Posted on behalf of STC President Hillary Hart
On Tuesday, 29 March 2011, when STC posted a message about “unauthorized intruders” on the website, STC staff did not know exactly how the development site had been compromised. We have since learned that the unauthorized access was made possible temporarily by a redirect from a 404 page. However, upon redirect, the URL clearly indicated that this was a staging site. Anyone familiar with website development knows that accidental access to a staging area should be reported immediately.
Two people have taken credit for the incident. They first detailed in their Twitter streams and later on their blogs that they noticed “staging” in the URL and were aware that they were in an area of the site where they shouldn’t be. One of the two also broadcast the URL to his Twitter followers.
This incident resulted in additional work for our development team, who had to move the test site (because the URL had been tweeted), clean up the profiles, and then repeat the test that was underway. This extra work is costing hours of additional staff time.
Imagine a similar incident happening in your organization—two customers getting in to a development site and messing around—What would your company do? How would they address this situation? Our primary concern was to address the problem.
The web team at STC quickly fixed the 404-page redirect. They are also continuing to work hard to get the MySTC Network scrubbed, tested, and up and running for our membership.
The STC staff and Board are all focused on delivering the best possible product for our members. Our communications about progress have not been as frequent as we would have liked, but we are committed to providing more regular updates going forward. I can’t tell you how much I look forward to writing again soon to announce the launch of MySTC!
Until then …
Yeah, not going to win you any fans.
Since you asked …
If I placed a staging area so open to the public that Google could crawl and index it, I would be looking really hard at my development team and ask them how this could have happened. The fact that the ‘customers’ were in the product is not the biggest issue here, it was that they could get in. There are many things a development team can do to limit access to specific parts of a website, it looks like they did none of that.
I am glad you have addressed the issue, but I am disappointed in the pro-staff/anti-member tone even this has. “One of the two broadcast the URL to his twitter followers?” I didn’t see it, but even if I did, it is indexed in Google and not a ‘closed staging area.’
Again as I have said on twitter, we’ve long gotten beyond the ‘who is to blame’ we are at the point now where the response continues to be more of a problem than the incident.
I know exactly how my company would respond – we would FIRE anyone who was careless enough to leave open the possibility of customers gaining access to a pre-production site.
First of all, Hillary, thank you for posting this. STC has been getting beaten up in social media this week, and up to now the (near total) silence has been deafening.
What would my company do? We’d get right to work fixing the problem, of course. But we’d never, ever portray our customers as criminals.
How hard is it to say “STC (or our contractor) screwed up. We’re sorry, and we regret the inconvenience to our members”? While this article is less combative than Tuesday’s, you’re still casting blame on a couple of members who insist that they had no malicious intent. I take them at their word because I know and trust both of them. I know their professionalism and their dedication to STC,
For what it’s worth, Bill admitted in his blog that he saw “staging” in the URL, but Rick made no such admission. Hey, it could just as easily have been me. Would I have noticed “staging” in the URL when I followed the first link? It’s very unlikely. Even if I had noticed, I don’t know that it would’ve stopped me: I disagree with your assertion that “anyone familiar with website development knows that accidental access to a staging area should be reported immediately.” If I see something on the public Internet, it doesn’t occur to me that my actions could be harmful.
STC leadership is looking more and more like a fortress with everyone shouting “raise the drawbridge and man the parapets.” I know that isn’t accurate, but appearances do count. A lot.
Larry — Please see the list of tweet comments in reponse to Paul below. Two of our members knew well and good that they were in a staging site — the proof is there.
I believe that both Bill and Rick may not have had malicious intent, but at some point the tweets reveal that they knew their actions were questionable.
Hillary,
You asked “What would your company do?”
Perhaps start by remembering these people are OUR CUSTOMERS. And that without customers, you have no business.
Somewhere along the way, STC has forgotten this important concept.
Nick
(ex President, STC UK chapter)
Wow. I want my money back.
How would I respond? Like this:
“Through a goof up on our part, some of you were accidentally presented a link to our staging site, where we’re hard at work testing some new features. A few of you followed that link and logged in—we can’t blame you. We’re glad to see you’re as eager to use the new section of the site as we are to release it.
We’ve secured the staging site now, and we don’t believe anyone else will see a link to it until we properly release it. However, if you are presented a link to the staging site, please don’t log in. Our tests require the environment be closely controlled to be reliable; even a small change can cause a bug disruption.
Hang tight—we know you’re anxious to see what we’re working on, and we’ll release it as soon as we can.”
That’s how. The mess up was yours. A transparent mea culpa was warranted. And when you jumped to conclusions—silly, silly conclusions, honestly—an apology became warranted as well.
Great points Will. I think all of this stems from a huge misunderstanding of what Social Media is and how to operate in it. The people who knew are no longer with STC leadership, so I guess it isn’t their fault that they keep with the #Fail.
I know that those of us who are very active on Twitter are seen as fringe members and not at all representative of the everyday STC member. I think soon they will realize that this is a false assumption and will be yet another nail in the coffin of the society.
The good news is that I STILL have hope and will work through this year to see change happen in the society. Notice I said ‘this year.’ If we still see this kind of horrible customer service, I won’t be around to try again.
This post reads like another attempt to point the finger of blame in any place but the direction in which it should be pointed. The STC’s contractor messed up. Proper controls and security were not in place. It’s that simple. Admit it, learn from this, and move on.
I don’t know Bill Swallow or Rick Sapir or Bill Swallow personally. But I do know them by reputation. And I have no doubt that when they accessed the testing site, they did so without malice. They, like many other STC members, have been waiting for that site to go live. They went in there with the best intentions — to test the site and give their feedback. All in an effort to help. Things happen, and sadly what transpired set the testing and launch of the new site back.
And what would my company do in a situation like this? Exactly what Karen Mulholland wrote in her comment. Nothing more, nothing less.
Before you ask, I’m not a member of the STC. I haven’t been for a number of years. A variety of reasons for that. The society’s handling of this situation is helping cement my belief that I’m better off not being a member.
You said: ” Anyone familiar with website development knows that accidental access to a staging area should be reported immediately.”
Where I work, staging is the last lane before production. Staging servers are designed to be hammered, beaten down, all the buttons pushed, all the levers pulled, etc. That is the point! Test the environment to see how well it does under pressure. Staging should not be such a delicate environment that two people who simply update their profile cause a week’s worth of delays. If two people updating their profile in staging can bring about an extra week’s worth of delays, then the system shouldn’t yet have been in staging. So, I don’t buy the idea that they should have known better. At worst, the data from staging is wiped before the system is moved into production, or the system wasn’t yet ready for staging in the first place.
