Bonum Certa Men Certa

The ISO Train Wreck at Sirius 'Open Source'

International Organization for Standardization (ISO) brag



Summary: Before we proceed to showing how Sirius 'Open Source' blatantly ignored security and privacy we wish to show how ISO (see ISO wiki) basically 'sold' a certificate to Sirius -- this is like a "diploma mill" but something that's for businesses, not individuals

THIS is today's second article on this topic. We've found some spare time for faster progression and in-depth coverage. As I noted yesterday, my wife had more direct and indirect experience (decades ago) with ISO being a bunch of meaningless hooey. So did I (having stumbled upon classical 'box tickers' or worse). Sirius is just another reminder of that. Hence this series and its relevance. It seems like a lot of people in technical fields separately and independently reached the conclusion that ISO is overhyped, overvalued, and mostly a waste of time and money (unless you have a 'bullshit job' to justify).



"This isn't science. It's like calling "economics" a science. It is not. It's more like religion.""My dad complained about the ISO in the 90s," Ryan said in IRC an hour or so ago. "He constantly made fun of all of their "standards" for management of a company that didn't mean anything but go on and on. It's a sort of code so that managers sound smarter than they are. "We're ISO-Whatever compliant with our handling of the TPS reports." And the ISO standards can be wrong and never revised. Microsoft implemented the standard for MP3 and so did LAME, and then the result was they were both correct and Windows XP crashed. Part of the standard about what constituted the maximum size for a frame could be calculated one of two ways.Microsoft chose the more constrained way and it resulted in a buffer overflow with some files that crashed Windows Media Player. LAME had chosen the method that resulted in a slightly larger permissible frame size. The outcome was LAME had to be changed to use the Microsoft calculation to avoid crashing Windows, and that meant a reduction in audio quality under some circumstances, with padded bytes instead of data. Later, they changed to use the VBR bit allocator, even in a CBR file, and it mostly avoids the situation by its method of action. It can cleverly use the bit reservoir in ways that the former bit allocator that was only for CBR files couldn't. Naturally, they never delete anything, so you can still demand the old model. It's just an absolute nightmare of options switches. It's the worst thing I've ever seen in a utility its size. ISO is kind of the stuff of Pointy Haired Bosses when it comes to Management Theory being standardized."

Well, this whole "Management Theory" is what we're dealing with here.

This isn't science. It's like calling "economics" a science. It is not. It's more like religion.

Here's what happened in Sirius (in mostly logical/chronological order):

Subject: ISO Date: Mon, 29 Jul 2019 15:47:43 +0100 From: xxxx To: xxxx

Hey All,

As you know we are going through the ISO processes - I have been asked to gather some information from everyone at Sirius to create a list of all assets used by employees of Sirius whether it belong to the company or the employee so if I can have the item name and serial number that would be great. They have also asked which anti virus you all use.

Are you all able to send me the required information ASAP please?

Thanks,

xxxx


Yes, because a bunch of serial numbers would mean so much! Of people devices at home... for the most part.

"They would nag us to do the same 'course' every year, even though it is dumb and we 'passed' it already."A month later came "You have been registered for a Training course - Information Security" (no, not really security but this hoax instead). We'll deal with that another day...

They would nag us to do the same 'course' every year, even though it is dumb and we 'passed' it already. This is compliance???



"This is something that will be done annually for our ISO process," I was told, "so please complete this on your next shift."



Way to waste people's time, doing and passing a total hoax over and over again (details on why it's a hoax were covered here before).



Notice the threats being sent to ALL staff:



Hi All,

As you will all be aware we have been implementing new policies and procedures in order to become ISO 9001 and ISO 27001 compliant. Part of this entailed changing our HR company to xxxx who use the online portal Atlas to provide an easier method to roll out training. I have checked and there is still a substantial amount that has still not been completed.

ALL training sent out by myself needs to be passed and completed by the _*25th November 2019*_. This is to ensure we meet our deadline for the final stage of ISO audits.

