01.30.23

[Meme] With Superheroes Like These…

Posted in Deception, Free/Libre Software at 2:22 am by Dr. Roy Schestowitz

Sirius staff and Sirius manager

Summary: Ever since the new managers arrived the talent has fled the company that falsely credits itself with “Open Source”

01.29.23

Not Tolerating Proprietary ‘Bossware’ in the Workplace (or at Home in Case of Work-From-Home)

Posted in Deception, Free/Libre Software at 8:56 pm by Dr. Roy Schestowitz

Video download link | md5sum 9a90a5de7aacd9fc4b8847cf61321f6a
When Sirius Abandoned Jabber for Bossware
Creative Commons Attribution-No Derivative Works 4.0

Summary: The company known as Sirius ‘Open Source’ generally rejected… Open Source. Today’s focus was the migration to Slack.

THE above video discusses the migration/transition/downgrade from Jabber to a truly terrible, centralised, proprietary and vulnerable platform known as Slack. Aside from technical problems and various glaring limitations, Slack was a risk not just to Sirius ‘Open Source’ but also to its clients.

No matter the hard evidence and how much I pointed this out (maybe a dozen times, at personal risk), that always fell on deaf ears. The company was already governed by incompetent people.

“From what we can gather, Red Hat staff was subjected to similar treatment after IBM had bought the company.”It was abundantly clear that many colleagues did not like this. Some opposed this. Some faced disciplinary action for antagonising. That would include me. So in a company called “Open Source” we’re meant to assume that adopting proprietary software — and not because some client requires it — is considered acceptable. Whereas insisting on the company’s values is considered an offense.

From what we can gather, Red Hat staff was subjected to similar treatment after IBM had bought the company. It’s hard to believe that later this year it will be 5 years since that announcement.

The ISO Delusion: A Stack of Proprietary Junk (Slack) Failing Miserably

Posted in Deception, Free/Libre Software at 5:47 pm by Dr. Roy Schestowitz

And the management that chose this junk resorts to blaming the victims

“Giving the Linus Torvalds Award to the Free Software Foundation is a bit like giving the Han Solo Award to the Rebel Alliance.”

Richard Stallman

Summary: When the company where I worked for nearly 12 years spoke of pragmatism it was merely making excuses to adopt proprietary software at the expense of already-working and functional Free software

LAST night we covered the use of Microsoft Skype in Sirius ‘Open Source’. It only happened once, but that was enough to damage the brand and injure some workers’ morale. Why would a company called “Open Source” something be eager to abandon Free/Open Source software, opting for proprietary stuff of the most vicious rival? What message does that send to longstanding clients or existing staff? What about potential/prospective/future clients and staff?

“Why would a company called “Open Source” something be eager to abandon Free/Open Source software, opting for proprietary stuff of the most vicious rival?”Slack on GNU/Linux is a mess. Slack on Free/libre browsers is almost an impossibility. So why on Earth would Sirius move away from Jabber and force/impose the use of Slack? I’ve uploaded 2 images from several years back; they’re screenshots of what happened when I tried accessing Slack from a GNU/Linux PC using a decent Web browser that isn’t controlled by spying firms:

Slack on GNU/Linux PC

Broken Slack

That does not seem like it’s going to work, does it? This is from 2019. It has only gotten worse since.

So we’ve just belatedly used two screenshots of what Slack looks like on GNU/Linux with a proper (Free/libre) browser; “bossware” that insists on browsers which spy on their users. Using some User Agent (UA) sniffing they try to undermine or prevent access with perfectly capable browsers (if the UA is faked, there’s a way to get in).

Back then I wrote to an incompetent manager who threatened me repeatedly for not using Slack: “I tried to access my account from two computers, from two browsers, including Chrome. It’s not working. See screenshots. It only works from Rianne’s laptop.”

At one point they agrees to let me use Rianne’s laptop, but then they “changed their minds” (in other words, they had lied to me right to my face in the illegal contract-signing). I got this:

xxxx wrote on 21/07/2019 02:23:
> Hi Roy,
>
> You need to fix this problem and use Slack.
>
> You are a well qualified tech who can fix this issue and comply with
> management’s request.
>
> As I have explicitly explained to you that you need to have your log in
> for Slack and not use Rianne’s. Yet today you’re logged in via Rianne’s
> and not using yours even though you sent me details of your own log in.
>
> To refresh your memory, this is from my previous email.

I need to install a new OS or a new browser for this.

Remember that the company never even paid us for any of our hardware purchases (for our work machines). That seems unreasonable.

“Slack itself has been having issues and it was sold to Salesforce.”In hindsight, it seems clear this manager scared away almost all the technical people. The damage was irreversible.

Slack itself has been having issues and it was sold to Salesforce. The New York Times reported Salesforce layoffs earlier this month. The Wall Street Journal published this article noting that Slack just made bloated proprietary junk nobody truly wants to depend on:

When Salesforce Inc. bought the messaging application Slack for $27.7 billion almost two years ago, it said the marriage would “transform the way everyone works in the all-digital, work-from-anywhere world.” Corporate technology buyers so far aren’t impressed, analysts said.

The acquisition sought to capture the fast-growing market for communications and collaboration software during the Covid-19 pandemic, as employers sent workers home and shifted to remote systems.

Today, companies in the market for customer-relationship management software — Salesforce’s signature product — don’t appear to be swayed one way or another by the addition of messaging and collaboration features, said Liz Herbert, a vice president and principal analyst at information-technology research firm Forrester Research Inc.

