01.25.23

The ISO Delusion: When the Employer Doesn’t Understand the Company’s Value Proposition (Building Systems) and Rejects Security

Posted in Deception, Free/Libre Software, ISO, Servers at 9:39 pm by Dr. Roy Schestowitz

Probably the final week of this series

Sirius Open Source watersideSummary: Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything

THIS is the part of this series where we focus on examples of Sirius failing on technical merits and compliance/conformance. Eventually we decided to show redacted E-mails on ISO along with my copied messages to management regarding bollocking and how it all started, me asking for an apology etc. Being accredited or recognised isn’t the same as being capable and potent. As I mentioned in the very first post in this series, when I joined the company it was different beyond recognition. The company had its own hosting (in its own premises). In 2022 we were suffering habitual outages as we don’t control our systems anymore (Slack, AWS downtimes were common; in prior years clients that relied on Clownflare also suffered outages due to Clownflare rather than their own hosting). To make matters worse, there were security breaches and the company ignored them. I kept bringing that to management’s attention, only to be ignored or rebuffed. Remember this hoax of Citation/Atlas was covered in Techrights years ago. Sirius does not teach its staff real security and does not hire people who understand or value security.

“Sirius does not teach its staff real security and does not hire people who understand or value security.”The company had a bizarre trajectory of moving from self-hosted (e.g. Asterisk), then outsourced (but still Free software, ‘managed’ Asterisk), then outsourced proprietary spyware like Google Voice. If “Open Source has won” and if Free software is becoming more widely used, then why is Sirius going in the exact opposite direction of what it was advocating? This is a management decision. It’s not the fault of technical staff — the staff which all along opposed this.

Notice the practice of password outsourcing. Here’s a direct quote sent in a request to me personally: “Put the WordPress credentials (admin user, etc) in a lastpass note and share it with xxxxx (securely, within lastpass) and we’ll be setting up a very temporary and basic portal to share info across the team, to help keep everyone better updated given how Absolutely Mentally Busy it is right now. It’s entirely for internal use when on the VPN.”

“It’s not the fault of technical staff — the staff which all along opposed this.”It’s another example of mishandling access credentials inside third parties (Slack, LastPass etc.), oftentimes not just rejecting “Open Source” but actively ripping apart Open Source things that work, replacing them with technically inferior and likely illegal (in some cases, due to data protection) proprietary stuff.

The management did even worse than this; it failed to do very basic things, such as sending payslips and sometimes paying the pension provider. Instead they made colourful excuses, so I decided to take photographs of letters from the pension provider, recalling those blunders and deciding that it’s worth discussing belatedly (and maybe add E-mails also; there were loads of E-mails about payslips, not just pensions, spanning different years from 2018 until the present day; there were phonecalls too, but those aren’t recorded).

The management was also bad at communication and correspondence. See the example below (2019):

Subject: Re: I need these tickets dealt with by support
Date: Thu, 3 Oct 2019 11:15:56 +0100
From: Rianne Schestowitz xxxxxxx
To: xxxxxxx
CC: xxxxxxx

Hi xxxxxxx,

I responded to this email last weekend. Please check your inbox. If you
haven’t received it, I can send it again.

Many thanks,

Rianne


Rianne Schestowitz, NOC Extension 2834423
Sirius – stress free technology

http://www.siriusopensource.com

t: xxxxxxx

> Hi,
>
> I need these tickets dealt with by support.
>
> 1. Ticket#108642: Roy or xxxxxxx need to answer about security.
> 2. Ticket#108813: Replied with more questions. Can’t reproduce the
> error so far. Back with Support, awaiting feedback.
> 3. (Multiple) Tickets relating to masking – Code fix done, Release done
> and in live. Check with each client once data reimported. Support
> team can do this. xxxxxxx have already confirmed it works.
>
> 1. Ticket#108833: Already fixed, just needs a fresh xxxxxxx import.
> 2. Ticket#108769: The masking fix is done, we just need to schedule a
> reload.
>
>
>
> xxxxxxx xxxxxxx
> Sirius – stress free technology
> http://www.siriusopensource.com
> Tel: xxxxxxx

This was the year bullying against staff started, not too long after Gates Foundation money had landed under an NDA and something called Sirius Open Source Inc. was quietly formed in the state of Washington (where Microsoft and Gates are).

