Slashdot Mirror
Ask Slashdot: Where Are the Complete Hosting Providers?
Kludge writes "In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
I think probably what's happening is that it's cost-prohibitive for a provider to train their staff to maintain all of the different packages that would be required to offer such a service, and a provider that offers VoIP generally has to have more quite a bit more infrastructure in place to offer any kind of reasonable service. The closest thing to what the submitter is asking for is probably a managed server provider, and there's no shortage of those out there, at varying quality/price points.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I'm a senior engineer at FireHost, and we can provide managed infrastructure and installation assistance for the things you've listed, complete with managed SSL VPN access for all your employees.
Again, this is an admittedly shameless plug, but it does answer the question.
Write failed: Broken pipe
My experience is that my ISP are nice to supply me a phone and broadband, with .. tada! email. Then further down the line I have issues witht their email service, and get told it is "not a business priority". Nevermind, VPN, and more advanced services. Repeat this scenario x1000 acrosss the majority of ISPs. And if you find one offering all the goodies, they more than likely don't service your area.
Go to any one of many providers that offer general purpose computers, and get one, virtual or physical. Then go to what ever software provider provides the OS and packages you need and get that. Then combine their powers for a remote arbitrary computing system.
Alan Turing came up with the great idea of a universal computer that could to what ever you need. Its a pretty good approach to this problem.
I don't. Few hosts have the brains and manpower to handle that many services at once. Pick the best for each one, and be glad that they're the best. Besides, if their data center is DDOS'd, you want all your services going down at once? Likely not.
Nobodies Prefect
Tidbits for Techs Technology Blog
I agree TFA has it wrong - there is a lot of competition going on all the time and the large amount of services that exists are good for most of us.
I can only guess that the writer of the TFA is lazy and not willing to search for the best suitable alternative. And if you want an all-in-one solution set up your own server.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Why do you think the NSA snoops on Non-US traffic more than it snoops on US traffic?
Really?
Frankly, if you are sending e-mail in the clear (and, unless YOU encrypt it - you are) - it is like mailing post cards from your holiday trips and expecting no one to look at the back of them.
I have mod points and I am not afraid to use them
...making data siphoning easy for the NSA.
I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories, and equally tired of the idiot replacement editors from Dice rubber-stamping submissions like this that even most bloggers wouldn't post. You wanna talk about hosting providers? Okay, let's talk. Obviously you are concerned about your data being intercepted and stolen.
Do you guys honestly think, for one second, that you can hide from these guys if they really want you? Any of you? This is the largest, most powerful government on the planet, with resources you could only dream of. Even businesses the size of Google can't keep them out; And if you believe any press releases to the contrary, you're an idiot.
The only way you're keeping your data safe is in a physically secured facility, with the computer locked in a faraday cage and with no access to the internet. Just about anything else and the data will be vulnerable at some point to a legal intercept of it. You can manage those risks, limit them, but ultimately, if they want it they're gonna get it.
So please guys, stop asking for NSA-proof [insert thing here]. There are only two defenses when your opponent has a half trillion dollar budget and you got twenty bucks and a cracker; Anonymity (ie, don't get on the radar), or don't do anything that would be interesting to them... or if you must, for the love of fuck, minimize your electronic footprint. Forget the credit card, the cell phone, the wifi-enabled anything. Go off grid, stand in the woods in the middle of nowhere, and then do whatever it is you're keen on doing without the government being aware of it.
There are no high tech solutions to this that are within your budget, ok? Just... deal with it already guys.
#fuckbeta #iamslashdot #dicemustdie
At this point, I think -any- thing surging over the internet is unsafe unless encrypted (and at this point, excessively). I don't trust ANYONE, US or non-US to keep their hands off my packets.
Anyone who believes that "Not much has changed" in webhosting the past 13 years is not paying attention. There has been *massive* consolidation and times are so rough for the small providers that we've gotten real good at having multiple legs to stand on.
Where I work, we now provide a number of different services as the age-old web+email+etc stuff is rapidly going the way of the dodo. Most people who want "the full package" also tend to have very specific needs and are better served with a VPS or dedicated server and even this market is strongly consolidating.
Hostgator... was purchased by EIG a while back (joining ranks with Bluehost, among others). It's just all that much worse now. While the support provided by Hostgator was generally adequate even in relatively recent history, forced migrations and a slew of bone-headed business decisions were made... and now their support staff is generally tied up coping with the after effects. They could have easily vanished into "The Cloud", but there is something to be said for dedicated hardware. When you sell support as a service (a full staff of dedicated support admins cost more money than one might think), you need to make sure your _product_ isn't being contaminated by the doings of the factory. Indeed, these hosting models are steadily approaching the brink of experiencing natural selection first hand.
