01.09.23
Posted in Deception, Finance, Free/Libre Software, Servers at 9:35 pm by Dr. Roy Schestowitz
One client even said it bluntly to our manager, accusing the company of “incompetence” (the examples below are only the managers’ fault)
Summary: Dishonesty and non-technical problems became a norm under the new Sirius ‘Open Source’ CEO (or under his watch); today we give one client’s story as an example or a case study, where Sirius management is failing to pay upstream providers, resulting in catastrophes
THE “finaliser” of the company may not be the only misguided manager (or saboteur). He turned out to be the barrier and the burier [sic] of the company.
Today we give as an example two separate incidents impacting twice the same client, one year apart. Cause of outage? Not faulty hardware. Not faulty software, either. It was unpaid bills. Who failed to pay? Sirius. The client trusted Sirius to take care of it. Big mistake.
“Sirius failed to pay providers in two countries. The first such incident apparently didn’t serve as sufficient warning.”Without naming the client or the nature of the client’s work, let’s just say that it is a critical client, a longtime client (longest), which relies on real-time access to data and cannot afford downtimes (not long downtimes anyway; as alluded/hinted in this meme last month, the effects would potentially be devastating).
Sirius failed to pay providers in two countries. The first such incident apparently didn’t serve as sufficient warning. No lessons learned. Or maybe no money left in the bank. Remember that it also looks like Sirius could barely pay its own staff; it’s like they failed to pay our pension on several occasions/years; thankfully the pension provider started sending us more and more letters to warn us; it was waiting to report the company, maybe even impose penalties/fines as a result.
Making fun of companies or persons who cannot pay bills is no source for amusement/mockery, but if one company fails to pay another the latter may fail to pay its bills or even its staff. So that’s not fair. We’re not talking about food bills here; it’s stuff like hosting. They kept warning, repeatedly, before taking action (e.g. an E-mail saying payment was “overdue” and lots of warnings before that, for several months in fact).
“It’s absurd that pointing out such embarrassing realities would be deemed ‘defaming’ a company (with facts).”Was the client properly informed about what had happened or were those incidents brushed under the carpet, swept under some rug somewhere? This is the sort of stuff that made me unhappy about the company. The latter incident happened just months ago. I decided not to contact the client and instead hope the company would confess. That never happened though. A host wasn’t being paid for a very long time and then it issued warnings which escalated in severity. The client might also want to ask this host and see if there are overdue invoices right now (in 2023). Months ago the client had a very major outage after Sirius had racked up thousands of pounds in unpaid hosting bills (while trying to sell the client AWS ‘clown computing’, which would be vastly more expensive and I internally opposed efforts to move to it).
It’s absurd that pointing out such embarrassing realities would be deemed ‘defaming’ a company (with facts). The liars love to claim that everyone who says the truth is engaged in “defamatory” behaviour, as if defamation and truth became synonyms. The egoistic boss fails to understand that a company is not a person and facts are not defamation.
When an incident happened in 2021 the handover said: “Logged onto their portal and server is suspended due to unpaid invoice. Raised it with everyone on Slack, and xxxxx told me to tell xxxxx that we’re raising an important ticket with them. xxxxx paid the invoice and they lifted the suspension.”
The Slack messages at the time:
xxxxx: Does anyone know if xxxxx has been paid yet as xxxxx says he can’t get onto xxxxx
xxxxx: xxxxx is asking for an update. Can we pay xxxxx tonight or will we have to wait until tomorrow?
xxxxx: They have a fairly old-school process for accepting payment if I recall. It took a number of days to clear payment last time.
xxxxx: xxxxx and/or xxxxx put the payment through last time to a specific bank account.
“It took a number of days to clear payment last time,” it says. Not the first time. Lessons not learned.
“Three months ago another rather similar incident happened, but this time in another country and another hosting provider.”This is similar to the excuses we got when our pension wasn’t paid (on two separate years), even several months after the days in question. They blame the payment processor instead of those who failed (e.g. forgot) to make the payment!
Three months ago another rather similar incident happened, but this time in another country and another hosting provider. There was no mention of what had happened after the Big Boss was shuffling lots of credit cards, struggling to make a payment to the provider. To quote: “xxxxx and xxxxx emailed to say that xxxxx was down but we didn’t get any alerts so looked into it. Then one of their customers emailed to say they couldn’t login. xxxxx asked me to restart UIs which I did and the problem was resolved. xxxxx sent some questions to ask xxxxx who said he will look into it and get back to them tomorrow. I checked the db connections and there seems to be 380 open out of a possible 1000, but I’m sure xxxxx will be able to verify this too.”
