I have witnessed devastating ransomware attacks. When you are working with
data and in a world where your infrastructure is the target of organised
crime from just about any crevice in the world, liability is absolutely a
reason why anyone should consider what services they offer, the impact
those services has and if a bad actor was to take over those services,
exactly what the impact would be for both the service provider and its
end-users.
A backup protects the service providers ability to continue to provide the
services, it doesn't really close the loophole that allowed access in the
first place. What it doesn't protect is the contact details of each and
every person in that list, names, e-mail addresses and a credible source
are enough to instigate a phishing campaign from a trusted source and trust
me when I say this, people are more than happy to divulge their credentials
to a web page they obtained by clicking a link in a trusted e-mail.
User-error is partly to blame in most of these cases, but the
service-providers reputational damage almost irrecoverable (because blaming
the IT guy is always easier).
As for your network contributions... good for you... we wouldn't do things
for free unless we felt good about it (no such thing as a selfless act
after all)... my comment was specifically around this topic. I think we are
all here because we want to contribute something but in the glaring absence
of an actual credible, alternative solution to the current problem of a
lack of mail-distribution platform and when weighted against some probable
outcomes, outsourcing makes sense.
On Sun, 24 Apr 2022 at 11:24, Rob PE1CHL via 44net <44net(a)mailman.ampr.org>
wrote:
I don't think the current maintainer is doing it
for free. And I think
that should not matter.
We have a mission to create a network for amateur radio purposes. When we
think that we
cannot host services because of stupid liability issues or because it
would cost us time, we
better stop doing it and pass the buck to the Googles, Microsofts and
Facebooks of the world.
I think it is ridiculous that we would even CONSIDER these kinds of things
in an amateur radio
network.
And w.r.t. me doing things for the network, you probably are not aware of
how much effort I
spend on it all for free.
Rob
On 4/24/22 12:02, Mark Stevenson via 44net wrote:
Rob... I'm sure you are aware that there are
very clear distinctions
between offering network, email, web, voip, ntp and the
many other services
that make up what we consider to be the internet today?
All these parts are put together with varying levels of skill,
resources, hardware
and service-specific expertise. 44net (AMPR, ARDC etc)
offer network services, they are an NSP, the people that would for the
organisation and provide the service, although may well be inclined and
skilled in such a way to rebuild a mail server, they are not mail-service
providers. The mailing list is ancillary to their core-service, as such
they felt the best thing to do now is perhaps find a provider, that has a
core-competency in mailing list management.
It is for the users of 44net to make-up the services that reside on the
44net
service and if the person that volunteered their time, resources and
effort into maintaining a now defunct mail-server now decides he no longer
wishes to do so, it makes perfect sense that what is considered an
incredibly well-used resource is hosted elsewhere, where any of the
previous oversights, such as backups, will be maintained under an SLA with
a provider who offer those services.
I've worked with the amateur radio community long enough to know that
the
callsign comes with a sense of 'entitlement' that empowers its holders
to almost 'demand' the free services they are using not only continue to be
free indefinately (doable) but also in such a way that appeases them (not
so much)... If you feel so strongly that in the spirit of ham radio that
someone volunteer their time, resources and effort in to hosting a mailman
service.... you do it!
I'm an IT professional, I could host the service quite easily at my QTH
or on
one of the VPS I have, but I have to ensure that user data is
protected and secure, isn't succumbed to cyber-offenses and that the
service has a reasonable level of availability and it's usage conforms to
the many regulartory domains that exist across the world... Doing to for
free, doesn't negate liability by the way ;) So, I passed on the
opportunity to raise my hand... and anyone else considering it needs to
read the above first.
Thats my 2-pence... ;)
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org