While I agree with some components of this blog, I also think that the author is speaking from a specific vantage point. If you are working at a large company on a pre-existing codebase, you likely have to deal with complexity that has compounded over many product cycles, pull requests, and engineer turnover. From my experience, AI has increased my performance roughly by 20%. This is primarily due to LLMs bypassing much of the human slop that has accumulated over the years on Google.
For newer languages, packages, and hardware-specific code, I have yet to use a single frontier model that has not slowed me down by 50%. It is clear to me that LLMs are regurgitating machines, and no amount of thinking will save the fact that the transformer architecture (all ML really) poorly extrapolates beyond what is in the training canon.
However, on zero-to-one projects that are unconstrained by my mag-seven employer, I am absolutely 10x faster. I can churn through boilerplate code, have faster iterations across system design, and generally move extremely fast. I don't use agentic coding tools as I have had bad experiences in how the complexity scales, but it is clear to me that startups will be able to move at lightning pace relative to the large tech behemoths.
Former national lab engineer here. For access to any of the classified buildings, you must have a Q clearance or be escorted by someone with a Q clearance. This means all of facility staff are required to be cleared as well (janitorial, maintenance, etc). Just because one has a Q clearance does not mean you are provided any classified information.
I think the common misconception is that a security clearance gives you access to things. The reality is that a specific role / need to know gives you access to things if you have the clearance, not the other way around.
If you clear millions of people, that sounds unsafe to the general public, but it isn't really because the clearance is only a confirmation that nothing is wrong in your background. It doesn't give you any access.
It's also a common misconception that classified information is super-special-whiz-bang-James-Bond information. A lot of it is really dense technical stuff that wouldn't be of interest to outsiders unless they were foreign agents looking to steal, say, tolerances for parts that go into a piece of military equipment.
Also, if you only protected your most important secrets, it would be pretty easy for an adversary to spot where those are and who might have access to them. By having a very wide scope of what’s classified, the really juicy stuff is a needle in a mundane haystack.
I had a secret clearance in the Army 25 years ago, and the sexiest secret I ever learned was a number...which was the obvious product (like literally x*y) of two unclassified numbers.
If x and y were primes then your secret was probably quite valuable at that time. 25 years ago is about the right time for RSA encryption to still be state of the art at the NSA and whatnot. The reason this is valuable is that you can multiply the two numbers quickly, but figuring out the two numbers knowing only the product is extremely hard (mathematically/computationally). When x and y are large primes, then the division takes a long time (decades depending on the size of the number).
Is it possible that you actually learned some important private cryptographic key? If so, that number might have been sexy but you just didn’t actually have visibility into a bigger picture?
> Is it possible that you actually learned some important private cryptographic key
No, it was more like "this chainsaw cuts through 3 inches of wood per second and it falls apart in half a minute, so the amount of wood you can cut with it is [REDACTED]"
>> Is it possible that you actually learned some important private cryptographic key
No, it was more like "this chainsaw cuts through 3 inches of wood per second and it falls apart in half a minute, so the amount of wood you can cut with it is [REDACTED]"
That actually sounds like a pretty secure password.
Sure, I guess you could say that a 500-digit number has 500 unclassified components. It makes sense that each of the digits have been written somewhere publicly.
But where would the x or y have ever been written publicly?
I had a secret clearance, and it was used for setting up an application to print pages with a classified banner. Once that page was printed, it was technically classified material. As you know; generation, and possession, and destruction of that material (even if an otherwise blank sheet of paper) - is controlled and documented.
In IT projects, most of us with any kind of clearance NEVER see anything controlled. But the clearance is needed in case we ever need to see controlled information, in order to write code, debug it, operate it, or train others to use the system.
Though some may eventually end up on a system or program whose very existence is classified. And that fact alone, is often not very special, and may be the only thing they ever "know" that's controlled.
I had a secret clearance when working for a government contractor at a civil agency. I don't remember anything particularly sensitive ever coming to my attention. Secret clearances are not hard to come by, or anyway were not back then.
