Three years ago, I was part of a team re­spon­si­ble for de­vel­op­ing and main­tain­ing Kubernetes clus­ters for end user cus­tomers. A main source for down­time in cus­tomer en­vi­ron­ments oc­curred when im­age reg­istries went down. The tra­di­tional way to solve this prob­lem is to set up a state­ful mir­ror, how­ever we had to work within cus­tomer bud­get and time con­straints which did not al­low it. During a Black Friday, we started get­ting hit with a ton of traf­fic while GitHub con­tainer reg­istries were down. This lim­ited our abil­ity to scale up the clus­ter as we de­pended on crit­i­cal im­ages from that reg­istry. After this in­ci­dent, I started think­ing about a bet­ter way to avoid these scal­a­bil­ity is­sues. A so­lu­tion that did not need a state­ful com­po­nent and re­quired min­i­mal op­er­a­tional over­sight. This is where the idea for Spegel came from.

As a sole main­tainer of an open source pro­ject, I was en­thused when Microsoft reached out to set up a meet­ing to talk about Spegel. The meet­ing went well, and I felt there was go­ing to be a path for­ward ripe with co­op­er­a­tion and hope­fully a place where I could on­board new main­tain­ers. I con­tin­ued dis­cus­sions with one of the Microsoft en­gi­neers, help­ing them get Spegel run­ning and an­swer­ing any ar­chi­tec­ture ques­tions they had. At the time I was pos­i­tive as I saw it as a pos­si­bil­ity for Micorosft to con­tribute back changes based on their learn­ings. As time went on, si­lence en­sued, and I as­sumed work pri­or­i­ties had changed.

It was not un­til KubeCon Paris where I at­tended a talk that piqued my in­ter­est. The talk was about strate­gies to speed up im­age dis­tri­b­u­tion where one strat­egy dis­cussed was P2P shar­ing. The top­ics in the ab­stract sounded sim­i­lar to Spegel so I was ex­cited to hear oth­er’s ideas about the prob­lem. During the talk, I was en­thralled see­ing Spegel, my own pro­ject, be dis­cussed as a P2P im­age shar­ing so­lu­tion. When Peerd, a peer to peer dis­trib­u­tor of con­tainer con­tent in Kubernetes clus­ters made by Microsoft, was men­tioned I quickly re­searched it. At the bot­tom of the README there was a thank you to my­self and Spegel. This ac­knowl­edge­ment made it look like they had taken some in­spi­ra­tion from my pro­ject and gone ahead and de­vel­oped a ver­sion of their own.

While look­ing into Peerd, my en­thu­si­asm for un­der­stand­ing dif­fer­ent ap­proaches in this prob­lem space quickly di­min­ished. I saw func­tion sig­na­tures and com­ments that looked very fa­mil­iar, as if I had writ­ten them my­self. Digging deeper I found test cases ref­er­enc­ing Spegel and my pre­vi­ous em­ployer, test cases that have been taken di­rectly from my pro­ject. References that are still pre­sent to this day. The pro­ject is a forked ver­sion of Spegel, main­tained by Microsoft, but un­der Microsoft’s MIT li­cense.

Spegel was pub­lished with an MIT li­cense. Software re­leased un­der an MIT li­cense al­lows for fork­ing and mod­i­fi­ca­tions, with­out any re­quire­ment to con­tribute these changes back. I de­fault to us­ing the MIT li­cense as it is sim­ple and per­mis­sive. The li­cense does not al­low re­mov­ing the orig­i­nal li­cense and pur­port that the code was cre­ated by some­one else. It looks as if large parts of the pro­ject were copied di­rectly from Spegel with­out any men­tion of the orig­i­nal source. I have in­cluded a short snip­pet com­par­ing the code which adds the mir­ror con­fig­u­ra­tion where even the func­tion com­ments are the same.

A neg­a­tive im­pact from the cre­ation of Peerd is that it has cre­ated con­fu­sion among new users. I am fre­quently asked about the dif­fer­ences be­tween Spegel and Peerd. As a main­tainer, it is my duty to come across as un­bi­ased and fac­tual as pos­si­ble, but this tu­mul­tuous his­tory makes it chal­leng­ing. Microsoft car­ries a large brand recog­ni­tion, so it has been dif­fi­cult for Spegel to try and take up space next to such a be­he­moth.

As an open source main­tainer I have ded­i­cated am­ple time to com­mu­nity re­quests, bug fixes, and se­cu­rity fixes. In my con­ver­sa­tion with Microsoft I was open to col­lab­o­ra­tion to con­tinue build­ing out a tool to ben­e­fit the open source com­mu­nity. Over the years I have con­tributed to a mul­ti­tude of open source pro­jects and cre­ated a few of my own. Spegel was the first pro­ject I cre­ated from the ground up that got some trac­tion and seemed to be ap­pre­ci­ated by the com­mu­nity. Seeing my pro­ject be­ing forked by Microsoft made me feel like I was no longer use­ful. For a while I ques­tioned if it was even worth con­tin­u­ing work­ing on Spegel.

Luckily, I per­sisted. Spegel still con­tin­ues strong with over 1.7k stars and 14.4 mil­lion pulls since its first re­lease over two years ago. However, I am not the first and un­for­tu­nately not the last per­son to come across this David ver­sus Goliath-esque ex­pe­ri­ence. How can sole main­tain­ers work with multi-bil­lion cor­po­ra­tions with­out be­ing taken ad­van­tage of? With the changes of Hashicorp li­cens­ing hav­ing a rip­pling ef­fect through the open source com­mu­nity, along with the strong de­cline in in­vest­ment in open source as a whole, how does the com­mu­nity pre­vail? As an ef­fort to fund the work on Spegel I have en­abled GitHub spon­sors. This ex­pe­ri­ence has also made me con­sider chang­ing the li­cense of Spegel, as it seems to be the only stone I can throw.

Please turn on your JavaScript

On the SilentPatch GitHub is­sue tracker, I re­ceived a rather spe­cific bug re­port:

When I up­graded my win­dows to ver­sion 24H2, the Skimmer plane dis­ap­pear com­pletely from the game. It can’t be spawn us­ing trainer nor it can’t be found any­where on it’s nor­mal spawn points. I’m us­ing both my mod­ded copy (which is be­fore the up­date, is com­pletely fine) and vanilla copy with only silent­patch (I tried the 2018, 2020 and the most re­cent ver­sion of silent­patch) and the plane still won’t ex­ist.

If this was the first time I had heard about it, I’d likely con­sider it du­bi­ous and sus­pect there are more things at play, and it’s not specif­i­cally Windows 11 24H2. However, on GTAForums, I’ve been re­ceiv­ing com­ments about this ex­act is­sue since November last year. Some of them said SilentPatch causes this is­sue, oth­ers how­ever stated the same hap­pens on a com­pletely un­mod­ded game:

Apparently the skim­mer cant spawn when play­ing on Windows 11 24h2 up­date, hope this bug gets fixed.

EDIT: So I think I con­firmed it, I set up a VM with Windows 11 23h2 and the damn plane spawns fine, and up­dat­ing that same VM to 24h2 breaks the skim­mer, why would a small fea­ture up­date in 2024 break a ran­dom plane in a 2005 game is any­one’s guess.

After the lat­est Silent patch up­date there is no Skimmer in the game and when I try to spawn it with RZL-Trainer or Cheat Menu by Grinch, the game freezes and I have to close it via Task Manager.

[…] I was forced to up­date to 24H2, and now af­ter the up­date, I have the same prob­lem with the Skimmer in GTA SA as oth­ers. This means that mods or any­thing else are not caus­ing the is­sue, the prob­lem ap­peared af­ter the lat­est Windows up­date.

My home PC is still on Windows 10 22H2, while my work ma­chine is on Windows 11 23H2, and, to no sur­prise, nei­ther ma­chine re­pro­duced the is­sue — Skimmer spawned on the wa­ter just fine, cre­at­ing one via script and putting CJ in a dri­ver’s seat worked too.

That said, I also asked a few peo­ple who up­graded to 24H2 to test this on their ma­chines and they all hit this bug. Attempts to de­bug “remotely” by giv­ing in­struc­tions over the chat did­n’t go any­where, so I set up a 24H2 vir­tual ma­chine on my own. I copied the game over to the ma­chine, set it up for re­mote de­bug­ging from the host OS, headed to the usual place the Skimmer spawns, and sure enough, it was­n’t there. All other planes and boats still spawned fine, only this one ve­hi­cle did not:

I then used the script to spawn a Skimmer and put CJ in­side it, just to be launched

1.0287648030984853e+0031 = 10.3 non­il­lion me­ters, or 10.3 oc­til­lion kilo­me­ters, or 1.087 quadrillion light-years up in the sky 😆

With SilentPatch in­stalled, the game freezes shortly af­ter launch­ing the player up, as the game code gets stuck in a loop. Without SilentPatch, the game does­n’t freeze, but in­stead, it suc­cumbs to a fa­mous “burn-in ef­fect” known to oc­cur when the cam­era gets launched into in­fin­ity or close to it. Funny enough, you can still kind of make out the shape of the plane even though the an­i­ma­tions give up com­pletely to the in­ac­cu­ra­cies of the float­ing point val­ues:

But, enough mess­ing around; now I knew it was a real bug and I needed to fig­ure out the root cause. At this point it was­n’t pos­si­ble to say whether the game was at fault, or if I was re­ally deal­ing with an API bug in­tro­duced in 24H2, as look­ing at how many games have is­sues with this OS ver­sion, it could go ei­ther way.

I did­n’t have much to go with, but the fact the game froze with SilentPatch in­stalled pro­vided me with a good start­ing point. Upon en­ter­ing the sea­plane, the game froze in a very small loop in CPlane::PreRender, at­tempt­ing to nor­mal­ize the ro­tor blade an­gle to the 0-360 de­gree range:

In the de­bugged ses­sion, this->m_f­Blade­Speed was 3.73340132e+29. This value is ob­vi­ously enor­mous, big enough to make decre­ment­ing the value by 6.2831855

en­tirely in­ef­fec­tive due to the dif­fer­ence in float­ing point ex­po­nents of these two val­ues. But why is the blade speed so ridicu­lously high? The blade speed is de­rived from the fol­low­ing for­mula:

where v34 is pro­por­tional to the plane’s al­ti­tude. This matches the ini­tial find­ings — as men­tioned ear­lier, the “burn-in ef­fect” tra­di­tion­ally hap­pens when the cam­era is very far away from the map cen­ter, or at a great height.

What caused the plane to shoot so high up? There are two pos­si­bil­i­ties:

The plane spawns high up in the sky al­ready.

The plane spawns at ground level and then shoots up in the next frame.

