Bonum Certa Men Certa

The ISO Delusion: How Sirius Picked Collaboration/Communication Tools That Harm Staff, Harm the Company, and Harm Its Clients

International Organization for Standardization (ISO) brag



Summary: Sirius 'Open Source' has long misused "ISO" to do all sorts of dubious things, including cover-up and frustration of staff; the time has come to explain what happened and maybe eventually report the matter to ISO itself

THOSE who have followed this series carefully enough know that pretty much all the communication tools of Sirius 'Open Source' had been outsourced to proprietary vendors (voice, text etc.) without bothering to ask staff, which complained only after the fact. Too late. It's a decree, not a proposal. Instead of self-hosting Asterisk and relying on Jabber (among other things) the company was sending its workflow to Google, Zoom, Slack (Salesforce) and even Skype (Microsoft) while publicly floating ISO logos.



Over the coming week or so we'll show this ugly façade of a company that still uses the term "Open Source" -- a thing that it is rejecting internally. It's not about doing what clients require; this is about what the company chooses for itself, as it's headed by managers who neither use nor support Open Source. It's a façade.

"It's not about doing what clients require; this is about what the company chooses for itself, as it's headed by managers who neither use nor support Open Source."The Office Manager will be a recurring theme here, as she was part of this façade. What is an Office Manager anyway when the company does not have an actual office? David Graeber's thesis would classify it as a 'bullshit job' [1, 2], probably the "box tickers" kind. To quote Wikipedia, we deal here with "box tickers, who create the appearance that something useful is being done when it is not, e.g., survey administrators, in-house magazine journalists, corporate compliance officers, quality service managers..."

As noted here right from the start (a day after resignation), the company was hardly compliant with anything sensible, including security and ethics. Last year I was asked to study logs for some anti-abortion group (without telling me where those logs had come from). What next? Would I be getting assigned jobs like checking logs for Oath Keepers or Proud Boys, seeing that anti-abortion groups were starting paying for "services" last year? (Off the record)

Anyway, yesterday this good article mentioned LastPass, another company that the stubborn new management decided to hand over to not only our own passwords but clients' too (even private keys!!!), insisting that according to LastPass the LastPass breach wasn't a big deal. Sirius did not even bother resetting passwords after I had repeatedly urged for this to be done (and, as a possible bonus, to dump LastPass altogether). In yesterday's article the author says: "I’d like to talk about some of my experiences with this topic, as well as recent events in the security community."

"Before I describe my experience," he says, "I need to set the stage. My LastPass fun took place around the same time as the infamous Bugcrowd incident with JSBN."

Watch how LastPass handled things: "My first step in esclating was security.txt. No dice. There was no clear security officer or contact information that I could discern from my social network either, so I chose the path of last resort: I contacted their support team."

"Hiring friends and relatives instead of qualified people leads to disaster."So it's more or less like Sirius. No wonder a client said the company was "incompetent". The client said this to a highly incompetent 'manager' who was never supposed to be there in the first place: No clue about technology or about management, just some associate from a former organisation in which a Sirius 'founder' had spent a few years. Hiring friends and relatives instead of qualified people leads to disaster.

Very basic security practices were often disregarded and staff was ignored in spite of technical background. It was like talking to the wall.

At first we had Asterisk internally; then someone decided it would be better to use some outside firm as a supplier and pay the fees. That was still a lot better than a move to a defective "service" and then purchase "phones" that are a security threat, in the hope (likely false hope) that it would 'fix' the issue. We'll come to that another day.

The management kept covering up for repeated failure/s, blaming the staff (victims) instead, never the decision-makers who introduced a faulty/defective alternative but are too vain to admit it, take the blame, and finally undo.

"The management kept covering up for repeated failure/s, blaming the staff (victims) instead, never the decision-makers who introduced a faulty/defective alternative but are too vain to admit it, take the blame, and finally undo."The company's obscene disregard for security would not end there. We've already covered cognition reports being stored on personal machines, then uploaded to AWS (not the client's servers). There was no longer any security protocol in place; no file server for them or for us (GDPR would be screaming!), set aside the fact that the company is no longer "open source" and is basically lying about it. It's more like bragging about ISO while gaslighting people who actually value security.

Not only did the company ignore the warnings from me, it didn't even change passwords, alter providers, or self-host an actual "Open Source" alternative. It kept saying it would (or merely consider this), but those were lies. As we mentioned here before, this wasn't a matter of practicality of cost-savings either; Sirius was getting huge bills for "clown computing" (idle almost all the time but the bills kept growing and growing). Any suggestion of self-hosting, i.e. like before, was dismissed as "hobbyist" by the CEO. So what is to be sold as a service by Sirius? Outsourcing? Well, the company's latest incarnation in LinkedIn does say that.

Tomorrow we'll show some examples of misuse of the company's pretences (ISO, GDPR etc.) for cover-up, censorship etc.

