Video download link | md5sum 74987f7fa344dfdc3ef4a4d40f5045ef

Hell, Sirius, Anybody There?
Creative Commons Attribution-No Derivative Works 4.0

Summary: In my final year at Sirius ‘Open Source’ communication systems had already become chaotic; there were too many dysfunctional tools, a lack of instructions, a lack of coordination and the proposed ‘solution’ (this past October) was just more complexity and red tape

“HELLO, anybody there?”

Hell no. Wait till we authorise the microphone, open the correct browser window, and then roll up some scripts. Within 3 rings! Yeah, right! No way! On old hardware that can barely cope with epic bloatware imposed on all staff by the stingy management.

Sirius never provided us with hardware (other than a very old and second-hand Cisco phone), but it expected us to multi-task with a whole bunch of junk and up to three telephone systems running in parallel. Does that sound like a competent company? Who made these decisions? And who’s being blamed? Decision makers? Proprietary software? Or the victims of both?

The video above explains the absurdity of the telephone system at Sirius, which was only getting worse over time because incompetent people were calling the shots behind closed doors and without consulting those affected by their decisions. Not to mention how they repelled or scared away Asterisk-capable engineers. As it turns out, technical people were starting to have technical issues with the new “Google” system, which they could only object to after it had been pushed down their throats.

The moral of the story is, don’t outsource communications to proprietary software, do not rely on clown computing, and don’t let incompetent people make decisions (more so in the dark, in secrecy). It would harm both staff and clients and at the end the culprits will refuse to take the blame, instead insisting that they can salvage the whole mess by going deeper into the trap which caused the mess in the first place.

Sirius is broken beyond redemption because it is now governed by truly incapable people, shielded by a culture of intimidation and surrounded by sex partners who blindly follow orders/instructions.

And those are just the technical aspects, not the legal ones.

“The ISO Delusion” (latest part) explained privacy or data protection aspects; ISO certification doesn’t mean compliance with common sense like companies controlling their own communications and protecting clients’ sensitive data, including passwords and private keys.

Video download link | md5sum 3fa713aa016effddd846715afa98523f
Sirius Abandoned Everything
Creative Commons Attribution-No Derivative Works 4.0

Summary: Staff with technical skills won’t stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself “Open Source”

DESPITE losing my best friend this week I am trying to keep active and to keep this series going. My friend helped inspire my activism and many other things. The video above explains some of the things that happened at work, based on practical examples (demonstrating that ISO certification changed nothing for the better). More people need to find the courage to confront their bosses and demand justice. Don’t just “play it safe”, try to actually fix things, from within if possible (taking this public is the very last resort).

The video above contains some of the backdrop to the collapse of Sirius ‘Open Source’. It comments on this post. The Gates Foundation was never mentioned in writing at Sirius, only once and strictly verbally in 2019. An NDA signed by Sirius Open Source (yes, that’s an actual sellout considering what the CEO used to believe in^*) changed things for the worse and resulted in the CEO being ‘in exile’. We’re talking about a fervent Microsoft critic, who [cref 168438 moved the company to Washington] for the “first US client” (yes, Gates) and weeks after it all happened not only myself but also my wife got falsely accused. We were acquitted only after months of humiliation. Nobody ever apologised for this.

Back then, as well as in 2017, I wanted to publish “Microsofters Contact My Employer to Get Both My Wife and I Sacked” (yes, it happened prior to 2019 as well). It’s truly quite maddening what Microsoft and its goons would do to silence me; they even pick on loved ones. This became a potential future topic way back in 2016.

More recently after I told a friend that Bill Gates, not Microsoft, was paying Sirius Open Source Inc. (with the actual timing being interesting; coincidence being improbable) a manager intentionally twisted/distorted what I said. What I said was factual, what they said I had said was not. Gates never needed British company to handle something thousands or American firms can easily handle (let alone ask this company to establish itself in another country, which is possibly what happened though the NDA hides it).
___
^* Here’s one old talk that covered “FUD (‘Fear, Uncertainty, Doubt’) as the nonsense that it is [...]”

The International Organization for Standardization (ISO) certification process means almost nothing. It’s just a glorified brand. Deep inside many people and organisations know it.

