Summary: Sirius ‘Open Source’ has long misused “ISO” to do all sorts of dubious things, including cover-up and frustration of staff; the time has come to explain what happened and maybe eventually report the matter to ISO itself

THOSE who have followed this series carefully enough know that pretty much all the communication tools of Sirius ‘Open Source’ had been outsourced to proprietary vendors (voice, text etc.) without bothering to ask staff, which complained only after the fact. Too late. It’s a decree, not a proposal. Instead of self-hosting Asterisk and relying on Jabber (among other things) the company was sending its workflow to Google, Zoom, Slack (Salesforce) and even Skype (Microsoft) while publicly floating ISO logos.

Over the coming week or so we’ll show this ugly façade of a company that still uses the term “Open Source” — a thing that it is rejecting internally. It’s not about doing what clients require; this is about what the company chooses for itself, as it’s headed by managers who neither use nor support Open Source. It’s a façade.

The Office Manager will be a recurring theme here, as she was part of this façade. What is an Office Manager anyway when the company [cref 167181 does not have an actual office]? David Graeber’s thesis would classify it as a ‘bullshit job’ [1, 2], probably the “box tickers” kind. To quote Wikipedia, we deal here with “box tickers, who create the appearance that something useful is being done when it is not, e.g., survey administrators, in-house magazine journalists, corporate compliance officers, quality service managers…”

As noted here right from the start (a day after resignation), the company was hardly compliant with anything sensible, including security and ethics. Last year I was asked to study logs for some anti-abortion group (without telling me where those logs had come from). What next? Would I be getting assigned jobs like checking logs for Oath Keepers or Proud Boys, seeing that anti-abortion groups were starting paying for “services” last year? (Off the record)

Anyway, yesterday this good article mentioned LastPass, another company that the stubborn new management decided to hand over to not only our own passwords but clients’ too (even private keys!!!), insisting that [cref 168024 according to LastPass] the LastPass breach wasn’t a big deal. Sirius did not even bother resetting passwords after I had repeatedly urged for this to be done (and, as a possible bonus, to dump LastPass altogether). In yesterday’s article the author says: “I’d like to talk about some of my experiences with this topic, as well as recent events in the security community.”

“Before I describe my experience,” he says, “I need to set the stage. My LastPass fun took place around the same time as the infamous Bugcrowd incident with JSBN.”

Watch how LastPass handled things: “My first step in esclating was security.txt. No dice. There was no clear security officer or contact information that I could discern from my social network either, so I chose the path of last resort: I contacted their support team.”

So it’s more or less like Sirius. No wonder a client said the company was “incompetent”. The client said this to a highly incompetent ‘manager’ who was never supposed to be there in the first place: No clue about technology or about management, just some associate from a former organisation in which a Sirius ‘founder’ had spent a few years. Hiring friends and relatives instead of qualified people leads to disaster.

Very basic security practices were often disregarded and staff was ignored in spite of technical background. It was like talking to the wall.

At first we had Asterisk internally; then someone decided it would be better to use some outside firm as a supplier and pay the fees. That was still a lot better than a move to a defective “service” and then purchase “phones” that are a security threat, in the hope (likely false hope) that it would ‘fix’ the issue. We’ll come to that another day.

The management kept covering up for repeated failure/s, blaming the staff (victims) instead, never the decision-makers who introduced a faulty/defective alternative but are too vain to admit it, take the blame, and finally undo.

The company’s obscene disregard for security would not end there. We’ve already covered cognition reports being stored on personal machines, then uploaded to AWS (not the client’s servers). There was no longer any security protocol in place; no file server for them or for us (GDPR would be screaming!), set aside the fact that the company is no longer “open source” and is basically lying about it. It’s more like bragging about ISO while gaslighting people who actually value security.

Not only did the company ignore the warnings from me, it didn’t even change passwords, alter providers, or self-host an actual “Open Source” alternative. It kept saying it would (or merely consider this), but those were lies. As we mentioned here before, this wasn’t a matter of practicality of cost-savings either; Sirius was getting huge bills for “clown computing” (idle almost all the time but the bills kept growing and growing). Any suggestion of self-hosting, i.e. like before, was dismissed as “hobbyist” by the CEO. So what is to be sold as a service by Sirius? Outsourcing? Well, the company’s latest incarnation in LinkedIn does say that.

Tomorrow we’ll show some examples of misuse of the company’s pretences (ISO, GDPR etc.) for cover-up, censorship etc.

