Slashdot Mirror
Ask Slashdot: Where Are the Complete Hosting Providers?
Kludge writes "In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
Is my page loading wrong or are there really no answers yet?
The absence of competition in this area drives many to Google, making data siphoning easy for the NSA.
The scroogling is strong in this one...
All I can think of is wtf? There are plenty of hosting companies out there...
I think probably what's happening is that it's cost-prohibitive for a provider to train their staff to maintain all of the different packages that would be required to offer such a service, and a provider that offers VoIP generally has to have more quite a bit more infrastructure in place to offer any kind of reasonable service. The closest thing to what the submitter is asking for is probably a managed server provider, and there's no shortage of those out there, at varying quality/price points.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I'm a senior engineer at FireHost, and we can provide managed infrastructure and installation assistance for the things you've listed, complete with managed SSL VPN access for all your employees.
Again, this is an admittedly shameless plug, but it does answer the question.
Write failed: Broken pipe
Go to any one of many providers that offer general purpose computers, and get one, virtual or physical. Then go to what ever software provider provides the OS and packages you need and get that. Then combine their powers for a remote arbitrary computing system.
Alan Turing came up with the great idea of a universal computer that could to what ever you need. Its a pretty good approach to this problem.
I don't. Few hosts have the brains and manpower to handle that many services at once. Pick the best for each one, and be glad that they're the best. Besides, if their data center is DDOS'd, you want all your services going down at once? Likely not.
Nobodies Prefect
Tidbits for Techs Technology Blog
Why do you think the NSA snoops on Non-US traffic more than it snoops on US traffic?
Really?
Frankly, if you are sending e-mail in the clear (and, unless YOU encrypt it - you are) - it is like mailing post cards from your holiday trips and expecting no one to look at the back of them.
I have mod points and I am not afraid to use them
and "complete" solutions have been around for more than a decade.
The question that may be interesting, is why have people not adopted niche complete hosting providers. I don't know, but to tell the truth I need to wake up each morning knowing that my information is reliably accessible _me_, my credit card numbers haven't been sold, and that if my provider goes down I can read about it in the NYTIMES, that's all slightly more important to me than my worry that the US/German/French governments can read my crap.
...making data siphoning easy for the NSA.
I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories, and equally tired of the idiot replacement editors from Dice rubber-stamping submissions like this that even most bloggers wouldn't post. You wanna talk about hosting providers? Okay, let's talk. Obviously you are concerned about your data being intercepted and stolen.
Do you guys honestly think, for one second, that you can hide from these guys if they really want you? Any of you? This is the largest, most powerful government on the planet, with resources you could only dream of. Even businesses the size of Google can't keep them out; And if you believe any press releases to the contrary, you're an idiot.
The only way you're keeping your data safe is in a physically secured facility, with the computer locked in a faraday cage and with no access to the internet. Just about anything else and the data will be vulnerable at some point to a legal intercept of it. You can manage those risks, limit them, but ultimately, if they want it they're gonna get it.
So please guys, stop asking for NSA-proof [insert thing here]. There are only two defenses when your opponent has a half trillion dollar budget and you got twenty bucks and a cracker; Anonymity (ie, don't get on the radar), or don't do anything that would be interesting to them... or if you must, for the love of fuck, minimize your electronic footprint. Forget the credit card, the cell phone, the wifi-enabled anything. Go off grid, stand in the woods in the middle of nowhere, and then do whatever it is you're keen on doing without the government being aware of it.
There are no high tech solutions to this that are within your budget, ok? Just... deal with it already guys.
#fuckbeta #iamslashdot #dicemustdie
DreamHost has a diverse array of services, geek-oriented tech support, and a community oriented around tech-friendly features. I've been very satisfied for many years. If they don't support it, I guarantee one of the in-house developers has an unofficial install working somewhere that they'd be happy to copy over.
At this point, I think -any- thing surging over the internet is unsafe unless encrypted (and at this point, excessively). I don't trust ANYONE, US or non-US to keep their hands off my packets.
