Probably the final week of this series

Summary: Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything

THIS is the part of this series where we focus on examples of Sirius failing on technical merits and compliance/conformance. Eventually we decided to show redacted E-mails on ISO along with my copied messages to management regarding bollocking and how it all started, me asking for an apology etc. Being accredited or recognised isn’t the same as being capable and potent. As I mentioned in the very first post in this series, when I joined the company it was different beyond recognition. The company had its own hosting (in its own premises). In 2022 we were suffering habitual outages as we don’t control our systems anymore (Slack, AWS downtimes were common; in prior years clients that relied on Clownflare also suffered outages due to Clownflare rather than their own hosting). To make matters worse, there were security breaches and the company ignored them. I kept bringing that to management’s attention, only to be ignored or rebuffed. Remember this hoax of Citation/Atlas was covered in Techrights years ago. Sirius does not teach its staff real security and does not hire people who understand or value security.

The company had a bizarre trajectory of moving from self-hosted (e.g. Asterisk), then outsourced (but still Free software, ‘managed’ Asterisk), then outsourced proprietary spyware like Google Voice. If “Open Source has won” and if Free software is becoming more widely used, then why is Sirius going in the exact opposite direction of what it was advocating? This is a management decision. It’s not the fault of technical staff — the staff which all along opposed this.

Notice the practice of password outsourcing. Here’s a direct quote sent in a request to me personally: “Put the WordPress credentials (admin user, etc) in a lastpass note and share it with xxxxx (securely, within lastpass) and we’ll be setting up a very temporary and basic portal to share info across the team, to help keep everyone better updated given how Absolutely Mentally Busy it is right now. It’s entirely for internal use when on the VPN.”

It’s another example of mishandling access credentials inside third parties (Slack, LastPass etc.), oftentimes not just rejecting “Open Source” but actively ripping apart Open Source things that work, replacing them with technically inferior and likely illegal (in some cases, due to data protection) proprietary stuff.

The management did even worse than this; it failed to do very basic things, such as sending payslips and sometimes paying the pension provider. Instead they made colourful excuses, so I decided to take photographs of letters from the pension provider, recalling those blunders and deciding that it’s worth discussing belatedly (and maybe add E-mails also; there were loads of E-mails about payslips, not just pensions, spanning different years from 2018 until the present day; there were phonecalls too, but those aren’t recorded).

The management was also bad at communication and correspondence. See the example below (2019):

Subject: Re: I need these tickets dealt with by support
Date: Thu, 3 Oct 2019 11:15:56 +0100
From: Rianne Schestowitz xxxxxxx
To: xxxxxxx
CC: xxxxxxx

Hi xxxxxxx,

I responded to this email last weekend. Please check your inbox. If you
haven’t received it, I can send it again.

Many thanks,

Rianne

–
Rianne Schestowitz, NOC Extension 2834423
Sirius – stress free technology

http://www.siriusopensource.com

t: xxxxxxx

> Hi,
>
> I need these tickets dealt with by support.
>
> 1. Ticket#108642: Roy or xxxxxxx need to answer about security.
> 2. Ticket#108813: Replied with more questions. Can’t reproduce the
> error so far. Back with Support, awaiting feedback.
> 3. (Multiple) Tickets relating to masking – Code fix done, Release done
> and in live. Check with each client once data reimported. Support
> team can do this. xxxxxxx have already confirmed it works.
>
> 1. Ticket#108833: Already fixed, just needs a fresh xxxxxxx import.
> 2. Ticket#108769: The masking fix is done, we just need to schedule a
> reload.
>
>
>
> xxxxxxx xxxxxxx
> Sirius – stress free technology
> http://www.siriusopensource.com
> Tel: xxxxxxx

This was the year bullying against staff started, not too long after Gates Foundation money had landed under an NDA and something called Sirius Open Source Inc. was quietly formed in the state of Washington (where Microsoft and Gates are).

