Bonum Certa Men Certa

The ISO Delusion: When the Employer Doesn’t Realise That Outsourcing Clients' Passwords to LassPass After Security Breaches Is a Terrible Idea



"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy."

--Martin Luther King, Jr.



Summary: The mentality or the general mindset at Sirius 'Open Source' was not compatible with that of security conscientiousness and it seemed abundantly clear that paper mills (e.g. ISO certification) cannot compensate for that

THIS will be the last daily part before we transition to more irregular or infrequent postings, ending with a grand summary some time late in February. This series will never end entirely as we continue to learn more and more things from its readers (yes, many people have been reading it, including past staff).



Today's important addition is some hard evidence that Sirius was outsourcing passwords; even the partner of the manager admits issues to that effect, e.g. in "Handover to shift 3 - 18/02/2022" it was noted they had "Sent out Sirius passwords for Monit via LassPass". In "Handover to shift 1 - 03/08/2021" it was said that "Apparently the problems with my account are down to a corrupted share key. Will need help from an admin to fix this at a time when I don't need access to Sirius shared folders."

Why are we sending our own credentials and clients' credentials to a third party? This party is controversial for many reasons, including its chain of ownership and jurisdiction, set aside security breaches.

In "Handover to shift 1 - 27/08/2021" it said: "Got xxxx to remove me from all shared folders so that LastPass support can reset my share key."

Notice we were also having technical problems; the outsourcing solved nothing and merely created more problems.

In "Handover to shift 3 - 16/08/2022" (just months ago): "Fiddling with my browser settings because Google Voice didn't ring when xxxxx did a test call."

"I didn't want to leave an employer where I had worked for so long, but it seemed clear time was running out and the company was sinking/drowning while deflecting the blame."Again, outsourcing the telephone system meant more problems. All of us were having these problems, but managers ended up doubling down on their mistake, moving what's left of Asterisk (that actually worked!) to what kept failing and failing and failing. Such insane policy-making, detached from any fact- or evidence-based analysis, dooms companies. I raised concerns about this internally more times than I can recall. I received support from colleagues when I complained. They felt the same way, but with criticism not welcomed by managers who make mistakes it proved to be an exercise in futility. An arrogant management is management that's unable to listen and correct mistakes, with recklessness and stinginess that will inevitably cost the company existing and potential clients (they cannot get through to us on the phone!).

If you notice those patterns in your workplace, consider leaving. I didn't want to leave an employer where I had worked for so long, but it seemed clear time was running out and the company was sinking/drowning while deflecting the blame*.

As a bit of quick background, Sirius wasn't always this bad. In the last few weeks or months that I spent in the company (especially the last 2 weeks) I witnessed all sorts of very worrying things; lately, for instance, due to budget or understaffing issues, some qualified and well-equipped staff was passed over (not asked to cover slots) and instead the CEO covered shifts which he could not really do. He lacks access credentials, skills, and tools. In effect, clients were given the wrong impression someone qualified monitored their systems. They'd be wrong to assume this. We basically lied to them. Again.

"It was time to leave Sirius. I had planned this for a long time; it wasn't about money but about morals."It is important to stress that qualified staff was available instead (my wife was available), but one can speculate that the CEO, who had moved from Bristol to London, couldn't keep up with living expenses/costs (his own company's account has only loose change) and needed extra cash and thus let himself reach out to the Sirius cookie jar. That's just a hunch. We're guessing. There's very little in the public record (hiding past employment, previous education etc.), but as we showed in December he registered his own company at some accountancy's address and there's almost no money in the bank account. Should he cover jobs/slots he is unable to cover? The so-called 'founder' did the same at least once. Handovers started coming from high-level management. Those people didn't even have login credentials for clients' machines!

It was time to leave Sirius. I had planned this for a long time; it wasn't about money but about morals. Money is a separate issue; if I worked since 1998, would I receive the salary of 25 years ago? Would I want to be associated with such a company 25 years down the line? It's not the same company at all!

In 2022 the company was going under due to the loss of its largest client; the company was not lying about its financial situation but rather made it seem less gloomy than it really was (same to the clients, to assure and reassure them, just so that they're confident we wouldn't go under midway or halfway through the contract).

"The sad thing is that looking back we don't miss anything except a few colleagues."As we noted here before, there was a severe "dogfooding" deficit; the company spoke about "Open Source" while refusing to use it internally. It actively replaced Free/Open Source software that had been working just fine for over a decade. Instead of being a good example for the workers and the clients, the company went out of its way to cheat and mislead. And instead of making workers familiarised with the products the company claims to support, the company moved staff away from such products. If you are in control of your own stack, then you have to learn how to maintain it. In turn, you can help others do the same. We're sending mixed messages to clients if we're outsourcing everything.

