01.23.23
Posted in Deception, ISO, Microsoft, Security, Standard at 8:33 pm by Dr. Roy Schestowitz
Summary: Before we proceed to showing how Sirius ‘Open Source’ blatantly ignored security and privacy we wish to show how ISO (see ISO wiki) basically ‘sold’ a certificate to Sirius — this is like a "diploma mill" but something that’s for businesses, not individuals
THIS is today’s second article on this topic. We’ve found some spare time for faster progression and in-depth coverage. As I noted yesterday, my wife had more direct and indirect experience (decades ago) with ISO being a bunch of meaningless hooey. So did I (having stumbled upon classical ‘box tickers’ or worse). Sirius is just another reminder of that. Hence this series and its relevance. It seems like a lot of people in technical fields separately and independently reached the conclusion that ISO is overhyped, overvalued, and mostly a waste of time and money (unless you have a ‘bullshit job’ to justify).
“This isn’t science. It’s like calling “economics” a science. It is not. It’s more like religion.”“My dad complained about the ISO in the 90s,” Ryan said in IRC an hour or so ago. “He constantly made fun of all of their “standards” for management of a company that didn’t mean anything but go on and on. It’s a sort of code so that managers sound smarter than they are. “We’re ISO-Whatever compliant with our handling of the TPS reports.” And the ISO standards can be wrong and never revised. Microsoft implemented the standard for MP3 and so did LAME, and then the result was they were both correct and Windows XP crashed. Part of the standard about what constituted the maximum size for a frame could be calculated one of two ways.Microsoft chose the more constrained way and it resulted in a buffer overflow with some files that crashed Windows Media Player. LAME had chosen the method that resulted in a slightly larger permissible frame size. The outcome was LAME had to be changed to use the Microsoft calculation to avoid crashing Windows, and that meant a reduction in audio quality under some circumstances, with padded bytes instead of data. Later, they changed to use the VBR bit allocator, even in a CBR file, and it mostly avoids the situation by its method of action. It can cleverly use the bit reservoir in ways that the former bit allocator that was only for CBR files couldn’t. Naturally, they never delete anything, so you can still demand the old model. It’s just an absolute nightmare of options switches. It’s the worst thing I’ve ever seen in a utility its size. ISO is kind of the stuff of Pointy Haired Bosses when it comes to Management Theory being standardized.”
Well, this whole “Management Theory” is what we’re dealing with here.
This isn’t science. It’s like calling “economics” a science. It is not. It’s more like religion.
Here’s what happened in Sirius (in mostly logical/chronological order):
Subject: ISO
Date: Mon, 29 Jul 2019 15:47:43 +0100
From: xxxx
To: xxxx
Hey All,
As you know we are going through the ISO processes – I have been asked to gather some information from everyone at Sirius to create a list of all assets used by employees of Sirius whether it belong to the company or the employee so if I can have the item name and serial number that would be great. They have also asked which anti virus you all use.
Are you all able to send me the required information ASAP please?
Thanks,
xxxx
Yes, because a bunch of serial numbers would mean so much! Of people devices at home… for the most part.
“They would nag us to do the same ‘course’ every year, even though it is dumb and we ‘passed’ it already.”A month later came “You have been registered for a Training course – Information Security” (no, not really security but this hoax instead). We’ll deal with that another day…
They would nag us to do the same ‘course’ every year, even though it is dumb and we ‘passed’ it already. This is compliance???
”This is something that will be done annually for our ISO process,” I was told, “so please complete this on your next shift.”
Way to waste people’s time, doing and passing a total hoax over and over again (details on why it’s a hoax were covered here before).
Notice the threats being sent to ALL staff:
Hi All,
As you will all be aware we have been implementing new policies and procedures in order to become ISO 9001 and ISO 27001 compliant. Part of this entailed changing our HR company to xxxx who use the online portal Atlas to provide an easier method to roll out training. I have checked and there is still a substantial amount that has still not been completed.
ALL training sent out by myself needs to be passed and completed by the _*25th November 2019*_. This is to ensure we meet our deadline for the final stage of ISO audits.
Failure to comply with this request may result in disciplinary action. For those of you that have completed the training, please ignore this message and thank you.
Kind Regards,
xxxx
“Failure to comply with this request may result in disciplinary action,” it says. They kept making veiled and explicit threats. Sometimes this culminated in actual bullying, false accusations, and blame-shifting witch-hunts.
Of course the portals failed to even work properly. For instance:
> ALL training sent out by myself needs to be passed and completed by the
> _*25th November 2019*_. This is to ensure we meet our deadline for the
> final stage of ISO audits.
