kristoff

I completely agree with your remarks.

For people who are interested in opensource and amateurradio, I propose you have a look at the conferences on that topic.

Overhere in Europe, there are two of them

• FOSDEM ("Free and Open Source Developers European Meeting") is a yearly event held in Brussels every 1st weekend of February. In the 2024 edition, there was a devroom ("developers room") on SDR and Amateur-radio. https://fosdem.org/2024/schedule/track/radio/

The videos of the talks are online. I propose to have a look at the talks on M17 and on OpenRTX.(*) Also open source hardware is becoming more interesting.

• Next september, we will be hosting "spectrum24", a new conference on "novel ways to use the spectrum we -as citizens- are able to use. It puts a lot of emphesis on Open-source as yes, most -if not all- of the new projects coming out in amateur-radio are open source.

For this conference, we are at the "cfp" (Call for Presentations) stage. See here: https://spectrum-conference.org/24/cfp

I know that Europe is the opposite side of the globe for you in Autralia. Perhaps there are similar events on your side of the world.

Kristoff (ON1ARF)

That is valid .. in peace-time when everybody accepts that.

The problem is that the reality is a lot complex. Open source only exists, because of the open source licenses. The open source licenses are only valid, because of the copyright legislation. That legislation is only valid, .. because the nation-state has determined it is valid.

Consider a scenario where a nation-state (whatever state that may be, just making a general starement here) decides that for sectors it conciders critical for the state, it -or companies that act on its behalve- are allowrd to use / copy / enclose whatever open source technology they want without being subject to the requirements that come with the opensource license. So they can use whatever open source technology they want but they do not have to return anything to it. They can even use it in closed products.

How do you propose to handle such a scenario?

Kr.

Yes, that's a very useful idea. Thanks!

If you get your domain from OVH, you get one single mailbox (be it with a lot of aliases, like a different email-address for every service/website you use) for free.

What is your 'deleted files' policy? How long do you keep them? I had a similar issue but then found out that the nextcloud cron-process wasn't running so files in the 'deleted files' folder where never really deleted.

Well, based on advice of Samsy, take a backup of home-server network to a NAS on your home-network. (I do home that your server-segment and your home-segment are two seperated networks, no?) Or better, set up your NAS at a friend's house (and require MFA or a hardware security-key to access it remotely)

What was that saying again?

"the biggest thread to the safety and cybersecurity of the citizens of a country ... are managers who think that cybersecurity is just a number on an exellsheet"

(I don't know where I read this, but I think it really hits the nail on the head)

I have been thinking the same thing.

I have been looking into a way to copy files from our servers to our S3 backup-storage, without having the access-keys stored on the server. (as I think we can assume that will be one of the first thing the ransomware toolkits will be looking for).

Perhaps a script on a remote machine that initiate a ssh to the server and does a "s3cmd cp" with the keys entered from stdin ? Sofar, I have not found how to do this.

Does anybody know if this is possible?

Yes. Fair point.

On the other hand, most of the disaster senarios you mention are solved by geographic redundancy: set up your backup // DRS storage in a datacenter far away from the primary service. A scenario where all services,in all datacenters managed by a could-provider are impacted is probably new.

It is something that, considering the current geopolical situation we are now it, -and that I assume will only become worse- that we should better keep in the back of our mind.

I will put "multicloud" on my wishlist.

Looking at it from a infosec point of view, cloud-providers are an ideal target. All the customers who have just lost all their data now complaining to the cloud-provider are the ideal pressure-mechanism to get the cloud-provider to pay out.

In this case, it is not you -as a customer- that gets hacked, but it was the cloud-company itself. The randomware-gang encrypted the disks on server level, which impacted all the customers on every server of the cloud-provider.

The issue is not cloud vs self-hosted. The question is "who has technical control over all the servers involved". If you would home-host a server and have a backup of that a network of your friend, if your username / password pops up on a infostealer-website, you will be equaly in problem!