As for this test, I was spawn­ing the Skimmer my­self with a test script, so I could start from the func­tion used in the game’s SCM (script) in­ter­preter, named CCarCtrl::CreateCarForScript. This func­tion spawns a ve­hi­cle with a spec­i­fied ID at the pro­vided co­or­di­nates, and those come from my test script, so I know they are cor­rect. However, this func­tion trans­forms the sup­plied Z co­or­di­nate slightly:

CEntity::GetDistanceFromCentreOfMassToBaseOfModel con­tains mul­ti­ple code paths, but the one used in this case sim­ply gets the negated max­i­mum Z value of the mod­el’s bound­ing box:

At this point, I ex­pected this value to be in­cor­rect, so I peeked into Skimmer’s bound­ing box val­ues just to find out that the max­i­mum Z value is in­deed cor­rupted:

If all the com­po­nents of the bound­ing box were cor­rupted, I would have sus­pected some mem­ory cor­rup­tion, like an­other code writ­ing past bound­aries and over­writ­ing these val­ues, but it’s specif­i­cally sup.z that is cor­rupted that is nei­ther the first nor the last field in the bound­ing box. Once again, two pos­si­bil­i­ties came to my mind:

The col­li­sion file is read in­cor­rectly and some fields re­main unini­tial­ized, or read un­re­lated data in­stead of the bound­ing box? Highly un­likely, but not im­pos­si­ble given that

this is­sue could po­ten­tially have been an OS bug.

The bound­ing box is read cor­rectly, but then it’s up­dated with an out­ra­geously in­cor­rect value.

A data break­point set up at pColModel re­veals that at the time of the ini­tial setup, the bound­ing box is cor­rect, and the value of the Z co­or­di­nate is com­pletely rea­son­able:

Turns out, the first time a ve­hi­cle with a spe­cific model is spawned, the game sets up the sus­pen­sion in a func­tion SetupSuspensionLines, and up­dates the Z co­or­di­nate of the bound­ing box to re­flect the car’s nat­ural sus­pen­sion height:

This is where things went wrong first. The sus­pen­sion lines are com­puted us­ing a com­bi­na­tion of val­ues from han­dling.cfg and the wheel scale pa­ra­me­ter com­ing from ve­hi­cles.ide:

Since I knew colModel->lines[0].p1 is cor­rupted, this meant ei­ther pHan­dling->fSus­pen­sion­Low­er­Limit, pHan­dling->fSus­pen­sionUp­per­Limit, or wheelScale were bo­gus. Skimmer’s han­dling.cfg val­ues did­n’t seem any dif­fer­ent to any other plane in the game, but then I spot­ted some­thing in­ter­est­ing in ve­hi­cles.ide. Skimmer’s line looks like this:

Compare this line to any other plane in the game, in this ex­am­ple Rustler:

The line is shorter and it’s miss­ing the last four pa­ra­me­ters, more­over, two of the miss­ing pa­ra­me­ters are the front and rear wheel scale!

This is nor­mal for boats, but Skimmer is the only plane to omit these pa­ra­me­ters.

Does re-adding those pa­ra­me­ters fix the sea­plane? Unsurprisingly, it does!

I have a likely ex­pla­na­tion for why Rockstar made this spe­cific mis­take in the data to be­gin with — in Vice City, Skimmer was de­fined as a boat, and there­fore did not have those val­ues de­fined by de­sign! When in San Andreas they changed Skimmer’s ve­hi­cle type to a plane, some­one for­got to add those now-re­quired ex­tra pa­ra­me­ters. Since this game sel­dom ver­i­fies the com­plete­ness of its data, this mis­take sim­ply slipped un­der the radar.

Problem solved? Not quite yet, as for SilentPatch, I need to fix it from the code. A peek into the pseudocode of CFileLoader::LoadVehicleObject

re­veals the true na­ture of this bug: the game as­sumes all pa­ra­me­ters are al­ways pre­sent in the de­f­i­n­i­tion line and it does­n’t de­fault any but two pa­ra­me­ters, nor it checks the re­turn value of ss­canf, and so in the case of all boats and Skimmer, those pa­ra­me­ters re­mained unini­tial­ized:

void CFileLoader::LoadVehicleObject(const char* line)

int ob­jID = -1;

char mod­el­Name[24];

char tex­Name[24];

char type[8];

char han­dlingID[16];

char game­Name[32];

char an­ims[16];

char ve­hClass[16];

int frq;

int flags;

int com­prules;

int wheelMod­elID; // Uninitialized!

float fron­t­WheelScale, rear­WheelScale; // Uninitialized!

int wheelUp­grade­Class = -1; // Funny enough, this one IS ini­tial­ized

int TxdSlot = CTxdStore::FindTxdSlot(“vehicle”);

if (TxdSlot == -1)

TxdSlot = CTxdStore::AddTxdSlot(“vehicle”);

ss­canf(line, “%d %s %s %s %s %s %s %s %d %d %x %d %f %f %d”, &objID, mod­el­Name, tex­Name, type, han­dlingID,

game­Name, an­ims, ve­hClass, &frq, &flags, &comprules, &wheelModelID, &frontWheelScale, &rearWheelScale,

&wheelUpgradeClass);

// More pro­cess­ing here…

Given the symp­toms, those unini­tial­ized val­ues must have eval­u­ated to small, valid float­ing point val­ues all the way un­til now, whereas with Windows 11 24H2 they got out of hand and tripped the bound­ing box cal­cu­la­tions.

In SilentPatch, the fix is easy — I wrap this call to ss­canf and pro­vide rea­son­able de­faults for the fi­nal four pa­ra­me­ters:

sta­tic int (*orgSscanf)(const char* s, const char* for­mat, …);

sta­tic int ss­can­f_De­faults(const char* s, const char* for­mat, int* ob­jID, char* mod­el­Name, char* tex­Name, char* type,

char* han­dlingID, char* game­Name, char* an­ims, char* ve­hClass, int* fre­quency, int* flags, int* com­prules,

int* wheelMod­elID, float* fron­t­Wheel­Size, float* rear­Wheel­Size, int* wheelUp­grade­Class)

*wheelModelID = -1;

// Why 0.7 and not 1.0, I’ll ex­plain later

*frontWheelSize = 0.7;

*rearWheelSize = 0.7;

*wheelUpgradeClass = -1;

re­turn orgSs­canf(s, for­mat, ob­jID, mod­el­Name, tex­Name, type, han­dlingID, game­Name, an­ims, ve­hClass,

fre­quency, flags, com­prules, wheelMod­elID, fron­t­Wheel­Size, rear­Wheel­Size, wheelUp­grade­Class);

If this was a reg­u­lar bug, I would’ve ended the post right here. However, in the case of this rab­bit hole, the dis­cov­ery of this fix only raised more ques­tions — why did this break only now? What made the game work fine de­spite of this is­sue for over twenty years, be­fore a new up­date to Windows 11 sud­denly chal­lenged this sta­tus quo?

Finally, is this some­how caused by a prob­lem in Windows 11 24H2, or is this just an un­for­tu­nate co­in­ci­dence, stars align­ing just right?

At this point, the work­ing the­ory was that the unini­tial­ized lo­cal vari­ables in CFileLoader::LoadVehicleObject

hap­pened to have rea­son­able val­ues un­til some­thing changed in Windows 11 24H2, and those val­ues be­came “unreasonable”. What I knew could not be the cause was the CRT (and thus, the ss­canf call) — San Andreas uses a sta­t­i­cally com­piled CRT, and there­fore any OS-level hot­fixes would­n’t ap­ply to it. However, con­sid­er­ing the plethora of se­cu­rity en­hance­ments in Windows 11, I could­n’t rule out that one of those en­hance­ments, for ex­am­ple, Kernel-mode Hardware-enforced Stack Protection, ends up scram­bling the stack in a way the game’s bugged func­tion does­n’t like.

I set up an ex­per­i­ment where I broke into a de­bug­ger be­fore a ss­canf call when pars­ing Skimmer’s line (vehicle ID 460) specif­i­cally, and the ob­served vari­able val­ues sup­ported that claim. On my Windows 10 ma­chine, they hap­pened to be both 0.7:

while on the Win11 24H2 VM, they are huge, sim­i­lar in or­der of mag­ni­tude to the wrong val­ues ob­served in the bound­ing box ear­lier. The stack pointer has also shifted by 4 bytes for some rea­son, but that is un­likely to be re­lated — and it’s likely caused by some changes to the thread startup boil­er­plate in­side ker­nel32.dll:

This got me cu­ri­ous - 0.7 is a bit “too good” of a value to be a re­sult of in­ter­pret­ing ran­dom garbage from the stack as a float­ing point; what’s more likely is that it’s an ac­tual float­ing point value that was sit­ting on the stack in ex­actly the right spot. I then in­spected ve­hi­cles.ide for TopFun — the ve­hi­cle de­fined di­rectly be­fore Skimmer. Sure enough, its wheel scale is 0.7!

ve­hi­cles.ide is parsed in or­der, in a func­tion work­ing sim­i­larly to this (pseudocode):

void CFileLoader::LoadObjectTypes(const char* file­name)

// Open the file…

while ((line = fgets(file)) != NULL)

// Parse the sec­tion in­di­ca­tors…

switch (section)

// Different sec­tions…

case SECTION_CARS:

LoadVehicleObject(line);

break;

Seems like the code some­how per­sisted the stale wheel scale val­ues, so Skimmer ends up get­ting the same wheel scales as Topfun. I set up an­other ex­per­i­ment to ver­ify this claim:

Set up a break­point be­fore ss­canf again, but this time be­fore Topfun’s line (vehicle ID 459) gets parsed.

Set up write break­points on fron­t­WheelScale and rear­WheelScale.

Resume ex­e­cu­tion un­til the game gets to pars­ing the next ve­hi­cle de­f­i­n­i­tion.

Windows 10 ver­i­fied my claim — noth­ing wrote to these two stack val­ues be­tween the calls to CFileLoader::LoadVehicleObject,

so the func­tion’s ef­fec­tive be­hav­ior was to pre­serve (albeit, un­in­ten­tion­ally) the wheel scale val­ues be­tween the con­sec­u­tive calls!

Repeating the same ex­er­cise on Windows 11 24H2 trig­gered the write break­point! However, it was­n’t any­where close to any se­cu­rity fea­ture: the stack val­ues were over­writ­ten by… LeaveCriticalSection in­side fgets:

Seems like a change in Windows 11 24H2 mod­i­fied the way Critical Section Objects

work in­ter­nally, and the new code un­lock­ing the crit­i­cal sec­tion uses more stack space than the old one. I ran one more ex­per­i­ment, com­par­ing the changes to the stack space that hap­pened af­ter ss­canf in­side LoadVehicleObject, un­til the next in­vo­ca­tion of this func­tion. Changed val­ues are high­lighted in red:

This is the ex­act proof I needed — no­tice that in the Windows 10 run, some of the lo­cal vari­ables are even still vis­i­ble to the hu­man eye (like the nor­mal ve­hi­cle class), while in Windows 11, they are com­pletely gone. It’s also worth point­ing out that even in Windows 10, the very next lo­cal vari­able af­ter the wheel scales has been over­writ­ten by LeaveCriticalSection, which means the game was 4 bytes away from hit­ting this ex­act bug years ear­lier! The luck at dis­play here is in­sane.

