Ask Slashdot: Where Are the Complete Hosting Providers? 178
Kludge writes "In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
Managed servers (Score:5, Insightful)
Re:Managed servers (Score:5, Insightful)
The closest thing to what the submitter is asking for is probably a managed server provider, and there's no shortage of those out there, at varying quality/price points.
Yes..... I think the poster is asking Where's the place I can get all those things together in high quality at a commodity price?
In other words.... Where can I purchase a car with all the amenities of the high end Rolls-Royce, for the price of a Civic?
Re:Managed servers (Score:4, Interesting)
In other words.... Where can I purchase a car with all the amenities of the high end Rolls-Royce, for the price of a Civic?
You steal the Rolls-Royce. Hundreds of millions of computers right now are part of one kind of botnet or another because botnets offer everything the poster is looking for. There are websites out there where you can purchase the resources of the botnet for cheap; Just gotta know where to look. As a bonus, they also offer a degree of anonymity and resistance to the kind of tracking the author is apparently worried about. If you want to be resistant to a search and seizure by a government, I can think of few things better than a massively decentralized, worldwide network with millions of potential servers to shift your data around within.
Re: (Score:2)
In other words.... Where can I purchase a car with all the amenities of the high end Rolls-Royce, for the price of a Civic?
At the Mercedes Benz dealer?
Re: (Score:2)
There is something to that. Pricing for complete hosting solutions is now so low at the low end that just answering the phone if the customer calls will make the account unprofitable FOR THE YEAR. The only way to make that work is to become huge and set up an impenetrable wall between the customer and anyone with any level of skill.
They could charge by the hour for support but then they get endless whining and moaning claiming it was really a failure on their side that made the email password wrong so they
Re: (Score:2)
The only way to make that work is to become huge and set up an impenetrable wall between the customer and anyone with any level of skill.
Another method is to take the "Yahoo/Google" style approach; and restrict any phone support to billing matters only, with directions to use community forums. to discuss problems, and self-help tools.
Or require an upgrade to a minimum of a $30/month plan, before "3 support incidents" are included, and an option will be available to call in support is made available.
Re: (Score:2)
The Yahoo/Google approach is a version of the impenetrable wall. There is no way to call them to get a person who can/will transfer you to a tech (unless you have upgraded). If a small operation tries it, a customer will (right or wrong) call the business number and attempt a combination of sweet talk, harassment, and legal threats to the receptionist to get connected to a tech.
Shameless plug. (Score:5, Informative)
I'm a senior engineer at FireHost [firehost.com], and we can provide managed infrastructure and installation assistance for the things you've listed, complete with managed SSL VPN access for all your employees.
Again, this is an admittedly shameless plug, but it does answer the question.
Re: (Score:2)
Replying to my own post for one bit of clarification: the VOIP and XMPP aspects may not qualify as completely managed services depending on what you have in mind, but there's nothing stopping you from operating them on otherwise managed infrastructure.
Re:Shameless plug. (Score:5, Insightful)
How is FireHost significantly less vulnerable to the NSA when "The Letter" arrives? From what I see FireHost has significant infrastructure in USA, a CEO with US ties, many employees living in the USA.
If the NSA is not a worry to the asker, then there are many solutions, FireHost possibly being one of them. If the NSA is an issue then it becomes trickier...
Re: (Score:3)
it's not.
what the submitter would actually need would be a service that would make people encrypt the mail coming to him using his public key and that the private key wouldn't be anywhere except his system. which of course makes any totally hosted solutions frankly useless and I don't see how his host could force his contacts to encrypt by using his private key BEFORE they send the mail to the service provider.
Re: (Score:3)
The submitter implied Google was not suitable with the remark "making data siphoning easy for the NSA".
How is FireHost significantly less vulnerable to the NSA when "The Letter" arrives? From what I see FireHost has significant infrastructure in USA, a CEO with US ties, many employees living in the USA.
If the NSA is not a worry to the asker, then there are many solutions, FireHost possibly being one of them. If the NSA is an issue then it becomes trickier...
Yeah, exactly. I'm not sure why this was modded
Re:Shameless plug. (Score:4, Insightful)
It's the FBI that shows up with the NSL in the US. In every other country the same thing happens. IOW, you're all fucking retards for thinking an offshore hosting provider is going to be any different.
Get a server. (Score:3, Insightful)
Go to any one of many providers that offer general purpose computers, and get one, virtual or physical. Then go to what ever software provider provides the OS and packages you need and get that. Then combine their powers for a remote arbitrary computing system.
Alan Turing came up with the great idea of a universal computer that could to what ever you need. Its a pretty good approach to this problem.
You want all your eggs in one basket? (Score:3, Insightful)
I don't. Few hosts have the brains and manpower to handle that many services at once. Pick the best for each one, and be glad that they're the best. Besides, if their data center is DDOS'd, you want all your services going down at once? Likely not.
Re: (Score:3)
Why would you host your critical infrastructure on any hosting provider that has only one datacenter? If your stuff can't go down, you need to have it designed to work in a distributed manner and hosted in more than one physical facility. This costs more money, though.
