Domain: digitalocean.com
Stories and comments across the archive that link to digitalocean.com.
Comments · 16
-
Re: SneakerNET?
-
Re:Finally
Real world example:
https://www.digitalocean.com/c...
This howto tells you to disable firewalld and enable the iptables service because it is easier to set up. -
Re:It's OVH
-
Re:My first criterion for a cloud provider:
-
Re:Could systemd be responsible for the boot issue
Sound: probably a PulseAudio bug. Try reporting it and see what happens.
Things failing to start: you're not being specific enough for me to comment on whatever problems you're having or whose fault it is. Your lack of error messages is contingent upon a lot of things (are you start services via an init script? shell command? by clicking the button in Unity/whatever your DE is?). But I will say that the only part of systemd that I'll actively defend is journalctl because of how easy it is to use (see here for a nice primer). -
Re: All I know is that this:
No, as long as it will com back up, with all data in-tact, it has plenty of value. Or are you saying there is no value in a remote warehouse full of your backup tapes because you can't access them immediately and sometimes the facility closes down and you can't access them at all? Not that anyone should be using GitHub as a backup solution, but it's the same principle: a datastore.
If your data, and ability to access it at all times, is important, you plan for that. In this case, that means hosting your own remote alongside GitHub and configuring Git to push to both; that way, when Git is up, you get all of the added value it brings (and there is much) and, when it is down, you can still clone your repo from a known location, without having to collaborate with another developer, who may be unavailable, to clone from his repo.
You can do this for $5/mo if your repo is <15GB or so. Or, if you want something just ever so slightly more reliable, you can do the same for $10/mo and let me get a little commission on the deal (and get an extra 4GB of storage). Hell, if you're willing to trust me with temporary access, I'll even set it up for you (one time, maintenance is on you) on Linode if you've used my referral link. -
Re:Does BP follow best practices? Someone didn't.
Setup with a noVNC web interfaces, and sshkey management in the web management panel (so users can employ their personal ssh keys post-deployment)
[Unbalanced parentheses.] Which guide to configuring keys in popular SSH clients does your documentation link to?
We don't provide one. Support refers users to the official security guides for the appropriate distro, general questions are answered using this as the main source. Documentation for users is almost identical to that on Digital Ocean (they target the same market segment). We don't write subject documentation for users. They do, if we approve it we pay them and publish it (it's the low cost end of the market, minimal SLA).
Internally we follow NIST procedures and are audited to meet several ISO 27K standards (mainly for insurance purposes). We don't own any data centres, or control the hardware. That's a very common practise, with all but the high-end hosting providers (usually).
Our internal procedures are more stringent with the main (non-hosting) business as most of the clients are Defence related (this is Canberra, the majority of work here is Defence related).However I was (redundantly) asking why someone who calls themselves a security professional and system administrator does not follow BP.
Because BP got hacked by Chinese? Naaah.
[smile] where following BP means jumping in a tug and telling the captain to "follow that slick".
-
Good for non-tech people
For all others, VPNs FTW!
Rolling your own is not hard; for example:
https://www.digitalocean.com/c...If you're cheap and/or can't be bothered:
https://www.bestvpn.com/blog/1... -
Re:Dyn.com
I've had nothing but a good, solid experience with dyn.com, but they're certainly not the cheapest
Seconded. Dyn is amazing and has been nothing but stable for me over the years.
They do not charge you extra if you host your own DNS or point it to another provider. They just charge the $15 per domain and (I believe) $10 for secret registration if you opt for that.
For hosting I've been using Digital Ocean.
You have to know your way around a Linux machine (they offer FreeBSD too) to configure the firewall and enable swap, selinux, etc. The default Ubuntu and CentOS VMs leave something to be desired in terms of security safe guards, but nothing that can't be remedied in an hour.
That said, their value proposition is great. $10 a month gets you 1GB ram, 1 CPU core, 40GB of SSD HDD (insane speed) and 2TB of outgoing bandwidth (traffic IN doesn't count).
-
Systemd has been great for *BSD.
Systemd is truly the best thing that has ever happened to the BSD community.
Systemd alone is making Linux totally unsuitable for serious use. So what are people doing when a formerly-stable distro like Debian adopts systemd and becomes a disaster? They're moving to FreeBSD, OpenBSD, NetBSD, Dragonfly BSD and PC-BSD.
Just today we find out that DigitalOcean now supports FreeBSD. There's clearly a very bright future ahead for the BSDs.
And it's clear now that Linux is on its way out. While Linux and Linux systems will still be around for some time, of course, everyone important who made Linux great in the past is fleeing from it. We're moving to BSD, because unlike the Linux community, the BSD community does things right. Something like systemd would never be taken seriously by them.
