Skip to content
  • Hjem
  • Seneste
  • Etiketter
  • Populære
  • Verden
  • Bruger
  • Grupper
Temaer
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Kollaps
FARVEL BIG TECH
  1. Forside
  2. Ikke-kategoriseret
  3. I'm coming to the conclusion that community-owned and operated small clouds (co-ops) with easy onramps for self-hosting open source services like mail, storage, and VPN are the only way forward.

I'm coming to the conclusion that community-owned and operated small clouds (co-ops) with easy onramps for self-hosting open source services like mail, storage, and VPN are the only way forward.

Planlagt Fastgjort Låst Flyttet Ikke-kategoriseret
149 Indlæg 62 Posters 0 Visninger
  • Ældste til nyeste
  • Nyeste til ældste
  • Most Votes
Svar
  • Svar som emne
Login for at svare
Denne tråd er blevet slettet. Kun brugere med emne behandlings privilegier kan se den.
  • thief_of_fire@infosec.exchangeT thief_of_fire@infosec.exchange

    @mttaggart personally, I'd like to start a cooperatively owned Mastodon instance where ownership costs pay for infra, admin, and moderation, with owners all having a voice in operation, governance, and direction. Trying to find models as alternatives to benevolent third parties and pleading for donations.

    mttaggart@infosec.exchangeM This user is from outside of this forum
    mttaggart@infosec.exchangeM This user is from outside of this forum
    mttaggart@infosec.exchange
    wrote sidst redigeret af
    #22

    @thief_of_fire https://cosocial.ca/about

    thief_of_fire@infosec.exchangeT 1 Reply Last reply
    0
    • ireneista@adhd.irenes.spaceI ireneista@adhd.irenes.space

      @vfrmedia @philcowans @mttaggart well, you find a solid lawyer as one of your first steps...

      but yes, it's a significant barrier to entry

      vfrmedia@social.tchncs.deV This user is from outside of this forum
      vfrmedia@social.tchncs.deV This user is from outside of this forum
      vfrmedia@social.tchncs.de
      wrote sidst redigeret af
      #23

      @ireneista @philcowans @mttaggart

      I think even a basic hosting service for community organisations /could/ work, but you'd have to set clear boundaries on what it can and can't be used for *and* enforce them - (after all you wouldn't want the local Reform/Restore Britain group or the equivalent in other areas making use of the resources, or its no better than what Mullvad and others are doing and claiming its "free speech")

      ireneista@adhd.irenes.spaceI 1 Reply Last reply
      0
      • ireneista@adhd.irenes.spaceI ireneista@adhd.irenes.space

        @vfrmedia @philcowans @mttaggart well, you find a solid lawyer as one of your first steps...

        but yes, it's a significant barrier to entry

        mttaggart@infosec.exchangeM This user is from outside of this forum
        mttaggart@infosec.exchangeM This user is from outside of this forum
        mttaggart@infosec.exchange
        wrote sidst redigeret af
        #24

        @ireneista @vfrmedia @philcowans It's why you need a legal entity in front of individuals to mitigate liability. But there are costs

        And it's a trade-off. You're paying for conscience and choice with risk.

        vfrmedia@social.tchncs.deV 1 Reply Last reply
        0
        • vfrmedia@social.tchncs.deV vfrmedia@social.tchncs.de

          @ireneista @philcowans @mttaggart

          I think even a basic hosting service for community organisations /could/ work, but you'd have to set clear boundaries on what it can and can't be used for *and* enforce them - (after all you wouldn't want the local Reform/Restore Britain group or the equivalent in other areas making use of the resources, or its no better than what Mullvad and others are doing and claiming its "free speech")

          ireneista@adhd.irenes.spaceI This user is from outside of this forum
          ireneista@adhd.irenes.spaceI This user is from outside of this forum
          ireneista@adhd.irenes.space
          wrote sidst redigeret af
          #25

          @vfrmedia @philcowans @mttaggart content policy enforcement is a trap though, if you build a mechanism it will be used against you

          ireneista@adhd.irenes.spaceI 1 Reply Last reply
          0
          • ireneista@adhd.irenes.spaceI ireneista@adhd.irenes.space

            @vfrmedia @philcowans @mttaggart content policy enforcement is a trap though, if you build a mechanism it will be used against you

            ireneista@adhd.irenes.spaceI This user is from outside of this forum
            ireneista@adhd.irenes.spaceI This user is from outside of this forum
            ireneista@adhd.irenes.space
            wrote sidst redigeret af
            #26