We spent nearly a month explaining what I had already written internally before resigning; we remembered to publish the entire PDF at the end (crossposted in my personal site too) as it is important to emphasise that I raised most of these concerns for years inside the company. Inaction and retaliation led to what became of it, spilling the beans out in public. I never did anything even remotely like this with any of my past employers.

his is the latest (still ongoing):

> Good morning Dr Schestowitz
>
> Apologies, I didn’t note the screenshot in your first email.
>
> For the week you are referencing, we did not publish the numbers of
> death occurrences (date of death) for that week and these were updated
> the following week.
>
> There would have been no changes in any of the tables that use
> registrations data, but you would see the undercount in the occurrences.
>
> May I ask what table you are looking at?
>
> Kind regards
>
> Anne

Hi,

Thanks for the quick reply.

On December 20th the page looked like this:

That was minutes after the 10AM (ish) update.

Despite what it said in the text, the spreadsheet file was updated that morning and included Week 49. Here is a screenshot:

This screenshot was taken on December 20th.

I was expecting that on January 5th this number should be amended, as the figure for Week 49 was incomplete. But in all subsequent updates that number remained the same, so either the missing deaths were added cumulatively to Weeks 50 (onwards) or something went wrong. No “(i) Notice” has been shown since then, so I’m left wondering what actually happened. I need to be sure this data is accurate.

I expressed these concerns publicly about half a dozen times before I learned that Professor Fenon et al had made a formal complaint to the Statistic Regulator. Their complaints is completely unrelated. But it increased my doubts and scepticism about ONS-provided data.

I’ve used your data for a long time. I need to understand why the Week 49 figure (shown in the screenshot above) remained unchanged.
You said: “For the week you are referencing, we did not publish the numbers of death occurrences (date of death) for that week and these were updated the following week.”

If you mean you did not publish Week 49 figures on December 20th, then that is patently untrue and I took a screenshot to prove it. The spreadsheet file was updated that day. It contained the figure for Week 49.

I have more screenshots from around that time and I can provide them to you.

Are we talking about sheet #2 rather than #11?

Regards,

For some background see this prior episode.

AM grieving today. I lost my best friend. I had been worrying for more than 20 years that this day would come.

Many decisions that I made in my life were guided in part — if not largely — by Harvey. I always listened to him and asked him for advice, since I was a teenager in fact. Harvey was like a second father to me. Harvey was honest, attentive, and knowledgeable. I could see it and I could feel it. I felt like it was reciprocal. We had a special chemistry in spite of the vast age difference (more than 50 years). Maybe the age difference assured me that he knew a lot better than me what life would bring, how to prepare for it, and what paths to choose. We used to amicably joke about this unusual connection and we corresponded a lot. Anita and Harvey sent me more gifts than I can recall and I sent them some too. Anita’s extensive and marvellous artwork has been at my site for two decades. Harvey constantly bragged about her skills.

Harvey was a proud father of 3 children and a loving husband who appreciated human values (and contact) rather than accumulation of wealth. This is a quality that sadly so many people nowadays lack. Harvey was a principled person who did not judge people based on what they had but based on who they really were.

I first met him in the late 1990s, if I recall correctly first at the gym at a hotel (that’s where I worked out back then), only hours or days before he came to our home. As a teenager back then, I didn’t know much about him but I had met his son 2 years earlier (his son is the husband of my mom’s cousin). But there was good mental chemistry and because he had a lot of witty things to say we stayed in touch for the next 22+ years. He always had very useful advice to offer and he never lacked the time to advise me on matters of personal life, career, and so on. My “career” ended up as mostly activism. I devoted my life to exposing injustice and corruption. I still do that. Harvey was supportive, whereas my (biological) parents don’t fully understand me.

In 2004 I set up a blog for him and he was active until January 16th of this year. Only 1-2 days before his death he forwarded me an E-mail boasting about his granddaughter Rachelle. Years ago he asked me to advise him (and her) on some personal and technical matters or key decisions. I remember all this like it happened yesterday, but upon a closer look that was a long time ago. Last time I met them in person (2006) he gave me valuable guidance. While it’s difficult to remember the dialogue in detail, the overall picture stayed with me, as did the thousands of E-mails we exchanged. My home still has many gifts that he sent over the years; I use them regularly; he’s still there everywhere I turn. I can’t forget all he did for me. I tried to reciprocate as best I could. I hope I enriched his life as much as he enriched mine.