Anyone who believes that "Not much has changed" in webhosting the past 13 years is not paying attention. There has been *massive* consolidation and times are so rough for the small providers that we've gotten real good at having multiple legs to stand on.
Where I work, we now provide a number of different services as the age-old web+email+etc stuff is rapidly going the way of the dodo. Most people who want "the full package" also tend to have very specific needs and are better served with a VPS or dedicated server and even this market is strongly consolidating.
Godaddy offer every service that you might require, at a low, low, price!
Come to Youtube and see me shooting some elephants!
...that only using Google will make it easier for the NSA to track you. You do realize that EVEN if you are using SIPs with ZRTP on a pure VoIP call, there will always be some sort of meta-data that can potentially be tracked by the NSA or other domestic or foreign intelligence agencies. And if you wish to call to the PSTN, well, you can forget it, because then you are sending your calls to yet another centralized point of transit (VoIP to PSTN), and you can be easily tracked there too.
Hostgator... was purchased by EIG a while back (joining ranks with Bluehost, among others). It's just all that much worse now. While the support provided by Hostgator was generally adequate even in relatively recent history, forced migrations and a slew of bone-headed business decisions were made... and now their support staff is generally tied up coping with the after effects. They could have easily vanished into "The Cloud", but there is something to be said for dedicated hardware. When you sell support as a service (a full staff of dedicated support admins cost more money than one might think), you need to make sure your _product_ isn't being contaminated by the doings of the factory. Indeed, these hosting models are steadily approaching the brink of experiencing natural selection first hand.
"Do you guys honestly think, for one second, that you can hide from these guys if they really want you? Any of you?"
I agree, he shouldn't be collecting our private comms. And the most politically active of us, should be the best protected of all. So why *does* the NSA do that?
"The only way you're keeping your data safe is in a physically secured facility, with the computer locked in a faraday cage and with no access to the internet."
Nah, just arrest every hacker you find and don't give hackers 0 day exploits and you'll fix a lot of problems. Also don't let hackers put backdoors into encryption and into network systems, and tap networks, and whatever you do don't give them the keys to the web security. By hackers I mean NSA.
"So please guys, stop asking for NSA-proof [insert thing here]."
Don't you think we shouldn't *have* to ask? It's written into the constitution and the EU privacy right.
What do we need to do to get the NSA to read the constitution, send it in an encrypted email to our kids?
"There are no high tech solutions to this that are within your budget, ok? Just... deal with it already guys."
Hah! you wish.
Will cover your bases !!
I think not just consolidation, but specialization as well.
I've plugged them before because they've been great, but the main reason I decided on hosting with a company called Nexcess is because they fine-tune their hardware to run the Magento platform. For those not aware, Magento in its infancy was known to be such a terrible resource hog. Horror stories of people trying to run it on cheap shared hosting. To an extent, those horror stories still happen, but there have been some niche hosting providers that saw an opportunity to differentiate themselves and did.
When I have to get in touch with their support, they not only know their own hardware, they know the platform I am using. Having that specialized knowledge available was a godsend before we had the resources of Stackoverflow or the Magento SO beta site (not to mention my own knowledge that has grown about developing on Magento in the last five years).
The specialization is great in so many ways, but I think one of the drawbacks is you have less broad-scoped knowledge, and it just ends up as a bunch of so-so quality services instead of getting high-quality services from seperate providers.
Someone flopped a steamer in the gene pool.
Yeh, we need to tweak the protocols to be more Skype/Tor like.
Good point, but still a solvable problem.
And then there's the NSA Fox Acid system by which they purchase exploits from the black market, automatically attach payloads, then deploy them via skiddies reading a flow-chart to determine intelligence cost/benefit analysis; No amount of constitutional rights or encryption will prevent infection from our "cyber army" and its Ferret Cannon: Metasploit + unlimited funds + black-market 0-day exploits + wanna be hackers.
It's basically the ultimate computer nerd version of the school yard bully. Big, brainless, and dangerous. I mean... Just listen to the code names they use. It's like they're actually proud to be thuggish dipshits.
