Critical infrastructure II

From DevSummit
Jump to navigation Jump to search

summary of things discussed on the previous session

whats critical infra to you?

organized postits

how we can be fill gaps collectively? solidarity, backing up each others

backups and humans are the most critical sticky notes

where do we store backups, do we host each others? policies

what are the challenges for small teams? burnout, training, mentorship

continue raising these questions and what we need to do together as a network

coffee and tea as critical infra

take a look at the other categories. there's a random column for things that didn't fit yet

funds, dns, comms internal / external

what's the goal of this session?

the outcome is to have clarity of blockers for each category so we can take these conversations online

is it storage or a computation abstract?

it's easier to look into technical issues, but human and legal matters its harder for us.

it'd be better to focus on what's harder for us now

do we want to think in terms of threat models? technical threats and humans wear out

the most common threat model we've seen is malicious third parties attacking individual members

it's hard to build day to day governance with spread out networks

education is different matter from legal and mental health

do we keep on the human matters? show of hands

the human element is emergency preparedness like having an accident and how we respond to it

what are the bottlenecks let's identify them

two big categories from the human issues are mental health and...

moving sticky notes to more specific sub categories

[...]

add self care (eating, resting) to the incident response policy / plans

the longer you go without a break the longer will the issue be solved. common understanding that we need breaks to be responsive

who's isolated, who has a partner, a pet, what's their support network

meal train!

check on (ask or talk beforehand), ping me.

order pizza

when someone's on call let them go to sleep, even if some things are down

one subject matter expert. have an accountability buddy even from another organization.

channels that are always on (irc) where you can pop in

take advantage of timezone differences

calling is more instant than email

have checklist templates, including wellness checks, so you don't have to add it during the incident

it's hard to come up with a checklist when it's not your area of expertise. don't ask chatgpt!

can we have common templates?

when several people are passionate about a topic, start a working group so they can document for others. otherwise we don't have time.

creative commons baseline

there's corporate experience in this even

sometime it's volunteer time so be mindful of it

blockers on skill sharing

we're very good at offering skill sharing but they often go undocumented

start a small low stakes projects to build trust

notes are documentation too but not everyone takes them and it's invisible gendered work

staff for taking care of steps, minute taking, scheduling, checking in, should be paid labor

a coordinator is a secretarial role and lightweight governance, things get done. stewardship. what's the cost of it. let's think concretely how many hours it'll take, and think it as a cost for participating. some clock the time of participating.

stewardship / secretarial vs benevolent dictatorship. good willed people how's going to burn out or power hungry assholes. who's attracted to these roles.

diverse working groups (who are stakeholders)

it's a lesson of the last eight years that we're trying to put a bunch of structure before starting the work. and the work has been started already. low stakes projects don't need the funding that we didn't yet get, and it helps build trust.

who's just starting from version zero?

quick small scale thing to prototype trust and governance

term limits to avoid power concentration and burn out

build best practices lists

have a two person team so we have rotation and mentorship. we don't need to follow the model of the non profit industrial complex. think differently like an apple commercial.

resources and knowledge are decentralized, everyone's doing their own thing. corporate does it centrally. on a network like this we need shared perspectives.

find a baseline of collectivism before starting a (governance) conversation

there's a survey of the stack each organization is using. who can help with a specific technology.

remote model and management (rmm)

we're already have some collectivism within infrared how can we formalize it beyond the mailing list

standardization could get weird. we share information about the things we use or are custom made in the most minimal way they could serve their communities. some collectives are doing totally differently. corporate standards are very heavy

embrace that we do things differently

enable a lightweight model to support each other on what we can share

not a particular software but you have a policy on backups, monitoring, etc. take stock of how we deal with this.

not standardization of tools, but the principles

also enable skill sharing on common things

standardization also means we have the same vulnerabilities

some level of interoperability

sharing of the abstract and the mutual support. the mailing lists has an archive we can go back to.

start doing things concurrently

can we find a channel that used to be irc?

we talked about a discourse instance.

Retrieved from "https://devsummit.aspirationtech.org/index.php?title=Critical_infrastructure_II&oldid=3305"