Suche
Beiträge, die mit Kolektiva getaggt sind
Some positive remediation steps:
1. Do due diligence on a notification. Go through your logs and find every DM that was involved and message or email every participant. By hand if you have to
2. Recognize the scope and scale of the problem. Don't minimize it as a "small mistake" or talk about the security of mastodon generally. Talk about _your_ systems and decisions
3. Run a full postmortem. Publish it.
4. Take action from the results of that postmortem to prevent recurrence
#Kolektiva
1. Do due diligence on a notification. Go through your logs and find every DM that was involved and message or email every participant. By hand if you have to
2. Recognize the scope and scale of the problem. Don't minimize it as a "small mistake" or talk about the security of mastodon generally. Talk about _your_ systems and decisions
3. Run a full postmortem. Publish it.
4. Take action from the results of that postmortem to prevent recurrence
#Kolektiva
If it sounds like I am angry it is because I am.
The way this was handled was deeply fraked up but the response makes it worse not better.
I handle data professionally. I am deeply professionally offended by this conduct, but it isn't the _conduct_—itself bad—that bothers me nearly so much as how it was framed and how the apologia was presented.
#Kolektiva
The way this was handled was deeply fraked up but the response makes it worse not better.
I handle data professionally. I am deeply professionally offended by this conduct, but it isn't the _conduct_—itself bad—that bothers me nearly so much as how it was framed and how the apologia was presented.
#Kolektiva
Ugh. Just.
Users should have been informed _immediately_ that they needed to rotate their passwords. You don't have to give details, but you _do_ have to tell people to do that _as soon as the breach happens_.
Users should also have been informed _as soon as possible_ that a breach had occurred, again even if you can't give details for whatever reasons.
"Without undue delay" is the language in the GDPR. That seems like a good guideline.
#Kolektiva
Users should have been informed _immediately_ that they needed to rotate their passwords. You don't have to give details, but you _do_ have to tell people to do that _as soon as the breach happens_.
Users should also have been informed _as soon as possible_ that a breach had occurred, again even if you can't give details for whatever reasons.
"Without undue delay" is the language in the GDPR. That seems like a good guideline.
#Kolektiva