Or maybe they are asking the wrong question.
Any CPanel install has a lot of that stuff in it (I won't say all because I hate CPanel/WHM and it needs to die a horrible death for the amount of extra manual work needed to prevent it from shooting itself)
The real question is "why am I looking for someone else to provide this when I can just do it myself?", the passive aggressive version of "everyone who offers this is too expensive."
I think not just consolidation, but specialization as well.
I've plugged them before because they've been great, but the main reason I decided on hosting with a company called Nexcess is because they fine-tune their hardware to run the Magento platform. For those not aware, Magento in its infancy was known to be such a terrible resource hog. Horror stories of people trying to run it on cheap shared hosting. To an extent, those horror stories still happen, but there have been some niche hosting providers that saw an opportunity to differentiate themselves and did.
When I have to get in touch with their support, they not only know their own hardware, they know the platform I am using. Having that specialized knowledge available was a godsend before we had the resources of Stackoverflow or the Magento SO beta site (not to mention my own knowledge that has grown about developing on Magento in the last five years).
The specialization is great in so many ways, but I think one of the drawbacks is you have less broad-scoped knowledge, and it just ends up as a bunch of so-so quality services instead of getting high-quality services from seperate providers.
Someone flopped a steamer in the gene pool.
So why *does* the NSA do that?
Because it's easier to store all the data now, and only access and analyze it when traditional investigative techniques identify a potential threat. It also eliminates the time wasted once a potential threat is identified going back and trying to reconstruct/recover/access data from many different sources. In other words, it saves time and resources; A counter-intuitive conclusion, given that most people look only at the costs and implications of gathering and storing all that data, but not very much on what happens after.
Nah, just arrest every hacker you find and don't give hackers 0 day exploits and you'll fix a lot of problems.
I'd prefer a world where people were only arrested when they've actually committed a crime, or there's strong evidence that they intend to. Mere capability is not sufficient to justify an arrest. At best, a knock on the door and "Can we come in and ask a few questions?" At best.
Don't you think we shouldn't *have* to ask? It's written into the constitution and the EU privacy right.
Actually, it isn't. There is no right to privacy in the US Constitution. And as far as the EU; They are a sovereign foreign power. The NSA has not just the mandate, but an obligation, to monitor foreign threats; Allies can become enemies, and when surveillance is pervasive and shared, it keeps everyone a bit more honest. And when it comes to international politics... dishonesty and rhetoric are pretty much the order of the day for everyone, allies or enemies.
What do we need to do to get the NSA to read the constitution, send it in an encrypted email to our kids?
There was an article not very long ago about a book published by someone who spent a considerable period of time investigating the culture of the NSA. His takeaway was that they do respect the Constitution. They also want to ensure as few Americans as possible become a part of some terrorist's political statement. Balancing these two goals is not so easy or cut and dry as internet pundits say.
"There are no high tech solutions to this that are within your budget, ok? Just... deal with it already guys."
Hah! you wish.
Actually, I do. I am not overly concerned with the NSA reading my e-mail or even keeping a file on me. It will not adversely impact my life in any meaningful way. As long as it continues to not affect me, surveil away. I am far, far more concerned with commercial interests accessing and misusing my data; There is little legal recourse to such activities, and it is readily apparent to me that no matter how unethical people claim the NSA to be, corporations are several orders of magnitude worse in almost every measure.
But unlike the NSA, I believe we can, with the budget and resources available to the average person, mount effective defenses against those corporations. And I would rather people start taking the threat corporations pose seriously, instead of pointing to the NSA like (a) they're the biggest problem and/or (b) we can honestly hope to accomplish anything against them.
Ultimately, it's a question of practicality. I simply don't believe that I can defend against an organization with half a trillion dollars in assets and an operating budget bigger than that of the majority of the countries on the planet. But by happy coincidence, I do not feel they are a threat to me in any meaningful way.
#fuckbeta #iamslashdot #dicemustdie
What actually is a complete hosting provider?
I don't get the question in the summary. It sounds like the guy is asking for a host he can pay that will automatically set up some arbitrary services that he's decided constitute "complete hosting"?
I don't really see how an ISP can cater to such an arbitrary definition when there's literally millions of different services an ISP could be expected to provide.
Isn't the solution just to get your own VPS or dedicated server and just install everything you want on it or am I missing something here?