Failure to comply with this request may result in disciplinary action. For those of you that have completed the training, please ignore this message and thank you.

Kind Regards,

xxxx


"Failure to comply with this request may result in disciplinary action," it says. They kept making veiled and explicit threats. Sometimes this culminated in actual bullying, false accusations, and blame-shifting witch-hunts.

Of course the portals failed to even work properly. For instance:

> ALL training sent out by myself needs to be passed and completed by the > _*25th November 2019*_. This is to ensure we meet our deadline for the > final stage of ISO audits.

I was able to open all the documents and read them. The animated things, or training sessions, get stuck. I tried each one of them about 5 times (>each<) and they get stuck somewhere along the way. I tried this on multiple machines. Rianne told she too had some difficulties.

I will try again on my next shift, but these technical issues do merit a mention. They also rely on plugins Adobe no longer supports, posing security risk (an issue aside from the bugs).

Kind regards,

[Roy]


Her answer was: "Have you tried using a different web browser?"

Of course she wasn't using GNU/Linux or anything "Open Source". This does not constitute an actual solution.

In 2020 the following was sent:

-------- Forwarded Message -------- Subject: xxxx - Things to do Date: Thu, 26 Nov 2020 11:38:01 +0000 From: xxxx To: xxxx CC: xxxx

Hi All,

In October I issued Linux Training via xxxx. Can you all please ‘acknowledge’ this on your portal to show that you have opened and read it.

I also need you to ensure ALL training modules issued on xxxx i.e information security and documents issued i.e IMS Awareness presentation have been completed by the end of your next shift.

It is essential these tasks are carried out prior to our ISO Audit next week.

Kind Regards,


Well, those training modules and ISO guidelines weren't even followed by Sirius. We gave examples of this before. In some cases, there were efforts to meet standards only after a certificate had been granted.

Sheesh. I'm not supposed to say this in public, am I?

What did those audits mean anyway? What did the above "ISO Audit" actually check? That the cookie drawer is properly locked when Office staff goes to retrieve some hot chocolate milk from the machine?

"In the next few parts we'll show what Sirius did in practice, not in theory, and what it told staff, not ISO auditors."Some other messages were banal. They indicated a certificate had been granted (in other words, Sirius basically bought one) after minimal so-called 'audits' and staff sending a bunch of numbers from the back of computers (as if that means anything at all).

ISO is a joke. When it comes to this administrivia, ISO created just another 'cash cow' for itself.

In the next few parts we'll show what Sirius did in practice, not in theory, and what it told staff, not ISO auditors. It's one heck of a clusterf**k with the company's data scattered all over the place. That includes clients' data, even private keys and passwords.

Recent Techrights' Posts

Before the OSI Was Bribed and Hijacked by Microsoft via GitHub and Compromised Management...
The OSI isn't even remotely "woke"
The OSI Has Been Silent for Over 3 Weeks, It Has a Severe Trust Issue After Promoting Microsoft and Proprietary GitHub
OSI took a lot of money from Microsoft to become a Microsoft lobbyist
Bribery is OK If You Work for Microsoft (No Punishment Expected)
It's very troubling and a symptom of a broken society/system when particular laws or rules are applied and enforced against some people but not against others
Someone Should Remind Microsoft Lunduke That Microsoft Hires Many Sexual Criminals and Pedophiles as Well
Microsoft Lunduke on an "expedition" to find one or more perverts, then generalise to everyone in the "community"
Cash Machines (ATMs) Make Mistakes and They're Proprietary Software
Correcting mistakes is a colossal challenge
Yes, Microsoft is the Problem
"I am no MS shill."
Another Failed Use Case for Chatbots (LLM): Legal Advice and Analysis
They're just some self-discrediting toy that costs way too much to operate
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 29, 2025
IRC logs for Tuesday, July 29, 2025
Corruption is the Standard Operating Procedure at the European Patent Office (EPO)
The EPO is a dictatorship that stains Europe
Local Staff Committee Munich (LSCMN) at the European Patent Office (EPO) Requests an Urgent Meeting to Avoid Abolishing the Office
This is dictatorship led by the most corrupt
Slopwatch: Fake 'Linux' 'Articles' and Spamfarms/Slopfarms
at least 5 fake articles in one day
Gemini Links 29/07/2025: Wayland Unfit for Use and LLM Slop Faking One's Language Skills With Robot Communications
Links for the day
Nailing the "Hey Hi" (AI) Hype Bubble
So-called "hey hi" as they define it now is all about large companies or regimes remotely controlling the processes running on your machine and even your very own behaviour on your machine, which is in effect no longer your machine but some remotely controlled apparatus
"Four decades; Four freedoms; For all users" Now as a T-shirt
That's shown along the sidebar
Links 29/07/2025: Bad Climate and "Fair Software Licensing" Blasts Microsoft
Links for the day
Links 29/07/2025: Data Brokers Gone Wrong/Rogue and "Copyright Thicket"
Links for the day
Slopwatch: Linuxconfig.org, Linuxsecurity.com, Fagioli, The Register
Today's "Slopwatch" isn't the first article about LLM slop
We Cover Topics Other Sites Are Too Afraid to Cover (Even When They Know the Facts)
It's not that they doubt the truth, they just realise there may be consequences for talking about it
They Try to Tell Us the Free Software Foundation Inc is Dying, But Its Revenue Doubled Since the Dot-Com Bubble Burst
Being in "Activism" is never easy; but it does positive things for society
It's About the Cost of Workers, Not the Fictional Skills Shortage (That Does Not Exist, the Media Spreads False and Sometimes Self-Fulfilling Narratives)
This issue isn't limited to computing, some dub it "globalism"
Links 29/07/2025: More Pushbacks Against Slop and More Praises of Tom Lehrer
Links for the day
Gemini Links 29/07/2025: Purple Yarrow and Understanding Op Amps
Links for the day
This Monday WebProNews Absolutely Flooded the Web With Fake (LLM Slop) 'Articles' About "Linux", Google News Promoted Them as Legitimate
All of the following are fake articles attributed to pseudonyms or authors that don't exist; the images are also slop. Why does Google promote these?
Linuxiac is Not a Slopfarm, But at Least Some of Its Articles Are Machine-Generated Fakes
what we said about it was correct
Expect More Microsoft Layoffs
"Are more job cuts coming?"
Microsoft Behaving Like It's Running Out of Money to Pay Salaries
Does that seem like the behaviour expected from a company which claims it is "worth" trillions?
LWN Downtime Due to Linode, Not LLM Bots
"I’ve received an email letting me know that there is a potential for data loss."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 28, 2025
IRC logs for Monday, July 28, 2025
Nonfree Software in My Bank, by Richard Stallman
Updated 8 hours ago
Links 28/07/2025: Science, Health, and Conflicts
Links for the day
Gemini Links 28/07/2025: Healthy Self-Image With Autism and a "New Life"
Links for the day
Links 28/07/2025: COVID-19 Sped up Brain Aging, "Circumvention is More Popular Than Compliance"
Links for the day
Richard Stallman is Usually Right Because He Thinks "Outside the Box"
he is able to observe society (mores and norms) as somewhat of an outsider
LWN Has Been Down for a Long Time, Another Casualty of LLM Bots?
Time will tell. How much time though?
Slopfarms Versus 'Linux' (and Against People Who Write Real Articles About GNU/Linux)
LLM slop in slopfarms by Brian Fagioli and Redazione RHC
Gemini Links 28/07/2025: Bila Yarrudhanggalangdhuray and Running pkgsrc in a FreeBSD Jail
Links for the day
Microsoft Turns News Sites Into Spamfarms
Is the site The Register MS the next IDG?
The Register MS/The Register US
On Saturday I contacted them for a comment (before issuing criticism)
Hacking revelations at Vatican Jubilee of Digital Missionaries
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 27, 2025
IRC logs for Sunday, July 27, 2025