Harvey wasn’t a man of greed. He would occasionally dismiss the mindset of collecting money and that helped inspire me in my current route. He had a lovely sense of humour since the first time I met him and he didn’t judge people based on superficial things. I’ll always admire that trait of his. It wouldn’t be an exaggeration to say that without his guidance I could end up living a less fulfilling and more unhappy life. I always valued Harvey’s vast experience in life (he was already in his 70s when we first met). Young people should learn from Harvey, not from television.

Harvey knew that a stroll in the beach can be not just healthy but also a truly rewarding experience — something that money cannot buy. I’m grateful that I had the experience joining him in his walk there and a regret I still have is that we never did that again (and cannot do it again, either). A long time ago I vouched to Harvey that I would keep his blog running as long as I’m able to; I know how much he liked writing there, knowing people from all over the world were reading it, even total strangers. His words can inspire many, even if some people under-appreciate what he has to say. He loved his wife a great deal and he repeatedly asked about my wife too. He even occasionally wrote to her directly. He kept asking about my family and he knew my siblings individually, all of them by name. He cared a lot less about matters like work and money; I appreciated that. I envy how sharp he was even in his 90s. It’s like he never aged since his 70s and in my mind I still had the picture of him as when we first met.

While I’m deeply sad, grieving, I can still imagine witty Harvey saying something to the effect of, “cheer up!” He always valued good banter or humour and he was rarely sad, at least publicly. You only live once. Be happy.

If I ever turn 90 I will still remember Harvey and miss him very much. Thank you for everything you have done. Nothing can replace that.

Video download link | md5sum 826d1eaa331010c952d7b97f3736f836
ISO Certification Did Nothing
Creative Commons Attribution-No Derivative Works 4.0

Summary: The real-world threats faced by private companies or non-profit organisations aren’t covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples

WORKING for a company that publicly and openly boasts 2 ISO certifications means that expectations (or perception) can be compared to reality. At Sirius ‘Open Source’, where I had worked since 2011, I saw all sorts of poor security practices, even in more recent years when ISO certifications were bragged about to existing/potential clients.

There is no point trying to deflect the attention to accuser. At the moment the company is too broke for workers to sue (and eventually truly win in a monetary sense); it’s also too broke for its clients to sue. Winning in court against an insolvent company would be a Pyrrhic victory. What matters here is the truth. It can hopefully caution others.

We still have quite a bit left to cover. We’re going to cite practical examples of stuff being done to the detriment of privacy and security of staff, not to mention clients. Free software is a pragmatic choice, but when managers use proprietary software they go not ‘get’ that.

The International Organization for Standardization (ISO) certification process means almost nothing. It’s just a glorified brand. Deep inside many people and organisations know it.

Dilbert on ISO 9000 Certification in 1996 (there are also 21 for ISO 9001)

Summary: Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)

THE past few days were spent explaining ISO certification in relation to Sirius. The next few days will be spent giving an example or a sub-set of examples of how Sirius handled sensitive data. It probably hasn’t improved at all since I left last month.

For some essential background, Sirius Open Source Inc. (not SIRIUS CORPORATION LIMITED) was grabbing Gates Foundation money back in 2019 — all this while registering in the US for this “first US client”, letting Windows users who adore surveillance get involved in decision-making while outsourcing more and more of what’s left of the company to dubious companies with NSA connections.

The problem here is that Sirius had British clients with their clients’ data on the systems. Some was medical data. What does the law say about access from another country and why was Google (American company) getting/drowning in legal hot waters for involvement in the NHS?

What’s more, it’s not clear if ISO 9001 certifiation allows personal computers at home, purchased and maintained by staff along with many other uses and applications, to be used as work machines (deemed “Secure”? Really???). Remember that, as we noted repeatedly in the past, the managers never bothered supplying the staff with anything; the company does not even provide a chair and a desk, as already explained in length here (mostly back in December). Did that pass muster at ISO’s cash register (ISO just wants the money)?

Well, maybe in the ISO forms the company can pretend that those computers were supplied by the company to staff when in fact the staff receives almost nothing from the company except a very old phone (Cisco-branded, Ethernet only; maybe 2 decades old).

