TELUS To Provide Free Smartphones And Wireless Services In Ontario To Indigenous Women At Risk Of Or Surviving Violence 

Posted in Commentary with tags on November 2, 2022 by itnerd

Today, TELUS launched its Mobility for Good for Indigenous Women at Risk program in Ontario, in partnership with Native Child and Family Services of Toronto (NCFST) and Native Women’s Resource Centre of Toronto (NWRCT). While Indigenous women and girls comprise only four per cent of the total female population in Canada, they represent 24 per cent of female homicide victims and are 12 times more likely to be murdered or go missing than any other women in Canada. Developed in partnership with Indigenous-led organizations, Mobility for Good for Indigenous Women at Risk provides free smartphones and fully subsidized talk, text and data plans to Indigenous women, girls or gender diverse people, serving as a critical lifeline to Indigenous-led services, wellness resources, and their support networks.

With the support of TELUS, NCFST and NWRCT are starting to distribute smartphones and plans to support Indigenous women in Ontario who are at risk of, or surviving, violence. Since launching the program in 2021, TELUS and their partners in B.C. and Alberta have supported nearly 1,000 Indigenous women. TELUS plans to partner with additional Indigenous-led organizations across Canada to further expand the reach and impact of this program into the future.  

TELUS Mobility for Good for Indigenous Women at Risk is part of the TELUS Connecting for Good portfolio of programs that gives individuals in need in Canada access to TELUS’ world-leading technology. To date, TELUS’ Connecting for Good programs have supported more than 315,000 individuals since inception.

TELUS has a longstanding commitment to strengthening relationships with Indigenous Peoples, including First Nations, Métis, and Inuit communities, acknowledging that our work spans many Traditional Territories and Treaty areas. Last year, TELUS announced its Indigenous Reconciliation Commitment and Indigenous Reconciliation Action Plan. For more information on TELUS’ Reconciliation commitment, please visit telus.com/reconciliation

Leave a comment »

EnGenius launches a new line of small business-oriented access points and switches called EnGenius Fit

Posted in Commentary with tags on November 2, 2022 by itnerd

EnGenius Technologies Inc., a multinational networking company, known for delivering future-proof networking solutions for businesses of all sizes, announced the release of a new Wi-Fi solution designed specifically for small businesses called EnGenius Fit. 

With this launch, the global network equipment manufacturer is bringing hassle-free, enterprise-grade quality products to small and medium-sized businesses. With fast deployment and simplified cloud-based management, small business owners without IT staff will have more time to run their business instead of putting out fires. Small business owners work hard to provide the best service to customers while growing their business. The last thing they need is sub-standard Wi-Fi. Yet many business owners struggle constantly with dropped connections, slow speeds, and data breaches—all the while wondering if there’s a solution built just for them. 

Now there is.

EnGenius Fit is unlike any solution that has appeared on the Wi-Fi networking landscape. It’s the smartest, most affordable Wi-Fi solution yet for small businesses. Simple and secure, this new family of access points and switches is supported by new, subscription-free EnGenius Fit cloud-based management options built to thoroughly streamline deployment while providing enterprise-grade security and reliability. 

Anyone can do it. There is no complexity at all—just the visibility, control, and insights that allow customers to make solid business decisions confidently. EnGenius Fit is easy and fast as all network components can be managed effortlessly through a mobile app or web interface no matter the level of network knowledge.

For slightly larger companies with an IT staff, EnGenius offers more management options: a local portal ideal for examining deep-level analytics on any device, or a plug-n-play network controller with pre-installed network management software, which allows even junior IT pros to set up a cloud-based or on-premises network management infrastructure. Small business owners will finally have all the tools they need to run an affordable, reliable, secure network. It all comes subscription-free, a feature that EnGenius expects dental offices, law firms, and other small businesses will appreciate. 

The interface of the cloud component of EnGenius Fit is flexible and user-friendly, while providing comprehensive, information-rich business insights. Business owners can select any combination of two (2) access points and one (1) switch to complete a budget-conscious Fit solution:

L2 PoE Switches

EWS2910P-FIT

EWS7928P-FIT

EWS7928P-FIT

EWS7928FP-FIT

EWS7952P-FITEWS7952FP-FIT

Indoor Access Points

EWS357-FIT

EWS377-FIT

Outdoor Access Point

EWS850-FIT

Every time small business owners invest in an upgrade, they expect greater efficiency, more reliability, and all the increased revenues that are bound to pour in from a smoothly functioning network. EnGenius Fit delivers. 