I was able to open all the documents and read them. The animated things,
or training sessions, get stuck. I tried each one of them about 5 times
(>each<) and they get stuck somewhere along the way. I tried this on
multiple machines. Rianne told she too had some difficulties.
I will try again on my next shift, but these technical issues do merit a
mention. They also rely on plugins Adobe no longer supports, posing
security risk (an issue aside from the bugs).
Kind regards,
[Roy]
Her answer was: “Have you tried using a different web browser?”
Of course she wasn’t using GNU/Linux or anything “Open Source”. This does not constitute an actual solution.
In 2020 the following was sent:
——– Forwarded Message ——–
Subject: xxxx – Things to do
Date: Thu, 26 Nov 2020 11:38:01 +0000
From: xxxx
To: xxxx
CC: xxxx
Hi All,
In October I issued Linux Training via xxxx. Can you all please ‘acknowledge’ this on your portal to show that you have opened and read it.
I also need you to ensure ALL training modules issued on xxxx i.e information security and documents issued i.e IMS Awareness presentation have been completed by the end of your next shift.
It is essential these tasks are carried out prior to our ISO Audit next week.
Kind Regards,
Well, those training modules and ISO guidelines weren’t even followed by Sirius. We gave examples of this before. In some cases, there were efforts to meet standards only after a certificate had been granted.
Sheesh. I’m not supposed to say this in public, am I?
What did those audits mean anyway? What did the above “ISO Audit” actually check? That the cookie drawer is properly locked when Office staff goes to retrieve some hot chocolate milk from the machine?
“In the next few parts we’ll show what Sirius did in practice, not in theory, and what it told staff, not ISO auditors.”Some other messages were banal. They indicated a certificate had been granted (in other words, Sirius basically bought one) after minimal so-called ‘audits’ and staff sending a bunch of numbers from the back of computers (as if that means anything at all).
ISO is a joke. When it comes to this administrivia, ISO created just another ‘cash cow’ for itself.
In the next few parts we’ll show what Sirius did in practice, not in theory, and what it told staff, not ISO auditors. It’s one heck of a clusterf**k with the company’s data scattered all over the place. That includes clients’ data, even private keys and passwords. █
Permalink
Send this to a friend
Posted in Deception, ISO, Patents at 7:07 pm by Dr. Roy Schestowitz
Summary: Sirius ‘Open Source’ has long used “ISO” — and sometimes “GDPR” — as catch-all excuses for all sorts of nonsensical policies; does ISO realise the degree to which it is being misused by incompetent 'box tickers'?
“The ISO will basically standardize anything they’re paid to even if it’s impossible for anyone else to implement the standard, for any reason,” Ryan said in IRC yesterday. “They’re a corrupt group that will do anything for money.”
“Here’s one example from Sirius: Nothing to do with ISO, yet “ISO” gets mentioned all the time — the go-to excuse for everything.”To make matters worse, ISO facilitated epic Microsoft corruption. ISO still enables crime. It didn’t seem to mind it or worry about it. It only worried about the impact on its image/reputation. The EPO‘s management also habitually uses “ISO” to distract from the EPO’s crimes. We covered several examples several years ago. “The ISO hoards “standards” and won’t let you read them for free,” Ryan said moments ago. “So on top of patents, things only Microsoft can implement, etc. There’s this. Unless you tore apart LAME’s source code and tried to write new documentation for MP3, you can’t share high level documents with anyone. I doubt that the paywall is a huge cash cow for them. You still can’t share the official MP3 specification. The source code to LAME or Helix are the specification you can see without ponying up almost $300 iirc for a specification that describes it at a high level. By looking at source code, you can’t clearly understand every part of it unambiguously unless you’re a Mentat or something. The developers of LAME buy the PDFs but how much revenue is five people buying PDFs? Or maybe a dozen people even?”
Here’s one example from Sirius: Nothing to do with ISO, yet “ISO” gets mentioned all the time — the go-to excuse for everything. Any terrible policy…. such as classic “bullshit jobs” (making lists of tickets aside from the ticketing system, for no actual purpose other than to keep us extra busy).
Skip to the bold bits for the ‘short’ story or the gist:
Ticket Review – This is priority and compulsory
——– Forwarded Message ——–
Subject: Re: Ticket Review – This is priority and compulsory
Date: Fri, 31 May 2019 12:45:09 +0100
From: xxxxx
xxxx,
Support is contracted to work 8 hours. This time should be used productively for the company’s requirements and business needs. And right now business needs this report from every shift to update the clients. We are also going through quality control for ISO purposes [Ed: emphasis ours]. This makes it even more important.