Dilbert on ISO 9000 Certification in 1996 (there are also 21 for ISO 9001)

Summary: Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)

THE past few days were spent explaining ISO certification in relation to Sirius. The next few days will be spent giving an example or a sub-set of examples of how Sirius handled sensitive data. It probably hasn’t improved at all since I left last month.

For some essential background, Sirius Open Source Inc. (not SIRIUS CORPORATION LIMITED) was grabbing Gates Foundation money back in 2019 — all this while registering in the US for this “first US client”, letting Windows users who adore surveillance get involved in decision-making while outsourcing more and more of what’s left of the company to dubious companies with NSA connections.

The problem here is that Sirius had British clients with their clients’ data on the systems. Some was medical data. What does the law say about access from another country and why was Google (American company) getting/drowning in legal hot waters for involvement in the NHS?

What’s more, it’s not clear if ISO 9001 certifiation allows personal computers at home, purchased and maintained by staff along with many other uses and applications, to be used as work machines (deemed “Secure”? Really???). Remember that, as we noted repeatedly in the past, the managers never bothered supplying the staff with anything; the company does not even provide a chair and a desk, as already explained in length here (mostly back in December). Did that pass muster at ISO’s cash register (ISO just wants the money)?

Well, maybe in the ISO forms the company can pretend that those computers were supplied by the company to staff when in fact the staff receives almost nothing from the company except a very old phone (Cisco-branded, Ethernet only; maybe 2 decades old).

While I’m not going to report this as a former insider, I do wish to explain what’s at stake here, at least as a cautionary tale. ISO doesn’t care; it has no quality control of its own; its workers are like corporate staff and they might not even care anyway; they got the money, and that’s what’s important to ISO. Many questions remain, e.g. which actual shell was the certification for? Do they realise they deal with a hydra or a polymorphous entity here (some of its shells are based in another continent, without actual boundaries within the company)? Even the pension schemes seem to be struggling to keep track and they need to be lectured on how the company splits and then illegally compels staff to sign papers without legal advice (nor proper understanding), as we noted here before. It was covered a lot roughly one week ago.

And sure, many lessons are to be learned outside the company, too. If regulators could find E-mails, they would not struggle to see incriminating stuff (we plan to add examples to the wiki), including NHS medical data “oopsies” (admission on the record, too), even for people do not consent to data sharing. ISO probably doesn’t care. As we said several times already, ISO only cares about money. With ‘anonymisation’ not working, accidents aside, there’s a big scandal brewing under the surface, but then again the privatisation of the NHS would likely misplace the blame. The media has several examples of known incidents and it’s a very big deal because the NHS has been pushing towards it, moreover offering to send some of this data abroad.

To be clear, NHS was not a client, except indirectly (contractors). But if someone wishes to find some major scandal/blunder, we welcome further investigation, i.e. people can do what ISO ‘cannot’ do because it would discredit ISO.

“There are 2 problems to track,” an associate noted, “one is the scam of the ISO 9000 certification. The other is the destruction of ISO as an organisation by Microsoft.”

Video download link | md5sum cc29a588d814b375a666bda5d567b58f
What Sirius Teaches Us About ISO
Creative Commons Attribution-No Derivative Works 4.0

Summary: Based on my experiences inside Sirius ‘Open Source’ — as I was there for nearly 12 years — I finally tell what I’ve witnessed about ISO certification processes (see ISO wiki for prior experiences)

Sirius ‘Open Source’ taught me a whole bunch of things; some were valuable technical skills, but many were negative experiences that I can finally explain out in the open, expressing in words various ideas that I formed (or formulated) years ago.

The above video concerns ISO and it is relatively long because it covers two parts instead of just one, starting with background and proceeding to real-life examples in the form of redacted E-mails.

The conclusion I reached years ago is that ISO is somewhat of a scam. It creates a barrier that mostly protects monopoly and it makes a lot of money by giving worthless papers, essentially turning managerial ‘religion’ into a fat cash cow. If more people understood the business model of ISO, maybe there would be no ISO anymore.

