@notplants the primary risk is "oopsie", not malice or subterfuge IMO. Backups are the primary defense.
@forestjohnson I might agree that "oopsie" is the main risk and backups are a great defense to that (and also many malicious attacks)
but I don't know that many tech co-ops, and I already know two that have had malicious attacks
here is a report from @mayfirst https://outreach.mayfirst.org/civicrm/mailing/view?reset=1&id=1478&cid=39801&cs=5bef069225f01de7d94e442b5675749a_1740019538_168
and @abekonge also had an an experience with their tech coop although I don't know if they've written about it anywhere
as well as the targeted attacks at codeberg
@notplants @mayfirst @abekonge
Well, this started out talking about security culture and practices. It kind of sounded to me like you were referring to internal risk, not external risk.
An example of an internal risk was when the person who operated kolektiva was raided by the cops and all the backups were seized.
DDOS is firmly in the external risk category. Besides the LLM scraper bullshit, I'm not convinced that DDOS is that big of a deal. It's very illegal. It's very expensive, and can't go on forever.
I have some ideas around how small servers can mitigate DDoS attacks, It's obviously an area of active development with Anubis, etc. And I think the development may continue with even more evasive solutions.
@notplants @mayfirst @abekonge
In my limited experience, internal risk is way more relevant. Or at least I think people tend to severely underestimate it, and overestimate external risks.
I guess "oopsie" is one, but infighting and abandonment might be even more likely.