This is how your shift should really go:
1. Start shift
2. Read Handover
3. Respond to any emails
4. Ticket review
5. As and when new tickets are added to xxxx – enter these onto the relevant ticket review reports on the fileserver for each customer – whilst doing the ticket review, update if status has changed to either open – ongoing OR closed.6. Work on tickets/check monitoring etc for rest of your shift
7. Write detailed handover and send
8. Finish shift
It is not an unreasonable requirement from management.
If you have anymore issues email me directly or xxxx and do not cc anyone else as I don’t want a long email thread which is going to take focus away from objective.
Kind Regards,
xxxx
> xxxx wrote:
>
> I’m sorry you don’t want my input, but I think this is a very important point that needs making. The trouble is that I can’t see how this is going to improve the amount of tickets that we have open at the moment. What is needed is for each of us to actually work on the tickets.
>
> On 31-05-2019 11:35, xxxxx wrote:
>
>> Hi xxxx,
>> The status box requires open/ ongoing or closed. It doesn’t require details.
>> Please read my email again and follow instructions.
>> This is compulsory and required from each of you.
>> This really is not open for discussion.
>
> [...]
>
>> <xxxxxxx> wrote:
>>
>> I understand. But it would be helpful for me if you would would
>> clarify what exactly is required by a Ticket Review. For me,
>> there’s no point writing largely irrelevant or obvious comments
>> at the bottom of each ticket. What is needed is to actually work
>> on each ticket and resolve it so it can be closed.
Well, that stopped getting done when they decommissioned our last server. So that clearly had nothing to do with “ISO”. The management lied to us and misused the “ISO” straw man.
Does ISO deserve to know this?
Another unqualified “manager” did the same with “GDPR”. To provide some context (2020 E-mails):
> Hi Roy,
>
> Why was this handover sent at 1:03 am – your shift is meant to be
> finished at 1:30 am.
>
> What is the reason for this?
Again, I think this is a misunderstanding. Check the past 8 years’ worth
of handovers at 1-1:30am. Look at the time pattern.
Did you send a similar message to all my NOC colleagues as well?
Regards,
She didn’t ‘get’ the message. I did nothing wrong at all. We all did the same thing even close to a decade earlier. She wrote:
Hi Roy,
Why did you leave your shift at 1:14 am (Tuesday 3rd March 2020)?
Your shift is meant to be until 1:30 am.
There was no prearranged time change request with management or request to leave 15 mins early in writing from you in our records.
I am concerned with this issue. Would you kindly clarify?
I responded again:
> Hi Roy,
>
> Thanks for your email.
>
> I raised these questions yesterday as I noticed that you said bye on
> your slack convo at 1:14 am (I have sent you a screen shot in previous
> email) that made me investigate further and I came across your handover
> times. Hence all these questions.
>
> We would request you to complete your full shift as prescribed and not
> leave early in future.
My handover times are not different from my colleagues’.
Can you explain further please?
Regards,
I responded yet again:
> Hi Roy,
>
> Why did you leave your shift at 1:14 am (Tuesday 3rd March 2020)?
> Your shift is meant to be until 1:30 am.
> There was no prearranged time change request with management or request
> to leave 15 mins early in writing from you in our records.
>
> I am concerned with this issue. Would you kindly clarify?
This is a very surprising message.
For the 9+ years I’ve been in the company we all (always) handed over at
1 to 1:30am, often leaving before 1:30. The above is not at all out of
the ordinary. For any of us…
Regards,
At this point, bearing in mind the previous year’s bullying by her, I kept a copy of the message as a reference (HR, hired by Sirius, advised me to keep copies of key correspondence due to perceived witch-hunts).
To quote the Office Manager on “GDPR” (message redacted a little):
Hi Roy,
When on the 3rd shift (17:30 – 01:30) your shift finishes at 01:30 not beforehand.
xxxx simply requested that you comply with your correct working hours as we could see on slack and your time tracker that you have not been working up until the end of your shift. This isn’t an unreasonable request and doesn’t need to be questioned, its quite simple, finish your shift on time.
I understand the handover being sent over between 01:00 – 01:30 as that allows the colleague next on shift the opportunity to read the handover and discuss anything with you.
On another note, if you can please keep these emails within the company – I can see you have responded/cc’d from your personal email. With GDPR being very important, I do not want any of our client/Sirius data being available on your personal email so its essential to keep work-related correspondence to work emails.
I hope this clears everything up for you.
Kind Regards,
xxxx
I also said:
>> Hi Roy,
>>
>> Thanks for your email.
>>
>> I raised these questions yesterday as I noticed that you said bye on
>> your slack convo at 1:14 am (I have sent you a screen shot in previous
>> email) that made me investigate further and I came across your handover
>> times. Hence all these questions.
