hckrnws
> When I handed the form in to the security officer, he scanned it quickly, looked me over slowly, then said, ``Explain this''--pointing at the FBI question. I described what had happened. He got very agitated, picked up my form, tore it in pieces, and threw it in the waste basket.
> He then got out a blank form and handed it to me, saying ``Here, fill it out again and don't mention that. If you do, I'll make sure that you never get a security clearance.''
It's important to "see like the government" when dealing with the government (pun on "seeing like a bank" by https://www.bitsaboutmoney.com/archive/seeing-like-a-bank/ if anyone didn't catch the reference).
Everything fits into bins and categories with checkmarks and such. As an entity it has no "bin" for "investigated as Japanese spy as a joke when was a child". So you have to pick the closest bin that matches. However, that doesn't mean the same government later won't turn around also punish you for not picking the right "bin". Not "realizing" that it's its own fault for not having enough categories i.e. bins for you to pick. And, some may argue, that's a feature not a bug...
Not sure if you were maybe joking, but Seeing like a Bank is itself a pun on the famous book "Seeing like a state"! https://en.wikipedia.org/wiki/Seeing_Like_a_State
So you've come almost full circle!
It is the full circle! patio11 refers to that explicitly in the blog. But most people here probably saw and remember Pat's blog more than the book.
The book is very famous! I would guess more people have heard of it than read that specific BAM post.
You're almost certainly right. But I bet the tables tip distinctly the other way if you're talking about HN readers instead of everybody. So I'd guess you're both right.
In response to the seeing like a bank article, one thing which can make this a lot better is to use asynchronous ticketing or messaging systems instead of phone trees.
At my bank, I can just send a message in the app, even when it's closed, about whatever I want. Then, when the bank opens, someone reads it, and then either handles it, or transfers it. Then, if its transferreed, that person either handles it or forwards again.
The same triaging of basic issues exists, the same tiers described in the article, but the user interfece is wildly superior. I take 1 minute to write what I need to write, and then a few business hours later, its solved. I don't need to waste my time on hold. I don't need to be instantly available for an undetermined period for a call back. I don't need to explain the same issue repeatedly. If I'm asked a question, I can answer it, and the answer is then attached to the full log that every escalation or transfer has full access to.
This is so much better that I refuse to do business with most businesses that don't offer something like this. I was extremely pissed when a data broker leaked my SSN and I was forced to deal with such institutions to clean up that mess.
And then, over with AGSVA, they just do interviews. Every candidate gets one, and they absolutely do bring up all the random crap that happens to various people as kids. And ask why it wasn't on your form.
The danger isn't just being risky, it's being anomalous
the challenge is always determining what the "bins" are.
maybe the government has no bin for "investegated by the FBI for a silly and innocuous reason". but maybe they do, and lying about it slots you into the bin for "lied on their security clearance form".
In the security space you’re encouraged to be as transparent as possible. Most modern forms have ample space to write in detailed explanations.
I have some silly not nearly as interesting infractions and I wrote them out in detail explaining, without any issue in processing background checks. It usually is something that’s asked about in an in person interview at that point.
Exactly this
People of a more autistic orientation here seem to think this is a no-no when in fact it's quite the opposite
The note was investigated. Not the person.
The fact is that even for (NATO) top secret security clearances, there are lots of people that lie through their teeth, and receive the clearance. Obviously on things that aren't in any records. The big ones being alcohol use, drug use, personal finances, foreign partners. Some are more forgiving than others, though.
The military is unfortunately chock full of functional alcoholics. As long as they don't get caught drunk on the job, seen partying too much, DIU, or admit anything to their doctor, they keep getting renewed their clearance.
Interestingly enough, if there's even the smallest suspicious that you smoke weed, they'll put you through the wringer. I've seen more people lose their clearance for pissing hot, than those with six figure debts or drinking 5 days a week.
I was chatting with an old classmate at a homecoming a few months ago, and he mentioned that, during the polygraph top get Canadian Top Secret clearance for a co-op job, he had to say how many drinks he had each week. Being a university student, it got brushed aside, but the answer was considered to be alcoholism-level.
In a weird way, that's almost a positive sign, if you view the security-clearance process as mostly being about quickly clearing away secrets that could be used for blackmail down the line, when the person has more authority and more to lose.
P.S.: Further musing: There's a system-design tension between granting access to people that are "perfect" versus "flawed in ways we are aware of and can manage." Where a process ought to land on that spectrum depends on certain assumptions about baseline applicant quality, an estimate of the organization's accuracy at [false/true] [negatives/positives], and the impacts.
If you auto-reject the people who admit to something sub-criminal like cheating on their spouse, that means no applicant will ever admit to it, so you'll end up with more people hid it. In the long run, that means a higher proportion of employees who have something an adversary can use for blackmail, and the blackmail is more-effective because the repercussions are large.
You can get co-op/internship that requires a Top Secret clearance?
Yep. I worked on the control system for the Virginia class attack sub-marines for my co-op. Also got to ride around in a Seawolf class submarine.
That's pretty cool. I'm guessing you're American, not Canadian, right? I didn't realize American schools had co-ops; I thought they mostly/solely had internships.
There are co-operatives in manufacturing which would need their staff to be security-cleared in order to win government contacts (such as assembling weapons). Perhaps this is what parent is referring to. Co-ops aren't just for groceries :)
In the Canadian university lingo, co-op refers to a (usually paid) internship that you complete as part of your degree. You usually have a couple co-op terms/semesters along with your traditional terms. For example, you may start your degree with two semesters of classes, then a semester of co-op, then one of classes, then another two co-ops, more classes, etc. until you complete the degree requirements. Degrees with a co-op requirement usually will make mention of it (e.g. Software Engineering with co-op).
