Regardless of the truthiness of this blogpost, their ToS actually includes this gem (repeated twice actually, due to poor editing):
3.13 Subscribers may not use the Services in a manner that would violate the lawful privacy rights of any person, ... or embarrass, which shall be determined in DigitalOcean’s sole and absolute discretion.
So... if someone gets embarrassed by what you put up, DO just decides to take it down.
We try to provide the best cloud experience possible and part of that is following up on abuse complaints, otherwise we end up with blacklisted IPs and other issues that impact customer service.
There are occasional weird situations like this that come up and I would love to handle every support request directly but unfortunately that's not possible.
We've had to scale the support team to support over 100,000 customers and we didn't get the right customer support director on board till about 2 months ago.
We are constantly looking to improve our service in all areas and Zach is on top of it to ensure that all of our customer support staff get more training in how to better respond to customers.
However, the promise that I make is that if any situation ever arises in any way shape or form with DigitalOcean please contact me directly - moisey --- a-t --- digital0cean - and I will be on top of it as soon as possible.
Can you elaborate on "blacklisted IPs" for hosting content? For spam or compromised boxes, sure. For hosting a webpage that "embarrasses" someone?
At any rate, I have no way of knowing about this issue. It's just curious that DO would put embarrassment as a ToS violation. All sorts of stuff embarrasses all sorts of people. Might as well just put up "DO reserves the right to terminate your services, at any time, without reason."
If an IP continuously receives abuse complaints it is blacklisted by various services which can then lead to mail undeliverability issues or other problems which is why we are very pro-active on any abuse complaints that we receive and forward them to customers.
In regards to embarrassment it's about the intention of the statement which is to not use the service for a malicious nature. But we're more than happy to open up a dialogue about this and see if there are any amendments to the terms that are a good idea.
We'll push on getting more of our public content into github so that customers can provide feedback and provide rewrites of the terms that they feel capture the sentiment but perhaps clarify those terms better.
celebrity photos are huge, huge business. sites pop up all the time trying to monetize papparazzi shots and hosting providers have to deal with all sorts of fallout from anyone with a vested interested in the intellectual property or famous name.
these people do not give a shit about the streisand effect. they are going after their money.
So in that case DO receives a DMCA takedown, they comply, and let the customer deal with it? Or you're saying they file malicious lawsuits against the hosting provider and courts happily allow these suits to proceed and don't award fees to a neutral hosting provider?
We forward any abuse complaints that we receive to the owner of the account and ask that they handle them.
We try not to interpret the law as that is not our specialty of course, we are simply saying that we would like that customers use the service for a non-malicious purpose. But we're more than happy to open up a dialogue about this and make amendments if necessary.
Their lawyers have not yet taught them that decisions about content make one a content provider instead of a hosting provider, and all the wonderful protections in OCILLA/DMCA vanish into thin air.
I'm sure they will get that eventually. Maybe after they learn to scrub customer storage in every case (not just enough to sweep the issue under the rug) so that droplets aren't immediately compromised on termination.
In case that wasn't clear to you, DO puts their drive wear ahead of your data. There are still multiple endpoints in the API that will leak your data to other customers. They fix some cases of it every now and then, then revert without telling anyone once they see the impact on their SMART metrics. When sneak called them out they wrote an entirely fabricated blog post. That incident resulted in a published CVE in libcloud earlier this year but of course nobody gives a shit, throw more VC at them!
Would you like to elaborate? The only data-leak story I have heard about was that until recently, "scrub disk with 0s" was unchecked by default when a droplet was destroyed. Now that option is checked by default. What other concerns do you have?
I wish we wouldn't upvote stuff like this. The guy clearly bullied a random Google employee in a private chatroom into commenting on a subject that was totally irrelevant to his work, and then turned his comments into a biased character assassination post WITHOUT even telling the dude he was writing about him.
It sure seems like the author went into the chatroom looking for a story, and got the THINNEST of all possible stories ("Random Google Developer Has Opinions") and, in an effort to turn it into real news, colored it in the most negative way possible. It is profoundly terrible journalism, and the motives behind it are so ugly. This is not something that we should endorse on Hacker News.
The only story of relevance here is that Digital Ocean has a line in its TOS about not allowing "harassment or embarrassment", and they will enforce it if you do indeed harass a guy.