-
Re:Because it's not safe either
If anyone else hadn't heard about using a CA with ssh, as I hadn't, they might find this short tutorial interesting:
https://www.digitalocean.com/c...
Wish this was available back in my uni days when I managed many dozens of Linux workstations. Managing keys was always a pain.
-
Re:Article was low in details
The article sounds like it was written by somebody who's never heard of "computer security" and is trying to wrap his head around basic concepts.
And also someone who is presumably not running any web-servers - otherwise they'd only need to check their own web logs. I've got hosting with Bytemark and DigitalOcean and both have had a hand full shellshock attempts amongst all the usual PHP/WordPress/MySQLAdmin/whatever attempts.
The only very moderately interesting thing I've noticed is that Shellshock attempts seem to only by IP address and not by host (I'm hosting multiple websites per VM), so presumably most shellshock-bots are just sweeping IP ranges rather than using a list of known hosts. -
Re:VPS costs several times more
The landscape has changed. VPS used to have a large additional cost compared to shared hosting. This effectively limited smaller budgets to the web programming languages the shared hosting provider supported - mostly PHP. VPS is now as cheap as shared hosting:
Digital Ocean VPS starts at $5/month
Linode VPS starts at $10/month
There are even sites dedicated to just cataloging inexpensive VPS hosting
Personally, I just started using Digital Ocean on the $5 month plan; just the low latency of their VPS makes it a big step up from my prior shared hosting provider (Bluehost), despite the same cost. -
Hardware RNG for servers and VMs
I think it is past time for CPUs to provide hardware random numbers. Via CPUs have done this for years, but Via CPUs are just too slow for most uses. (I used to run my mail server on a Via C3... I am a lot happier now that my server runs on an AMD low-power dual-core.)
Recent Intel chips do have some sort of random number generator (RdRand).
Hardware RNG accessories are available but expensive.
There is the LavaRnd project, which I think is really darn cool. However, I downloaded the source code, and it hasn't been updated since 2003... a decade later, GCC won't even compile the code. (GCC now issues warnings about some of the code and they set the "treat warnings as errors" flag. I didn't experiment with disabling that flag and trying the code out.) Also, the supported hardware list is a short list of decade-old webcams.
(Note: this would be a good project for a high school student or college student who knows C: update LavaRnd so it builds with GCC or Clang, get it working with at least one currently-available webcam, and write a report about it.)
The Raspberry Pi has a hardware RNG as part of the system-on-a-chip, and Linux on the Pi supports it. You could set one up as a randomness server to your VMs, and that would be quite inexpensive. At least the VMs could reseed their PRNGs with random values pulled from the Pi.
http://vk5tu.livejournal.com/43059.html
If you have a sound device, Audio Entropy Daemon may work.
http://www.vanheusden.com/aed/
P.S. Haveged looks interesting... I just discovered it and I don't know how well it actually works.
-
Reverse SSH Tunnel
As one other comment suggested, get a cheap VPS and setup a VPN so that you can connect to your network. DigitalOcean has one for $5/month (I'm in no way affiliated) https://www.digitalocean.com/ and you can then have your router connect to the VPN. Setup the routes correctly and any VPN user can access every device at home.
However you won't always want to load up the VPN on your phone, and if there's just 1 computer you want to access you can use a VPS with a remote SSH tunnel. Have the computer on your network connect to the VPS and forward some high numbered port, say 4222, to port 22: ssh -R 4222:localhost:22 user@vps. Then you can ssh into your VPS on port 4222 and it will go directly to your home computer. Just made sure you add "GatewayPorts yes" to
/etc/ssh/sshd_config or the remote port will only bind to localhost.Couple this with autossh and the home computer will always keep the connection open and re-establish it as necessary.
Sure, there's a little overhead, but I've never really noticed it. I use this trick so that my phone and tablet can always ssh into my laptop no matter where the laptop is (home network, friend's house, coffee shop, etc)... no need to find the IP address and worry about port forwarding.
-
DigitalOcean.com has unlimited bandwidth
This is a shameless self promotion!
DigitalOcean.com offers free bandwidth.
You could just spin up a Droplet (virtual server) on http://digitalocean.com/ and not have any worries about the banwidth transfer as we provide free bandwidth.
The reason we're able to offer this is we don't allow adult content or users to run their own CDN but you're in the clear on both accounts.
Depending on the number of cores and RAM you need this would run you probably $100-150/mo.
Thanks!
(Jeff -- Chief Architect)