Summary: The crimes committed by my last employer are becoming very apparent and crystal clear to see; meanwhile there are other crime victims coming out of the woodwork and we shall give them a voice, not just further information

THE Sirius ‘Open Source’ series is being followed closely by a lot of people. It’s routinely mentioned in Techrights and Tux Machines, even my personal site for more important topics/aspects.

Many people are impacted by this issue, even if one person is more vocal about it (I’m fortunate to have a platform in which I can speak about this). For the sake of geeks, and for human/labour rights (or “tech rights”), we need to expose what happened in the company I knew from the inside for nearly 12 years. We have lots left to publish and plenty is still being investigated (several things are always being investigated in parallel).

As the a video above notes upfront, I didn’t expect to cover any criminal aspects, but while doing the first batch I stumbled upon anomalies and started contacting authorities, companies, former colleagues etc. It didn’t take long to realise what sort of hydra we had all along dealt with; many workers were robbed and bullied, but the company threatened people not to speak about it with colleagues. Well, enough is enough and the ‘dirty laundry’ will come out. The world needs to see a workplace that isn’t just toxic but also corrupt. Many insiders (back then) didn’t realise the scale of the abuse, but they realised this afterwards or are coming to realise it now (with more facts being made publicly available). The company must have had several hundreds of workers over the years (if one counts associates and partners, maybe 300) and quite a few of them got burned. They’re not alone anymore and accountability will be pursued. The CEO of the company ran away last month, but he too cannot hide. He’s still in the UK, hiding in his ‘tax shell’ (registered at the address of the accountant). At the moment we explore all the legal avenues; exposing what was in the NDA (signed with the Gates Foundation when staff was compelled to sign a new contract in a likely illegal fashion) would be a cherry on the cake. Maybe there will also be arrests, but that can take a long time. That’s OK. We have patience. The facts are on our side.

Summary: The crimes of Sirius ‘Open Source’ will be the subject of many future posts and today we explain why this is a subject of relevance to Techrights

THE pension situation where I worked for nearly 12 years impacts a lot of people and it helps reveal rampant corruption in the pension ‘industry’. I’ve been thinking about this deeply for days, also in light of several news items about France and about the US pension promises being unsustainable. Are people meant to ever retire? Are people living to work? Or they do work to eventually live? (Hours after work or after they leave work altogether)

We have a lot more information in the pipeline, albeit we’re limited by what we can say at any one time. The reasons are explained in the video above as well.

Why did the accounting people allow pension fraud to carry on for so long? Could they not refrain from collaborating? In fact, who does the accounting anyway? There might be an even more sinister scandal therein and we’re investigating the matter.

Another question: can one actually withdraw a pension early? The state would say that’s possible, but companies lie their way or simply hide when the subject comes up (e.g. bank details specified or time for cheque to be picked up with paperwork signed). The outcome of any hypothetical investigations into this turn out to be ugly. The pensions seem like a black hole. You can put money in, or think you put money in, but you can never take anything out.

Our approach here has been multifaceted; the goals and methods are many. Since we deal with an actual criminal matter, we cannot be ignored by pension providers, police etc. They cannot simply turn a blind eye. Everyone agrees that pension providers are very sensitive about their brand/reputation (more so than banks). There are several reasons for this, but those are beyond the scope of this post.

As noted in the video above, many in the “tech” sector have a decent salary and thus pensions. Employers typically enroll staff as means of lock-in or “loyalty”. Millions of programmers and GNU/Linux engineers have been subjected to this, so it is on topic and very much relevant now that the media starts questioning the viability of pension-like systems (in the long run). Discussing the matter can compel them to double-check these things and, in general, it’ll help guard workers’ rights.

The coming week should be interesting as we investigate along several separate lines. First, the accountancy. I wrote to them this weekend:

Hi,

I am writing to you as a person who recently resigned from your client, Sirius Corporation.

You may or may not know this, but Sirius Corporation and a shell called Sirius Open Source Ltd. changed their company address to your address this past October. I confronted the company’s CEO in length over it (40-minute phonecall). He supplies a false address. The company claims to be based at your address. This CEO resigned only weeks ago.

To make matter worse, the company committed serious pension fraud, as confirmed to me and ex-colleagues on April 11. We have formal letters from Standard Life to share with you. This is now a criminal matter and a serious issue that may unfold in months to come. It represents potential reputational harm to your firm.