You said, “They first detailed [that they] … were aware that they were in an area of the site where they shouldn’t be.”
Neither of them (from what I read) said they knew that they were in an area of the site where they shouldn’t be. Seriously? Hillary – the link was on the STC.org main page! It isn’t Bill and Rick’s fault! It is STC.org’s fault. When are you going to get a clue and stop blaming these people for STC.org’s mistake? What do you expect? Do you expect we are supposed to wait for an official board announcement before we can click on any new link on the STC.org website, on the off chance that maybe you didn’t mean to put the link on a PUBLIC WEBSITE?
You said: “This extra work is costing hours of additional staff time.”
Waaah. Cry me a river. It was your own mistake to start with. Stop blaming Bill and Rick.
You said: “Imagine a similar incident happening in your organization—two customers getting in to a development site and messing around—What would your company do? How would they address this situation?”
Huh. I thought STC was ALL OF OUR organization. At least that is what my membership card implied. You are still blaming Bill and Rick for a mistake you made: you put a url on the STC.org main page that linked to what was apparently supposed to be a staging server, unavailable to the public. In addition, on the staging server, you had live data so that customers who followed the link FROM YOUR PUBLIC WEBSTIE could log in using their standard credentials to log in to an STC site. Whose fault is this? YOUR DEVELOPMENT TEAM’S FAULT. In my organization (which you imply STC apparently isn’t), we would go to the development and security staff and find out why they not only left the back door open, but the put up a directional sign to the door saying “log in here!”
What you fail to understand here is that you are engendering distrust in the STC organization as a whole from the very members whose money you need to stay in business. Without members, you fold. And you are going to have to count me among the people who are current members, scratching their heads wondering if STC really is an organization that we want to continue funding with our limited volunteer time, and our limited resources.
Your communication about this incident has been abhorrent, specifically because STC is an organization dedicated to the art of communication. You don’t understand your members, it is clear, from the tone of this message and the tone of the update on the STC website earlier this week.
You realize that this is going to be the only thing people are talking about at Leadership Day, and probably for a large portion of Summit. You could have solved that problem with a simple, “Hey, we overreacted. We’re sorry to Bill and Rick for responding so hastily.” With that, the fire would have died out, and few may have remembered the incident down the line. Instead, you keep adding fuel to the fire by perpetuating the idea that the STC Board and leadership care more about their own image and protecting themselves, than they do about doing the right thing in the right way for the members of this organization.
No, the link was NOT on the STC.org main page, and they DID know they were in a staging site.
Here are the relevant tweets from Rick Sapir:
1. @techcommdood what’s the worst that can happen? I break it and there’s more of a delay? At this point….10:50 AM Mar 28th via TweetDeck in reply to techcommdood
2. @techcommdood yeah we’ll, it shouldnt be accessible if its not ready. Anyway, I like poking around :)10:47 AM Mar 28th via TweetDeck in reply to techcommdood
3. @techcommdood Maybe I’m doing something I’m not supposed to.. wouldn’t be the first time…10:44 AM Mar 28th via TweetDeck in reply to techcommdood
4. @techcommdood Try staging.STC.org/my-stc/10:41 AM Mar 28th via TweetDeck in reply to techcommdood
5. @techcommdood just click Login at the top of the page10:38 AM Mar 28th via TweetDeck in reply to techcommdood
6. @techcommdood I’m logged in, updating my profile as week speak.10:36 AM Mar 28th via TweetDeck in reply to techcommdood
I wrote the message i did because it is the truth and i am so tired of “the customer is always right,” even when the customer does something he knows is wrong!!!
And I wrote the wrong word – -meant to write “company” twice, instead of “organization.” Just to provide a wider context for understanding the issues.
So, you are saying that a 404 page incorrectly directed them to staging.stc.org instead of stc.org. And because they clicked on the link, logged in and updated their profiles, they are completely to blame in this?
There is no blame for the developers who allowed this to happen? You cannot put staging.stc.org in the free and clear and expect people to not go there. It is obvious that is the case because I can see in Google that the entire staging site seems to be indexed!
These guys did not use illegal scripts or blunt force to hack their way in. They used an OPEN and PUBLIC URL that should have been blocked completely. It wasn’t.
And again your tone continues to go angrier and angrier and you’ve done nothing to answer people’s major issues here other than to say “I wrote the message i did because it is the truth and i am so tired of “the customer is always right,” even when the customer does something he knows is wrong!!!”
I think you’re making the issue worse.
Note that Rick’s tweets are listed in reverse chronological order. He had already updated his profile *before* Bill questioned whether Rick should be accessing a staging site. If there was damage to be done, it was already done at that point. This is *not* evidence that Rick knew he was doing something he shouldn’t; in fact it’s just the reverse: “yeah we’ll, it shouldnt be accessible if its not ready.”
Hillary, please, for the good of the organization, accept that what happened was an accident, and that no harm was intended. We need to move on so that we can continue STC’s good work. I don’t want this to be hanging over our heads on Leadership Day. I want us to be raving over what an awesome site MySTC is. The longer this drags on, the more indelibly it’s going to be ingrained in our memories, and the more potential members we’re going to alienate.
Look at the pictures Rick posted to his blog. Look at the update he made to his blog post. It certainly looks to me like they followed a link on STC’s main site. I don’t know who to believe here, because you are saying they didn’t follow a link on the STC site, and they are saying they did.
Even if they knew they were in a staging site, how were they to know that it wasn’t a site that they were meant to access? They used their regular STC account logins! Why was this even an option if the site wasn’t meant for public use? You’ve got a serious security issue here that you aren’t addressing, and it makes me wonder how safe my personal information is on STC’s sites.
Paul — my job as STC president is not to make sure that controversies “die out,” and to do exactly what each member wants when (impossible!), but to ensure accessibility of member services and to advance the profession. The website has and will do that, and its ability to do that WAS compromised. End of story.
“my job as STC president is not to make sure that controversies “die out,” and to do exactly what each member wants when (impossible!), but to ensure accessibility of member services and to advance the profession. The website has and will do that, and its ability to do that WAS compromised. End of story.”
Really? Sorry Hillary, NOT end of story! If that this is your idea of why you are STC president, and you still have no idea why your posts and reactions are inappropriate, I think many of not most of the people who voted for you must be hanging their heads in shame and disappointment.
I’m not asking you to make controversies “die out”. I’m asking you to not put fuel on the fire and fan the flames!
I agree with the comments posted thus far. The response from STC has been disappointing.
I think Will should write STC’s public-facing communication. His rendition was honest, gracious, and positive. This blog post is none of those, and STC has missed the mark.