>>
>> We would request you to complete your full shift as prescribed and not
>> leave early in future.
>
> My handover times are not different from my colleagues’.
>
> Can you explain further please?
I have received no reply for a day.
I am used to that.
This is not the first time I get unwarranted bollocking and it’s the
kind of thing that can drive away experienced and crucial colleagues
over time.
What I did wasn’t wrong; it doesn’t hurt to get an apology for trying to
shame me in front of the CEO for something I did which was not wrong.
Kind regards,
Of course she never bothered to apologise. She just vanished. Her sidekick had to audacity to say that slang like “bollocking” was rude, ignoring how rude the bullying was and instead focusing on style and choice of words (that British slang isn’t even rude, unlike “bullocks”). It should be noted that the bullying did not start and stop in 2019; it carried on well into 2020. The above example is one of several.
“Sirius has a culture of extreme secrecy, even for insiders.”In summary, what we deal with here is two people bullying staff. They’re not qualified for any management role, but they seem to enjoy the ‘thrill’ of pretending that they are. It would become a more persistent problem as new imposters would attempt to cover up the company’s gross understaffing, e.g. a person without knowledge and ill-equipped or unequipped on the beat, pretending to cover a NOC shift or offer a service (that’s the CEO).
The company was lying to clients.
Remember that this is a company where there’s no chance at progression except through nepotism (like family/kinship and sex). At the moment it’s very hard to know what happens in the company, but that’s hardly different from how it was before, as a cabal was working behind the scenes and behind our backs, scheming to do all sorts of illegal things while lying to us (about who left, who was becoming a client and so on)
Sirius has a culture of extreme secrecy, even for insiders. Someone needs to show the ‘dirty laundry’.
In closing, to quote Ryan again (as other than Microsoft’s OOXML crimes there’s the MPEG cartel ISO controversy): “The ISO is still impeding LAME because someday they’ll lose all of the people who understand the code and then someone will have to fix it up to continue working. I’d argue that you almost can’t have standards with ISO. You have to publish them without ISO into the public domain to truly call them standards. People should get these Public Domain documents and decide whether it’s a standard themselves or not, like ZIP or Opus. You’ll notice they didn’t go to the ISO with Opus. They went to the IETF. The IETF standard, you can read. You can read every draft copy too so you know how it changed along the way if you care to. The ISO won’t give you drafts of a standard even if you pay so there’s no seeing how the process evolved. The ISO is probably even nasty in ways that I can’t fathom. But the ones that I know of are bad enough. FhG was not happy about LAME, I can tell you that much. Not happy at all. Even though it made MP3 hugely popular. They don’t acknowledge it even once on their Web site, even their little “MP3 History” museum, which I don’t even think mentions music piracy either. So that’s kind of like “Wikipedia-izing the History of MP3″. We’ll just gloss over Napster and LAME. Wasn’t important. Not gonna go how the format would have failed completely. We marketed it brilliantly and it was a hit out of the ballpark based on secret documents and patents, and ISO. Secret documents, patents, and ISO are in the way of progress, constantly, and the secret documents and ISO can be cut out of the process a lot easier than reforming the patent system.”
How about “ISO” being leveraged to lie to staff? █
Permalink
Send this to a friend
Posted in Deception, ISO at 12:07 am by Dr. Roy Schestowitz
Video download link | md5sum 07a2f3b98615ee2d67a59e46c7ac4f8e
ISO as Meaningless Certificates Mill
Creative Commons Attribution-No Derivative Works 4.0
Summary: Sirius ‘Open Source’ has used “ISO” as a catch-all talking point since 2019 in spite of doing illegal, unethical and truly dubious things while failing really badly at security
IN OUR last post we started the first part of several parts about ISO, commencing a separate (sub)series of posts that may take about a week to finish.
“If ISO considers that to be “OK”, then that says a lot about ISO.”Sirius ‘Open Source’ disregards security advice, deems commentary that it lacks security staff to be “defamatory” (actually it’s perfectly factual), and moreover it is ignoring advice from technical people who do have a clue — all this while failing to do basic things like change passwords after a major breach.