Nothing was said about the failure to pay the bills. Are we meant to think nothing actually happened? Are we meant to lie to clients about this, wasting their time as they try hard to figure our the root cause?
Don’t work for chronic liars. If your employer starts lying a lot, consider your options. █
Permalink
Send this to a friend
01.04.23
Posted in Servers at 5:33 am by Dr. Roy Schestowitz
Twitter is doing just fine!
Summary: In spite of posting more tweets, all the statistics are down, perhaps a symptom of many people leaving Twitter in the wake of last month’s big Twitter scandals (Tux Machines is followed by the sorts of people who are likely to have moved to Mastodon)
Permalink
Send this to a friend
Posted in Deception, Free/Libre Software, FUD, GNU/Linux, Security, Servers at 12:58 am by Dr. Roy Schestowitz
Video download link | md5sum 2ede1a9afe7defc76accf536638cbcc9
Lousy Journalism About Linux
Creative Commons Attribution-No Derivative Works 4.0
Summary: Mainstream media or corporate 'tech' media is presenting a real issue — an issue of unmaintained or unpatched WordPress plugins — as an issue to do with “Linux” and even the term "backdoor" is misused (“Linux” is mentioned a lot in the context of villainy to scare away potential adopters)
THIS week is the week many journalists (what’s left of that trade anyway) come back from holiday. Will they resume or commence some of the typical FUD against Linux? Well, it happens so much, and so often. So why not start the year with another round of Linux bashing?
This is a common theme with certain 'novel' variations. Usually we lack time to properly respond to it, except in editorial comments in Daily Links, but today we’ve decided to respond to the latest round of FUD while it’s still young. Many more journalists are returning to work today or tomorrow. Will they join the FUD party?
Here is a collection of 4 articles from Daily Links, all covering the same “news”. Bear in mind this is just the latest example. The following coverage, as discussed in the video above, gives readers the impression that:
- This is a Linux issue
- Linux exploits WordPress
- WordPress itself is under attack
- The problem is in WordPress itself (not plugins)
Why can’t a single journalist get the story right/straight? So far every coverage of this was preceded by misleading headlines and summaries, citing a Russian firm that’s trying to advertise itself.
Maybe contact the journalists of the above pieces and explain to them what they got wrong. Maybe they’ll correct the article. If not, maybe they’ll do a better job next time. Maybe they’ll even exercise due cation and fact-check what they’re typing. █
Permalink
Send this to a friend
12.31.22
Posted in Free/Libre Software, GNU/Linux, Google, Microsoft, Servers at 12:02 am by Guest Editorial Team
Guest post by Dr. Andy Farnell
Previously in this mini-series:
- GAFAM Against Higher Education: University Centralised IT Has Failed. What Now?
- GAFAM Against Higher Education: Toxic Tech
- GAFAM Against Higher Education: Fixing the Broken Academy
- YOU ARE HERE ☞ Digital Crash Diet
Summary: “Digital literacy and self-sufficiency for academics and students should become a priority objective again,” Dr. Farnell explains
So I say, with great sadness but great urgency, the people responsible for this mess should all be fired. Their services should be disbanded. Networks should be pared back to the barest transparent physical infrastructure possible on which fully open zero-trust overlays can operate. Academia needs a crash diet.
“ICT must become the digital equivalent of the library or bookstore.”But that does not mean reducing the role of people. If anything we need to hire more, and better personnel as the toxic tech is turfed out. Most of the students are already at a higher level of technical understanding, and so obtaining ICT resources should be treated like buying textbooks from the university bookstore. ICT must become the digital equivalent of the library or bookstore.
Digital literacy and self-sufficiency for academics and students should become a priority objective again. Budgets can be devolved accordingly, and foundational courses taught to students who need a top-up on digital self-care.
Only then will we be able to see what is ready to be repatriated, brought back on-prem, and hire worthy specialists to provide those services internally. For example, a university data store that looks essentially like Dropbox and using micro-payments to manage quotas. Or a university email provider, properly separated from other concerns and carrying a minimal burden of “policies”. These could be run by recent graduates or, as I did at UCL in the 1980′s by good students needing a part-time job.
“Only then will we be able to see what is ready to be repatriated, brought back on-prem, and hire worthy specialists to provide those services internally.”Building carefully subsidised internal markets for healthy home-grown tech is a possible way to extricate from the jaws of Big-Tech and to build local competence again.