They definitely taught us secrets. They had a faraday cage in one of the armored vehicle garages just for that purpose. I was just agreeing with the parent that the secrets were all totally random and mundane. Like if you take a two month auto repair course and when it comes time to set the gap on some spark plugs they herd you into the faraday cage to tell you what setting to use.
it depends. theres not a lot of granularity in the classification system and the government is loathe to declassify old stuff. thats why s\c\i is the best clearance marking i know of and basically means "dont tell anyone even if they have a clearance"
a lot of nuclear navy info is decades old and shares the same classification level of new, novel tech. suffice it to say submarines are doing cool things and i certainly dont know the half of it.
Also if you are writing a document, it's much easier to just give it a high classification to be on the safe side than try and figure out what the lowest classification it could have is. And as everybody you are working who will need to read it will have clearance anyway, it won't make it any harder for those people.
LOL from reading the New York Times reporting on the DoD’s internal UAP (UFO) reports last summer me and a guy I worked with guessed which compartment it fell under. We went to our FSO and asked for access to that compartment and he was like “why do you need that?”
Us: “UFOs!”
Him: “Oh, you mean FUOU? That goes by CUI these days.”
Us: “No, UFOs like Aliens!”
Him: “GET THE HELL OUT OF MY OFFICE!”
So yeah, even with TS/SCI I couldn’t couldn’t get access to aliens :|
FOUO, for official use only. That’s non-secret but not appropriate for general release information (for some reason). CUI is the updated version of that level of classification.
FOUO - A doctors patient list. That isn’t the business of the public and should not be released. That data does not contain PII, patient health data, and is not protected as a matter of security but it is still protected data.
Classified - Data that is restricted from public release. This is lowest level of protection and is intentionally vague.
Secret - Information that if disclosed can be used to harm people or disrupt government operations by adversaries. This includes information like convoy travel schedules and communications outages. Secret data is typically really boring office information in otherwise more exciting work.
Top Secret - This information, if disclosed, will likely result in embarrassment to the extent that national security or diplomatic relations suffer or that the intentional imminent danger of death or bodily harm occurs to people.
I get what you're saying but a doctor's patient list contains PII and patient health data. The fact of a patient seeing a certain doctor, especially a specialist, reveals some private health information of a patient.
Exactly, most programs require specific compartmented information and additional read in. I've only ever seen people with vanilla clearances working operational positions to manage facilities, etc.
>If you clear millions of people, that sounds unsafe to the general public
It sounds unsafe once all the information collected on those millions of people is placed in a central location and then hacked by or leaked to a nation-state level adversary.
If you said that 99% of them don't actually have power or access, it could be true, but irrelevant if an adversary has essentially 100% and unlimited resources to review them and double check the work.
>the clearance is only a confirmation that nothing is wrong in your background
In theory. The security clearance investigators are not perfect, and moreover, it's been publicly reported that sometimes contractors have falsified records showing they performed investigations. Statistically, X% are going to be flawed.
If an adversary has ~100% of the records, then think what they can do by reviewing them. Compromising someone doesn't require an earthshattering discovery because the cardinal sin is failure to disclose.
Let's say, for example, a person smoked pot a few times. From what I've read, that's generally not a big deal as long as you aren't doing it currently and don't lie about your history.
(The DOE rule seems to be that if you haven't used illegal drugs for two years, then they're not disqualifying per se, depending on a holistic look at a person)
But if an adversary has the entire investigation and every other piece of information that the federal government has on every employee, and they can determine that a given person did in fact conceal anything, then it is leverage to compromise them. Do X or you will be exposed as having lied. Or even "do X or you will be framed as having lied". It could be just enough to get someone to perform some action that further compromises them, and so on.
The more people this is done to, the more it snowballs. They could say "this higher up person works for us, so if you don't cooperate they will help us frame you for X". And it could be true, so how can a person verify?
If they have everyone's investigation, then all of the people who do have access to important things are at risk, and anyone who is truly spotless cannot be sure who is compromised.
Ancillary information like fingerprints makes it even worse, as all covert agents anywhere can in principle be detected and eliminated. This type of apocalypse being quiet, an absence of reporting on it wouldn't be evidence against.
I deduce that the whole scenario likely happened starting several years ago, based on public information, summarized at:
I am not making a categorical statement that seeking a cleared federal position is a mistake, but consider the gravity of the decision to trust the system if you do.
I linked to the page on the OPM breach. The reason I wrote "or leaked" is because there is no confirmation of who got it or who they might have given it to.
If people are saying it was hacked by country X, it might be strategic to share it with a couple other countries and let them cause chaos. Then, with clean hands, make speeches tut-tutting about the degeneracy of American culture and democracy.