If ISO considers that to be “OK”, then that says a lot about ISO. █
Permalink
Send this to a friend
01.22.23
Posted in Deception, Free/Libre Software, ISO at 9:13 pm by Dr. Roy Schestowitz
Summary: Sirius ‘Open Source’ has long misused "ISO" to do all sorts of dubious things, including cover-up and frustration of staff; the time has come to explain what happened and maybe eventually report the matter to ISO itself
THOSE who have followed this series carefully enough know that pretty much all the communication tools of Sirius ‘Open Source’ had been outsourced to proprietary vendors (voice, text etc.) without bothering to ask staff, which complained only after the fact. Too late. It’s a decree, not a proposal. Instead of self-hosting Asterisk and relying on Jabber (among other things) the company was sending its workflow to Google, Zoom, Slack (Salesforce) and even Skype (Microsoft) while publicly floating ISO logos.
Over the coming week or so we’ll show this ugly façade of a company that still uses the term “Open Source” — a thing that it is rejecting internally. It’s not about doing what clients require; this is about what the company chooses for itself, as it’s headed by managers who neither use nor support Open Source. It’s a façade.
“It’s not about doing what clients require; this is about what the company chooses for itself, as it’s headed by managers who neither use nor support Open Source.”The Office Manager will be a recurring theme here, as she was part of this façade. What is an Office Manager anyway when the company does not have an actual office? David Graeber’s thesis would classify it as a ‘bullshit job’ [1, 2], probably the “box tickers” kind. To quote Wikipedia, we deal here with “box tickers, who create the appearance that something useful is being done when it is not, e.g., survey administrators, in-house magazine journalists, corporate compliance officers, quality service managers…”
As noted here right from the start (a day after resignation), the company was hardly compliant with anything sensible, including security and ethics. Last year I was asked to study logs for some anti-abortion group (without telling me where those logs had come from). What next? Would I be getting assigned jobs like checking logs for Oath Keepers or Proud Boys, seeing that anti-abortion groups were starting paying for “services” last year? (Off the record)
Anyway, yesterday this good article mentioned LastPass, another company that the stubborn new management decided to hand over to not only our own passwords but clients’ too (even private keys!!!), insisting that according to LastPass the LastPass breach wasn’t a big deal. Sirius did not even bother resetting passwords after I had repeatedly urged for this to be done (and, as a possible bonus, to dump LastPass altogether). In yesterday’s article the author says: “I’d like to talk about some of my experiences with this topic, as well as recent events in the security community.”
“Before I describe my experience,” he says, “I need to set the stage. My LastPass fun took place around the same time as the infamous Bugcrowd incident with JSBN.”
Watch how LastPass handled things: “My first step in esclating was security.txt. No dice. There was no clear security officer or contact information that I could discern from my social network either, so I chose the path of last resort: I contacted their support team.”
“Hiring friends and relatives instead of qualified people leads to disaster.”So it’s more or less like Sirius. No wonder a client said the company was “incompetent”. The client said this to a highly incompetent ‘manager’ who was never supposed to be there in the first place: No clue about technology or about management, just some associate from a former organisation in which a Sirius ‘founder’ had spent a few years. Hiring friends and relatives instead of qualified people leads to disaster.
Very basic security practices were often disregarded and staff was ignored in spite of technical background. It was like talking to the wall.
At first we had Asterisk internally; then someone decided it would be better to use some outside firm as a supplier and pay the fees. That was still a lot better than a move to a defective “service” and then purchase “phones” that are a security threat, in the hope (likely false hope) that it would ‘fix’ the issue. We’ll come to that another day.
The management kept covering up for repeated failure/s, blaming the staff (victims) instead, never the decision-makers who introduced a faulty/defective alternative but are too vain to admit it, take the blame, and finally undo.
“The management kept covering up for repeated failure/s, blaming the staff (victims) instead, never the decision-makers who introduced a faulty/defective alternative but are too vain to admit it, take the blame, and finally undo.”The company’s obscene disregard for security would not end there. We’ve already covered cognition reports being stored on personal machines, then uploaded to AWS (not the client’s servers). There was no longer any security protocol in place; no file server for them or for us (GDPR would be screaming!), set aside the fact that the company is no longer “open source” and is basically lying about it. It’s more like bragging about ISO while gaslighting people who actually value security.
Not only did the company ignore the warnings from me, it didn’t even change passwords, alter providers, or self-host an actual “Open Source” alternative. It kept saying it would (or merely consider this), but those were lies. As we mentioned here before, this wasn’t a matter of practicality of cost-savings either; Sirius was getting huge bills for “clown computing” (idle almost all the time but the bills kept growing and growing). Any suggestion of self-hosting, i.e. like before, was dismissed as “hobbyist” by the CEO. So what is to be sold as a service by Sirius? Outsourcing? Well, the company’s latest incarnation in LinkedIn does say that.
Tomorrow we’ll show some examples of misuse of the company’s pretences (ISO, GDPR etc.) for cover-up, censorship etc.
