Slashdot Mirror
Ask Slashdot: Where Are the Complete Hosting Providers?
Kludge writes "In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
Is my page loading wrong or are there really no answers yet?
The absence of competition in this area drives many to Google, making data siphoning easy for the NSA.
The scroogling is strong in this one...
All I can think of is wtf? There are plenty of hosting companies out there...
Consolidation has killed the hosting business that you describe.
The big players like hostgator and godaddy have snapped up the business that used to be distributed across thousands of web hosting businesses. The cost of providing support has made it impossible for the smaller players to compete with them.
And then there's the cloud. Companies like Digital Ocean and Ram Node are offering complete virtual server packages for the same price as a web host only used to provide (~$5.00 / month). Not only can you host an unlimited number of domains, you can run your own email, ftp, proxy, et. al. You can even host bittorrents or streaming radio stations.
More functionality at the same price. They have no way to compete other than to radically change their service offerings.
$5 / month hosted VPS on linux = awesome!
I think probably what's happening is that it's cost-prohibitive for a provider to train their staff to maintain all of the different packages that would be required to offer such a service, and a provider that offers VoIP generally has to have more quite a bit more infrastructure in place to offer any kind of reasonable service. The closest thing to what the submitter is asking for is probably a managed server provider, and there's no shortage of those out there, at varying quality/price points.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I'm a senior engineer at FireHost, and we can provide managed infrastructure and installation assistance for the things you've listed, complete with managed SSL VPN access for all your employees.
Again, this is an admittedly shameless plug, but it does answer the question.
Write failed: Broken pipe
Go to any one of many providers that offer general purpose computers, and get one, virtual or physical. Then go to what ever software provider provides the OS and packages you need and get that. Then combine their powers for a remote arbitrary computing system.
Alan Turing came up with the great idea of a universal computer that could to what ever you need. Its a pretty good approach to this problem.
I don't. Few hosts have the brains and manpower to handle that many services at once. Pick the best for each one, and be glad that they're the best. Besides, if their data center is DDOS'd, you want all your services going down at once? Likely not.
Nobodies Prefect
Tidbits for Techs Technology Blog
If you're so worried about the NSA (you mentioned it) why would you:
1) use hosting
2) have everything provided by one hosting provider.
3) not specify "non-US" hosting in your question?
and "complete" solutions have been around for more than a decade.
The question that may be interesting, is why have people not adopted niche complete hosting providers. I don't know, but to tell the truth I need to wake up each morning knowing that my information is reliably accessible _me_, my credit card numbers haven't been sold, and that if my provider goes down I can read about it in the NYTIMES, that's all slightly more important to me than my worry that the US/German/French governments can read my crap.
...making data siphoning easy for the NSA.
I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories, and equally tired of the idiot replacement editors from Dice rubber-stamping submissions like this that even most bloggers wouldn't post. You wanna talk about hosting providers? Okay, let's talk. Obviously you are concerned about your data being intercepted and stolen.
Do you guys honestly think, for one second, that you can hide from these guys if they really want you? Any of you? This is the largest, most powerful government on the planet, with resources you could only dream of. Even businesses the size of Google can't keep them out; And if you believe any press releases to the contrary, you're an idiot.
The only way you're keeping your data safe is in a physically secured facility, with the computer locked in a faraday cage and with no access to the internet. Just about anything else and the data will be vulnerable at some point to a legal intercept of it. You can manage those risks, limit them, but ultimately, if they want it they're gonna get it.
So please guys, stop asking for NSA-proof [insert thing here]. There are only two defenses when your opponent has a half trillion dollar budget and you got twenty bucks and a cracker; Anonymity (ie, don't get on the radar), or don't do anything that would be interesting to them... or if you must, for the love of fuck, minimize your electronic footprint. Forget the credit card, the cell phone, the wifi-enabled anything. Go off grid, stand in the woods in the middle of nowhere, and then do whatever it is you're keen on doing without the government being aware of it.
There are no high tech solutions to this that are within your budget, ok? Just... deal with it already guys.