Leave a comment »

Dropbox Pwned Via A Phishing Attack

Posted in Commentary with tags on November 2, 2022 by itnerd

Dropbox has disclosed a security breach after a threat actor stole 130 code repositories after gaining access to a GitHub account using employee credentials stolen via a phishing attack. 

At Dropbox, we use GitHub to host our public repositories as well as some of our private repositories. We also use CircleCI for select internal deployments. In early October, multiple Dropboxers received phishing emails impersonating CircleCI, with the intent of targeting our GitHub accounts (a person can use their GitHub credentials to login to CircleCI).

While our systems automatically quarantined some of these emails, others landed in Dropboxers’ inboxes. These legitimate-looking emails directed employees to visit a fake CircleCI login page, enter their GitHub username and password, and then use their hardware authentication key to pass a One Time Password (OTP) to the malicious site. This eventually succeeded, giving the threat actor access to one of our GitHub organizations where they proceeded to copy 130 of our code repositories. 

These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team. Importantly, they did not include code for our core apps or infrastructure. Access to those repositories is even more limited and strictly controlled.

On the same day we were informed of the suspicious activity, the threat actor’s access to GitHub was disabled. Our security teams took immediate action to coordinate the rotation of all exposed developer credentials, and determine what customer data—if any—was accessed or stolen. We also reviewed our logs, and found no evidence of successful abuse. To be sure, we hired outside forensic experts to verify our findings, and reported this event to the appropriate regulators and law enforcement.

Mike Fleck, Senior Director of Sales Engineering at Cyren had this to say:

     “This is another reminder that phishing is an unsolved problem. Attackers are continuously updating their credential harvesting tactics, now with the ability to defeat common forms of MFA. By having the employee enter their username, password, and one-time token, the attacker easily had access to any privileges that employee had. Employees will always receive convincing but fraudulent emails. Submitting users to security awareness training with the expectation they will spot all of these attacks is unrealistic. Businesses need to use additional layers of email security to automate the hunting and removal of these social engineering attacks.”

I would add that this is why a move to something like passwordless authentication might be worth considering as it cuts off this attack vector. I say that because based on what Dropbox has said in its disclosure, the threat actor used the law of averages in their favour to break in. And what companies need to do is to cut off as many attack vectors as possible to avoid being pwned by hackers.

Leave a comment »

TELUS Makes A Pair Of Announcements Today

Posted in Commentary with tags on November 1, 2022 by itnerd

TELUS has got some great initiatives launching this week and I’d like to highlight two of the announcements that they’ve got on the go this week:

Meet TELUS’ Friendly Future Makers

Today TELUS announced the seven recipients of our inaugural Friendly Future Makers Awards. Launched this past August, Friendly Future Maker Awards program is a nation-wide search for young Canadians creating positive and long-lasting change in their communities. 

After receiving hundreds of heartfelt nominations across the country, seven Friendly Future Makers were selected by a panel of TELUS judges. Each Friendly Future Maker will receive a prize pack worth $7,000, including $5,000 to be placed in an RESP or to help fund an initiative of their choosing, a $1,000 TELUS gift card, and a $1,000 donation to a registered charity of their choice.

Here is the link to the media release for more information.

Supporting Amnesty International Canada

In light of the continued unrest in Iran, throughout November, TELUS is raising funds through TELUS Friendly Future Foundation to support Amnesty International Canada’s work in protecting women’s and children’s human rights globally. 

To help support this initiative, Canadians can text DONATE to 41010 to give $20 to TELUS Friendly Future Foundation in support of Amnesty International Canada.

In addition, TELUS Health has initiated a 24/7 free crisis hotline available to all those in need of emotional support at 1-844-751-2133. International support is also available here.

There will be more coming from TELUS later this week so watch for posts in the coming days.

Leave a comment »

Elon Musk Announces Twitter Blue For $8 A Month

Posted in Commentary with tags on November 1, 2022 by itnerd

Earlier today, I posted blowback about Twitter and it’s overlord Elon Musk was getting due to his idea of charging for being verified on Twitter. It now seems that Musk has moved from $20 a month to $8 a month based on this stream of Tweets from Musk’s Twitter account:

I truly encourage you to read the entire string of Tweets as it shows you what you get for your $8 a month, and it shows you where his head is at. But, here’s one reaction to this:

That is a valid point. Because what Musk isn’t smart enough to understand is that this firestorm is not about price. It’s about making sure that someone on Twitter is who they say they are. Musk really needs to figure that out and rethink this strategy.