“Inaction and retaliation led to what became of it, spilling the beans out in public.”We spent nearly a month explaining what I had already written internally before resigning; we remembered to publish the entire PDF at the end (crossposted in my personal site too) as it is important to emphasise that I raised most of these concerns for years inside the company. Inaction and retaliation led to what became of it, spilling the beans out in public. I never did anything even remotely like this with any of my past employers.

01.18.23

Microsoft Azure is So Amazingly Successful That Every Year Since 2020 It Has Layoffs (Even This Year)

Posted in Deception, Finance, Microsoft, Servers at 1:55 am by Dr. Roy Schestowitz

To quote this new article: “Among the new cuts will be teams within a group led by executive Omar Abbosh that help Microsoft’s sales teams pitch customers on Azure cloud services, this person said. Teams that don’t generate revenue or whose roles don’t carry specific sales quotas are especially vulnerable, the person said.”

Microsoft Prepares to Lay Off Thousands of Employees, Including in Azure-Related Units
So the government bailouts [1, 2] were not enough

Summary: The layoffs at Microsoft impact Azure; and why is this so important? Because Microsoft keeps lying to shareholders about “clown computing” success, hailing Azure as the “future” of the company (without supportive figures, just more re-branding for further re-classification, i.e. cannibalisation)

01.11.23

[Meme] Freedom is ‘Hobbyist’ Anyway

Posted in GNU/Linux, Humour, Servers at 2:50 am by Dr. Roy Schestowitz

We've moved from our very own self-hosted, Free software-based infra to 'serverless' 'seamless' 'agile' convergent proprietary silos in clown computing; We call that progress

Summary: Sirius ‘Open Source’ has a severe "appeal to novelty" problem (sometimes a symptom of insecurity or irrational thinking)

Sirius ‘Open Source’: Let’s Waste 50,000+ British Pounds on Amazon ‘Clown’ Bills Even Though We Already Have Our Very Own Servers and Racks

Posted in Finance, Free/Libre Software, GNU/Linux, Servers at 1:53 am by Dr. Roy Schestowitz

Video download link | md5sum b7092ce567dc2abaaf29741f7fd87ae2
Sirius Stuck in Clown Computing
Creative Commons Attribution-No Derivative Works 4.0

Summary: Sirius does not know what it’s doing. How can Sirius advise clients on hosting when it cannot even do its own hosting right? Colleagues tried to push “AWS” to clients, but I kept standing in the way, saying it would cost a fortune and erode security/privacy (over time I was vindicated as bills constantly soared)

THE VIDEO above is relatively long but it could be far longer. I have a lot of things to say about the shortcomings with clown computing, based on firsthand experience for over a decade. The short story is, avoid clown computing any time it’s possible to shun clown computing. The clown computing pushers (marketing) are untrustworthy; they “appeal to authority” and they’ve long targeted gullible non-technical managers.

“This entrapment is exploited by raising prices ad infinitum — to the point where it becomes so unbearable that the providers lose more clients than they gain in additional surpluses (price hikes).”Disregard their misleading vocabulary (like "serverless"). Call it “clown computing” and don’t say “on-prem”; they’ve utilised this for upselling, exploiting a new buzzword for what was done, correctly, for decades already! A lot of that isn’t even “self-hosted” (another relatively new term); it’s like getting a subdomain in GitHub(.com), which is proprietary and controlled by just one company. There’s that same subdomain mentality of Slack, as it gives false impression (illusion) of control, like “guilds” for chat. All that centralisation is corrosive and very risky. It’s also expensive in the long run (I give the example of FeedBurner, which almost literally burned its own users). When the hosting is controlled by one company the user is at the mercy of this one company; moving from one company to another is often impossible or very expensive. This entrapment is exploited by raising prices ad infinitum — to the point where it becomes so unbearable that the providers lose more clients than they gain in additional surpluses (price hikes). In the case of GitHub, the hosting is controlled by one company; the platform and code are also controlled by that same company (Microsoft).