“We don’t really see, when it comes to Slack, any pent up demand from Salesforce’s base for a tool like that,” Ms. Herbert said. “It really hasn’t become something compelling,” she said.

Salesforce bought itself a dud and in December of last year the CEO said that he would leave this month.

From what we can gather, the decision to adopt Slack came from the CEO, who posted Trump support tweets while encouraging staff to use pictures of superheroes in Slack. How childish and unprofessional. What a betrayal of Free software. Is this really the same person who became a patron of the Free Software Foundation? Maybe his personal life took him on a crazy ride — a subject we might revisit some other day in another month.

To be clear, Slack doesn’t do anything that Free software cannot do. It’s bloated and it is not secure. It also has security breaches.

Just two days before the above E-mail message (from a manager) I received this:

——– Forwarded Message ——–
Subject: 💥 Slack Security Incident
Date: Fri, 19 Jul 2019 16:58:59 +0000
From: Keybase <notify@keybase.io>
To: r@schestowitz.com

*schestowitz*,

We’ve been getting questions about this, so an announcement for everyone.

Today, Slack announced that a break-in from 2015 was possibly more
severe than previously announced. A lot of people have been getting
emails today. It seems 1% of Slack users still had compromised accounts
(after 4 years); but more seriously, Slack has not disclosed what
percent of Slack teams had their messages stolen. Also, if a small
fraction of users have had compromised accounts, that may still mean a
majority of teams were compromised.

We’re sending this note because people are now asking if this could
happen with Keybase teams. Simple answer: no. While Keybase now has all
the important features of Slack, it has the only protection against
server break-ins: *end-to-end encryption*.

Keybase’s CEO, Max, just wrote how this Slack incident personally
affected him *in a new blog post* <https://keybase.io/blog/slack-incident>.

tl;dr. Hackers who break into Keybase’s servers could not read your
company’s, family’s, friend’s, or community’s messages. Hope this simple
update answers everyone’s questions.

*https://keybase.io/app*

And Keybase is free!
❤️ the Keybase team

Slack took over Keybase and Slack itself was a vulnerable piece of garbage with habitual data breaches. The Keybase reputation was tarnished and not many people seem to be using it anymore, certainly not me.

I eventually responded to the manager as follows:

> Hi Roy,
>
> You need to fix this problem and use Slack.
>
> You are a well qualified tech who can fix this issue and comply with
> management’s request.
>
> As I have explicitly explained to you that you need to have your log in
> for Slack and not use Rianne’s. Yet today you’re logged in via Rianne’s
> and not using yours even though you sent me details of your own log in.
>
> To refresh your memory, this is from my previous email.

I’m going to try to install another browser, as Chome and other browsers
don’t work for me. They don’t show anything when I log in (I sent you
screenshots). Maybe I’ll be logged in with my username in a few hours
when it’s installed (if that works).

In the meantime, I have to raise other concerns.

The inevitable has happened to Slack. They announced it days and and
they can be held criminally accountable

To say that Slack got merely “compromised” would be an understatement
Yes, it did in fact get compromised, but it’s a lot worse. It’s far
worse than a compromise per se. I’m going to explain, starting with the
basics.

Slack accumulates all data and never deletes any of it. GDPR should be
applicable here and I suspect that EU authorities have not assessed that
aspect just yet. What Slack is to users isn’t what it is to Slack, the
company. The Electronic Frontier Foundation (EFF) issued strongly-worded
warnings about Slack and even Microsoft utright banned Slack for
security reasons. They very much foresaw the latest disaster. It’s
difficult to assess or measure because it’s almost impossible to track
the sources of rogue actors’ data.

Slack did not have a mere ‘incident’. They knew about it for quite some
time (at higher levels, too). It’s the complete doomsday scenario, an
equivalent of having one’s own Jabber server completely and totally
hijacked, and all communications in it (names, passwords) stolen. But in
the case of Slack millions of businesses are affected. In one fell
swoop. Just like that. Even the public sector. Military, hospitals, you
name it…

Slack got cracked, but they won’t admit that. They will lie about the
extent of the damage, just like Yahoo and Equifax did (each time waiting
months before revealing it was orders of magnitude worse). They game the
news cycle that way. People must assume that all data is compromised.
Businesses and their clients’ data is on Slack. Even HR stuff, which
gets passed around in internal communications. Super-sensitive things
like passwords, passports and so on.

Who was Slack data copied by? Mirrored or ‘stolen’, to put it another
way? Possibly by rogue military actors that can leverage it for
espionage and blackmail, as many do. Covertly. You rarely hear about
blackmail because that’s just the nature of the blackmail. It happens
silently. Some would say Slack got “hacked” (they typically mean
cracked). But it’s actually a lot worse than getting cracked! I’ll
explain further…

About a month ago Slack got to its IPO milestone. But it committed an
actual crime by not informing the customers of the breach. They would
change passwords etc. had they known. But Slack did not obey the law. It
did not inform customers. It announced all this after the IPO, in order
to make shareholders liable, and it did so late on a Friday (to minimise
press coverage about this likely crime). The shareholders too should sue
for concealment of critical information.

Slack knew what had happened and why it waited all this time. This
scandal can unfold for quite some time to come.

It would be wise to move to locally-hosted FOSS. However, that would not
in any way undo the damage of having uploaded piles of corporate data to
Slack and their compromised servers. In the coming days many companies
will come to realise that for years they tactlessly and irresponsibly
gave piles of personal/corporate data to Slack and now a bunch of
crackers around the world have this data.