            @vfrmedia @philcowans @mttaggart what we're hoping is of course that knowing the people involved is some sort of solution, but there's a specific type of adversarial modeling we'd need to work through, for how that sort of thing plays out after the usual asshat bad-faith bullshit and a few rounds of legal threats

            mttaggart@infosec.exchangeM 1 Reply Last reply
            0
            • mttaggart@infosec.exchangeM mttaggart@infosec.exchange

              @ireneista @vfrmedia @philcowans It's why you need a legal entity in front of individuals to mitigate liability. But there are costs

              And it's a trade-off. You're paying for conscience and choice with risk.

              vfrmedia@social.tchncs.deV This user is from outside of this forum
              vfrmedia@social.tchncs.deV This user is from outside of this forum
              vfrmedia@social.tchncs.de
              wrote sidst redigeret af
              #27

              @mttaggart @ireneista @philcowans

              There's a similar discussion about this here and the issues involved (at least from a USA perspective)

              https://defcon.social/@thedarktangent/116823710775702749

              jt_rebelo@ciberlandia.ptJ 1 Reply Last reply
              0
              • brahms@chaos.socialB brahms@chaos.social

                @mttaggart any suggestion on home labbing (two b's?) in this era of crazy hardware prices?

                ithoughtisawa2@infosec.exchangeI This user is from outside of this forum
                ithoughtisawa2@infosec.exchangeI This user is from outside of this forum
                ithoughtisawa2@infosec.exchange
                wrote sidst redigeret af
                #28

                @brahms @mttaggart you can do more than you think with old desktop hardware and 16 gigs of DDR4 RAM. It is also much more energy efficient than server hardware (and much quieter too)

                mttaggart@infosec.exchangeM dbrand666@mastodon.socialD 2 Replies Last reply
                0
                • ithoughtisawa2@infosec.exchangeI ithoughtisawa2@infosec.exchange

                  @brahms @mttaggart you can do more than you think with old desktop hardware and 16 gigs of DDR4 RAM. It is also much more energy efficient than server hardware (and much quieter too)

                  mttaggart@infosec.exchangeM This user is from outside of this forum
                  mttaggart@infosec.exchangeM This user is from outside of this forum
                  mttaggart@infosec.exchange
                  wrote sidst redigeret af
                  #29

                  @ithoughtisawa2 @brahms Absolutely, especially for individuals or families. When you need to guarantee reliability for a community, things do get more complicated if you're doing it right.

                  ko@gotosocial.artK 1 Reply Last reply
                  0
                  • mttaggart@infosec.exchangeM mttaggart@infosec.exchange

                    @thief_of_fire https://cosocial.ca/about

                    thief_of_fire@infosec.exchangeT This user is from outside of this forum
                    thief_of_fire@infosec.exchangeT This user is from outside of this forum
                    thief_of_fire@infosec.exchange
                    wrote sidst redigeret af
                    #30

                    @mttaggart I love that. Need to do some more research, but would love to get involved with making a US, or even US regional version of this happen.

                    print@theforkiverse.comP 1 Reply Last reply
                    0
                    • ireneista@adhd.irenes.spaceI ireneista@adhd.irenes.space

                      @vfrmedia @philcowans @mttaggart what we're hoping is of course that knowing the people involved is some sort of solution, but there's a specific type of adversarial modeling we'd need to work through, for how that sort of thing plays out after the usual asshat bad-faith bullshit and a few rounds of legal threats

                      mttaggart@infosec.exchangeM This user is from outside of this forum
                      mttaggart@infosec.exchangeM This user is from outside of this forum
                      mttaggart@infosec.exchange
                      wrote sidst redigeret af
                      #31

                      @ireneista @vfrmedia @philcowans I don't have the full answer but for sure a component is that small services can and should show bad actors the door with haste.

                      ireneista@adhd.irenes.spaceI vfrmedia@social.tchncs.deV 2 Replies Last reply
                      0
                      • mttaggart@infosec.exchangeM mttaggart@infosec.exchange

                        @ireneista @vfrmedia @philcowans I don't have the full answer but for sure a component is that small services can and should show bad actors the door with haste.

