Does/did this happen in your company too? If so, read on...

Summary: Sirius ‘Open Source’ has not been keeping up with skills required to self-host, instead demonising/denouncing them as "hobbyist" (actual quote from the CEO) and eventually relaying almost everything to proprietary vendors that put gates and walls on Free software

TODAY we continue a couple of parts that deal with security and privacy issues at Sirius Open Source [sic] -- a company that still says "Open Source" although it often recommends to clients that they adopt proprietary things.

Enough has been said already about the nature of the hypocrisy, the double standards, the dishonest marketing, lack of principles, and even some truly unethical clients. Below is part of the report deposited before my wife and I left the company¹.

---

Outsourcing Concerns

Colleagues at Sirius have long worked weekends (unlike client's staff, which is typically off work on holidays and weekends; there's no 24/7/365 cover). Some of them finished or started working but could not access an essential gateway machine. When the client does something like an update or makes a release the IP addresses will change, so whenever there is an incident Sirius staff can't restart, forcibly reboot or investigate the machines, that is unless -- or otherwise -- Sirius staff are informed (or wiki/documentation becomes up to date again). From what is known, this is more of this particular client's choice, but Sirius lacks a loophole and that is why Sirius may seem sloppy or slow to update/notify their workers/employees.

This is a typical example of a lack of top-down coordination. How are staff expected to carry out duties if managers don't do their part or fail to understand how these systems work? In fact, when outsourcing to any third party, this may be inevitable; the people who 'manage' the machines have almost no control over them. They merely rent some server space and the hypervisor may change over time, introducing unforeseen but unavoidable complication. This means server can become unavailable, with no resort at all (like accessing the datacentre/s). Back in 2011 and for several years after that Sirius had its own server racks and managed its own instances.

Sirius keeps recommending the outsourcing to proprietary software like AWS and Cloudflare, resulting (sometimes) in a lot of problems. Sirius itself pays in AWS bills almost as much as a small salary. Becoming an AWS 'reseller' makes Sirius far less competitive and vastly less unique; companies like these, including Rackspace, have their own support. They have their own ambitions of controlling everything themselves. Companies like Sirius should not become transient migrators. Sirius used to offer its own hosting.

This is one of many issues with "cloud computing", including AWS, which also caused significant downtimes for that client (hours-long outages) -- a client that used to have far more control over the hosting. When it comes to certification, the company actively encourages learning "cloud computing" stuff instead of "Open Source" stuff. ⬆ ______ ¹ Many more details will be given, along with further analysis, when the whole report is published. Probably in January.