Ask Slashdot: Where Are the Complete Hosting Providers? 178
Kludge writes "In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
Managed servers (Score:5, Insightful)
Get a server. (Score:3, Insightful)
Go to any one of many providers that offer general purpose computers, and get one, virtual or physical. Then go to what ever software provider provides the OS and packages you need and get that. Then combine their powers for a remote arbitrary computing system.
Alan Turing came up with the great idea of a universal computer that could to what ever you need. Its a pretty good approach to this problem.
You want all your eggs in one basket? (Score:3, Insightful)
I don't. Few hosts have the brains and manpower to handle that many services at once. Pick the best for each one, and be glad that they're the best. Besides, if their data center is DDOS'd, you want all your services going down at once? Likely not.
Re:Managed servers (Score:5, Insightful)
The closest thing to what the submitter is asking for is probably a managed server provider, and there's no shortage of those out there, at varying quality/price points.
Yes..... I think the poster is asking Where's the place I can get all those things together in high quality at a commodity price?
In other words.... Where can I purchase a car with all the amenities of the high end Rolls-Royce, for the price of a Civic?
Re:NSA? (Score:5, Insightful)
Really?
Frankly, if you are sending e-mail in the clear (and, unless YOU encrypt it - you are) - it is like mailing post cards from your holiday trips and expecting no one to look at the back of them.
Re:Shameless plug. (Score:5, Insightful)
How is FireHost significantly less vulnerable to the NSA when "The Letter" arrives? From what I see FireHost has significant infrastructure in USA, a CEO with US ties, many employees living in the USA.
If the NSA is not a worry to the asker, then there are many solutions, FireHost possibly being one of them. If the NSA is an issue then it becomes trickier...
Moar tin foil! (Score:4, Insightful)
...making data siphoning easy for the NSA.
I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories, and equally tired of the idiot replacement editors from Dice rubber-stamping submissions like this that even most bloggers wouldn't post. You wanna talk about hosting providers? Okay, let's talk. Obviously you are concerned about your data being intercepted and stolen.
Do you guys honestly think, for one second, that you can hide from these guys if they really want you? Any of you? This is the largest, most powerful government on the planet, with resources you could only dream of. Even businesses the size of Google can't keep them out; And if you believe any press releases to the contrary, you're an idiot.
The only way you're keeping your data safe is in a physically secured facility, with the computer locked in a faraday cage and with no access to the internet. Just about anything else and the data will be vulnerable at some point to a legal intercept of it. You can manage those risks, limit them, but ultimately, if they want it they're gonna get it.
So please guys, stop asking for NSA-proof [insert thing here]. There are only two defenses when your opponent has a half trillion dollar budget and you got twenty bucks and a cracker; Anonymity (ie, don't get on the radar), or don't do anything that would be interesting to them... or if you must, for the love of fuck, minimize your electronic footprint. Forget the credit card, the cell phone, the wifi-enabled anything. Go off grid, stand in the woods in the middle of nowhere, and then do whatever it is you're keen on doing without the government being aware of it.
There are no high tech solutions to this that are within your budget, ok? Just... deal with it already guys.
Re:Moar tin foil! (Score:4, Insightful)
So no.. I will not just 'deal with it', that is completely the wrong attitude. We DO NOT have to deal with it, we will not deal with it. It will be stopped, eventually.
Excuse me... I didn't say just roll over and take it. But trying to solve a social problem like this with technology is the very height of stupidity. It's like saying if we take away everyone's guns, we'll solve that pesky violence problem. The gun is just the tool. Just like the internet. Just like a cell phone, a camera, a packet sniffer, a data center... all of these things that the NSA uses are not the problem! It's the people that are the problem, and the people alone.
People problems can only be solved by people. I know that seems like a stupidly obvious thing to say, but it's clear to me that when article after article posted is variations of the question "What technology can I use to stop the NSA from spying on me?" There isn't any! You stop the NSA by getting off your ass and participating in the democratic process. You cannot fix this by keyboard warrioring.
Re:Ummm (Score:4, Insightful)
Or maybe they are asking the wrong question.