In regard to Robert’s comments on the perception of fringe members on Twitter, I assure STC that Robert is correct. There are a few vocal folks out there, but they are not on the fringe. There is a fairly silent majority who will side with them.
Let’s put this behind us and use this situation as a learning experience. Examine every communication for combative and negative intonations, and let’s all move forward together in a positive manner.
“What would your company do?” Having worked in organizations that make use of staging sites, we’d fix the hole and contact affected users to apologize for directing them to something that wasn’t ready. We’d probably never let our developers hear the end of it. We’d definitely be embarrassed for the mistake.
Though to be perfectly honest, it’s hard to imagine making this particular error and harder still to imagine that fixing it would require “hours of additional staff time.” It should never be the responsibility of users to be “familiar with website development.” The public-facing components of a website should be fit for public consumption. If there’s a problem with what the users see, there’s one and only one acceptable response: a fix and an apology.
I deliberately chose to allow my STC membership expire, but I follow the happenings of the organization in the hopes that it might improve. This latest episode is yet another indication that the current trend is not toward improvement.
As communicators, it’s our responsibility to make sure that the terms we use are understood by our audience. And it’s our responsibility to use plain, unambiguous language. As an organisation that represents technical communicators, STC should be at the forefront of promoting clear, unambiguous language.
While ‘staging’ may be a term that’s familiar to some web developers and some STC members, it’s not one this member is familiar with. Software and web developers I’ve worked with over the past 20 years, use ‘testing’ or ‘development’ as a term for an area that they are testing — and it’s perfectly clear what they mean. Had I seen ‘staging’ I wouldn’t have understood what it meant without further explanation or checking the dictionary. And when I checked two dictionaries just now, neither of them had a definition of ‘staging’ in the context of software or web development. Had I been a speaker of English as a second language, I’m not sure I would have made the connection between the dictionary definition and ‘testing’ (e.g. http://www.merriam-webster.com/dictionary/staging).
It’s the developers’ responsibility to secure an area from public or member access BEFORE putting it out there for testing. It’s poor form for STC to blame members for clicking on a link that was publicly available. If any blame is to be placed, it should be on the heads of the developers.
And to now add fuel to the fire by stating that these two members (sorry, ‘unauthorized intruders’ as you call them) were ‘messing around’ in the staging area, is insulting. From the accounts I have read, they accessed the area, found their own member details and checked and edited their personal details. That’s all. That doesn’t constitute ‘messing around’ to me. They are legitimate, paid-up, and likely senior members of STC, not some 14 year old hackers from Nowheresville. They are members who were logging in as members.
Oh, and while you’re looking in the dictionary, check the meaning for ‘apology’: “an admission of error or discourtesy accompanied by an expression of regret”. I don’t see any of that in this post.
Here. again, are the tweets that show that those foks who intruded on the website knew somehting abut what they were doing:
1. @techcommdood what’s the worst that can happen? I break it and there’s more of a delay? At this point….10:50 AM Mar 28th via TweetDeck in reply to techcommdood
2. @techcommdood yeah we’ll, it shouldnt be accessible if its not ready. Anyway, I like poking around :)10:47 AM Mar 28th via TweetDeck in reply to techcommdood
3. @techcommdood Maybe I’m doing something I’m not supposed to.. wouldn’t be the first time…10:44 AM Mar 28th via TweetDeck in reply to techcommdood
4. @techcommdood Try staging.STC.org/my-stc/10:41 AM Mar 28th via TweetDeck in reply to techcommdood
5. @techcommdood just click Login at the top of the page10:38 AM Mar 28th via TweetDeck in reply to techcommdood
6. @techcommdood I’m logged in, updating my profile as week speak.10:36 AM Mar 28th via TweetDeck in reply to techcommdood
I don’t know what to say….
STC.org DOES know how to clearly mark testing sites as such, as shown here: http://ricksapir.com/display37
But to blame me that I should have known better when the site in question was NOT marked as testing?
I still fail to see malicious intent. I fail to see how clicking Login at the top of the page and updating a profile is condemnable. Yeah, it sounds like Bill had some doubts, but he also had a point: it shouldn’t be accessible if it’s not ready.
If it’s public and they didn’t do anything malicious, how are they scoundrels?
It was publicly accessible. It shouldn’t have been. That’s not their fault.
Wow.
Wow.
So, you broadcast and made searchable a staging site, and a couple of eager customers go to check it out — for this is highly anticipated, right? — you attack the customers and publically admonish them … for. using. a. site. you. made. public.
I’ve seen some odd URLs over the years … so are you seriously telling me that the STC expects a URL to be read as documentation, instructions, and a warning, and not just used as an address? Srsly? You might consider that embedding important communication in URLs is … at best … inefficient.
The STC’s official and public response on this issue is horrific. It’s amateurish, angry, counterproductive, and grossly unprofessional. I know the board members do not speak individually on these matters … even so, your entire collective should be ashamed. Back to your typewriters, the lot of you!
Sigh.
If I were writing the STC Board’s follow-up message about this incident, here’s what I would have written. I think this is what the majority of members were looking for:
This would have quieted the whole matter. Instead, a revolution is brewing.
Bravo. Hillary, care to sign your name to it?
Like so many others have posted here, I am really disappointed by the STC Board’s response to this incident.
The two members in question have long been cheerleaders for STC and the industry, and I am disturbed by the fact that you’ve wrongfully made them out to be criminals. Have you never even looked at the STC Ideas Blog? There you will find only constructive suggestions for how to improve STC and its usefulness to its members.
These long-time STC members and supporters are not hackers. As I understand it, they did not override any protocols or compromise security to gain access to the MySTC portion of the website. They simply clicked a readily-available link. Had I not been traveling and known it was there, I would have probably done the same. The fact that the link took them to something that was not yet ready for prime time was not their fault. Their only “crime” is intellectual curiosity, something that STC used to encourage in its membership.
Please do the right thing. Admit that posting the link to the public before it was ready was your fault, and publicly apologize to the members in question. As humans, we all make mistakes. We will not think any less of you, and it will go a long way to restoring your reputation among the membership.
I know from experience that yours is a thankless job, but there are much better ways to handle mistakes instead of blaming them on your members and supporters.
Long live the STC that I remember.
Sincerely,
Lance-Robert
Senior member, STC (1999-present)
Treasurer, STC San Diego Chapter (2002-2004)
Treasurer and Banquet Manager, STC Spotlight Awards Southern California Regional Design Competition (2003-present)
President, STC San Diego Chapter (2004-2006)
Programs VP, STC San Diego Chapter (2006-2008)
Social Media Coordinator (@STCSoCal), STC San Diego and Orange County Chapters (2009-present)
It is nice to this this being posted on the blog, which allows comments, instead of the website.