Summary: Before we proceed to showing how Sirius ‘Open Source’ blatantly ignored security and privacy we wish to show how ISO (see ISO wiki) basically ‘sold’ a certificate to Sirius — this is like a “diploma mill” but something that’s for businesses, not individuals

THIS is today’s second article on this topic. We’ve found some spare time for faster progression and in-depth coverage. As I noted yesterday, my wife had more direct and indirect experience (decades ago) with ISO being a bunch of meaningless hooey. So did I (having stumbled upon classical ‘box tickers’ or worse). Sirius is just another reminder of that. Hence this series and its relevance. It seems like a lot of people in technical fields separately and independently reached the conclusion that ISO is overhyped, overvalued, and mostly a waste of time and money (unless you have a ‘bullshit job’ to justify).

“This isn’t science. It’s like calling “economics” a science. It is not. It’s more like religion.”“My dad complained about the ISO in the 90s,” Ryan said in IRC an hour or so ago. “He constantly made fun of all of their “standards” for management of a company that didn’t mean anything but go on and on. It’s a sort of code so that managers sound smarter than they are. “We’re ISO-Whatever compliant with our handling of the TPS reports.” And the ISO standards can be wrong and never revised. Microsoft implemented the standard for MP3 and so did LAME, and then the result was they were both correct and Windows XP crashed. Part of the standard about what constituted the maximum size for a frame could be calculated one of two ways.Microsoft chose the more constrained way and it resulted in a buffer overflow with some files that crashed Windows Media Player. LAME had chosen the method that resulted in a slightly larger permissible frame size. The outcome was LAME had to be changed to use the Microsoft calculation to avoid crashing Windows, and that meant a reduction in audio quality under some circumstances, with padded bytes instead of data. Later, they changed to use the VBR bit allocator, even in a CBR file, and it mostly avoids the situation by its method of action. It can cleverly use the bit reservoir in ways that the former bit allocator that was only for CBR files couldn’t. Naturally, they never delete anything, so you can still demand the old model. It’s just an absolute nightmare of options switches. It’s the worst thing I’ve ever seen in a utility its size. ISO is kind of the stuff of Pointy Haired Bosses when it comes to Management Theory being standardized.”

Well, this whole “Management Theory” is what we’re dealing with here.

This isn’t science. It’s like calling “economics” a science. It is not. It’s more like religion.

Here’s what happened in Sirius (in mostly logical/chronological order):

Subject: ISO
Date: Mon, 29 Jul 2019 15:47:43 +0100
From: xxxx
To: xxxx

Hey All,

As you know we are going through the ISO processes – I have been asked to gather some information from everyone at Sirius to create a list of all assets used by employees of Sirius whether it belong to the company or the employee so if I can have the item name and serial number that would be great. They have also asked which anti virus you all use.

Are you all able to send me the required information ASAP please?

Thanks,

xxxx

Yes, because a bunch of serial numbers would mean so much! Of people devices at home… for the most part.

“They would nag us to do the same ‘course’ every year, even though it is dumb and we ‘passed’ it already.”A month later came “You have been registered for a Training course – Information Security” (no, not really security but this hoax instead). We’ll deal with that another day…

They would nag us to do the same ‘course’ every year, even though it is dumb and we ‘passed’ it already. This is compliance???

??”This is something that will be done annually for our ISO process,” I was told, “so please complete this on your next shift.”

??Way to waste people’s time, doing and passing a total hoax over and over again (details on why it’s a hoax were covered here before).

??Notice the threats being sent to ALL staff:

Hi All,

As you will all be aware we have been implementing new policies and procedures in order to become ISO 9001 and ISO 27001 compliant. Part of this entailed changing our HR company to xxxx who use the online portal Atlas to provide an easier method to roll out training. I have checked and there is still a substantial amount that has still not been completed.

ALL training sent out by myself needs to be passed and completed by the _*25th November 2019*_. This is to ensure we meet our deadline for the final stage of ISO audits.

Failure to comply with this request may result in disciplinary action. For those of you that have completed the training, please ignore this message and thank you.

Kind Regards,

xxxx

“Failure to comply with this request may result in disciplinary action,” it says. They kept making veiled and explicit threats. Sometimes this culminated in actual bullying, false accusations, and blame-shifting witch-hunts.

Of course the portals failed to even work properly. For instance:

> ALL training sent out by myself needs to be passed and completed by the
> _*25th November 2019*_. This is to ensure we meet our deadline for the
> final stage of ISO audits.

I was able to open all the documents and read them. The animated things,
or training sessions, get stuck. I tried each one of them about 5 times
(>each<) and they get stuck somewhere along the way. I tried this on
multiple machines. Rianne told she too had some difficulties.