A lot of that comes down to what's objectively verifiable vs what's discretionary, and also what's culturally normalized inside the org.
The US Military is currently led by a dysfunctional alcoholic totally unqualified DUI hire.
When gift buying for minimalist friends it's common to offer gifts of perishable items or experiences like tickets. So that a week from now the gift has been cleared from their domicile.
It also seems like a fairly smart way to do graft. If you're bribing someone and they drink up or smoke all the evidence then they can't prove how much or how often you bribed them. Which would make alcoholics a good target especially if you can get your hands on fancy liquor.
I doubt anyone in an official capacity is using such techniques, but I can tell you this is common in sales. A lot of people in management with control of budget have at least one of just a handful of human weaknesses.
The US government uses data brokers and the banking industry to continuously monitor cleared people. Eventually they will find any problematic patterns of life.
The point is that they seem to worry more about being a weed user than being an alcoholic.
It is a federal crime to use cannabis. They've always been concerned about it.
> The military is unfortunately chock full of functional alcoholics. As long as they don't get caught drunk on the job, seen partying too much, DIU, or admit anything to their doctor, they keep getting renewed their clearance.
Well yeah. If it's not affecting your job then what's it matter? If your a closet alcoholic then sure that's something the Russians could hold over you.
There's millions of people with clearances; that's impossible to staff at below market wages and also above average moral(?) standards.
And, within high-trust societies (eg Japan, Korea, Vietnam) getting wasted lubricates social bonds in the workplace. I've met successful functional alcoholics. Seriously, they actually function and make lots of money. They're also fun to be around as long as you're not working for them.
> If it's not affecting your job then what's it matter? If your a closet alcoholic then sure that's something the Russians could hold over you
Alcohol lowers inhibitions and alters decision making. Drinking a lot of alcohol more so than casual drinking. Frequently drinking a lot of alcohol has a very high area under the curve of poor decision making.
Functional alcoholism can come with delusions of sobriety where the person believes they’re not too drunk despite being heavily impaired.
So they’ll do things like have a few (or ten) drinks before checking their email. It makes them a better target for everything like fishing attacks, as one example.
It’s not just about enemies holding it against you.
Gross misunderstanding of the threat model.
Phishing is not the problem here. Your laptop isn’t getting SIPR emails with links to fake login screens.
Being drunk at the bar/club/social event and telling that very interested lady a bit too much is probably the better example
Still not as bad as being susceptible to blackmail or bribes
That is not correlated to Alcoholism. The “extremely hot spy” problem is essentially unsolved.
I got ads from the army about "extremely hot spy" over Valentines day weekend
I think you’re misunderstanding the threat model for why security clearance cares about impaired judgment of your off time, too. There’s more to these people’s lives than when they’re on the clock (figuratively speaking). Getting compromised anywhere is a problem.
I think you’re right. These are human systems always fighting the prior battle. Nowadays, it’s probably true that the threat from digital hygiene exceeds any intention to leak. The way that’s demonstrated is by the Secretary of Defense misusing Signal instead of being one level smarter and intuitively making the right messaging choice. The system is very much ready to build a preternaturally superimposing file on Pete Hegseth. But the system as a substitute for imagination is not elaborated to improve itself.
They don’t ask about any of that. If in a drunken blackout you find a USB drive on the subway and plug it in, the system is concerned about the blackout state and not the USB. It’s self preservation depends on telling the difference between incompetence and deception.
I will grant that if you experience frequent blackouts you will likely not get cleared.
> I've seen more people lose their clearance for pissing hot
When? In the 90s? Biggest pothead I know has had a clearance since '05. For my own form, I straight up admitted I had done it and did not regret it.
It was always explained to me as a mix between, 'are you going to fuck things up by being in an altered state' and 'is someone going to blackmail you to make you into a double agent?'
If your family and wife know you sometimes sleep with men, that's not necessarily a problem. If nobody knows, that's a problem. Similarly if your wife and boss don't know you owe $50,000 to a bookie or your coke dealer, that's a liability.
Actually would be sort of interesting if your boss did know you owed a bookie $50k and they found a way to use that to make you into a triple agent...
>It was always explained to me as a mix between, 'are you going to fuck things up by being in an altered state' and 'is someone going to blackmail you to make you into a double agent?'
You are missing the foremost consideration - how critical/specialised/irreplacable is this person in their role and can we just ignore the positive test instead.
If you are good enough at what you do and management like you positive tests dont seem to matter if you make the right noises about it being a one off, retesting clean etc.
> Actually would be sort of interesting if your boss did know you owed a bookie $50k and they found a way to use that to make you into a triple agent...
Welcome to counterintelligence you'll like it here
The punchline is that automatic firing for 'vulnerabilities' itself creates the very blackmail vulnerabilities they are trying to avoid.
The Vietnam War and all the soldiers on drugs encouraged a very strict drug policy.
Makes complete sense. I've spent some time around Southeast Asia and met plenty of vets that discovered many psychoactive substances who also happen to be anti-war.
omg this was my experience. I figured there was no point lying officially, so I listed exactly how many times I smoked weed and took mdma. I was banished to the unclear side for my entire 3 years there. Meanwhile the head of IT was a raging alcoholic. I even wrote their very first J2EE webapp, which required me to be escorted to the cleared side anytime someone needed help with my code. I couldn't touch the keyboards! I was giving vi instructions verbally lol
Are you saying weed should be punished less, or the others should be punished like weed?