For the record…
1. I accessed the MySTC area from the MEMBER LOGIN at the top of the STC.org site — not by directly typing the URL.
2. I did not notice the “staging” in the URL when I tweeted it to Bill — I did a simple cut/paste.
In our back-and-forth, Bill & I, did have reservations about whether or not it was “live” and he did point out the “staging” in the URL. In truth, I was too excited to see *something* after weeks of having my requests for a status update being ignored to care.
I’m glad that the web team “quickly fixed the 404-page redirect”… maybe now they can fix the MILLIONS of broken incoming links (see http://getsatisfaction.com/sfortc/topics/broken_links_from_community_site ), or at a minimum, respond to the item.
I am truly sorry for costing “the Society additional expenses and delays, including lost testing time and staff and developer hours analyzing and rectifying the situation.” However, I’m most sorry for playing my part in the loss of one STC’s most passionate members – Bill Swallow.
While I would like to believe that “The STC staff and Board are all focused on delivering the best possible product for our members.” it is difficult to reconcile that statement with the HUGE number of BASIC issues that renamed unaddressed: http://getsatisfaction.com/sfortc/
I would MUCH rather see some of the low-hanging fruit picked, before yabout the MySTC stuff.
Hillary, with all due respect, it is time for you to resign. Your blatant unprofessionalism in responding to this issue is a discourtesy and a disgrace to the Society and the profession in general.
I disagree, Will.
You haven’t even given Hillary a chance. One incident, and you’re ready to tell her that after 2 months as the STC President, she’s out the door?
Rachel
STC’s leaders overreacted, it’s true. But we’re also overreacting if, like the Queen of Hearts, we start yelling “Off with their heads!”
Hillary should not resign. She, like the rest of the STC board, is a dedicated volunteer who does far more good for the Society than ill. She should stay on, and I’m confident that this experience will make her a better leader.
Larry—I always appreciate your calming influence.
You’re right–the best possible outcome of this situation is for the Board in general, and Hillary in particular, to offer a sincere apology, learn from the mistake, and figure out how to improve the Society’s approach to PR so that this never happens again.
I sincerely hope that that is where things will land.
When I was running my own company, if I had made a company’s docs available before they were supposed to be available and customers got into them, I would have made it right by apologizing deeply to the client and not charging them for the efforts of making it right. Because my company screwed it up.
If I had gotten into the MySTC area, I would not have noticed or paid attention to the “staging” thing, since I got to it from the STC site. I would assume soneone made a mistake somewhere but the fact that I could log in from the STC site would tell me I was OK.
All of us in the software world have done enough testing in sandboxes to know that you *lock sandboxes down*, you don’t make them available from the public site, you hide them from Google, and that you don’t allow normal log in credentials to work for people to get in. These are basic Best Practices that all testing environments follow.
I’m really sorry this has all blown up but I would not blame the customer for my mistakes. STC (or who ever) didn’t set up a secure testing site and your customers logged in. It’s actually very predictable and expected that customers would do that. That’s why a Best Practice in testing says to test on a locked down server.
I know that being president is a tiresome and tough job – notice I’ve never run for it. At best, it’s another nearly full time job. I also understand that Hillary has a personal life that’s running her ragged. But right now, the Voice of the STC is blaming the members of STC for the mistakes of the STC. Real leadership owns the problems, fixes them, and moves on.
My thoughts.
I let my membership to STC lapse a few years ago, but I still keep in touch, hoping that something will happen to lure me back. Unfortunately, all I ever get is slaps upside the head, assuring me that my decision to go was the right one.
Thanks Hillary. Were it not for you, I might have been lured back.
You said:
I wrote the message i did because it is the truth and i am so tired of “the customer is always right,” even when the customer does something he knows is wrong!!!
Excuuuuuuse me! No matter how defensive you get, no matter how many times you repeat yourself, and no matter how loudly you do it, you’re still WRONG, and it’s a good thing you never tried to make a living in customer service; you’d have starved!
Why ever would I want to rejoin an organization that treats its members so shabbily??
Disgusting.
Loose lips sink ships, Rachel. I don’t doubt that Hillary has done many goid things in service to the Society, but her uncontrolled, overly emotional responses here are doing a tremendous amount of harm.
I recognize that my call for resignation was provocative. I hope that it will give Hillary pause to stop and think. The beauty of an apology is that it can cover many sins if it is delivered with honesty and contrition. In truth, a solid apology right now could serve to heal much and strengthen Hillary’s position as president.
The job of STC Presidentis no doubt stressful and thankless. But this response is really, really poor.
And, the STC should let go the highschooler who made the test site public. It’s not 1996 any more, and we expect high-school geeks to know better.
Sean
What would my company do?
I would hope that it’s the same thing that any company would do:
1) Work as quickly as possible to identify where our mistake was.
2) Work as quickly as possible to rectify our mistake.
3) Work as quickly as possible to communicate what our mistake was and the steps we have taken to rectify it.
It doesn’t appear that you are learning anything from your mistake. Because of this, and because you are a fellow professional, I will try to help:
Mistake 1 – Your website was publicly accessible when that was not the intent. Questions you might ask yourself include, “Why did this happen?” “Are there other assets that are publicly accessible that we need to lock down?”
Mistake 2 – Your website was indexed by Google when it wasn’t even meant to be public. Questions you might ask yourself include, “Why did this happen?” “Are there other assets that are publicly accessible that are being indexed that we need to put behind a robots.txt exclusion?
I would also be looking very hard to identify the scope of the problem. Did your (organizational) mistakes result in the disclosure of private/confidential customer data? What about credit card information (PCI data breach)? If so,do you need to identify any customers or authorities about your inadvertant loss of data? As an aside, if you have not learned and accepted the fact that the problem is exclusively your own, as a consumer I would be extremely reluctant to trust you with competently processing my credit card information.
What I’ve seen thus far: A complete lack of ownership of the problem. The fact is, you (the organizational ‘you’) let your private website become public in multiple ways. When others discovered that your site was public, you started pointing fingers and trying to establish blame outside of who should rightfully own it. When called on THAT, you (the organizational ‘you’) reaffirmed the fact that you don’t understand the issues at play by reposting the tweets of the two people who signed in to your site. This was supposed to be “proof” of their malicious intent and responsibility. Unfortunately, that was a really poor decision on the part of your organization.