I will try again on my next shift, but these technical issues do merit a
mention. They also rely on plugins Adobe no longer supports, posing
security risk (an issue aside from the bugs).

Kind regards,

[Roy]

Her answer was: “Have you tried using a different web browser?”

Of course she wasn’t using GNU/Linux or anything “Open Source”. This does not constitute an actual solution.

In 2020 the following was sent:

——– Forwarded Message ——–
Subject: xxxx – Things to do
Date: Thu, 26 Nov 2020 11:38:01 +0000
From: xxxx
To: xxxx
CC: xxxx

Hi All,

In October I issued Linux Training via xxxx. Can you all please ‘acknowledge’ this on your portal to show that you have opened and read it.

I also need you to ensure ALL training modules issued on xxxx i.e information security and documents issued i.e IMS Awareness presentation have been completed by the end of your next shift.

It is essential these tasks are carried out prior to our ISO Audit next week.

Kind Regards,

Well, those training modules and ISO guidelines weren’t even followed by Sirius. We gave examples of this before. In some cases, there were efforts to meet standards only after a certificate had been granted.

Sheesh. I’m not supposed to say this in public, am I?

What did those audits mean anyway? What did the above “ISO Audit” actually check? That the cookie drawer is properly locked when Office staff goes to retrieve some hot chocolate milk from the machine?

“In the next few parts we’ll show what Sirius did in practice, not in theory, and what it told staff, not ISO auditors.”Some other messages were banal. They indicated a certificate had been granted (in other words, Sirius basically bought one) after minimal so-called ‘audits’ and staff sending a bunch of numbers from the back of computers (as if that means anything at all).

ISO is a joke. When it comes to this administrivia, ISO created just another ‘cash cow’ for itself.

In the next few parts we’ll show what Sirius did in practice, not in theory, and what it told staff, not ISO auditors. It’s one heck of a clusterf**k with the company’s data scattered all over the place. That includes clients’ data, even private keys and passwords.

Summary: Sirius ‘Open Source’ has long used “ISO” — and sometimes “GDPR” — as catch-all excuses for all sorts of nonsensical policies; does ISO realise the degree to which it is being misused by incompetent ‘box tickers’?

“The ISO will basically standardize anything they’re paid to even if it’s impossible for anyone else to implement the standard, for any reason,” Ryan said in IRC yesterday. “They’re a corrupt group that will do anything for money.”

To make matters worse, ISO facilitated epic Microsoft corruption. ISO still enables crime. It didn’t seem to mind it or worry about it. It only worried about the impact on its image/reputation. The EPO‘s management also habitually uses “ISO” to distract from the EPO’s crimes. We covered several examples several years ago. “The ISO hoards “standards” and won’t let you read them for free,” Ryan said moments ago. “So on top of patents, things only Microsoft can implement, etc. There’s this. Unless you tore apart LAME’s source code and tried to write new documentation for MP3, you can’t share high level documents with anyone. I doubt that the paywall is a huge cash cow for them. You still can’t share the official MP3 specification. The source code to LAME or Helix are the specification you can see without ponying up almost $300 iirc for a specification that describes it at a high level. By looking at source code, you can’t clearly understand every part of it unambiguously unless you’re a Mentat or something. The developers of LAME buy the PDFs but how much revenue is five people buying PDFs? Or maybe a dozen people even?”

Here’s one example from Sirius: Nothing to do with ISO, yet “ISO” gets mentioned all the time — the go-to excuse for everything. Any terrible policy…. such as classic “bullshit jobs” (making lists of tickets aside from the ticketing system, for no actual purpose other than to keep us extra busy).

Skip to the bold bits for the ‘short’ story or the gist:

Ticket Review – This is priority and compulsory

——– Forwarded Message ——–
Subject: Re: Ticket Review – This is priority and compulsory
Date: Fri, 31 May 2019 12:45:09 +0100
From: xxxxx

xxxx,

Support is contracted to work 8 hours. This time should be used productively for the company’s requirements and business needs. And right now business needs this report from every shift to update the clients. We are also going through quality control for ISO purposes [Ed: emphasis ours]. This makes it even more important.