I'm not sure security clearance is really about punishing people.
You know exactly what I mean. Chased after, investigated?
Who are you replying to? When I click 'parent' on your post, the poster said nothing about his opinion on what should be done, only what he's seen.
I think I'm less confident that I know what you mean now than I was before.
I think they’re saying that there is an inconsistency, but they don’t suggest anything, leaving any conclusions to the reader.
It’s just “things aren’t right”, and not “here’s what we need to do…”
Yes and I am saying I am tired of those boring cop-out "analysis". Yes, having a social science degree, it was full of those. Make solutions instead. Anyone can """analyze""".
[dead]
> Interestingly enough, if there's even the smallest suspicious that you smoke weed, they'll put you through the wringer. I've seen more people lose their clearance for pissing hot, than those with six figure debts or drinking 5 days a week.
I have to defer to you here since it sounds like my experience is more limited, but this is not my understanding at all. The agencies care a lot about financial indiscretions, as those applicants are most susceptible to compromise. And indeed, if you look at the lists of denials and appeals, you might think that money issues are the only reason anyone is ever denied.
Lying about having smoked weed is another story.
First job out of college, I spilled my guts on form 86, ~40 joints, ~10 ecstasy. Denied clearance the entire 3 years. This was 2002.
Were you sponsored by a company? I feel like there is a difference in diligence and expeditiousness when you have a sponsor that is familiar to the OMP/DoD.
And yeah, I said something like "I smoked a couple times in college but not anymore". This was about two years after college. I wonder if quantifying your joints raised a flag lol.
How do you really ever know if someone you hired for psyops is telling you the truth?
It gets weirder when they train you how to evade polygraphs as part of your role.. only to have you take one for your re investigation and to be asked "have you ever tried to evade a polygraph" or something along those lines. Of course you're not in a SCIF and your training or having been exposed to that training may in fact be classified. Quite the pickle..
I imagine that Intelligence has some of the same management problems that every other western company has and at some point management ends up mortgaging some of the trust and rapport they have built with their employees in order to Make the Numbers Go Up, at which point you challenge their motivations and you have no idea if they are quietly quitting or engaging in outright sabotage.
[dead]
In case you want to read about the proactive information speeding up your security clearance: https://catless.ncl.ac.uk/Risks/6/50
I appreciate the fun, but he's clearly messing with them or has Asperger's. You can definitely reduce hoops by knowing the bins, which they helped him with.
This sounds a bit like Feynman. I wonder whether it was more the style of the time.
Thanks for posting. That's actually a much more interesting story.
This has been one of the best articles I have read.
Thank you for the digging that up and sharing.
Clever, but I'd worry that they'd actually find some way to nail me.
Comment was deleted :(
Thank you. I was wondering about that.
Boggles the mind that the advice from the security was to lie on the form, which is almost certainly a felony.
The thing that is missed in most efforts to replace people with machines is how often the people that are being replaced are on the fly fixing the system the machine is intended to crystallize and automate.
This is what a lot of people miss about "AI will replace" programmers narrative.
When converting from a traditional process to an electronic one, half my job is twisting people's arms and playing mind reader trying to determine what they ACTUALLY do day-to-day instead of the hypothetical offical, documented, process.
Some of the workarounds that people do instead of updating the process are damn right unhinged.
Without going into details, just recently I was able to get pretty decent business requirements from group manager, but it seems the only reason I was able to get somewhat decent idea of what they actually do, is because there was certain level of trust since we worked together previously so there was no need to bs one another. I openly stated what I thought is doable and he seemed to understand that I need to know actual use cases.
edit: Otoh, my boss is kinda giving up on automating another group's process, because he seems to be getting a lot of 'it depends' answers.
I will say, in a lot of cases, they aren't BS-ing/lying with intent. Just the general way their minds work seemingly isn't compatible with the very idea of laying out the process in its entirety (inc. the warts/hacks/workarounds).
So what ultimately winds up happening is, you'll roll out the process according to the official way, and then it is drip-drip-drip of changes as you find out the real-world version.
> how often the people that are being replaced are on the fly fixing the system the machine is intended to crystallize and automate.
If the system is broken, this is actually a good thing.
I have some experience doing automation work in small and large scale factories. When automating manufacturing work you almost always discover some flaws in the product or process that humans have been covering up as part of their job. These problems surface during the automation phase and get prioritized for fixes.
You might think you could accomplish the same thing by directly asking the people doing the work what could be improved, but in my experience they either don’t notice it any more because it’s part of their job or, in extreme cases, they like that the inefficiency exists because they think it provides extra job security.
> If the system is broken, this is actually a good thing.
And the system is always broken. Reality is messy, systems are rigid, there always has to be a permissive layer somewhere in the interface.
So many websites and apps are still broken in so many little ways. Maybe broken isn't the right word. But all kinds of annoyances and breaches still happen all the time.
I generally don't complain/review, and just learn the workarounds/shortcuts, but I very much welcome the increased (albeit perhaps less skilled) workforce leverage, because I think in a year or so we'll see steady improvements accumulating.
> If the system is broken, this is actually a good thing.
Sometimes when you reveal extensive noncompliance with dumb requirements, the requirements get less dumb. Other times, the organisation doubles down and starts punishing the noncompliance.
My employer's official security policies say everyone should kensington lock their laptop to their desk at all times, even though the office is behind two guards and three security doors. Nobody does. But if someone made a load of noise about it, there's no guarantee they'd remove the widely ignored rule; they might instead start enforcing it.