In the meantime, however, consider this E-mail from July 2019 (when the company was setting up a shell in the US, covertly, when signing an NDA with the Gates Foundation):
xxxx wrote on 17/07/2019 17:20:
> Hello Roy,
>
> As you are aware we’re currently going through the process of
> implementing ISO 27001 (information security management system). It’s
> been brought to our attention that you using xxxxx Slack is
> unacceptable due to the security of password sharing amongst yourselves.
>
> During your meeting at the training workshop – I had asked for you to
> reconsider as this is a company requirement.
>
> Moving forward and with the advice from the ISO company this is now
> something which needs to be completed by the end of your shift this
> evening. Slack is an essential communication tool used by everyone
> within the company.
>
> Would you please confirm the receipt of this email and a reply to this
> request.
Hi,
Currently, all our sensitive communications end up on the server of a large corporation in another country, where this data can get sold. It included NHS stuff. This too is a problem as we need to be Open Source not only in name and I’ve been waiting for xxxxx to set up Matrix or similar for me to join. It has been months and I think it’s essential for our company to demonstrate it takes security seriously. I can set up an Open Source alternative myself if that helps.
Regards,
Of course I only received more threats for this, rather than be listened to. Of course “information security” and Slack are incompatible concepts. As we shall revisit shortly, let’s just say Slack suffered yet another data breach shortly thereafter, vindicating me. Did the management listen? Did it react? Of course not.
After some more threats I was compelled to give up, at least temporarily:
xxxx wrote:
> Hello Roy,
>
> As I have expressed in my previous email and in all communication that
> Slack is an essential communication tool used by everyone within the
> company at the moment. We all should be there.
>
> This is a direct management requirement and instruction and it needs to
> be implemented immediately.
I have just created the Slack account.
It would still be useful to know the timeline for moving to an Open Source alternatives. Slack has no business model other than spying at the moment, as media repeatedly points out.
Regards,
Regarding “I’ve been waiting for xxxxx to set up Matrix or similar for me to join,” I was receiving false promises from the CEO, naming two people who would set up a Free software alternative like Riot/Mattermost. One of them left the company (as I had previously warned the manager) and another never implemented the change. Sirius management was just lying all along.
“Now, after so many years, Sirius is another disgrace or a black eye to ISO.”We’ll revisit Slack another day and we shall deal with each of these blunders in turn. ISO is a joke if it grants certification to companies which behave in this way, set aside how superficial the requirements are. 15 years ago Microsoft bribed a lot of firms and organisations to rig ISO; and ISO, in turn, was OK with it. Now, after so many years, Sirius is another disgrace or a black eye to ISO. No wonder clients suffered security breaches. They weren’t even informed of how poorly Sirius had handled/managed security. █
Permalink
Send this to a friend
Posted in Deception, Free/Libre Software, ISO at 12:50 am by Dr. Roy Schestowitz
Summary: Sirius ‘Open Source’ and its bullying of staff piggybacked a bunch of nonsense about “GDPR” and “ISO” (where inapplicable); details will be shown soon
Permalink
Send this to a friend
04.24.21
Posted in GNU/Linux, ISO, OIN, OSI, Patents, Videos at 8:28 am by Dr. Roy Schestowitz
Summary: Before working at OSI, whose sole accomplishment so far is an attack on the FSF, she worked for IBM (et al) front group OIN and SFC, which is another attack group that raises money from Microsoft and then attacks the FSF
“WHY on Earth are you picking on Nicholson???”
One might actually say a foolish thing like this, conveniently ignoring the fact that — putting aside irrelevant gender aspects — Nicholson worked for SFC while SFC was attacking Richard Stallman, lobbying and pressing for his removal. At the same time she brought Microsoft money to the SFC for two years in a row, then moved to the flailing OSI, where only months later she and her colleagues started a campaign of defamation against Stallman and an extended campaign to undermine the FSF (using ‘guilt’ by association tactics).
“At the same time she brought Microsoft money to the SFC for two years in a row, then moved to the flailing OSI, where only months later she and her colleagues started a campaign of defamation against Stallman and an extended campaign to undermine the FSF (using ‘guilt’ by association tactics).”The hate letter’s perpetrators actually plotted to redefine Free software and make proprietary software seem "OK" only 1.5 months before they found an excuse to start a vicious attack, helped by media that’s funded by proprietary software giants.
Looking back, there’s a track record of bad deeds. Nicholson’s bosses at SFC — like herself — were given an award a month ago. Can’t they recognise the self-harm they’re doing? De Raadt, Miguel de Icaza, Garrett, Nicholson, Kuhn…
What on Earth is going on and who stands to benefit?