Re: (Score:2)
Distributed fuckup very possible. Any one hosting provider can roll out a breaking change to their entire system, or have a handy single point of failure, or be 0wned on a central command host with acces to everything...
Re: (Score:2)
I don't. Few hosts have the brains and manpower to handle that many services at once. Pick the best for each one, and be glad that they're the best. Besides, if their data center is DDOS'd, you want all your services going down at once? Likely not.
I came here to post this as well. I'd rather have redundant servers in different geographical locations.
Moar tin foil! (Score:4, Insightful)
...making data siphoning easy for the NSA.
I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories, and equally tired of the idiot replacement editors from Dice rubber-stamping submissions like this that even most bloggers wouldn't post. You wanna talk about hosting providers? Okay, let's talk. Obviously you are concerned about your data being intercepted and stolen.
Do you guys honestly think, for one second, that you can hide from these guys if they really want you? Any of you? This is the largest, most powerful government on the planet, with resources you could only dream of. Even businesses the size of Google can't keep them out; And if you believe any press releases to the contrary, you're an idiot.
The only way you're keeping your data safe is in a physically secured facility, with the computer locked in a faraday cage and with no access to the internet. Just about anything else and the data will be vulnerable at some point to a legal intercept of it. You can manage those risks, limit them, but ultimately, if they want it they're gonna get it.
So please guys, stop asking for NSA-proof [insert thing here]. There are only two defenses when your opponent has a half trillion dollar budget and you got twenty bucks and a cracker; Anonymity (ie, don't get on the radar), or don't do anything that would be interesting to them... or if you must, for the love of fuck, minimize your electronic footprint. Forget the credit card, the cell phone, the wifi-enabled anything. Go off grid, stand in the woods in the middle of nowhere, and then do whatever it is you're keen on doing without the government being aware of it.
There are no high tech solutions to this that are within your budget, ok? Just... deal with it already guys.
Re:Moar tin foil! (Score:5, Interesting)
Yep. When I was a kid nobody* had a computer. Then for a while people had computers but little or no connectivity. Then everybody had a computer and fast connectivity.
During the sneakernet era you had computing ability, but if they wanted your data they'd have to get a warrant or ransack your office illegally.
If keeping things away from the NSA is that important, go all 1980s on your selves. It really wasn't such a bad time for most of us. Swapping floppies in person was actually kind of fun. There were no government agents at swap meets.... that I know of, LOL.
*The term "nobody" means no ordinary middle class household or small business. Yes, I know NASA and big companies had computers when I was a kid. "Nobody" is being used in the loose, colloquial sense here. The standard disclaimer about not inferring the ridiculous also applies. This includes casting a loose net over the definition of computer so as to include devices such as the abacus, or employees with "computer" as their job title and mocking me for implying that I'm older than written history. The standard disclaimer also applies to the text of the standard disclaimer.
Re:Moar tin foil! (Score:5, Interesting)
During the sneakernet era you had computing ability, but if they wanted your data they'd have to get a warrant or ransack your office illegally.
Neither of which you'd necessarily be informed of. There's two ways to approach security; tamper-evident, and tamper-resistant. Everyone is focusing on tamper-resistant right now to deal with the NSA; "How do we stop them?" ... Have you noticed nobody is asking the question; How do we detect them? Sneakernet also had the benefit of being tamper-evident... if they broke down your door, you'd come home to a broken door. It'd be pretty obvious that something was up. Legal or illegal, when you physically search a property, you leave evidence behind that you did so. However, much of the technology the NSA is using doesn't leave any proverbial fingerprints behind.
Re:Moar tin foil! (Score:5, Insightful)
You don't need to stop them, you just need to make their life too difficult for it to be worth chasing you when you've got nothing worth chasing for.
The more people that do this the more it eats into NSA resources, if you force a real person into the loop to decide if you're worth chasing then you really cause a massively disproportionate impact on the NSA's resources compared to if you just let them farm your data automatically from unencrypted services they have a tap on like Google.
Then eventually when things like the Boston bombings keep happening despite the NSA has a mass of financing from the US government behind it and taps on most the world someone in congress is finally going to have to ask "What the fuck is the point in all this expenditure?" and the plug is going to get pulled.
If the NSA ends up chasing, expensively, because of the cost of intervention of human resources, people who are entirely irrelevant and innocent of everything, then eventually they're going to have to change tact. Eventually they're going to have to realise that universal snooping is ineffective and just makes it even harder to tell who really is and isn't a threat. They'll have to go back to what they should be doing in the first place - focusing on the hard work of identifying real actual threats rather than hoping a mass computer network will somehow figure that out for them, something the Boston case showed it absolutely can't.
Re: (Score:3)
Do you guys honestly think, for one second, that you can hide from these guys if they really want you?
(...)
Just about anything else and the data will be vulnerable at some point to a legal intercept of it.
.
What the NSA is doing, is outside the scope of the judiciary. Whether legal or not I don't want to discuss here, they do not use the judiciary to get warrants and all the proper stuff.
Yes if they REALLY target YOU, there is not much hiding going on. But face it, they don't really target many people specifically. They try to get as much data as they can get their hands on, and there are plenty of often simple ways for us to make it a lot harder and more expensive for them. There is no reason to not use thos
Re: (Score:2)
You're missing the point completely.