We expect the the person you’re dealing with might face extradition proceeding and prosecution for fraud, committed against many people for years.

I can discuss this over the telephone with you. It’s an urgent matter.

In addition, we’ll show what happens when you ask a pension provider to explain lies from many employees, including a manager. We’ll then show what happens when one asks for an “unauthorised” (but legal) withdrawal.

Finally, we can show what happens when trying to tackle criminals directly. Imagine the “big boss” pretending that he does not even exist; while he was stealing a lot of money from his staff in secret he worked out secret deals, eventually one with Bill Gates under an NDA.

To be very clear, this is not about the money; this is not about “destroying Sirius” either but about holding criminals fully accountable and doing justice for the victims, of whom there are many (Standard Life actively obstructs inquiry into how many).

The crime in this case was committed against GNU/Linux enthusiasts. It was committed by people who are not even using Linux but are recommending the Linux Foundation. Yes, that one! Remember that Linux Foundation is not for Linux. Linux is for Linux Foundation, but Linux Foundation is not for Linux but for Microsoft et al. It’s not a reciprocal relationship but an exploitative one. The same is true in Sirius. The company has oppressed and exploited people who actually use what the company uses in its marketing.

For comparison’s sake, to paraphrase a friend, there’s the Linux Foundation, which has Microsoft staff on the BoD. In Sirius, the management staff does not use Linux. Then we have the Linux Foundation, whose director doesn’t even use Linux. Or Linux Foundation, which fails to protect the kernel from hostile code. In the case of Sirius, money was taken from Bill Gates in secret. We still cannot figure out what the NDA was meant to hide and why there was a relocation to Washington. Then we have the Linux Foundation, whose bureaucrats have higher salaries than key developers. Remember that Sirius paid its technical staff like 3 or 4 times below market standards (for this kind of job and working times).

Compare this to the Linux Foundation, which has Linux-hostile board members. In Sirius, some managers just bullied the staff and oppressed people like it was a hobby

The Linux Foundation, which advertises for its most hostile competitor, seems like an apt analogy here for many reasons. The bottom line is, the company engaged in fraud (we only found out this year) and its victims are many people who actually use GNU/Linux, unlike the perpetrators of the fraud.

IN THE previous part we showed some preliminary statements about this report regarding Sirius ‘Open Source’, a company known very well from the inside for nearly 12 years. Today we can introduce the softer side of Sirius or what Sirius used to be.

The Open Source Era

At the Beginning

Sirius is early Patron (sponsor but a more modern term for sponsorship) of KDE, a prominent European project for GNU/Linux- and BSD-centric desktops and laptops. Sirius is also an early Patron of the FSF, which stands for the Free Software Foundation (listed and thanked by the FSF for several consecutive years, as The Internet Archive’s Wayback Machine confirms). The FSF was established in the mid 1980s, i.e. almost 1.5 decades before Sirius was even founded. Many early employees of the company were GNU/Linux users, KDE users, even Debian Developers. They were highly technical people who shared the philosophy reflected upon by these (aforementioned) generous donation.

The Wayback Machine shows the Sirius site (old snapshots). Wayback Machine screenshot of the front page:

Wayback Machine screenshot from the FSF:

The company was able to attract high-calibre staff based on these credentials and hard-earned track record. Roy too was attracted to the company based on these publicly- and readily-visible credentials.

People worked overtime to please Sirius clients, some of which were very high-profile. Sadly, as we shall show later in this document, that’s no longer the case and hasn’t been so for several years. The company is living off or leeching off its (distant) past reputation and is extremely paranoid about people finding out about a rapid pivot across numerous dimension, e.g. in-house technology, levels of relevant skill mastered by staff, overt nepotism, and promotion of technologies not compatible with the company’s original mission statement. A lot of the work produced by the company — and it is no longer so much in-house work — leverages Open Source/Free software (libre, or free as in freedom) but does not share back the contributions (or mere code changes), even when initially there’s intention to do so, even if not for licence compliance purposes but status (companies that share back code and don’t just use or exploit code have better karma, averting the image of becoming parasitic to the community).