Prior to the stints at the SFC and OSI there was a stint at the Open Invention Network (OIN).
“They clearly do nothing to tackle software patents or patent trolls and they mostly protect monopolies, just like OSI ‘minionry’ does these days.”The totally useless OIN, which we’ve criticised for quite some time (the short story is, they seek to undermine true patent reform and distract from opponents of software patents, instead working to legitimise such patents), is no good. GNU developers we’ve spoken to are saying the same. Some GNU/Linux developers who are threatened by patent trolls also receive no help from OIN. We did a series about this last month.
In the following video, which is rather old by now, we have an almost open (or frank) admission that OIN is of no real use to software developers. It’s for monopolies that cross-licence.
To quote from the video: “You wouldn’t be able to sue IBM for it…”
They clearly do nothing to tackle software patents or patent trolls and they mostly protect monopolies, just like OSI ‘minionry’ does these days. The portion below (Fair Use) is 4:00-5:20 from the full video.
Video download link
Notice how the questions aren’t even being answered (or not properly anyway) until pressed further and further. Roblimo died years ago and I still feel deep sadness over it (I shed tears, too), as he was always nice to me and wanted to hear my side of the story, especially on things which truly mattered (he also put me in the radio 14 years ago when he worked for Slashdot and we debated OOXML). █
Permalink
Send this to a friend
08.16.18
Posted in America, ISO, Microsoft, Open XML, Patents at 7:22 am by Dr. Roy Schestowitz
Mr. Iancu and his colleagues do not appear to understand (or care) that they are rewarding Microsoft for epic corruption at ISO and elsewhere
Summary: The US patent office proposes charging/imposing on applicants that are not customers of Microsoft a penalty; there’s also an overtly and blatantly malicious move whose purpose is to discourage petitions against wrongly-granted (by the USPTO) patents
THE previous post spoke about how the Federal Circuit rejects software patents, as does the Patent Trial and Appeal Board (PTAB). An inter partes review (IPR) is almost guaranteed to thwart any software patent if it is applied to one (not a cheap process, but a lot more affordable than a court battle, which can only be initiated by patent holders).
“Iancu was a pick of the notoriously corrupt Trump, whose firm had previously worked for Trump. Coincidence?”It is no secret that Director Iancu wrote articles in support of software patents and software patents are not valid anymore, based on what the SCOTUS has decided. This means that the person whom Trump put in charge of the patent office in inherently is disagreement with patent courts. An untenable situation? Iancu was a pick of the notoriously corrupt Trump, whose firm had previously worked for Trump. Coincidence?
Either way, everything we have seen so far confirms our worst fears — that Iancu would work for the patent microcosm rather than for science and technology. The patent system was conceived to serve that latter group, not a bunch of lawyers, but things have changed since conception and nowadays the Office is adding yet more fees that make expensive lawyers a must to some. With prohibitive costs, too (maybe $200 per hour). Punishing poor companies, obviously.
Docket Navigator has been covering quite a few 35 U.S.C. § 285 cases/motions lately, with some being successful, i.e. when some troll or bully made bogus claims it was punished financially for it. Those are the courts doing so, not the Office. In Phigenix, Inc. v Genentech, Inc. (based on this latest Docket Report), the court ended up considering the argument regarding frivolous patent lawsuits. Will the court make it more expensive to the abuser? That remains to be seen. “Following summary judgment,” Docket Navigator wrote, “the court granted defendant’s motion to join plaintiff’s founder/inventor as a necessary party and pursue attorney fees against him under 35 U.S.C. § 285.”
Upcoming changes at the USPTO do not look promising however. For at least three reasons.
Firstly, the patent microcosm is being shielded from competition. “It is no secret to anyone in the industry; the unauthorized practice of law is rampant, and OED does nothing to stop it,” Gene Quinn (Watchtroll) said yesterday. Terms like “unauthorized practice of law” (used both in the body and headline of Watchtroll) imply that it’s illegal to represent oneself too. The patent and litigation ‘industries’ want a monopoly on this activity. A form of corruption surely? Consider Iancu’s professional background and how he might view this.
Secondly, this Trump appointee would have loved to abolish PTAB and destroy patent quality, but SCOTUS and CAFC are not allowing that to happen. He’ll still try though. He might even ignore Oil States and try to just price IPRs out of reach. Here’s what Kevin E. Noonan, a patent maximalist, wrote a couple of days ago
On August 8th, the U.S. Patent and Trademark Office issued revisions to its Patent Trial and Appeal Board (PTAB) Guide (see “Trial Practice Guide Update”), first promulgated in 2012 as part of the Office’s implementation of inter partes review (IPR), post-grant review (PGR), and covered business methods review (CBM) proceedings established under the Leahy-Smith America Invents Act (AIA). As discussed in an accompanying memorandum from USPTO Director Iancu, this update is part of the Office’s plan to issue updates periodically, on section-by-section, rolling basis; the Director anticipates further future updates “to take into account feedback received from stakeholders, changes in controlling precedent or applicable regulations, or the further refinement of the Board’s practices over time.”