Typically anyone with your set of requirements has the tech chops to DIY with a VPS for sub $20/mo. Simpy - the market doesn't exist and/or is not commercially viable.
My feeling is that the NSA will study your email no matter what service you use. Being that they are a very well funded spy agency with some high dollar talent you can bet they crack into just about everything they want to. With the recent revelations that NSA has broken into 35 different governments and studied their data for years that should tell us that they have a very strong cracking ability. After all, all of the governments that NSA penetrated had security services in place and probably set up by experts who had just a bit less training or less dollars to work with. So no worries, you'll be spied upon just like everyone else.
What actually is a complete hosting provider?
I don't get the question in the summary. It sounds like the guy is asking for a host he can pay that will automatically set up some arbitrary services that he's decided constitute "complete hosting"?
I don't really see how an ISP can cater to such an arbitrary definition when there's literally millions of different services an ISP could be expected to provide.
Isn't the solution just to get your own VPS or dedicated server and just install everything you want on it or am I missing something here?
Is there some defintion of "Complete Hosting Provider" whereby said provider to conform must provide the services the summary is asking for even though it's a rather obscure combination of things to provide on one host?
From what I can fathom the answer to the question is: "You are not the only person on the internet, different people have different use cases, no ISP could possibly cater to ever combination people may want, nor would they probably want to because it would require having experts in each of those millions of technologies to manage them all hence why they stick to their areas of expertise or provide you a blank server you can install whatever the hell you want to on". Unless there is some definition of "Complete Hosting" that encompasses only a fringe handful of available services then I can't see this changing.
I'm not sure there's an issue here. There are ton of VPS providers out there that you can build anything you want on. Odds are, anyone who wants specialized services (or the broad range of services) you do needs to build his own server anyway, since you have to set up and config each service.
I wanted something unusual - a news server delivering NNTP - plus some other stuff. I got it at http://www.rockvps.com/. They offered me a network address, a bunch of monthly bandwidth, and a bare FreeBSD server I could do (almost) anything with.
How is what I wanted different from what you want? Sounds like if you want to build out a server with some special demands, you need to search for a good VPS (there are dozens, if not hundreds out there) and go for it!
Not sure there's a crisis here. Unless YOU are working for the NSA and this is actually a devious scheme to get us to help flesh out your database, ha ha ha.
If this were Usenet, I'd killfile the lot of you.
The absence of competition in this area drives many to Google, making data siphoning easy for the NSA.
For me, I do not use any provider that has their HQ inside the United States of America.
And ... in order to retard NSA's snooping in my traffic, I deploy SSL forward secrecy on my sites.
Anyone who wants to know about forward secrecy please visit https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy to get more info
Muchas Gracias, Señor Edward Snowden !
to break this down:
email/web/webmail/domain/:dreamhost.com does all this, as do most hosting providers, already. shared, VPS and dedicated hosting packages have existed for a decade or more.
VOIP: is available as an asterisk appliance or a product you can buy and have serviced locally. why? because 75% of VoIP is the network. where to place PBX's, gateways, and how they interface with things like fax and voicemail are all critical things that cant just be boxed up and sold off a website like wordpress.
public-key: ssh-keygen i guess? do you mean SSL certificates? because thats covered by every major hosting provider. GoDaddy runs an authority, the rest just outsource it as part of their panel offerings.
XMPP: Dreamhost.
VPN: slashdot resurrects VPN as a feature of cryptography on the regular, and if you check some of the articles we're all greatly in favour of creating our own keys for this, salting them appropriately, and generally keeping pretty strict control over them. that having been said, if the idea of running your own open source router is a bit too much to handle there are probably 50 companies that will sell you a product like fortigate or juniper which are more than capable of VPN tunnels. outsource your 2-factor auth to yubikey.
full disclosure: I was a dreamhost admin for a while. they offer great service and products, and generally resist any request for information without a warrant. they fought back against SOPA, continue to fight against PIPA and generally run a pretty tight ship.
Good people go to bed earlier.
The race to the bottom killed hosting providers long before Cloud got in on the act. Any yahoo with a co-located machine and the ability to configure LAMP and CPanel could claim to be a hosting provider; many did.