You can expect Slack to stonewall for a while, saying that it’s the
weekend anyway. When it comes to Slack, expect what happened with
Yahoo; First they say it’s a small incident; Months pass; Then they toss
out a note to say it was actually big; A year later (when it’s “old
news”): 3 BILLION accounts affected.

Now, like Yahoo, they will downplay scope of impact. A lot of companies
can suffer for years to come (e.g. data breaches, identity theft).

I have great concern for the company where I’m working for almost a
decade, including our compliance with the law and our clients’
compliance with the law. This is why I bring this up.

I’m going to install something new and see if I can somehow logged in. I
already tried, unsuccessfully, from two of my laptops.

In summary, Slack is a pile of garbage. With Slack, Sirius too became a pile of garbage. They deserve each other.

A few weeks ago John Goerzen wrote: “I loaded up this title with buzzwords. The basic idea is that IM systems shouldn’t have to only use the Internet.”

Slack does not work when the company has downtime. It happened several times, which meant people could not speak to colleagues for hours. Why was our Jabber server shut down? Surveillance through Slack?

Remember that Sirius kept promoting fake security as if the company is a bunch of people who never used computers before. When clients ask about ISO certification (not an isolated incident) they don’t seem to understand what truly happens inside Sirus. There’s spying, outsourcing, security breaches and so on. Someone needs to talk about this.

Microsofters Inside Sirius ‘Open Source’

Posted in Free/Libre Software, Microsoft at 10:34 am by Dr. Roy Schestowitz

Video download link | md5sum 9088e5ce7cc9eba79bde5977c20d399f
Sirius and Microsofters Inside
Creative Commons Attribution-No Derivative Works 4.0

Summary: Sirius ‘Open Source’ has been employing incompetent managers for years — a sentiment shared among colleagues by the way; today we examine some glaring examples with redacted communications to prove it

LAST night we published this latest/next part about Sirius, though only about a day later than originally expected due to my most important hard drive simply dying. We’ll still try to stick to the original schedule with a closing day after exactly 2 months (since the start of the series). After that we have more to cover, but maybe not on a daily basis.

“The video moreover gives a recent example of “managers” failing to do very simple and very critical tasks.”The video above goes back to the days when a backstabbing manager had been appointed; he asked if not demanded all of us to get Microsoft Skype accounts and get the darn thing installed only for useless presentation based on invalid data.

The video moreover gives a recent example of “managers” failing to do very simple and very critical tasks. This puts clients’ businesses at great risk.

“Clients are noticing this, but some chose Sirius because of very old past reputation (and revisionist history).”Sirius hasn’t been managed by competent people for years already. Clients are noticing this, but some chose Sirius because of very old past reputation (and revisionist history).

01.28.23

Unmasking AI

Posted in Deception, Free/Libre Software at 9:28 pm by Guest Editorial Team

Why fear even weak-AI?“, a guest article by Andy Farnell

AI unmasked

After a long winter the phrase “artificial intelligence” is back in vogue with a vengeance following leaps in large language machine learning. While the popular press bandies the term around I swim against the tide, still cautioning my students to avoid flippant and inappropriate terms. There are no such things as Artificial Intelligences. Yet. But public opinion is set, and what do I or other mere computer scientists know?

AI does exist. That is to say – in the same sense a hard nosed pragmatist once put it – A deity exists when you are surrounded by devout believers with swords. Whether something exists in reality is less important than its existence in the minds of men alone, when they will kill you for disagreeing.

Microsoft just invested $10Bn in OpenAI, a nominally “non-profit” (but very much for-profit) company that betrayed its founding values to become a seller of proprietary closed-source software 1. The media push has been astonishing, frightening, and has moved even Google to react. AI now exists because the press, boosted by big technology corporations, has deemed it so. There is demand for it. We have conjured “AI” into the realms of reality and common discourse. Of course demand does not come from you or I. The streets are not filled with protestors shouting for “AI or death!”. The public are merely bemused and a little uneasy. It comes from professional obscuritans and tech-occultists giddy at the prospect of hiding their mischief behind arcane machinery. AI is the mask. Real businesses are responsible for the harms their machinery causes, as they would for a dog that bites. Not so in computing. In case you hadn’t noticed, the companies running so-called digital “infrastructure” are in the process of physically disappearing, leaving nothing but a spooky disused funfair and a hidden projector to scare-off nosey kids.

Already talk has turned to “stopping” it, detecting or proving content AI-free. What reasons do we have for wishing to avoid AI when so much good can come from it? What’s relevant is the effect machine learning will have on labour relations and the future of personal technologies. But also the sanctity and dignity of human affairs feel under general attack.

Predictably the public debate has drifted into distractions about whether ChatGPT is “sentient”, can “feel” or “reason”. Dabblers in the philosophy of Turing, Dennett, Chruchland, Searle, Hofstadter, or Penrose will immediately recognise the “other-minds problem” as an intractable, unfalsifiable tar-pit Searle80. Strong-AI is the favoured side-show of “concerned scientists” and “effective altruists” alike. What is the distracting from?

The real problem with “AI” is not with AI, it’s with us. The likelihood of actual AI suddenly evolving into a malevolent power is negligible. The chances of humans, through our quasi-religious belief in AI, acting so as to destroy ourselves in far more pedestrian and time honoured fashion, is more or less certain.

Like Fox Mulder, We want to believe. AI gives hope that all the other failed promises of computing to make life easier and simpler might finally come true. They won’t. Instead, the ways that digital technology complicates and frustrates our lives will be amplified by AI. Not because there’s anything wrong with digital technology, or with AI, but because AI is a multiplier of the already obscene power imbalances that mar it and other technologies that have turned from enabling tools to chains and bars.