This is how your shift should really go:

1. Start shift
2. Read Handover
3. Respond to any emails
4. Ticket review
5. As and when new tickets are added to xxxx – enter these onto the relevant ticket review reports on the fileserver for each customer – whilst doing the ticket review, update if status has changed to either open – ongoing OR closed.6. Work on tickets/check monitoring etc for rest of your shift
7. Write detailed handover and send
8. Finish shift

It is not an unreasonable requirement from management.

If you have anymore issues email me directly or xxxx and do not cc anyone else as I don’t want a long email thread which is going to take focus away from objective.

Kind Regards,

xxxx

> xxxx wrote:
>
> I’m sorry you don’t want my input, but I think this is a very important point that needs making. The trouble is that I can’t see how this is going to improve the amount of tickets that we have open at the moment. What is needed is for each of us to actually work on the tickets.
>
> On 31-05-2019 11:35, xxxxx wrote:
>
>> Hi xxxx,
>> The status box requires open/ ongoing or closed. It doesn’t require details.
>> Please read my email again and follow instructions.
>> This is compulsory and required from each of you.
>> This really is not open for discussion.
>
> [...]
>
>> wrote:
>>
>> I understand. But it would be helpful for me if you would would
>> clarify what exactly is required by a Ticket Review. For me,
>> there’s no point writing largely irrelevant or obvious comments
>> at the bottom of each ticket. What is needed is to actually work
>> on each ticket and resolve it so it can be closed.

Well, that stopped getting done when they decommissioned our last server. So that clearly had nothing to do with “ISO”. The management lied to us and misused the “ISO” straw man.

Does ISO deserve to know this?

Another unqualified “manager” did the same with “GDPR”. To provide some context (2020 E-mails):

> Hi Roy,
>
> Why was this handover sent at 1:03 am – your shift is meant to be
> finished at 1:30 am.
>
> What is the reason for this?

Again, I think this is a misunderstanding. Check the past 8 years’ worth
of handovers at 1-1:30am. Look at the time pattern.

Did you send a similar message to all my NOC colleagues as well?

Regards,

She didn’t ‘get’ the message. I did nothing wrong at all. We all did the same thing even close to a decade earlier. She wrote:

Hi Roy,

Why did you leave your shift at 1:14 am (Tuesday 3rd March 2020)?
Your shift is meant to be until 1:30 am.
There was no prearranged time change request with management or request to leave 15 mins early in writing from you in our records.

I am concerned with this issue. Would you kindly clarify?

I responded again:

> Hi Roy,
>
> Thanks for your email.
>
> I raised these questions yesterday as I noticed that you said bye on
> your slack convo at 1:14 am (I have sent you a screen shot in previous
> email) that made me investigate further and I came across your handover
> times. Hence all these questions.
>
> We would request you to complete your full shift as prescribed and not
> leave early in future.

My handover times are not different from my colleagues’.

Can you explain further please?

Regards,

I responded yet again:

> Hi Roy,
>
> Why did you leave your shift at 1:14 am (Tuesday 3rd March 2020)?
> Your shift is meant to be until 1:30 am.
> There was no prearranged time change request with management or request
> to leave 15 mins early in writing from you in our records.
>
> I am concerned with this issue. Would you kindly clarify?

This is a very surprising message.

For the 9+ years I’ve been in the company we all (always) handed over at
1 to 1:30am, often leaving before 1:30. The above is not at all out of
the ordinary. For any of us…

Regards,

At this point, bearing in mind the previous year’s bullying by her, I kept a copy of the message as a reference (HR, hired by Sirius, advised me to keep copies of key correspondence due to perceived witch-hunts).

To quote the Office Manager on “GDPR” (message redacted a little):

Hi Roy,

When on the 3rd shift (17:30 – 01:30) your shift finishes at 01:30 not beforehand.

xxxx simply requested that you comply with your correct working hours as we could see on slack and your time tracker that you have not been working up until the end of your shift. This isn’t an unreasonable request and doesn’t need to be questioned, its quite simple, finish your shift on time.

I understand the handover being sent over between 01:00 – 01:30 as that allows the colleague next on shift the opportunity to read the handover and discuss anything with you.

On another note, if you can please keep these emails within the company – I can see you have responded/cc’d from your personal email. With GDPR being very important, I do not want any of our client/Sirius data being available on your personal email so its essential to keep work-related correspondence to work emails.