People need to talk about these issues in abstract and topological terms, only to be challenged by weak-minded folks who speak in buzzwords and brands (like “AWS” and “Amazon”). I’ve sadly found myself unable to communicate these issues with people who act like salesmen rather than software engineers.

“Moving from one’s own servers to Amazon (et al) is as technically sanitary as giving up on toilets at home, choosing to use public toilets instead (“as a service”).”Putting aside financial aspects, AWS has technical issues and occasional downtimes, as noted in passing above (in the video). Lots and lots of examples of that could be given and presented in full. Moving from one’s own servers to Amazon (et al) is as technically sanitary as giving up on toilets at home, choosing to use public toilets instead (“as a service”).

All in all, the video above tells some stories “from the trenches” that we don’t plan to write about (they’re not that scandalous anyway). It does not merely repeat what was covered in the article earlier on.

[Meme] The AWS Bill is Here

Posted in Finance, Servers at 12:00 am by Dr. Roy Schestowitz

When important decisions are left to Mr. Kink

100 pounds? for a server that serves 100 pages a month? At least we're a 'modern' company that moves to 'the clown'

Summary: When the corporate media insists that companies now need “clown hosting” no wonder managers who are as untrained and inexperienced (in tech) as circus clowns make self-harming choices

01.10.23

When the Employer Doesn’t Understand or Grossly Underestimates AWS Capacity Issues (and a Story of Lost E-mail in Clown Computing)

Posted in Free/Libre Software, Servers at 9:41 pm by Dr. Roy Schestowitz

Summary: The Sirius ‘Open Source’ management was dumb enough to replace the in-house infrastructure with overpriced (and outsourced) junk that did not even work as expected

THE report we deposited over a month ago already covered the fiasco of outsourcing (gradual) where I had worked for nearly 12 years. We don’t want to repeat what was already covered. I discussed this in person with the main individual responsible for the awful decision. He said they envisioned it would save money, but based on bills that I saw it was beyond insane to suggest so! Why would any sane company throw about 10,000 pounds down the drain every year? A modest second-hand server can be purchased for just 1,000 pounds and we didn’t need to buy any. We already had servers!!! We had an ISP, too.

“Who’s going to be held accountable?”When the company’s “cloud” (or “clown”) bills keep blowing upwards (upward to almost a thousand pounds a month), for something that started very small (the vendor lock-in relies on this sort of illusion, before exit barriers are raised), you have to wonder about the judgment of short-sighted decision-makers like Mr Kink. Who’s going to be held accountable? Or when?

As a reminder, AWS operated at a loss for years and Azure still seems to be operating at a loss (they just call everything “Azure” now). They are enticing people to enter the trap. Microsoft loses money and so does Google. Billions in losses! I brought this up over the phone, speaking to the CEO for about an hour almost a year ago! But they don’t want to listen!

“As a reminder, AWS operated at a loss for years and Azure still seems to be operating at a loss (they just call everything “Azure” now).”As a reminder, Microsoft is laying off staff, cancelling and shutting down datacentres, as they overprovisioned for something that never came (or resulted in massive losses). Microsoft basically misleads shareholders by rebranding many things “cloud” and/or “Azure”, so even if it’s not growing Microsoft can claim otherwise. There’s no proper definition of “cloud” or “Azure”.

On the phone about a year ago I suggested small self-hosted machines (the CEO called this “hobbyist”). It’s worth reminding ourselves that we lost staff that looked after our servers. That too was the fault of the management, for reasons we explained before.

It would be so much cheaper and safer to run our own infrastructure, as we already did for decades. And yes, we covered this in the report and earlier in this series. This is a no-brainer.