Is there some defintion of "Complete Hosting Provider" whereby said provider to conform must provide the services the summary is asking for even though it's a rather obscure combination of things to provide on one host?
From what I can fathom the answer to the question is: "You are not the only person on the internet, different people have different use cases, no ISP could possibly cater to ever combination people may want, nor would they probably want to because it would require having experts in each of those millions of technologies to manage them all hence why they stick to their areas of expertise or provide you a blank server you can install whatever the hell you want to on". Unless there is some definition of "Complete Hosting" that encompasses only a fringe handful of available services then I can't see this changing.
The absence of competition in this area drives many to Google, making data siphoning easy for the NSA.
For me, I do not use any provider that has their HQ inside the United States of America.
And ... in order to retard NSA's snooping in my traffic, I deploy SSL forward secrecy on my sites.
Anyone who wants to know about forward secrecy please visit https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy to get more info
Muchas Gracias, Señor Edward Snowden !
to break this down:
email/web/webmail/domain/:dreamhost.com does all this, as do most hosting providers, already. shared, VPS and dedicated hosting packages have existed for a decade or more.
VOIP: is available as an asterisk appliance or a product you can buy and have serviced locally. why? because 75% of VoIP is the network. where to place PBX's, gateways, and how they interface with things like fax and voicemail are all critical things that cant just be boxed up and sold off a website like wordpress.
public-key: ssh-keygen i guess? do you mean SSL certificates? because thats covered by every major hosting provider. GoDaddy runs an authority, the rest just outsource it as part of their panel offerings.
XMPP: Dreamhost.
VPN: slashdot resurrects VPN as a feature of cryptography on the regular, and if you check some of the articles we're all greatly in favour of creating our own keys for this, salting them appropriately, and generally keeping pretty strict control over them. that having been said, if the idea of running your own open source router is a bit too much to handle there are probably 50 companies that will sell you a product like fortigate or juniper which are more than capable of VPN tunnels. outsource your 2-factor auth to yubikey.
full disclosure: I was a dreamhost admin for a while. they offer great service and products, and generally resist any request for information without a warrant. they fought back against SOPA, continue to fight against PIPA and generally run a pretty tight ship.
Good people go to bed earlier.
As the owner of a hosting company, that's the same impression that i got. He's asking for a grouping of products that don't naturally group together. When people think of hosting, they think of web, mail, and dns. They generally don't think of VoIP, VPN, or XMPP, or whatever the submitter expects to receive when he asks for "public key" service. It's nonsense.
Squash
I agree TFA has it wrong - there is a lot of competition going on all the time and the large amount of services that exists are good for most of us.
Plenty of competition in marginal profit realms leads to a string of failed startups. How do you know the provider you choose is going to last?
When our name is on the back of your car, we're behind you all the way!
What actually is a complete hosting provider?
A close example is Google. Google provides email, web, webmail, domain, XMPP, VOIP, all available from a single gmail login and manageable from a web interface.
No, I do not want to just rent a server from someone else, and set up and manage all this stuff myself. I want to pay for it, but I would like some competition, I do not like to send everyone to Google.
I realize that not every client will need or want all these services when I first set them up. Some clients will only use half the services ever. But having them easily accessible to the customer from a single provider if/when they need them has real value.
"In 2000 there were thousands of email/web hosting businesses. In 2013 not much has changed. To get my email/web/webmail/domain/VOIP/public-key/XMPP/VPN hosting I have to deal with five different service providers. Where are the complete hosting providers? The absence of competition in this area drives many to Google, making data siphoning easy for the NSA. Why has hosting not advanced in the last 10 years? Where are the hosting providers that make end-to-end encrypted email/web/VOIP/XMPP easy and automatic for all my clients?"
I'll tell ya where they are.
They got out competed by companies that could afford good spam filtering. Hand holding the spam filter is a full time job for a small email host.
Then, you get the idiots that jump ship for fifteen cents less per box per month, that drives the price down well below what it's worth doing unless the whole mess is completely automated. Or, the customers that said they would set it up themselves whine about how much work entering forty email addresses really is.
And, as things got more sophisticated, now you have to host PHP full of security holes, be an expert at every goddamn widget in WordPress, teach the web tard that a fourteen meg background bitmap image won't be a good choice for his web page, and troubleshoot a borked database... all on three operating systems.
Now, a small group "doing hosting" needs to have deep expertise in about 100 different subjects when they have time to learn five of them, and each "customer" will leave when they stumble upon one of those non expert areas. All the while not lifting a finger to help themselves.
Oh, and the customers don't want to pay more than $5 per month for it.