As the owner of a hosting company, that's the same impression that i got. He's asking for a grouping of products that don't naturally group together. When people think of hosting, they think of web, mail, and dns. They generally don't think of VoIP, VPN, or XMPP, or whatever the submitter expects to receive when he asks for "public key" service. It's nonsense.
Squash
... is not interested in you ... unless you have done, or are doing, something that interests them. Now what might that be?
now we need to go OSS in diesel cars
I don't think complete hosting providers are a very good idea at all. I can see doing web/email in one place but putting all of your eggs in one basket with a single provider is never a good idea. You trade convenience for a single point of failure and that is just no bueno.
If this was a viable business model, someone would be doing it. Today, the extremes seem to be either a race to the bottom where everything is free or has zero margins, versus things so esoteric that it's hard to make a viable business out of them. Google has made a few things on this person's wish list a race to the bottom where no one could compete (e-mail, docs), and the others would take specialized skills (such as telephony). Businesses reward the providers who do things free or cheap, locking out other businesses who might provide a reasonably priced solution - but if no one is willing to pay for something Google gives them for free, it's not viable. As long as the business world rewards the race to the bottom, sustainable businesses aren't going to be viable.
Lot's of companies exist that do exactly that, but I think you're looking for a big nationwide (or worldwide) company. Look for local managed IT providers, lot's of them exist that do nearly all that you want (don't see many offering XMPP, as much as I would like it), heck in my small circle if IT friends, two of the guys own such companies. These guys exist to provide turnkey IT solutions to companies that don't have the abilities to do it themselves and I'll bet if you can drive enough business they would probably let you setup some kind of whitebox rebranding deal if you want your name on it.
Pluralitas non est ponenda sine neccesitate
Roll the insecure dot org here.
Microsoft does domain (Active directory), voice (Lync online), VPN (private site-to-site for your company network to your cloud servers, not sure about net access or client to server), web mail (Outlook online/hosted exchange), and some other stuff, like office and sharepoint online.
Lync can federate to XMPP servers I think. Not sure about private key, normal AD can do some of that, but I haven't tried the online version.
Now, I know people don't like MS around here, but if you want these services for your clients you might just go with them, especially if they run windows desktops anyway (Granted, I'd add a local DC in case their net goes down, but that's up to you)
In the open source world you usually have to put puzzles of packages together. I'd say start with the more difficult one and check if the hosts can provide the others. For example, I notice Zimbra has a list of hosts all over the world that provide their mail infrastructure already set up for you. If one of them also provides the rest you'd be set.
What actually is a complete hosting provider?
A close example is Google. Google provides email, web, webmail, domain, XMPP, VOIP, all available from a single gmail login and manageable from a web interface.
No, I do not want to just rent a server from someone else, and set up and manage all this stuff myself. I want to pay for it, but I would like some competition, I do not like to send everyone to Google.
I realize that not every client will need or want all these services when I first set them up. Some clients will only use half the services ever. But having them easily accessible to the customer from a single provider if/when they need them has real value.
"In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
I'll tell ya where they are.
They got out competed by companies that could afford good spam filtering. Hand holding the spam filter is a full time job for a small email host.
Then, you get the idiots that jump ship for fifteen cents less per box per month, that drives the price down well below what it's worth doing unless the whole mess is completely automated. Or, the customers that said they would set it up themselves whine about how much work entering forty email addresses really is.
And, as things got more sophisticated, now you have to host PHP full of security holes, be an expert at every goddamn widget in WordPress, teach the web tard that a fourteen meg background bitmap image won't be a good choice for his web page, and troubleshoot a borked database... all on three operating systems.
Now, a small group "doing hosting" needs to have deep expertise in about 100 different subjects when they have time to learn five of them, and each "customer" will leave when they stumble upon one of those non expert areas. All the while not lifting a finger to help themselves.
Oh, and the customers don't want to pay more than $5 per month for it.
