: She had a platform to distribute certain types of messages internally and she put a message in there that probably wasn't the normal type of message distributed. If I were her manager I probably would have taken some action but it wouldn't have been firing.
> There's also an argument that she used some sort of "emergency" deployment mechanism, but that doesn't really hold water either. Honestly it's not that unusual to see people deploy some package when they need it rather than wait for a scheduled job to deploy it.
I disagree. The emergency process was highly unusual, in that it had never been done before for this extension, and was very rarely done in general. Triggering a deploy is normal, triggering a deploy that goes immediately to 100% is not.
> essentially it was her job to work on and deploy this extension
The extension wasn't something she had previously worked on.
> I believe that had the message been an April fools day joke she wouldn't have been fired.
I agree, and don't think she should have been fired for this either.
(Disclosure: I work for Google, speaking only for myself)
The magical access to add stuff and just have fun was what made google a fun place to work at.
In this case adding stuff for your own corporate employees didn’t hurt the company’s customers and users. It shouldn’t have resulted in a termination. Had the person put a hate message they would have been terminated or penalized for hate but not for adding insecure code.
Google is mostly run by sticklers for the rules and has been for a long time (just ask Googlers about their code review process...). In practice most of the time individuals overlook transgressions, but if there is a formal complaint they don't. In this case the manager who hired the anti union org certainly got noticed about this since the notice popped up on their site, I'm pretty sure that person filed a formal complaint. And as Googles employee handbook says that doing things like this will get you fired she got fired, even though it was pretty innocent.
Similarly if someone made anti union messages pop up when you visit union sites I am 100% sure they would get fired as well, for the same reasons. You can talk about almost anything internally, (People like Damore aren't uncommon at all, the outside world just got hung up on him for some reason), just take your job and company code seriously.
Got to be honest. If the security team is all like "Install this extension. It'll help you with security" and then it's gonna pop up all sorts of crap, I'm going to uninstall your shitty extension and after that I'm going to treat any software from this so-called 'security' team as some Bonzibuddy crap.
Right but they also know how I feel about them so they know that I'll ignore all their messages after they've Bonzibuddied me for their pet crap. Then they'll know they've desecuritified that piece of their strategy. It will be ignored by all.
It isn't about the topic. Like if you tell me it's going to give me computer security tips and instead it's advocating for peace in the middle east I genuinely don't give a fuck. It's bonzibuddy crap. It's getting blacklisted.
I'd prefer you don't get fired for doing dumb shit like that because whatever, it's not going to kill someone, but I'm not going to use that team's adware shit anymore.
This was a tool designed to notify employees of security alerts, not a chat app. These are not the same. It feels like people are being purposefully dense at this point.
Depending on your definition of code, that's probably not the case. She added an entry to a config file that contained a mapping of urls to messages. Such as:
Also, Google generally trusts engineers and it's not that unusual to have an engineer writing and deploying code. So essentially it was her job to work on and deploy this extension. I believe that had the message been an April fools day joke she wouldn't have been fired.So in my opinion arguments that others have made (not you) that: "this was a unauthorized code change therefore obviously she should be fired on security grounds and charged with violating the CFAA too, it doesn't matter what the message was" don't really hold water. There's also an argument that she used some sort of "emergency" deployment mechanism, but that doesn't really hold water either. Honestly it's not that unusual to see people deploy some package when they need it rather than wait for a scheduled job to deploy it.
I think the grey area she was operating in boils down to: She had a platform to distribute certain types of messages internally and she put a message in there that probably wasn't the normal type of message distributed. If I were her manager I probably would have taken some action but it wouldn't have been firing.