> particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets
This entire article appears to be speculation about data they MAY have taken with no evidence besides large file size that they are misusing something.
The discussion with the “whistle blower” and other experts is only about how serious it would be IF they misused it.
My original comment here has not been flagged - but all my responses to other comments have. This is distorting the conversation. There is only one DOGE narrative allowed on this site.
Agreed entirely. The comments in this article read exactly like Reddit, the tone, the downvoting, etc. and I agree about your comments on X being a sort of rightwing mirror of that, too. Super disappointed in Hackernews.
There were already news from weeks ago how they started to put servers on the internet with access to systems, which should not have access to/from the internet for security reasons.
This is just on top of all the other things. happened.
Someone exfiltrated sensitive data. That isn't in question. The only question is who did it and why. As far as DOGE's involvement, there is no proof but there is plenty of evidence.
The issue is we don't know what they took and they took steps to hide their tracks. This is whacked territory we are in. You can defend it but normally there are checks and controls in government for a reason. The fact that we are normalizing that certain very ideologically groups in government do not have checks and balances is pretty strange - based on nothing more than a "trust us, we are the good guys." This never works out in the end.
"The small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information."
"But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending."
And because DOGE deleted the access records and logs, we cannot prove it either way. That is pretty suspicious.
> Then, Berulis started tracking sensitive data leaving the places it's meant to live, according to his official disclosure. First, he saw a chunk of data exiting the NxGen case management system's "nucleus," inside the NLRB system, Berulis explained. Then, he saw a large spike in outbound traffic leaving the network itself.
> From what he could see, the data leaving, almost all text files, added up to around 10 gigabytes — or the equivalent of a full stack of encyclopedias if someone printed them, he explained. It's a sizable chunk of the total data in the NLRB system, though the agency itself hosts over 10 terabytes in historical data. It's unclear which files were copied and removed or whether they were consolidated and compressed, which could mean even more data was exfiltrated.
> Berulis says someone appeared to be doing something called DNS tunneling to prevent the data exfiltration from being detected. He came to that conclusion, outlined in his disclosure, after he saw a traffic spike in DNS requests parallel to the data being exfiltrated, a spike 1,000 times the normal number of requests.
> And Berulis noticed that an unknown user had exported a "user roster," a file with contact information for outside lawyers who have worked with the NLRB.
And more if you actually read the article. About a third of it is about the data that was taken.
> Meanwhile, his attempts to raise concerns internally within the NLRB preceded someone "physically taping a threatening note" to his door that included sensitive personal information and overhead photos of him walking his dog that appeared to be taken with a drone, according to a cover letter attached to his disclosure filed by his attorney, Andrew Bakaj of the nonprofit Whistleblower Aid.
I'm so sick of the endless attempts to downplay or misdirect on the outrageous things Republicans/Trump/DOGE happening everyday.
If a Democratic admin were to do this they would be howling and rightly so. Trump and the GOP are turning the federal government into an authoritarian mob state.
Everyone should be outraged - even if it's for only the fact that you yourself may be a target of this or future administrations as it becomes normal practice.
> If a Democratic admin were to do this they would be howling and rightly so. Trump and the GOP are turning the federal government into an authoritarian mob state. You should be outraged - even if it's for only the fact that you yourself may be a target of this or future administrations as it becomes normal practice.
As a Canadian I am already scared of visiting the US. I've re-posted UNRWA, Unicef, MSF and WFP criticism of Israel's actions in Gaza on social media. I could very well be viewed as being a someone who is undermining US foreign policy goals and either detained, deported or at best denied entry to the US.
Sure, I bet if you found a physically threatening note at your work with pictures from someone following you near your home, you'd be cool with it. Totally normal and non-criminal behaivor.
> Whistleblower is a journalist word used to establish the good guy in a story.
It's not a journalist word, there is an official whistleblowing process to Congress and OIG the mentioned employee went through.
But you would either have needed to have read and understood the article you're commenting on or not be commenting in bad-faith.
"This entire article appears to be speculation about data they MAY have taken with no evidence besides large file size that they are misusing something ...[and] is only about how serious it would be IF they misused it."
This paragraph makes it clear it's not just about misusing data and large file sizes.
> Those forensic digital records are important for record-keeping requirements and they allow for troubleshooting, but they also allow experts to investigate potential breaches, sometimes even tracing the attacker's path back to the vulnerability that let them inside a network.
Let's be clear:
> Those engineers were also concerned by DOGE staffers' insistence that their activities not be logged, allowing them to probe the NLRB's systems and discover information about potential security flaws or vulnerabilities without being detected.
Neither of these have to do with "large file size" or misusing data.
"Am I reading it wrong?"
Yes. Now, before you go moving goal posts, you made claims, and I've debunked those claims with quotes you said you needed. Because clearly the article is ALSO talking about these other things as problematic as well, so it's not "the entire article". (Also, the "entire article appears"? Appears? Just read it, it talks about numerous things, and is very clear on the different elements it's talking about.)
This isn't the only stuff mentioned, so be careful about claiming "oh, I just missed that" or some such because there are other things that can be referenced, such as the massive amount of text spent on the whistleblower issues and the threats made to them.
And before you talk about this just being "speculation," that's why we have the process we have, so people can make claims that can then be investigated. And that's what's being stopped.
Finally, "no evidence besides large file size" is also not true.
"Am I reading it wrong?"
As someone said, it's more likely you didn't even read it.
Stop sealioning. Anyone can read the article. The evidence of suspicious behavior is clear and according to the article corroborated by a dozen experts.
The fact that someone tried to intimidate the whisteblower by posting threatening and stalking messages on his door shows there is something not above board here.
If a language is unpopular, people won't want to work for you and you'll run into poor support. Rewriting a library may take months of dev time, whereas C has an infinite number of libraries to work with and examples to look at.
C does not have an infinite number of libraries and examples. The number of libraries and examples C has is quite large, and there are an infinite number of theoretically possible libraries and examples, but the number of libraries and examples that exist are finite.
Being old doesn't mean anyone knows the language. I mean if the language predates C significantly and nobody uses is then there's probably a really good for it. The goalposts aren't moving they're just missing the shot
C lacks sympathy with nearly all additions to hardware capabilities since the late 80s. And it's only with the addition of atomics that it earns the qualification of "nearly". The only thing that makes it appear as lower level than other languages is the lack of high-level abstraction capabilities, not any special affinity for the hardware.
For one, would expect that a low level language wouldn't be so completely worthless at bit twiddling. Another thing, if C is so low level, why can't I define a new calling convention optimized for my use case? Why doesn't C have a rich library for working with SIMD types that has been ubiquitous in processors for 25 years?
It puts less obstacles in the way of dealing with hardware than almost any other language for sure.
What's standardized was never as important in C land, at least traditionally, which I guess partly explains why it's trailing so far behind. But the stability of the language is also one of its features.
Like, say I have a data structure that is four bits wide (consisting of a couple of flags or something) and I want to make an array of them and access them randomly. What help do I get from C to do this? C says "fuck you".
Pick an appropriate base type (uintN_t) for a bitset, make an array of those (K * N/4) and write a couple inline functions or macros to set and clear those bits.
simd doesnt make much sense as a standard feature/library for a general purpose language.
If you're doing simd its because you're doing something particular for a particular machine and you want to leverage platform specific instructions, so thats why intrinsics (or hell, even externally linked blobs written in asm) is the way to go and C supports that just fine.
But sure, if all youre doing is dot products I guess you can write a standard function that will work on most simd platforms, but who cares, use a linalg library instead.
C++ for one - it has atomics with well defined memory barriers, and guarentees for what happens around them.
The real answer is obviously Assembly - pick a random instruction from any random modern CPU and I'd wager there's a 95% chance it's something you can't express in C at all. If the goal is to model hardware (it's not), it's doing a terrible job.
Out of curiosity I looked up some of the software I've meaningfully interacted with today. Of all I looked up—the operating system kernel, the init system, the shell, the terminal emulator, the browser, the compilers, the text editor, the windowing system, the window manager, the notification daemon, the audio server, the audio session manager, the GPG agent, the NTP daemon, the SSH daemon, the DHCP client, the wireless network manager, the power manager, the policy manager, D-Bus, the video player, the video editor—each uses linked lists. There's some more system software showing up in ps (which by the way uses linked lists) that I haven't considered but I am rather confident that most of it uses linked lists.
Maybe you only see these projects as a user, but linked lists are not uncommon. Your experience reflects your, well, experience. We all sit in different niches.
I'm wondering what makes you feel confident about the use of linked lists in all of those components.
Mind you, most of those will be written in C on a typical Linux installation, and linked lists happen to be one of the two collection types that are relatively easy to use in C (the other being a flat array), so I will concede that some software is using linked lists out of desperation, rather than it being the correct choice. :-)
> I'm wondering what makes you feel confident about the use of linked lists in all of those components.
Of all of those mentioned I literally looked up their source repositories up and searched for obvious indicators like "linked", "list", ".next" or "->next" and then verified that I was indeed looking at one or more linked lists. Where does your confidence come from? Oh right, you already mentioned it: it's based on your experience of the projects you've worked on.
The rest of your reply is just moving goalposts, mind reading and a glaring category error. Get back if and when you have something useful to add.
Not really desperation, it's just easier. Sometimes this is where perf doesn't matter, any choice would be fine, a linked list of the up to 4 Doodads won't be meaningfully worse or better than a growable array of the 4 Doodads, or I dunno, a HashMap from index to each of the four Doodads. Stop worrying about it and focus on the real problem.
In larger C software sometimes a use of linked lists is costing meaningful performance and a growable array type would be a huge win - but the other side of the coin is that sometimes in these perf critical environments a linked list actually is the right choice, and a C programmer might luck into that since it was the first tool to hand while say a C++ or Rust programmer might take longer to realise that this data structure is the best option.
I see. I am noticing the main difference is that forward_list manages the lifetime and allocation of nodes and that having a pointer to an object is equivalent to a pointer to the node (could be implemented as a helper).
At the byte level, it's quite possible the layouts are the same. However, an "intrusive data structure" means that the nodes themselves are the data.
In other words, intrusive is like this:
struct T : NodeType<T>
{
// T data
NodeType<T> next, prev;
};
whereas non-intrusive data structures the T's are not the nodes themselves
struct NodeType<T>
{
NodeType<T> next, prev;
T t;
};
Doing non-intrusive means you need to own the lifecycle of the nodes (and make them copyable, move-constructible, or some combo thereof). Intrusive means that the caller can manage the nodes' lifecycles and just say "here's a node, I promise it'll live while the list is still alive" and have that node be on the stack, heap, static, etc.
For what? He’s probably getting fantastic severance so his time is best spent on the next thing. The employer isn’t going to get more work - it’s not wise or safe to let layed off individuals roam around the office.
it’s not wise or safe to let layed off individuals roam around the office.
I don’t really buy this. I take it you’re worried about vengeful ex-employees abusing their access privileges to break stuff on the way out?
It seems like a self-fulfilling prophecy. Probably some people would feel vengeful if you do shitty things to them like removing all their access and firing them with no notice whatsoever.
Bad employees can already break stuff while they’re employed. They might feel more inclined to do stuff like that if there are chilling effects that build distrust in the work environment, like jump-scare layoffs.
Conversely, if people are getting “fantastic severance” and you treat them with dignity on the way out, aren’t both they and the people who remain more likely to feel more positively inclined?
> I take it you’re worried about vengeful ex-employees abusing their access privileges to break stuff on the way out?
In extreme cases. But also just sowing discontent. Looking to grab value they think they are owed. Generally lots of people who are upset and probably feel mistreated and have very little to lose.
I actually think there is a small but real chance of violence as people like OP feel like their identity and way of life is threatened.
lots of people who are upset and probably feel mistreated [...] people like OP feel like their identity and way of life is threatened
But they feel like that because they're being ghosted by the company! Suddenly cut off, with no way to tie up loose ends and say goodbye to people on the way out. That's the mistreatment. If you don't mistreat them like that, maybe people won't feel mistreated or threatened.
I don't have tons of experience with layoffs. In the case where people in my team were directly affected, the company did not summarily cut off access overnight (they couldn't legally, as this was in the UK). It was completely fine and everybody was friendly and civil. It helps that the severance package was very generous, and admittedly the job market was good at the time so people would have been less worried about finding their next job.
