01.29.23
Posted in Deception, Free/Libre Software at 8:56 pm by Dr. Roy Schestowitz
Video download link | md5sum 9a90a5de7aacd9fc4b8847cf61321f6a
When Sirius Abandoned Jabber for Bossware
Creative Commons Attribution-No Derivative Works 4.0
Summary: The company known as Sirius ‘Open Source’ generally rejected… Open Source. Today’s focus was the migration to Slack.
THE above video discusses the migration/transition/downgrade from Jabber to a truly terrible, centralised, proprietary and vulnerable platform known as Slack. Aside from technical problems and various glaring limitations, Slack was a risk not just to Sirius ‘Open Source’ but also to its clients.
No matter the hard evidence and how much I pointed this out (maybe a dozen times, at personal risk), that always fell on deaf ears. The company was already governed by incompetent people.
“From what we can gather, Red Hat staff was subjected to similar treatment after IBM had bought the company.”It was abundantly clear that many colleagues did not like this. Some opposed this. Some faced disciplinary action for antagonising. That would include me. So in a company called “Open Source” we’re meant to assume that adopting proprietary software — and not because some client requires it — is considered acceptable. Whereas insisting on the company’s values is considered an offense.
From what we can gather, Red Hat staff was subjected to similar treatment after IBM had bought the company. It’s hard to believe that later this year it will be 5 years since that announcement. █
Permalink
Send this to a friend
Posted in Deception, Free/Libre Software at 5:47 pm by Dr. Roy Schestowitz
And the management that chose this junk resorts to blaming the victims
“Giving the Linus Torvalds Award to the Free Software Foundation is a bit like giving the Han Solo Award to the Rebel Alliance.”
–Richard Stallman
Summary: When the company where I worked for nearly 12 years spoke of pragmatism it was merely making excuses to adopt proprietary software at the expense of already-working and functional Free software
LAST night we covered the use of Microsoft Skype in Sirius ‘Open Source’. It only happened once, but that was enough to damage the brand and injure some workers’ morale. Why would a company called “Open Source” something be eager to abandon Free/Open Source software, opting for proprietary stuff of the most vicious rival? What message does that send to longstanding clients or existing staff? What about potential/prospective/future clients and staff?
“Why would a company called “Open Source” something be eager to abandon Free/Open Source software, opting for proprietary stuff of the most vicious rival?”Slack on GNU/Linux is a mess. Slack on Free/libre browsers is almost an impossibility. So why on Earth would Sirius move away from Jabber and force/impose the use of Slack? I’ve uploaded 2 images from several years back; they’re screenshots of what happened when I tried accessing Slack from a GNU/Linux PC using a decent Web browser that isn’t controlled by spying firms:
That does not seem like it’s going to work, does it? This is from 2019. It has only gotten worse since.
So we’ve just belatedly used two screenshots of what Slack looks like on GNU/Linux with a proper (Free/libre) browser; “bossware” that insists on browsers which spy on their users. Using some User Agent (UA) sniffing they try to undermine or prevent access with perfectly capable browsers (if the UA is faked, there’s a way to get in).
Back then I wrote to an incompetent manager who threatened me repeatedly for not using Slack: “I tried to access my account from two computers, from two browsers, including Chrome. It’s not working. See screenshots. It only works from Rianne’s laptop.”
At one point they agrees to let me use Rianne’s laptop, but then they “changed their minds” (in other words, they had lied to me right to my face in the illegal contract-signing). I got this:
xxxx wrote on 21/07/2019 02:23:
> Hi Roy,
>
> You need to fix this problem and use Slack.
>
> You are a well qualified tech who can fix this issue and comply with
> management’s request.
>
> As I have explicitly explained to you that you need to have your log in
> for Slack and not use Rianne’s. Yet today you’re logged in via Rianne’s
> and not using yours even though you sent me details of your own log in.
>
> To refresh your memory, this is from my previous email.
I need to install a new OS or a new browser for this.
Remember that the company never even paid us for any of our hardware purchases (for our work machines). That seems unreasonable.
“Slack itself has been having issues and it was sold to Salesforce.”In hindsight, it seems clear this manager scared away almost all the technical people. The damage was irreversible.