To give one example of what moving to AWS caused Sirius: OTRS, a ticketing system, needed us throwing more and more resources at it (partly because of bad design, partly due to workers sending megabytes of text in E-mails, as they top-post — the “Microsoft Way” basically — and don’t bother trimming/snipping what they respond to). Each time you add resources the bills go up by a lot! That’s the “magic” of “the clown”! It’s getting very expensive very fast!

“To give one example of what moving to AWS caused Sirius: OTRS, a ticketing system, needed us throwing more and more resources at it…”Remember that we used to self-host all the E-mail of the company; now the company uses phony encryption as a tenant on someone else’s servers (Amazon). I challenged my colleagues about this. I argued with management. They could not even defend their decision. They saw no need to defend what they had done! We’ve had arguments over this internally in 2022. Of course it was risky for me to bring this up, but at this stage it was the moral thing to do, even a moral obligation. At Sirius, colleagues felt like their efforts and contributions were ignored/discarded by the cabal (family), so they quit caring. This is how nepotism dooms companies. Some colleagues left, some remained but without much desire to go beyond the basics. And this aspect too we’ve covered here before.

Regarding E-mail hosting in “the clown”, here’s a 2020 story. To quote an Evening Shift handover: “Spent most of my evening tracking down missing emails. I was rather perturbed by xxxxx’s handover email disappearing and I’m guessing that because the server was underpowered it started to behave strangely and misclassified legitimate emails as viruses and deleted them. Fortunately each email is given an unique id by the system which is useful for searching the logs. Managed to get a list of deleted ones and sent it to xxxxx, xxxxx, and xxxxx suggesting that they identify their clients or ones they recognise and email them with the time + 1 hour asking to resend. I found one from xxxxx and emailed and xxxxx kindly sent his email again.”

Wonderful! What a mess.

“Ironically,” Ryan Farmer notes today, “”Cloud Hosting” only makes sense if your needs are so small that it’s hardly worth setting anything up yourself.”

In some cases useful virtual machines were turned off to “save money”. Even if they took little space and CPU. If self-hosted, they would cost almost nothing to leave on.

“Clown computing: it’s here today, but gone tomorrow. You’re not part of the decision!”Clown computing is a trap. To quote one new (days-old) cautionary tale (already in Daily Links): “Turns out that Revue is getting shut down. This means that I won’t be able to use it anymore (and I stopped using it because it wasn’t getting much traction vs the amount of work I put into it).”

So maybe outsourcing isn’t such a wise long-term strategy after all.

At one point by far our biggest client relied on VMware for clown hosting; of course VMware shut the whole thing down and in a hurry we needed to get all the servers out of there. Clown computing: it’s here today, but gone tomorrow. You’re not part of the decision! It does not matter if you have critical services on there and they give you a very short notice (to vacate).

01.09.23

[Meme] Database Down? Check Your Wallet.

Posted in Deception, Finance, Servers at 9:41 pm by Dr. Roy Schestowitz

A reboot always works, time to reboot my wallet

Summary: Sirius ‘Open Source’ is letting down (metaphorically in several senses of the word) its most loyal clients

When the Employer Doesn’t Pay the Bills, So Customers Suffer Outages/Downtimes, Repeatedly Even

Posted in Deception, Finance, Free/Libre Software, Servers at 9:35 pm by Dr. Roy Schestowitz

One client even said it bluntly to our manager, accusing the company of “incompetence” (the examples below are only the managers’ fault)

sirius-competence

Summary: Dishonesty and non-technical problems became a norm under the new Sirius ‘Open Source’ CEO (or under his watch); today we give one client’s story as an example or a case study, where Sirius management is failing to pay upstream providers, resulting in catastrophes

THE “finaliser” of the company may not be the only misguided manager (or saboteur). He turned out to be the barrier and the burier [sic] of the company.

Today we give as an example two separate incidents impacting twice the same client, one year apart. Cause of outage? Not faulty hardware. Not faulty software, either. It was unpaid bills. Who failed to pay? Sirius. The client trusted Sirius to take care of it. Big mistake.