An Exercise in Optics

The company’s Web site is intentionally outdated. It projects outwards an image of a company that may or may not existed about half a decade ago. Some of the clients being bragged about are well over a decade old. The intention there is to use past clients, no matter how old, to present a credible, potent, highly-experienced firm with high competency. A lot of the actual work gets done by associates (external contractors), not dedicated staff, and those associates have their own firms, which aren’t connected to Sirius at all, except maybe loosely. We’re left to assume that Sirius quietly transforms into a sort of middleman or reseller across a number of domains. For instance, there are a number of things Sirius claims to be supporting, but managers inside the company have no actual staff familiar with ways to maintain such things, so Sirius would typically contract outwards or outsource. This is a crucial point. This isn’t how the company presents itself to the public.

The company, at least in the past, not only had legitimate credibility in the Free/Open Source software world; it goes beyond that. This is well documented and it’s not too hard to find the company’s founder cited extensively in the technology-centric media, especially over a decade ago (Roy used to cite him a lot, including in his site, Techrights). The founder is very visible in national and international press.

The company made a name for itself by attending international events and even hosted an event promoting the use of OpenDocument Format (ODF) in the UK. That’s vital advocacy of Open Standards at a very crucial point in time (format wars and struggles against vendor lock-in). As we shall see later on, these laudable outreach efforts have played a considerable role in attracting Roy’s interest in the company. As an aside, the company first sought to recruit Roy, way back around 2006. The founder of Sirius phoned Roy when Roy was completing his Ph.D. degree in Victoria University of Manchester.

“Social Control Media” is a term I coined many years ago; many people, even Wikileaks, have adopted the term since then. When I say “Social Control Media” I don’t limit myself to Twitter and Facebook; it also applies to LinkedIn (Microsoft claiming to ‘own’ your identity), GitHub (Microsoft claiming to ‘own’ your work/code), YouTube (video), and TikTok (crap). More importantly, as I’ve repeatedly pointed out in Techrights, Free software- and freedom-based sites aren’t robust to many of the same issues (volatility, misinformation) and even if they’re self-hosted, decentralised, federated etc. their existence is transient. Some sites or software will cease to be maintained within 5 years or less (in the case of self-hosting, a new version of PHP, for instance, can break the software you self-host).

Static sites with simple files are generally a good idea if you intend to keep your data, not only through the Web but whatever protocols will exist and get popularised in the future. More importantly, never rely on making “connections” online; make them “in real life” as real friends don’t need the Internet to keep in touch. I’ve hardly used the Internet at all to keep in touch with real friends.

Next Friday JoinDiaspora will go offline after more than a decade. When it comes back online it’ll be “read-only”, available temporarily only for users to be able to export their data and move it elsewhere (to another pod). All the connections will be lost, even if posts and comments are going to be preserved, according to the promises from the project’s core team.

Maybe I’ll fondly remember those 3,000+ “followers” I gained in JoinDiaspora.

What about the 2,000+ “followers” of Linux (TuxMachines)? I hardly ever knew them.

After thinking about it for over a month and having spoken to another person who has posted heavily to JoinDiaspora for over a decade (with many “followers”, too) I am pretty certain I’ll migrate both accounts to another domain, another pod. I’ve not decided which one yet, but it needs to be something that can last and keep alive for at least another decade. As I explained here a few days ago, I’ve already lost more accounts than I can remember. I don’t want to jump from one dying pod to another soon-to-die pod. As for self-hosting, it’s out of the question due to complexity (Diaspora became bloated; I tried installing it almost 8 years ago and it was already very heavy and complicated to manage).

For me, IRC provides a more reliable means of communication and it’s vastly easier — not to mention a lot cheaper — to maintain.

–Jesse Berst, ZDNet editor

MY GENERATION (I’m 37) grew up on DOS. Not necessarily Microsoft DOS, either. Just DOS. As a kid I used to work from the command line. We, as kids, taught one another new tricks; sometimes an adult would visit to teach us things and copy some programs for us (floppy disks with compressed archives). Various utilities like RAR were useful. Sometimes an infection (malicious program) needed to be removed. That was before the days of Windows 3.x — the days we used ncurses-type interfaces to type documents and send these to printers. Later on I did some programming with batch files and at around age 15 I started with Pascal (quite popular at the time owing to simplicity and relative elegance).