In the meantime, however, consider this E-mail from July 2019 (when the company was setting up a shell in the US, covertly, when signing an NDA with the Gates Foundation):

xxxx wrote on 17/07/2019 17:20: > Hello Roy, > > As you are aware we’re currently going through the process of > implementing ISO 27001 (information security management system). It's > been brought to our attention that you using xxxxx Slack is > unacceptable due to the security of password sharing amongst yourselves. > > During your meeting at the training workshop - I had asked for you to > reconsider as this is a company requirement. > > Moving forward and with the advice from the ISO company this is now > something which needs to be completed by the end of your shift this > evening. Slack is an essential communication tool used by everyone > within the company. > > Would you please confirm the receipt of this email and a reply to this > request.

Hi,

Currently, all our sensitive communications end up on the server of a large corporation in another country, where this data can get sold. It included NHS stuff. This too is a problem as we need to be Open Source not only in name and I've been waiting for xxxxx to set up Matrix or similar for me to join. It has been months and I think it's essential for our company to demonstrate it takes security seriously. I can set up an Open Source alternative myself if that helps.

Regards,


Of course I only received more threats for this, rather than be listened to. Of course "information security" and Slack are incompatible concepts. As we shall revisit shortly, let's just say Slack suffered yet another data breach shortly thereafter, vindicating me. Did the management listen? Did it react? Of course not.

After some more threats I was compelled to give up, at least temporarily:

xxxx wrote: > Hello Roy, > > As I have expressed in my previous email and in all communication that > Slack is an essential communication tool used by everyone within the > company at the moment. We all should be there. > > This is a direct management requirement and instruction and it needs to > be implemented immediately.

I have just created the Slack account.

It would still be useful to know the timeline for moving to an Open Source alternatives. Slack has no business model other than spying at the moment, as media repeatedly points out.

Regards,


Regarding "I've been waiting for xxxxx to set up Matrix or similar for me to join," I was receiving false promises from the CEO, naming two people who would set up a Free software alternative like Riot/Mattermost. One of them left the company (as I had previously warned the manager) and another never implemented the change. Sirius management was just lying all along.

"Now, after so many years, Sirius is another disgrace or a black eye to ISO."We'll revisit Slack another day and we shall deal with each of these blunders in turn. ISO is a joke if it grants certification to companies which behave in this way, set aside how superficial the requirements are. 15 years ago Microsoft bribed a lot of firms and organisations to rig ISO; and ISO, in turn, was OK with it. Now, after so many years, Sirius is another disgrace or a black eye to ISO. No wonder clients suffered security breaches. They weren't even informed of how poorly Sirius had handled/managed security.

Recent Techrights' Posts

Links 25/06/2025: Elon Musk’s Lawyers Caught Lying, WhatsApp Faces More Bans
Links for the day
Wayland Pushers Lose the Argument, Use LLM Slop and Chatbots to Make Up Arguments for IBM
Another new low and low blow
What is "MATA"?
Think of it as GAFAM or "Meta"
WebProNews is a Slopfarm
Please avoid linking to WebProNews
Another "Told You So!": XBox Mass Layoffs at Microsoft (Many Recent Reports Were Chaff and Spin), Many Other Divisions Affected
With mass layoffs at Microsoft the world would be much better
 