There are very few places that this could work, but the university is one. Because even if universities are now corporate entities on the financial level they cannot possibly function as corporate entities on the technical operational level and preserve their objectives. The almost total failure of supportive digital technologies within academia now stands as ample proof of that. █
Permalink
Send this to a friend
12.28.22
Posted in Free/Libre Software, GNU/Linux, Google, Microsoft, Servers at 12:03 am by Guest Editorial Team
Guest post by Dr. Andy Farnell
In this mini-series:
- YOU ARE HERE ☞ GAFAM Against Higher Education: University Centralised IT Has Failed. What Now?
- GAFAM Against Higher Education: Toxic Tech
- GAFAM Against Higher Education: Fixing the Broken Academy
- GAFAM Against Higher Education: Digital Crash Diet
Summary: Today we commence a 4-part series about what has happened to British universities (probably not only universities and not just in Britain either), based on an insider, a visiting professor at several European Universities
An article I wrote for the Times HE on “Eliminating harmful digital technologies in education” generated some attention and comments. I’ve been asked “What can we do?” That is to say, I failed to properly address the implied call to arms and merely enumerated the technological problems in education. Smart people want to hear about solutions, not problems.
First I wanted to move the conversation beyond the self-evident and visible, like invasive CCTV cameras, card access systems (and soon phone tracking, fingerprint and face scanners) that give our places of learning all the warmth of a Category-A high-security facility for child sex offenders.
“Smart people want to hear about solutions, not problems.”This isn’t necessary. Visiting London I sometimes wander into the Gower Street quad to enjoy a coffee with my Alma Mater. In University College London, it’s possible and pleasant to wander the halls to reminisce. There are not too many cameras to spoil the architecture and security is still handled by the famous maroon jacketed Beadles. UCL seems to blend seamlessly into the leafy squares of Bloomsbury accommodating many buildings with open doors and welcoming receptionists. By contrast, other universities have degenerated into carceral gulags, accessible only by appointment, through turnstiles and scanners and patrolled by black-clad goonies.
Certainly we must keep reminding the world that a digital dystopia is inappropriate in the context of teaching and learning. Offensive technology must not be allowed to fade into the background, to become normalised, quiescent and acceptable.
But these are only the visible manifestations of a deeper malaise. Drifting from a public good into the waters of brutal corporate values, the academy – lured by the siren song of a security industry – has marked its own students as pirates and brigands.
One backwater university began blocking students from forwarding mail from their institutional Microsoft accounts to their personal inboxes, on the grounds that they might “exfiltrate teaching materials”. In a world where MIT and Stanford put their best courses online for free it beggars belief what goes through the minds of ICT staff so cloistered and divorced from core functions.
“Drifting from a public good into the waters of brutal corporate values, the academy – lured by the siren song of a security industry – has marked its own students as pirates and brigands.”Of course, in the name of fairness the same implied criminality and untrustworthiness is extended to staff. Anyone trying to run labs or prepare teaching materials for microelectronics, IoT, web technology, or cybersecurity, must face stiff resistance to any non-Microsoft activity that cannot be brought under boot of centralised surveillance.
I wonder, other than digital rights researchers like myself; who else is watching this death spiral in the academy? College unions like the UCU and NUS (student union) seem to have little or no awareness of the digital rights abuses perpetrated against staff and students in our universities under the banners of “security” and “efficiency”.
“It serves everyone but the key stakeholders in education; lecturers and students.”Offensive technology serves the chancellors, trustees, landlords, governments, industries, advertisers, sponsors, technology corporations, suppliers and publishers. It serves administrators who believe technology will deliver fast, efficient, uniform, accountable, secure, and most of all cheap education. It serves everyone but the key stakeholders in education; lecturers and students. The cost of draconian over-monitoring is that it corrodes our ability to teach and learn as fully human beings.
But again, monitoring and obstruction are only two aspects of the technological menace facing teaching. I was asked to look at all forms of harmful technology, and these cannot be located in specific systems or policies, Instead I enumerated broad categories of harm, namely technologies that;
- disenfranchise and disempower
- dehumanise
- discriminate and exclude
- extract or seek rent
- coerce and bully
- mislead or manipulate
On reflection I would add a few less general harms to the original Times HE list, being technologies that;
- distract
- waste time
- waste resources
- gaslight and disturb █
Permalink
Send this to a friend
12.23.22
Posted in Servers at 2:02 am by Dr. Roy Schestowitz
They’re not supposed to do this
Summary: Some time recently Twitter started exposing to everybody (even people not logged in or without an account) statistics that can be used to partly unmask users/usage, especially for very small accounts; whose idea was that?