Ask just about any­body, and they’ll tell you that new cars are too ex­pen­sive. In the wake of tar­iffs shak­ing the auto in­dus­try and with the Trump ad­min­is­tra­tion pledg­ing to kill the fed­eral EV in­cen­tive, that sit­u­a­tion is­n’t look­ing to get bet­ter soon, es­pe­cially for any­one want­ing some­thing bat­tery-pow­ered. Changing that overly spendy sta­tus quo is go­ing to take some­thing rad­i­cal, and it’s hard to get more rad­i­cal than what Slate Auto has planned.

Meet the Slate Truck, a sub-$20,000 (after fed­eral in­cen­tives) elec­tric ve­hi­cle that en­ters pro­duc­tion next year. It only seats two yet has a bed big enough to hold a sheet of ply­wood. It only does 150 miles on a charge, only comes in gray, and the only way to lis­ten to mu­sic while dri­ving is if you bring along your phone and a Bluetooth speaker. It is the bare min­i­mum of what a mod­ern car can be, and yet it’s taken three years of de­vel­op­ment to get to this point.

But this is more than bar­gain-base­ment mo­tor­ing. Slate is pre­sent­ing its truck as min­i­mal­ist de­sign with DIY pur­pose, an at­tempt to not just go cheap but to cre­ate a new cat­e­gory of ve­hi­cle with a huge fo­cus on per­son­al­iza­tion. That de­sign also en­ables a low-cost ap­proach to man­u­fac­tur­ing that has caught the eye of ma­jor in­vestors, re­port­edly in­clud­ing Jeff Bezos. It’s been en­gi­neered and will be man­u­fac­tured in America, but is this ex­treme sim­pli­fi­ca­tion too much for American con­sumers?

Instead of steel or alu­minum, the Slate Truck’s body pan­els are molded of plas­tic. Or, as Slate calls them, “injection molded polypropy­lene com­pos­ite ma­te­r­ial.” The the­ory is that this makes them more durable and scratch-re­sis­tant, if only be­cause the lack of paint means they’re one color all the way through. Auto en­thu­si­asts of a cer­tain age will re­mem­ber the same ap­proach used by the now-de­funct Saturn Corporation, a man­u­fac­tur­ing tech­nique that never caught on across the in­dus­try.

While most buy­ers will rightly fix­ate on the cost of the truck, the big­ger story here might just be this rad­i­cally sim­pli­fied ap­proach to man­u­fac­tur­ing. “From the very be­gin­ning, our busi­ness model has been such that we reach cash flow pos­i­tiv­ity very shortly af­ter start of pro­duc­tion. And so from an in­vest­ment stand­point, we are far less cash-re­liant than any other EV startup that has ever ex­isted, as far as I know,” Snyder says.

A whistle­blower at the National Labor Relations Board (NLRB) al­leged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) si­phoned gi­ga­bytes of data from the agen­cy’s sen­si­tive case files in early March. The whistle­blower said ac­counts cre­ated for DOGE at the NLRB down­loaded three code repos­i­to­ries from GitHub. Further in­ves­ti­ga­tion into one of those code bun­dles shows it is re­mark­ably sim­i­lar to a pro­gram pub­lished in January 2025 by Marko Elez, a 25-year-old DOGE em­ployee who has worked at a num­ber of Musk’s com­pa­nies.

According to a whistle­blower com­plaint filed last week by Daniel J. Berulis, a 38-year-old se­cu­rity ar­chi­tect at the NLRB, of­fi­cials from DOGE met with NLRB lead­ers on March 3 and de­manded the cre­ation of sev­eral all-pow­er­ful “tenant ad­min” ac­counts that were to be ex­empted from net­work log­ging ac­tiv­ity that would oth­er­wise keep a de­tailed record of all ac­tions taken by those ac­counts.

Berulis said the new DOGE ac­counts had un­re­stricted per­mis­sion to read, copy, and al­ter in­for­ma­tion con­tained in NLRB data­bases. The new ac­counts also could re­strict log vis­i­bil­ity, de­lay re­ten­tion, route logs else­where, or even re­move them en­tirely — top-tier user priv­i­leges that nei­ther Berulis nor his boss pos­sessed.

Berulis said he dis­cov­ered one of the DOGE ac­counts had down­loaded three ex­ter­nal code li­braries from GitHub that nei­ther NLRB nor its con­trac­tors ever used. A “readme” file in one of the code bun­dles ex­plained it was cre­ated to ro­tate con­nec­tions through a large pool of cloud Internet ad­dresses that serve “as a proxy to gen­er­ate pseudo-in­fi­nite IPs for web scrap­ing and brute forc­ing.” Brute force at­tacks in­volve au­to­mated lo­gin at­tempts that try many cre­den­tial com­bi­na­tions in rapid se­quence.

A search on that de­scrip­tion in Google brings up a code repos­i­tory at GitHub for a user with the ac­count name “Ge0rg3” who pub­lished a pro­gram roughly four years ago called “requests-ip-rotator,” de­scribed as a li­brary that will al­low the user “to by­pass IP-based rate-lim­its for sites and ser­vices.”

“A Python li­brary to uti­lize AWS API Gateway’s large IP pool as a proxy to gen­er­ate pseudo-in­fi­nite IPs for web scrap­ing and brute forc­ing,” the de­scrip­tion reads.

Ge0rg3’s code is “open source,” in that any­one can copy it and reuse it non-com­mer­cially. As it hap­pens, there is a newer ver­sion of this pro­ject that was de­rived or “forked” from Ge0rg3’s code — called “async-ip-rotator” — and it was com­mit­ted to GitHub in January 2025 by DOGE cap­tain Marko Elez.

A key DOGE staff mem­ber who gained ac­cess to the Treasury Department’s cen­tral pay­ments sys­tem, Elez has worked for a num­ber of Musk com­pa­nies, in­clud­ing X, SpaceX, and xAI. Elez was among the first DOGE em­ploy­ees to face pub­lic scrutiny, af­ter The Wall Street Journal linked him to so­cial me­dia posts that ad­vo­cated racism and eu­gen­ics.

Elez re­signed af­ter that brief scan­dal, but was re­hired af­ter President Donald Trump and Vice President JD Vance ex­pressed sup­port for him. Politico re­ports Elez is now a Labor Department aide de­tailed to mul­ti­ple agen­cies, in­clud­ing the Department of Health and Human Services.

“During Elez’s ini­tial stint at Treasury, he vi­o­lated the agen­cy’s in­for­ma­tion se­cu­rity poli­cies by send­ing a spread­sheet con­tain­ing names and pay­ments in­for­ma­tion to of­fi­cials at the General Services Administration,” Politico wrote, cit­ing court fil­ings.

KrebsOnSecurity sought com­ment from both the NLRB and DOGE, and will up­date this story if ei­ther re­sponds.

The NLRB has been ef­fec­tively hob­bled since President Trump fired three board mem­bers, leav­ing the agency with­out the quo­rum it needs to func­tion. Both Amazon and Musk’s SpaceX have been su­ing the NLRB over com­plaints the agency filed in dis­putes about work­ers’ rights and union or­ga­niz­ing, ar­gu­ing that the NLRB’s very ex­is­tence is un­con­sti­tu­tional. On March 5, a U. S. ap­peals court unan­i­mously re­jected Musk’s claim that the NLRB’s struc­ture some­how vi­o­lates the Constitution.

Berulis’s com­plaint al­leges the DOGE ac­counts at NLRB down­loaded more than 10 gi­ga­bytes of data from the agen­cy’s case files, a data­base that in­cludes reams of sen­si­tive records in­clud­ing in­for­ma­tion about em­ploy­ees who want to form unions and pro­pri­etary busi­ness doc­u­ments. Berulis said he went pub­lic af­ter higher-ups at the agency told him not to re­port the mat­ter to the US-CERT, as they’d pre­vi­ously agreed.

Berulis told KrebsOnSecurity he wor­ried the unau­tho­rized data trans­fer by DOGE could un­fairly ad­van­tage de­fen­dants in a num­ber of on­go­ing la­bor dis­putes be­fore the agency.

“If any com­pany got the case data that would be an un­fair ad­van­tage,” Berulis said. “They could iden­tify and fire em­ploy­ees and union or­ga­niz­ers with­out say­ing why.”

Berulis said the other two GitHub archives that DOGE em­ploy­ees down­loaded to NLRB sys­tems in­cluded Integuru, a soft­ware frame­work de­signed to re­verse en­gi­neer ap­pli­ca­tion pro­gram­ming in­ter­faces (APIs) that web­sites use to fetch data; and a “headless” browser called Browserless, which is made for au­tomat­ing web-based tasks that re­quire a pool of browsers, such as web scrap­ing and au­to­mated test­ing.

On February 6, some­one posted a lengthy and de­tailed cri­tique of Elez’s code on the GitHub “issues” page for async-ip-ro­ta­tor, call­ing it “insecure, un­scal­able and a fun­da­men­tal en­gi­neer­ing fail­ure.”

“If this were a side pro­ject, it would just be bad code,” the re­viewer wrote. “But if this is rep­re­sen­ta­tive of how you build pro­duc­tion sys­tems, then there are much larger con­cerns. This im­ple­men­ta­tion is fun­da­men­tally bro­ken, and if any­thing sim­i­lar to this is de­ployed in an en­vi­ron­ment han­dling sen­si­tive data, it should be au­dited im­me­di­ately.”

Update 7:06 p.m. ET: Elez’s code repo was deleted af­ter this story was pub­lished. An archived ver­sion of it is here.

MILWAUKEE (AP) — The FBI on Friday ar­rested a Milwaukee judge ac­cused of help­ing a man evade im­mi­gra­tion au­thor­i­ties, es­ca­lat­ing a clash be­tween the Trump ad­min­is­tra­tion and lo­cal au­thor­i­ties over the Republican pres­i­den­t’s sweep­ing im­mi­gra­tion crack­down.

Milwaukee County Circuit Court Judge Hannah Dugan is ac­cused of es­cort­ing the man and his lawyer out of her court­room through the jury door last week af­ter learn­ing that im­mi­gra­tion au­thor­i­ties were seek­ing his ar­rest. The man was taken into cus­tody out­side the cour­t­house af­ter agents chased him on foot.

President Donald Trump’s ad­min­is­tra­tion has ac­cused state and lo­cal of­fi­cials of in­ter­fer­ing with his im­mi­gra­tion en­force­ment pri­or­i­ties. The ar­rest also comes amid a grow­ing bat­tle be­tween the ad­min­is­tra­tion and the fed­eral ju­di­ciary over the pres­i­den­t’s ex­ec­u­tive ac­tions over de­por­ta­tions and other mat­ters.