All those post shows are a couple of people excited to get access to the site. Their very questions about whether or not they should be there clearly point to another failure on your part: the lack of clear communication defining the fact that this was not supposed to be publicly available. The fact is, if it’s online, it’s fair game. The users did nothing but find it and log in using _their own credentials_. The fact that they were excited, speculated about whether you meant the site to be public, or took pride in discovering your publicly available site is simply not germane.
It is unfortunate that stcorg is continuing to respond to this they way they are. It shows a complete lack of understanding of the professional issues at play and has done more to suggest that technical communicators are clueless in a couple of days than years of advocacy could rectify. I am not a member, and after this, I am rather glad to not be affiliated with STC.
-Michael
PS: Some have suggested that if they were working with a team who made the same screweup STC clearly did (unintentionally publishing a site that should never have been on the internet), their dev team would be fired. This is almost as bad as refusing to acknowledge the problem in the first place. If you don’t understand that mistakes are going to happen, and that you need to be able to identify them when they do, learn from them, and make sure steps are in place to prevent them from happening again. Addressing the problem by firing out the responsible individuals isn’t going to prevent the org from making the same mistakes again and again.
OK. That’s my 2…errrr…4 bits.
Look, the statement above clearly states that we understand an issue ON OUR END allowed the incident to happen:
“We have since learned that the unauthorized access was made possible temporarily by a redirect from a 404 page. However, upon redirect, the URL clearly indicated that this was a staging site.”
(DISCLAIMER: MY PERSONAL OPINION, in no way affiliated with the Board or STC)
Fine. Mea culpa. We made a mistake. But so did Rick and Bill. If *I* had run across the staging site, *I* would have sent an email to the STC office OR called Chip Boyd (clearly defined on https://www.stc.org/about-stc/leadership/staff-directory as the IT/ Web Content Manager).
*I* would not have: a) tweeted to the general STC public and b) tweeted the URL to the general public.
This is where Bill and Rick “made a mistake” in my opinion. I understand that both Bill and Rick are passionate about STC and the website. But their tweets make it very clear that they knew they were doing something “not quite kosher” and everyone seems to think it is okay behavior.
I think this points out a major problem…those of us who build or test websites on a regular basis would have pounded on the testing site. Because that’s what we do when a testing site is public.
According to the screenshot on Rick’s blog (at http://ricksapir.com/article9-How-I-killed-the-STC-org-website), the “My STC” link showed up on the home page. It was just Rick’s bad luck that it showed up at the same time he was on the home page. He clicked the link. It went to My STC, where he was able to login with his credentials. He didn’t hack his way in…he clicked a link. He didn’t use someone else’s credentials…he used his own.
Many times, companies (and mine is one) opens staging/testing servers so that people can pound on them. Seeing the word “testing” or “staging” doesn’t mean “don’t use me” (especially, as Rick points out at http://ricksapir.com/tiki-read_article.php?articleId=9#Updated_March_31:, other STC testing sites very clearly show that they should not be used)…it means “go ahead and try it, but don’t blame us if something doesn’t work”.
Rick and Bill were both excited that My STC had finally gone live, even if only in testing, and they shared that information.
The mistake was made by the developers, and any cost in fixing the mistake should be borne by the developers. (It’s how I would have handled it, after apologizing profusely to my client and offering to post an apology to their customers.) They not only made a link available, they left open a site so that it could be indexed by search engines. The fact that members who have been waiting for that same site to go live publicized it should not result in them being branded as “unauthorized users”.
It seems to me that having two members change their own profiles is not the worst that could have happened. Having 3000 members change their profiles would have been worse. Having someone really hack the site and mess with the database or possibly financial information would have been worse.
All people wanted was a retraction on the public web page (BTW, that one scared me…why would new members join an organization that calls out their own members like that?) and a public apology. Some hand slapping could have been included at that point…given that Rick and Bill immediately stepped up to publicly claim responsibility and apologize, I think it would have been accepted. But to continually lay blame on two members? Especially Rick and Bill, who have tried so hard to help STC succeed? I’m so incredibly disappointed.
Rachel, Rachel, Rachel.
It’s not an apology or an acceptance of responsibility if you say, “Fine. I’m sorry. But it’s not my fault,” which is essentially what you did.
If one of my children were to apologize for something they had done wrong, I wouldn’t let them get away with a snarky apology.
What are we asking for? Sincerity. Ownership of the problem. Why is that such a difficult request?
*big eyes*
This is bananas.
Can anyone tell me exactly what it was that broke? I mean, lots of your membership have high level expertise in HTML and our collective wisdom would probably be enough to solve the problem in seconds.
Show us the sever logs and your membership would gladly use our considerable web skills to solve any issues you’re facing. Or, if the web site was completely hosed — which I suspect unlikely unless you also allowed complete access to the server or something — it should take only two shakes of a lambs tail for the senior dev to re-upload the web site from the project vault.
Seriously, what’s the problem?
This world-ending event that sets a web site back ‘weeks’ deserves to be the grey hats security discussion boards if it was that serious.
I promised myself I wouldn’t comment, but I have to. This is getting way out of hand.
Hillary, you can post the Twitter thread as many times as you want. It won’t change the fact that I owned up to my actions yesterday, which is more than I can say for you, the STC Board and the STC Office.
Now, you say I was party to an intrusion. However, you miss several critical points, so let me state them once again. The site was public. The site accepted my STC login ID and password. The site brought me to my profile. The site allowed me to edit my profile. The site allowed me to log out.
Yes, I knew it was ‘staging’. I figured if it wasn’t ready, it wouldn’t have logged me in as myself. It did, so I thought nothing of updating my profile. Staging environments are for making sure the site is working fine on a live server before actually making it live. If you’re doing extensive testing and things are falling apart to the tune of a week’s worth of lost work, then the site wasn’t ready. I used the site as intended, and it worked fine. I can’t imagine what I disrupted by adding a bio and photo to my profile.
I am not a criminal. I did not have malicious intentions when logging in. On the contrary, well before this week, I planned to help people use MySTC as best I could. I was an advocate for such an environment for years. You know this. We were on several committees and task forces together, Hillary, in which this was mentioned many times.
But whatever. Go ahead and mark me as a deviant. An intruder. A criminal. By now everyone already knows the situation and they see the reactions. I’d apologized, Hillary. I never intended to delay the launch. But what you’re doing now is, well, extremely hurtful to be honest. And if the goal was to ensure I never involve myself with STC again, then you ma’am have succeeded.
(DISCLAIMER: MY PERSONAL OPINION, in no way affiliated with the Board or STC)
Fine. Mea culpa. We made mistakes.
If *I* had run across the staging site:
*I* would have sent an email to the STC office OR called Chip Boyd (clearly defined on https://www.stc.org/about-stc/leadership/staff-directory as the IT/ Web Content Manager).