Slack itself has been having issues and it was sold to Salesforce. The New York Times reported Salesforce layoffs earlier this month. The Wall Street Journal published this article noting that Slack just made bloated proprietary junk nobody truly wants to depend on:
When Salesforce Inc. bought the messaging application Slack for $27.7 billion almost two years ago, it said the marriage would “transform the way everyone works in the all-digital, work-from-anywhere world.” Corporate technology buyers so far aren’t impressed, analysts said.
The acquisition sought to capture the fast-growing market for communications and collaboration software during the Covid-19 pandemic, as employers sent workers home and shifted to remote systems.
Today, companies in the market for customer-relationship management software — Salesforce’s signature product — don’t appear to be swayed one way or another by the addition of messaging and collaboration features, said Liz Herbert, a vice president and principal analyst at information-technology research firm Forrester Research Inc.
“We don’t really see, when it comes to Slack, any pent up demand from Salesforce’s base for a tool like that,” Ms. Herbert said. “It really hasn’t become something compelling,” she said.
Salesforce bought itself a dud and in December of last year the CEO said that he would leave this month.
From what we can gather, the decision to adopt Slack came from the CEO, who posted Trump support tweets while encouraging staff to use pictures of superheroes in Slack. How childish and unprofessional. What a betrayal of Free software. Is this really the same person who became a patron of the Free Software Foundation? Maybe his personal life took him on a crazy ride — a subject we might revisit some other day in another month.
To be clear, Slack doesn’t do anything that Free software cannot do. It’s bloated and it is not secure. It also has security breaches.
Just two days before the above E-mail message (from a manager) I received this:
——– Forwarded Message ——–
Subject: 💥 Slack Security Incident
Date: Fri, 19 Jul 2019 16:58:59 +0000
From: Keybase <notify@keybase.io>
To: r@schestowitz.com
*schestowitz*,
We’ve been getting questions about this, so an announcement for everyone.
Today, Slack announced that a break-in from 2015 was possibly more
severe than previously announced. A lot of people have been getting
emails today. It seems 1% of Slack users still had compromised accounts
(after 4 years); but more seriously, Slack has not disclosed what
percent of Slack teams had their messages stolen. Also, if a small
fraction of users have had compromised accounts, that may still mean a
majority of teams were compromised.
We’re sending this note because people are now asking if this could
happen with Keybase teams. Simple answer: no. While Keybase now has all
the important features of Slack, it has the only protection against
server break-ins: *end-to-end encryption*.
Keybase’s CEO, Max, just wrote how this Slack incident personally
affected him *in a new blog post* .
tl;dr. Hackers who break into Keybase’s servers could not read your
company’s, family’s, friend’s, or community’s messages. Hope this simple
update answers everyone’s questions.
*https://keybase.io/app*
And Keybase is free!
❤️ the Keybase team
Slack took over Keybase and Slack itself was a vulnerable piece of garbage with habitual data breaches. The Keybase reputation was tarnished and not many people seem to be using it anymore, certainly not me.
I eventually responded to the manager as follows:
> Hi Roy,
>
> You need to fix this problem and use Slack.
>
> You are a well qualified tech who can fix this issue and comply with
> management’s request.
>
> As I have explicitly explained to you that you need to have your log in
> for Slack and not use Rianne’s. Yet today you’re logged in via Rianne’s
> and not using yours even though you sent me details of your own log in.
>
> To refresh your memory, this is from my previous email.
I’m going to try to install another browser, as Chome and other browsers
don’t work for me. They don’t show anything when I log in (I sent you
screenshots). Maybe I’ll be logged in with my username in a few hours
when it’s installed (if that works).
In the meantime, I have to raise other concerns.
The inevitable has happened to Slack. They announced it days and and
they can be held criminally accountable
To say that Slack got merely “compromised” would be an understatement
Yes, it did in fact get compromised, but it’s a lot worse. It’s far
worse than a compromise per se. I’m going to explain, starting with the
basics.
Slack accumulates all data and never deletes any of it. GDPR should be
applicable here and I suspect that EU authorities have not assessed that
aspect just yet. What Slack is to users isn’t what it is to Slack, the
company. The Electronic Frontier Foundation (EFF) issued strongly-worded
warnings about Slack and even Microsoft utright banned Slack for
security reasons. They very much foresaw the latest disaster. It’s
difficult to assess or measure because it’s almost impossible to track
the sources of rogue actors’ data.
Slack did not have a mere ‘incident’. They knew about it for quite some
time (at higher levels, too). It’s the complete doomsday scenario, an
equivalent of having one’s own Jabber server completely and totally
hijacked, and all communications in it (names, passwords) stolen. But in
the case of Slack millions of businesses are affected. In one fell
swoop. Just like that. Even the public sector. Military, hospitals, you
name it…
Slack got cracked, but they won’t admit that. They will lie about the
extent of the damage, just like Yahoo and Equifax did (each time waiting
months before revealing it was orders of magnitude worse). They game the
news cycle that way. People must assume that all data is compromised.
Businesses and their clients’ data is on Slack. Even HR stuff, which
gets passed around in internal communications. Super-sensitive things
like passwords, passports and so on.
Who was Slack data copied by? Mirrored or ‘stolen’, to put it another
way? Possibly by rogue military actors that can leverage it for
espionage and blackmail, as many do. Covertly. You rarely hear about
blackmail because that’s just the nature of the blackmail. It happens
silently. Some would say Slack got “hacked” (they typically mean
cracked). But it’s actually a lot worse than getting cracked! I’ll
explain further…
About a month ago Slack got to its IPO milestone. But it committed an
actual crime by not informing the customers of the breach. They would
change passwords etc. had they known. But Slack did not obey the law. It
did not inform customers. It announced all this after the IPO, in order
to make shareholders liable, and it did so late on a Friday (to minimise
press coverage about this likely crime). The shareholders too should sue
for concealment of critical information.
Slack knew what had happened and why it waited all this time. This
scandal can unfold for quite some time to come.
It would be wise to move to locally-hosted FOSS. However, that would not
in any way undo the damage of having uploaded piles of corporate data to
Slack and their compromised servers. In the coming days many companies
will come to realise that for years they tactlessly and irresponsibly
gave piles of personal/corporate data to Slack and now a bunch of
crackers around the world have this data.
You can expect Slack to stonewall for a while, saying that it’s the
weekend anyway. When it comes to Slack, expect what happened with
Yahoo; First they say it’s a small incident; Months pass; Then they toss
out a note to say it was actually big; A year later (when it’s “old
news”): 3 BILLION accounts affected.
Now, like Yahoo, they will downplay scope of impact. A lot of companies
can suffer for years to come (e.g. data breaches, identity theft).
I have great concern for the company where I’m working for almost a
decade, including our compliance with the law and our clients’
compliance with the law. This is why I bring this up.
I’m going to install something new and see if I can somehow logged in. I
already tried, unsuccessfully, from two of my laptops.
In summary, Slack is a pile of garbage. With Slack, Sirius too became a pile of garbage. They deserve each other.
A few weeks ago John Goerzen wrote: “I loaded up this title with buzzwords. The basic idea is that IM systems shouldn’t have to only use the Internet.”
Slack does not work when the company has downtime. It happened several times, which meant people could not speak to colleagues for hours. Why was our Jabber server shut down? Surveillance through Slack?
Remember that Sirius kept promoting fake security as if the company is a bunch of people who never used computers before. When clients ask about ISO certification (not an isolated incident) they don’t seem to understand what truly happens inside Sirus. There’s spying, outsourcing, security breaches and so on. Someone needs to talk about this. █
Permalink
Send this to a friend
Posted in Debian, GNU/Linux at 1:01 pm by Dr. Roy Schestowitz
Video download link | md5sum 76599171df667cb220bae1c371058d11
My Life With Debian 11 on Main Laptop
Creative Commons Attribution-No Derivative Works 4.0
Summary: Distributions of GNU/Linux keep urging us to move to the latest, but is the latest always the greatest? On Friday my Debian 10 drive died, so I started moving to Debian 11 on a new drive and here’s what that did to my life.
THIS household isn’t unfamiliar with Debian 11. My wife’s Raspberry Pi (400) has had it since 11 months ago and my own Pi has had it for over a year. But our main working machines were running Debian 10 for 3 years already. It worked really well. My sister recently moved from Debian 10 to 11 and complained about it; her colleagues had suffered the same and she was pressured to ‘upgrade’ regardless. Some people in IRC say that moving from 10 to 11 caused them problems, partly overcome by moving to 12 (testing).
“My move to Debian 11 wasn’t entirely voluntary.”The video above explains that some of my main problems with Debian 11 is software that’s no longer supported, causing me to make rather big changes, as happened this morning. Time will tell if any other issues may be coming up. The Debian repository is still very extensive, but any change can be disruptive. The Pis with Debian 11 aren’t used as traditional laptops, so that never bothered us (my wife uses 3 computers that are switched on all the time; I use 5). My move to Debian 11 wasn’t entirely voluntary. My hard drive died and it make no sense to stay on Debian 10 given its limited support plan (remaining time). The same is true for my Pi; after the hardware was damaged it made sense to move to the latest stable version of Debian, i.e. 11.
Over the past year I heard and read many stories about Debian upgrades, especially from 10 to 11. On our Pis it didn’t seem so disruptive and so far on my desktop/laptop I’m pleased with this latest version. In all cases — two Pis and a laptop — those were ‘clean installs’; I’ll probably report again on my experiences in weeks or months. Two days is way to little to properly assess a distro. █
Permalink
Send this to a friend
Posted in Deception, FUD, GNU/Linux, Hardware, Microsoft at 11:25 am by Dr. Roy Schestowitz
Video download link | md5sum 06304c0f6049081e578bb696a000a942
Making Linux Sound Culpable for Hardware Issue
Creative Commons Attribution-No Derivative Works 4.0
Summary: Nowadays “the news” is polluted with a lot of GNU/Linux-hostile nonsense; like with patents, the signal-to-noise ratio is appalling and here we deal with a poor ‘report’ about “Linux servers” failing to work
THE OTHER day in IRC we discussed this article that mentions “Linux” many times when in fact mentioning a hardware incident. “Are Microsofters trying to generate bad press for Linux?” we asked. “This is a hardware problem, not at all related to GNU/Linux. Maybe some Microsofters are trying to undermine the teaching of GNU/Linux there?”
The video above discusses what’s in the article and why it’s a tad suspicious. It is reminiscent of some FUD campaigns we saw before. “Third-year Rohan Gupta reported that, in addition to the CS website, he was also unable to access his classes’ Linux servers,” it says. Well, hardware dies sometimes. My laptop died some days ago (Friday), but within 2-3 hours I replaced the physical drive and began installing the latest Debian. This can take time.
The media still loves to stigmatise GNU/Linux as not secure, not reliable etc. But for much of the time they would be better off focusing on Microsoft’s reliability and insecurity issues, including last week’s massive Clown Computing outage at Microsoft. The media barely covered it. █
Permalink
Send this to a friend
Posted in Free/Libre Software, Microsoft at 10:34 am by Dr. Roy Schestowitz
Video download link | md5sum 9088e5ce7cc9eba79bde5977c20d399f
Sirius and Microsofters Inside
Creative Commons Attribution-No Derivative Works 4.0
Summary: Sirius ‘Open Source’ has been employing incompetent managers for years — a sentiment shared among colleagues by the way; today we examine some glaring examples with redacted communications to prove it
LAST night we published this latest/next part about Sirius, though only about a day later than originally expected due to my most important hard drive simply dying. We’ll still try to stick to the original schedule with a closing day after exactly 2 months (since the start of the series). After that we have more to cover, but maybe not on a daily basis.
“The video moreover gives a recent example of “managers” failing to do very simple and very critical tasks.”The video above goes back to the days when a backstabbing manager had been appointed; he asked if not demanded all of us to get Microsoft Skype accounts and get the darn thing installed only for useless presentation based on invalid data.
The video moreover gives a recent example of “managers” failing to do very simple and very critical tasks. This puts clients’ businesses at great risk.
“Clients are noticing this, but some chose Sirius because of very old past reputation (and revisionist history).”Sirius hasn’t been managed by competent people for years already. Clients are noticing this, but some chose Sirius because of very old past reputation (and revisionist history). █
Permalink
Send this to a friend
Posted in Deception, Marketing, Microsoft at 9:22 am by Dr. Roy Schestowitz
Video download link | md5sum 13710c5705fc5898bd3786f45667d586
AI Hype in the Media
Creative Commons Attribution-No Derivative Works 4.0
Summary: “Hey Hype” or “Hey Hi” (AI) has been dominating the press lately and a lot of that seems to boil down to paid-for marketing; we need to understand what’s truly going on and not be distracted by the substance-less hype
THE thing I’ve dubbed “Hey Hi” (about 2-3 years ago when the media was losing its mind over it) Andy has called “Hey Hype” and this morning we published his article about this phenomenon.
Almost nothing that’s presented in the media about it can be considered new. Even the chatbots are old; the only novel thing about them is the size of the set they were trained on, probably owing to Microsoft’s over-provisioned and underutilised ‘Azure’ (even Microsoft now openly admits to its shareholders there’s a “slowdown” in Clown Computing).
“Expect many more Microsoft layoffs later this year.”My thoughts in the above video are personal and Andy’s article stands on its own. We extended it a bit this morning with a paragraph he wished to add.
Due to personal ordeals (covered in passing in the video above) we’ve not produced many articles and videos lately, but that will change soon. We’re building back better (BBB) and when the Sirius ‘Open Source’ series is over we hope to produce about 10 articles/videos per day.
We’ve been reading many rumours about Microsoft layoffs (what’s to come, who’s affected etc.) and it sounds far worse than the Microsoft-connected media nonchalantly puts it. Expect many more Microsoft layoffs later this year [1, 2]. All that “Hey Hype” is the media lends to the delusion about Microsoft having a bright future based on perceived leadership in something. █
Permalink
Send this to a friend
01.28.23
Posted in Deception, Free/Libre Software, Microsoft at 7:37 pm by Dr. Roy Schestowitz
The time a Sirius manager demanded that all staff installs Microsoft Skype, creating an account in it
“I found what they call a whitepaper but it’s 17 pages and basically says “We’re ISO certified”…”
–Mathew Duggan, blog post from yesterday
Summary: Sirius ‘Open Source’ was hiring people who brought to the company a culture of redundant tasks and unwanted, even hostile technology; today we continue to tell the story of a company run by the CEO whose friends and acquaintances did severe damage
YESTERDAY I had a major hardware incident (the hard drive of my main PC suddenly died and needed replacing), so there was no article about Sirius, but today we’re catching up fast (I’ve also upgraded the operating system).
Looking back at my time at Sirius (it’ll be 12 years in 2 weeks from now), I try to recall the better days, the early days. These times weren’t fantastic by any stretch of imagination, but they were certainly better. Free software was used at every level. The colleagues were looking after the physical infrastructure. The NOC colleagues adopted my handover format/style over a decade ago and management had better temper.
“One of them fell in love with Microsoft’s proprietary junk…”More recent managers didn’t understand Free software or “Open Source”. One of them fell in love with Microsoft’s proprietary junk, even several years before Gates Foundation money (Gates Foundation paid under some NDA, resulting in the formation of Sirius Open Source Inc.). He said in Twitter that “some things” are better entrusted to Microsoft and, as it turned out later, he allegedly worked against the company (the CEO said he was trying to liaise with one of our colleagues to “steal” our biggest client).
By contrast, his predecessors were very much involved in GNU/Linux. One of them is mentioned in an old talk: “The LiMo Foundation are building a mobile middleware stack based on Linux. With over 70% of the platform based on open source components, what are the benefits and challenges of open source adoption, and what is the LiMo approach to working with Open Source?”
“A ‘box-ticking’ ‘bullshit job’ is the only thing coming from her direction and she’s failing even at that, repeatedly, then vanishing without replies/explanations (or just some lousy excuses).”We also had highly technical managers before that; of course they use GNU/Linux. At the moment it’s safe to say that nobody, at least among the managers, uses it. The non-technical Office Manager probably uses a “phone” some of the time (instead of a “proper” computer) and probably has no clue about any of the technical details or the tasks inside the company. A ‘box-ticking’ ‘bullshit job’ is the only thing coming from her direction and she’s failing even at that, repeatedly, then vanishing without replies/explanations (or just some lousy excuses).