Dugan was taken into cus­tody by the FBI on Friday morn­ing on the cour­t­house grounds, ac­cord­ing to U. S. Marshals Service spokesper­son Brady McCarron. She ap­peared briefly in fed­eral court in Milwaukee later Friday be­fore be­ing re­leased from cus­tody. She faces charges of “concealing an in­di­vid­ual to pre­vent his dis­cov­ery and ar­rest” and ob­struct­ing or im­ped­ing a pro­ceed­ing.

“Judge Dugan whole­heart­edly re­grets and protests her ar­rest. It was not made in the in­ter­est of pub­lic safety,” her at­tor­ney, Craig Mastantuono, said dur­ing the hear­ing. He de­clined to com­ment to an Associated Press re­porter fol­low­ing her court ap­pear­ance.

Democratic Wisconsin Gov. Tony Evers, in a state­ment on the ar­rest, ac­cused the Trump ad­min­is­tra­tion of re­peat­edly us­ing “dangerous rhetoric to at­tack and at­tempt to un­der­mine our ju­di­ciary at every level.”

“I will con­tinue to put my faith in our jus­tice sys­tem as this sit­u­a­tion plays out in the court of law,” he said.

Court pa­pers sug­gest Dugan was alerted to the pres­ence of U. S. Immigration and Customs Enforcement agents in the cour­t­house by her clerk, who was in­formed by an at­tor­ney that they ap­peared to be in the hall­way.

The FBI af­fi­davit de­scribes Dugan as “visibly an­gry” over the ar­rival of im­mi­gra­tion agents in the cour­t­house and says that she pro­nounced the sit­u­a­tion “absurd” be­fore leav­ing the bench and re­treat­ing to her cham­bers. It says she and an­other judge later ap­proached mem­bers of the ar­rest team in­side the cour­t­house, dis­play­ing what wit­nesses de­scribed as a “confrontational, an­gry de­meanor.”

After a back-and-forth with of­fi­cers over the war­rant for the man, Eduardo Flores-Ruiz, she de­manded that the ar­rest team speak with the chief judge and led them away from the court­room, the af­fi­davit says.

After di­rect­ing the ar­rest team to the chief judge’s of­fice, in­ves­ti­ga­tors say, Dugan re­turned to the court­room and was heard say­ing words to the ef­fect of “wait, come with me” be­fore ush­er­ing Flores-Ruiz and his lawyer through a jury door into a non-pub­lic area of the cour­t­house. The ac­tion was un­usual, the af­fi­davit says, be­cause “only deputies, ju­ries, court staff, and in-cus­tody de­fen­dants be­ing es­corted by deputies used the back jury door. Defense at­tor­neys and de­fen­dants who were not in cus­tody never used the jury door.”

A sign that re­mained posted on Dugan’s court­room door Friday ad­vised that if any at­tor­ney or other court of­fi­cial “knows or be­lieves that a per­son feels un­safe com­ing to the cour­t­house to court­room 615,” they should no­tify the clerk and re­quest an ap­pear­ance via Zoom.

Flores-Ruiz, 30, was in Dugan’s court for a hear­ing af­ter be­ing charged with three counts of mis­de­meanor do­mes­tic bat­tery. Confronted by a room­mate for play­ing loud mu­sic on March 12, Flores-Ruiz al­legedly fought with him in the kitchen and struck a woman who tried to break them up, ac­cord­ing to the po­lice af­fi­davit in the case.

Another woman who tried to break up the fight and called po­lice al­legedly got el­bowed in the arm by Flores-Ruiz.

Flores-Ruiz faces up to nine months in prison and a $10,000 fine on each count if con­victed. His pub­lic de­fender, Alexander Kostal, did not im­me­di­ately re­turn a phone mes­sage Friday seek­ing com­ment.

A fed­eral judge, the same one Dugan would ap­pear be­fore a day later, had or­dered Thursday that Flores-Ruiz re­main jailed pend­ing trial. Flores-Ruiz had been in the U. S. since reen­ter­ing the coun­try af­ter he was de­ported in 2013, ac­cord­ing to court doc­u­ments.

Attorney General Pam Bondi said vic­tims were sit­ting in the court­room with state pros­e­cu­tors when the judge helped him es­cape im­mi­gra­tion ar­rest.

“The rule of law is very sim­ple,” she said in a video posted on X. “It does­n’t mat­ter what line of work you’re in. If you break the law, we will fol­low the facts and we will pros­e­cute you.”

White House of­fi­cials echoed the sen­ti­ment of no one be­ing above the law.

Sen. Tammy Baldwin, a Democrat who rep­re­sents Wisconsin, called the ar­rest of a sit­ting judge a “gravely se­ri­ous and dras­tic move” that “threatens to breach” the sep­a­ra­tion of power be­tween the ex­ec­u­tive and ju­di­cial branches.

Emilio De Torre, ex­ec­u­tive di­rec­tor of Milwaukee Turners, said dur­ing a protest Friday af­ter­noon out­side the fed­eral cour­t­house that Dugan was a for­mer board mem­ber for the lo­cal civic group who “was cer­tainly try­ing to make sure that due process is not dis­rupted and that the sanc­tity of the courts is up­held.”

“Sending armed FBI and ICE agents into build­ings like this will in­tim­i­date in­di­vid­u­als show­ing up to court to pay fines, to deal with what­ever court pro­ceed­ings they may have,” De Torre added.

The case is sim­i­lar to one brought dur­ing the first Trump ad­min­is­tra­tion against a Massachusetts judge, who was ac­cused of help­ing a man sneak out a back door of a cour­t­house to evade a wait­ing im­mi­gra­tion en­force­ment agent.

That pros­e­cu­tion sparked out­rage from many in the le­gal com­mu­nity, who slammed the case as po­lit­i­cally mo­ti­vated. Prosecutors dropped the case against Newton District Judge Shelley Joseph in 2022 un­der the Democratic Biden ad­min­is­tra­tion af­ter she agreed to re­fer her­self to a state agency that in­ves­ti­gates al­le­ga­tions of mis­con­duct by mem­bers of the bench.

The Justice Department had pre­vi­ously sig­naled that it was go­ing to crack down on lo­cal of­fi­cials who thwart fed­eral im­mi­gra­tion ef­forts.

The de­part­ment in January or­dered pros­e­cu­tors to in­ves­ti­gate for po­ten­tial crim­i­nal charges any state and lo­cal of­fi­cials who ob­struct or im­pede fed­eral func­tions. As po­ten­tial av­enues for pros­e­cu­tion, a memo cited a con­spir­acy of­fense as well as a law pro­hibit­ing the har­bor­ing of peo­ple in the coun­try il­le­gally.

Dugan was elected in 2016 to the county court Branch 31. She also has served in the court’s pro­bate and civil di­vi­sions, ac­cord­ing to her ju­di­cial can­di­date bi­og­ra­phy.

Before be­ing elected to pub­lic of­fice, Dugan prac­ticed at Legal Action of Wisconsin and the Legal Aid Society. She grad­u­ated from the University of Wisconsin-Madison in 1981 with a bach­e­lor of arts de­gree and earned her Juris Doctorate in 1987 from the school.

Richer re­ported from Washington. Associated Press re­porters Eric Tucker in Washington, Corey Williams in Detroit and Hallie Golden in Seattle con­tributed.

I never would have read Careless People, Sarah Wynn-Williams’s tell-all mem­oir about her years run­ning global pol­icy for Facebook, but then Meta’s lawyer tried to get the book sup­pressed and se­cured an in­junc­tion to pre­vent her from pro­mot­ing it:

So I’ve got some­thing to thank Meta’s lawyers for, be­cause it’s a great book! Not only is Wynn-Williams a skilled and lively writer who spills some of Facebook’s most shame­ful se­crets, but she’s also a kick-ass nar­ra­tor (I lis­tened to the au­dio­book, which she voices):

I went into Careless People with strong ex­pec­ta­tions about the kind of dis­gust­ing be­hav­ior it would chron­i­cle. I have sev­eral friends who took se­nior jobs at Facebook, think­ing they could make a dif­fer­ence (three of them ac­tu­ally ap­pear in Wynn-Williams’s mem­oir), and I’ve got a good sense of what a night­mare it is for a com­pany.

But Wynn-Williams was a lot closer to three of the key per­son­al­i­ties in Facebook’s up­per ech­e­lon than any­one in my or­bit: Mark Zuckerberg, Sheryl Sandberg, and Joel Kaplan, who was el­e­vated to VP of Global Policy af­ter the Trump II elec­tion. I al­ready har­bor an atavis­tic loathing of these three based on their pub­lic state­ments and con­duct, but the events Wynn-Williams re­veals from their pri­vate lives make these three out to be be­yond de­spi­ca­ble. There’s Zuck, whose un­der­lings let him win at board-games like Settlers of Catan be­cause he’s a man­baby who can’t lose (and who ac­cuses Wynn-Williams of cheat­ing when she fails to throw a game of Ticket to Ride while they’re fly­ing in his pri­vate jet). There’s Sandberg, who de­mands the right to buy a kid­ney for her child from some­one in Mexico, should that child ever need a kid­ney.

Then there’s Kaplan, who is such an ex­tra­or­di­nar­ily stu­pid and aw­ful oaf that it’s hard to pick out just one ex­am­ple, but I’ll try. At one point, Wynn-Williams gets Zuck a chance to ad­dress the UN General Assembly. As is his wont, Zuck re­fuses to be briefed be­fore he takes the dais (he’s re­peat­edly de­scribed as un­will­ing to con­sider any brief­ing note longer than a sin­gle text mes­sage). When he gets to the mic, he spon­ta­neously promises that Facebook will pro­vide in­ter­net ac­cess to refugees all over the world. Various teams at Facebook then race around, try­ing to fig­ure out whether this is some­thing the com­pany is ac­tu­ally do­ing, and once they re­al­ize Zuck was just bull­shit­ting, set about try­ing to fig­ure out how to do it. They get some way down this path when Kaplan in­ter­venes to in­sist that giv­ing away free in­ter­net to refugees is a bad idea, and that in­stead, they should sell in­ter­net ac­cess to refugees. Facebookers du­ti­fully throw them­selves into this ab­surd pro­ject, which dies when Kaplan fires off an email stat­ing that he’s just re­al­ized that refugees don’t have any money. The pro­ject dies.

The path that brought Wynn-Williams into the com­pany of these care­less peo­ple is a weird — and rather charm­ing — one. As a young woman, Wynn-Williams was a mi­nor func­tionary in the New Zealand diplo­matic corps, and dur­ing her for­eign ser­vice, she grew ob­sessed with the global po­lit­i­cal and so­cial po­ten­tial of Facebook. She threw her­self into the pro­ject of get­ting hired to work on Facebook’s global team, work­ing on strat­egy for li­ais­ing with gov­ern­ments around the world. The biggest im­ped­i­ment to land­ing this job is that it does­n’t ex­ist: sure, FB was lob­by­ing the US gov­ern­ment, but it was mon­u­men­tally dis­in­ter­ested in the rest of the world in gen­eral, and the gov­ern­ments of the world in par­tic­u­lar.