I honestly don’t think that this will not put out the firestorm that this whole thing has created. In fact, I would not be surprised if this accelerates the firestorm.

1 Comment »

OpenSSL Releases New Version To Fix A “Critical” Flaw

Posted in Commentary with tags on November 1, 2022 by itnerd

The OpenSSL Project is releasing a new version of OpenSSL today that will patch an undisclosed flaw in current versions of the technology, leaving companies in a bind to quickly fix the vulnerability before hackers potentially begin to exploit it. I first posted about this last week, and I recommend that everyone who uses OpenSSL update to this version ASAP.

I have some commentary on this patch from a few sources. Starting with Alex Spivakovsky, VP of Research at Pentera:

The fact that OpenSSL is self-labeling the vulnerability as a “critical flaw” means that companies would be wise to pay attention. With OpenSSL taking care of the patch, the most important thing security teams can do at this point is try to inventory their instances of OpenSSL and prioritize future remediations based on organizational impact. This will ensure that once the patch is issued they can systematically remediate their most critical instances.

I’m really impressed with OpenSSL’s handling of the process and not shying away from admitting to a flaw on this level. Software bugs and vulnerabilities happen, and it’s a natural byproduct of the software development process. OpenSSL’s proper handling of this disclosure will likely help many companies mitigate the potential impact of the flaw.”

I also wanted to share Rezilion’s information blog post on this topic, along with this commentary from Yotam Perkal, Director of Vulnerability Research at Rezilion 

“Yes. We won’t know how exploitable it is until Tuesday once the fix and more information are released. But regardless of how critical/ easily exploitable it is, what is safe to assume is that the attack surface won’t be nearly as significant as Heartbleed as OpenSSL 3.x is relatively new and hence won’t be common in a production setting. See my tweet as reference:

Derek McCarthy, Director, Field Engineering of XIoT Cybersecurity Firm, NetRise, provided the following commentary:

Since the details of the vulnerability have yet to be published, we can’t know exactly the impact that this will have on affected software and devices. However, OpenSSL’s definition of a ‘critical’ vulnerability (their own internal scale – not CVSS) is one that ‘affects common misconfigurations which are also likely to be exploitable”, additionally, these vulnerabilities will typically include a ‘significant disclosure of the contents of server memory’, which could often lead to serious impacts such as Remote Code Execution (RCE).

Due to the likely serious nature of these vulnerabilities, organizations should be prepared to scope and address this issue across the enterprise. This once again highlights a common issue that CISOs face, however. How do you scope which of your devices are running a vulnerable version of OpenSSL? This is more trivial for ‘traditional’ devices and applications, but in dealing with the eXtended Internet of Things (XIoT), asset owners are often left with the option of reaching out to their vendors, which is often a convoluted and inefficient (to put it lightly) process.

You can get more info on the patch here. And as I said earlier, you should download it and install it on anything that uses OpenSSL 3.

UPDATE: I have additional commentary. Starting with Neal Humphrey, AVP of Security Strategy at Deepwatch. 

“The news is out on the OpenSSL front, and thankfully things have been downgraded from Critical to High. While there is a remote code execution (RCE) aspect to the exploit, it is not at the level of the Log4J issues from last year. Log4J was an issue due to its spread and the access that it provided. The OpenSSL issues can be seen as widespread as Log4J but it just isn’t as dangerous. That being said, users should still look to upgrade based on the exploit due to the distributed nature of OpenSSL and it’s ability to modified, different from log4j”

I will have additional commentary and analysis as the day goes on. Stay tuned!

UPDATE #2: I have additional commentary from Kevin Bocek, VP of Security Strategy & Threat Intelligence at Venafi:

“Patching this new OpenSSL vulnerability is just the start, as it demonstrates how machine identities can be broken, allowing threat actors to masquerade as trusted services. Whether we’re running in the cloud in Azure, using Kubernetes in Amazon AWS, or using Apache in your datacenter, the entire digital business requires safe authentication of machine identities. The vulnerabilities in OpenSSL show the impact of poor machine identity management – specifically authenticating machine identities – opening the door to attackers. 