Permalink
Send this to a friend
12.12.22
Posted in Deception, GNU/Linux, Servers at 12:16 am by Dr. Roy Schestowitz
Does/did this happen in your company too? If so, read on…
Summary: Sirius ‘Open Source’ has not been keeping up with skills required to self-host, instead demonising/denouncing them as “hobbyist” (actual quote from the CEO) and eventually relaying almost everything to proprietary vendors that put gates and walls on Free software
TODAY we continue a couple of parts that deal with security and privacy issues at Sirius Open Source [sic] — a company that still says “Open Source” although it often recommends to clients that they adopt proprietary things.
Enough has been said already about the nature of the hypocrisy, the double standards, the dishonest marketing, lack of principles, and even some truly unethical clients. Below is part of the report deposited before my wife and I left the company1.
Outsourcing Concerns
Colleagues at Sirius have long worked weekends (unlike client’s staff, which is typically off work on holidays and weekends; there’s no 24/7/365 cover). Some of them finished or started working but could not access an essential gateway machine. When the client does something like an update or makes a release the IP addresses will change, so whenever there is an incident Sirius staff can’t restart, forcibly reboot or investigate the machines, that is unless — or otherwise — Sirius staff are informed (or wiki/documentation becomes up to date again). From what is known, this is more of this particular client’s choice, but Sirius lacks a loophole and that is why Sirius may seem sloppy or slow to update/notify their workers/employees.
This is a typical example of a lack of top-down coordination. How are staff expected to carry out duties if managers don’t do their part or fail to understand how these systems work? In fact, when outsourcing to any third party, this may be inevitable; the people who ‘manage’ the machines have almost no control over them. They merely rent some server space and the hypervisor may change over time, introducing unforeseen but unavoidable complication. This means server can become unavailable, with no resort at all (like accessing the datacentre/s). Back in 2011 and for several years after that Sirius had its own server racks and managed its own instances.
Sirius keeps recommending the outsourcing to proprietary software like AWS and Cloudflare, resulting (sometimes) in a lot of problems. Sirius itself pays in AWS bills almost as much as a small salary. Becoming an AWS ‘reseller’ makes Sirius far less competitive and vastly less unique; companies like these, including Rackspace, have their own support. They have their own ambitions of controlling everything themselves. Companies like Sirius should not become transient migrators. Sirius used to offer its own hosting.
This is one of many issues with “cloud computing”, including AWS, which also caused significant downtimes for that client (hours-long outages) — a client that used to have far more control over the hosting. When it comes to certification, the company actively encourages learning “cloud computing” stuff instead of “Open Source” stuff. █
______
1 Many more details will be given, along with further analysis, when the whole report is published. Probably in January.
Permalink
Send this to a friend
11.01.22
Posted in Deception, Free/Libre Software, FUD, GNU/Linux, IBM, Marketing, Microsoft, Red Hat, Rumour, Security, Servers, Standard at 3:14 pm by Dr. Roy Schestowitz
Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0
Irresponsible Misinformation About OpenSSL
Creative Commons Attribution-No Derivative Works 4.0
Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded “news” (noise) sites, Red Hat — and to a lesser extent Fedora — exaggerated the severity of bugs a week before their details’ release (long and purposeless suspense); it’s a case of a boy who cries “wolf!” to get “likes” in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo
A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week’s worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it’s worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not “0-day” and there is no immediate rush to patch (in some cases there is no patch, either).
“We perceive this to be a bit of a media blunder, taking informal “tweets” at face value and trying to compete over who produces the most scary headline/s for about a week already.”The 8 URLs from the video are listed below in a logical order. To quote [4] below “Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?”
We perceive this to be a bit of a media blunder, taking informal “tweets” at face value and trying to compete over who produces the most scary headline/s for about a week already. █
Links from the video above
- OpenSSL 3.0 Series Release Notes
- Vulnerabilities list
- OpenSSL Security Advisory [01 November 2022]
- CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
- Comments: OpenSSL Outlines Two High Severity Vulnerabilities
- OpenSSL 3.0.7 released
- OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
- OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow
Permalink
Send this to a friend
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »
Content is available under CC-BY-SA