While I’m not going to report this as a former insider, I do wish to explain what’s at stake here, at least as a cautionary tale. ISO doesn’t care; it has no quality control of its own; its workers are like corporate staff and they might not even care anyway; they got the money, and that’s what’s important to ISO. Many questions remain, e.g. which actual shell was the certification for? Do they realise they deal with a hydra or a polymorphous entity here (some of its shells are based in another continent, without actual boundaries within the company)? Even the pension schemes seem to be struggling to keep track and they need to be lectured on how the company splits and then illegally compels staff to sign papers without legal advice (nor proper understanding), as we noted here before. It was covered a lot roughly one week ago.

And sure, many lessons are to be learned outside the company, too. If regulators could find E-mails, they would not struggle to see incriminating stuff (we plan to add examples to the wiki), including NHS medical data “oopsies” (admission on the record, too), even for people do not consent to data sharing. ISO probably doesn’t care. As we said several times already, ISO only cares about money. With ‘anonymisation’ not working, accidents aside, there’s a big scandal brewing under the surface, but then again the privatisation of the NHS would likely misplace the blame. The media has several examples of known incidents and it’s a very big deal because the NHS has been pushing towards it, moreover offering to send some of this data abroad.

To be clear, NHS was not a client, except indirectly (contractors). But if someone wishes to find some major scandal/blunder, we welcome further investigation, i.e. people can do what ISO ‘cannot’ do because it would discredit ISO.

“There are 2 problems to track,” an associate noted, “one is the scam of the ISO 9000 certification. The other is the destruction of ISO as an organisation by Microsoft.”

arlier today I noted that the Office for National Statistics (ONS) hadn’t replied within the time frame or ‘window’ specified in their automated reply. I therefore prodded ONS again, politely, and within hours I received the following response:

Good morning Dr Schestowitz

Thank you for your email. Apologies for the delay in responding, we have a large volume of enquiries at the moment.

Deaths in the last week of December and the first week of January are impacted by bank holidays where registry offices are closed. These deaths are then usually registered in the following week.

This isn’t an undercount, rather we see a lower number of death registrations on weeks with a bank holiday followed by a larger number of death registrations the week after a bank holiday. So the numbers will stay the same, we just ask people to use caution when comparing trends as they need to be aware of this short-term displacement effect that happens across weeks with bank holidays and the week after.

Kind regards

Anne

Anne

Customer Services Team

Health Analysis and Pandemic Insight (HAPI)

Office for National Statistics | Swyddfa Ystadegau Gwladol | www.ons.gov.uk | @ONS

I quickly responded:

Hi Anne,

Thank you for the reply.

The reply does not address my question however. I did not ask about the last week of December or bank holidays.

My query was about the week ending 9th of December. I took a screenshot of your site: (PNG file)

In your own words, there was a “processing issue”, resulting in “undercount of death occurrences”. It said the figures for week 49 would be “published in the next weekly mortality publication”, but in all subsequent weeks after that the number was the same and not corrected. In other words, the number you gave while stating “undercount of death occurrences” is still an undercount almost 1.5 months after the week in question. This needs to be corrected or clarified, otherwise it is a contraction that lessens quality in your data.

Please can you explain what happened to week 49?

Kind regards,

Let’s see if this time they will actually answer the question rather than address something I did not ask at all.

As per the latest data, which is alarming:

How does that compare to 2019? Let’s check the official records. The numbers below are the total deaths (not a sub-sample).

Babies:

2019: 50. 2023: 55 (10% increase).

Kids (ages 1-14):

2019: 20. 2023: 24 (20% increase).

Adults (ages 15-44):

2019: 280. 2023: 365 (30.57% increase).

Ages 45-64):

2019: 1419. 2023: 1798 (26.7% increase).

Ages 65-74):

2019: 2179. 2023: 2609 (19.7% increase).

Ages 75-84):

2019: 3590. 2023: 5094 (42% increase).

Age 85+:

2019: 5071. 2023: 7436 (46% increase).

So deaths are off the chart. And young people are not exempted.