#fuckbeta #iamslashdot #dicemustdie
DreamHost has a diverse array of services, geek-oriented tech support, and a community oriented around tech-friendly features. I've been very satisfied for many years. If they don't support it, I guarantee one of the in-house developers has an unofficial install working somewhere that they'd be happy to copy over.
Anyone who believes that "Not much has changed" in webhosting the past 13 years is not paying attention. There has been *massive* consolidation and times are so rough for the small providers that we've gotten real good at having multiple legs to stand on.
Where I work, we now provide a number of different services as the age-old web+email+etc stuff is rapidly going the way of the dodo. Most people who want "the full package" also tend to have very specific needs and are better served with a VPS or dedicated server and even this market is strongly consolidating.
Godaddy offer every service that you might require, at a low, low, price!
Come to Youtube and see me shooting some elephants!
...that only using Google will make it easier for the NSA to track you. You do realize that EVEN if you are using SIPs with ZRTP on a pure VoIP call, there will always be some sort of meta-data that can potentially be tracked by the NSA or other domestic or foreign intelligence agencies. And if you wish to call to the PSTN, well, you can forget it, because then you are sending your calls to yet another centralized point of transit (VoIP to PSTN), and you can be easily tracked there too.
"Do you guys honestly think, for one second, that you can hide from these guys if they really want you? Any of you?"
I agree, he shouldn't be collecting our private comms. And the most politically active of us, should be the best protected of all. So why *does* the NSA do that?
"The only way you're keeping your data safe is in a physically secured facility, with the computer locked in a faraday cage and with no access to the internet."
Nah, just arrest every hacker you find and don't give hackers 0 day exploits and you'll fix a lot of problems. Also don't let hackers put backdoors into encryption and into network systems, and tap networks, and whatever you do don't give them the keys to the web security. By hackers I mean NSA.
"So please guys, stop asking for NSA-proof [insert thing here]."
Don't you think we shouldn't *have* to ask? It's written into the constitution and the EU privacy right.
What do we need to do to get the NSA to read the constitution, send it in an encrypted email to our kids?
"There are no high tech solutions to this that are within your budget, ok? Just... deal with it already guys."
Hah! you wish.
Will cover your bases !!
Yeh, we need to tweak the protocols to be more Skype/Tor like.
Good point, but still a solvable problem.
And then there's the NSA Fox Acid system by which they purchase exploits from the black market, automatically attach payloads, then deploy them via skiddies reading a flow-chart to determine intelligence cost/benefit analysis; No amount of constitutional rights or encryption will prevent infection from our "cyber army" and its Ferret Cannon: Metasploit + unlimited funds + black-market 0-day exploits + wanna be hackers.
It's basically the ultimate computer nerd version of the school yard bully. Big, brainless, and dangerous. I mean... Just listen to the code names they use. It's like they're actually proud to be thuggish dipshits.
Typically anyone with your set of requirements has the tech chops to DIY with a VPS for sub $20/mo. Simpy - the market doesn't exist and/or is not commercially viable.
My feeling is that the NSA will study your email no matter what service you use. Being that they are a very well funded spy agency with some high dollar talent you can bet they crack into just about everything they want to. With the recent revelations that NSA has broken into 35 different governments and studied their data for years that should tell us that they have a very strong cracking ability. After all, all of the governments that NSA penetrated had security services in place and probably set up by experts who had just a bit less training or less dollars to work with. So no worries, you'll be spied upon just like everyone else.
I'm not sure there's an issue here. There are ton of VPS providers out there that you can build anything you want on. Odds are, anyone who wants specialized services (or the broad range of services) you do needs to build his own server anyway, since you have to set up and config each service.
I wanted something unusual - a news server delivering NNTP - plus some other stuff. I got it at http://www.rockvps.com/. They offered me a network address, a bunch of monthly bandwidth, and a bare FreeBSD server I could do (almost) anything with.
How is what I wanted different from what you want? Sounds like if you want to build out a server with some special demands, you need to search for a good VPS (there are dozens, if not hundreds out there) and go for it!
Not sure there's a crisis here. Unless YOU are working for the NSA and this is actually a devious scheme to get us to help flesh out your database, ha ha ha.
If this were Usenet, I'd killfile the lot of you.
The absence of competition in this area drives many to Google, making data siphoning easy for the NSA.