I hope this clears everything up for you.

Kind Regards,

xxxx

I also said:

>> Hi Roy,
>>
>> Thanks for your email.
>>
>> I raised these questions yesterday as I noticed that you said bye on
>> your slack convo at 1:14 am (I have sent you a screen shot in previous
>> email) that made me investigate further and I came across your handover
>> times. Hence all these questions.
>>
>> We would request you to complete your full shift as prescribed and not
>> leave early in future.
>
> My handover times are not different from my colleagues’.
>
> Can you explain further please?

I have received no reply for a day.

I am used to that.

This is not the first time I get unwarranted bollocking and it’s the
kind of thing that can drive away experienced and crucial colleagues
over time.

What I did wasn’t wrong; it doesn’t hurt to get an apology for trying to
shame me in front of the CEO for something I did which was not wrong.

Kind regards,

Of course she never bothered to apologise. She just vanished. Her sidekick had to audacity to say that slang like “bollocking” was rude, ignoring how rude the bullying was and instead focusing on style and choice of words (that British slang isn’t even rude, unlike “bullocks”). It should be noted that the bullying did not start and stop in 2019; it carried on well into 2020. The above example is one of several.

In summary, what we deal with here is two people bullying staff. They’re not qualified for any management role, but they seem to enjoy the ‘thrill’ of pretending that they are. It would become a more persistent problem as new imposters would attempt to cover up the company’s gross understaffing, e.g. a person without knowledge and ill-equipped or unequipped on the beat, pretending to cover a NOC shift or offer a service (that’s the CEO).

The company was lying to clients.

Remember that this is a company where there’s no chance at progression except through nepotism (like family/kinship and sex). At the moment it’s very hard to know what happens in the company, but that’s hardly different from how it was before, as a cabal was working behind the scenes and behind our backs, scheming to do all sorts of illegal things while lying to us (about who left, who was becoming a client and so on)

Sirius has a culture of extreme secrecy, even for insiders. Someone needs to show the ‘dirty laundry’.

In closing, to quote Ryan again (as other than Microsoft’s OOXML crimes there’s the MPEG cartel ISO controversy): “The ISO is still impeding LAME because someday they’ll lose all of the people who understand the code and then someone will have to fix it up to continue working. I’d argue that you almost can’t have standards with ISO. You have to publish them without ISO into the public domain to truly call them standards. People should get these Public Domain documents and decide whether it’s a standard themselves or not, like ZIP or Opus. You’ll notice they didn’t go to the ISO with Opus. They went to the IETF. The IETF standard, you can read. You can read every draft copy too so you know how it changed along the way if you care to. The ISO won’t give you drafts of a standard even if you pay so there’s no seeing how the process evolved. The ISO is probably even nasty in ways that I can’t fathom. But the ones that I know of are bad enough. FhG was not happy about LAME, I can tell you that much. Not happy at all. Even though it made MP3 hugely popular. They don’t acknowledge it even once on their Web site, even their little “MP3 History” museum, which I don’t even think mentions music piracy either. So that’s kind of like “Wikipedia-izing the History of MP3″. We’ll just gloss over Napster and LAME. Wasn’t important. Not gonna go how the format would have failed completely. We marketed it brilliantly and it was a hit out of the ballpark based on secret documents and patents, and ISO. Secret documents, patents, and ISO are in the way of progress, constantly, and the secret documents and ISO can be cut out of the process a lot easier than reforming the patent system.”

How about “ISO” being leveraged to lie to staff?

Video download link | md5sum 07a2f3b98615ee2d67a59e46c7ac4f8e
ISO as Meaningless Certificates Mill
Creative Commons Attribution-No Derivative Works 4.0

Summary: Sirius ‘Open Source’ has used “ISO” as a catch-all talking point since 2019 in spite of doing illegal, unethical and truly dubious things while failing really badly at security

IN OUR last post we started the first part of several parts about ISO, commencing a separate (sub)series of posts that may take about a week to finish.

Sirius ‘Open Source’ disregards security advice, deems commentary that it lacks security staff to be “defamatory” (actually it’s perfectly factual), and moreover it is ignoring advice from technical people who do have a clue — all this while failing to do basic things like change passwords after a major breach.

If ISO considers that to be “OK”, then that says a lot about ISO.