                        ireneista@adhd.irenes.spaceI This user is from outside of this forum
                        ireneista@adhd.irenes.spaceI This user is from outside of this forum
                        ireneista@adhd.irenes.space
                        wrote sidst redigeret af
                        #32

                        @mttaggart @vfrmedia @philcowans yes, absolutely

                        1 Reply Last reply
                        0
                        • mttaggart@infosec.exchangeM mttaggart@infosec.exchange

                          @ireneista @vfrmedia @philcowans I don't have the full answer but for sure a component is that small services can and should show bad actors the door with haste.

                          vfrmedia@social.tchncs.deV This user is from outside of this forum
                          vfrmedia@social.tchncs.deV This user is from outside of this forum
                          vfrmedia@social.tchncs.de
                          wrote sidst redigeret af
                          #33

                          @mttaggart @ireneista @philcowans

                          one problem is if the bad actor is stubborn and determined, it can be way more than a small group with limited resources is able to cope with, especially if the project isn't providing a full time paid day job for the people involved *and* legal protection for them..

                          I don't even get deeply involved in the existing community groups round here nowadays, due to the inevitable conflict and drama that occurs and that it turns out to be more stressful than my day job!

                          mttaggart@infosec.exchangeM 1 Reply Last reply
                          0
                          • vfrmedia@social.tchncs.deV vfrmedia@social.tchncs.de

                            @mttaggart @ireneista @philcowans

                            one problem is if the bad actor is stubborn and determined, it can be way more than a small group with limited resources is able to cope with, especially if the project isn't providing a full time paid day job for the people involved *and* legal protection for them..

                            I don't even get deeply involved in the existing community groups round here nowadays, due to the inevitable conflict and drama that occurs and that it turns out to be more stressful than my day job!

                            mttaggart@infosec.exchangeM This user is from outside of this forum
                            mttaggart@infosec.exchangeM This user is from outside of this forum
                            mttaggart@infosec.exchange
                            wrote sidst redigeret af
                            #34

                            @vfrmedia @ireneista @philcowans Worth distinguishing external bad actors causing a headache and internal service users for which a provider may be liable. The latter is, I think, the bigger concern and novel problem for most in this proposal.

                            ireneista@adhd.irenes.spaceI vfrmedia@social.tchncs.deV 2 Replies Last reply
                            0
                            • mttaggart@infosec.exchangeM mttaggart@infosec.exchange

                              @vfrmedia @ireneista @philcowans Worth distinguishing external bad actors causing a headache and internal service users for which a provider may be liable. The latter is, I think, the bigger concern and novel problem for most in this proposal.

                              ireneista@adhd.irenes.spaceI This user is from outside of this forum
                              ireneista@adhd.irenes.spaceI This user is from outside of this forum
                              ireneista@adhd.irenes.space
                              wrote sidst redigeret af
                              #35

                              @mttaggart @vfrmedia @philcowans right and like, if you're trying to serve marginalized communities, that's inherently risky because people's existence is politicized and that's beyond their control

                              and if you're not, what are you even doing

                              philcowans@universeodon.comP 1 Reply Last reply
                              0
                              • mttaggart@infosec.exchangeM mttaggart@infosec.exchange

                                @vfrmedia @ireneista @philcowans Worth distinguishing external bad actors causing a headache and internal service users for which a provider may be liable. The latter is, I think, the bigger concern and novel problem for most in this proposal.

                                vfrmedia@social.tchncs.deV This user is from outside of this forum
                                vfrmedia@social.tchncs.deV This user is from outside of this forum
                                vfrmedia@social.tchncs.de
                                wrote sidst redigeret af
                                #36

                                @mttaggart @ireneista @philcowans

                                keeping out external threats is normal cybersecurity stuff and relatively easy to deal with (same as making sure your car or house door is locked and carrying out physical checks or using CCTV if required) - but internal users could be more of a proiblem. Particularly if you are providing "private/secure" services and someone wants to use them for something that is blatantly illegal in your country..

                                ireneista@adhd.irenes.spaceI 1 Reply Last reply
                                0
                                • mttaggart@infosec.exchangeM mttaggart@infosec.exchange

                                  @ithoughtisawa2 @brahms Absolutely, especially for individuals or families. When you need to guarantee reliability for a community, things do get more complicated if you're doing it right.