>The only story of relevance here is that Digital Ocean has a line in its TOS about not allowing "harassment or embarrassment", and they will enforce it if you do indeed harass a guy.
I think you are missing the real relevance here; that DO will use their own discretion to determine if your content is worthy of dissemination. You're right, it was terrible journalism, and a thin story. So what of it? Why should DO concern themselves with the content that isn't breaking any laws? What, precisely, is "embarrassment"? It was a no-name blogger posting a non-story.
>This is not something that we should endorse on Hacker News.
The fact that you say this explains a lot about why you have your opinion on DO and how things should work, and why I have mine. If this story is getting upvoted, it's getting upvoted. There is no "we", unless you're trying to curate opinion and create an echo chamber.
By accepting implicitly the facts presented by the article as facts, you are doing something called "privileging the hypothesis."
Say, for example, that there's an article about a "scientific study", claiming some strong conclusion (e.g. "pig hair cures diabetes.") The article goes on to say that the study has one data-point and no control-group (which is to say, basically, that it's an anecdote.)
To still even consider the study's conclusion as possibly true is to privilege the hypothesis. You didn't have any facts before. You don't have any facts after. And yet, your default has switched from "assume pig hair has no special properties whatsoever" to "assume pig hair maybe has something with a vaguely-medicinal use in it." You've updated on zero information.
Just as much as publicizing such a "study", it's irresponsible to put such journalism--sophistry, really--in front of other people, where it could possibly infect their defaults. Not everyone catches these things. Most people only read the first paragraph or two of things, and come away with impressions. These impressions, especially in the case of really bad journalism, can be directly opposed to the impressions they should have taken.
If we are a community here, then we should want to help one-another avoid bad journalism, and more importantly, avoid becoming swayed by whatever the bad journalism purports to report. We don't all need to think the same thing--but supporting a story just on the basis that other people support it, leads to pig hair being "signal-boosted" into notoriety.
Of I post a BS blog post about how DO is way more secure and reliable and cost-effective than AWS, and how AWS is a ripoff scam, will DO take it down to stop be from embarasskng Jeff Bezos?
There's a previous HN discussion[1]. My take personally was that the guy was a complete dick, and not worth defending.
Even if you take the stance that his ability to speak freely should be defended (which I agree with) I suspect his behaviour here indicates there could be more to the story. Plus he sounds like the kind of customer I wouldn't want to have.
Businesses should be free to choose who they serve (subject to some restrictions around bias against classes of people).
I kind of doubt this is about the golf angle so much as the creepy obsession the writer seems to have with this guy. Calling out some random Google employee and publishing his chat logs along with derogatory comments while seemingly looking to get him in trouble with his employer is harassment. I'm not sure why "Digital Ocean enforces its terms of service" is considered scandalous.
(Full disclosure: My only relationship with Digital Ocean is having been offered a free month of hosting with them once. Never used it.)
>I kind of doubt this is about the golf angle so much as the creepy obsession the writer seems to have with this guy.
Can you explain what you mean here? The blog owner appeared to be offended by the Googler's stance that he was taking in a public chatroom about Google policies so he blogged about it. How is that a creepy obsession?
People say things I don't like all the time. That doesn't mean I try to screencap off-the-cuff personal conversations, find their domain holdings, look up their home address through WHOIS and then create a blog to name and shame them. That is way beyond the pale.
That is an odd story, any idea who the author is? I find it hard to lend any sort of credence to an anonymous blog posting. Or did I miss some giant "this is who I am" link somewhere?
Yeah that sticks out. Author should have the courage to not be anonymous, especially for something silly like this. For all we know it could be a disgruntled Linode employee faking this or something. :)
But if true, I'm moving everything away to a more professional hosting provider. You don't just shut down a hosting account because of a single anonymous complaint. That's just a silly thing to waste your time with.
why not do both? I program, and have a small self sustaining micro farm. Just placed my order for 28 spring chickens, and 3 turkey's which will provide most of the meat for my family throughout the winter. I will supliment with fish and meat that I catch or hunt down.
I also have a vegitable garden which we can most of our food from or preserve in other ways. :)
If I want a chicken that tastes just as good as the ones I raise I have to shell out $20+ for a 6lb whole chicken.. Crazy.. I get it for about $1/lb.
