recurring feeling that a big obstacle to the proliferation of tech co-ops will be security culture and practices for tech co-ops. don't think its impossible, but internet is also sort of an adversarial space these days

@notplants the primary risk is "oopsie", not malice or subterfuge IMO. Backups are the primary defense.

@forestjohnson I might agree that "oopsie" is the main risk and backups are a great defense to that (and also many malicious attacks)

but I don't know that many tech co-ops, and I already know two that have had malicious attacks

here is a report from @mayfirst outreach.mayfirst.org/civicrm/

and @abekonge also had an an experience with their tech coop although I don't know if they've written about it anywhere

as well as the targeted attacks at codeberg

@notplants @mayfirst @abekonge

Well, this started out talking about security culture and practices. It kind of sounded to me like you were referring to internal risk, not external risk.

An example of an internal risk was when the person who operated kolektiva was raided by the cops and all the backups were seized.

DDOS is firmly in the external risk category. Besides the LLM scraper bullshit, I'm not convinced that DDOS is that big of a deal. It's very illegal. It's very expensive, and can't go on forever.

I have some ideas around how small servers can mitigate DDoS attacks, It's obviously an area of active development with Anubis, etc. And I think the development may continue with even more evasive solutions.

@forestjohnson @mayfirst @abekonge

ah yes, I was thinking about "security culture and practices" for preventing internal and external risk

Follow

@notplants @mayfirst @abekonge

In my limited experience, internal risk is way more relevant. Or at least I think people tend to severely underestimate it, and overestimate external risks.

I guess "oopsie" is one, but infighting and abandonment might be even more likely.

· Edited · · 0 · 0 · 0
Sign in to participate in the conversation
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.