In the meantime, however, consider this E-mail from July 2019 (when the company was setting up a shell in the US, covertly, when signing an NDA with the Gates Foundation):

xxxx wrote on 17/07/2019 17:20:
> Hello Roy,
>
> As you are aware we’re currently going through the process of
> implementing ISO 27001 (information security management system). It’s
> been brought to our attention that you using xxxxx Slack is
> unacceptable due to the security of password sharing amongst yourselves.
>
> During your meeting at the training workshop – I had asked for you to
> reconsider as this is a company requirement.
>
> Moving forward and with the advice from the ISO company this is now
> something which needs to be completed by the end of your shift this
> evening. Slack is an essential communication tool used by everyone
> within the company.
>
> Would you please confirm the receipt of this email and a reply to this
> request.

Hi,

Currently, all our sensitive communications end up on the server of a large corporation in another country, where this data can get sold. It included NHS stuff. This too is a problem as we need to be Open Source not only in name and I’ve been waiting for xxxxx to set up Matrix or similar for me to join. It has been months and I think it’s essential for our company to demonstrate it takes security seriously. I can set up an Open Source alternative myself if that helps.

Regards,

Of course I only received more threats for this, rather than be listened to. Of course “information security” and Slack are incompatible concepts. As we shall revisit shortly, let’s just say Slack suffered yet another data breach shortly thereafter, vindicating me. Did the management listen? Did it react? Of course not.

After some more threats I was compelled to give up, at least temporarily:

xxxx wrote:
> Hello Roy,
>
> As I have expressed in my previous email and in all communication that
> Slack is an essential communication tool used by everyone within the
> company at the moment. We all should be there.
>
> This is a direct management requirement and instruction and it needs to
> be implemented immediately.

I have just created the Slack account.

It would still be useful to know the timeline for moving to an Open Source alternatives. Slack has no business model other than spying at the moment, as media repeatedly points out.

Regards,

Regarding “I’ve been waiting for xxxxx to set up Matrix or similar for me to join,” I was receiving false promises from the CEO, naming two people who would set up a Free software alternative like Riot/Mattermost. One of them left the company (as I had previously warned the manager) and another never implemented the change. Sirius management was just lying all along.

We’ll revisit Slack another day and we shall deal with each of these blunders in turn. ISO is a joke if it grants certification to companies which behave in this way, set aside how superficial the requirements are. 15 years ago Microsoft bribed a lot of firms and organisations to rig ISO; and ISO, in turn, was OK with it. Now, after so many years, Sirius is another disgrace or a black eye to ISO. No wonder clients suffered security breaches. They weren’t even informed of how poorly Sirius had handled/managed security.

n Tuesday we’ll get some more mortality numbers from ONS, but in the meantime it’s hard to trust their output. As just noted, I’ve not received any clarification or response to them (they ask people to give them up to 10 days) and some already file formal complaints about ONS deceiving/misleading the public: “In Nov 2022 we (Professor Fenon and team) made a formal complaint to the Statistic Regulator about the multiple anomalies in the ONS mortality by vaccination status reports. On 20 Jan 2023 they final [sic] responded and they agreed with our major concern that 1) the ONS data was based on a biased sample that under-represented the proportion of unvaccinated in England; and 2) the ONS data could not be used to make any assertions about vaccine efficacy or safety.”

Seeing what happened to the Swindon data, this certainly smells like cover-up of epic proportions/scale. We need to keep chasing them. They gradually run out of excuses and evasion tactics.

5 days down the line my query to ONS remains unanswered: Enquiry Sent to the Office for National Statistics (ONS) Regarding ‘Missing’ Deaths in the United Kingdom

New:

Description:

In Nov 2022 we (Professor Fenon and team) made a formal complaint to the Statistic Regulator about the multiple anomalies in the ONS mortality by vaccination status reports. On 20 Jan 2023 they final responded and they agreed with our major concern that 1) the ONS data was based on a biased sample that under-represented the proportion of unvaccinated in England; and 2) the ONS data could not be used to make any assertions about vaccine efficacy or safety.

Video download link | md5sum 1207d847e412d9c458be0b408d43f29c
Sirius Bullying the Geeks, Driving Away Core Staff
Creative Commons Attribution-No Derivative Works 4.0

Summary: The managers at Sirius ‘Open Source’ have been bullying staff since 2019, even more so after the Gates Foundation passed money to the CEO under an NDA (while the company created a new shell in Washington); today we examine why the NDA was, in effect, very much like a bribe (or two bribes, depending on the kind of NDA) and then examine one memorable example of management abusing depressed and ill geeks

FOR a number of years already we’ve discussed NDAs as a form of bribery. NDAs should probably not be legal at all; people who use NDAs extensively cause harm; they typically engage in criminal business activities, which they’re desperate to hide (from the public, authorities etc.), so they pay ‘hush money’ in advance).