The days of sticking up a server, setting up an account and knowing the guy buying services knows what he is doing is LOOOONG gone. And, that in turn caused the market to collapse into the big players that can gain from having an expert in every subject around and still make a profit.
I'll tell ya what the issue is, that your assumption that in TEN YEARS the industry didn't change drastically didn't set off alarm bells in your head when you typed it out for the summary. THAT's the problem. Thinking that in TEN YEARS the market won't change. In the COMPUTER industry no less.
Dreamhost was the closest thing I found so far. However, no VOIP, and no public-key server that I know of.
Or one provider from among the tons of VPSes out there. Linode (for example, not saying they're special) can trivially do all of the above.
They have homogenized the offering to a great exent. The packages are being dragged kicking and screaming away from the single box stack forget adding in anything besides web/email/database. Organic growth favors that single silo to start but then it's nearly impossible to move away from as you grow.
No sir I dont like it.
The point of the question was not to find an "NSA-proof" (as you said) hosting provider. The question should have asked for a provider that is not on the PRISM list, a provider that does not funnel data to the NSA by default.
Take all the money you are spending on your various hosting solutions and add them up. Imagine if you went looking for hosting and got that the price. Yeah, that is why.
If you need some very specific combination of applications and services (as you do) then you need to either combine several providers or just lease a dedicated server or co-locate your own hardware and run it yourself.
It is up to the user and the mail client to do the encryption. If your hosting provider plays any part in that they will need the keys and can therefore hand them over to others - or do decryption for others and keep the keys. Any way you look at it, end-to-end encryption requires that it be done AT THE END which means on your own machine.
I would call it turnkey, checkbox ordering of services, and not necessarily all done directly by one company.
The list provided by the OP is basically everything that a new small company needs to have a modern presence from a technology standpoint.
The problem with the list though is it is missing corporate filings, DBAs, basic accounting and tax advice, basic legal advice, insurance, banking, post box services, design and printing services, etc. Clearly no "hosting provider" would be expected to offer accounting advice, but offering that service makes it exponentially easier for someone to set up a business, and if done well, easier to operate the business on an ongoing basis. At some point you might hit a critical mass where it doesn't make sense anymore, but if you can defer the committment to it in the first 12 months life is much easier. NoLo makes a good business selling books to help people wade through these things themselves, but it still takes a lot of work and will cost you a lot of fees when you do it wrong.
There is a reason IT used to be run out of the CFOs arm and be called Management Information Systems.
If one host has a problem, you don't want everything you use to go down. That's why no host is stupid enough to attempt to offer every service to their customers. One outage of VPN is like whatever for one day. One outage of email, your website, parts of your domain, your VPN, and phones and you're leaving them for someone else.
Putting all eggs in one basket has always been a recipe for problems, if that one company goes bust / has problems / downtime then everything goes down. Even the likes of Google and Amazon get it wrong. Its funny when you see many different services effected by one companies down time. I personally prefer to separate out business critical services if I can.
Tim (http://tim.igoe.me.uk)
Computers are like Air-con, open windows and they stop working!
When you have a pi plugged into the wall...
“He’s not deformed, he’s just drunk!”
In other words...consolidation. People were fine with Google et al. running things until they realized how badly they are being pwned. Now people want to change, to save their lives / businesses / etc., and they have to scramble to rebuild some of the things that were thrown away.
I am John Hurt.
When people think of hosting, they think of web, mail, and dns. They generally don't think of VoIP, VPN, or XMPP
See, I'd agree that his grouping is arbitrary, but thinking about it leaves me wondering why we group web, mail, and DNS together. It seems more sensible to group email, VoIP, and XMPP together. Web space and email really have no functional overlap, whereas you can benefit from integrating chat, voice, and email.
So ultimately, what he's asking my not be nonsense. We have many various hosted services, so why do we arbitrarily group some of them together, and not others? I think the answer is that we don't include VoIP because ISPs tend to lock that up for home users, whereas businesses want dedicated business solutions. VPN is more of a niche service, and most people don't bother setting up chat services because they're used to using AOL. I'm not sure why we don't find a better solution than having dedicated certificate authorities that charge ridiculous prices, but we haven't done that.