A Digital Vegan take on “AI”

Cockaigne

In some depictions of the Land of Cockaigne, birds fall from the sky already cooked, into the open mouths of those lazing beneath the tree of plenty. Wine springs from the ground. It is a parody of Utopia at the expense of infantile visions of convenience. In the digital realm, passive, domesticated consumers are already reduced to “intuitive” finger swipes, and pleas of “Don’t make me think!”. A threat from AI is it makes us even more lazy, docile and ready to be herded into pens. AI is not a new problem, it simply makes existing ones like rights to privacy, choice, truth and the threats from over-dependency and monopolies, all the more urgent.

So rather than the pastures of milk and honey let’s look to industrial farming as a model for our future, as we bleat and babble within the walls of Big Tech, ripe for harvesting by “AI” and its new and clever forms of extraction.

In the 1980s, following the great tradition of efficiency, British farmers began rendering down dead cows to use as feed for living ones. Some cows began dying of a strange new neurological disease. Nonetheless, they were ground into the pot and fed to their offspring. A few years later scientists identified Bovine Spongiform Encephalopathy (BSE), dubbed “Mad Cow Disease”. The entire national herd had to be slaughtered and burned in giant pits that filled the sky with smoke for months 2.

Positive feedback is regarded by systems theorists as a grave danger Weiner48. It is one we have already experienced on a small scale with “echo chambers”. What is set to come as generative large models are pushed into human affairs, first as customer support then journalism, search, teaching, nursing, legal judgements, and design, will make the echo chambers that led to the United States Capitol Riots look quaint.

Since capitalism loves to invoke the economic idea of “consumption” we shall start there to understand the problem. It is in fact a poor analogy. Information cannot be consumed. Unlike food which has value when we ingest it and becomes unpleasant waste when excreted, media gains value through “consumption”. If I listen to a song or watch a movie I make it more valuable because it obtains greater social capital. Exchange of information between humans tends to refine and improve it.

A healthy person excretes approximately as much as they eat, but information only increases by copying as it moves through human systems. Security scientists like Bruce Schneier have already warned us that data must be considered a waste management problem. The ability of AI, which in one second can write thousands of misleading articles, will greatly accelerate this problem. As a former AI researcher and Techrights reader put it: “AI is not like a puppy that wishes to please, but more like an industrial substance like dioxane or hexavalent chromium which can be contained, controlled and used for good, but only with great effort and planning”

Nonetheless, let’s continue our allegory of AI through the selection, preparation and proper cooking of ingredients.

AI tech is not the Haute Cuisine restaurant business, selecting only the finest cuts and freshest herbs. Large language models (LLMs) are trained by pulling an enormous drag-net over the entire human output of written materials. Anything goes in, it’s not fussy; ears, eyelids, hooves and bones, like a giant dog-food factory it boils down whatever can be scraped and tagged.

Cooking is a long and expensive process. As the pot boils it needs as much energy as the manufacture of an aircraft. Once prepared our AI is ready to try. We make a wish, stir the bowl, and dunk in our lucky spoon! Whatever comes up is a Tasty Chicken approximation of our desire. Despite careful filtering and straining by Big Tech Michelin no-star chefs the serving is not always a delight. Sometimes when consuming AI a mechanical eyeball floats to the top of the broth. It’s unblinking reddish stare, like a Poundland (variety-store, a concession to the international readership) version of 2001′s HAL, is a reminder of what else might lurk beneath.

If only we could side-step the whole messy, time consuming business of eating and just take a pill or Soylent Green “Nutrition Bar”, right? Psychoanalytical writer Adam Phillips said “Capitalism is for children”, meaning that the relations it engenders are simplistic. Just as technology is a way of not experiencing the world, transactional relations are a way of avoiding the complexities of fully human experience. We order drinks by swiping a QR code instead of speaking to the bartender, not for convenience, but because avoidance of public responsibility for our consumption feels more comfortable alone, left to our own devices.

The American Dream always contained fantasies of escape, of living in new ways. From the Robots of 1920s futurists to the Star Trek replicator, the metaphor for progress is inaction, a word that today we call “convenience”. One may, at some risk, criticise progress but never convenience. Under capital relations we have bracketed action aside, including speaking to other human beings, as “labour”. Labour, whether it brings us any intrinsic value or pleasure, must always be “saved”, that is, eliminated.

A fairy-tale “cake shop model of humanity”, of automatic products and services anticipating our needs is, like Bruegel’s depiction of Cockaigne, really a mythological picture of an obsolete and now dead Internet – a plentiful playground of knowledge and entertainment. For some time we’ve been in a race to the bottom to find the minimum viable substitute for experience, plus ways of forcing that experience upon the unwilling.

The problem is that these “experiences”, whether in the form of writing, answers, pictures or music will start to dominate and then pollute our info-space. New and hungry AIs will feed on them, recycling twice and thrice digested proteins, along with memetic prions, viruses and bacteria. As the nutritional value of this goo falls and info-space runs out of original human material, predation on creative individuals will become intense.

A provocative and insightful Hacker News comment responding to the idea of “Certified 100% AI-free organic content” 3 portrayed LLMs as anti-Semitic, in that they debase the sanctity of The Word 4. I think there’s something in the idea, that laziness and lack of data hygiene around AI will engender intellectual disease. AI becomes a public health issue that may require some Kosher wisdom to manage.