Accurate, but also true that if you are research bound you typically enter at the year 2 or 3 level, already having finished calculus, and maybe linear algebra in high school.
This is becoming more common. Students are entering high snchool already having taken geometry in the 8th grade. When I graduated in the late 90s, we had calc 3 (we called it multivariable calc) and linear algebra, partially because a bit under half the class would run out of math by their senior year. They also were starting to offer differental equations and complex analysis. This was a magnet program. When I went back for my 20th reunion, I was told only maybe 5-10% didn’t already have geometry.
It’s great that they have opportunity. What’s unfortunate is this means if you aren’t in early, you are never getting in. The greatest indicator of whether you will be a math professor is whether your parents are math professors.
Startups have this weird psychological purity testing I have never seen outside of religious groups.
Effective organizations understand you actually don’t need to look inside the box. If someone is continuing to do good work for you it’s working. You don’t need to second guess their reasons why, or give them a reason to question their commitment.
It’s a basic lack of empathy. Many founders do have the privilege of choosing opportunities and seemingly cant or are unwilling to relate to people just working with integrity and sometimes being fulfilled by their choice of trade, without needing to be married to someone else’s idea and cause.
Also most founders ideas aren't unique and there is often a tone deafness there. Employees with experience have already seen their idea even if it was in a prior cycle.
"Believing in the mission" requires a suspension of disbelief that can reduce the impact of various factors that would otherwise decrease morale (e.g. lower cash compensation, fewer benefits, unfair working conditions, longer hours, etc).
There's a reason many startups are built on hordes of college kids and it's not that they "have more energy" or "are more willing to think outside the box". They're less experienced and thus easier to manipulate. They're also less likely to have dependents they need to take into consideration, don't understand their limits or trade-offs between short-term performance and long-term endurance (e.g. burnout), and are more likely to be naive about their place in the company and the effect/function of the company. Plus, of course, they're "less risk-averse" which is another way of saying bad at judging the odds of certain outcomes.
Ignorance is a big problem too. One time I had someone offended when I asked if their insurance plan qualified as a high deductible - they didn’t know it was a legal classification and thought I was accusing it of being expensive.
I’m not anti-startup but the VC backed startup culture of the last 10 years or so has been pretty souring.
It's really not. The multi-chunk arena it describes at the end of the article is exactly the same structure as GNU obstack, except that obstack also bothers to implement the free-to-mark operation.
It's trivial to provide the operation for any arena, finite (just set the end pointer to the given value) or chained (a little more work since you have to free chunks until the former succeeds). The operation is O(1) if you're within the last chunk or two (and if you're tuning your chunk size well, you usually will be), O(log n) if your chunks increase in size as you go, or O(n) if all your chunks are the same size (not necessarily a bad idea for some use cases), where n is the number of chunks you're freeing (much smaller than the number of bump allocations).
Depends on your definition of arena. They vary, but IME an arena usually implies you can free objects in ad hoc order back to the arena for reuse. In which case interim lifetimes get mixed. Stack allocator or bump allocator are better terms for what you're describing. Here's how I understand the terminology to best fit actual practice and literature, notwithstanding significant variance in terminology usage:
* arena: 1 or more contiguous blocks of memory kept for allocation of ad hoc object sizes; a heap. Usually supports ad hoc free'ing and reuse.
* pool allocator: A collection of discrete-sized (smallish) blocks for fast--typically O(1)--allocation and free'ing in ad hoc ordering. May utilize 1 or more discrete arenas as its backing store, or may just use the process heap directly.
* slab allocator: Typed pool allocator.
* stack/bump allocator: For allocating and free'ing objects in LIFO order. May use 1 or more arenas or pools as backing stores for intermediate "pages" of objects. Object sizes are typically ad hoc, but often up to a (smallish) maximum size.
Your typical libc malloc implementation is a collection of arenas and pools.
This entire article appears to be speculation about data they MAY have taken with no evidence besides large file size that they are misusing something.
The discussion with the “whistle blower” and other experts is only about how serious it would be IF they misused it.
Am I reading it wrong?
reply