I mostly missed the BBS generation (some friends of mine used it; they’d copy for us files they got from there). When bulletin board systems were still popular many computers did not even have modems (few of my classmates had them, usually because of lack of a technical parent, and only one of them was a GNU/Linux user in the mid/late nineties). I think I got my first modem when I was 14 and IRC was probably the first thing I used “on-line”. After Windows 95, which many people used at that time, I bought my last Windows laptop. Actually, my father bought it. He used it and then passed it to me. It had only 32 MB of RAM and Windows 98. I carried it around and used it in university as an undergraduate student (at the faculty I used GNU/Linux at the time). It retired years later and I’ve not bothered with Windows since then. I wrote a great deal about it in USENET at the time. Memories from these days are mostly gone by now; I barely ever touch Windows and when I do it’s over Remote Desktop, typically to access a client’s network, e.g. to run PuTTY from a remote system. That happens about once a month (patching Debian GNU/Linux servers).

Was Windows 98 a decent operating system? No, it was unreliable, but at least it ran on modest hardware without much RAM. I ran Firefox on it, with a total system capacity of something from the mid-nineties (~400MegaHertZ CPU, 32 MB of RAM). That was before Microsoft added back doors to Windows (this was reportedly done in 1999), before the bloat of NT and before DRM (Vista).

With 3 weeks left before the end of this year (and this decade) I remember not so fondly the 90s, back when I used Windows. In 2000 I moved to GNU/Linux, helped by a Finnish friend, an exchange student at the university. In a sense, next year I become a 20-year GNU/Linux user.

AST night I saw a somewhat ‘trollish’ bunch of reports. I saw Slashdot [1], linking to Phoronix [2] with a grammatical mistake in the headline (“Yes, Linux Does Bad In Low RAM / Memory Pressure Situations On The Desktop”).

Let me first clarify that I’m no kernel guru. Far from it. I’m a programmer, but not an OS programmer or kernel developer.

“Is this accurate?”

That’s what I asked people who may know better. They know kernel developers (and development) better than me.

“Is it true or is Phoronix taking the piss?”

I saw comments on it (almost 100 in Phoronix and 400 in Slashdot), but they’re short and vague. How is Linux doing compared to other OSes?

“ZSWAP makes a huge difference (RAM compression),” one person told me. “GRUB_CMDLINE_LINUX_DEFAULT="zswap.enabled=1 zswap.compressor=lz4 zswap.zpool=z3fold"”

“Windows 10 & MacOS & Ubuntu have RAM compression on by default,” he added.

“I’m not sure exactly what they have,” he continued, “but I remember reading about it before. RAM compression isn’t new at all. But it is relatively new (few years) to be on by default.”

Linux kernel space is typically ahead of the curve (compared to the competition); Con Kolivas comes to mind when it comes to claims that it’s optimised for servers but not for desktops (the scheduler, not RAM/swap management).

To check compression status on one’s system:

grep -R . /sys/module/zswap/parameters;sudo dmesg|grep zswap; sudo grep -R . /sys/kernel/debug/zswap;f;sudo sh -c 'cd /sys/kernel/debug/zswap;perl -E "say $(cat stored_pages) * 4096 / $(cat pool_total_size)"' # to check if loaded ; used ; ZswapCompressionRatio

How can one argue that GNU/Linux does worse than counterparts? Slashdot promoted this story with about 400 comments and Phoronix even has a grammatical mistake in its headline (Slashdot corrected it, Michael of Phoronix has not.) It’s an eyesore in a sense; both the message and the English. The headline also states that as fact even though it’s to be attributed to just one developer, Artem S Tashkinov. To an outsider (to kernel development) it may smack of clickbait. It’s stigmatising “Linux” as not successful on “desktop” because of “technical” “issues” (not OEM bribes, ISVs etc.), but if it’s based on purely factual bits, then let it be, I’m fine with it.

My gut feeling was, there’s likely more to the story; can Apple and Microsoft handle compression of RAM for instance? If so, how well? I don’t know people running Apple-branded systems and PCs with Windows on just 2 gigabytes of RAM (which is the most I ever had on any of my systems; same with my wife, who is a GNU/Linux user).

Another person, who is proficient at kernel matters, told me: “I have caused Linux to stall in swap hell many times and there are long list of particular causes of it. facebook made oomd to attempt to deal with it in userspace.”

The first person weighed in again: “they should compare to other distros, and to MacOS/Windows. But the complaint is valid, IMO: that Linux (defaults) *should* be ‘smarter’ when OOM; check what is your vm.vfs_cache_pressure. $ cat /proc/sys/vm/vfs_cache_pressure [...] I have mine set to 50, because this article makes sense to. (but I’m not sure what default is nowadays?)”

A third person wrote: “my Orange Pi with 2 GB of RAM running everything mainline is my main desktop, which runs generally fine with a swapfile of also 2 GB…”

That was in the #techrights IRC channel this morning.

The person added, “the bigger question for me is why applications these days are so heavy and slow…”

That last point is what I too have raised many times before. GNU/Linux is handling reasonably well a complete system with 2GB of RAM (or less). Super-bloated applications is where things start getting trickier.

Related/contextual items from the news:

1. Linux Performs Poorly In Low RAM / Memory Pressure Situations On The Desktop

   It’s been a gripe for many running Linux on low RAM systems especially is that when the Linux desktop is under memory pressure the performance can be quite brutal with the system barely being responsive. The discussion over that behavior has been reignited this week.

2. Yes, Linux Does Bad In Low RAM / Memory Pressure Situations On The Desktop

   It’s been a gripe for many running Linux on low RAM systems especially is that when the Linux desktop is under memory pressure the performance can be quite brutal with the system barely being responsive. The discussion over that behavior has been reignited this week.

   Developer Artem S Tashkinov took to the kernel mailing list over the weekend to express his frustration with the kernel’s inability to handle low memory pressure in a graceful manner. If booting a system with just 4GB of RAM available, disabling SWAP to accelerate the impact/behavior, and launching a web browser and opening new web pages / tabs can in a matter of minutes bring the system down to its knees.

elcome to Linux.com!

Microsoft… is “OPEN SOURCE”!

Sadly, this has become far too common in that site under its new (and sole) editor. Whose interests are served now? Linux Foundation sponsors.

emember NewsForge? Or Geeknet? Yes, once upon a time Linux.com was a site for geeks; under the Linux Foundation’s ownership it gradually became a site for large corporations, where they could buy puff pieces and interviews (agreed upon in advance, as covered in Techrights). But among those puff pieces and ads one could at least find some journalism.

I’m sad to see, 2 months down the line, that Linux.com is practically dead. Nothing new is being added to it. It’s now a fossil. Eternally? The Foundation has said not a single word about it. So much for openness and transparency, eh?

RGOS, the British retailer which according to Wikipedia employs over 50,000 people, seems to have moved many of its well-integrated systems (online and in-store) to a new platform not too long ago. We’re frequent customers, so sometimes we see downtimes and issues which reveal details about the back end. There is something we can report today.

Yesterday at Argos there was a malfunction at the terminal (thin client with IBM touchscreens as the only user-facing part) and it uses GNU/Linux, as one can easily tell. Argos seems to be using Fedora (an old version likely) based on the window decorations, probably with GNOME/GTK. For 50,000+ staff plus millions of customers that would be a lot terminals running GNU/Linux.

Argos recently changed the terminal systems/front end (not to my liking, as I liked the old interface better). The crash yesterday resulted in an error message showing Opera (proprietary Web browser), so presumably that is what they are using on top of GNU/Linux. Odd choice of browser, but that’s what they want….

Last year we reported that another British giant, Ryman (smaller than Argos, but still a highstreet chain), had moved to GNU/Linux. They told me that had dumped it due to Windows malware.

Incidentally, a friend who goes by the name iophk (for anonymity), shared this link with me yesterday. “Windows should not be on PoS or anything else mission-critical,” iophk wrote. Well, based on Ryman and Argos turning to GNU/Linux, many large stores gradually learn this. My current employer moved Specsavers (British giant) to Free software in the server room a long time ago, about a decade ago.

$ host www.facebook.com
$ whois -h whois.radb.net 31.13.91.2  | awk '$1=="origin:" { print $2 }'
$ whois -h whois.radb.net '!gAS32934' | tr ' ' '\n' > /tmp/fb
$ sort -n -k1,1 -k2,2 -k3,3 -k4,4 /tmp/fb > /tmp/fb2
$ for net in $(grep '^[[:digit:]]' /tmp/fb2); do sudo ufw --dry-run \
  reject out to $net;done

Or modify for direct use of iptables on OpenWRT.

Remove --dry-run to make it work on systems that use UFW. For plain iptables, one needs to use a different line but then need some additional tricks unique to each distro to make the settings persistent across reboots.

“I put up something a while back on HowToForge about this,” said the source of the above script/comamnds, “but it always needs new coverage. I usually do the same for Microsoft networks, too.

“People with decent router hardware but still with stock firmware should be nudged to OpenWRT.”