Bibliography

Bibliography

  • [Searle80] Searle, Minds, Brains and Programs, Behavioral and Brain Sciences, (3), 417–457 (1980).
  • [Weiner48] Norbert Weiner, Cybernetics: Or Control and Communication in the Animal and the Machine, Hermann and Cie. Paris (1948).

Footnotes:

1 https://openai.com/blog/openai-and-microsoft-extend-partnership/
2 https://en.wikipedia.org/wiki/United_Kingdom_BSE_outbreak
3 https://substack.piszek.com/p/ai-free
4 https://news.ycombinator.com/item?id=34503442

The ISO Delusion/Sirius Corporation: A ‘Tech’ Company Run by Non-Technical People

Posted in Deception, Free/Libre Software, Microsoft at 7:37 pm by Dr. Roy Schestowitz

The time a Sirius manager demanded that all staff installs Microsoft Skype, creating an account in it

“I found what they call a whitepaper but it’s 17 pages and basically says “We’re ISO certified”…”

Mathew Duggan, blog post from yesterday

Summary: Sirius ‘Open Source’ was hiring people who brought to the company a culture of redundant tasks and unwanted, even hostile technology; today we continue to tell the story of a company run by the CEO whose friends and acquaintances did severe damage

YESTERDAY I had a major hardware incident (the hard drive of my main PC suddenly died and needed replacing), so there was no article about Sirius, but today we’re catching up fast (I’ve also upgraded the operating system).

Looking back at my time at Sirius (it’ll be 12 years in 2 weeks from now), I try to recall the better days, the early days. These times weren’t fantastic by any stretch of imagination, but they were certainly better. Free software was used at every level. The colleagues were looking after the physical infrastructure. The NOC colleagues adopted my handover format/style over a decade ago and management had better temper.

“One of them fell in love with Microsoft’s proprietary junk…”More recent managers didn’t understand Free software or “Open Source”. One of them fell in love with Microsoft’s proprietary junk, even several years before Gates Foundation money (Gates Foundation paid under some NDA, resulting in the formation of Sirius Open Source Inc.). He said in Twitter that “some things” are better entrusted to Microsoft and, as it turned out later, he allegedly worked against the company (the CEO said he was trying to liaise with one of our colleagues to “steal” our biggest client).

By contrast, his predecessors were very much involved in GNU/Linux. One of them is mentioned in an old talk: “The LiMo Foundation are building a mobile middleware stack based on Linux. With over 70% of the platform based on open source components, what are the benefits and challenges of open source adoption, and what is the LiMo approach to working with Open Source?”

“A ‘box-ticking’ ‘bullshit job’ is the only thing coming from her direction and she’s failing even at that, repeatedly, then vanishing without replies/explanations (or just some lousy excuses).”We also had highly technical managers before that; of course they use GNU/Linux. At the moment it’s safe to say that nobody, at least among the managers, uses it. The non-technical Office Manager probably uses a “phone” some of the time (instead of a “proper” computer) and probably has no clue about any of the technical details or the tasks inside the company. A ‘box-ticking’ ‘bullshit job’ is the only thing coming from her direction and she’s failing even at that, repeatedly, then vanishing without replies/explanations (or just some lousy excuses).

Below we present some redacted evidence of the issue spoken about above. Here’s the handling of “Failed PSU”. As per Handover to Shift 3, 22/07/19: “Renewed the warranty for xxxxx. Don’t tell the customer that it ran out. (xxxxx’s email address was the one listed. I’ve changed that to the support email/number.) Checking that it is plugged in before xxxxx calls in the warranty.”

So the very simple task of renewing the warranty was not done. Handover to Shift 1 10/08/2019 said: “Both xxxxx and I have attempted to claim the warranty on this, but the HP Carepack Centre say they will not send out a new power supply without seeing the logs. The warranty did not cover the time that the logs will show that the PSU failed, so unless someone can figure out a solution then we are stuck. Whilst this server only has one working PSU it is at risk, so we need an idea.”

“Clients’ server are at risk of physical damage.”Notice they keep the customer in the dark about this. Handover to shift 3 – 24/08/2019: “xxxx received the xxxxx and said he was fitting it on the 19th. Waiting for update when he returns from holiday on 4th September.” More recently a similar incident, as per Handover to shift 1 – 11/09/2022: “Looked for the warranty certificate. (She hasn’t sent it to support, so checked my own emails and slack too.) xxxxx said she would send it out before she went on maternity leave.”

So one can see what it means to have irresponsible ‘box tickers’. Clients’ server are at risk of physical damage.

Regarding the above-mentioned Skype episode, another ‘box ticker’ prepared a useless presentation based on bogus data and wanted all the staff to install Skype, even though it was proprietary and already controlled by Microsoft.

This is him:

Skype accounts

Dear All

Very soon we will be holding an Operations Staff Skype call to deal with activities, processes and customer service ethos of the team. If you need to create a Skype account, please do so by Tuesday 24th March. A camera is optional, but you will need a microphone.

Once you have a Skype account, please add me as a contact: xxxxxxxxx. I will need this information to join you to the call.

Kind regards

xxxxxxxxx

My reply:

Hi xxxxxxxxx,

Will it be possible to connect through landline/mobile/NOC phone (Cisco) or SIP? Also, what date/time is the event? It looks like it says 27/3 (Friday).

Thanks,

Roy

His:

Hi Roy

The event is Friday 27th March at 10 am. I shall be using slides on the call, hence my request a few days ago that everyone connect to my Skype account.

Regards

xxxx

After a lot of pressure I found some old (very old) Android phone from 2012 and temporarily put Skype on it.