In addition to being a resource for petitioners and patent owners, the Guide has as its purpose “to encourage consistency of procedures among panels of the Board,” akin to the role of the MPEP with examiners. As with the practice of having “expanded panels” to promote consistency in decisions, this function further limits the extent to which APJ’s activities are consistent with an independent adjudicatory arm of the USPTO.
It’s just a pretext for price hikes, as Michael Loney noted in a couple of articles. The first one spoke of changes to the process:
AIA Trial Practice Guide changes attracting the most attention are patent owners getting sur-replies and the opportunity to present a brief sur-rebuttal at the oral hearing, giving them the final word in PTAB proceedings
That should not take long, should it?
Thirdly, and finally, there is the most ridiculous thing of all. The USPTO will apparently punish people for using non-Microsoft binary (OOXML) format. How is this not corruption at USPTO? Microsoft used corruption to impose OOXML on the world, now USPTO punishes those who use standards! OOXML is not really a standard; it has binary blobs in it and Microsoft bribed officials and delegates for it. Here are the details:
The USPTO is seeking across-the-board fee increases, as well as a new fee surcharge for filing in a non-DOCX format and an annual active patent practitioner fee
So they are making it more expensive yet again (25%) in an effort to suppress IPRs. Battistelli used the same tricks as Iancu. He kept raising the costs of appeals (against bogus patents) in an effort to reduce patent quality and hide all this.
Iancu’s proposed fee hikes for PTAB IPRs obviously harm small businesses the most. Who benefits? Microsoft. Who else benefits? Lawyers. But that pretty much sums up what this leadership became, even in direct defiance of US courts as high as the Supreme Court. We hope that these proposals will be imminently challenged. █
Permalink
Send this to a friend
03.25.12
Posted in ISO, Patents, Standard at 5:33 am by Dr. Roy Schestowitz
Summary: Criticism of ISO and a few bits of news about Free software projects and their response to MPEG-LA
THE PR wires teach us that the corrupt ISO is still up to no good, this time floating the MPEG cartel, as usual. Mark Ballard, a fantastic British journalist, shows us just how incompetent — if not corrupt — ISO really is:
The International Standards Organisation has admitted it doesn’t know what an open standard is, despite trying to have the UK’s open standards policy quashed.
The situation has left ISO and its franchise partners, such as the UK’s British Standards Institution, looking a lot less authoritative. While open standards are being branded onto statutes around Europe, and after more than half a decade of controversies so great it caused street protests against ISO’s treatment of the open standards issue, the legal authority on standards now refuses even to acknowledge its existence.
Yet ISO and its partners had so successfully lobbied against the UK open standards policy last year that the Cabinet Office withdrew it. And its lobbying, like that of all those who opposed the policy, concerned one specific question: what is an open standard.
ISO and its partners said the UK had got the answer wrong. So what then should it be? That’s what Computer Weekly has been pressing ISO to say since January.
“ISO does not have a definition of ‘open standard’,” is what ISO said finally this week.
It sounded incredible. But it exposed how frail ISO’s position had become.
If the ISO does not get its act together, it deserves to become obsolete. Fedora, for example, still ignores the MPEG maze that ISO is endorsing. Mozilla, much to our regret, says that “mobile matters most” when it excuses itself for selling out, leading to defeatism among those who underestimate the importance of this issue.
Mozilla’s choice was covered here before and the importance of the matter is explained in this new article from Free Software Magazine:
Whether we like it or not, H.264 is “the” de-facto standard on the Internet. Every time you visit Youtube, you are watching a video encoded using the H.264 standard. The video quality is great, the compression is astonishing. And so is the price. H.264 is subject to a huge number of software patents. You need to pay hefty licensing fees if you want to create H.264 files today. We, the users, are not feeling this as we are not paying a cent. However, the freedomes allowed by this format are limited, and vague at best: here is why. (Note: this piece originally had a different title, “The bomb called H.264 is set to explode in 2015. Are you watching?”. However, I have been pointed out that the terms have indeed been extended. The problem, however, is still there)
We wrote several articles about it last year. MPEG is still very nasty poison, and it should be avoided vigorously. █
Permalink
Send this to a friend
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »
Content is available under CC-BY-SA