And so people learn to not make noise. And another broken system remains entrenched, forever.
This is exactly why “automation” hasn’t taken _that_ many jobs. It is a totally overlooked detail. Thanks for the reminder.
Some industrial shipping docks can be managed by a very small crew. I think this is the metaphor for what's going to happen to a lot of industries.
I’m not so sure. They operate that way because of scale and economy (and tech that enables that). In a future where all industries are optimized in such way, very little will actually flow as most won’t have the money to buy goods, thus factories won’t make goods, thus shippers won’t ship, and the global economy grinds to a halt.
We need waste as much as we need investment. The trick is to find the value in between. I think the sweet spot will be augmenting work, not necessarily optimizing it.
That doesn't seem to make sense. As things get cheaper and wages go down too because there's an oversupply of labor, those poorer people can still afford those cheaper things.
Things never get cheaper. The only things that have reduced in cost is tech related because we kept making advancements as per Moore’s law.
The two things that matter, housing and food, are way way up.
Luxuries are cheap and necessities are expensive
dark factory
And then, how often they aren't[0]
[0]: "Computer Says No" https://www.youtube.com/watch?v=x0YGZPycMEU
When I joined the Air Force, they helped us fill out the clearance forms. One question was related to marijuana use in the past. The NCO helping us told us “if you have used it before, be honest. They will know.” But then followed it up with “remember: you used it less than 5 times and you didn’t like it”.
I remember similar advice.
In Navy boot camp the person reviewing my security clearance application (which was filled out weeks before) was very helpful in the way he asked the critical question. “It says here you tried marijuana once. Is that true?”
"Well, some guy I didn't know very well said it was marijuana - but how would I know? All it seemed to do was make my eyes water, and give me a headache..."
It's easy to pass judgement on a decision like that when so far removed from the context where/when it took place.
It's likely that answering yes to that question meant an instant rejection for the clearance AND summer job. The FBI was probably not inclined to spend money looking into such an obviously trivial matter just so some kid could get some work experience. "Sorry, try the McDonald's down the street."
That security officer did the author an incredibly big favor.
It’s also odd, because usually, as long as you don’t lie on your security form, you’ll get your clearance.
The coverup is always worse than the original sin.
And there's good reason for that. Someone with a clearance once explained to me that they're mainly worried about things that make you vulnerable to exploitation by foreign agents. If you're covering something up, that's something they can use to blackmail you.
But maybe if the thing you're revealing is "I myself was suspected to be a spy," that changes the calculus a bit.
Clearance forms are weird in that they're not just legal documents, they're inputs into an investigative process
If it is plausible that you did not remember, it's not a felony. Something that happened for 12-years old is easy to forget.
There is nothing morally wrong in felonies like this, just don't get caught.
Not remembering is one thing, but if they find out during the vetting process, and then they ask you about it, your answers had better be forthright.
> There is nothing morally wrong in felonies like this, just don't get caught.
Highly debatable. If you believe in a categorical imperative that to intentionally deceive another person is wrong, then lying by omission is still an immoral act. A Christian might also interpret the words of Jesus “Render to Caesar what is Caesar’s” as an imperative to comply fully with the law of the land.
Mala in se vs. mala prohibita.
I don't think it's all that debatable to say that deceiving people is categorically wrong, nor is it to say that it's immoral not to follow the laws of the land -- both are obviously untrue as absolute statements.
For extreme examples, would it be immoral to lie to the Gestapo about harboring Jews? Were people illegally helping slaves escape the American South being immoral?
> would it be immoral to lie to the Gestapo about harboring Jews?
This is something that first/second year philosophy students do debate.
Minnosoteans are currently hiding, feeding, and supplying undocumented community members.
They are not debating it.
[dead]
You are completely missing the point of the categorical imperative. There are no exceptions, no loopholes, no utilitarian calculus.
> For extreme examples, would it be immoral to lie to the Gestapo about harboring Jews? Were people illegally helping slaves escape the American South being immoral?
If you believe in that categorical imperative, then yes. I’m not saying I believe in it or that Kantian philosophy is the only correct one. There are endless belief systems and philosophical schools of thought that can be used to answer that question, and they will have different answers for different reasons.
There are many laws in many jurisdictions that are immoral. Following those laws would be an immoral act. Legality and morality should be aligned, but in the real world they often aren't.
If Jesus (assuming he existed, even, regardless of any sort of divinity) tells us that following the law is always the moral thing to do, then he was wrong.
Cool, you do that then. I bet you'll get a gold star at the end of the year
Probably thought he was joking around. This was for a summer internship after all.
Nitpick: it’s not like the FBI investigated a 12-year-old with a library card. That would be humiliating. They investigated an alarming new cipher and doggedly ran down any possibility of a West Coast sleeper cell during an era of Japanese internment.
The right answer was: the FBI was investigating the note.
In this particular case I think it has more to do with the times than anything else. Discovering the records of that investigation from when he was 12 in the 40’s would have likely been a massive undertaking if not impossible. The investigator likely recognized this and just had him remove it.
These days I don’t think that happens with digital records. Omitting that incident would almost certainly cause more issues than not now as I’m sure they’d turn up in the investigation. If not included on your sf86 you’d likely be grilled about it.
Investigators are usually reasonable in my experience. If you omitted it because you earnestly forgot because it happened when you were 12, they’d likely understand if you were forthcoming about it during your interview. Investigators are human though so it depends on how they feel.
What they really care about is stuff to try to purposely hide.
The word investigated is a lot bigger than some simple inquiry someone makes. Investigation is actually a complete tear down of someone's past in a search for clues. He was not investigated. He played a part in an investigation of a lost cipher. His cipher was investigated.
He wasn't investigated though. His missing glasses and hobby were. Once they found out the owner was not worth investigation, it was dropped.
The travel forms to visit the US ask if people have ever been involved in espionage, at least they did, I'm not aware that it's changed.
You can guarantee the many people who work for intelligence agencies of US allies aren't admitting to that when they travel to the US.
It's all a bit of a game.
The reasoning for some of these questions is that if you are caught, it’s sometimes easier to charge you with fraud (lying on the form) than the actual thing (such as espionage).
Wouldn't they need the be able to prove that you are a spy in order to argue that you lied ? In which case who cares about the form ?
Thats why I presume its asking about previous engagements, if they catch someone they suspect of espionage, dig into their background and find proof of previous activity they have a clear fraud charge without having to prove their suspicions about current activities.
There's often also some arbitrage on standard of proof or statutes of limitation or jurisdiction.
Maybe to deport you for espionage requires a jury trial, but to revoke status for misleading answers on an immigration form is administrative and so is deportation for lack of status.
I seem to recall some extraordinary cases where untruthful answers on immigration forms were used to justify denaturalization.
Proving you worked for a spy agency is far easier than proving you did spying in actuality. Assuming you didn't get caught in the act.
The fact you worked for an intelligence agency doesn’t mean you were an intelligence officer. You could’ve been a cleaner, or an executive assistant, or maybe you were working as a software developer on the payroll system.
But they're required by laws of their own country to lie, presumably. There are certainly game-like aspects.
"Do you seek to engage in or have you ever engaged in terrorist activities, espionage, sabotage, or genocide?"
Quite.
Those forms also ask if you've ever been a member of a communist party, and basically everyone over 35 in all of Eastern Europe would have to check that one (they don't, if they want to enter the US)
Every statement in the above comment is wrong:
People born in the 90s wouldn’t have a chance to be old enough to belong to any group other than a preschool before the collapse of the Soviet and Soviet aligned regimes.
For those who were adults before 1990, while they may have been party members for reasons unrelated to political ideology, it wasn’t as common: in the late 80s, only ~10% of adults in Warsaw pact countries were communist party members. Far from “everyone”.
And even if you check that in the DS-160 visa application form, you are allowed to add an explanation. Consular visa officers are very well familiar with the political situation at the countries they are stationed in, and can grant visa even if the box is checked.
Do you mean everyone who was 18 by 1989, or 55 today?
Yes, my sense of the passage of time is a little off. I've met folks who were members of the FDJ in East Germany as young teens, but as you say, they are 50-ish now.
Comment was deleted :(
He was TWELVE at the time the "investigation" happened, and he clearly wasn't engaged as a suspect. His mother was.
He had no obligation to put that on security clearance form whatsoever.
He lied originally, kinda.
He made a cypher with a school friend, which cypher was handed by a stranger to the FBI and investigated. That one possible outcome of the investigation might be 'the subject is a Japanese spy' doesn't mean _he_ was suspected of that; not by the FBI at least.
If he said, "I made a cypher in school", then likely the form would have been considered fine? Presumably his record clearly showed the FBI incident, so I'm surprised that lying in the second form didn't cause concern sufficient to question him. But there you go; I've never had any associations with TLAs, what would I know.
I mean, his name is Les Earnest, they should expect it.
The advice was from the 1949-1952 period. I imagine that was the prevailing wisdom developed getting literal former Nazis jobs in our space program, etc.
(1988) and real cute
From an OG computer scientist [0], about antics at age 12 which might strike some of us as familiar :)
The personal web page is entertaining.
https://web.archive.org/web/20231021140222/https://web.stanf...
I ran a dial-up BBS in the late 1990s. One summer a few of my loyal users suddenly stopped calling.
About a year later I learned that one of my users hacked an airport. At the time a few of my users would set their computers to dial random numbers and find modems answering. One of the numbers was a very strange system with no password. The story I heard was that they didn't know what the system was, because it had no identifying information. https://www.cnet.com/tech/services-and-software/doj-charges-...
> the hacker left behind a calling card by changing the system identification name to "Jester."
> The attack on the branch of an unidentified major pharmacy chain occurred on four separate occasions from January through March of last year. The hacker acquired the names, contact information, and prescriptions for the pharmacy's customers
I think the story you heard was a watered down version of what they were doing. You can’t do things like exfiltrate data from a pharmacy database and not know what the system you’re attacking is for.
I'd like to point out that these systems had modems answering the phone and allowing access without any authentication. The sanitized story of the airport was used as a warning to why computers on the open internet need passwords at the Boston Microsoft Security Summit in 2004.
They didn't tell me about the pharmacy! Remember, these were teenagers who were curious (and naive to the implications of their actions.)
In the case of the airport, they didn't know it was an airport or even what kind of system they were in. What happened was that one of them found a reboot command, and ran it, not knowing the consequences. (Remember, when a computer controls a "thing," there is often a complicated startup procedure when it reboots.)
So don't just blame foolish kids; whoever thought it was a good idea to allow modem access to an air traffic control program without a password was the bigger fool. I had stronger security on my dial-up BBS than an airport.
I got distracted by how incredible owning milk.com is
Also the server header is "lactoserv"
The FAQ is super informative!
I miss the Grate book of MOO lore from Usenet
Is it allowed to lol on HN?
Increasingly more every year.
No, you can only go low: "MOO!"
You are welcome to lol silently.