“The current lack of visibility of complex cloud environments leaves businesses dangerously open to attack. Cloud is an untapped war front for threat actors, and I suspect we’ll see a lot more attacks on cloud native environments over the next few months. There’s a knowledge gap on both the threat actor and security sides, so we’re yet to truly understand the security implications, the attacks we might face, and vulnerabilities we may uncover. As we develop a deeper understanding of these complex environments, we’ll see a lot more critical vulnerabilities and high-impact attacks unearthed.

“Now that the seriousness of this vulnerability has been disclosed, it is likely that threat actors are already looking to take advantage of it. To protect themselves, organizations must prioritize patching, and fast. But as with Heartbleed, organizations also need to replace the machine identities impacted by OpenSSL’s vulnerability. We can’t be successful in digital business without the four tasks of machine identity management – authentication, authorization, lifecycle, and governance – work correctly. History has shown that the industry needs to be ready for these events, now and in the future.”

UPDATE #3: I have a blog post from Rezilion that goes into the weeds by analyzing this issue in detail. Plus I have additional commentary from Yotam Perkal, Director of Vulnerability Research at Rezilion:

Is there any cause for concern?

The short answer is, you should be worried.

How worried should you be?

Well, that depends how many vulnerable instances of OpenSSL3.x you have in your environment and do you have the ability to accurately detect them so that you could apply the patch once it’s out.

The OpenSSL team announcement caused significant concern for several reasons. First, this is only the second time that the OpenSSL project team classifies a vulnerability as critical. The previous time being Heartbleed (CVE-2014-0160) which enables attackers to compromise sensitive information such as secrets and private keys that were meant to be protected by SSL/TLS.

Second, OpenSSL is extremely prevalent in modern computer environments. The relatively long advance warning window provided by the OpenSSL project team has added to the speculations regarding the significance of this vulnerability.

That said, the potential impact in this case seems relatively limited. Mainly due to the fact that the vulnerability only affects OpenSSL versions 3.x.

Why is that significant?

Well, version 3.0 of OpenSSL was only released a year ago. In IT terms, it is considered a new library. Hence, not many software projects and applications have migrated to use it which makes it relatively rare to find in production systems.

For proportion, there are currently under 16,000 publicly accessible servers worldwide running potentially vulnerable versions of OpenSSL (3.X) while close to 240,000 servers are STILL vulnerable to Heartbleed 8 years after its initial discovery

Does Yotam think this is an issue worth covering?

Yes. It definitely deserves coverage.

What kind of tools this vulnerability might affect. What platforms/companies etc use this?

As I mentioned earlier, Second, OpenSSL is extremely prevalent in modern computer environments. Yet since version 3.x is relatively new it is less common to find in a production setting.

These are several Linux OS distributions that come with OpenSSL 3.x out-of-the-box. For example (a more comprehensive list is available here):

CentOs stream 9

Fedora 36

Fedora Rawhide

Kali 2022.3

Linux Mint 21 Vanessa

Mageia Cauldron

OpenMandriva 4.3

Redhat ES 9

Rocky Linux release 9.0

Ubuntu 22.04 (Jimmy)

Do note that there is a possibility that an OS distribution does not come with OpenSSL 3.x by default yet it was actively installed at a later stage.

If you are running Docker containers in your environment, please refer to the DockerHub image vulnerability database which tracks vulnerable container images under DSA-2022-0001.

Docker currently estimates that around 1,000 docker image repositories (Official Images and Verified Publisher Images) are potentially vulnerable.

UPDATE #4: I have commentary from Mattias Gees, Container Product Lead at Venafi

“When OpenSSL first announced this patch was coming, I immediately thought back to major vulnerabilities of the past, such as Heartbleed and Log4j. However, this vulnerability has been downgraded from critical to high severity by OpenSSL, mainly because it doesn’t cause data leakage and the attack vector is relatively small. But this doesn’t mean we’re off the hook as the risk of DDoS attacks is still high if servers request client authentication, and a malicious server connects.

“Servers that are on OpenSSL 3.0 and are using Client Authentication in a non-trusted environment – such as public facing servers – should patch immediately to ensure they don’t fall victim to DDoS attacks. Servers running in trusted environments should still be patched, but the urgency here is reduced as attacks won’t be effective unless a threat actor manages to infiltrate your network.”

Leave a comment »

Hisense Announces The U88H Series

Posted in Commentary with tags on November 1, 2022 by itnerd

With a remarkably bright picture, vibrant colours and impressive contrast, the Hisense U88H Series Quantum Dot Google TV delivers an immersive viewing experience.

Launched earlier this year at CES 2022 in Las Vegas, the premium 4K ULED TV, which features a Mini LED upgrade paired with Hisense’s Quantum Dot technology, is now available in Canada. The U88H Series is available in 55-inch, 65-inch and 75-inch models.

With a 120Hz refresh rate, a peak brightness of up to 1,500 nits and picture upgrades like IMAX Enhanced, Ultra Motion Sports Mode, Filmmaker Mode, Dolby Vision IQ, state-of-the-art picture quality with Dolby IQ and HDR10+, the U88H Series takes picture quality to a new level. With growing interest in free, live over-the-air broadcast, especially local news, sports and network content, the newly integrated NEXTGEN TV (ATSC 3.0) offers extensive options to watch content in 4K HDR and Dolby audio. 

Some features of the U88H Series include:

  • Quantum Dot — Boasting a palette of more than a billion colours, Hisense Quantum Dot ULED TVs display true lifelike colours with beautiful gradation that elevates the overall picture quality with authentic colour, brilliant contrast, clear motion and distinct details.
  • Mini LED — Much smaller than conventional LEDs, they allow for significantly more LEDs on each panel producing incredible detail and contrast with deeper black and brighter white levels
  • 1,500 nits Peak Brightness — A higher number of nits means TVs with HDR can reach a higher contrast ratio. This allows the U88H to better differentiate between bright and dark scenes without losing detail. 
  • Ultra Motion Sports Mode — The native 120Hz refresh rate and sports mode removes “noise” using a dynamic algorithm tailored to moving object, resulting in a truly vibrant, crystal-clear image. It also enhances crowd surround sound effects, meaning lifelike crowd sound while the commentator stays clear and focused.
  • Google TV™ — Equipped with Google, the U88H brings together movies, shows and more from across your apps and subscriptions and organizes them just for you. Discover new things to watch with recommendations based on what you watch and what interests you. The voice control remote makes it easier to find movies and shows, answer questions, control smart home devices, and more.

The  U88H Series televisions are available in stores and online at  Visions Electronics stores across Canada and online at Best Buy, Amazon, The Brick, Tanguay, and other authorized retailers. 

For more information, please visit hisense-canada.com

Leave a comment »

Musk Appears To Have Frozen Out Moderators On Twitter…. That’s Not Good

Posted in Commentary with tags on November 1, 2022 by itnerd

Elon Musk is free speech at all costs sort of guy. And it is possible that we’re starting to see that in action as this Bloomberg story reveals that members of Twitter’s Trust and Safety organization appear to be frozen out from moderating content on the platform:

Twitter Inc., the social network being overhauled by new owner Elon Musk, has frozen some employee access to internal tools used for content moderation and other policy enforcement, curbing the staff’s ability to clamp down on misinformation ahead of a major US election.

Most people who work in Twitter’s Trust and Safety organization are currently unable to alter or penalize accounts that break rules around misleading information, offensive posts and hate speech, except for the most high-impact violations that would involve real-world harm, according to people familiar with the matter. Those posts were prioritized for manual enforcement, they said.

People who were on call to enforce Twitter’s policies during Brazil’s presidential election did get access to the internal tools on Sunday, but in a limited capacity, according to two of the people. The company is still utilizing automated enforcement technology, and third-party contractors, according to one person, though the highest-profile violations are typically reviewed by Twitter employees.

San Francisco-based Twitter declined to comment on new limits placed on its content-moderation tools.

Here is why this is a huge problem:

The scaled-back content moderation has raised concerns among employees on Twitter’s Trust and Safety team, who believe the company will be short-handed in enforcing policies in the run-up to the US midterm election on Nov. 8. Trust and Safety employees are often tasked with enforcing Twitter’s misinformation and civic integrity policies — many of the same policies that former President Donald Trump routinely violated before and after the 2020 elections, the company said at the time.

Other employees said they were worried about Twitter rolling back its data access for researchers and academics, and about how it would deal with foreign influence operations under Musk’s leadership.

On Friday and Saturday, Bloomberg reported a surge in hate speech on Twitter. That included a 1,700% spike in the use of a racist slur on the platform, which at its peak appeared 215 times every five minutes, according to data from Dataminr, an official Twitter partner that has access to the entire platform. The Trust and Safety team did not have access to enforce Twitter’s moderation policies during this time, two people said.