*I* would not have:
a) tweeted to the general STC public and
b) tweeted the URL to the general STC public
Yes, STC made mistakes. Let’s move on now, shall we?
Move on? When will you guys understand that the incident is only the smallest part of this? If I were to speak to any of our clients like Hillary has, and still is, even if they backed out of paying for their training at the last minute, I would have been unceremoniously kicked out the door.
Should we hire an attorney to go after Google for their unauthorized access to the staging environment? http://bit.ly/hy2VML
We will move on when this is settled, not before. I am tired of STC’s problems constantly being ignored and avoided.
Here again, an insincere expression of apology. Now you are saying “OK. Fine. It’s my fault. But don’t blame me, because if it HAD been me, I wouldn’t have been nearly so stupid.”
Really? That counts as acceptance of responsibility in your book?
Housekeeping note: Apologies to the three comments that for some reason were not immediately posted. I’ve moved them out of Pending, but I’m not sure why they were there in the first place. I’ll keep an eye on the Pending comments to make sure no other comments get caught up.
Thanks, Kevin 🙂
Check the spam settings for the comments. It looks like any comment that includes more than 1 link is being flagged for moderation.
Thanks for the tip, I’ll check that out.
Hillary,
I agree with Will, it is time for you to resign. The STC members paying attention to this incident have now given you a Vote of No Confidence. When Prime Minister’s receive Votes of No Confidence, they save face and resign. Please follow suit.
Your refusal to take responsibility for what STC did wrong is a disgrace to the Society, the profession in general and female executives. As a woman, I am cringing at your behavior. You have proven that you cannot be an effective leader. Perhaps you should take some classes in Public Relations, leadership, and effective communication.
Additionally, at my company, if an IT person made a staging server available to the public before it was ready, the customer would not be blamed.
Like I said over on Bill’s blog, Bill and Rick deserve a public apology for having a finger pointed at them for being the cause of a delay. The finger of blame points clearly at the development team… they screwed up and they should also publicly apologize to STC, its members, Bill, and Rick. They should also publicly state that they will not bill STC for repairing the results of their lack of due diligence. They’ve been conspicuously silent in this entire kerfuffle. Many STC members control significant web assets and this incident has, I’m sure, removed this development vendor from consideration from projects under the control of those STC members. Hey developers!!! Talk to us.
People who been waiting anxiously for the STC to accomplish something, ANYTHING, have been browsing the first release of the site, offering up constructive comments (most unheeded from what I can tell).
When those same people see a link to MySTC, of COURSE the reaction is “Huzzah, the next stage is ready!” Of COURSE they’re going to see what’s there.
This is all — and I mean 100% — on the STC and its dev team. But you keep digging there, and see how that works out for you.
The president of an association getting into pissing match in blog comments, after two awful blog posts, is the textbook definition of unprofessional. It’s quite apparent that the board is “us” and the members are “them.” Someone is forgetting who the boss really is. (Hint: the people who write checks.)
We did have a similar thing happen at my employer, a test site was made public to the users. And yes, word got around (this was pre-Twitter) that the long awaited site was now available.
We didn’t publicly shame the users for getting into the test site. But the IT staff that let the test site go public definitely got an earful. Plus they had to change procedures and prove to our internal auditors that they had procedures in place to prevent a test site going live before it was ready.
The STC’s approach and response to this was irresponsible and completely unprofessional. The IT people who left the door open are the people who should be put to task.
Wow, if a web site can be brought down by only two new user accounts being created, it sounds like there’s a fundamental problem with basic security protocols.
I’ve submitted this blog entry to http://www.slashdot.org. I’m sure that the security-minded techies there will be very useful in publicizing this fundamental problem with user account security on Joomla.
No need to thank me.
I would do what Will did. Love up the customer’s interest and eagerness for the new site. Then admit it was my mistake. Apologize for confusion. Suck up any extra work, since it was my mistake. Move on graciously. This just spins further and further into … What is this anyway?
Let me get this straight:
Google indexes a web site that you made public facing, and somehow this is someone else’s fault?
You do understand that you’re addressing a technically sophisticated audience.
Okay, so let’s talk about the broken bit.
Bill and Rick owned up to logging on and changing their own profiles.
The STC says this caused two weeks (was it two?) of harm. 80 hours of repair work needed.
What exactly did Bill and Rick do that set this back 80 hours?
Regards,
Sean
Hillary:
If you want to have half a chance to save what little remains of STC’s reputation, resign now and issue a public apology to Rick and Bill. Your continued attempts to libel them are a total disgrace. Really you should have thanked them for helping test the staging site you obviously made public. And if it failed so badly, fire the incompetent developers, not the testers who found the bugs (if any really existed). Sheesh.
This all makes me very sad, though I can see that it makes some people happy because it validates what they already believe.
I think it would be nice if Hillary and Bill and Rick got on a conference call and dealt directly with each other.
I think it would also be great if everyone else just cooled it for a day or so. Hillary and the Board have a lot of input to process, but nobody can think clearly when everyone is shouting at them.
I have nothing to deal with. I’ve owned my blunder, and there is nothing more that I can do to fix what I had done other than what I’ve already offered – my sincere apology. What you see here, Richard, is another set of issues entirely, which all need to be owned by and resolved through the STC Board. They are issues of communication, poise, appropriateness and savvy.
We’re all volunteers, and some of us, including you, have given a lot of time to STC. You made a mistake, you owned it, and you were ready to move on. A good example of the principle that it isn’t the mistake that gets you into trouble, . . .
I don’t have anything to add that hasn’t already been said, but this line toward the end of Hilary’s post struck me: “The STC staff and Board are all focused on delivering the best possible product for our members.” Please consider that that isn’t happening right now, and I’m not talking about websites. I agree that this issue has gotten way out of hand, but in no way are Bill and Rick responsible for that, and they have every right to defend themselves as they have.
Please consider that right now the “best possible product for [your] members” is your response to this issue, not the MySTC site itself. As is evident over the past few days in Twitter, blog posts, and now this lengthy comment thread, no one feels your response is the “best possible product” from STC. Doesn’t that mean anything?
I’ve worked with many organizations that choose to push staging or beta sites live for a brief period to have real-world users hammer on them. Had I come across a staging.stc.org site, I would have assumed that STC was doing the same. I would not have assumed that something had been pushed live that wasn’t supposed to be there.
That said, it’s not the acts of “the intruders” that bother me; I might have done the same, assuming the same things that they assumed. It’s not the fact that someone on the development team made a mistake by pushing the site live; errors happen. I’m bothered by the lack of responsibility that’s been assumed by the developers (from what we can see), and nothing short of horrified by the response of the organization.