5,600 Pages/Articles Per Year
So far this year we've kept all the promises
BetaNews Beginning to Show What Its True Goals Are
The 'new' BetaNews won't be about journalism. It's trying to sell things.
Microsoft Has Lost "The War"
We'll soon see the 9th or 10th wave of Microsoft layoffs in 2025 alone
Slopwatch: A Wreck and a Dreck, "Flooding the Zone With Dreck" or Flooding the Web With Junk
"Slopwatch" continues today because we have many new examples
Links 25/06/2025: Thwarting More Software Patents, Overlap Grows Between EPO Corruption and Illegal Kangaroo Patent Courts in EU
Links for the day
Brian Fagioli Created Another Slopfarm Targeting "Linux" After BetaNews Became a Slopfarm of Phantom Accounts and Pseudonyms
Mr. Fagioli even had slop about a dead Torvalds (hypothetical) as clickbait
Wayland is Perfect, Nobody Can Escape Its Perfection! (Or Not)
Do not form on opinion on Wayland based on politics
Moral Duty for "Linux Sites" to Speak Out Against LLM Slop
My wife has long complained about "Linux bloggers" keeping quiet and thus passive about a growing problem: slop
In Recent Hours Google News Promoted at Least 3 Slopfarms That Relayed Linux Foundation Propaganda Made by Bots or LLM "Bullshit Generators" (as Dr. Stallman Dubbed Them)
Google is circling down the drain and Google News too is hopeless
Linux Journal is a Slopfarm, It's Experimenting With LLM 'Authors'
Is Slashdot next?
Microsoft LinkedIn is Dying and Many More Layoffs Are on the Way
LinkedIn is just a failed acquisition of Microsoft. It causes losses and debt.
Gemini Links 25/06/2025: Combinatorial Music and Self Hosting
Links for the day
Richard Stallman Coming Back to Europe This Autumn to Give More Talks
His last talk in Europe attracted about 400-450 people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 24, 2025
IRC logs for Tuesday, June 24, 2025
Social Control Media, Technology & Catholicism: Synod on Synodality review and feedback
Reprinted with permission from Daniel Pocock
How Many More Women Will Managers at Microsoft Strangle and Tell to Kill Themselves (or Try to Kill)?
The world needs to know what happened
The New BetaNews: 7 New 'Articles', All of Them LLM Slop
BetaNews is basically defunct. Nobody writes there anymore.
statCounter Estimates Only 1 in 300 Iranians Would Use Microsoft for Search
Iranians don't quite trust Microsoft
Gemini Links 24/06/2025: ftpd on FreeBSD and Online Small Web Magazine
Links for the day
Google News Does Great Harm by Promoting Slopfarms as Legitimate News Sites
Slopfarms are sites which are 100% LLM slop
Links 24/06/2025: Trouble at "Open" "AI" and ‘Siarhei is Free’
Links for the day
Gemini Links 24/06/2025: Stimulants and Subscription Costs for DRM
Links for the day
When the Microsoft Aggressors Rely on Several Law Firms ('Attack Dogs', 'Guns for Hire'), Not Just One, Lawyering Up Against Techrights (Acting on Behalf of Americans Against UK Publishers)
From serving customers at some restaurant he has moved on to bullying people with demand letters
Links 24/06/2025: OpenAI [sic] May Soon Die (Too Much Debt) and Social Control Media Accused of Being Misinformation/Disinformation/Propaganda Amplifier
Links for the day
Nirbheek Chauhan in Planet GNOME Explains Why Wayland Pushers Are Losing
"A strange game. The only winning move is not to play."
Polygamy, from Catholic Synod on Synodality to Social Control Media & Debian CyberPolygamy
Reprinted with permission from Daniel Pocock
Only a Third of or 1 in 3 Web-Connected Devices is a Desktop or Laptop, According to statCounter
we can expect Android to widen its lead
The Days Are Getting Shorter, the First Half of 2025 is Almost Over
We're gratified to see significant increase in traffic and also positive feedback on the work we do
Turning GNU/Linux Into a Political Football
X (not the site) is Free software
X Server Still Works for Many People
A lot of people will grow suspicious of Wayland boosters/pushers if they persist and insist on using these tactics
Exactly a Week Ago "BetaNews Staff" Said "Betanews Is Growing Alongside You". Since Then Every Article (All by "Camila Nogueira") Has Been LLM Slop.
BetaNews is basically a slopfarm
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 23, 2025
IRC logs for Monday, June 23, 2025
The "Tarzan Effect" in Compilers and Software
What happens when you forcibly make things 'work', either by hacks or by disregarding warnings (like those that compilers tend to issue)?
Gemini Links 23/06/2025: Mass Tourism, Hair Love, and Google Gemini as a Googlebomb
Links for the day
Law Firm Burgess Mee Does Not Fully Deny Participating in Abusive Litigation for Serial Strangler From Microsoft
I am not unfamiliar with these tactics
The Modus Operandi of Wayland Pushers: Make It Political
do what I say or you're a nazi...
Links 23/06/2025: RFE/RL Contributor Vladyslav Yesypenko Released, Recording Industry Cutbacks
Links for the day
Brett Wilson LLP Solicitors (M): Over 99.9% of Our E-mail is Self-Marketing, We Send You 3.5MB E-mails for Less Than 1KB of Text
Why would tech people entrust legal matters to such people?
Peter Moon's (Computerworld) Interview With Richard Stallman
Stallman: If you want freedom don't follow Linus Torvalds
At What Point Does Outsourcing Constitute Malpractice?
Brett Wilson LLP's new staff page is misleading
United Arab Emirates (UAE) Sailing to GNU/Linux, According to statCounter
countries in that region will quickly learn the price of neglecting digital sovereignty
From Do Your Own Research to Do Your Own Search
The Web is full of garbage; search engines amplify this garbage
More People Moving to Geminispace?
at age 6+ Gemini Protocol seems to have gained some maturity and it seems like more people use it
Permutation in LLMs Does, Inevitably, Change Meanings and Therefore LLMs Cannot Properly Rephrase or Summarise Texts
LLMs lack actual grasp or comprehension of what they spew out
Links 23/06/2025: Many Security Breaches, Population Declines
Links for the day
Gemini Links 23/06/2025: "America at the Crossroads" and OpenWRT Surgery
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 22, 2025
IRC logs for Sunday, June 22, 2025
Pure Dove
Different means different, and sometimes those who "deviate" from "the norm" have a point
Censorship is a Sign of Weakness Which Invites More Censorship Attempts
revolutionaries don't succumb to pressure from bullies
Why It's Unlikely That LLM Slop Will Dominate the Web in the Long Run
Slopfarms will eventually perish (they have no actual value) and "survivors" on the Web will be sites that never depended on search engines and social control media
GNU/Linux in Argentina Now Measured Near 5%
Like in central Europe, they must be seeing an increasingly hostile US
BetaNews is Fake News, Composed by LLM Slop
nothing in BetaNews is written by humans anymore