There is no right to privacy in the US Constitution.
Would the sort of privacy violation discussed here be comparable to a search of one's papers? If so, are warrantless searches deemed "reasonable"? If not, the Fourth Amendment guarantees the right of the people to be secure against such privacy violations. Otherwise, please explain why these privacy violations either are not "searches" or are "reasonable".
I think it's less about functional overlap and more about the core sets of things people want when they're looking for hosting.
Normally if you want a website, you buy a domain, and you'll want e-mail on that domain too so it all fits. Few people want XMPP and VOIP with that.
At least this is my experience, when I've gone looking for a host it's for a website (if I just wanted mail I'd use gmail or whatever). I also want an address to go with that. If I've got the address, I'd at very least like to be able to forward e-mail from it (e.g. admin@mynewname.whatever).
If a provider grouped VOIP, XMPP and so forth with my e-mail and had my web and DNS as separate things I'd go elsewhere because I don't want to end up paying for shit I don't need.
I'd wager it is the way it is because my experience is typical of the market - the money is in people looking for web hosting and a hostname and e-mail address to go with that so ISPs have optimised for offering that.
The NSA may be gaining access to some US resources in the post-PATRIOT act era, but its chief concern is, and has always been, foreign intelligence. If you think that moving your data overseas is making it safer from the NSA, open your damn eyes!
Almost didn't reply to this, as it is feeding the trolls. However, I'd just like to say that rumors of the hosting business' death have been exaggerated.
Squash
People don't want DNS. They want web and mail. Both depend on DNS.
Absolutely. For business who actually have to compete (aka not your local cable provider!), you group services together that people *want* to buy together. Businesses who use hosting providers (meaning small to medium businesses who don't have the IT presence to handle it internally) by and large need the exact package of dns, web, and email. Some need an extra service here and there, and I'm happy to provide them, but almost everyone needs those three. Adding services to that would increase the cost to provide them, which would increase the cost to customers, and they don't like to pay for features they don't use.
Squash
Yes. EIG destroyed the last good hosting company (HostGator). I worked there for a year (pre EIG purchase), and have several friends who worked through the transition. I can't count how many times we migrated folks from Dreamhost/GoDaddy/*EIG companies to HG. Every single customer absolutely abhorred those companies and had always heard good things about HG and wanted to migrate. We focused on great service/uptime and we delivered. Pre purchase, we went above/beyond for each and every customer. We made everything work. For 3.00 a month, you could call a Linux admin and we would help you. 24x7x365. We never closed. I worked weekend graveyard (Wednesday to Sunday night), and helped countless US based customers with all kinds of off hours migrations (mostly on VPS/dedicated hosts, but also on shared/resell). I also supported customers all over the globe during their business hours. This was across a global data center footprint (sjc/lax/iah/dfw just in the US) on 10s of thousands of servers. We always went out of our way to never say no. I encountered a huge amount of highly intelligent individuals doing all kinds of things with our shared hosting. The VPS/dedicated customers were always fun to work on. Cpanel/WHM is actually pretty slick. Really it's almost an entire OS. Yeah it's Centos underneath, but it does all kinds of stuff on top of that. The backend CLI tools are quite nice. Post purchase, support went down the drain. EIG pumped/dumped HG and just IPOed. They force migrated everyone to a data center with horrible staff, network gear that was garbage, too little bandwidth etc. All to save on monthly hosting costs with Softlayer. They don't realize the economies of scale and horizontal growth model that was the core of HG business model. (We were adding almost 100 shared/reseller servers a week) Ah well. The 90s and 00s are over. It's all big business and horrible service now.
Charles Wyble System Engineer
Hmmmmm. See I think this would be packaged as the "small enterprise" offering, charge 99.00 a month for it, plus 5.00 per user. Template it out and be good to go.
Charles Wyble System Engineer
If there were demand for it, there would be service offerings for it. Hosting companies (excluding the Bulk providers) tend to listen to their customers. When one customer asks for something, it's a one-off. If two do it, it's an odd coincidence. If 3 do it, it's on the list of services that you offer.
Squash
five relatively small bills looks better than one large bill, even if the five small bills cost more in the long run.
lose != loose
Somehow people have forgotten what used to be a basic assumption - email is not that private:
See the first comment on this article (or ask anyone who was around in the 90's):
http://slashdot.org/story/13/09/29/187252/everything-you-needed-to-know-about-the-internet-in-may-1994
The NSA is *not* about finding 19 guys and a camel: it never has been. Recall they couldn't give a good answer to the question of who got nailed by the NSA's coverage. This after many years of this scanning taking place. Rather, the NSA is really all about finding *your* money, everyone's money, whether here in the US or overseas. Governments, particularly the G20, are in the hunt for taxes, hence they want to know everything about your life even when "you have nothing to hide". They broke the Swiss bank secrecy laws. The liberals may say that's good, but the reality is that this is more deflationary as time goes on because no amount of taxes will *ever* be enough, as a result, capital will be hoarded more and more to keep it out of the government's hands. That is just reality, boys and girls. They already have a requirement for 1099's for Amazon and eBay buyers and sellers above a dollar limit. Think they can't eventually track that down to the penny? Think they can't do something similar to Craigslist?
Normally if you want a website, you buy a domain, and you'll want e-mail on that domain too so it all fits. Few people want XMPP and VOIP with that.
As someone who has done a lot of IT for a lot of different business-- different types of businesses of different sizes in different industries-- I'll say that real businesses run by competent people rarely have web hosting and email run on the same place. I'd estimate that in the majority of cases, it's web hosting with one company, email with another, DNS with a third. Often the web hosting also offers DNS and email for free as part of the package, but we don't use that because they often don't do a very good job of it.
I'd wager it is the way it is because my experience is typical of the market - the money is in people looking for web hosting and a hostname and e-mail address to go with that so ISPs have optimised for offering that.
On the contrary, I'd quess that the market includes these things not because it's what people want, but because it's what's easy to provide. If you're setting up a web server, it's not very hard to throw on support for IMAP/POP/SMTP. The people working at these places are familiar with how to do that, the software is free, bandwidth/storage use is relatively small and predictable, and the security risks and minimal. Services like chat, calendaring, and VoIP are a bit more complicated and less well understood to your average IT worker. If you're selling a hosting plan for $5/month, you aren't going to want to do anything weird or difficult, but adding IMAP/SMTP hosting, and even webmail hosting, is pretty trivial.
As far as "paying for services that you don't use", they could get around that by charging a certain amount for al la carte, and then a different amount for a package deal, so it's not really a sensible objection.
"Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
In Maryland... or Guantanamo Bay. Until you elect a government that decides privacy is legal.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
To OP,
I think you've got a great kernel of an idea in this question and I'm glad /. posted it up. Let's turn this into a high level RFP shall we?
First a bit of background:
I've stopped at every point along the spectrum of data ownership for my personal and business (it consulting (Known Element Enterprises) and mesh network non profit startup (Free Network Foundation) data:
1) most (legally and maybe physically, but that's debatable) safe option of running compute/storage/network gear at my house (in Los Angeles). Single grid/point of entry for power (run to a dedicated sub panel naturally), single net uplink (DSL, homed to the CO two blocks away, fiber to same CO available for me to cross connect if desired)
2) Using shared hosting at HostGator (while employed there as a Linux admin)
3) Using various VPS providers (MediaTemple while in Los Angeles and knowing numerous admins who built out the environment, HG while working there)
(previous two options were due to moving to Austin and not having a house like I did in LA). Started out with shared hosting, moved to VPS when I needed OpenFire,OpenVPN,Chili etc. Basically moving beyond simple PHP apps.
4) Having the gear that used to be hosted at my house placed into Joes DataCenter in KC MO and maintaining a fantastic relationship with them. I added Cyclades ACS48 and PDUs for full OOB access/management.
So I have firsthand experience with the full spectrum. From full management/control/legal protection, to fully outsourced managed hosting, to hybrid model (colo).