But Wynn-Williams per­sists, pes­ter­ing po­ten­tially rel­e­vant ex­ecs with re­quests, work­ing friends-of-friends (Facebook it­self is ex­tra­or­di­nar­ily use­ful for this), and re­fus­ing to give up. Then comes the Christchurch earth­quake. Wynn-Williams is in the US, about to board a flight, when her sis­ter, a news pre­sen­ter, calls her while trapped in­side a col­lapsed build­ing (the sis­ter had­n’t been able to get a call through to any­one in NZ). Wynn-Williams spends the flight won­der­ing if her sis­ter is dead or alive, and only learns that her sis­ter is OK through a post on Facebook.

The role Facebook played in the Christchurch quake trans­forms Wynn-Williams’s pas­sion for Facebook into some­thing like re­li­gious zealotry. She throws her­self into the pro­ject of land­ing the job, and she does, and af­ter some funny cul­ture-clashes aris­ing from her Kiwi her­itage and her pub­lic ser­vice back­ground, she set­tles in at Facebook.

Her early years there are some­times com­i­cal, some­times scary, and are char­ac­ter­is­tic of a com­pany that is grow­ing quickly and un­evenly. She’s dis­patched to Myanmar amidst a na­tion­wide block of Facebook or­dered by the rul­ing mil­i­tary junta and at one point, it seems like she’s about to get kid­napped and im­pris­oned by goons from the com­mu­ni­ca­tions min­istry. She arranges for a state visit by NZ Prime Minister John Key, who wants a photo-op with Zuckerberg, who — obliv­i­ous to the prime min­is­ter stand­ing right there in front of him — be­rates Wynn-Williams for de­mand­ing that he meet with some jack­ass politi­cian (they do the photo-op any­way).

One thing is clear: Facebook does­n’t re­ally care about coun­tries other than America. Though Wynn-Williams chalks this up to plain old provin­cial chau­vin­ism (which FB’s top es­ch­e­lon pos­sess in co­pi­ous quan­ti­ties), there’s some­thing else at work. The USA is the only coun­try in the world that a) is rich, b) is pop­u­lous, and c) has no mean­ing­ful pri­vacy pro­tec­tions. If you make money sell­ing ac­cess to dossiers on rich peo­ple to ad­ver­tis­ers, America is the most im­por­tant mar­ket in the world.

But then Facebook con­quers America. Not only does FB sat­u­rate the US mar­ket, it uses its free cash-flow and high share price to ac­quire po­ten­tial ri­vals, like Whatsapp and Instagram, en­sur­ing that American users who leave Facebook (the ser­vice) re­main trapped by Facebook (the com­pany).

At this point, Facebook — Zuckerberg — turns to­wards the rest of the world. Suddenly, ac­quir­ing non-US users be­comes a mat­ter of ur­gency, and overnight Wynn-Williams is trans­formed from the sole weirdo talk­ing about global mar­kets to the key as­set in pur­suit off the com­pa­ny’s top pri­or­ity.

Wynn-Williams’s ex­pla­na­tion for this shift lies in Zuckerberg’s per­son­al­ity, his need to con­stantly dom­i­nate (which is also why his sub­or­di­nates have learned to let him win at board games). This is doubt­less true: not only has this as­pect of Zuckerberg’s per­son­al­ity been on dis­play in pub­lic for decades, Wynn-Williams was able to ob­serve it first-hand, be­hind closed doors.

But I think that in ad­di­tion to this per­son­al­ity de­fect, there’s a ma­te­r­ial pres­sure for Facebook to grow that Wynn-Williams does­n’t men­tion. Companies that grow get ex­tremely high price-to-earn­ings (P:E) ra­tios, mean­ing that in­vestors are will­ing to spend many dol­lars on shares for every dol­lar the com­pany takes in. Two sim­i­lar com­pa­nies with sim­i­lar earn­ings can have vastly dif­fer­ent val­u­a­tions (the value of all the stock the com­pany has ever is­sued), de­pend­ing on whether one of them is still grow­ing.

High P:E ra­tios re­flect a bet on the part of in­vestors that the com­pany will con­tinue to grow, and those bets only be­come more ex­trav­a­gant the more the com­pany grows. This is a huge ad­van­tage to com­pa­nies with “growth stocks.” If your shares con­stantly in­crease in value, they are highly liq­uid — that is, you can al­ways find some­one who’s will­ing to buy your shares from you for cash, which means that you can treat shares like cash. But growth stocks are bet­ter than cash, be­cause money grows slowly, if at all (especially in pe­ri­ods of ex­tremely low in­ter­est rates, like the past 15+ years). Growth stocks, on the other hand, grow.

Best of all, com­pa­nies with growth stocks have no trou­ble find­ing more stock when they need it. They just type ze­roes into a spread­sheet and more shares ap­pear. Contrast this with money. Facebook may take in a lot of money, but the money only ar­rives when some­one else spends it. Facebook’s ac­cess to money is lim­ited by ex­oge­nous fac­tors — your will­ing­ness to send your money to Facebook. Facebook’s ac­cess to shares is only lim­ited by en­doge­nous fac­tors — the com­pa­ny’s own will­ing­ness to is­sue new stock.

That means that when Facebook needs to buy some­thing, there’s a very good chance that the seller will ac­cept Facebook’s stock in lieu of US dol­lars. Whether Facebook is hir­ing a new em­ployee or buy­ing a com­pany, it can out­bid ri­vals who only have dol­lars to spend, be­cause that bid­der has to ask some­one else for more dol­lars, whereas Facebook can make its own stock on de­mand. This is a mas­sive com­pet­i­tive ad­van­tage.

But it is also a mas­sive busi­ness risk. As Stein’s Law has it, “anything that can’t go on for­ever even­tu­ally stops.” Facebook can’t grow for­ever by sign­ing up new users. Eventually, every­one who might con­ceiv­ably have a Facebook ac­count will get one. When that hap­pens, Facebook will need to find some other way to make money. They could en­shit­tify — that is, shift value from the com­pa­ny’s users and cus­tomers to it­self. They could in­vent some­thing new (like meta­verse, or AI). But if they can’t make those things work, then the com­pa­ny’s growth will have ended, and it will in­stan­ta­neously be­come grossly over­val­ued. Its P:E ra­tio will have to shift from the high value en­joyed by growth stocks to the low value en­dured by “mature” com­pa­nies.

When that hap­pens, any­one who is slow to sell will lose a ton of money. So in­vestors in growth stocks tend to keep one fist poised over the “sell” but­ton and sleep with one eye open, watch­ing for any hint that growth is slow­ing. It’s not just that growth gives FB the power to out­com­pete ri­vals — it’s also the case that growth makes the com­pany vul­ner­a­ble to mas­sive, sud­den de­val­u­a­tions. What’s more, if these de­val­u­a­tions are per­sis­tent and/​or fre­quent enough, the key FB em­ploy­ees who ac­cepted stock in lieu of cash for some or all of their com­pen­sa­tion will ei­ther de­mand lots more cash, or jump ship for a grow­ing ri­val. These are the very same peo­ple that Facebook needs to pull it­self out of its nose­dives. For a growth stock, even small re­duc­tions in growth met­rics (or worse, de­clines) can trig­ger cas­cades of com­pound­ing, mu­tu­ally re­in­forc­ing col­lapse.

This is what hap­pened in early 2022, when Meta posted slightly lower-than-an­tic­i­pated US growth num­bers, and the mar­ket all pounded on the “sell” but­ton at once, lop­ping $250,000,000,000 of the com­pa­ny’s val­u­a­tion in 24 hours. At the time, it was the worst-ever sin­gle day losses for any com­pany in hu­man his­tory:

Facebook’s con­quest of the US mar­ket trig­gered an em­pha­sis on for­eign cus­tomers, but not just be­cause Zuck is ob­sessed with con­quest. For Facebook, a de­cline in US growth posed an ex­is­ten­tial risk, the pos­si­bil­ity of mass stock sell­offs and with them, the end of the years in which Facebook could ac­quire key cor­po­rate ri­vals and ex­ec­u­tives with “money” it could print on the premises, on de­mand.

So Facebook cast its eye upon the world, and Wynn-Williams’s long in­sis­tence that the com­pany should be pay­ing at­ten­tion to the po­lit­i­cal sit­u­a­tion abroad sud­denly starts land­ing with her bosses. But those bosses — Zuck, Sandberg, Kaplan and oth­ers — are “careless.” Zuck screws up op­por­tu­nity af­ter op­por­tu­nity be­cause he re­fuses to be briefed, for­gets what lit­tle in­for­ma­tion he’s been given, and blows key meet­ings be­cause he re­fuses to get out of bed be­fore noon. Sandberg’s vis­its to Davos are un­der­mined by her re­lent­less need to pro­mote her­self, her “Lean In” brand, and her petty games­man­ship. Kaplan is the liv­ing em­bod­i­ment of Green Day’s “American Idiot” and can barely fathom that for­eign­ers ex­ist.

Wynn-Williams’s ad­ven­tures dur­ing this pe­riod are very well told, and are, by turns, har­row­ing and hi­lar­i­ous. Time and again, Facebook’s top brass snatch de­feat from the jaws of vic­tory, squan­der­ing in­cred­i­ble op­por­tu­ni­ties that Wynn-Williams se­cures for them be­cause of their pet­ti­ness, short-sight­ed­ness, and ar­ro­gance (that is, their care­less­ness).

But Wynn-Williams’s dis­il­lu­sion­ment with Facebook is­n’t rooted in these frus­tra­tions. Rather, she is both per­son­ally and pro­fes­sion­ally aghast at the com­pa­ny’s dis­gust­ing, cal­lous and cruel be­hav­ior. She de­scribes how her boss, Joel Kaplan, re­lent­lessly sex­u­ally ha­rasses her, and every­one in a po­si­tion to make this stop tells her to shut up and take it. When Wynn-Williams give birth to her sec­ond child, she he­m­or­rhages, al­most dies, and ends up in a coma. Afterwards, Kaplan gives her a neg­a­tive per­for­mance re­view be­cause she was “unresponsive” to his emails and texts while she was dy­ing in an ICU. This is a sig­nif­i­cant es­ca­la­tion of the ear­lier be­hav­ior she de­scribes, like pes­ter­ing her with per­sonal ques­tions about breast­feed­ing, video-call­ing her from bed, and so on (Kaplan is Sandberg’s ex-boyfriend, and Wynn-Williams de­scribes an­other creepy event where Sandberg pres­sures her to sleep next to her in the bed­room on one of Facebook’s jets, some­thing Wynn-Williams says she rou­tinely does with the young women who re­port to her).

