upstage-list

[Upstage-list] Hosting

[Paul R. <pau...@gm...>]

Hi all,

We have come to the point in time where we are going to have to start using
a VPS for our public upstage.org.nz host.

Having weighed up a number of potential services, I am leaning toward using
Linode.

Before going ahead, does anyone have any recommendations for services
they've used, or if they've had any issues with Linode they'd like to out
forward.

We are highly time constrained so I can only leave this open for a few days
for people to respond.

Thanks,
Paul

Re: [Upstage-list] Hosting

[Douglas B. <do...@ha...>]

hi Paul,

> We have come to the point in time where we are going to have to start using
> a VPS for our public upstage.org.nz host.
>
> Having weighed up a number of potential services, I am leaning toward using
> Linode.
>
> Before going ahead, does anyone have any recommendations for services
> they've used, or if they've had any issues with Linode they'd like to out
> forward.

I used Linode for a few years, and it mostly worked OK. I/O was slow,
but since that time it seems to have caught up with SSDs and so forth.

On the other hand it has had quite a few basic security issues lately

http://www.theregister.co.uk/2016/02/09/linode_ssh_security/
https://blog.linode.com/2016/01/05/security-notification-and-linode-manager-password-reset/
https://blog.linode.com/2013/04/16/security-incident-update/
http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/
https://blog.linode.com/2014/01/19/an-old-system-and-a-swat-team/

mostly related to its bespoke infrastructure which is seeming more and
more idiosyncratic. It is hard to say if it is really worse than
elsewhere.

Another security problem that isn't exactly Linode's fault is that
your IP address will be in the middle of a range that all point to
very similar machines. When there is, say, a new Debian security hole,
it is very easy for attackers to sweep over that range and compromise
a large number of machines (this happened to me with the December 2010
exim4 bug, when the machine was compromised on the day of the
announcement). If you are using Linode, you really really need to keep
up to ate with patches, and sometimes you won't be quick enough.

Of course this applies with any other big supplier. Linode is easy to
use and not too expensive. I'm not saying you shouldn't use it -- just
be aware of potential problems.

cheers,
Douglas

Re: [Upstage-list] Hosting

[Paul R. <pau...@gm...>]

Thanks Douglas,

All good points.

It's a bit of a trade off between using a reputable service that is more
likely to be targeted and a service that is less likely to be targeted but
doesn't necessarily have a good track record.

In the end it came down to either Digital Ocean or Linode based on
recommendations from my contacts in the industry of which there were more
for the former.

Personally, I use Digital Ocean and have thus far had no issues.  But I
have heard of some nightmares.

Paul
On 17 Mar 2016 5:32 p.m., "Douglas Bagnall" <do...@ha...> wrote:

> hi Paul,
>
> > We have come to the point in time where we are going to have to start
> using
> > a VPS for our public upstage.org.nz host.
> >
> > Having weighed up a number of potential services, I am leaning toward
> using
> > Linode.
> >
> > Before going ahead, does anyone have any recommendations for services
> > they've used, or if they've had any issues with Linode they'd like to out
> > forward.
>
> I used Linode for a few years, and it mostly worked OK. I/O was slow,
> but since that time it seems to have caught up with SSDs and so forth.
>
> On the other hand it has had quite a few basic security issues lately
>
> http://www.theregister.co.uk/2016/02/09/linode_ssh_security/
>
> https://blog.linode.com/2016/01/05/security-notification-and-linode-manager-password-reset/
> https://blog.linode.com/2013/04/16/security-incident-update/
>
> http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/
> https://blog.linode.com/2014/01/19/an-old-system-and-a-swat-team/
>
> mostly related to its bespoke infrastructure which is seeming more and
> more idiosyncratic. It is hard to say if it is really worse than
> elsewhere.
>
> Another security problem that isn't exactly Linode's fault is that
> your IP address will be in the middle of a range that all point to
> very similar machines. When there is, say, a new Debian security hole,
> it is very easy for attackers to sweep over that range and compromise
> a large number of machines (this happened to me with the December 2010
> exim4 bug, when the machine was compromised on the day of the
> announcement). If you are using Linode, you really really need to keep
> up to ate with patches, and sometimes you won't be quick enough.
>
> Of course this applies with any other big supplier. Linode is easy to
> use and not too expensive. I'm not saying you shouldn't use it -- just
> be aware of potential problems.
>
> cheers,
> Douglas
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> _______________________________________________
> Upstage-list mailing list
> Ups...@li...
> https://lists.sourceforge.net/lists/listinfo/upstage-list
>