I was on the fence about renewing for 2011, but decided months ago to give the organization another chance. Based on this experience, I regret the decision to give STC my hard-earned freelance dollars. Why would I want to be affiliated with a communications organization that is unable to effectively communicate? Why would I want to be part of a professional organization that handles things so unprofessionally?
Perhaps the management might benefit from a copy of Jane Jordan-Meier’s book, The Four Stages of Highly Effective Crisis Management: How to Manage the Media in a Digital Age. http://amzn.to/gZqacx
It’s sad that the state of the STC hasn’t improved. I first became aware of the dysfunction at STC HQ when the org recalled funding from the local chapters, due to an unforeseen budget shortfall.
At the time, several of us volunteered to gather feedback from members, in an attempt to scope a member wishlist and build a roadmap to present to the Board. Many of the posters here were part of that effort.
Unfortunately, very little came of that work. The wiki and forums were shut down with little notice, and offers to build a temporary home for that content were not considered. During that time, many members offered to volunteer their time and resources. But we were told to wait, because HQ was planning something wonderful.
It’s now nearly two years later and the STC is still struggling to build and support a web presence.
The STC has knowledgeable members, experienced in systems architecture, security, integration and design, who are ready and willing to help. STC HQ should embrace this resource and move forward.
The STC Forum content is being hosted by the STC Carolina Chapter. Thanks to the efforts of Rick Sapir.
http://www.stc-carolina.org/stcforum/
Ordinarily, it’s not useful to comment just to say “me too”. This may be a case where another comment adds weight. It seems to me that this controversy is the result of two errors: one almost trivial, the other serious.
The almost trivial one is making a testing web site available to the public. Dumb, sure, but we’ve all done dumb things. Whoever failed to lock the testing site down needs to says “Oops my bad. Sorry for the confusion.” and that’s that.
The serious one is the lack of tact, judgment, thoughtfulness, care, level-headedness ad infinitum, on the part of the president who not only completely failed to accept responsibility for the failure of the organization she heads, but stupidly tried to shuffle the blame off on a couple innocent, and very well-regarded, members.
Go home, Hillary, and take your pettiness with you when you go.
Hillary is a volunteer. She has a real life to lead in addition to her STC responsibilities. She was thrust into the presidency ahead of schedule when her predecessor suddenly resigned. If I were in that position I’d hope for a little slack.
I’m sure she has said things that she wishes she hadn’t, but it’s very hard to think straight, let alone fix things, when a hundred people are shouting at you and picking everything you say apart.
Agree with Richard. Under extreme stress, people do things they wouldn’t otherwise, even things that go against their nature. Time to take a step back, let the emotions cool, and come back to this on Monday with a fresher, healthier perspective.
On Monday, I’m still going to be upset that a society that has “communication” in its name has so poorly communicated on this issue.
I understand that Hillary is a volunteer, along with the other board members. I’m grateful for their service. It doesn’t change the fact, however, that the response in this situation has been dead wrong, and is doing immeasurable harm to the society at large. Ignoring those issues until Monday will just allow things to continue to spiral out of control.
Hillary and I have a mutual friend who contacted her privately before she posted this blog entry. This friend provided advice on how to respond in a positive way that would have helped reduce the size of the waves being generated. Hillary chose to do the opposite, however. The point here is that Hillary is choosing to respond the way she is doing, against advice of at least a couple of people who have tried to help. Sorry, but I’m not willing to cut much slack for somebody who blatantly rejects advice intended to help mitigate this situation.
I’m pretty much at a loss for words. I’ve sent my polite letter to the board expressing my embarrassment at their handling of this situation and urging a retraction and apology. As an information security professional, I’m appalled at the carelessness of the developers and I’m concerned about the efficacy of the protection of our private information by STC.
This didn’t have to be a big deal.
Hillary, I urge you to apologize REGARDLESS of whether you feel you are right in this situation. Your personal feelings on this aren’t important. It is your duty to do what is right for the good of the organization. You’re not hearing from a splinter group. As your constituents learn of what’s happening here the anger will continue to grow. You need to do this quickly.
The last two years have been difficult for STC. We’ve worked really hard to turn things around in our communities, believing that although change is slow in coming, it will be change for the better. I’m at a loss as to what to say to our council and our chapter at this point.
I urge the rest of the board to step in and do whatever is needed to correct this situation before even more harm is done to the organization. You owe it to us as our duly elected representatives to mitigate the damage and prevent any further erosion to the reputation of STC. It doesn’t have to be a resignation. We don’t need two leadership changes in three months. We need leadership that can acknowledge when they’ve made a misstep and who are willing to do the right thing, even if it means apologizing for the greater good.
I guess I really wasn’t at a loss for words.
Frankly, I’m stunned that reason isn’t prevailing here.
This is what happens when you place the hopes of keeping an organization alive on a new web site.
I’d have fired or at least formally reprimanded the developers for making such an elementary error — leaving a staging site open to the public like that. Instead, it appears you’re actually paying the developers to fix their mistake. That makes me glad I’m no longer an STC member, I wouldn’t want my dues wasted in such incompetence.
I’m glad to know that my dues are going to support nonsense. It’s kind of how I feel about my tax dollars, except I volunteered my money. All of this could have been prevented with a simple .htaccess file.
The only reason I renewed STC was because the 2010 conference reminded me how much I love my fellow members, like Bill Swallow. My dues were intended to keep me involved in this community, not subsidize over-the-top salaries of full-time employees who apparently resent members. In addition, it sounds to me like some web developers needed an excuse to get a couple of extra weeks in to catch up on parts of the site that weren’t finished. 80 hours of repair work is not needed because somebody accessed a not-yet-ready website. It just simply needs to be hidden from the public. It’s not hard.
If this office staff vs. the board vs. membership in-fighting continues, STC is a dead org walking. Apparently leadership needs to look internally at their own culture before trying to increase dues or milk certification. I’m convinced more than ever that money is the least of STC’s problems.
I’m baffled
Still don’t know what got broke to set the website back 80 hours ….
I am saddened to the core by this thread of comments. As a former STC President who was not perfect and found herself under fire a few times, I know how difficult it is to hold this job. I, like Hillary, am not an active social-media user. I am, however, an active STC member. Too many people have been hurt through all of this. From what I have read this morning, I agree with Richard: take a breath and stop slinging hurtful and angry words. Hillary is the president of STC. We have already had one president resign this term, to expect it of another for stating her truth is unconscionable. I am not putting blame on anyone or any set of events that caused this rift in our membership. Each side has merit in what they have said and each side has shared their story as they believe it to be. I don’t know the answers and at this point, the answers of who did what and how the original event happened or who was thinking what at the time don’t matter. What matters is that, like it or not, everyone who posted to this blog or tweeted about the issues is an STC member–whether you paid dues or not. People who care are here. We say what we believe and feel. If we didn’t care or didn’t want to be part of the organization, we would ignore the whole thing. By not ignoring it, we show that we want to be part of it. So, support the path to moving beyond this, fixing the problem, and getting on with our jobs and lives and loves.