The sad thing is that looking back we don't miss anything except a few colleagues. The management destroyed its own credibility in one day. A humiliating letter with photos of my wife and I (yes, he's stalking), random clippings from public IRC logs, and even a photo of a koala bear have nothing to do with the company's operations.

As noted at the start, this series isn't ending or hibernating; it'll carry on, albeit at a slower pace. ____ * To give one memorable example of blame-shifting, less than a year ago I received a 'rebuttal' to my informal report which said: "So someone from xxxx LLC called, but not authorised for out of hours support. We need to receive clearer instructions if calls we receive on that account are not from xxxx clients." I put 'rebuttal' in scare quotes because it did nothing to refuse what I had said. A manager wrote: "I just wanted to correct a couple of points from Roy's previous handover below. 1. Unfortunately, the highlighted call in the xxxxx section was incorrectly triaged. We can see from the audit log that this call came through on the US Reception telephone line and not on the xxxx support line. This was highly likely to have been a sales enquiry rather than a support call but insufficient information was gathered for us to be certain." So whose fault was it? Then there was this lie: "As far as I'm aware, there has been nothing but positive feedback about these notes so far but do please let me know if anybody else has any concerns at all or if there is anything we could to to improve them. The overwhelming majority of you have handled xxxxx calls excellently and I'm very grateful for your work on this. I am also always happy to offer any additional support that may be needed with our processes and policy." Actually, it was abundantly clear from what colleagues said (sometimes publicly) that they too had issues and many uncertainties. The problem was coordination at the top, as well as terrible tooling provided to staff by clueless managers.

Recent Techrights' Posts

Doing My Share to Tackle Online Slop and SPAM
Trying my best to 'fix' the Web
Slopwatch: Fakes, FUD, Duplicates, and Charlatans Galore
The Web as we once know it is collapsing. Some opportunists try to replace it with low-quality slop.
The Register UK Seems to Have Become American and Management is Changing (Microsofter as Editor in Chief)
The Register 'UK' is now controlled by the Directions on Microsoft guy
Microsoft Windows Lost 400 Million Users in a Few Years, Why Does The Register Double Down on Windows With New US Editor?
days ago they hired a new US editor
 