Meanwhile, Zuck is re­lent­lessly pur­su­ing Facebook’s largest con­ceiv­able growth mar­ket: China. The only prob­lem: China does­n’t want Facebook. Zuck re­peat­edly tries to en­gi­neer meet­ings with Xi Jinping so he can plead his case in per­son. Xi is mon­u­men­tally hos­tile to this idea. Zuck learns Mandarin. He stud­ies Xi’s book, con­spic­u­ously dis­plays a copy of it on his desk. Eventually, he man­ages to sit next to Xi at a din­ner where he begs Xi to name his next child. Xi turns him down.

After years of per­sis­tent nag­ging, lob­by­ing, and grov­el­ing, Facebook’s China ex­ecs start to make progress with a state ap­pa­ratchik who dan­gles the pos­si­bil­ity of Facebook en­ter­ing China. Facebook promises this fac­to­tum the world — all the sur­veil­lance and cen­sor­ship the Chinese state wants and more. Then, Facebook’s con­tact in China is jailed for cor­rup­tion, and they have to start over.

At this point, Kaplan has pun­ished Wynn-Williams — she blames it on her at­tempts to get oth­ers to force him to stop his sex­ual ha­rass­ment — and cut her re­spon­si­bil­i­ties in half. He tries to ma­neu­ver her into tak­ing over the China op­er­a­tion, some­thing he knows she ab­solutely dis­ap­proves of and has re­fused to work on — but she re­fuses. Instead, she is put in charge of hir­ing the new chief of China op­er­a­tions, giv­ing her ac­cess to a vo­lu­mi­nous pa­per-trail de­tail­ing the com­pa­ny’s deal­ings with the Chinese gov­ern­ment.

According to Wynn-Williams, Facebook ac­tu­ally built an ex­ten­sive cen­sor­ship and sur­veil­lance sys­tem for the Chinese state — spies, cops and mil­i­tary — to use against Chinese Facebook users, and FB users glob­ally. They promise to set up caches of global FB con­tent in China that the Chinese state can use to mon­i­tor all Facebook ac­tiv­ity, every­where, with the im­pli­ca­tion that they’ll be able to spy on pri­vate com­mu­ni­ca­tions, and cen­sor con­tent for non-Chi­nese users.

Despite all of this, Facebook is never given ac­cess to China. However, the Chinese state is able to use the tools Facebook built for it to at­tack in­de­pen­dence move­ments, the free press and dis­si­dent up­ris­ings in Hong Kong and Taiwan.

Meanwhile, in Myanmar, a geno­cide is brew­ing. NGOs and hu­man rights ac­tivists keep reach­ing out to Facebook to get them to pay at­ten­tion to the wide­spread use of the plat­form to whip up ha­tred against the coun­try’s Muslim mi­nor­ity group, the Rohinga. Despite hav­ing ex­pended tremen­dous amounts of en­ergy to roll out “Free Basics” in Myanmar (a pro­gram whereby Facebook bribes car­ri­ers to ex­clude its own ser­vices from data caps), with the re­sult that in Myanmar, “the in­ter­net” is syn­ony­mous with “Facebook,” the com­pany has not ex­pended any ef­fort to man­age its Burmese pres­ence. The en­tire mod­er­a­tion staff con­sists of one (later two) Burmese speak­ers who are based in Dublin and do not work lo­cal hours (later, these two are re­vealed as likely stooges for the Myanmar mil­i­tary junta, who are be­hind the geno­cide plans).

The com­pany has also failed to in­vest in Burmese lan­guage sup­port for its sys­tems — posts writ­ten in Burmese script are not stored as Unicode, mean­ing that none of the com­pa­ny’s au­to­mated mod­er­a­tion sys­tems can parse it. The com­pany is so hos­tile to pleas to up­grade these sys­tems that Wynn-Williams and some col­leagues cre­ate se­cret, pri­vate Facebook groups where they can track the fail­ures of the com­pany and the ris­ing tide of lethal vi­o­lence in the coun­try (this is­n’t the only se­cret dis­si­dent Facebook group that Wynn-Williams joins — she’s also part of a group of women who have been sex­u­ally ha­rassed by col­leagues and bosses).

The geno­cide that fol­lows is hor­rific be­yond mea­sure. And, as with the Trump elec­tion, the com­pa­ny’s ini­tial pos­ture is that they could­n’t pos­si­bly have played a sig­nif­i­cant role in a real-world event that shocked and hor­ri­fied its rank-and-file em­ploy­ees.

The com­pany, in other words, is “careless.” Warned of im­mi­nent harms to its users, to democ­racy, to its own em­ploy­ees, the top ex­ec­u­tives sim­ply do not care. They ig­nore the warn­ings and the con­se­quences, or pay lip ser­vice to them. They don’t care.

Take Kaplan: af­ter fig­ur­ing out that the com­pany can’t curry fa­vor with the world’s gov­ern­ments by sell­ing drone-de­liv­ered wifi to refugees (the drones don’t fly and the refugees are broke), he hits on an­other strat­egy. He re­makes “government re­la­tions” as a sales of­fice, sell­ing po­lit­i­cal ads to politi­cians who are seek­ing to win over vot­ers, or, in the case of au­toc­ra­cies, dis­en­fran­chised hostage-cit­i­zens. This is hugely suc­cess­ful, both as a sys­tem for se­cur­ing gov­ern­ment co­op­er­a­tion and as a way to trans­form Facebook’s global pol­icy shop from a cost-cen­ter to a profit-cen­ter.

But of course, it has a price. Kaplan’s best cus­tomers are dic­ta­tors and would-be dic­ta­tors, for­menters of ha­tred and geno­cide, au­thor­i­tar­i­ans seek­ing op­por­tu­ni­ties to purge their op­po­nents, through ex­ile and/​or mur­der.

Wynn-Williams makes a very good case that Facebook is run by aw­ful peo­ple who are also very care­less — in the sense of be­ing reck­less, in­cu­ri­ous, in­dif­fer­ent.

But there’s an­other mean­ing to “careless” that lurks just be­low the sur­face of this ex­cel­lent mem­oir: “careless” in the sense of “arrogant” — in the sense of not car­ing about the con­se­quences of their ac­tions.

To me, this was the most im­por­tant — but least-de­vel­oped — les­son of Careless People. When Wynn-Williams lands at Facebook, she finds her­self sur­rounded by oafs and so­ciopaths, car­toon­ishly self­ish and shitty peo­ple, who, nev­er­the­less, have built a ser­vice that she loves and val­ues, along with hun­dreds of mil­lions of other peo­ple.

She’s not wrong to be ex­cited about Facebook, or its po­ten­tial. The com­pany may be run by care­less peo­ple, but they are still pru­dent, be­hav­ing as though the con­se­quences of screw­ing up mat­ter. They are “careless” in the sense of “being reck­less,” but they care, in the sense of hav­ing a healthy fear (and thus re­spect) for what might hap­pen if they fully yield to their reck­less im­pulses.

Wynn-Williams’s first­hand ac­count of the next decade is not a story of these peo­ple be­com­ing more reck­less, rather, it’s a story in which the pos­si­bil­ity of con­se­quences for that reck­less­ness re­cedes, and with it, so does their care over those con­se­quences.

Facebook buys its com­peti­tors, free­ing it from mar­ket con­se­quences for its bad acts. By buy­ing the places where dis­af­fected Facebook users are seek­ing refuge — Instagram and Whatsapp — Facebook is able to in­su­late it­self from the dis­ci­pline of com­pe­ti­tion — the fear that do­ing things that are ad­verse to its users will cause them to flee.

Facebook cap­tures its reg­u­la­tors, free­ing it from reg­u­la­tory con­se­quences for its bad acts. By play­ing a cen­tral role in the elec­toral cam­paigns of Obama and then other politi­cians around the world, Facebook trans­forms its watch­dogs into sup­pli­cants who are more apt to beg it for fa­vors than hold it to ac­count.

Facebook tames its em­ploy­ees, free­ing it from la­bor con­se­quences for its bad acts. As en­gi­neer­ing sup­ply catches up with de­mand, Facebook’s lead­er­ship come to re­al­ize that they don’t have to worry about work­force up­ris­ings, whether in­cited by im­punity for sex­u­ally abu­sive bosses, or by the com­pa­ny’s com­plic­ity in geno­cide and au­to­cratic op­pres­sion.

First, Facebook be­comes too big to fail.

Then, Facebook be­comes too big to jail.

Finally, Facebook be­comes too big to care.

This is the “carelessness” that ul­ti­mately changes Facebook for the worse, that turns it into the hellscape that Wynn-Williams is even­tu­ally fired from af­ter she speaks out once too of­ten. Facebook bosses aren’t just “careless” be­cause they refuse to read a brief­ing note that’s longer than a tweet. They’re “careless” in the sense that they ar­rive at a junc­ture where they don’t have to care who they harm, whom they en­rage, who they ruin.

There’s a telling anaec­dote near the end of Careless People. Back in 2017, leaks re­vealed that Facebook’s sales-reps were promis­ing ad­ver­tis­ers the abil­ity to mar­ket to teens who felt de­pressed and “worthless”:

Wynn-Williams is — rightly — aghast about this, and even more aghast when she sees the com­pa­ny’s of­fi­cial re­sponse, in which they dis­claim any knowl­edge that this ca­pa­bil­ity was be­ing de­vel­oped and fire a ran­dom, low-level scape­goat. Wynn-Williams knows they’re ly­ing. She knows that this is a rou­tine of­fer­ing, one that the com­pany rou­tinely boasts about to ad­ver­tis­ers.

But she does­n’t men­tion the other lies that Facebook tells in this mo­ment: for one thing, the com­pany of­fers ad­ver­tis­ers the power to tar­get more teens than ac­tu­ally ex­ist. The com­pany pro­claims the ef­fi­cacy of its “sentiment analy­sis” tool that knows how to tell if teens are feel­ing de­pressed or “worthless,” even though these tools are no­to­ri­ously in­ac­cu­rate, hardly bet­ter than a coin-toss, a kind of dig­i­tal phrenol­ogy.

Facebook, in other words, is­n’t just ly­ing to the pub­lic about what it of­fers to ad­ver­tis­ers — it’s ly­ing to ad­ver­tis­ers, too. Contra those who say, “if you’re not pay­ing for the prod­uct, you’re the prod­uct,” Facebook treats any­one it can get away with abus­ing as “the prod­uct” (just like every other tech mo­nop­o­list):

Wynn-Williams doc­u­ments so many in­stances in which Facebook’s top ex­ec­u­tives lie — to the courts, to Congress, to the UN, to the press. Facebook lies when it is ben­e­fi­cial to do so — but only when they can get away with it. By the time Facebook was ly­ing to ad­ver­tis­ers about its de­pressed teen tar­get­ing tools, it was al­ready col­lud­ing with Google to rig the ad mar­ket with an il­le­gal tool called “Jedi Blue”:

Facebook’s story is the story of a com­pany that set out to be­come too big to care, and achieved that goal. The com­pa­ny’s abuses track pre­cisely with its mar­ket dom­i­nance. It en­shit­ti­fied things for users once it had the users locked in. It screwed ad­ver­tis­ers once it cap­tured their mar­ket. It did the me­dia-in­dus­try-de­stroy­ing “pivot to video” fraud once it cap­tured the me­dia:

The im­por­tant thing about Facebook’s care­less­ness is that it was­n’t the re­sult of the many grave per­son­al­ity de­fects in Facebook’s top ex­ec­u­tives — it was the re­sult of pol­icy choices. Government de­ci­sions not to en­force an­titrust law, to al­low pri­vacy law to wither on the vine, to ex­pand IP law to give Facebook a weapon to shut down in­ter­op­er­a­ble ri­vals — these all cre­ated the en­shit­to­genic en­vi­ron­ment that al­lowed the care­less peo­ple who run Facebook to stop car­ing.

The corol­lary: if we change the pol­icy en­vi­ron­ment, we can make these care­less peo­ple — and their suc­ces­sors, who run other busi­nesses we rely upon — care. They may never care about us, but we can make them care about what we might do to them if they give in to their care­less­ness.

Meta is in global reg­u­la­tory crosshairs, fac­ing an­titrust ac­tion in the USA:

And mus­cu­lar en­force­ment pledges in the EU:

The law can­not make a man love me, but it can stop him from lynch­ing me, and I think that’s pretty im­por­tant.

What Happens When Private Equity Owns Your Kid’s Day Care https://​ja­cobin.com/​2025/​04/​pri­vate-eq­uity-day-care-child­care/

#15yrsago India’s copy­right bill gets it right https://​web.archive.org/​web/​20100425031519/​https://​www.michael­geist.ca/​con­tent/​view/​4974/​196/

#15yrsago Hitler’s pissed off about fair use https://​www.youtube.com/​watch?v=kBO5d­h9qrIQ

#5yrsago Unmasking the reg­is­trants of the “reopen” web­sites https://​plu­ral­is­tic.net/​2020/​04/​22/​fil­ter­net/#​krebs

#1yrago Paying for it does­n’t make it a mar­ket https://​plu­ral­is­tic.net/​2024/​04/​22/​kargo-kult-kap­tial­ism/#​dont-buy-it

* Can we use the Internet for Democracy?

https://​www.youtube.com/​watch?v=Zh_HON6iql8

* Enshittification: Why Everything Suddenly Got Worse and What to Do About It, Farrar, Straus, Giroux, October 7 2025

https://​us.macmil­lan.com/​books/​9780374619329/​en­shit­ti­fi­ca­tion/

Unauthorized Bread: a mid­dle-grades graphic novel adapted from my novella about refugees, toast­ers and DRM, FirstSecond, 2026

Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026

* Enshittification: a non­fic­tion book about plat­form de­cay for Farrar, Straus, Giroux. Status: sec­ond pass edit un­der­way (readaloud)

Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025

This work — ex­clud­ing any se­ri­al­ized fic­tion — is li­censed un­der a Creative Commons Attribution 4.0 li­cense. That means you can use it any way you like, in­clud­ing com­mer­cially, pro­vided that you at­tribute it to me, Cory Doctorow, and in­clude a link to plu­ral­is­tic.net.

Quotations and im­ages are not in­cluded in this li­cense; they are in­cluded ei­ther un­der a lim­i­ta­tion or ex­cep­tion to copy­right, or on the ba­sis of a sep­a­rate li­cense. Please ex­er­cise cau­tion.

“When life gives you SARS, you make sar­sa­par­illa” -Joey “Accordion Guy” DeVilla

READ CAREFULLY: By read­ing this, you agree, on be­half of your em­ployer, to re­lease me from all oblig­a­tions and waivers aris­ing from any and all NON-NEGOTIATED agree­ments, li­censes, terms-of-ser­vice, shrinkwrap, click­wrap, browsewrap, con­fi­den­tial­ity, non-dis­clo­sure, non-com­pete and ac­cept­able use poli­cies (“BOGUS AGREEMENTS”) that I have en­tered into with your em­ployer, its part­ners, li­cen­sors, agents and as­signs, in per­pe­tu­ity, with­out prej­u­dice to my on­go­ing rights and priv­i­leges. You fur­ther rep­re­sent that you have the au­thor­ity to re­lease me from any BOGUS AGREEMENTS on be­half of your em­ployer.

A se­cu­rity ar­chi­tect with the National Labor Relations Board (NLRB) al­leges that em­ploy­ees from Elon Musk‘s Department of Government Efficiency (DOGE) trans­ferred gi­ga­bytes of sen­si­tive data from agency case files in early March, us­ing short-lived ac­counts con­fig­ured to leave few traces of net­work ac­tiv­ity. The NLRB whistle­blower said the un­usual large data out­flows co­in­cided with mul­ti­ple blocked lo­gin at­tempts from an Internet ad­dress in Russia that tried to use valid cre­den­tials for a newly-cre­ated DOGE user ac­count.

The al­le­ga­tions came in an April 14 let­ter to the Senate Select Committee on Intelligence, signed by Daniel J. Berulis, a 38-year-old se­cu­rity ar­chi­tect at the NLRB.

NPR, which was the first to re­port on Berulis’s whistle­blower com­plaint, says NLRB is a small, in­de­pen­dent fed­eral agency that in­ves­ti­gates and ad­ju­di­cates com­plaints about un­fair la­bor prac­tices, and stores “reams of po­ten­tially sen­si­tive data, from con­fi­den­tial in­for­ma­tion about em­ploy­ees who want to form unions to pro­pri­etary busi­ness in­for­ma­tion.”

The com­plaint doc­u­ments a one-month pe­riod be­gin­ning March 3, dur­ing which DOGE of­fi­cials re­port­edly de­manded the cre­ation of all-pow­er­ful “tenant ad­min” ac­counts in NLRB sys­tems that were to be ex­empted from net­work log­ging ac­tiv­ity that would oth­er­wise keep a de­tailed record of all ac­tions taken by those ac­counts.

Berulis said the new DOGE ac­counts had un­re­stricted per­mis­sion to read, copy, and al­ter in­for­ma­tion con­tained in NLRB data­bases. The new ac­counts also could re­strict log vis­i­bil­ity, de­lay re­ten­tion, route logs else­where, or even re­move them en­tirely — top-tier user priv­i­leges that nei­ther Berulis nor his boss pos­sessed.

Berulis writes that on March 3, a black SUV ac­com­pa­nied by a po­lice es­cort ar­rived at his build­ing — the NLRB head­quar­ters in Southeast Washington, D. C. The DOGE staffers did not speak with Berulis or any­one else in NLRB’s IT staff, but in­stead met with the agency lead­er­ship.

“Our act­ing chief in­for­ma­tion of­fi­cer told us not to ad­here to stan­dard op­er­at­ing pro­ce­dure with the DOGE ac­count cre­ation, and there was to be no logs or records made of the ac­counts cre­ated for DOGE em­ploy­ees, who re­quired the high­est level of ac­cess,” Berulis wrote of their in­struc­tions af­ter that meet­ing.

“We have built in roles that au­di­tors can use and have used ex­ten­sively in the past but would not give the abil­ity to make changes or ac­cess sub­sys­tems with­out ap­proval,” he con­tin­ued. “The sug­ges­tion that they use these ac­counts was not open to dis­cus­sion.”

Berulis found that on March 3 one of the DOGE ac­counts cre­ated an opaque, vir­tual en­vi­ron­ment known as a “container,” which can be used to build and run pro­grams or scripts with­out re­veal­ing its ac­tiv­i­ties to the rest of the world. Berulis said the con­tainer caught his at­ten­tion be­cause he polled his col­leagues and found none of them had ever used con­tain­ers within the NLRB net­work.

Berulis said he also no­ticed that early the next morn­ing — be­tween ap­prox­i­mately 3 a.m. and 4 a.m. EST on Tuesday, March 4  — there was a large in­crease in out­go­ing traf­fic from the agency. He said it took sev­eral days of in­ves­ti­gat­ing with his col­leagues to de­ter­mine that one of the new ac­counts had trans­ferred ap­prox­i­mately 10 gi­ga­bytes worth of data from the NLRB’s NxGen case man­age­ment sys­tem.

Berulis said nei­ther he nor his co-work­ers had the nec­es­sary net­work ac­cess rights to re­view which files were touched or trans­ferred — or even where they went. But his com­plaint notes the NxGen data­base con­tains sen­si­tive in­for­ma­tion on unions, on­go­ing le­gal cases, and cor­po­rate se­crets.

“I also don’t know if the data was only 10gb in to­tal or whether or not they were con­sol­i­dated and com­pressed prior,” Berulis told the sen­a­tors. “This opens up the pos­si­bil­ity that even more data was ex­fil­trated. Regardless, that kind of spike is ex­tremely un­usual be­cause data al­most never di­rectly leaves NLRB’s data­bases.”

Berulis said he and his col­leagues grew even more alarmed when they no­ticed nearly two dozen lo­gin at­tempts from a Russian Internet ad­dress (83.149.30,186) that pre­sented valid lo­gin cre­den­tials for a DOGE em­ployee ac­count — one that had been cre­ated just min­utes ear­lier. Berulis said those at­tempts were all blocked thanks to rules in place that pro­hibit lo­gins from non-U. S. lo­ca­tions.

“Whoever was at­tempt­ing to log in was us­ing one of the newly cre­ated ac­counts that were used in the other DOGE re­lated ac­tiv­i­ties and it ap­peared they had the cor­rect user­name and pass­word due to the au­then­ti­ca­tion flow only stop­ping them due to our no-out-of-coun­try lo­gins pol­icy ac­ti­vat­ing,” Berulis wrote. “There were more than 20 such at­tempts, and what is par­tic­u­larly con­cern­ing is that many of these lo­gin at­tempts oc­curred within 15 min­utes of the ac­counts be­ing cre­ated by DOGE en­gi­neers.”

According to Berulis, the nam­ing struc­ture of one Microsoft user ac­count con­nected to the sus­pi­cious ac­tiv­ity sug­gested it had been cre­ated and later deleted for DOGE use in the NLRB’s cloud sys­tems: “DogeSA_2d5c3e0446f9@nlrb.microsoft.com.” He also found other new Microsoft cloud ad­min­is­tra­tor ac­counts with non­stan­dard user­names, in­clud­ing “Whitesox, Chicago M.” and “Dancehall, Jamaica R.”

On March 5, Berulis doc­u­mented that a large sec­tion of logs for re­cently cre­ated net­work re­sources were miss­ing, and a net­work watcher in Microsoft Azure was set to the “off” state, mean­ing it was no longer col­lect­ing and record­ing data like it should have.

Berulis said he dis­cov­ered some­one had down­loaded three ex­ter­nal code li­braries from GitHub that nei­ther NLRB nor its con­trac­tors ever use. A “readme” file in one of the code bun­dles ex­plained it was cre­ated to ro­tate con­nec­tions through a large pool of cloud Internet ad­dresses that serve “as a proxy to gen­er­ate pseudo-in­fi­nite IPs for web scrap­ing and brute forc­ing.” Brute force at­tacks in­volve au­to­mated lo­gin at­tempts that try many cre­den­tial com­bi­na­tions in rapid se­quence.

The com­plaint al­leges that by March 17 it be­came clear the NLRB no longer had the re­sources or net­work ac­cess needed to fully in­ves­ti­gate the odd ac­tiv­ity from the DOGE ac­counts, and that on March 24, the agen­cy’s as­so­ci­ate chief in­for­ma­tion of­fi­cer had agreed the mat­ter should be re­ported to US-CERT. Operated by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), US-CERT pro­vides on-site cy­ber in­ci­dent re­sponse ca­pa­bil­i­ties to fed­eral and state agen­cies.

But Berulis said that be­tween April 3 and 4, he and the as­so­ci­ate CIO were in­formed that “instructions had come down to drop the US-CERT re­port­ing and in­ves­ti­ga­tion and we were di­rected not to move for­ward or cre­ate an of­fi­cial re­port.” Berulis said it was at this point he de­cided to go pub­lic with his find­ings.

Tim Bearese, the NLRB’s act­ing press sec­re­tary, told NPR that DOGE nei­ther re­quested nor re­ceived ac­cess to its sys­tems, and that “the agency con­ducted an in­ves­ti­ga­tion af­ter Berulis raised his con­cerns but ‘determined that no breach of agency sys­tems oc­curred.’” The NLRB did not re­spond to ques­tions from KrebsOnSecurity.

Nevertheless, Berulis has shared a num­ber of sup­port­ing screen­shots show­ing agency email dis­cus­sions about the un­ex­plained ac­count ac­tiv­ity at­trib­uted to the DOGE ac­counts, as well as NLRB se­cu­rity alerts from Microsoft about net­work anom­alies ob­served dur­ing the time­frames de­scribed.

As CNN re­ported last month, the NLRB has been ef­fec­tively hob­bled since President Trump fired three board mem­bers, leav­ing the agency with­out the quo­rum it needs to func­tion.

“Despite its lim­i­ta­tions, the agency had be­come a thorn in the side of some of the rich­est and most pow­er­ful peo­ple in the na­tion — no­tably Elon Musk, Trump’s key sup­porter both fi­nan­cially and ar­guably po­lit­i­cally,” CNN wrote.

Both Amazon and Musk’s SpaceX have been su­ing the NLRB over com­plaints the agency filed in dis­putes about work­ers’ rights and union or­ga­niz­ing, ar­gu­ing that the NLRB’s very ex­is­tence is un­con­sti­tu­tional. On March 5, a U. S. ap­peals court unan­i­mously re­jected Musk’s claim that the NLRB’s struc­ture some­how vi­o­lates the Constitution.

Berulis shared screen­shots with KrebsOnSecurity show­ing that on the day the NPR pub­lished its story about his claims (April 14), the deputy CIO at NLRB sent an email stat­ing that ad­min­is­tra­tive con­trol had been re­moved from all em­ployee ac­counts. Meaning, sud­denly none of the IT em­ploy­ees at the agency could do their jobs prop­erly any­more, Berulis said.

Berulis shared a screen­shot of an agency-wide email dated April 16 from NLRB di­rec­tor Lasharn Hamilton saying DOGE of­fi­cials had re­quested a meet­ing, and re­it­er­at­ing claims that the agency had no prior “official” con­tact with any DOGE per­son­nel. The mes­sage in­formed NLRB em­ploy­ees that two DOGE rep­re­sen­ta­tives would be de­tailed to the agency part-time for sev­eral months.

Berulis told KrebsOnSecurity he was in the process of fil­ing a sup­port ticket with Microsoft to re­quest more in­for­ma­tion about the DOGE ac­counts when his net­work ad­min­is­tra­tor ac­cess was re­stricted. Now, he’s hop­ing law­mak­ers will ask Microsoft to pro­vide more in­for­ma­tion about what re­ally hap­pened with the ac­counts.

“That would give us way more in­sight,” he said. “Microsoft has to be able to see the pic­ture bet­ter than we can. That’s my goal, any­way.”

Berulis’s at­tor­ney told law­mak­ers that on April 7, while his client and le­gal team were prepar­ing the whistle­blower com­plaint, some­one phys­i­cally taped a threat­en­ing note to Mr. Berulis’s home door with pho­tographs — taken via drone — of him walk­ing in his neigh­bor­hood.

“The threat­en­ing note made clear ref­er­ence to this very dis­clo­sure he was prepar­ing for you, as the proper over­sight au­thor­ity,” reads a pref­ace by Berulis’s at­tor­ney Andrew P. Bakaj. “While we do not know specif­i­cally who did this, we can only spec­u­late that it in­volved some­one with the abil­ity to ac­cess NLRB sys­tems.”

Berulis said the re­sponse from friends, col­leagues and even the pub­lic has been largely sup­port­ive, and that he does­n’t re­gret his de­ci­sion to come for­ward.

“I did­n’t ex­pect the let­ter on my door or the push­back from [agency] lead­ers,” he said. “If I had to do it over, would I do it again? Yes, be­cause it was­n’t re­ally even a choice the first time.”

For now, Mr. Berulis is tak­ing some paid fam­ily leave from the NLRB. Which is just as well, he said, con­sid­er­ing he was stripped of the tools needed to do his job at the agency.

“They came in and took full ad­min­is­tra­tive con­trol and locked every­one out, and said lim­ited per­mis­sion will be as­signed on a need ba­sis go­ing for­ward” Berulis said of the DOGE em­ploy­ees. “We can’t re­ally do any­thing, so we’re lit­er­ally get­ting paid to count ceil­ing tiles.”

Dealing with open source soft­ware, I reg­u­larly en­counter many kinds of li­censes — MIT, Apache, BSD, GPL be­ing the most promi­nent — and I’ve taken time out to read them. Of the many, the GNU General Public License (GPL) stands out the most. It reads like a let­ter to the reader rather than legalese, and feels quite in tune with the spirit of open source and soft­ware free­dom.

Although GPLv3 is the most cur­rent ver­sion, I com­monly en­counter soft­ware that makes use of GPLv2. I got cu­ri­ous about the last line in its li­cense no­tice:

You should have re­ceived a copy of the GNU General Public License

along with this pro­gram; if not, write to the Free Software

Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Why does this li­cense no­tice have a phys­i­cal ad­dress, and not a URL? After all, even though the full li­cense does­n’t of­ten get in­cluded with soft­ware, it’s a sim­ple mat­ter to do a search and find the text of the GPLv2. Do peo­ple write to this ad­dress, and what hap­pens if you do?

I turned to the Open Source Stack Exchange and got a very help­ful an­swer. It’s be­cause the GPLv2 was pub­lished in 1991, and most peo­ple were not on­line. Most peo­ple would have ac­quired soft­ware through phys­i­cal me­dia (such as tape or flop­pies) rather than a down­load.

Considering the stor­age con­straints back then, it would­n’t be sur­pris­ing if de­vel­op­ers only in­cluded the li­cense no­tice, and not the en­tire li­cense. It makes sense that the most com­mon form of com­mu­ni­ca­tion would have been through post.

The GPLv3, pub­lished in 2007, does con­tain a URL in the li­cense no­tice since Internet us­age was more wide­spread at the time.

I de­cided to write to the ad­dress to see what would hap­pen. To do that, I would need some stamps and en­velopes (I found one at my work­place) to send the re­quest, and a self ad­dressed en­veloped with an in­ter­na­tional re­ply coupon to cover the cost of the re­ply.

I was dis­ap­pointed to find out that the UK’s Royal Mail dis­con­tin­ued in­ter­na­tional re­ply coupons in 2011. The only al­ter­na­tive that I could think of was to buy some US stamps.

The eas­i­est place to look for US stamps was on Ebay. I did­n’t re­al­ize that I was step­ping briefly into the world of phi­lat­ely; most stamp list­ings on Ebay were cov­ered in phrases and ter­mi­nol­ogy such as very fine grade, MNH (Mint Never Hinged), FDC (First Day Cover), NDC (No Die Cut), NDN (Nondenominated), and so on. It’s pretty easy to glean that these are prop­er­ties that col­lec­tors would be look­ing for.

I or­dered what seemed to be a ‘global’ stamp, for the small­est but safest amount that I could (about £3.86). The list­ing men­tioned that it was ‘uncertified’ which was mildly un­nerv­ing, did that mean it was an in­valid stamp? I de­cided to chance it, and quickly ex­ited that world.

After a few weeks of wait­ing, I even­tu­ally re­ceived the ‘African Daisy global for­ever vert pair’ stamp which was round! I should have no­ticed that the seller sent me the item us­ing stamps at a much lower de­nom­i­na­tion that those I had or­dered. Oh well.

With the self ad­dressed en­ve­lope ready, I wrote the re­quest and ad­dressed it to the GPLv2 ad­dress. Luckily I did have some UK stamps avail­able to send the let­ter with.

Writing the ad­dress on the en­ve­lope was awk­ward, as I haven’t used a pen in sev­eral years; it took a few at­tempts and some wasted en­velopes, print­ing the ad­dress would have taken less time. But it was ready so I posted it in my near­est Royal Mail box.

I had posted the let­ter in June 2022 and about five later weeks later, I re­ceived a re­ply. The round stamps looked suf­fi­ciently stamped upon with wavy lines, known as can­cel­la­tion marks, which are yet an­other thing that phi­lat­e­lists like to col­lect!

Anyway the let­ter in­side con­tained the full li­cense text on 5 sheets of dou­ble-sided pa­per.

The first thing that came to at­ten­tion, the pa­per that the text was printed on was­n’t an A4, it was smaller and not a size I was fa­mil­iar with. I mea­sured it and found that it’s a US let­ter size pa­per at about 21.5cm x 27.9cm. I com­pletely for­got that the US, Canada, and a few other coun­tries don’t fol­low the stan­dard in­ter­na­tional pa­per sizes, even though I had writ­ten about it ear­lier.

There was a prob­lem that I no­ticed right away, though: this text was from the GPL v3, not the GPL v2. In my orig­i­nal re­quest I had never men­tioned the GPL ver­sion I was ask­ing about.

The orig­i­nal li­cense no­tice makes no men­tion of GPL ver­sion ei­ther. Should the fact that the li­cense no­tice con­tained an ad­dress have been enough meta­data or a clue, that I was ac­tu­ally re­quest­ing the GPL v2 li­cense? Or should I have men­tioned that I was seek­ing the GPLv2 li­cense?

I could choose to pur­sue by writ­ing again and re­quest­ing the right thing, but it would take too much ef­fort to fol­low up on, and I’m over­all sat­is­fied with what I re­ceived. As a postal in­tro­vert, I will now need a long pe­riod of rest to re­coup.