I need to find some machine that I can afford to compromise (maybe a phone). There are passwords and stuff on this machine, so installing Skype on it is out of the question (too dangerous).

He thanked me, ran a totally useless presentation on this, and then I deleted the whole thing.

This is what he wrote to all the colleagues, promoting Microsoft’s Skype to them:

I note there are a number of team members that have not yet added me on Skype. Please do this in preparation for Friday’s meeting.

Regards

Also:

Dear All

Here’s a check list of what you’ll need to do to prepare for tomorrow’s call and some guidance for joining the call.

1. A Skype account
2. Be connected to me. Skype name: xxxxxxx
3. Audio: mic and sound. We probably won’t use individual video links as this can cause bandwidth issues
4. Reasonable screen real estate so that you’re able to view some slides
5. A quiet space — background noise will be distracting to others on the call

Notes:
1. It’s best to mute if you’re not speaking
2. At 09:55, open a Skype session. I will add you to the the call. Once everyone is added I will host the session by initiating the call
3. Folks in the office may find it easier to gather around 1 or 2 machines
4. If you haven’t connected to me you cannot be joined to the call. If you’re not on the call you will miss important information

Regards

Not so long later he left the company after (according to the CEO) it turned out he had been working against the company behind the scenes.

Dear All

It’s time to say goodbye and I wanted to say thank you to each and everyone of you for my gifts, cards and especially, for my “bag for life!” Very topical!

I have enjoyed my time at Sirius very much — you are an inspiring bunch to work with. And for sure, you collectively pack-a-punch that puts Sirius fairly and squarely amongst far larger competitors. I may no longer be inside the tent, but please be assured, I will remain a Sirius fan.

Farewell Sirians

All the best

xxxxxxxx

That said nothing about the real reason he left.

So that’s another story for these chronicles. In the next couple of days we’ll show some more stories and then conclude/summarise the series.

01.27.23

Sirius Relegated/Demoted/Destined Itself to Technical Hell by Refusing to Listen to the Technical Staff (Which Wanted to Stay With Asterisk/Free Software)

Posted in Deception, Free/Libre Software, Google at 1:31 am by Dr. Roy Schestowitz

Video download link | md5sum 74987f7fa344dfdc3ef4a4d40f5045ef

Hell, Sirius, Anybody There?
Creative Commons Attribution-No Derivative Works 4.0

Summary: In my final year at Sirius ‘Open Source’ communication systems had already become chaotic; there were too many dysfunctional tools, a lack of instructions, a lack of coordination and the proposed ‘solution’ (this past October) was just more complexity and red tape

“HELLO, anybody there?”

Hell no. Wait till we authorise the microphone, open the correct browser window, and then roll up some scripts. Within 3 rings! Yeah, right! No way! On old hardware that can barely cope with epic bloatware imposed on all staff by the stingy management.

Sirius never provided us with hardware (other than a very old and second-hand Cisco phone), but it expected us to multi-task with a whole bunch of junk and up to three telephone systems running in parallel. Does that sound like a competent company? Who made these decisions? And who’s being blamed? Decision makers? Proprietary software? Or the victims of both?

“Sirius is broken beyond redemption because it is now governed by truly incapable people, shielded by a culture of intimidation and surrounded by sex partners who blindly follow orders/instructions.”The video above explains the absurdity of the telephone system at Sirius, which was only getting worse over time because incompetent people were calling the shots behind closed doors and without consulting those affected by their decisions. Not to mention how they repelled or scared away Asterisk-capable engineers. As it turns out, technical people were starting to have technical issues with the new “Google” system, which they could only object to after it had been pushed down their throats.

The moral of the story is, don’t outsource communications to proprietary software, do not rely on clown computing, and don’t let incompetent people make decisions (more so in the dark, in secrecy). It would harm both staff and clients and at the end the culprits will refuse to take the blame, instead insisting that they can salvage the whole mess by going deeper into the trap which caused the mess in the first place.

“ISO certification doesn’t mean compliance with common sense like companies controlling their own communications and protecting clients’ sensitive data, including passwords and private keys.”Sirius is broken beyond redemption because it is now governed by truly incapable people, shielded by a culture of intimidation and surrounded by sex partners who blindly follow orders/instructions.

And those are just the technical aspects, not the legal ones.

"The ISO Delusion" (latest part) explained privacy or data protection aspects; ISO certification doesn’t mean compliance with common sense like companies controlling their own communications and protecting clients’ sensitive data, including passwords and private keys.

01.26.23

The ISO Delusion: Sirius Corporation Demonstrates a Lack of Understanding of Security and Privacy

Posted in Deception, Free/Libre Software at 8:26 pm by Dr. Roy Schestowitz

2FA with 'mobile phone' is not proper security

Especially not when you send passwords and private keys to dodgy third parties that suffer security breaches and lie about it

Summary: Sirius ‘Open Source’, emboldened by ISO ‘paperwork’ (certification), lost sight of what it truly takes to run a business securely, mistaking worthless gadgets for “advancement” while compelling staff to sign a new contract in a hurry (prior contract-signing scandals notwithstanding)

A part devoted purely to ISO was last week’s focus/work and this week we show some of the company’s awful practices when it comes to security. This is the most recent example. It’s from this past October and it’s likely what got me “flagged” for bollocking. In short, after the contract-signing scandals of 2019 I was apprehensive about signing another unknown contract and moreover consenting to a company-provided spying device (with camera and microphone) being inside my home. My wife was also hesitant; she expressed very strong opposition to this even before I did. “What next?” she said…

“This “mobile phones” strategy it is not about saving money…”My E-mails about company “mobile phones” were discussed with a friend in IRC (personal channel), albeit only after careful redaction. Polite language was used. Facts were adhered to all along. At the bottom of this post the communications are reproduced in full, with clients’ names and colleagues’ names redacted.

This “mobile phones” strategy it is not about saving money; outsourcing never saves money, it adds a trap for short-term savings. The bills, in turn, gradually increase by a lot and services stop working or get shut down. They cannot even be debugged because they are proprietary (AWS and Google in mind).

“The messages were sent less than 10 minutes apart, obviously coordinated for effect, and there was no room for debate.”As the communication below shows, first they sent some ‘enticing’ message and later they sent an “ASAP” for a contract to sign (for “smart” “phone”). It was likely some sort of waiver. The messages were sent less than 10 minutes apart, obviously coordinated for effect, and there was no room for debate. If the company wants to buy brand new phones while deprecating existing Cisco phones of all staff — and it won’t settle for low-cost phones while at the same time admitting to employees that the company is tight on budget — then what gives?

But there are deeper, more profound issues at stake here. To give some background, consider what the EFF published last month in relation to NLRB (unions):

How does this work? The NLRB protects the right of workers under Section 7 of the National Labor Relations Act to organize and discuss joining unions with their coworkers without retaliation and the board’s General Counsel rightly suggests that surveillance of workers by their bosses can lead to unlawful retaliation, as well as a chilling effect on workplace speech protected by the NLRA.

“It concerns me that employers could use these technologies to interfere with the exercise of Section 7 rights … by significantly impairing or negating employees’ ability to engage in protected activity—and to keep that activity confidential from their employer,” General Counsel Jennifer Abruzzo said in her letter. She added she will urge the board to act to “protect employees from intrusive or abusive electronic monitoring and automated management practices” that interfere with organizing rights.  The general counsel’s memo serves as a marker for future cases considered by the NLRB. Traditionally, the opinion of the NLRB’s general counsel has a significant effect on how the board rules on cases it considers. This means that, should workers wish to file a claim with the NLRB along these lines, the board would take this opinion into account.

While worker privacy has been considered within general consumer privacy bills, workplace privacy rights function differently than those in many other contexts. A worker often cannot walk away from a camera pointed at their workstation. And while a consumer may feel they aren’t really “consenting” to data collection when they use a product or service, they generally have the option to go to a competing product. Workers don’t; saying “no” could cost them their livelihood. Therefore workers are set up to potentially lose certain rights during the workday.   

At the end of the month the EFF revisited this issue:

Since then, EFF has joined with those in the labor community to learn more about surveillance in the workplace and on work devices, and the effect it has on employees. Particularly as regulators start to pay more attention, and legislators include workers’ privacy in general consumer privacy bills, it’s important to understand the ways that the workplace presents unique challenges in this arena.

Bossware has Real Effects on Workers

As white collar remote workers felt bossware breathing down their necks, there was more coverage than ever of how employers are monitoring the workforce, and the lasting effects it has on workers’ health, safety, livelihood, and collective bargaining rights. Even for remote staff, these stresses affected their mental health and family responsibilities. But it is workers across all fields that have increasingly felt the heat of surveillance, and some of the coverage was propelled by blue collar workers who fought back, from meatpacking facilities to service workers to delivery drivers who experienced increased surveillance as a form of retaliation for wage demands. Neither the ineffectiveness nor the impact on real people calmed employers’ desires for increasing means to monitor and control worker behavior, with some even floating a database on worker productivity. Courts and agencies in other countries, like the Netherlands, have been quicker to take on U.S. firms who they allege have violated the human rights of foreign remote workers with demands on their acquiescence to invasive monitoring.

One lingering concern was, those “phones” can be used for spying and we already know the company was spying on workers, as we’ve demonstrated for nearly 2 months already.

The manager did not bother explaining the decision or how it had been reached; he went completely silent. He was trying to force us to sign something in a rush. Yet again… like in 2019. He also sent us nothing and instead went on a fishing expedition in IRC logs (it seems like nobody gave him a heads-up, as we showed before), only to find nothing but gossip that mentions no names, not even “Sirius”. Such stalking by a “thug” isn’t acceptable and it’s easy to get the impression that it was an act of retaliation in a company where managers are immune or exempted from enforcement (like EPO management). A “phone” would likely become just a tool to “manage” people and there’s already years-old track record of bullying by management. A “phone” would be a blunt instrument of coercion by intimidation and humiliation. All the stalking further justifies workers being apprehensive about “mobile” phones at home. In retrospect, we made the right decision when we antagonised/rejected the proposal.

Here is the full correspondence:

Introduction of Company Mobile Phones for the Support Team

Dear All,

This is just to update you that as part of our on-going development and improvement, we will imminently be introducing company mobile telephones for Support Team staff.

Whilst we are also constantly seeking cost savings and efficiency improvements and consequently as you know are looking at significant structural changes in the organisation, we also have significant security obligations for our own compliance and business requirement obligations to our clients.

However, as well as helping with our security compliance we believe this will be a very positive improvement in the ease of use for support telephony. xxxxx will distribute full details and instructions shortly.

Thank you in advance for helping with the smooth introduction of these devices!

Kind regards,

xxxx

9 minutes later another colleague wrote:

Introduction of Company Mobile Phones for Support

Hello Support Team,

With more customers demanding tighter security, the upcoming ISO audit requirements being more strict this coming November, and a general need to ensure you have the right tools for the job, Sirius will now be issuing work mobile phones to Support staff.

This has been under consideration for several years pending the right combination of business, customer, and financial requirements being met for deployment. Whilst the company continues to need to make overall financial savings and to achieve better efficiency, a number of pressing factors have become primary drivers to make this change happen now. (For example, you will be aware of xxxx becoming an increasingly important client of late and the imminent expansion of the support contract with them is key.)

We expect this to be a very positive step for Support Staff and should make a number of key processes more straight forward whilst also enabling key business benefits and security improvements.

Key purposes/benefits of introducing support mobile phones:
1. To enable 2FA and secure authentication for both Sirius and customer environments
2. Separating work and personal devices as a benefit for both work (security) and life-balance (you can turn it off when not on shift)
3. A step towards replacing the legacy Cisco handsets
4. The devices will integrate with the native platform for Google Voice and be a backup/forwarding target for that
5. A backup data connection to work from in case of local internet outage

The company policy on mobile devices and security is currently being updated to reflect this new tool, but please pay particular attention to the following key notes:
* The devices will remain the property of the company
* The devices must be used solely for work purposes and only by yourself
* The devices will be controlled centrally by Sirius, usage will be visible to management
* The devices must not leave the UK without prior specific permission from management

You have already agreed to abide by the Sirius IT policy and all usage of the device should be in accordance with this.

Devices will be distributed shortly and will include a Mobile Device Guide to allow a quick set-up. Please read through the Mobile Device Guide asap once available (which will be assigned to you in xxxx) and then agree to the contents and terms, after which your device will be sent out.

Warm regards,

To the first message I responded: “If this is about facilitating MFA, please provide phones with batteries that can be detached/removed in order to ensure the risk introduced isn’t greater than the risk lowered.”

The response was:

Hi Roy,

What risk are you suggesting we address by opting for mobile phones with a removable battery?

These devices are almost extinct, with only a few options. They also tend to be lower spec’d and poorer performing as you can see here: https://www.androidauthority.com/best-android-phones-removable-battery-697520/

Further to our discussion this morning, I cannot see a reason for us to make this a priority at this point.

Regards,
xxxx

I responded to the longer message as follows:

> Hello Support Team,

Hi,

> With more customers demanding tighter security, the upcoming ISO audit
> requirements being more strict this coming November, and a general need
> to ensure you have the right tools for the job, Sirius will now be
> issuing work mobile phones to Support staff.
>
> This has been under consideration for several years pending the right
> combination of business, customer, and financial requirements being met
> for deployment. Whilst the company continues to need to make overall
> financial savings and to achieve better efficiency, a number of pressing
> factors have become primary drivers to make this change happen now. (For
> example, you will be aware of xxxx becoming an increasingly
> important client of late and the imminent expansion of the support
> contract with them is key.)

We still need a wiki page for them. ;-)

> We expect this to be a very positive step for Support Staff and should
> make a number of key processes more straight forward whilst also
> enabling key business benefits and security improvements.
>
> Key purposes/benefits of introducing support mobile phones:
> 1. To enable 2FA and secure authentication for both Sirius and customer
> environments

When I saw the previous message I responded with “If this is about
facilitating MFA, please provide phones with batteries that can be
detached/removed in order to ensure the risk introduced isn’t greater
than the risk lowered.”

It’s understandable that some of these schemes do not support a landline.

> 2. Separating work and personal devices as a benefit for both work
> (security) and life-balance (you can turn it off when not on shift)

Not applicable to me as I don’t use such a device.

> 3. A step towards replacing the legacy Cisco handsets

The Cisco handsets have worked well for almost a decade. They were
always more reliable than Google Voice.

> 4. The devices will integrate with the native platform for Google Voice
> and be a backup/forwarding target for that

We already have a dedicated computer for Google Voice. Plus, it has
several fallbacks in place.

> 5. A backup data connection to work from in case of local internet outage

I think we still have a USB dongle for this somewhere. A SIM card should
be enough to facilitate it. Our connection has generally been reliable
for years.

> The company policy on mobile devices and security is currently being
> updated to reflect this new tool, but please pay particular attention to
> the following key notes:
> * The devices will remain the property of the company
> * The devices must be used solely for work purposes and only by yourself
> * The devices will be controlled centrally by Sirius, usage will be
> visible to management

It seems like sole purpose of it will be 2FA. Any simple phone that can
do SMS can handle robust 2FA. Anything “apps” can introduce more risks.

> * The devices must not leave the UK without prior specific permission
> from management
>
> You have already agreed to abide by the Sirius IT policy and all usage
> of the device should be in accordance with this.
>
> Devices will be distributed shortly and will include a Mobile Device
> Guide to allow a quick set-up. Please read through the Mobile Device
> Guide asap once available (which will be assigned to you in xxxx)
> and then agree to the contents and terms, after which your device will
> be sent out.

If, as stated above, I “already agreed to abide by the Sirius IT policy
and all usage of the device should be in accordance with this,” then why
do I need to sign an additional document? Anyway, I think this needs to
be discussed with staff. I wasn’t told anything about this until today
and it seems like a lot of resources are spent on just an MFA appliance.

Regards.

I tried to speak to them over the telephone, knowing from experience that they would likely not bother replying.

First colleague: Managed to get to him over the phone to discuss the matter.

Second colleague: Tried to avoid talking to me about it over the phone, using obviously fake excuses.

But the point isn’t about a “phone” per se. As we’ll show over the next few days, the company was failing at the very basics and putting not only its own systems at risks but also clients’.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts