Bonum Certa Men Certa

The ISO Train Wreck at Sirius 'Open Source'

International Organization for Standardization (ISO) brag



Summary: Before we proceed to showing how Sirius 'Open Source' blatantly ignored security and privacy we wish to show how ISO (see ISO wiki) basically 'sold' a certificate to Sirius -- this is like a "diploma mill" but something that's for businesses, not individuals

THIS is today's second article on this topic. We've found some spare time for faster progression and in-depth coverage. As I noted yesterday, my wife had more direct and indirect experience (decades ago) with ISO being a bunch of meaningless hooey. So did I (having stumbled upon classical 'box tickers' or worse). Sirius is just another reminder of that. Hence this series and its relevance. It seems like a lot of people in technical fields separately and independently reached the conclusion that ISO is overhyped, overvalued, and mostly a waste of time and money (unless you have a 'bullshit job' to justify).



"This isn't science. It's like calling "economics" a science. It is not. It's more like religion.""My dad complained about the ISO in the 90s," Ryan said in IRC an hour or so ago. "He constantly made fun of all of their "standards" for management of a company that didn't mean anything but go on and on. It's a sort of code so that managers sound smarter than they are. "We're ISO-Whatever compliant with our handling of the TPS reports." And the ISO standards can be wrong and never revised. Microsoft implemented the standard for MP3 and so did LAME, and then the result was they were both correct and Windows XP crashed. Part of the standard about what constituted the maximum size for a frame could be calculated one of two ways.Microsoft chose the more constrained way and it resulted in a buffer overflow with some files that crashed Windows Media Player. LAME had chosen the method that resulted in a slightly larger permissible frame size. The outcome was LAME had to be changed to use the Microsoft calculation to avoid crashing Windows, and that meant a reduction in audio quality under some circumstances, with padded bytes instead of data. Later, they changed to use the VBR bit allocator, even in a CBR file, and it mostly avoids the situation by its method of action. It can cleverly use the bit reservoir in ways that the former bit allocator that was only for CBR files couldn't. Naturally, they never delete anything, so you can still demand the old model. It's just an absolute nightmare of options switches. It's the worst thing I've ever seen in a utility its size. ISO is kind of the stuff of Pointy Haired Bosses when it comes to Management Theory being standardized."

Well, this whole "Management Theory" is what we're dealing with here.

This isn't science. It's like calling "economics" a science. It is not. It's more like religion.

Here's what happened in Sirius (in mostly logical/chronological order):

Subject: ISO Date: Mon, 29 Jul 2019 15:47:43 +0100 From: xxxx To: xxxx

Hey All,

As you know we are going through the ISO processes - I have been asked to gather some information from everyone at Sirius to create a list of all assets used by employees of Sirius whether it belong to the company or the employee so if I can have the item name and serial number that would be great. They have also asked which anti virus you all use.

Are you all able to send me the required information ASAP please?

Thanks,

xxxx


Yes, because a bunch of serial numbers would mean so much! Of people devices at home... for the most part.

"They would nag us to do the same 'course' every year, even though it is dumb and we 'passed' it already."A month later came "You have been registered for a Training course - Information Security" (no, not really security but this hoax instead). We'll deal with that another day...

They would nag us to do the same 'course' every year, even though it is dumb and we 'passed' it already. This is compliance???



"This is something that will be done annually for our ISO process," I was told, "so please complete this on your next shift."



Way to waste people's time, doing and passing a total hoax over and over again (details on why it's a hoax were covered here before).



Notice the threats being sent to ALL staff:



Hi All,

As you will all be aware we have been implementing new policies and procedures in order to become ISO 9001 and ISO 27001 compliant. Part of this entailed changing our HR company to xxxx who use the online portal Atlas to provide an easier method to roll out training. I have checked and there is still a substantial amount that has still not been completed.

ALL training sent out by myself needs to be passed and completed by the _*25th November 2019*_. This is to ensure we meet our deadline for the final stage of ISO audits.

Failure to comply with this request may result in disciplinary action. For those of you that have completed the training, please ignore this message and thank you.

Kind Regards,

xxxx


"Failure to comply with this request may result in disciplinary action," it says. They kept making veiled and explicit threats. Sometimes this culminated in actual bullying, false accusations, and blame-shifting witch-hunts.

Of course the portals failed to even work properly. For instance:

> ALL training sent out by myself needs to be passed and completed by the > _*25th November 2019*_. This is to ensure we meet our deadline for the > final stage of ISO audits.

I was able to open all the documents and read them. The animated things, or training sessions, get stuck. I tried each one of them about 5 times (>each<) and they get stuck somewhere along the way. I tried this on multiple machines. Rianne told she too had some difficulties.

I will try again on my next shift, but these technical issues do merit a mention. They also rely on plugins Adobe no longer supports, posing security risk (an issue aside from the bugs).

Kind regards,

[Roy]


Her answer was: "Have you tried using a different web browser?"

Of course she wasn't using GNU/Linux or anything "Open Source". This does not constitute an actual solution.

In 2020 the following was sent:

-------- Forwarded Message -------- Subject: xxxx - Things to do Date: Thu, 26 Nov 2020 11:38:01 +0000 From: xxxx To: xxxx CC: xxxx

Hi All,

In October I issued Linux Training via xxxx. Can you all please ‘acknowledge’ this on your portal to show that you have opened and read it.

I also need you to ensure ALL training modules issued on xxxx i.e information security and documents issued i.e IMS Awareness presentation have been completed by the end of your next shift.

It is essential these tasks are carried out prior to our ISO Audit next week.

Kind Regards,


Well, those training modules and ISO guidelines weren't even followed by Sirius. We gave examples of this before. In some cases, there were efforts to meet standards only after a certificate had been granted.

Sheesh. I'm not supposed to say this in public, am I?

What did those audits mean anyway? What did the above "ISO Audit" actually check? That the cookie drawer is properly locked when Office staff goes to retrieve some hot chocolate milk from the machine?

"In the next few parts we'll show what Sirius did in practice, not in theory, and what it told staff, not ISO auditors."Some other messages were banal. They indicated a certificate had been granted (in other words, Sirius basically bought one) after minimal so-called 'audits' and staff sending a bunch of numbers from the back of computers (as if that means anything at all).

ISO is a joke. When it comes to this administrivia, ISO created just another 'cash cow' for itself.

In the next few parts we'll show what Sirius did in practice, not in theory, and what it told staff, not ISO auditors. It's one heck of a clusterf**k with the company's data scattered all over the place. That includes clients' data, even private keys and passwords.

Recent Techrights' Posts

Doing My Share to Tackle Online Slop and SPAM
Trying my best to 'fix' the Web
Slopwatch: Fakes, FUD, Duplicates, and Charlatans Galore
The Web as we once know it is collapsing. Some opportunists try to replace it with low-quality slop.
The Register UK Seems to Have Become American and Management is Changing (Microsofter as Editor in Chief)
The Register 'UK' is now controlled by the Directions on Microsoft guy
Microsoft Windows Lost 400 Million Users in a Few Years, Why Does The Register Double Down on Windows With New US Editor?
days ago they hired a new US editor
 
Links 26/07/2025: Amazon Shutdown in China, Russian Economy Slows
Links for the day
Gemini Links 26/07/2025: History of Time (1988) and Gemini Games
Links for the day
Links 26/07/2025: 50 Percent Tariffs in Amazon, Dying Intel Offloads Network and Edge Group (NEX)
Links for the day
Blaming Programming Languages for Users' and Developers' Bad Practices
That's like blaming cars for drivers who crash into things
Many People Still Read Techrights Because It Says the Truth, Produces Evidence, and Does Not Self-Censor
Unlike so many other sites
The Register is Desperate for Money, According to The Register
I decided to check how they're doing as a business
Microsoft Finally Finds a Use Case for Slop?
Create low-quality chaff to shift the media's attention?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 25, 2025
IRC logs for Friday, July 25, 2025
For Libel Reform One Must First Bring (or Raise) Awareness to the Issues and Their Magnitude
I myself know, from personal experience
Links 26/07/2025: Rationed Meals in the US and TikTok Repels Investments (Too Toxic)
Links for the day
Gemini Links 26/07/2025: "Bloody Google" and New People in Geminispace
Links for the day
Response to Solderpunk (Father of Gemini Protocol) About the Gemini Community
Solderpunk responds to non-sequitur
HTML and the Web Used to be Something a Child Could Learn, "Modern" Web is a Puzzle of Frameworks, Bloat, and Worse
When the Web was more like Gemini Protocol
New US Editor in The Register is 84% Microsoft/Windows Booster
It'll be worrying if it carries on like this
Links 25/07/2025: Slop Blunders and China Has Code of Conduct for Lawmakers in HK
Links for the day
Gemini Links 25/07/2025: Some Books and Babies and Capital
Links for the day
Links 25/07/2025: NOAA Cuts Endanger Lives, "Europe's Self Inflicted Cloud Crisis"
Links for the day
They Try to Lecture Us on Ethics
They even removed "master" from Microsoft GitHub
The Future of the Web is One Rendering Engine or 'Flavours' of Chrome
The future of the Web does not look bright at all
Best Sites Are Not Optimised for Any Browser, They Work Equally Well With All of Them
Red Hat (IBM) is making rubbish sites
YouTube is a Spamfarm, Slopfarm, and Clickfarm (a Lot of Numbers There Are Fake)
Those who don't fake look unpopular and unimportant
We Don't Do JavaScript and Pages Are Small
Thankfully Gemini Protocol has nothing like JavaScript
'Tech' is Not Technology
Some people use terms like 'Old Tech'
IBM's Debt Rose by Almost 10 Billion Dollars in the Past 6 Months Alone
The "hey hi" circus is coming to an end
Yes, Master
Gaslighting by actual racists
Microsoft Bribes and Buys Politicians to Tell Europe What to Do About Free Software (Which It's Attacking)
Microsoft: we speak for the thing that we are attacking! Follow the money...
Making Backups Quickly and Reliably
Backups are imperative, more so in an age of uncertainty, unpredictable weather, and worsening standards (quality of products going down while prices go up)
Techrights Investigation: Estimating the Point in Time LinuxIac Turned Into LLM Slop (Part of the Time)
Bobby Borisov got lazy
10th Month, Ten Weeks From Now, at Ten AM
In Wentworth Institute of Technology in Boston
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 24, 2025
IRC logs for Thursday, July 24, 2025
A Nadella Memo Distracts From Microsoft's Cheapening Of the Workforce
Right now the "MSM" (mainstream media) is flooded/overwhelmed by garbage pieces that relay lies for Nadella
Vanishing Faces of GNU/Linux
Free software projects do not depend on any one person or company to still exist
Microsoft Says It Lost 400 Million Windows Users, Now It's Waiting for GNU/Linux to Stop Booting on 'Old' PCs
When it comes to Windows, Microsoft is fully aware of the issue and statements it made earlier this summer suggest it lost 400 million Windows users
Slopwatch: LinuxTechLab, linuxsecurity.com, LinuxIac, and More
Also: The Register's Microsoft agenda (new editor)
Gemini Links 25/07/2025: Gemtext Aware Titan Editor and Gemini Protocol Comeback
Links for the day
Links 24/07/2025: Convicted Felon Quits UNESCO, "Vibe Coding Goes Wrong", and Signalgate Gets Worse
Links for the day
Gemini Links 24/07/2025: Forgejo Woes and Smolnet Directory Week
Links for the day
Misinformation is Not Intelligence
It's low-grade plagiarism and it fails to show any signs of intelligence
Links 24/07/2025: Storage Tapes Still Kicking, Windows TCO 'on Steroids' (Microsoft-Induced Catastrophes)
Links for the day
Bobby Borisov (LinuxIac) Has Apparently Begun Experimenting With LLM Slop, So We Cannot Trust LinuxIac Anymore
So did LinuxIac become a slopfarm? Maybe not yet, but it's getting there
Informa TechTarget's ITProToday is Becoming a Slopfarm Generated by Microsoft Chatbots
Busted.
'Tech' Gimmicks Are for Advertising, Not for Usability
In the case of Microsoft, they latched onto slop
BetaNews Sacked Brian Fagioli and Deleted His Comments, But He Still Tries to Use the "BetaNews" Brand for Self-Affirmation
Fagioli takes the work of other people
[Meme] Hard to Be a Better Person?
Sooner or later they'll realise that for each pound I spend they need to spend about 1,000 times more
The LLM Con Artists Are Highly Destructive
Who will ever be held accountable for this scam?
Too Bribed by Microsoft to Move to Free Software?
Microsoft lies and Microsoft bribery (in politics)
New US Editor for The Register is a Microsoft Booster
"Avram Piltch has served as US editor for The Register since July 2025."
Microsoft Hiring European Politicians is Another Form of Bribery; There Should be a European Investigation
When Microsoft bribed people in Europe for OOXML (there's no denying this!) a European government delegate said that Microsoft operated like a cult
Reda Demanded That FSF Removes Its Founder, Now Reda Works Directly for Microsoft
A sellout and a traitor, first working for GAFAM, now Microsoft
PCLinuxOS is Raising Money to Support Development After Fire Incident at the Host
PCLinuxOS has not had announcements lately
Speed of the Site Should be Better Now
The "bot attacks" impact the speed of the sister site too
Getting More From AnalogNowhere
Recently we used many images from AnalogNowhere
Microsoft, Microsofters and 'Secure' Boot Shills Already Storming the LWN Report About Expiring Certificate, Shooting the Messenger
LWN has clearly stuck a nerve
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 23, 2025
IRC logs for Wednesday, July 23, 2025
Disable "Secure" Boot Today (the Only Better Time to Do So Was Yesterday)
Don't trust anything Red Hat tells you about security
Links 23/07/2025: Windows Killed Company After 150+ Years, US Government Mimics Russia's Attacks on the Media
Links for the day
Freedom Generally Wins at the End, History Shows (But It's Constantly Attacked, Too)
At the moment people realise "Linux" (e.g. Android) isn't enough to guarantee any freedoms
Over 3 Months Later Brett Wilson LLP Still Unable to Recruit a Media Lawyer?
"Immediate start", but not found... still unfilled