The days of sticking up a server, setting up an account and knowing the guy buying services knows what he is doing is LOOOONG gone. And, that in turn caused the market to collapse into the big players that can gain from having an expert in every subject around and still make a profit.
I'll tell ya what the issue is, that your assumption that in TEN YEARS the industry didn't change drastically didn't set off alarm bells in your head when you typed it out for the summary. THAT's the problem. Thinking that in TEN YEARS the market won't change. In the COMPUTER industry no less.
It is up to the user and the mail client to do the encryption. If your hosting provider plays any part in that they will need the keys and can therefore hand them over to others - or do decryption for others and keep the keys. Any way you look at it, end-to-end encryption requires that it be done AT THE END which means on your own machine.
When people think of hosting, they think of web, mail, and dns. They generally don't think of VoIP, VPN, or XMPP
See, I'd agree that his grouping is arbitrary, but thinking about it leaves me wondering why we group web, mail, and DNS together. It seems more sensible to group email, VoIP, and XMPP together. Web space and email really have no functional overlap, whereas you can benefit from integrating chat, voice, and email.
So ultimately, what he's asking my not be nonsense. We have many various hosted services, so why do we arbitrarily group some of them together, and not others? I think the answer is that we don't include VoIP because ISPs tend to lock that up for home users, whereas businesses want dedicated business solutions. VPN is more of a niche service, and most people don't bother setting up chat services because they're used to using AOL. I'm not sure why we don't find a better solution than having dedicated certificate authorities that charge ridiculous prices, but we haven't done that.
I think it's less about functional overlap and more about the core sets of things people want when they're looking for hosting.
Normally if you want a website, you buy a domain, and you'll want e-mail on that domain too so it all fits. Few people want XMPP and VOIP with that.
At least this is my experience, when I've gone looking for a host it's for a website (if I just wanted mail I'd use gmail or whatever). I also want an address to go with that. If I've got the address, I'd at very least like to be able to forward e-mail from it (e.g. admin@mynewname.whatever).
If a provider grouped VOIP, XMPP and so forth with my e-mail and had my web and DNS as separate things I'd go elsewhere because I don't want to end up paying for shit I don't need.
I'd wager it is the way it is because my experience is typical of the market - the money is in people looking for web hosting and a hostname and e-mail address to go with that so ISPs have optimised for offering that.
Almost didn't reply to this, as it is feeding the trolls. However, I'd just like to say that rumors of the hosting business' death have been exaggerated.
Squash
Absolutely. For business who actually have to compete (aka not your local cable provider!), you group services together that people *want* to buy together. Businesses who use hosting providers (meaning small to medium businesses who don't have the IT presence to handle it internally) by and large need the exact package of dns, web, and email. Some need an extra service here and there, and I'm happy to provide them, but almost everyone needs those three. Adding services to that would increase the cost to provide them, which would increase the cost to customers, and they don't like to pay for features they don't use.
Squash
Yes. EIG destroyed the last good hosting company (HostGator). I worked there for a year (pre EIG purchase), and have several friends who worked through the transition. I can't count how many times we migrated folks from Dreamhost/GoDaddy/*EIG companies to HG. Every single customer absolutely abhorred those companies and had always heard good things about HG and wanted to migrate. We focused on great service/uptime and we delivered. Pre purchase, we went above/beyond for each and every customer. We made everything work. For 3.00 a month, you could call a Linux admin and we would help you. 24x7x365. We never closed. I worked weekend graveyard (Wednesday to Sunday night), and helped countless US based customers with all kinds of off hours migrations (mostly on VPS/dedicated hosts, but also on shared/resell). I also supported customers all over the globe during their business hours. This was across a global data center footprint (sjc/lax/iah/dfw just in the US) on 10s of thousands of servers. We always went out of our way to never say no. I encountered a huge amount of highly intelligent individuals doing all kinds of things with our shared hosting. The VPS/dedicated customers were always fun to work on. Cpanel/WHM is actually pretty slick. Really it's almost an entire OS. Yeah it's Centos underneath, but it does all kinds of stuff on top of that. The backend CLI tools are quite nice. Post purchase, support went down the drain. EIG pumped/dumped HG and just IPOed. They force migrated everyone to a data center with horrible staff, network gear that was garbage, too little bandwidth etc. All to save on monthly hosting costs with Softlayer. They don't realize the economies of scale and horizontal growth model that was the core of HG business model. (We were adding almost 100 shared/reseller servers a week) Ah well. The 90s and 00s are over. It's all big business and horrible service now.
Charles Wyble System Engineer