If Musk is promising that Twitter won’t become a “free for all hellscape“under his leadership, then this doesn’t help to meet that standard. It’s becoming increasingly clear that Elon Musk is going to drive down the value of Twitter so much due to his poor decision making, that he’ll burn through a ton of cash and it will start to affect his other ventures like Tesla and Space-X. Which means that this will not end well for Musk on multiple fronts.  

Leave a comment »

An Update On Bell’s Gigahub Rollout Issues…. It’s Not You, It’s Them

Posted in Commentary with tags on November 1, 2022 by itnerd

You might recall that I wrote about the new Bell Gigahub which is part of their 8 Gbps fibre rollout, and the troubles that some people have had with it when it comes to using their own gear with the Gigahub. And I asked for people who were in the Greater Toronto Area who were having trouble with to ping me so that I could see these issues first hand. First of all, I’d like to thank the people who’ve I met over the last couple of weeks to look at this, and it’s allowed me to conclude that this Gigahub has issues. And what’s really good about this situation is that Bell has confirmed that there are issues with the Gigahub via this thread on DSLReports.com and that a firmware fix is coming (click to enlarge):

Bell_Dom is a Bell employee who really goes above and beyond to help Bell customers on DSLReports.com. Thus if he says it, it’s fact. Though I would love to know when this firmware is rolling out so that I can be ready to assist the people that I’ve met further.

In any case, here’s what the issue is:

  • If you have a Bell service that uses XGS-PON, then the Gigahub will work fine. Bell’s 8 Gbps service uses XGS-PON.
  • If you have a Bell service that uses GPON, then the Gigshub doesn’t work with your own hardware properly. Every other Bell service uses GPON.

Thus I have to assume that that Bell or Sagecomm who makes the Gigahub screwed something up with their GPON support when it is used with a third party router. I’m kind of not surprised by this as people using their own gear are an edge case to Bell. Thus I can see that they would not spend any time testing that scenario.

I’ll be keeping an eye on this and I will provide updates as I become aware of them.

UPDATE: I was asked in the comments below if one should change their Gigahub to XGS-PON to GPON to fix this issue. The answer is NO. Absolutely NOT. This is a setting for the Bell hardware that Bell’s hardware has to communicate to the Bell network depending on the use case. By that I mean that depending on what Bell speed tier you have, this setting might change. Changing this will break access to the Internet. So you should not touch this. Again, Bell will address this issue in a firmware update.

UPDATE #2: Bell has updated firmware that seems to address this issue. Details here.

9 Comments »

Twitter Is Descending Into A Hellscape For Employees Under Musk

Posted in Commentary with tags on November 1, 2022 by itnerd

Twitter under Elon Musk is becoming the one thing that he promised it wouldn’t become. A Hellscape. Specifically a hellscape for his employees. CNBC reports that Musk is forcing employees to prove their worth, and meet insanely impossible deadlines:

Twitter employees who were there before Musk took over said they have been asked to show his teams all manner of technical documentation, to justify their work and their teams’ work, and to explain their value within the company. The threat of dismissal looms if they do not impress, they said.

The employees said they are worried about being fired without cause or warning, rather than laid off with severance. Some are worried that they will not be able to reap the rewards of stock options that are scheduled to vest in the first week of November, according to documentation viewed by CNBC.

Meanwhile, the Twitter employees said they have not received specific plans from Musk and his team yet, and are largely in the dark about possible head count cuts within their groups, budgets and long-term strategies.

Musk has set nearly impossible deadlines for some to do-list items, however.

And:

Managers at Twitter have instructed some employees to work 12-hour shifts, seven days a week, in order to hit Musk’s aggressive deadlines, according to internal communications. The sprint orders have come without any discussion about overtime pay or comp time, or about job security. Task completion by the early November deadline is seen as a make-or-break matter for their careers at Twitter.

In an atmosphere of fear and distrust, many Twitter employees have stopped communicating with each other on internal systems about workplace issues. What’s more, some of Twitter’s Slack channels have gone nearly silent, multiple employees told CNBC.

Meanwhile, Musk and his inner circle have been plumbing archived messages in the systems, ostensibly looking for people to fire and budgets or projects to slash.

A couple of things spring to mind. First is the fact that if a leader of other human beings has to threaten people to get them to perform, that leader doesn’t have the ability to lead. Second, this culture of fear that Musk is creating is going to send key people to the exits. And then what does he do?

Honestly, if I worked for Twitter, and I hadn’t made my way to the exits by now, I would be doing do immediately. Even working for Burger King would be better than working for Elon Musk.

Leave a comment »

« Older Entries
Newer Entries »