“Sirius failed to pay providers in two countries. The first such incident apparently didn’t serve as sufficient warning.”Without naming the client or the nature of the client’s work, let’s just say that it is a critical client, a longtime client (longest), which relies on real-time access to data and cannot afford downtimes (not long downtimes anyway; as alluded/hinted in this meme last month, the effects would potentially be devastating).

Sirius failed to pay providers in two countries. The first such incident apparently didn’t serve as sufficient warning. No lessons learned. Or maybe no money left in the bank. Remember that it also looks like Sirius could barely pay its own staff; it’s like they failed to pay our pension on several occasions/years; thankfully the pension provider started sending us more and more letters to warn us; it was waiting to report the company, maybe even impose penalties/fines as a result.

Making fun of companies or persons who cannot pay bills is no source for amusement/mockery, but if one company fails to pay another the latter may fail to pay its bills or even its staff. So that’s not fair. We’re not talking about food bills here; it’s stuff like hosting. They kept warning, repeatedly, before taking action (e.g. an E-mail saying payment was “overdue” and lots of warnings before that, for several months in fact).

“It’s absurd that pointing out such embarrassing realities would be deemed ‘defaming’ a company (with facts).”Was the client properly informed about what had happened or were those incidents brushed under the carpet, swept under some rug somewhere? This is the sort of stuff that made me unhappy about the company. The latter incident happened just months ago. I decided not to contact the client and instead hope the company would confess. That never happened though. A host wasn’t being paid for a very long time and then it issued warnings which escalated in severity. The client might also want to ask this host and see if there are overdue invoices right now (in 2023). Months ago the client had a very major outage after Sirius had racked up thousands of pounds in unpaid hosting bills (while trying to sell the client AWS ‘clown computing’, which would be vastly more expensive and I internally opposed efforts to move to it).

It’s absurd that pointing out such embarrassing realities would be deemed ‘defaming’ a company (with facts). The liars love to claim that everyone who says the truth is engaged in “defamatory” behaviour, as if defamation and truth became synonyms. The egoistic boss fails to understand that a company is not a person and facts are not defamation.

When an incident happened in 2021 the handover said: “Logged onto their portal and server is suspended due to unpaid invoice. Raised it with everyone on Slack, and xxxxx told me to tell xxxxx that we’re raising an important ticket with them. xxxxx paid the invoice and they lifted the suspension.”

The Slack messages at the time:

xxxxx: Does anyone know if xxxxx has been paid yet as xxxxx says he can’t get onto xxxxx
xxxxx: xxxxx is asking for an update. Can we pay xxxxx tonight or will we have to wait until tomorrow?
xxxxx: They have a fairly old-school process for accepting payment if I recall. It took a number of days to clear payment last time.
xxxxx: xxxxx and/or xxxxx put the payment through last time to a specific bank account.

“It took a number of days to clear payment last time,” it says. Not the first time. Lessons not learned.

“Three months ago another rather similar incident happened, but this time in another country and another hosting provider.”This is similar to the excuses we got when our pension wasn’t paid (on two separate years), even several months after the days in question. They blame the payment processor instead of those who failed (e.g. forgot) to make the payment!

Three months ago another rather similar incident happened, but this time in another country and another hosting provider. There was no mention of what had happened after the Big Boss was shuffling lots of credit cards, struggling to make a payment to the provider. To quote: “xxxxx and xxxxx emailed to say that xxxxx was down but we didn’t get any alerts so looked into it. Then one of their customers emailed to say they couldn’t login. xxxxx asked me to restart UIs which I did and the problem was resolved. xxxxx sent some questions to ask xxxxx who said he will look into it and get back to them tomorrow. I checked the db connections and there seems to be 380 open out of a possible 1000, but I’m sure xxxxx will be able to verify this too.”

Nothing was said about the failure to pay the bills. Are we meant to think nothing actually happened? Are we meant to lie to clients about this, wasting their time as they try hard to figure our the root cause?

Don’t work for chronic liars. If your employer starts lying a lot, consider your options.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts