Sirius Open Source: Secure Only 'on Paper'

Dr. Roy Schestowitz

2022-12-11 05:25:12 UTC
Modified: 2022-12-11 05:25:12 UTC

Summary: Sirius ‘Open Source’ has adopted shoddy practices that impede audits, undermine security, and subvert proper inspection of the network; outsourcing is not security, and "clown computing" is more like an "acceptable" security breach (giving some shady companies control over your systems and data), but that's not something today's Sirius ‘Open Source’ can still grasp (Intel experienced something similar when geeks left)

THE previous part spoke about a lack of real security and today we turn our attention to GAFAM-friendly policies which wrongly assume that VPN or GAFAM mean security. They don't. VPN, like a firewall, makes false assumptions. And outsourcing assumes that some other companies are in fact security-oriented and respecting of privacy. They're neither. Sending passwords from one's local network (already access-restricted on several levels, namely access credentials and IP address) to something like LastPass is beyond insane. But good luck explaining that to people who worship brands instead of technology and find appeal in anything "new" (for no actual reasons other than perceived novelty).

Here is the relevant part of the report sent at the start of this month.

Band-Aid Instead of Robust Policies

Speaking of security breaches, some of the company's Ubuntu servers are using very old -- even way outdated -- versions, as noted by the company itself (it's also controlled by a host in another country, which poses another attack surface issue).

Security isn't taken seriously enough and VPN is presented as ad hoc Band-Aid. VPN is not the solution, it's a hallmark or a symptom of neglect at the intranet (internal) level. Firewalling and restrictions, for instance, have unusual exceptions. Since "Google is your friend", for instance, Google IP addresses are allowed. As if Google never spies or collaborates with spy agencies (or even suffers security breaches). So Sirius VPN does not trust BBC network, but does trust (or whitelists) Google/Alphabet.

The neglect extends outwards, i.e. outside internal infrastructure of Sirius. For instance, in the past some staff transmitted in plain text messages (via E-mails) with passwords to accounts and servers of a very large client that is the target of foreign operations and aggressive spies (political espionage operations of this type are very common with clients such as these).

There are even very recent examples, so there's no need to go far back; a colleague who is close to management dared suggest -- only months ago -- that an entire political Web site (including user details, passwords etc.) be migrated by dumping a lot of data into Google Drive, without any encryption either, clearly not comprehending that "Google is your friend" is a laughable fallacy (an understatement; Google is legally obligated, through US Clarifying Lawful Overseas Use of Data Act or CLOUD Act 2018, to give full access to the US government and more).

It wouldn't be controversial to state that such practices can be off-putting to clients, e.g. when decision makers in Sirius have rather poor grasp or appreciation for privacy and security, let alone critical care by introspection (staff cautioning about this is subjected to gaslighting at best or even outright threats).

If Sirius views itself as a champion of "Alexa" and "OK Google", then the company should seriously consider a rebrand. ⬆

SLAPP Censorship - Part 32 Out of 200: Garrett Made Spurious Requests (Later Withdrawn) the Same Week Someone He Later Spoke to by E-mail Sent Threats to Our Webhost: The "plot thickens" because there's a multi-party tag-team act, as confirmed by Garrett after he had sworn on the Bible
GNU/Linux Measured at All-Time High in Sweden: Can 'influencers' have played a role
SLAPP Censorship - Part 33 Out of 200: Garrett Sued by My Wife and I, Then His Microsoft Acquaintance Files Another Lawsuit and Our Webhost Receives Legal Threats Too: Today we also show how our solicitor Mark Lewis responded to it
Good Friday, Leaving IBM for Good: Even on holidays
Links 03/04/2026: Rejection of More Software Patents and Social Control Media in Several Continents: Links for the day
Malware in Proprietary Software - Latest Additions by Rob Musial: Original published yesterday in gnu.org
Visual Evidence/Documentation of IBM Dying Like the Dinosaurs: IBM has many of these giant white elephants lying around, with some getting demolished
Links 03/04/2026: USPTO’s Latest Greenwashing and Internet Blackouts Impact Journalists in War Zones: Links for the day
IBM is a Dying Company, Nowadays It Kills Red Hat With Slop: when your last day is a national holiday in IBM's country
"Independence Drives" and Community-Run Sites: Independence in reporting is a much-valued trait
When Charlatans Are Only Good at Losing Money and Storytelling (e.g. About Investment in Them): Wait till a a barrel of oil costs $300
What Apple Fans Are Missing: Apple is a bad company
The "Pale Blue Dot" Moment Had Returned: To many people, the "bitter-sweet" observation of how small we are
Saudi Arabia Does Not Rely Much on Microsoft/Windows: Putting aside politics, this is good for Free software
Almost 12 Years of Exposing Corruption in Europe's Second-Largest Institution: The "unready" President is now an abandoned President
Easter Moon Mission and Its Reminder of IBM's Demise: A lot of NASA operations now rely on GNU/Linux
When Power is Scarce and GNU/Linux Has Power: In Cuba, GNU/Linux has long enjoyed high adoption rates
Don't Totally Dismiss the 'Survivalists': 'Survivalists' or similar terms are used to describe a particular mindset of people who prepare for some really awful scenarios
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, April 02, 2026: IRC logs for Thursday, April 02, 2026
A Much Better Use of Fuel Than Slop: Something positive for a change
Hoping for Peace: There are still many things to be enjoyed, including nature and kind people
Gemini Links 03/04/2026: "Slide Rule Triple Multiplication" and End of "Picture Pages": Links for the day
Rumours of Microsoft Layoffs This Season: Just how much trouble is Microsoft in at this point?
SLAPP Censorship - Part 31 Out of 200: Speaking About 20+ Years of Alleged Harassment/Defamation and High-Profile 'Targets' of Garrett: attempts were made to settle (in effect end the case) by the person who started the case almost half a dozen times along the way
In Asia, Windows is in Its Teens (Below 20%): On a global scale, Windows is down to about 26%
GNU/Linux Becoming More Universal: It seems likely the end of Vista 10 coinciding with a sharp rise in memory prices (and now energy prices) will benefit GNU/Linux and therefore give us more to write about
Low Morale at IBM and Perception of Destructive Management: IBM is going nowhere, fast
Gemini Links 02/04/2026: Super Mario Galaxy Movie and New Antenna Instance: Links for the day
It Seems Like Google News Cracked Down on (Omitted, Delisted) a Lot of Slopfarms: There's no justification/point in spending so much energy just to plagiarise things poorly
Can Economies Like the American One Hang On?: The coming weeks will be "interesting" unless wars end
Steam Survey for Last Month Says 5.33% Use GNU/Linux: big leap for GNU/Linux
Links 02/04/2026: Science News, Energy Scarcity, Oil Sold in Yuan: Links for the day
Links 02/04/2026: Apple Turns 50, Efforts To Ban VPNs: Links for the day
Gemini Links 02/04/2026: Kubernetes With FreeBSD, OFFLFIRSOCH, and Great Circle Distance: Links for the day
Dr. Andy Farnell on Microsoft Silencing or Deplatforming Opposition in the UK and Elsewhere: Microsoft as a king or a kind of "religion" one cannot question
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 01, 2026: IRC logs for Wednesday, April 01, 2026
SLAPP Censorship - Part 30 Out of 200: The Time We Reported Abuse to Greater Manchester Police (GMP) and It Was Escalated to Its Cybercrime Unit: he started trolling and harassing me for criticising his employers' monopolistic and users-hostile agenda
'Modern' Cars Not a Rosy Industry: The current "modern" cars already have a shelf life similar to that of many toothpastes
Wrongthink Detector and Filter in "Think About the Children" Clothing: It is not about "age verification", it's a Trojan horse for social control
IBM Facilities Now Deemed Legitimate (Military) Target, Along With GAFAM Bases: Does IBM have any defences in place to protect against "downtime by explosions"?
What Happens When Some Large News Sites Turn to Slop and Spew Out Nonsense: LLM slop makes such grotesque mistakes abundant
Hardly Seeing Slopfarms Today, Even in Google News: Google's adventures with slop increased its debt significantly
Links 01/04/2026: Quantum Hype (Turing and Google), "US Fuel Prices Surge Past $4 a Gallon": Links for the day
Gemini Links 01/04/2026: "Sacred Week of Cycling" and Zenity for Scripts: Links for the day
Losing Debian: Sruthi Chandran election flop: Reprinted with permission from Daniel Pocock
French judgment: parasitisme by FSFE & Matthias Kirschner (CO23.002709): Reprinted with permission from Daniel Pocock
Microsoft Uses April Fools to 'Joke' About Inserting "Age Verification" (Surveillance) Into Linux: MinceR says the "lkml [message/page] one is April Fools or at least they're trying to pass it off as April Fools [however] the [GitHub] one was archived on the 8th and yesterday, so that probably isn't..."
IBM "Headcount Reductions" by Early Retirement and Death: The tragedy at IBM started 33 years ago on the first of April
Red Hat: Latin-1 character set under threat from Bishop Michael Martin, North Carolina: Reprinted with permission from Daniel Pocock
Links 01/04/2026: Microsoft GitHub Now Pushing Ads Into People's Code/Commits, Earth Overshoot Day Draws Nearer: Links for the day
What IBM and EPO Workers Have in Common: European Media Not Covering Very Major News (Press Became Dysfunctional): Are IBM operatives working to scuttle the process of investigative journalism?
Free Speech in the United Kingdom When "Chilling Effect" is Increasingly Prevalent: If politicians cannot even use a term like "parasitic behaviour", then where do we as a society end up?
Oracle Lays Off Because of Debt and Commercial Issues, Not Slop: Like Scam Altman, Larry Ellison hangs around Cheeto King because he could use some bailouts in the form of government contracts or phony money with an incredible name like "Stargate"
The Real Reason Many Sites and Forums Shun Microsoft Lunduke: When forums say that they banned Microsoft Lunduke or don't want him mentioned it's probably because they are familiar with the "stench" that follows him around
Gemini Links 01/04/2026: Hallucinations, Stitching, and Type Systems: Links for the day
Lots of Layoffs at IBM, "Media Blackout" About Mass Layoffs at IBM's HashiCorp and Confluent Last Month: IBM is a dying company circling down the drain while manipulating or paying the media to pretend everything is fine
Microsoft Under Investigation by the UK's Competition and Markets Authority (CMA) for Abusive Tactics: What's noteworthy is that this is "set to begin in May"
Sounds Like Red Hat (IBM) Layoffs in Slop Clothing: This is an IBM policy. They try to justify staff cuts.
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 31, 2026: IRC logs for Tuesday, March 31, 2026

Sirius Open Source: Secure Only 'on Paper'

Band-Aid Instead of Robust Policies

Recent Techrights' Posts