Nah
Err. Id consider a 1m+ offer if I were him. With explosion of tlds and AI making the domain name less relevant (you ask AI and click its link) it will probably depreciate and better to grab $$$ and invest elsewhere.
Which is a real server, no less!
purple.com had a similar page for years, and eventually the mattress company rolled up with a dumptruck load of cash
He used to (maybe still does) have a page where he talked about turning down millions of dollars for it.
See the link above. He’s willing to part with it for 10 million
Almost as cool as owning ai.com!!
Buying AI.com for an AI company just shows they have more money than imagination. Many such cases during the dot-com era (pets.com, mp3.com).
The real flex would be for AI.com to have nothing to do with AI whatsoever.
Not on the same scale as AI, but my first ever AirBnB host still owns harley.com. He made his money writing "The Yellow Pages of the Internet" physical books and had turned down numerous lucrative offers from Harley Davidson.
Really fascinating and quirky guy as you can probably infer from the site.
Similarly, the guy who owned nissan.com never sold out and continues to spite Nissan Motors even in death.
You've got to actually use a trademark-adjacent domain in good faith though, otherwise you might get the rug pulled from under you.
https://www.roadandtrack.com/news/a69634055/75-million-dolla...
> The real flex would be for AI.com to have nothing to do with AI whatsoever
Apple Intelligence?
Apple Inc. was right there man.
Talk about missing the low hanging fruit!
;)
Artificial Insemination is a massive global industrial SaaS (Sperm as as Service), one of the few sectors that can literally make its customers' clients come and deliver!
That is actually an xAI mission statement
How do you feel about x.com?
Never heard of it. Do you mean twitter.com?
In an incredible coincidence, I just yesterday listened to a podcast episode that discussed milk.com.
https://www.npr.org/2025/09/03/nx-s1-5526903/domain-name-val...
It might have been 2002, can't remember, when they upgraded the e-QIP software for the security check form.
I was doing my mandatory update coincidental with the roll-out and when I got to the question, "mother a US citizen" I had to check the "no" box and the immediate pop-up was "date of first contact?" which actually got me thinking along existential lines for a moment.
At least we now know that everyone working in classified programs is above reproach and cleaner than clean. It's a good thing too, because working without accountability in secret would definitely be abused, but thankfully that's not the case because the people hired are too pure and good.
It's also a very good filter for high openness and creativity, ensuring that the most sensitive works attracts the most brilliant creative geniuses. Truly these nations know how to develop their advantages in the best way.
This story was written in another text also and discussed on HN. It was longer and the author also described how later in life he introduced a standard to wear hemlets on bicycle competitions. (Sorry, I dont have a link handy)
All the articles at https://milk.com/wall-o-shame/ are a goldmine. I prefer the one of a student called ''Missile'' Seitz buying a missile for nothing, and then didn't have to pay income taxes for several years
This story is under the title "Government Surplus" and is indeed quite a tale (and on point for MIT students).
Security clearances are probably a really good example of Goodhart's Law.
One reason for all these questions is really to determine if someone can be blackmailed, and thus a security risk. (Big reason they look at your financials and why debt can cause you to lose clearance) But the letter of the law trumps the spirit. A common lie these days is about weed usage. You may get or entirely rejected for having smoked in the past even if you don't today (e.g. you tried it once in college but didn't like it). So everyone lies and it creates a system where people are even told to and encouraged to lie, like in TFA. The irony being that this is exactly what creates the situation for blackmail! Now you can get blackmailed for having that past thing cause you to lose your job as well as lying on your clearance form.
Honestly it seems smarter to let the skeletons out of the closet. Spill your secrets to the gov. Sure, maybe the gov can blackmail you but a foreign government can't blackmail you for something that the gov already knows. You can still have filters but the dynamic really needs to change. Bureaucracy creates its own downfall. To reference another comment, I'd rather a functional alcoholic have a clearance and the gov know about it than a functional alcoholic have a security clearance and the gov not know about it (or pretend to not know). We've somehow turned clearance checks into security risks. What an idiotic thing to do
You shouldn’t be denied for smoking weed in college and disclosing it. I had no issues with that. The other thing is you can appeal a denial of your clearance if you can demonstrate the issue is not an issue. If you truly did only smoke weed in college and get denied due to that, you could appeal and make your case that your weed use is not ongoing, ended in college, and not an issue in your personal life. It’s not guaranteed to be a successful appeal, of course, but the process does exist.
The bigger problem is when people fib about their usage. Saying you only used it in college when you’ve used it more recently is something people do fairly often, and seemingly are encouraged to fib about.
It seems to me that if you lie and get the clearance, it is better than being honest and getting NACKed. Maybe morally dubious, but there's financial incentive and motivation for having a clearance.
I think you need to reread my comment... you seem to have misunderstandings...
Yeah on my SF86 I listed all the dumb shit I did and the investigator called obviously kind of concerned but receptive. We went through each one and his key point was "do you understand you can't do that" and as long as you answered yes, documented it on the form ahead of time, and it was obvious you weren't lying through your teeth then pretty much anything you did that wasn't in the last 3-5 years was pretty much immediately forgiven.
Some security officers are really touchy on these kinds of things and will tell you to exclude or lie but investigators pretty much never care what you did as long as it is obvious you don't plan on doing those types of things again or being an active problem.
They just want it for their records and they want you to be an open book such that they don't feel you are concealing anything problematic.
> Some security officers are really touchy on these kinds of things and will tell you to exclude or lie
This information is highly outdated. You can say any number of things on your SF86 and still get cleared. This is indeed the point.
The weed example is something that happened to a friend of mine. That's within the last 5 years...
In fact, I remember Comey saying something about it too. But the rule as I know it is not having smoked in the last 3 years. While that is probably fine for most people, it does seem to have a bias when you're considering people fresh out of college. Considering that college is frequently where people try weed, along with a lot of other things (not even drugs, just new activities, dress styles, and so on) as they find themselves.
That is not the rule by any means. 6 months is a rule of thumb.
What exactly happened to your friend? It is not in the domain of possibility that they were explicitly informed “you are being rejected for X reason”, so everything they do say is pure speculation. Probably, they lied about something and got caught.
imagine curing alcoholics and drug dependant ppl who work for you ?
I'm really surprised at how they would rather ignore or silence all and report that they is strictly no problem among their pool of employees, to say they have the best employees and good KPIs
It doesn't look like a winning strategy indeed.
I myself refused to do government jobs as the table in which you had to list foreigners in your friend list was just so small. They prefer you to say you don't know nobody.
Also yeah, I agree with you. These forms are straight out of the 1950s when more liberal habits have been coming since the 60s. And we're straight up declining anyone who is outspoken about his habits while he knows the true boundaries of the laws.
The government is just selecting applicants who do the sharia or some straight up vague "you have to be a good guy" menaces that completely opens them to blackmail
> imagine curing alcoholics and drug dependant ppl who work for you ?
It seems like a poor strategy for high security topics, like you say. If anything, I want these people to have zero fear of opening up about their addictions. Be it gained unintentionally or through bad decisions. Reason being that 1) it reduces the risk of blackmail and 2) giving them a pathway to help also reduces their chance of blackmail. We don't even need to mention the fact that these are people and should be treated with kindness, we have entirely selfish reasons to be selfless.
> I myself refused to do government jobs as the table in which you had to list foreigners in your friend list was just so small.
Personally I've avoided getting a clearance because I just don't see the value. It is a lot of work to put together, forces you to be more quiet about what you work on, means you need to be more careful/vigilant in every day things and especially when traveling, and all for what? Low pay and not even that cool of work? I mean if it was working on alien technologies and cool sci-fi shit, sign me up! But the reality is that most of the work isn't very exciting. I'd rather have more freedom, more pay, and work on more interesting things. Maybe their work can have more purpose and more impact, but I am also not convinced that's true for the majority of things you need clearance for (even as a person in STEM).
Comment was deleted :(
I once worked at a top financial firm which had regular background checks from Pinkerton (yeah, that very agency from the books and with bad US history).
They sent me a questionnaire asking to fill personal details in a Word file while their email signature said not to disclose personal details over email.
Security clearance business is rotten to the core.
I admire people who don't lie about past drug use on their clearance forms. Sure, it might delay their clearance, but I still admire them.
The core social problem with drug addiction and alcoholicism is this concept of telling people what you think they want to hear from you, not telling them the truth.
Wonder if author name is Alice
"Kid, have you rehabilitated yourself?"
For context: Alice's Restaurant Massacree [1].
This happened to my mom when being interviewed when coming over here in the 60s. During verbal questioning she said something like “of course”. The government agent turned deep red and asked her if she understood the question (English isn’t her first language and she hadn’t). She’s been here since.
I kind of get that the agent is looking out for the applicant in this story. You have no idea what’s going to happen when you do a security clearance thing and they ask about this and that. How serious is the wrong answer.
Excepting my favorite question which something like “have you ever tried to topple the government?”
The system is messed up when screening for honesty encourages people to lie.
I suspect that's why experienced officers sometimes intervene like in the OP's story
Not related to this story, but this one https://milk.com/true-stories/stupid_computer_users.txt was hilarious :)
This one's fun too: https://milk.com/wall-o-shame/two_dollars.html
My favorite part of re-upping every five years is the investigator indignantly asking why I spent multiple years in all these different countries and showing him the government orders that posted me there. There's really a "left hand has no idea what the right hand is doing" aspect to this process.
"the most frequently occurring letters in typical English text are e-t-a-o-n-r-i." But "Wheel of Fortune" told me to guess R-N-S-T-L-E!
It's not contradictory. Wheel of Fortune only gives you one vowel for free, e is the most common, same as here.
Wheel of Fortune gives you several consonants, order matters less, and both lists share n r and t.
Related. Others?
What not to write on your security clearance form (1988) - https://news.ycombinator.com/item?id=34437937 - Jan 2023 (545 comments)
What Not To Write On Your Security Clearance Form - https://news.ycombinator.com/item?id=1444653 - June 2010 (98 comments)
When I was 15, a couple months short of 16, I ended up working as a student intern at a research facility. They required a clearance to badge into and out of the building, but I never worked on anything that directly needed the clearance.
So I was given the form to fill in and read the question: Since you were 16, or in the last 7 seven years, have you ever smoked weed?
So I thought, I guess I better think back to when I was 8!
I've read this before but this time what stands out is:
> (To me, $8 represented 40 round trips to the beach by streetcar, or 80 admission fees to the movies.)
Glasses being a ripoff scam goes back that far?!
> On another occasion much later, I learned by chance that putting certain provocative information on a security clearance form can greatly speed up the clearance process. But that is another story.
Presumably this is the famous (?) story of him listing his race as “mongrel” whenever asked?
From elsewhere in this thread:
Note the date, it's April 1 1988.
It's obvious the real spy was Bob.
Bob AKA "Satoshi-san".
> On another occasion much later, I learned by chance that putting certain provocative information on a security clearance form can greatly speed up the clearance process. But that is another story.
I have to know this now...
Here you go: https://yarchive.net/risks/mongrel.html
What a wholesome guy. Thanks for the read
So something uncomfortable about clearance processes: they're not purely about truth, they're about interpretable truth
I find it a little funny how much the government spends on these dead end investigations. We never will know precisely how much is wasted.
Investigating a cryptographic key found near a major military installation during war time doesn’t strike me as a waste of money. We have the full information about the outcome, but the San Diego FBI field office did not.
I think that’s what makes this story so funny- the FBI was acting appropriately and rationally, but ended up with a relatively absurd result.
If a Japanese spy knew this would happen, they could waste enormous amounts of time by spreading unused keys around San Diego.
It's not funny. It's a dag-gone jobs program. ICE, TSA, and more throw away billions to effect little but a heavy burden on the population. These organizations, FBI and other law enforcement included, invent crises and problems so as to secure even more funding.
Maybe the individual investigator in the story is excepted considering it seems he took it seriously, perhaps, but yes, a lot of money is intentionally thrown into these organizations for security theater, jobs programs, and padding the pockets of political friends and cronies.
What we should be worried about is how many legitimate threats fly under the radar because time and again these organizations have been proven to be highly ineffective at actually preventing what their charters mandate, but they can appear to be very visibly effective by incarcerating thousands of innocent people.
And then when something big happens, everybody and their dog starts screaming “how could this happen?!?”
You can’t have it both ways… (not specifically directed at you.)
I think it is quite reasonable to tell incompetents that they can't just cover their ass by claiming "you can't demand perfection".
These are the same kind of incompetents who want the pay but not the responsibility of the position. Who think that building a giant haystack of all of the data is the solution so they can illogically claim to have prevented something that because you had that needle in there somewhere! Except you never found it in time because you were too busy building the tower of Babel out of hay! It is just utterly idiotic double-think. (Cough, cough NSA!)
I mean, in this case the government spent thousands because there was a small amount of circumstantial evidence that suggested there was clandestine communication happening during wartime.
What was the immediate government spending on Japanese American internment, where there was no evidence or investigation into the ~120k people whose lives were disrupted, and who were transported, housed, fed and guarded for multiple years?
Arguably, spending thousands on investigating something specific is less wasteful than the alternatives the government was willing to take at that time.
Comment was deleted :(
They just needed to polygraph him
;-)
Just how little space was there on the form? I think I would have tried something like:
"When I was 12 years old, I exchanged encrypted messages with friends. The FBI found a code and briefly thought I was a spy."
Or, if there was even less space:
“As child, used encryption for fun. FBI found code & investigated.”
I would want to avoid lying at all costs, even if a superior instructed me to. Who knows what could happen.
body { max-width: 60em; margin: auto; }
Cool story! The domain name is quite cool as well, happy that some people still hold onto their silly whims instead of cashing out
honestly, had he written the reason as "I devised new encryption scheme at 12" he might have gotten promoted rather than dissuaded
it's like insurance claim - precise wording matters more than facts
I have a somewhat similar story involving the death of an extremely elderly neighbor by an accident on his farm, and the suspicion by the state police that I at 12 years old had murdered him, based solely on someone saying they thought they saw me messing with his mailbox from a car that was similar to the one parked in our driveway. The mailbox which stood directly next to ours at the end of an easily walkable driveway. So yes, Mr. SF-86, I had once been investigated for a felony. Oh, you're only supposed to tell the truth if the truth will help the government catch to a bad guy? Very impressive system, sir. Top notch.
The modern SF-86 only asks about charged, not investigated (and AFAIR, that was the case also 20 years ago).
(And arrested, but presumably you were not).
> It apparently didn't occur to them that if I were a real Japanese spy, I might have brought the glasses with me from headquarters.
It occurred to them. They like to test their apparatus out anyways.
[dead]
> it was in 1943, just after citizens of Japanese descent had been forced off their property and taken away to concentration camps
Anyone else did that during the war or only horrible Hitler and humane Americans?
Come think of it, I wonder what would happen to all the immigrants if full-on war ensues.
I think the motivation and experience of those camps were quite different
Yeah, let’s call that involuntary race-based detention a retreat.
Like the USofA, the British interned "enemy nationals" - this policy extended across the Commonwealth including Canada, Australia, India, and elsewhere.
During the Second World War, the British government interned several different groups of people, including German, Austrian and Italian nationals.
However, following Nazi Germany’s military successes in France, Belgium and the Netherlands in the spring and summer of 1940, there was increasing concern that ‘enemy aliens’ in Britain would form a ‘ fifth column ’.
These concerns were amplified by the British press. As a result of this growing fear, the British government interned approximately 27,000 ‘enemy aliens’, including those assessed as low risk, supposedly in the interests of national security. Those interned were predominantly men between the ages of 16 and 60, but 4000 women and children were also interned.
In Australia: https://www.naa.gov.au/explore-collection/immigration-and-ci...
In India: https://en.wikipedia.org/wiki/Seven_Years_in_Tibet
Technically Heinrich Harrer was not a civilian as he held the "honorary" rank of a Nazi sergeant in the SS, kind of an early PR stunt rank given due to his status as a world famous mountaineer .. still it points to the internment of Germans and Austrians in India and references an interesting book
Also, noting Peru, this happened on every inhabited continent. The USA figure of 120,000 interned isn’t even high on the list. Stalin interned 180,000 Koreans just in case.
People are cruel. Good people arent cruel enough to overpower the cruel people
Comment was deleted :(
Crafted by Rajat
Source Code