Bonum Certa Men Certa

Sirius ‘Open Source’ Outsourcing Confidential Information to Spying Companies in Another Continent

Putin koala: I got all of his passwords! Not my fault!

Summary: The Sirius ‘Open Source’ management made the decision (without any consultation with the staff affected) to outsource key operations to foreign, third-party entities that are subjected to the US government's prying eyes and several of the National Security Agency's programs; this affected clients as well (usually without their awareness, let alone consent)

THIS is the last part of the third section of a report I left with the company before leaving at the start of this month. There will be a lot more information about this scandal next month. Recent E-mails are appended below (with certain stuff redacted for privacy's sake).

I cautioned about this repeatedly (for about 4 years) and suffered retribution, threats, and more. Nothing has improved since then.

As just a little sample, please see the E-mails at the bottom (recent); shared in the future will be some longer E-mails about this issue.

But first... the report.




The morale around that time was low, set aside COVID-19 becoming a growing problem, along with lock-downs. Roy noted that in order to comply with the law he cannot post clients' details on the Slack network. So he chose to obey the regulations and the law, in line with security standards. Stuff like "hi" is probably considered OK and safe enough for Slack, but not addresses, passwords etc. Things have not improved since, as the final section notes again (with examples).

This long section, along with written messages as evidence, is very important. Bad leadership worsened the corporate climate and changed how people viewed the company from within, if not from the outside as well.

This document now proceeds to a discussion about the latest and maybe the final blow. The company already had capacity issues (not enough staff to cover shifts) and now it's even worse.

Roy and Rianne hoped to prevent a 'death spiral' and ironically enough it seems like the company wants to accelerate its own 'death spiral', due to tactless, insensitive remarks.




One of many messages to that effect -- messages which I was sending for years to highlight the problem. Of course nothing was done about this; usually there was not even as much as a reply. Hush hush as a company-wide policy...

This one is from August of this year:

Date: Tue, 30 Aug 2022 09:00:50 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317
 Thunderbird/1.0.2 Mnenhy/0.7.4.0
From: Roy Schestowitz
Subject: Handover to Shift 2 (30/08/22)
To: [whole team]



[...]

https://www.darkreading.com/cloud/lastpass-data-breach-source-code-stolen

users need to change all the passwords they have there and not keep them there if they value real security not paper mills.


Another one from August of this year:

Date: Thu, 11 Aug 2022 03:10:53 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317
 Thunderbird/1.0.2 Mnenhy/0.7.4.0
Content-Language: en-US
From: Roy Schestowitz
Subject: Slack admits to leaking hashed passwords for five years
To: [whole team]
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit



https://nakedsecurity.sophos.com/2022/08/08/slack-admits-to-leaking-hashed-passwords-for-three-months/

Does not surprise me at all. They only admit this because they got caught, hence they need to spin this somehow, belittling the severity, just as LastPass did after several blunders (it had suffered a breach). The way forward is self-hosting and encrypting things (on server one controls, not leasing).

Recent Techrights' Posts

Debian GNU/Linux and Free Software Developer Daniel Pocock in Irish Elections This Month (Dublin Bay South)
Polling day in 15 days
Layoffs as Happy Stories in the Corporate Media
It's based on a longstanding pattern
In Switzerland, GNU/Linux Reaches Record Highs, But What About the Corruption?
Pocock is a disappointed citizen of Switzerland
 