And, while you’re at it, recognize that even if you believe that Hillary misspoke, she did so out of frustration and care. Those of us who know her know that she is a strong advocate for the profession, she is hard-working, intelligent, and passionate about her work with the Society. She has years and years of STC involvement at the leadership level and she deserves to be supported in this job that pays no money, takes inordinate amounts of time, and has the potential of buoying you up or slamming you down in a heartbeat. It is her passion that makes her great at leadership and it is the same passion that shows her humanity. As some great book says, Let He Who Is Without Sin Cast The First Stone…well, we’re way beyond that…perhaps we can stop anyway.
My heart goes out to all of you who believe so passionately about your “side”…in the long run, we are all on the same side…STC’s!
Linda, I don’t know Hillary. All I know is what her actions have spoken.
I have no doubt that she’s a wonderful person who has done much to advance the technical communication profession. I’m certain I’d enjoy sharing a bottle of wine with her and shooting the breeze.
But I also see reckless behavior that is causing real damage. Perhaps if I knew her as you do, I would be inclined to excuse that behavior or make allowances because of the level of stress her role carries, but I don’t. I can only look at her responses here and draw conclusions based on the evidence I see. And from what I see, Hillary’s refusal to apologize, her combative and defiant tone, and her willingness to dive foolheartedly into flame wars in these comments, leads me to question if she’s doing more harm than good right now. Those are not actions of leadership, and she should be called to account for them.
Reconciliation, at this point, is at her discretion. Humility from her, as the spokesperson for the Board in this matter, is what’s needed. Absent that, the indignation should continue to build. An injustice was committed; to allow that to be forgotten with the passage of time would be a greater injustice.
Ultimately, if the STC cannot sincerely and honestly engage its members, it cannot hope to be effective in its stated mission.
I agree that we don’t need to attack anyone or ask anyone to resign. We have to give everyone a chance to take this to heart and to learn from it. That includes our passionate members and even the ex-members. We have several things at play here and I really hope this makes sense enough for all sides to think through it without getting even more upset. I love this society and the people I’ve met through it in my 10 years of active involvement.
The things I see here are:
1. The world of Social Media has rules and if people are going to play and work in that world, they have to learn the rules. Rules were broken here and that has led to many people being enraged at the comments when 5 years ago, this would have been a matter between 3 people and nothing more. However, this is the world we all live in now, and our leaders should ask for help if they don’t understand what went wrong here and how it can be fixed. I said many times that this can be a great learning and growth experience for our organization and its leadership. But to do that, collective heads have to be pulled out of the sand and realize they messed up.
As technical communicators and a society that says we promote the profession, to ignore something as powerful as social media (and not learning the rules of engagement is ignoring it) we aren’t doing our job.
2. STC has a history of rubbing people the wrong way. I have a fairly thick skin for this sort of thing and keep renewing, even though I have been ruffled more than I would like to admit. However, we as members have to look at each and every situation as a specific event and not try to chain all problems together. Yes this is the most public, but this isn’t the worst thing that has happened in my 10 years hanging around.
This isn’t STC’s history of Ill Communication at play here, this is the current president’s first mess up and should be handled as such. Don’t let the past transgressions make you feel more outrage than necessary in this case. Yes this HAS to be answered, but it shouldn’t be seen as the thing that pulls down the society. That can only happen if WE let it.
3. We as a society has to get beyond the us vs them attitudes at play here. I’ve seen several factions forming and I think we need to cut that out right now. We are all members of the society, even the ones we have elected to serve us.
All of that said, I stand by my former comments and say that this must be handled in a much better fashion than it has. I have faith that it can be corrected and we can move on, but only if done in a way that ‘follows the rules’ of 2011 public relations and not from a place of personal feelings on the event that started all of this.
While the stuff that caused this will eventually be a non-event and forgotten, the response and negativity will live on and grow if we don’t do something about it…and soon.
Well said, Robert. I’d really like to see some reconciliation here. For that to happen, all parties need to put on some humility and examine our hearts and motivations. I must confess, this whole affair has fueled my itch for gossip and juicy drama. I hope STC and its members will forgive me for my role in contributing to add fuel to the fire.
One issue at hand is that it doesn’t really matter who is right. Hillary may be totally justified in everything she has said, every emotion she has felt. But, it doesn’t matter if she is right or she is wrong, because more important than who is right and who is wrong is the public perception of STC as an organization.
If this were a university class in public relations, STC would be failing miserably. Unfortunately, this is not a class, and the stakes are much, much higher. The response from STC on this issue has, so far, been overwhelmingly negative and accusatory.
I know that STC’s leaders want to defend themselves and show everybody that they were right in how they responded. But, Hillary, at what cost? What are you willing to sacrifice just to be right? This issue has already cost STC a brilliant mind, and a passionate member. If this thread is to be believed, several other people are considering the value of their membership in an organization that would rather prove it was right, than to do the right thing.
How much more are you willing to pay (in terms of disenfranchised members, or member retention) before you back down and do what is best for the organization?
I don’t think much more can be added to the discussion of the communication around this issue. We know the official STC line and we know Bill and Rick’s positions. And, we are aware of what people think of all that.
What has not been talked about is what broke. By updating their profiles, what did Rick and Bill do that cost 80 hours of work?
Cheers,
Sean
What happened to all of the posts? It appears that they have been wiped clean.
Click the Previous Comments link at the top or bottom of the comments list.
No, this is just page 2.
Please, people, let’s stop these ad hominem attacks. Bill is a good person. Rick is a good person. Hillary is a good person. Did some or all of them make mistakes? Probably. Does that mean we should publicly criticize them, demonize them, or suggest that they resign? No.
If you have strong feelings about this issue, then let Bill, Rick, Hillary, or HQ know directly. Tell them your concerns and offer your suggestions. But the time for public bashing, if there ever was such a time, is over.
Chris Benz
STC Associate Fellow, Distinguished Chapter Service Award winner, International Technical Communication Best of Show winner, Past Director-Sponsor, Past Carolina Chapter President, conference presenter, recent (yesterday) Live Web Seminar presenter, and (I hope!) good person
By the way, I would still love to hear from the developers on all this.