I have witnessed devastating ransomware attacks. When you are working with data and in a world where your infrastructure is the target of organised crime from just about any crevice in the world, liability is absolutely a reason why anyone should consider what services they offer, the impact those services has and if a bad actor was to take over those services, exactly what the impact would be for both the service provider and its end-users.

A backup protects the service providers ability to continue to provide the services, it doesn't really close the loophole that allowed access in the first place. What it doesn't protect is the contact details of each and every person in that list, names, e-mail addresses and a credible source are enough to instigate a phishing campaign from a trusted source and trust me when I say this, people are more than happy to divulge their credentials to a web page they obtained by clicking a link in a trusted e-mail. User-error is partly to blame in most of these cases, but the service-providers reputational damage almost irrecoverable (because blaming the IT guy is always easier).

As for your network contributions... good for you... we wouldn't do things for free unless we felt good about it (no such thing as a selfless act after all)... my comment was specifically around this topic. I think we are all here because we want to contribute something but in the glaring absence of an actual credible, alternative solution to the current problem of a lack of mail-distribution platform and when weighted against some probable outcomes, outsourcing makes sense.

On Sun, 24 Apr 2022 at 11:24, Rob PE1CHL via 44net <44net@mailman.ampr.org> wrote:
I don't think the current maintainer is doing it for free.  And I think that should not matter.
We have a mission to create a network for amateur radio purposes.  When we think that we
cannot host services because of stupid liability issues or because it would cost us time, we
better stop doing it and pass the buck to the Googles, Microsofts and Facebooks of the world.

I think it is ridiculous that we would even CONSIDER these kinds of things in an amateur radio
network.

And w.r.t. me doing things for the network, you probably are not aware of how much effort I
spend on it all for free.

Rob

On 4/24/22 12:02, Mark Stevenson via 44net wrote:
> Rob... I'm sure you are aware that there are very clear distinctions between offering network, email, web, voip, ntp and the many other services that make up what we consider to be the internet today?
>
> All these parts are put together with varying levels of skill, resources, hardware and service-specific expertise. 44net (AMPR, ARDC etc) offer network services, they are an NSP, the people that would for the organisation and provide the service, although may well be inclined and skilled in such a way to rebuild a mail server, they are not mail-service providers. The mailing list is ancillary to their core-service, as such they felt the best thing to do now is perhaps find a provider, that has a core-competency in mailing list management.
>
> It is for the users of 44net to make-up the services that reside on the 44net service and if the person that volunteered their time, resources and effort into maintaining a now defunct mail-server now decides he no longer wishes to do so, it makes perfect sense that what is considered an incredibly well-used resource is hosted elsewhere, where any of the previous oversights, such as backups, will be maintained under an SLA with a provider who offer those services.
>
> I've worked with the amateur radio community long enough to know that the callsign comes with a sense of 'entitlement' that empowers its holders to almost 'demand' the free services they are using not only continue to be free indefinately (doable) but also in such a way that appeases them (not so much)... If you feel so strongly that in the spirit of ham radio that someone volunteer their time, resources and effort in to hosting a mailman service.... you do it!
>
> I'm an IT professional, I could host the service quite easily at my QTH or on one of the VPS I have, but I have to ensure that user data is protected and secure, isn't succumbed to cyber-offenses and that the service has a reasonable level of availability and it's usage conforms to the many regulartory domains that exist across the world... Doing to for free, doesn't negate liability by the way ;) So, I passed on the opportunity to raise my hand... and anyone else considering it needs to read the above first.
>
> Thats my 2-pence... ;)
>

_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org