The video above discusses this post from 3 hours ago and explains why I’ve generally come to the conclusion that many types of NDA are indistinguishable from bribes. Had there been no strings attached, I’d be able to give more concrete evidence of what happened in 2019. I got a hint of it only once and Rianne was a witness too. She heard what the CEO told us. I did not record it, but in hindsight I ought to have recorded it (had I known in advance). This was never mentioned in writing after that (or before that). I suppose that verbal mention was itself a violation of the NDA, but maybe the CEO hoped nobody would notice. White-collar criminals love NDAs.

Either way, the main topic of the above video is how a colleague of mine, a highly technical person, was persistently bullied by vicious ‘managers’ without any relevant training. We never forgot this. We’ll always remember.

If you work in a company governed by trolls and managed by their cronies, get out for your own sake. It only goes downhill from there. Companies cannot recover from this and sellouts worsen things. They’re a final act of desperation, milking what’s left of the brand’s past reputation.

By Mike Reyher – Architel Operations Center, CC BY 2.0

Summary: Network operations centre (NOC) staff at Sirius ‘Open Source’ was subjected to intense abuse after Bill Gates had passed a bribe (even a double bribe, as we’ll explain later) and today we give another example of this

AS readers of this series are probably aware, NOC staff has always worked from home. Myself and my wife never took a day off for sickness (for 21 years), but some colleagues did. Some colleagues even worked when there were still ill. Did the management appreciate it? Not really…

Shown below is how one NOC colleague was treated a couple of months or so after the Gates Foundation gave the CEO money, though only after an NDA had mysteriously been signed (more on that in the upcoming video). This was the time the NOC staff was routinely being bullied, falsely accused etc. As if the company was hoping to scuttle the whole thing, or perhaps the unqualified managers were on an ego/power trip.

This is going back to September 30 2019, i.e. when Richard Stallman was under fire right after there was a Bill Gates/Jeffrey Epstein scandal at MIT (the media shifted focus away from that). It was also around the time Melinda Gates was pursuing a divorce, knowing about these scandals. Here is a message from the colleague:

Date: Mon, 30 Sep 2019 08:27:58 +0100
From: xxxx

I was ill last Monday on my shift and couldn’t find them after a cursory look

On 29-09-2019 13:17, xxxx wrote:
> If both keys were there, why the delay?
>
> xxxx.
>
>> On 29 Sep 2019, at 12:45, xxxx wrote:
>>
>> xxxx’s key is in puppet for xxxx and Sirius, or can be grabbed from any xxxx or sirius machine where it has been pushed.
>>
>> As was/is xxxx’s.
>>
>> In short, you’ve had both all along.
>>
>>
>>> On 28/09/2019 03:34, xxxx wrote:
>>> We’ve now got xxxx’s key so should be done by Monday.
>>>
>>>> On 27-09-2019 09:37, xxxx wrote:
>>>> Ok.
>>>>
>>>> Back to support. Please resolve this as soon as.
>>>>
>>>> Please use your investigative skills and complete this task. Read what
>>>> xxxx has written in previous email.
>>>>
>>>> It is ridiculous that xxxx and xxxx have to wait for 3 months to
>>>> get these access sorted out. I seem to be playing tennis with support
>>>> and xxxx to get this simple task completed.
>>>>
>>>> THIS IS IMPORTANT AND THIS NEEDS TO BE COMPLETED BEFORE MONDAY NOW.
>>>>
>>>>> On 27 Sep 2019, at 09:21, xxxx wrote:
>>>>>
>>>>> Well, yes, but surely easier to just grab them from any machine
>>>>> anywhere xxxx or xxxx already have access? Or xxxx puppet?
>>>>>
>>>>> No need for me to spend time looking that up when Dan (or anyone on
>>>>> support) can already do that.

[...]

What’s noteworthy about the above is that unqualified or barely-qualified family members of the above managers are involved too. This is where nepotism rears its ugly head too. That alone can make people sick (metaphorically).

A followup:

….. thanks xxxx…………………..

Now xxxx are you able to follow this or will this still be an issue?….

Kind Regards,

[...]

> Like, it’s really not hard, I’d just rather spend time doing the critical things that *are* hard.
>
>
> On 30/09/2019 10:22, xxxx wrote:
>> Hi xxxx,
>>
>> As it shows below xxxx has not been able to locate the info.
>> Can you please send this agin or direct it to xxxx where he can find these so he can do this on his shift tonight.
>>
>> *_Support, I need this done. _*
>>
>> Kind Regards,

[...]

What’s behind all this? Here comes the explanation:

Sorry, you misunderstand me. I had sickness & diarrhoea during my shift on Monday and when I tried to find xxxx’s key I couldn’t as it wasn’t on any of the machines I looked on. However I have since found it.

On 30-09-2019 10:22, xxxx wrote:
> Hi xxxx,
>
> As it shows below xxxx has not been able to locate the info.
> Can you please send this agin or direct it to xxxx where he can find
> these so he can do this on his shift tonight.
>
> SUPPORT, I NEED THIS DONE.
>
> Kind Regards,

[...]

And later this:

Is there really any need for this constant criticism? It really makes me unhappy in the workplace. I’m sorry I was ill okay?

It has already become a chronic issue at this point. It was harming a person’s health.

Here’s the reply received from the imposter ‘manager’:

xxxx,

There is no criticism applied. I am simply trying to get access for xxxx and xxxx for the last 2/3 months now. Every time support can’t find some information or other. Which surprises me every time with the amount for years everyone has worked with Sirius and these are not new tasks.
It’s very worrying that simple tasks like this are not being finished in time. No one simply takes responsibility and the tasks are passed over constantly. And no one looks for instructions and always waits expects xxxx to take over.
Can we follow instructions and keep things professional please.
xxxx

Later on there was a more detailed explanation of the background:

Please will you supply the specific times over the last 3 months where you have asked us to do this? As far as I can tell its only over the last week. I have explained that I was ill last week when I looked for the key – and I have apologised for being ill too.

And please can you tell me what you learnt on the depression course that you and xxxx went on and how you are putting it into practice? As I have said many times to you now, there a few of us at Sirius who suffer from depression and want to work in a positive environment that is free from constant bullying.

You will get the best from your team if you treat them well and with respect. Constantly putting us down will not produce the best work from us.

This “constant bullying” (I agree) did not stop after this. We were already losing key technical people at that point and the company was thus gradually losing the ability to even maintain its own infrastructure. A lot of the time we were presented with false timelines, cushioning false accusations. The blame/fault was almost always with managers, who not only drove away (or pissed off) colleagues but also failed to take action like paying simple bills.

To give one example, an important client kept having outages because the above managers didn’t even perform simple tasks like paying bills. Some NOC staff kept warning about it. In a handover to shift 2 (09/06/2021), for instance, the NOC person on duty wrote about “Third Invoice Overdue Notice” (yes, third), noting: “Concerned that they’re going to discontinue the service” (this would not be the first or last time).

The manager who did the most bullying at the time was hired not for skills or for relevant experience; it’s a former colleague of the CEO, who used to do secretarial tasks (saying anything more might give away the identity, but this is fact-checked). It’s astounding that around that time personal assistants could suddenly be elevated to management and even act like they’re bosses, clearly incapable of handling the responsibilities. Picking on ill and depressed people was their “pastime”. They fancied the idea of being in control of people vastly more qualified than them (who actually did all the real work, sometimes overnight with ‘jet lag’).

New video:

Description:

In 2022, 7.8% more young adults died than in 2019, this is outrageous and demands an official (credible) explanation

https://actuaries.org.uk/news-and-media-releases/news-articles/2023/jan/17-january-23-cmi-says-2022-had-the-worst-second-half-for-mortality-since-2010/

Continuous Mortality Investigation (CMI) is publishing frequent UK mortality analysis

Today’s updates cover week 1 of 2023 (to 6 January)

Mortality for 2022 as a whole was 4.5% higher than 2019,

but 7.8% lower than in 2020

2.2% lower than in 2021

There is a striking difference in how mortality rates in 2022 compare to 2019 at different ages

2.5% higher for ages 75-84

7.8% higher for ages 20-44

In the UK, there have been around 155,300 more deaths from all causes than expected from the start of the pandemic to 6 January 2023

Of these

72,900 occurred in 2020

47,500 in 2021

31,000 in 2022

In the UK, the second half of 2022

26,300 excess deaths,

compared to 4,700 in the first half of 2022

The number of deaths registered in England & Wales in week 1 of 2023

3,437 higher than if mortality rates had been the same as in week 1 of 2019;

equivalent to 30% more deaths than expected

Cobus Daneel, Chair of the CMI Mortality Projections Committee

Although weekly excess mortality in the second half of 2022 wasn’t nearly as high as the peaks earlier in the pandemic, it was persistent.

This led to more excess deaths in the second half of 2022 than in the second half of any year since 2010.

Excess mortality has been particularly high recently with more than 7,000 excess deaths over the three weeks to 6 January 2023.

https://www.hindustantimes.com/business/davos-2023-pfizer-ceo-evades-questions-on-covid-vaccine-efficacy-watch-video-101674203439039.html

Albert Bourla, Chief Executive Officer, Pfizer

World Economic Forum meeting

Series of tough questions about the efficacy Covid vaccine

Thank you very much

Have a nice day

India, minister for state for information and technology. Rajeev Chandrasekhar

Just to remind all Indians, that Pfizer tried to bully Govt of India into accepting conditions of indemnity

2nd December 2020

https://www.independent.co.uk/news/health/coronavirus-pfizer-vaccine-legal-indemnity-safety-ministers-b1765124.html

The UK government has granted pharmaceutical giant Pfizer a legal indemnity protecting it from being sued,

enabling its coronavirus vaccine to be rolled out across the country as early as next week.

16th December 2020

https://www.reuters.com/article/uk-health-coronavirus-britain-vaccines-idUSKBN28Q014

Britain to spend £3.7 billion on vaccines and bear liability, watchdog says

LONDON (Reuters) – Britain has agreed to spend 3.7 billion pounds on COVID-19 vaccines and in most cases will bear the liability if claims are made against the pharmaceutical firms involved, the National Audit Office (NAO) said on Wednesday.

https://www.gov.uk/government/publications/freedom-of-information-responses-from-the-mhra-week-commencing-4-january-2021/freedom-of-information-request-on-covid-19-vaccine-liability-foi-20-532

I would like to know what the indemnity/ liability clauses are with the vaccine that is to be rolled out this month.

Furthermore I would also like to know who is liable for any adverse side effects that occur.

The MHRA holds no information on this. We recommend that you contact NHS England for this information,

I would also like to know why Pfizer and the NHS staff administering the doses required full indemnity?

The MHRA holds no information on this. We recommend that you contact NHS England for this information,

Video download link | md5sum 168a92bcf2df638d7400bf9c47205e22
Sirius Lied to Staff About Contract
Creative Commons Attribution-No Derivative Works 4.0

Summary: Sirius ‘Open Source’ developed a culture of chronic lying (managers lying to technical people) and even tricking people into signing contracts stacked against their interests; this must be exposed to the world

THE part just published is explained a little further in video form above, adding additional information to what we put in textual form. Expect another fortnight or so before the series ends.

I still try my best to most accurately explain the situation and any possibilities obscured by the NDA with the Gates Foundation. The video discusses yesterday’s meme and article before proceeding to the latest part. It notes that yesterday I spoke to NHS staff (there’s a very poor opinion about the Gates Foundation among health workers) and how Microsoft targeted a boss above the boss (CEO), sending its faux “open source” people (under false pretexts) to complain about me even more than half a decade ago. Yesterday I spoke to a lawyer again, forming progressively better explanations of what had actually happened as there are many angles to cover (and write down in simple words). It is all factual. Neither speculative nor defamatory. I know this company all ‘too’ well from the inside. I spent nights at the home of the CEO.

The company is in a state of panic. The brand is ruined. As noted in the latest part, apparently a relative of management was invited^* while the CEO was absent. The technical staff had not seen him in person since around 2017 or 2018! Who would take such a company seriously?
_______
^* Such nepotism (relatives as staff; no experience or qualifications need to be met!) would only become a lot worse over time. This one relative was hired to work on technical things in a technical role. He could never solve issues, he was young and inexperienced, he had no access capability (to actually tackle issues); to be fair, for Sirius it was very hard to recruit at this price point (very low salaries for a highly demanding set of skills). This kind of nepotism harmed morale in the company, as it always eventually leads to ruinous (but truthful) gossip among colleagues. It wasn’t just this one person either; imagine seeing one colleague kissing on the mouth a colleague who is not his wife, who also used to work in the company (or bracing in public two girls at once; not good… unsociable optics). Suffice to say, there is a “toxicity” associated with the realisation that the Support Manager already brought into the company three sexual partners as members of staff, none of whom qualified in a relevant field and/or with no relevant work experience, likely just to be shadowed by the partner. And it’s even worse for workers’ morale when owing to connections they have higher level access compared to far more senior staff (who is not sleeping with the manager). The girlfriends of the manager were not invited for contract-signing as they did the same behind the scenes, no pretences were needed. They were part of the “family”. If the company wasn’t “in hiding”, this would merit a more formal investigation by appropriate regulators.