Below we present some redacted evidence of the issue spoken about above. Here’s the handling of “Failed PSU”. As per Handover to Shift 3, 22/07/19: “Renewed the warranty for xxxxx. Don’t tell the customer that it ran out. (xxxxx’s email address was the one listed. I’ve changed that to the support email/number.) Checking that it is plugged in before xxxxx calls in the warranty.”
So the very simple task of renewing the warranty was not done. Handover to Shift 1 10/08/2019 said: “Both xxxxx and I have attempted to claim the warranty on this, but the HP Carepack Centre say they will not send out a new power supply without seeing the logs. The warranty did not cover the time that the logs will show that the PSU failed, so unless someone can figure out a solution then we are stuck. Whilst this server only has one working PSU it is at risk, so we need an idea.”
“Clients’ server are at risk of physical damage.”Notice they keep the customer in the dark about this. Handover to shift 3 – 24/08/2019: “xxxx received the xxxxx and said he was fitting it on the 19th. Waiting for update when he returns from holiday on 4th September.” More recently a similar incident, as per Handover to shift 1 – 11/09/2022: “Looked for the warranty certificate. (She hasn’t sent it to support, so checked my own emails and slack too.) xxxxx said she would send it out before she went on maternity leave.”
So one can see what it means to have irresponsible ‘box tickers’. Clients’ server are at risk of physical damage.
Regarding the above-mentioned Skype episode, another ‘box ticker’ prepared a useless presentation based on bogus data and wanted all the staff to install Skype, even though it was proprietary and already controlled by Microsoft.
This is him:
Skype accounts
Dear All
Very soon we will be holding an Operations Staff Skype call to deal with activities, processes and customer service ethos of the team. If you need to create a Skype account, please do so by Tuesday 24th March. A camera is optional, but you will need a microphone.
Once you have a Skype account, please add me as a contact: xxxxxxxxx. I will need this information to join you to the call.
Kind regards
xxxxxxxxx
My reply:
Hi xxxxxxxxx,
Will it be possible to connect through landline/mobile/NOC phone (Cisco) or SIP? Also, what date/time is the event? It looks like it says 27/3 (Friday).
Thanks,
Roy
His:
Hi Roy
The event is Friday 27th March at 10 am. I shall be using slides on the call, hence my request a few days ago that everyone connect to my Skype account.
Regards
xxxx
After a lot of pressure I found some old (very old) Android phone from 2012 and temporarily put Skype on it.
I need to find some machine that I can afford to compromise (maybe a phone). There are passwords and stuff on this machine, so installing Skype on it is out of the question (too dangerous).
He thanked me, ran a totally useless presentation on this, and then I deleted the whole thing.
This is what he wrote to all the colleagues, promoting Microsoft’s Skype to them:
I note there are a number of team members that have not yet added me on Skype. Please do this in preparation for Friday’s meeting.
Regards
Also:
Dear All
Here’s a check list of what you’ll need to do to prepare for tomorrow’s call and some guidance for joining the call.
1. A Skype account
2. Be connected to me. Skype name: xxxxxxx
3. Audio: mic and sound. We probably won’t use individual video links as this can cause bandwidth issues
4. Reasonable screen real estate so that you’re able to view some slides
5. A quiet space — background noise will be distracting to others on the call
Notes:
1. It’s best to mute if you’re not speaking
2. At 09:55, open a Skype session. I will add you to the the call. Once everyone is added I will host the session by initiating the call
3. Folks in the office may find it easier to gather around 1 or 2 machines
4. If you haven’t connected to me you cannot be joined to the call. If you’re not on the call you will miss important information
Regards
Not so long later he left the company after (according to the CEO) it turned out he had been working against the company behind the scenes.
Dear All
It’s time to say goodbye and I wanted to say thank you to each and everyone of you for my gifts, cards and especially, for my “bag for life!” Very topical!
I have enjoyed my time at Sirius very much — you are an inspiring bunch to work with. And for sure, you collectively pack-a-punch that puts Sirius fairly and squarely amongst far larger competitors. I may no longer be inside the tent, but please be assured, I will remain a Sirius fan.
Farewell Sirians
All the best
xxxxxxxx
That said nothing about the real reason he left.
So that’s another story for these chronicles. In the next couple of days we’ll show some more stories and then conclude/summarise the series. █
Permalink
Send this to a friend