For me, I do not use any provider that has their HQ inside the United States of America.
And ... in order to retard NSA's snooping in my traffic, I deploy SSL forward secrecy on my sites.
Anyone who wants to know about forward secrecy please visit https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy to get more info
Muchas Gracias, Señor Edward Snowden !
to break this down:
email/web/webmail/domain/:dreamhost.com does all this, as do most hosting providers, already. shared, VPS and dedicated hosting packages have existed for a decade or more.
VOIP: is available as an asterisk appliance or a product you can buy and have serviced locally. why? because 75% of VoIP is the network. where to place PBX's, gateways, and how they interface with things like fax and voicemail are all critical things that cant just be boxed up and sold off a website like wordpress.
public-key: ssh-keygen i guess? do you mean SSL certificates? because thats covered by every major hosting provider. GoDaddy runs an authority, the rest just outsource it as part of their panel offerings.
XMPP: Dreamhost.
VPN: slashdot resurrects VPN as a feature of cryptography on the regular, and if you check some of the articles we're all greatly in favour of creating our own keys for this, salting them appropriately, and generally keeping pretty strict control over them. that having been said, if the idea of running your own open source router is a bit too much to handle there are probably 50 companies that will sell you a product like fortigate or juniper which are more than capable of VPN tunnels. outsource your 2-factor auth to yubikey.
full disclosure: I was a dreamhost admin for a while. they offer great service and products, and generally resist any request for information without a warrant. they fought back against SOPA, continue to fight against PIPA and generally run a pretty tight ship.
Good people go to bed earlier.
... is not interested in you ... unless you have done, or are doing, something that interests them. Now what might that be?
now we need to go OSS in diesel cars
I don't think complete hosting providers are a very good idea at all. I can see doing web/email in one place but putting all of your eggs in one basket with a single provider is never a good idea. You trade convenience for a single point of failure and that is just no bueno.
If this was a viable business model, someone would be doing it. Today, the extremes seem to be either a race to the bottom where everything is free or has zero margins, versus things so esoteric that it's hard to make a viable business out of them. Google has made a few things on this person's wish list a race to the bottom where no one could compete (e-mail, docs), and the others would take specialized skills (such as telephony). Businesses reward the providers who do things free or cheap, locking out other businesses who might provide a reasonably priced solution - but if no one is willing to pay for something Google gives them for free, it's not viable. As long as the business world rewards the race to the bottom, sustainable businesses aren't going to be viable.
Lot's of companies exist that do exactly that, but I think you're looking for a big nationwide (or worldwide) company. Look for local managed IT providers, lot's of them exist that do nearly all that you want (don't see many offering XMPP, as much as I would like it), heck in my small circle if IT friends, two of the guys own such companies. These guys exist to provide turnkey IT solutions to companies that don't have the abilities to do it themselves and I'll bet if you can drive enough business they would probably let you setup some kind of whitebox rebranding deal if you want your name on it.
Pluralitas non est ponenda sine neccesitate
Try sdf.org - they offer different memberships for very cheap prices. Perhaps you'll find what you're looking for, because they offer accounts with SSH, webmail, FTP, HTTP and they run a SIP service too.
Roll the insecure dot org here.
Microsoft does domain (Active directory), voice (Lync online), VPN (private site-to-site for your company network to your cloud servers, not sure about net access or client to server), web mail (Outlook online/hosted exchange), and some other stuff, like office and sharepoint online.
Lync can federate to XMPP servers I think. Not sure about private key, normal AD can do some of that, but I haven't tried the online version.
Now, I know people don't like MS around here, but if you want these services for your clients you might just go with them, especially if they run windows desktops anyway (Granted, I'd add a local DC in case their net goes down, but that's up to you)
In the open source world you usually have to put puzzles of packages together. I'd say start with the more difficult one and check if the hosts can provide the others. For example, I notice Zimbra has a list of hosts all over the world that provide their mail infrastructure already set up for you. If one of them also provides the rest you'd be set.
What actually is a complete hosting provider?
A close example is Google. Google provides email, web, webmail, domain, XMPP, VOIP, all available from a single gmail login and manageable from a web interface.