                                  ko@gotosocial.artK This user is from outside of this forum
                                  ko@gotosocial.artK This user is from outside of this forum
                                  ko@gotosocial.art
                                  wrote sidst redigeret af
                                  #37

                                  @mttaggart @ithoughtisawa2 @brahms someone who has a friend that converted my shitbox laptop into a server: can confirm shit is amazing, it gave me extra aura, i no longer have to worry that i cant pay the server bill on time and now i can say i have a lot of people in my house (they are in my laptop :3)

                                  1 Reply Last reply
                                  0
                                  • vfrmedia@social.tchncs.deV vfrmedia@social.tchncs.de

                                    @mttaggart @ireneista @philcowans

                                    keeping out external threats is normal cybersecurity stuff and relatively easy to deal with (same as making sure your car or house door is locked and carrying out physical checks or using CCTV if required) - but internal users could be more of a proiblem. Particularly if you are providing "private/secure" services and someone wants to use them for something that is blatantly illegal in your country..

                                    ireneista@adhd.irenes.spaceI This user is from outside of this forum
                                    ireneista@adhd.irenes.spaceI This user is from outside of this forum
                                    ireneista@adhd.irenes.space
                                    wrote sidst redigeret af
                                    #38

                                    @vfrmedia @mttaggart @philcowans the thing we always tell people to consider before creating a corporate entity

                                    which nobody ever wants to do at that stage, and it needs to be then, for all the most realistic mitigations ....

                                    is what will you do if the jurisdiction you operate in makes it illegal, five years from now, to be openly gay or trans?

                                    mttaggart@infosec.exchangeM 1 Reply Last reply
                                    0
                                    • mttaggart@infosec.exchangeM mttaggart@infosec.exchange

                                      Not for nothing but I've written a very well-regarded guide on home labs if you want to get started.

                                      https://taggartinstitute.org/t/course-catalog/125/24

                                      aleksei@social.fakeplastictrees.eeA This user is from outside of this forum
                                      aleksei@social.fakeplastictrees.eeA This user is from outside of this forum
                                      aleksei@social.fakeplastictrees.ee
                                      wrote sidst redigeret af
                                      #39

                                      @mttaggart FYI "Go to Course" returns 404 for https://taggartinstitute.org/c/wireguard-from-scratch/42

                                      1 Reply Last reply
                                      0
                                      • vfrmedia@social.tchncs.deV vfrmedia@social.tchncs.de

                                        @mttaggart @ireneista @philcowans

                                        There's a similar discussion about this here and the issues involved (at least from a USA perspective)

                                        https://defcon.social/@thedarktangent/116823710775702749

                                        jt_rebelo@ciberlandia.ptJ This user is from outside of this forum
                                        jt_rebelo@ciberlandia.ptJ This user is from outside of this forum
                                        jt_rebelo@ciberlandia.pt
                                        wrote sidst redigeret af
                                        #40

                                        @vfrmedia @mttaggart came here to reference this, it's about the same in the EU.
                                        @ireneista @philcowans

                                        1 Reply Last reply
                                        0
                                        • ireneista@adhd.irenes.spaceI ireneista@adhd.irenes.space

                                          @vfrmedia @mttaggart @philcowans the thing we always tell people to consider before creating a corporate entity

                                          which nobody ever wants to do at that stage, and it needs to be then, for all the most realistic mitigations ....

                                          is what will you do if the jurisdiction you operate in makes it illegal, five years from now, to be openly gay or trans?

                                          mttaggart@infosec.exchangeM This user is from outside of this forum
                                          mttaggart@infosec.exchangeM This user is from outside of this forum
                                          mttaggart@infosec.exchange
                                          wrote sidst redigeret af
                                          #41

                                          @ireneista @vfrmedia @philcowans It's an important question, although I'd contend that, much like Mossad, there's no threat modeling against rapacious fascism—certainly not with legal means. Which is to say that yes, you are accepting the risk of targeting by a regime when you offer services, and members should understand that offering the service is no guarantee of safety from said regime.

                                          ireneista@adhd.irenes.spaceI 1 Reply Last reply
                                          0
                                          Svar
                                          • Svar som emne
                                          Login for at svare
                                          • Ældste til nyeste
                                          • Nyeste til ældste
                                          • Most Votes


                                          • Log ind

                                          • Har du ikke en konto? Tilmeld

                                          • Login or register to search.
                                          Powered by NodeBB Contributors
                                          Graciously hosted by data.coop
                                          • First post
                                            Last post
                                          0
                                          • Hjem
                                          • Seneste
                                          • Etiketter
                                          • Populære
                                          • Verden
                                          • Bruger
                                          • Grupper