RFP framework
1) Willing to treat the hosting package as truly business critical and able to pay accordingly (100.00 to 300.00 a month base, reasonable per user/per month charge).
2) You want this to be a turnkey (ala Google apps) solution, with things like zero backup window, live migration of state in the event of failure, redundant switches/routers/drives etc. All very doable with ZFS, open source virt flavor of choice, x86 servers, 10/100 (2950 et al) Cisco switch hardware off the gray market (to keep costs down)
3) You want encryption of everything so that even in the event of a NSL, you'll be protected. You have some sort of key management system in place to handle the private keys that are generated. Look at startssl for an example of how they do things. They use client side SSL certs for all auth. It's quite slick.
4) You are OK with a single facility and remote snapshots (ie hot active/cold standby). (Maybe the hot site is in a reliable colo, the cold site is s3/ec2 with the various issues that entails).
You'll be willing to pay a premium for hot active/warm standby) if a particular client requires that level of recovery.
From the above, I'll let others expand this and see if the community can put an RFP together for hosting companies.
Charles Wyble System Engineer
most people don't bother setting up chat services because they're used to using AOL.
I see you've recently been defrosted after having been frozen in 1996. AOL has mostly gone the way of the dinosaur while you were in stasis. But there is this new thing called "Facebook". It might be worth Googling (or, you may be more familiar with "altavista'ing" from prior to your little nap).
I'm sure Brent Oxley is still enjoying his penthouse in the Austin 360 building.
Some MSP's provide all those services, for example, www.bendigotelco.com.au
"I'll say that real businesses run by competent people rarely have web hosting and email run on the same place."
This is nonsense use of the no-true Scotsman fallacy. There are different companies of different scale, most large and medium sized corporations just host their own e-mail and website outright.
Beyond that there's no fixed pattern of web and e-mail being run in the same place, that's my anecdote, it contradicts yours, but what can't be avoided is the very fact you're trying to argue against - that providers provide web and e-mail hosting together, they do that precisely because regardless of our anecdotes that's what the majority of customers whether they're private individuals or actual businesses want. You're assuming it's this way because of some obscure trait of history, but it's not, it's because it's what the market calls for.
"On the contrary, I'd quess that the market includes these things not because it's what people want, but because it's what's easy to provide. If you're setting up a web server, it's not very hard to throw on support for IMAP/POP/SMTP."
I don't know what kind of dodgy hosting you're using, but that's not how most hosting providers work. Most have clusters of e-mail servers, and clusters of web servers, each providing that service independently of the other service. When you sign up for hosting you rarely have a situation where they create a server for you (virtual or physical) and then stick your web server and e-mail on that one dedicated box - they use their specific server clusters to provide you with those services.
"As far as "paying for services that you don't use", they could get around that by charging a certain amount for al la carte, and then a different amount for a package deal, so it's not really a sensible objection."
Well it is, because it costs to even do that. It costs them to have staff on hand to support those services I may choose, but then opt not to, it costs them to produce a bespoke set of tools to allow me to select from some fancy web interface what I do and don't want. All that costs the host money, and the host has to pass that on to the customer, which means they'll never be cheaper than one that just provides me what I want.
Really so I send your email to, yourname@yourhouse.yourpostalcode? I think there might be an overlap there.
What you need is contradictory. You want to hand out all your data to a single company and you want to be in control.
Want convinience : go with Google or Microsoft, or work with an intermediary. Want control : get your own servers. Want something in-between : keep doing what you are doing now with multiple providers.
End-to-end encryption have to be done within the client software. Webmail, for example, will almost never qualify.
As for the NSA, unless your business deal with state secrets or organized crime, they don't care about your data.
I started using Conspire Web Services (http://conspireweb.com) a little while ago, they seem to bundle a bit more together but not everything (I have a hosting / email & VoIP with them)
The website doesn't say anything about encryption but the service agreement does have provisions for subpoenas and the like, although at that point you'd probably know you're being snooped upon.
One thing they do offer is the ability to choose where your data is stored, so you could always pick an offshore server - but again, no idea whether they encrypt it.