Any CPanel install has a lot of that stuff in it (I won't say all because I hate CPanel/WHM and it needs to die a horrible death for the amount of extra manual work needed to prevent it from shooting itself)
The real question is "why am I looking for someone else to provide this when I can just do it myself?", the passive aggressive version of "everyone who offers this is too expensive."
Re:Moar tin foil! (Score:2, Insightful)
"It's the people that are the problem, and the people alone...People problems can only be solved by people. "
Nah, end to end encryption, your fluffy nonsense is meaningless.
You're trying to convince a lot of IT professionals, who know damn well that its technically possible to secure communications end to end, that they are powerless to do what they know they can do.
It's just short notice, we thought we lived in a system of rules that protected our privacy, we thought TLS worked and so on, stupidly thinking there were warrants and judicial courts and so on. Silly us! No matter, it's a bug. We need to switch to end to end encryption to fix it.
"You cannot fix this by keyboard warrioring."
Well I bow to your superior knowledge and will immediately stop writing this Thunderbird OTR add on and step away from my keyboard.
Re:Moar tin foil! (Score:5, Insightful)
You're trying to convince a lot of IT professionals, who know damn well that its technically possible to secure communications end to end, that they are powerless to do what they know they can do.
No, I'm merely suggesting that locking those IT professionals in a room and beating them with a metal pipe, is an effective method of "unsecuring" those communications. It's only in the imagination of Anonymous Cowards and hollywood screen-writers that the police kick in the door, seize the computer, and then say "Oh shit! He's using a 8192 bit encryption key. We'll never recover the data! I guess we better just leave then, defeated."
It's just short notice, we thought we lived in a system of rules that protected our privacy, we thought TLS worked and so on, stupidly thinking there were warrants and judicial courts and so on. Silly us! No matter, it's a bug. We need to switch to end to end encryption to fix it.
The people who designed these systems, those venerated IT professionals you mentioned earlier? Yeah, they knew from day one that TLS, SSL, certificate authorities, etc., were not truly secure. They were a compromise that provided "reasonable" security -- and it still does do that. Millions of internet-based financial transactions are secured using SSL, TLS, etc., every day and are not compromised. Is it a perfect solution? Of course not. Is it a decent one? Sortof.
But fundamentally, you're asking for the impossible with your "end to end" encryption non-sense. The very first in a long list of problems is: How do you securely exchange keys with an entity you have no prior relationship with? How does Alice know she's talking to Bob, if she has never met Bob before? The solution that TLS/SSL used was certificate authorities; A trusted third party that both Bob and Alice trust. Unfortunately, like any trust model, it is only as strong as the weakest link, and as certificate authorities proliferated... rogue CAs and stolen keys became a very real threat.
But simply switching the protocols around won't solve the very first problem: How do you securely exchange keys over what is, inherently, an insecure medium? You can't.
Well I bow to your superior knowledge and will immediately stop writing this Thunderbird OTR add on and step away from my keyboard.
First, yes, I do have superior knowledge (obviously). And I'm willing to put my reputation on the line by not posting anonymously. This frequently comes back to bite me in the ass, especially when dealing with Anonymous Cowards, but karma is not as important to me as getting as accurate of information as possible in front of as many eyeballs as possible. If a few -1, Troll mods is the price I pay, I do so gladly. Second, Thunderbird has an OpenPGP addon... developing another addon is silly, and frankly, you and I both know you lack the chops to actually program.
But regardless, if I'm going to get serious about personal privacy, I'm not going to do it by sitting down to write my own crypto addon. For one, it would almost certainly be more buggy than the ones that have been reviewed and certified as correctly implimented by crytologists... and crypto is amazingly easy to get wrong, and devilishly difficult for someone without loads of experience to detect the failure. For two... why would I spend hundreds of hours doing that, when I can spend dozens of hours making phone calls and writing letters to the people who have far, far more power than I do, and convince others to do the same?
I'm sorry, but looking at my large list of tools available to me, the one labelled "Democracy" seems far more likely to get me what I want than one labelled "Amateur Crypto".