No, I do not want to just rent a server from someone else, and set up and manage all this stuff myself. I want to pay for it, but I would like some competition, I do not like to send everyone to Google.
I realize that not every client will need or want all these services when I first set them up. Some clients will only use half the services ever. But having them easily accessible to the customer from a single provider if/when they need them has real value.
"In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
I'll tell ya where they are.
They got out competed by companies that could afford good spam filtering. Hand holding the spam filter is a full time job for a small email host.
Then, you get the idiots that jump ship for fifteen cents less per box per month, that drives the price down well below what it's worth doing unless the whole mess is completely automated. Or, the customers that said they would set it up themselves whine about how much work entering forty email addresses really is.
And, as things got more sophisticated, now you have to host PHP full of security holes, be an expert at every goddamn widget in WordPress, teach the web tard that a fourteen meg background bitmap image won't be a good choice for his web page, and troubleshoot a borked database... all on three operating systems.
Now, a small group "doing hosting" needs to have deep expertise in about 100 different subjects when they have time to learn five of them, and each "customer" will leave when they stumble upon one of those non expert areas. All the while not lifting a finger to help themselves.
Oh, and the customers don't want to pay more than $5 per month for it.
The days of sticking up a server, setting up an account and knowing the guy buying services knows what he is doing is LOOOONG gone. And, that in turn caused the market to collapse into the big players that can gain from having an expert in every subject around and still make a profit.
I'll tell ya what the issue is, that your assumption that in TEN YEARS the industry didn't change drastically didn't set off alarm bells in your head when you typed it out for the summary. THAT's the problem. Thinking that in TEN YEARS the market won't change. In the COMPUTER industry no less.
Dreamhost was the closest thing I found so far. However, no VOIP, and no public-key server that I know of.
Or one provider from among the tons of VPSes out there. Linode (for example, not saying they're special) can trivially do all of the above.
They have homogenized the offering to a great exent. The packages are being dragged kicking and screaming away from the single box stack forget adding in anything besides web/email/database. Organic growth favors that single silo to start but then it's nearly impossible to move away from as you grow.
No sir I dont like it.
The point of the question was not to find an "NSA-proof" (as you said) hosting provider. The question should have asked for a provider that is not on the PRISM list, a provider that does not funnel data to the NSA by default.
Take all the money you are spending on your various hosting solutions and add them up. Imagine if you went looking for hosting and got that the price. Yeah, that is why.
If you need some very specific combination of applications and services (as you do) then you need to either combine several providers or just lease a dedicated server or co-locate your own hardware and run it yourself.
It is up to the user and the mail client to do the encryption. If your hosting provider plays any part in that they will need the keys and can therefore hand them over to others - or do decryption for others and keep the keys. Any way you look at it, end-to-end encryption requires that it be done AT THE END which means on your own machine.
If one host has a problem, you don't want everything you use to go down. That's why no host is stupid enough to attempt to offer every service to their customers. One outage of VPN is like whatever for one day. One outage of email, your website, parts of your domain, your VPN, and phones and you're leaving them for someone else.
Putting all eggs in one basket has always been a recipe for problems, if that one company goes bust / has problems / downtime then everything goes down. Even the likes of Google and Amazon get it wrong. Its funny when you see many different services effected by one companies down time. I personally prefer to separate out business critical services if I can.
Tim (http://tim.igoe.me.uk)
Computers are like Air-con, open windows and they stop working!
When you have a pi plugged into the wall...
“He’s not deformed, he’s just drunk!”
There is no right to privacy in the US Constitution.
Would the sort of privacy violation discussed here be comparable to a search of one's papers? If so, are warrantless searches deemed "reasonable"? If not, the Fourth Amendment guarantees the right of the people to be secure against such privacy violations. Otherwise, please explain why these privacy violations either are not "searches" or are "reasonable".