No one here is paranoid about being explicitly targetted by the NSA and I think everyone agrees if they were then the NSA could get what they want.
What people want to stop is arbitrary interception of their data as part of some dragnet operation that human eyes do not explicitly see unless it's flagged up as part of some data mining algorithm.
If the NSA were really after me I could care less, they'd get what they wanted. They're not, but that doesn't mean I want them swee
Re: (Score:2)
"No one? I'd think if you had political aspirations you should pretty much assume you're explicitly targeted. Low level politician Merkel wasn't chosen at random, her family and friends weren't added to the list at random, they were added because she'd called them from her number."
I'm pretty sure Merkel doesn't post on Slashdot.
"Snowden is still free, the Guardian is still reporting leaks. The Washington Post hasn't been shut down despite General 'censor the press's requests."
I don't think any of these post
Re: (Score:2)
Now that's just not fair.
Slashdot's 'editors' were crap and happily rubber-stamped stupid submissions like this well before Dice took over...
Re: (Score:2)
It's not harmful to discuss ways to limit the NSA's reach, and it's actually good to keep the outrage alive. The worst thing for democracy is what you propose. Saying "yadda yadda, here's the solution, move on" hides the proble
Re:Moar tin foil! (Score:5, Interesting)
Do you guys honestly think, for one second, that you can hide from these guys if they really want you? Any of you?
The qualifier is "if they really want you".
You can't hide from the NSA unless you're a government entity yourself. If I were to head the Iran nuclear program, I'd give it a try.
However, you can hide from the NSA dragnet, because it's not targetting you specifically.
So if you use any of the big e-mail providers, you can be 100% certain that a backup copy of all your e-mails exists somewhere in an NSA database. But if you run your own mailserver, the mails that you exchange over encrypted channels with someone else who also does that have a chance of not being caught by the net, not because they couldn't, but because the world is huge and even the vast NSA resources are limited.
The problem with the submitters concept is that as long as you roll your own, you can slip through the net (but never count on it, it's a probability like all things in IT security). But as soon as someone sets up a "secure hosting provider", he'll become a target. And the bigger it gets, the higher the chance that the NSA will expand some resources to penetrate it.
So it's not a viable business concept, and thus it doesn't exist. Of course, someone will make the claims, because scam is always a viable business concept.
Re: (Score:2)
Re: (Score:3)
I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories
If at this point, you still believe the NSA collecting private data is tin foil hat territory, I'm not sure exactly how to proceed. However, I'll assume you didn't actually mean that for purposes of the rest of the post.
Obviously you are concerned about your data being intercepted and stolen. Do you guys honestly think, for one second, that you can hide from these guys if they really want you?
OK, this statement really points that you aren't involved in information security (at least in a serious capacity anyway). Do you really guarantee you can hide from Anonymous or even script kiddies 100% of the time if they really want you? If you answer yes, then again we know you aren't
Re: (Score:2)
OK, this statement really points that you aren't involved in information security (at least in a serious capacity anyway).
And we're off to a brilliant start here with a classic ad hominid abuse [wikipedia.org] fallacy. Or as it's known in IT circles... The Handwave. Not that it matters, but I worked for a fortune 50 company in systems administration; My job role included maintenance of workstations and ATMs at over 3,700 retail locations throughout North America. But again; you're attacking the messenger, not the message. Not cool.
Do you really guarantee you can hide from Anonymous or even script kiddies 100% of the time if they really want you?
Number two burning up the charts is a Nirvana fallacy [wikipedia.org]. Brilliant. No, nobody can guarantee 100%. But I can be pre
Thank you for the strawman, however... (Score:2)
The point of the question was not to find an "NSA-proof" (as you said) hosting provider. The question should have asked for a provider that is not on the PRISM list, a provider that does not funnel data to the NSA by default.
Re: (Score:2)
The NSA isn't all that bright. First of all, even if they intercept your traffic, most likely they won't know what to do with it other than store it. They don't have the analysis capabilities they would like. Most if not all crime is not found by NSA wiretaps but by low-tech feet-on-the-ground agents that figure out 'old-school': Follow the money and then wait until the criminal does something stupid.
Second, simply encryption beats their schemes. Off course if you use a signed certificate from a public pro
Re:Moar tin foil! (Score:4, Insightful)
So no.. I will not just 'deal with it', that is completely the wrong attitude. We DO NOT have to deal with it, we will not deal with it. It will be stopped, eventually.
Excuse me... I didn't say just roll over and take it. But trying to solve a social problem like this with technology is the very height of stupidity. It's like saying if we take away everyone's guns, we'll solve that pesky violence problem. The gun is just the tool. Just like the internet. Just like a cell phone, a camera, a packet sniffer, a data center... all of these things that the NSA uses are not the problem! It's the people that are the problem, and the people alone.
People problems can only be solved by people. I know that seems like a stupidly obvious thing to say, but it's clear to me that when article after article posted is variations of the question "What technology can I use to stop the NSA from spying on me?" There isn't any! You stop the NSA by getting off your ass and participating in the democratic process. You cannot fix this by keyboard warrioring.