Re:the cloud killed hosting providers (Score:5, Insightful)
What actually is a complete hosting provider?
I don't get the question in the summary. It sounds like the guy is asking for a host he can pay that will automatically set up some arbitrary services that he's decided constitute "complete hosting"?
I don't really see how an ISP can cater to such an arbitrary definition when there's literally millions of different services an ISP could be expected to provide.
Isn't the solution just to get your own VPS or dedicated server and just install everything you want on it or am I missing something here?
Is there some defintion of "Complete Hosting Provider" whereby said provider to conform must provide the services the summary is asking for even though it's a rather obscure combination of things to provide on one host?
From what I can fathom the answer to the question is: "You are not the only person on the internet, different people have different use cases, no ISP could possibly cater to ever combination people may want, nor would they probably want to because it would require having experts in each of those millions of technologies to manage them all hence why they stick to their areas of expertise or provide you a blank server you can install whatever the hell you want to on". Unless there is some definition of "Complete Hosting" that encompasses only a fringe handful of available services then I can't see this changing.
Re:Moar tin foil! (Score:5, Insightful)
You don't need to stop them, you just need to make their life too difficult for it to be worth chasing you when you've got nothing worth chasing for.
The more people that do this the more it eats into NSA resources, if you force a real person into the loop to decide if you're worth chasing then you really cause a massively disproportionate impact on the NSA's resources compared to if you just let them farm your data automatically from unencrypted services they have a tap on like Google.
Then eventually when things like the Boston bombings keep happening despite the NSA has a mass of financing from the US government behind it and taps on most the world someone in congress is finally going to have to ask "What the fuck is the point in all this expenditure?" and the plug is going to get pulled.
If the NSA ends up chasing, expensively, because of the cost of intervention of human resources, people who are entirely irrelevant and innocent of everything, then eventually they're going to have to change tact. Eventually they're going to have to realise that universal snooping is ineffective and just makes it even harder to tell who really is and isn't a threat. They'll have to go back to what they should be doing in the first place - focusing on the hard work of identifying real actual threats rather than hoping a mass computer network will somehow figure that out for them, something the Boston case showed it absolutely can't.
Re:the cloud killed hosting providers (Score:5, Insightful)
As the owner of a hosting company, that's the same impression that i got. He's asking for a grouping of products that don't naturally group together. When people think of hosting, they think of web, mail, and dns. They generally don't think of VoIP, VPN, or XMPP, or whatever the submitter expects to receive when he asks for "public key" service. It's nonsense.
Re:Shameless plug. (Score:4, Insightful)
It's the FBI that shows up with the NSL in the US. In every other country the same thing happens. IOW, you're all fucking retards for thinking an offshore hosting provider is going to be any different.
Re:I don't use providers HQ in the USA (Score:5, Insightful)
And none of the other nations ever spy on anyone.
This is not to defend or excuse the actions of the NSA, but if you believe you are safe from having your data intercepted from intelligence agencies just because you are using a service based out of a nation that is Not-The-USA, then you are living in a fools paradise. The technology is too ubiquitous and too effective for the spooks /not/ to use, and the main difference between the NSA and foreign intelligence agencies is that the NSA got caught at it.
Well, that and the NSA tries to take the high moral ground and insists its not only legal but also something most Americans support. That's some Goebbels-level hypocrisy there. At least the DGSE, BND and GCHQ aren't making loud proclamations as to their righteousness (they are wisely keeping their heads down).
Don't depend on the good behavior of the local intelligence agency. Instead, use proper security practices to make it either impossible or not cost-effective to break into your data stream.
Re:Moar tin foil! (Score:2, Insightful)
And I'm willing to put my reputation on the line by not posting anonymously.
Post using your actual name, then.
Re:I don't use providers HQ in the USA (Score:5, Insightful)
While there are many agencies around who could be monitoring what I do, I'm pretty sure its the NSA who does it as a matter of routine to everyone.
I'm in no doubt that other agencies could spy on me but i'm pretty certain they can't justify the expense.