The NSA may be gaining access to some US resources in the post-PATRIOT act era, but its chief concern is, and has always been, foreign intelligence. If you think that moving your data overseas is making it safer from the NSA, open your damn eyes!
five relatively small bills looks better than one large bill, even if the five small bills cost more in the long run.
lose != loose
The NSA is *not* about finding 19 guys and a camel: it never has been. Recall they couldn't give a good answer to the question of who got nailed by the NSA's coverage. This after many years of this scanning taking place. Rather, the NSA is really all about finding *your* money, everyone's money, whether here in the US or overseas. Governments, particularly the G20, are in the hunt for taxes, hence they want to know everything about your life even when "you have nothing to hide". They broke the Swiss bank secrecy laws. The liberals may say that's good, but the reality is that this is more deflationary as time goes on because no amount of taxes will *ever* be enough, as a result, capital will be hoarded more and more to keep it out of the government's hands. That is just reality, boys and girls. They already have a requirement for 1099's for Amazon and eBay buyers and sellers above a dollar limit. Think they can't eventually track that down to the penny? Think they can't do something similar to Craigslist?
"Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
In Maryland... or Guantanamo Bay. Until you elect a government that decides privacy is legal.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
To OP,
I think you've got a great kernel of an idea in this question and I'm glad /. posted it up. Let's turn this into a high level RFP shall we?
First a bit of background:
I've stopped at every point along the spectrum of data ownership for my personal and business (it consulting (Known Element Enterprises) and mesh network non profit startup (Free Network Foundation) data:
1) most (legally and maybe physically, but that's debatable) safe option of running compute/storage/network gear at my house (in Los Angeles). Single grid/point of entry for power (run to a dedicated sub panel naturally), single net uplink (DSL, homed to the CO two blocks away, fiber to same CO available for me to cross connect if desired)
2) Using shared hosting at HostGator (while employed there as a Linux admin)
3) Using various VPS providers (MediaTemple while in Los Angeles and knowing numerous admins who built out the environment, HG while working there)
(previous two options were due to moving to Austin and not having a house like I did in LA). Started out with shared hosting, moved to VPS when I needed OpenFire,OpenVPN,Chili etc. Basically moving beyond simple PHP apps.
4) Having the gear that used to be hosted at my house placed into Joes DataCenter in KC MO and maintaining a fantastic relationship with them. I added Cyclades ACS48 and PDUs for full OOB access/management.
So I have firsthand experience with the full spectrum. From full management/control/legal protection, to fully outsourced managed hosting, to hybrid model (colo).
RFP framework
1) Willing to treat the hosting package as truly business critical and able to pay accordingly (100.00 to 300.00 a month base, reasonable per user/per month charge).
2) You want this to be a turnkey (ala Google apps) solution, with things like zero backup window, live migration of state in the event of failure, redundant switches/routers/drives etc. All very doable with ZFS, open source virt flavor of choice, x86 servers, 10/100 (2950 et al) Cisco switch hardware off the gray market (to keep costs down)
3) You want encryption of everything so that even in the event of a NSL, you'll be protected. You have some sort of key management system in place to handle the private keys that are generated. Look at startssl for an example of how they do things. They use client side SSL certs for all auth. It's quite slick.
4) You are OK with a single facility and remote snapshots (ie hot active/cold standby). (Maybe the hot site is in a reliable colo, the cold site is s3/ec2 with the various issues that entails).
You'll be willing to pay a premium for hot active/warm standby) if a particular client requires that level of recovery.
From the above, I'll let others expand this and see if the community can put an RFP together for hosting companies.
Charles Wyble System Engineer
Some MSP's provide all those services, for example, www.bendigotelco.com.au
What you need is contradictory. You want to hand out all your data to a single company and you want to be in control.
Want convinience : go with Google or Microsoft, or work with an intermediary. Want control : get your own servers. Want something in-between : keep doing what you are doing now with multiple providers.
End-to-end encryption have to be done within the client software. Webmail, for example, will almost never qualify.
As for the NSA, unless your business deal with state secrets or organized crime, they don't care about your data.
I started using Conspire Web Services (http://conspireweb.com) a little while ago, they seem to bundle a bit more together but not everything (I have a hosting / email & VoIP with them)
The website doesn't say anything about encryption but the service agreement does have provisions for subpoenas and the like, although at that point you'd probably know you're being snooped upon.
One thing they do offer is the ability to choose where your data is stored, so you could always pick an offshore server - but again, no idea whether they encrypt it.