Re: (Score:2, Insightful)
"It's the people that are the problem, and the people alone...People problems can only be solved by people. "
Nah, end to end encryption, your fluffy nonsense is meaningless.
You're trying to convince a lot of IT professionals, who know damn well that its technically possible to secure communications end to end, that they are powerless to do what they know they can do.
It's just short notice, we thought we lived in a system of rules that protected our privacy, we thought TLS worked and so on, stupidly thinking
Re:Moar tin foil! (Score:5, Insightful)
You're trying to convince a lot of IT professionals, who know damn well that its technically possible to secure communications end to end, that they are powerless to do what they know they can do.
No, I'm merely suggesting that locking those IT professionals in a room and beating them with a metal pipe, is an effective method of "unsecuring" those communications. It's only in the imagination of Anonymous Cowards and hollywood screen-writers that the police kick in the door, seize the computer, and then say "Oh shit! He's using a 8192 bit encryption key. We'll never recover the data! I guess we better just leave then, defeated."
It's just short notice, we thought we lived in a system of rules that protected our privacy, we thought TLS worked and so on, stupidly thinking there were warrants and judicial courts and so on. Silly us! No matter, it's a bug. We need to switch to end to end encryption to fix it.
The people who designed these systems, those venerated IT professionals you mentioned earlier? Yeah, they knew from day one that TLS, SSL, certificate authorities, etc., were not truly secure. They were a compromise that provided "reasonable" security -- and it still does do that. Millions of internet-based financial transactions are secured using SSL, TLS, etc., every day and are not compromised. Is it a perfect solution? Of course not. Is it a decent one? Sortof.
But fundamentally, you're asking for the impossible with your "end to end" encryption non-sense. The very first in a long list of problems is: How do you securely exchange keys with an entity you have no prior relationship with? How does Alice know she's talking to Bob, if she has never met Bob before? The solution that TLS/SSL used was certificate authorities; A trusted third party that both Bob and Alice trust. Unfortunately, like any trust model, it is only as strong as the weakest link, and as certificate authorities proliferated... rogue CAs and stolen keys became a very real threat.
But simply switching the protocols around won't solve the very first problem: How do you securely exchange keys over what is, inherently, an insecure medium? You can't.
Well I bow to your superior knowledge and will immediately stop writing this Thunderbird OTR add on and step away from my keyboard.
First, yes, I do have superior knowledge (obviously). And I'm willing to put my reputation on the line by not posting anonymously. This frequently comes back to bite me in the ass, especially when dealing with Anonymous Cowards, but karma is not as important to me as getting as accurate of information as possible in front of as many eyeballs as possible. If a few -1, Troll mods is the price I pay, I do so gladly. Second, Thunderbird has an OpenPGP addon... developing another addon is silly, and frankly, you and I both know you lack the chops to actually program.
But regardless, if I'm going to get serious about personal privacy, I'm not going to do it by sitting down to write my own crypto addon. For one, it would almost certainly be more buggy than the ones that have been reviewed and certified as correctly implimented by crytologists... and crypto is amazingly easy to get wrong, and devilishly difficult for someone without loads of experience to detect the failure. For two... why would I spend hundreds of hours doing that, when I can spend dozens of hours making phone calls and writing letters to the people who have far, far more power than I do, and convince others to do the same?
I'm sorry, but looking at my large list of tools available to me, the one labelled "Democracy" seems far more likely to get me what I want than one labelled "Amateur Crypto".
Re: (Score:3)
Rubbish...
ALL avenues should be persued. Yes... Go democracy! BUT the crypto experts should still sharpen their toolkits, the average I.T peon should sharpen their crypto knowledge and the average citizen should engage in some crypto arse covering even if it's 98% ineffective (and I hardly think it would be as bad as that). This NSA bruhaha is as good a motivation as any. . Also I think it's good practice to assume a very well funded and skilled adversary who is everywhere. Don't call them the NSA i
Re: (Score:2)
No no, Chaos is our friend! It's the forces of Order that are bothering us :)
Re: (Score:2, Insightful)
And I'm willing to put my reputation on the line by not posting anonymously.
Post using your actual name, then.
Re: (Score:2)
So your plan is the legal system? And while that gets batted around for the next X months to years, what, just transmit everything in the clear and say 'oh well'?
Re: (Score:2)
But fundamentally, you're asking for the impossible with your "end to end" encryption non-sense. The very first in a long list of problems is: How do you securely exchange keys with an entity you have no prior relationship with?
Person A calls person B and tells the password over the telephone. It provides secure "end of end" encryption and it is a lot simpler to use than PGP.
Re: (Score:2)
How is that secure?! We've already established the assumption they're tapping and recording everything, so they just trace back from the first encrypted communication you make until they find the call where you exchanged the password.
It's simpler because it doesn't work. At all.
Re: (Score:2)
It's like saying if we take away everyone's guns, we'll solve that pesky violence problem. The gun is just the tool.
Taking away (or sabotaging) the tools can make doing things a lot harder or less efficient.
A fist fight rarely results in people dying. A gun fight routinely leaves people dead. Take away the gun and while the violence may continue, it will become a lot less deadly.
Re: (Score:2)
I think this [slashdot.org] sounds like a better solution. I'd rather trust in money winning out than the justice system actually doing what's right, personally.
Re: (Score:2)
So why *does* the NSA do that?
Because it's easier to store all the data now, and only access and analyze it when traditional investigative techniques identify a potential threat. It also eliminates the time wasted once a potential threat is identified going back and trying to reconstruct/recover/access data from many different sources. In other words, it saves time and resources; A counter-intuitive conclusion, given that most people look only at the costs and implications of gathering and storing all that data, but not very much on wha
Right to be secure against unreasonable searches (Score:2)
There is no right to privacy in the US Constitution.
Would the sort of privacy violation discussed here be comparable to a search of one's papers? If so, are warrantless searches deemed "reasonable"? If not, the Fourth Amendment guarantees the right of the people to be secure against such privacy violations. Otherwise, please explain why these privacy violations either are not "searches" or are "reasonable".
You are not paying attention (Score:3, Interesting)
Anyone who believes that "Not much has changed" in webhosting the past 13 years is not paying attention. There has been *massive* consolidation and times are so rough for the small providers that we've gotten real good at having multiple legs to stand on.
Where I work, we now provide a number of different services as the age-old web+email+etc stuff is rapidly going the way of the dodo. Most people who want "the full package" also tend to have very specific needs and are better served with a VPS or dedicated server and even this market is strongly consolidating.
NSA? Don't kid yourself... (Score:2)
Re: (Score:2)
And then there's the NSA Fox Acid system by which they purchase exploits from the black market, automatically attach payloads, then deploy them via skiddies reading a flow-chart to determine intelligence cost/benefit analysis; No amount of constitutional rights or encryption will prevent infection from our "cyber army" and its Ferret Cannon: Metasploit + unlimited funds + black-market 0-day exploits + wanna be hackers.
It's basically the ultimate computer nerd version of the school yard bully. Big, brainles
No Worries (Score:2)
My feeling is that the NSA will study your email no matter what service you use. Being that they are a very well funded spy agency with some high dollar talent you can bet they crack into just about everything they want to. With the recent revelations that NSA has broken into 35 different governments and studied their data for years that should tell us that they have a very strong cracking ability. After all, all of the governments that NSA penetrated had security services in place and probably set u
Get a VPS and relax (Score:2)
I'm not sure there's an issue here. There are ton of VPS providers out there that you can build anything you want on. Odds are, anyone who wants specialized services (or the broad range of services) you do needs to build his own server anyway, since you have to set up and config each service.
I wanted something unusual - a news server delivering NNTP - plus some other stuff. I got it at http://www.rockvps.com/ [rockvps.com]. They offered me a network address, a bunch of monthly bandwidth, and a bare FreeBSD server I c
Re: (Score:2)
not so sure about relaxing if you get an unmanaged VPS... if you have an unmanaged VPS you automatically also have a full-time job trying to keep it secure.
I used to be a sysadmin for a webhosting company in the 90s (when things were not nearly as hostile on the net as they are now), and I would not use a VPS nowadays unless it was for business reasons and therefore I had enough time to keep a very close eye on it, for personal/fun stuff where I don't want to spend my time security admining, shared hosting
Comment removed (Score:3)
Re: (Score:2)
Then you are talking dreamboat plus a local appliance server for a full business, which is pretty good, as long as the business has a single fixed point of operation. What about people that start something up with where a teak, of five people never are in the same place. For small companies starting out this is often the case, as they might be moonlighting to get started or on the road chasing clients.
Eggs in one basket (Score:2)
You're looking in the wrong place (Score:2)
I'll tell ya where they are... (Score:3)
"In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
I'll tell ya where they are.
They got out competed by companies that could afford good spam filtering. Hand holding the spam filter is a full time job for a small email host.
Then, you get the idiots that jump ship for fifteen cents less per box per month, that drives the price down well below what it's worth doing unless the whole mess is completely automated. Or, the customers that said they would set it up themselves whine about how much work entering forty email addresses really is.
And, as things got more sophisticated, now you have to host PHP full of security holes, be an expert at every goddamn widget in WordPress, teach the web tard that a fourteen meg background bitmap image won't be a good choice for his web page, and troubleshoot a borked database... all on three operating systems.
Now, a small group "doing hosting" needs to have deep expertise in about 100 different subjects when they have time to learn five of them, and each "customer" will leave when they stumble upon one of those non expert areas. All the while not lifting a finger to help themselves.
Oh, and the customers don't want to pay more than $5 per month for it.
The days of sticking up a server, setting up an account and knowing the guy buying services knows what he is doing is LOOOONG gone. And, that in turn caused the market to collapse into the big players that can gain from having an expert in every subject around and still make a profit.
I'll tell ya what the issue is, that your assumption that in TEN YEARS the industry didn't change drastically didn't set off alarm bells in your head when you typed it out for the summary. THAT's the problem. Thinking that in TEN YEARS the market won't change. In the COMPUTER industry no less.
Hosting automation packages (Score:2)
They have homogenized the offering to a great exent. The packages are being dragged kicking and screaming away from the single box stack forget adding in anything besides web/email/database. Organic growth favors that single silo to start but then it's nearly impossible to move away from as you grow.
No one (Score:2)
No such thing (Score:3)
It is up to the user and the mail client to do the encryption. If your hosting provider plays any part in that they will need the keys and can therefore hand them over to others - or do decryption for others and keep the keys. Any way you look at it, end-to-end encryption requires that it be done AT THE END which means on your own machine.
this is obvious (Score:2)
no one wants to pay (Score:2)
five relatively small bills looks better than one large bill, even if the five small bills cost more in the long run.
Two places (Score:2)
"Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
In Maryland... or Guantanamo Bay. Until you elect a government that decides privacy is legal.
What precisely do you want, what will you pay? (Score:2)
To OP,
I think you've got a great kernel of an idea in this question and I'm glad /. posted it up. Let's turn this into a high level RFP shall we?
First a bit of background:
I've stopped at every point along the spectrum of data ownership for my personal and business (it consulting (Known Element Enterprises) and mesh network non profit startup (Free Network Foundation) data:
1) most (legally and maybe physically, but that's debatable) safe option of running compute/storage/network gear at my house (in Los Ange
Re: (Score:2)
My experience is that my ISP are nice to supply me a phone and broadband, with .. tada! email. Then further down the line I have issues witht their email service, and get told it is "not a business priority". Nevermind, VPN, and more advanced services. Repeat this scenario x1000 acrosss the majority of ISPs. And if you find one offering all the goodies, they more than likely don't service your area.
I don't use providers HQ in the USA (Score:4, Informative)
The absence of competition in this area drives many to Google, making data siphoning easy for the NSA.
For me, I do not use any provider that has their HQ inside the United States of America.
And ... in order to retard NSA's snooping in my traffic, I deploy SSL forward secrecy on my sites.
Anyone who wants to know about forward secrecy please visit https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy [qualys.com] to get more info
Re: (Score:2, Informative)
For me, I do not use any provider that has their HQ inside the United States of America.
And ... in order to retard NSA's snooping in my traffic, I deploy SSL forward secrecy on my sites.
Ditto. We are not a shop with ultra-high security requirements (in that case we would roll own our servers), but in current world situation, it is too high risk for us to host anything in USA. We have pulled out our data infrastructure from there.
Re: (Score:3, Informative)
Re: (Score:2, Informative)
Re:I don't use providers HQ in the USA (Score:5, Insightful)
And none of the other nations ever spy on anyone.
This is not to defend or excuse the actions of the NSA, but if you believe you are safe from having your data intercepted from intelligence agencies just because you are using a service based out of a nation that is Not-The-USA, then you are living in a fools paradise. The technology is too ubiquitous and too effective for the spooks /not/ to use, and the main difference between the NSA and foreign intelligence agencies is that the NSA got caught at it.
Well, that and the NSA tries to take the high moral ground and insists its not only legal but also something most Americans support. That's some Goebbels-level hypocrisy there. At least the DGSE, BND and GCHQ aren't making loud proclamations as to their righteousness (they are wisely keeping their heads down).
Don't depend on the good behavior of the local intelligence agency. Instead, use proper security practices to make it either impossible or not cost-effective to break into your data stream.
Re:I don't use providers HQ in the USA (Score:5, Insightful)
While there are many agencies around who could be monitoring what I do, I'm pretty sure its the NSA who does it as a matter of routine to everyone.
I'm in no doubt that other agencies could spy on me but i'm pretty certain they can't justify the expense.
Re: (Score:3)
The difference is that Switzerland has no ability to jail me for browsing things on the internet, while I'm sure the my [US] government could find a reason to if they looked hard enough.
Re:I don't use providers HQ in the USA (Score:4, Informative)
The one thing the NSA has that other countries largely don't: a fleet of submarines with cable tapping abilities and a bunch of com intercept sats in orbit. So if your traffic crosses an ocean at any point chances are it's tapped.
This ain't new shit either. The US was doing this to the soviet union back in the cold war 30 years ago. Blind Man's Bluff...good book if you want to read about it.
Re: (Score:2)
“retard” is a good word for this. For a server hosted inside the US, it makes things much more expensive (but not nearly impossible) for the NSA.
From the article you linked:
So, the NSA cannot quickly pick out your server's traffic at their traffic hub monitors and decrypt it with the root SSL certificates they coerced vendors to give them.
What they c
Re:Ummm (Score:4, Informative)
I agree TFA has it wrong - there is a lot of competition going on all the time and the large amount of services that exists are good for most of us.
I can only guess that the writer of the TFA is lazy and not willing to search for the best suitable alternative. And if you want an all-in-one solution set up your own server.
Re:Ummm (Score:4, Insightful)
Or maybe they are asking the wrong question.
Any CPanel install has a lot of that stuff in it (I won't say all because I hate CPanel/WHM and it needs to die a horrible death for the amount of extra manual work needed to prevent it from shooting itself)
The real question is "why am I looking for someone else to provide this when I can just do it myself?", the passive aggressive version of "everyone who offers this is too expensive."
Re:Ummm (Score:5, Interesting)
I agree TFA has it wrong - there is a lot of competition going on all the time and the large amount of services that exists are good for most of us.
Plenty of competition in marginal profit realms leads to a string of failed startups. How do you know the provider you choose is going to last?
Re:NSA? (Score:5, Insightful)
Really?
Frankly, if you are sending e-mail in the clear (and, unless YOU encrypt it - you are) - it is like mailing post cards from your holiday trips and expecting no one to look at the back of them.
Re: (Score:2)
Somehow people have forgotten what used to be a basic assumption - email is not that private:
See the first comment on this article (or ask anyone who was around in the 90's):
http://slashdot.org/story/13/09/29/187252/everything-you-needed-to-know-about-the-internet-in-may-1994 [slashdot.org]
Re: (Score:2)
At this point, I think -any- thing surging over the internet is unsafe unless encrypted (and at this point, excessively). I don't trust ANYONE, US or non-US to keep their hands off my packets.
Re:the cloud killed hosting providers (Score:5, Informative)
Hostgator... was purchased by EIG a while back (joining ranks with Bluehost, among others). It's just all that much worse now. While the support provided by Hostgator was generally adequate even in relatively recent history, forced migrations and a slew of bone-headed business decisions were made... and now their support staff is generally tied up coping with the after effects. They could have easily vanished into "The Cloud", but there is something to be said for dedicated hardware. When you sell support as a service (a full staff of dedicated support admins cost more money than one might think), you need to make sure your _product_ isn't being contaminated by the doings of the factory. Indeed, these hosting models are steadily approaching the brink of experiencing natural selection first hand.
Re:the cloud killed hosting providers (Score:4, Interesting)
Re: (Score:3)
I think not just consolidation, but specialization as well.
I've plugged them before because they've been great, but the main reason I decided on hosting with a company called Nexcess is because they fine-tune their hardware to run the Magento platform. For those not aware, Magento in its infancy was known to be such a terrible resource hog. Horror stories of people trying to run it on cheap shared hosting. To an extent, those horror stories still happen, but there have been some niche hosting providers tha
Re:the cloud killed hosting providers (Score:5, Insightful)
What actually is a complete hosting provider?
I don't get the question in the summary. It sounds like the guy is asking for a host he can pay that will automatically set up some arbitrary services that he's decided constitute "complete hosting"?
I don't really see how an ISP can cater to such an arbitrary definition when there's literally millions of different services an ISP could be expected to provide.
Isn't the solution just to get your own VPS or dedicated server and just install everything you want on it or am I missing something here?
Is there some defintion of "Complete Hosting Provider" whereby said provider to conform must provide the services the summary is asking for even though it's a rather obscure combination of things to provide on one host?
From what I can fathom the answer to the question is: "You are not the only person on the internet, different people have different use cases, no ISP could possibly cater to ever combination people may want, nor would they probably want to because it would require having experts in each of those millions of technologies to manage them all hence why they stick to their areas of expertise or provide you a blank server you can install whatever the hell you want to on". Unless there is some definition of "Complete Hosting" that encompasses only a fringe handful of available services then I can't see this changing.
Re:the cloud killed hosting providers (Score:5, Insightful)
As the owner of a hosting company, that's the same impression that i got. He's asking for a grouping of products that don't naturally group together. When people think of hosting, they think of web, mail, and dns. They generally don't think of VoIP, VPN, or XMPP, or whatever the submitter expects to receive when he asks for "public key" service. It's nonsense.
Re:the cloud killed hosting providers (Score:4, Interesting)
When people think of hosting, they think of web, mail, and dns. They generally don't think of VoIP, VPN, or XMPP
See, I'd agree that his grouping is arbitrary, but thinking about it leaves me wondering why we group web, mail, and DNS together. It seems more sensible to group email, VoIP, and XMPP together. Web space and email really have no functional overlap, whereas you can benefit from integrating chat, voice, and email.
So ultimately, what he's asking my not be nonsense. We have many various hosted services, so why do we arbitrarily group some of them together, and not others? I think the answer is that we don't include VoIP because ISPs tend to lock that up for home users, whereas businesses want dedicated business solutions. VPN is more of a niche service, and most people don't bother setting up chat services because they're used to using AOL. I'm not sure why we don't find a better solution than having dedicated certificate authorities that charge ridiculous prices, but we haven't done that.
Re: (Score:3)
I think it's less about functional overlap and more about the core sets of things people want when they're looking for hosting.
Normally if you want a website, you buy a domain, and you'll want e-mail on that domain too so it all fits. Few people want XMPP and VOIP with that.
At least this is my experience, when I've gone looking for a host it's for a website (if I just wanted mail I'd use gmail or whatever). I also want an address to go with that. If I've got the address, I'd at very least like to be able to
Re: (Score:3)
Absolutely. For business who actually have to compete (aka not your local cable provider!), you group services together that people *want* to buy together. Businesses who use hosting providers (meaning small to medium businesses who don't have the IT presence to handle it internally) by and large need the exact package of dns, web, and email. Some need an extra service here and there, and I'm happy to provide them, but almost everyone needs those three. Adding services to that would increase the cost to pro
Re: (Score:2)
Normally if you want a website, you buy a domain, and you'll want e-mail on that domain too so it all fits. Few people want XMPP and VOIP with that.
As someone who has done a lot of IT for a lot of different business-- different types of businesses of different sizes in different industries-- I'll say that real businesses run by competent people rarely have web hosting and email run on the same place. I'd estimate that in the majority of cases, it's web hosting with one company, email with another, DNS with a third. Often the web hosting also offers DNS and email for free as part of the package, but we don't use that because they often don't do a very
Re: (Score:2)
People don't want DNS. They want web and mail. Both depend on DNS.
Re: (Score:2)
Re: (Score:2)
If there were demand for it, there would be service offerings for it. Hosting companies (excluding the Bulk providers) tend to listen to their customers. When one customer asks for something, it's a one-off. If two do it, it's an odd coincidence. If 3 do it, it's on the list of services that you offer.
Re:the cloud killed hosting providers (Score:4, Informative)
Almost didn't reply to this, as it is feeding the trolls. However, I'd just like to say that rumors of the hosting business' death have been exaggerated.
The answer is in the post. (Score:5, Interesting)
What actually is a complete hosting provider?
A close example is Google. Google provides email, web, webmail, domain, XMPP, VOIP, all available from a single gmail login and manageable from a web interface.
No, I do not want to just rent a server from someone else, and set up and manage all this stuff myself. I want to pay for it, but I would like some competition, I do not like to send everyone to Google.
I realize that not every client will need or want all these services when I first set them up. Some clients will only use half the services ever. But having them easily accessible to the customer from a single provider if/when they need them has real value.
Re:The answer is in the post. (Score:5, Interesting)
But what happens when a client wants half those services plus some others that aren't supported?
What services exactly do you deem to fulfil the criteria of being complete? What if someone wants an IRC server instead of XMPP?
If you really mean what you say then you can pay for it, if you don't want to set it up yourself you can hire someone to do all that for you and provide the arbitrary set of services and develop the bespoke software you need to integrate it all.
But what you're really saying in essence is "I want a bespoke easily managed server setup with integrated login, but I don't want to set it up myself and I don't want to pay enough for someone else to do it, I want it to be free like Google, or cheap". This isn't practical, Google can only offer what it does because it has a massive data mining operation and ad farm sat behind that to monetise it.
Contrary to your assertion otherwise, there is competition too, there's Microsoft with it's Office 365, Outlook.com and Skype offering but again they can only offer it because they have a massive amount of resources to do so and can monetise it through ads and data mining and tie in to their other offerings and it's not entirely free anyway - IIRC Office 365 is subscription based.
So again what exactly are you looking for? Seemingly you want to move away from Google because you don't like the NSA revelations, the data mining, or whatever else. You wont want Microsoft for the same reasons then I would guess given that it's at least as supportive. There's no business in anyone else doing it without that data mining operation behind it because no one will pay what it would cost then, most are happy to put up with the mining and ads if they get their stuff cheap or free. So the only option is for you to offer bespoke to your clients, but bespoke costs, and you don't want to set it all up yourself so you need to up the costs by hiring someone else but I'd wager you don't want this either?
What exactly is your position? it doesn't seem to make any sense. It sounds like you want to offer all in one services to people (clients?) but you don't want to actually do any work to earn your money from them. It sounds like you want to get a client and give them some turnkey bespoke solution, but a bespoke solution that you neither want to spend the effort to create, or presumably pay someone else to create. Are you asking to just make money as a middleman without putting the slightest bit of effort in to adding value to that position? That's what it sounds like.
If you are willing to pay someone else to do it then ask any number of bespoke software development houses. It's not going to be cheap though which again is going to return you to the question of whether there's even a business model in it, and if you return there you'll probably have your reason as to why no one else is doing it because you're again going to be outcompeted by Google's ad supported model.
I suspect this isn't the answer you wanted, but does it give you the answer you were looking for?
Re: (Score:2)
How do I get mod points? This needs to be modded up and I would have if I had any. There used to be a section in my account where I could check a box saying I was willing to moderate. I cannot find it for the life of me and have not moderated in years. Well Xest, +1 Insightful and Informative. Hell have 4 more. +5 answer all the way. (if I could)
Re: (Score:2)
I would call it turnkey, checkbox ordering of services, and not necessarily all done directly by one company.
The list provided by the OP is basically everything that a new small company needs to have a modern presence from a technology standpoint.
The problem with the list though is it is missing corporate filings, DBAs, basic accounting and tax advice, basic legal advice, insurance, banking, post box services, design and printing services, etc. Clearly no "hosting provider" would be expected to offer accou
Re: the cloud killed hosting providers (Score:2)
In other words...consolidation. People were fine with Google et al. running things until they realized how badly they are being pwned. Now people want to change, to save their lives / businesses / etc., and they have to scramble to rebuild some of the things that were thrown away.
Re: (Score:2)
Sorry, but one of my biggest clients has had nothing but problems with DreamHost. Given such different experiences, I recommend some serious research to anyone considering them.
Close... (Score:2)
Dreamhost was the closest thing I found so far. However, no VOIP, and no public-key server that I know of.