Links 14/11/2024: Politics, Climate, and Instability
Links for the day
Links 14/11/2024: EmacsConf and Flounder
Links for the day
Links 14/11/2024: Science and the Demise of Microsoft-Connected USPTO Director
Links for the day
For "X" to Die the Media and Politicians Will Need to Quit (Then, Advertisers Will Lose Interest, Even for Political Ads)
Fewer people are still there anyway
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 13, 2024
IRC logs for Wednesday, November 13, 2024
Bob Should Tell Alice About What GitHub (Which Linux Foundation Outsources Code to) Does to Entire Nations, Following Donald Trump's Policies
"What's next, preventing access to Linux from non-NATO countries? Putting NSA backdoors in the kernel?"
It Took The Guardian More Than 2 Years of Musk to Realise What Twitter Was and It Took Twitter 4 Years of a President Trump to Realise What Trump Was
Trump was deplatformed only a fortnight before Biden became president anyway
[Meme] Google 80%, Windows 2%
"I'm going to f---ing bury that guy, I have done it before, and I will do it again. I'm going to f---ing kill Google."
Microsoft's Market Share Falls to 2% in Haiti
Throw in Android (now 80% of "the market") and Windows is down to 2%
Gemini Links 13/11/2024: Magic of Walking and Lest We Forget
Links for the day
Links 13/11/2024: USPTO Director Kathi Vidal ('Former' Microsoft Rep) Resigning, Censorship After Car Ramming Attack in China
Links for the day
Microsoft: Layoffs, Outsourcing, and R.T.O. as Cover for Mass Layoffs Without Severance Pay
Microsoft had mass layoffs pretty much every month this year
[Meme] The Addicted Lolicon Throwing Stones
"They've found my RMS attack site"
Jonathan Carter & Debian betrayed Joel Espy Klecker
Reprinted with permission from Daniel Pocock
Links 13/11/2024: Red Tape War and Programming Experiences
Links for the day
Links 13/11/2024: "Make Your Laptop Last FOREVER" With GNU/Linux, 23andMe Mass Layoffs, Intel 'Resignations' Layoffs Loophole
Links for the day
More Than 3 Years After Vista 11's Release More Chinese Computer Users Still Use Vista 7 (Than "11")
it was "officially" released October 5, 2021
At BetaNews, "Most Commented Story" Is Not a Story But LLM Slop! (Readers Talking to Bots)
They make fake stories with provocative headlines and then boast that these get many comments
[Meme] Swiss Lawyers/Attorneys Who Fake Qualifications and Rob People
Switzerland mostly guards its reputation by censorship of media
Just How Slow Has the News Industry Become?
We're drowning in garbage from fake publishers
Things That Still Work OK (But We're Being Shamed for Using)
Using old stuff is nothing to be shamed of (or afraid to do)
Free Software is About Collaboration
WordPress limits it
Even the Managing Editor of BetaNews is Doing Slop and Spam
A Fish Rots From The Head Down
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 12, 2024
IRC logs for Tuesday, November 12, 2024
PERA Bill in US Senate Strives to Crush Caselaw, Making Patents on Mathematics and Algorithms 'Great Again'
Follow the money
BetaNews is Beta-Testing the Site as LLM Slop With Microsoft Propaganda Thrown In
Many of the people there are Microsoft boosters and they use slop as "filler" (for marketing)
Evolution of euthanasia & WIPO UDRP similarities exposed by W. Scott Blackmer
Reprinted with permission from Daniel Pocock
Gemini Links 13/11/2024: Phasing Out 3G, Brian Kernighan Books, Tcl/Tk, Time to Ditch x86
Links for the day
Links 12/11/2024: A Lot of Censorship and SWNS at 50
Links for the day
BetaNews, Inc. Became a Spam Operation/Web Site, LLM Spew (Slop) for SEO Disguised as "Articles"
Published 5 minutes ago by Brian Fagioli...
Gemini Links 12/11/2024: Invidious Down and YouTube Addiction
Links for the day
Links 12/11/2024: Hey Hi (AI) Failures and COP29 Fakers
Links for the day
Latest Rumours of Red Hat Layoffs
Rumours or gossip is how almost everything starts
WordPress is for the 'Old Web'; the New Web Necessitates Static Pages
There are purely practical reasons to move away from WordPress and the likes of it
Biggest Debt Leap in Years, More Than Half a Trillion Dollars in Just One Month
We remind people (almost every year) that it's also "buynothingday"
Windows Falling to All-Time Lows and Microsoft Has Nothing to Replace It With
It's mostly Android (Linux) replacing Windows
Cybershow Has a New 81-Minute Episode on Digital Sovereignty and International Cyber-Relations
it is a high-quality show
Activism in the Digital Realm Can Never (and Must Never) Rely on GAFAM
This simply means that tech activists must completely abandon any hopes of finding allies in Google or IBM or whatever...
Golden Dawn(ald) and What GAFAM Means to Liberal Techies
In one single screenshot
IBM CEO Says Donald Trump as President-Elect is Good for IBM in New Interview With CNBC
most unprincipled CEO ever?
GNU/Linux Up to 6.1% in Finland (Almost 9% If One Counts ChromeOS Too)
Home of Linux (the kernel)
BetaNews Has Become a SPAM/Slop Factory, Brian Fagioli Publishes Fake 'Articles'
everything is now suspect in BetaNews
It's Morbid to Talk About Living People as If They're Dead
What happens to LLM slop when Brian Fagioli dies?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, November 11, 2024
IRC logs for Monday, November 11, 2024
Free Software and Love of Nature
It's not a coincidence that many Free software activists are also lovers of nature
Silicon Valley and GAFAM Were Never Liberal
spineless CEOs and founders aren't against Trump
Windows and 'The Desktop' Floundering
Microsoft should be extremely worried
WordPress is Bad for the Planet (Even If Many Still Use It)
the costs nobody wishes to talk about