Trying to orchestrate anything, by actually controlling the US government has a lot of potential downside, and what really is the strategic goal?
Presumably all the countries on the list that the US doesn't like want one simple thing - to be treated (as countries) equally to US allies. It's not necessary to make the US do anything, just to make us incapable of doing anything and unable to be trusted by allies. And that's inherently much easier than control. Not only that, but it doesn't require trust and cooperation among themselves to an unrealistic degree.
>> Just because one has a Q clearance does not mean you are provided any classified information.
Exactly.
"Need to know basis." is the key phrase here.
The clearance is just the tag that gets you in the door. If you do not have a specific need to access the information to do your specific job, you do not have any right to access it.
AFAIK, deliberately taking steps to access info beyond your need to know -- even if it is within your clearance level -- is grounds for disciplinary action or prosecution.
So the TS/Q-cleared janitor, parts contractor, or engineer from the other project who gets found browsing in TS/Q file cabinet is waaay out of line,and likely in big trouble.
I was in service during the the start of Wikileaks. We got talks about how going on that site and viewing classified information that is against the UCMJ. It did not matter that the information was now public.
I was in a internal software tools department at a large company that did some classified work. Because I might need to interact with departments doing classified work I had to apply for Top Secret classification. This was required just in case I might have to get into those areas of the company to teach them how to use our in-house compiler.
(I didn't finish the process of obtaining the classification because of my desire to return to grad school in a different city. I never touched or even saw a classified document despite having Secret clearance already.)
Interesting. I worked for a company doing some classified defense contracting (as an intern). I didn't need any clearance and the only limitation was that anyone without clearance needed an escort to enter the lab. Although really it just boiled down to "see if someone has opened it for the day yet, if not go ask one to"
(And in reality I didn't even need that because several people kept their lab key in plain sight on their desk in their open office 24/7...)
We will never know for sure, but well researched and supported theories about who is behind the Q persona indicate that none of the people involved have ever seen the inside of a secure facility.
You could tell that Q Anon was fake from the very first post, because they said Q was the "highest clearance," a statement that is doubly incorrect. Q is an access, not a clearance. Confidential, Secret, and Top Secret are the only clearances—people with Q must have a Top Secret clearance. And, Q doesn't provide you access to higher level information about global politics than Top Secret, it provides you access to information about nuclear weapon design. None of the things Q Anon purported to have insight into were at all related to the actual information controlled by the Q access.
> Confidential, Secret, and Top Secret are the only clearances
Not necessarily. Maybe in DoD land, but there's also a different system (uses similar terminology) for the State Department, and Department of Education (and some others) also has a thing called "Public Trust Clearance" and they involve different background checks (which aren't transferable). But the DoD clearance is the one that takes much longer to complete.
Remember that the best lies also have a kernel of truth in them. You don't need to have a Q clearance to say you have one on 4chan, 8chan, 8kun (etc). How would anyone validate your Q clearance? Instead you just post something plausible, but just out of the reach of validation.
That's what I read too. "Q" seems to want to imply that he's some super-privileged insider. But apparently a Q clearance is not all it's cracked up to be.
Somewhat related, a physicist friend of mine had diplomatic immunity while working at CERN, for no other reason than the fact that the LHC sits on the border between France and Switzerland, and most of the usual diplomatic privileges become pretty important when you’re potentially crossing the border several times a day, potentially importing and exporting expensive equipment.
One of the unfortunate things that goes along with this, from my experience, is that those area can be absolutely filthy. There was no janitorial staff for the cube farm I was briefly in. Everything had a layer of old dust and grime on it, and we wiped everything with wet wipes. Men In Black it was not.
For newer languages, packages, and hardware-specific code, I have yet to use a single frontier model that has not slowed me down by 50%. It is clear to me that LLMs are regurgitating machines, and no amount of thinking will save the fact that the transformer architecture (all ML really) poorly extrapolates beyond what is in the training canon.
However, on zero-to-one projects that are unconstrained by my mag-seven employer, I am absolutely 10x faster. I can churn through boilerplate code, have faster iterations across system design, and generally move extremely fast. I don't use agentic coding tools as I have had bad experiences in how the complexity scales, but it is clear to me that startups will be able to move at lightning pace relative to the large tech behemoths.