Links 26/07/2025: Amazon Shutdown in China, Russian Economy Slows
Links for the day
Gemini Links 26/07/2025: History of Time (1988) and Gemini Games
Links for the day
Links 26/07/2025: 50 Percent Tariffs in Amazon, Dying Intel Offloads Network and Edge Group (NEX)
Links for the day
Blaming Programming Languages for Users' and Developers' Bad Practices
That's like blaming cars for drivers who crash into things
Many People Still Read Techrights Because It Says the Truth, Produces Evidence, and Does Not Self-Censor
Unlike so many other sites
The Register is Desperate for Money, According to The Register
I decided to check how they're doing as a business
Microsoft Finally Finds a Use Case for Slop?
Create low-quality chaff to shift the media's attention?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 25, 2025
IRC logs for Friday, July 25, 2025
For Libel Reform One Must First Bring (or Raise) Awareness to the Issues and Their Magnitude
I myself know, from personal experience
Links 26/07/2025: Rationed Meals in the US and TikTok Repels Investments (Too Toxic)
Links for the day
Gemini Links 26/07/2025: "Bloody Google" and New People in Geminispace
Links for the day
Response to Solderpunk (Father of Gemini Protocol) About the Gemini Community
Solderpunk responds to non-sequitur
HTML and the Web Used to be Something a Child Could Learn, "Modern" Web is a Puzzle of Frameworks, Bloat, and Worse
When the Web was more like Gemini Protocol
New US Editor in The Register is 84% Microsoft/Windows Booster
It'll be worrying if it carries on like this
Links 25/07/2025: Slop Blunders and China Has Code of Conduct for Lawmakers in HK
Links for the day
Gemini Links 25/07/2025: Some Books and Babies and Capital
Links for the day
Links 25/07/2025: NOAA Cuts Endanger Lives, "Europe's Self Inflicted Cloud Crisis"
Links for the day
They Try to Lecture Us on Ethics
They even removed "master" from Microsoft GitHub
The Future of the Web is One Rendering Engine or 'Flavours' of Chrome
The future of the Web does not look bright at all
Best Sites Are Not Optimised for Any Browser, They Work Equally Well With All of Them
Red Hat (IBM) is making rubbish sites
YouTube is a Spamfarm, Slopfarm, and Clickfarm (a Lot of Numbers There Are Fake)
Those who don't fake look unpopular and unimportant
We Don't Do JavaScript and Pages Are Small
Thankfully Gemini Protocol has nothing like JavaScript
'Tech' is Not Technology
Some people use terms like 'Old Tech'
IBM's Debt Rose by Almost 10 Billion Dollars in the Past 6 Months Alone
The "hey hi" circus is coming to an end
Yes, Master
Gaslighting by actual racists
Microsoft Bribes and Buys Politicians to Tell Europe What to Do About Free Software (Which It's Attacking)
Microsoft: we speak for the thing that we are attacking! Follow the money...
Making Backups Quickly and Reliably
Backups are imperative, more so in an age of uncertainty, unpredictable weather, and worsening standards (quality of products going down while prices go up)
Techrights Investigation: Estimating the Point in Time LinuxIac Turned Into LLM Slop (Part of the Time)
Bobby Borisov got lazy
10th Month, Ten Weeks From Now, at Ten AM
In Wentworth Institute of Technology in Boston
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 24, 2025
IRC logs for Thursday, July 24, 2025
A Nadella Memo Distracts From Microsoft's Cheapening Of the Workforce
Right now the "MSM" (mainstream media) is flooded/overwhelmed by garbage pieces that relay lies for Nadella
Vanishing Faces of GNU/Linux
Free software projects do not depend on any one person or company to still exist
Microsoft Says It Lost 400 Million Windows Users, Now It's Waiting for GNU/Linux to Stop Booting on 'Old' PCs
When it comes to Windows, Microsoft is fully aware of the issue and statements it made earlier this summer suggest it lost 400 million Windows users
Slopwatch: LinuxTechLab, linuxsecurity.com, LinuxIac, and More
Also: The Register's Microsoft agenda (new editor)
Gemini Links 25/07/2025: Gemtext Aware Titan Editor and Gemini Protocol Comeback
Links for the day
Links 24/07/2025: Convicted Felon Quits UNESCO, "Vibe Coding Goes Wrong", and Signalgate Gets Worse
Links for the day
Gemini Links 24/07/2025: Forgejo Woes and Smolnet Directory Week
Links for the day
Misinformation is Not Intelligence
It's low-grade plagiarism and it fails to show any signs of intelligence
Links 24/07/2025: Storage Tapes Still Kicking, Windows TCO 'on Steroids' (Microsoft-Induced Catastrophes)
Links for the day
Bobby Borisov (LinuxIac) Has Apparently Begun Experimenting With LLM Slop, So We Cannot Trust LinuxIac Anymore
So did LinuxIac become a slopfarm? Maybe not yet, but it's getting there
Informa TechTarget's ITProToday is Becoming a Slopfarm Generated by Microsoft Chatbots
Busted.
'Tech' Gimmicks Are for Advertising, Not for Usability
In the case of Microsoft, they latched onto slop
BetaNews Sacked Brian Fagioli and Deleted His Comments, But He Still Tries to Use the "BetaNews" Brand for Self-Affirmation
Fagioli takes the work of other people
[Meme] Hard to Be a Better Person?
Sooner or later they'll realise that for each pound I spend they need to spend about 1,000 times more
The LLM Con Artists Are Highly Destructive
Who will ever be held accountable for this scam?
Too Bribed by Microsoft to Move to Free Software?
Microsoft lies and Microsoft bribery (in politics)
New US Editor for The Register is a Microsoft Booster
"Avram Piltch has served as US editor for The Register since July 2025."
Microsoft Hiring European Politicians is Another Form of Bribery; There Should be a European Investigation
When Microsoft bribed people in Europe for OOXML (there's no denying this!) a European government delegate said that Microsoft operated like a cult
Reda Demanded That FSF Removes Its Founder, Now Reda Works Directly for Microsoft
A sellout and a traitor, first working for GAFAM, now Microsoft
PCLinuxOS is Raising Money to Support Development After Fire Incident at the Host
PCLinuxOS has not had announcements lately
Speed of the Site Should be Better Now
The "bot attacks" impact the speed of the sister site too
Getting More From AnalogNowhere
Recently we used many images from AnalogNowhere
Microsoft, Microsofters and 'Secure' Boot Shills Already Storming the LWN Report About Expiring Certificate, Shooting the Messenger
LWN has clearly stuck a nerve
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 23, 2025
IRC logs for Wednesday, July 23, 2025
Disable "Secure" Boot Today (the Only Better Time to Do So Was Yesterday)
Don't trust anything Red Hat tells you about security
Links 23/07/2025: Windows Killed Company After 150+ Years, US Government Mimics Russia's Attacks on the Media
Links for the day
Freedom Generally Wins at the End, History Shows (But It's Constantly Attacked, Too)
At the moment people realise "Linux" (e.g. Android) isn't enough to guarantee any freedoms
Over 3 Months Later Brett Wilson LLP Still Unable to Recruit a Media Lawyer?
"Immediate start", but not found... still unfilled