I have a massive vegetable garden but not enough to survive off completely as we're in a London suburb so we concentrate on growing the expensive stuff (and potatoes because once we planted them they just keep coming up every year).
No need for envy, get some land and go to work! It's wonderful. Getting ready to tap our Vermont Sugar Maples for a bit of spring maple sugar production... Nothing like old time, home made, boiled over a open fire, Vermont Maple Syrup!
Seems very odd that both a "Googler" and a VPS provider would be naive enough to think that telling someone to delete a blog post "OR ELSE" would result in anything but the pasting of the content everywhere under the sun outside of google/DO's control to spread the word on how evil they were.
I guess it could happen, but wow.. its like trying to get Beyonce derp face or whatever meme removed from the internet
It seems odd to me that DO never bothered to make any kind of statement to counter this guy's claims (at least not that I've seen), especially considering how well-known this story has become. That tells me that DO is either guilty or doesn't care enough about their reputation to even so much as publish a statement to help ease customers' (and potential customers) fears/worries. That's enough for me to stay away from them.
Just because someone have not commented on something does not mean they are guilty. They might not know about it. Some people live in the real world, with a large latency to news, e-mail or social media outlets. Yeah, I know, it is strange.
The post made the front page on HN a couple of months ago: https://hackernews.hn/item?id=7016735. DO staff seem to spend quite a bit of time responding to threads on HN in general, so that would be surprising.
I also use them and in general like them but would add to this list;
* Can't add backups to an already provisioned node
* Undocumented "droplet limits" e.g. one day you'll click "Add Droplet" and it will say "You've reached your droplet limit, please contact support". They'll generally raise it after some basic security verification but it's a nasty shock since you don't find out about it until you need to provision a new Droplet, especially if you're in a hurry.
I too have been bit by the droplet limit. $60 credit (but no credit card) in my account, wanted to spin up a fast box to build a kernel, but I was locked out of the larger droplets. Never did get a straight answer as to why, just a suggestion to link a credit card. Oh well.
The second is if a customer signs up using Paypal we restrict some of the larger sizes, this is done to minimize the amount of fraud we have to deal with.
Unfortunately we deal with a high amount of abusive and fraudulent signups so we've had to instate a lot of automated filters and other updates to the user experience. It really sucks, but without it we'd have a lot more fraud which would really just make the entire experience worse overall.
In either case opening up a ticket will get either issue resolved.
Sorry for the inconvenience but if anyone is good at fraud detection and wants to help us to continue to automate it and make it smarter, we are hiring =]
In my case it was the paypal/larger size restriction. And to be fair to DO, once I had opened a ticket (and provided links to the company website, twitter, facebook, and reason for wanting larger droplets) they explained that adding a credit card to the account would allow me to spin up the larger droplets. I didn't want to bother my boss, so I just dropped it.
Didn't know it was displayed in settings, really useful, thanks. My suggestion would be that there should be some sort of notice on the Droplet list page if you're at your limit.
I suggest this because I've been using Digital Ocean for quite a while (several different accounts for different projects/ clients) and have never needed to look at that page.
The need for limits and additional verification makes complete sense, but it would be useful for it to be highlighted in advance (e.g. in an intro email or banner) so you can deal with it in advance of it becoming a problem.
Warning a user when their account is approaching the limit is better than telling them they've already hit it. Google does this with the free apps version - "this account is nearing the limit of 50 users" - and it's visible but not overly prominent on appropriate management screens.
My logs show increased break-in attempts after moving to Digital Ocean. Their IPs are hot targets for hackers, making it all the more important to properly secure my droplets, something I'm having a hard time doing in Linux. With Linux, it's lot of beating around the bush. Overcomplicated config files, a lot of disabling and removing of things one don't need, having to deal with a messy and outdated firewall. With OpenBSD, lo and behold I'd have one of the simplest, most secure and well-configured droplets the world has ever seen.
Yeah noticed that as well. First thing I do is (on debian), update packages and the kernel, install ufw (allow only 22), fail2ban, postfix and logwatch. Then setup a non privileged user, sudo, turn of root ssh and password auth and move to key based auth.
Then I can sleep/configure the rest of the system.
Been meaning to package this all up in an ansible playbook but I can't be bothered :(
I'd be using FreeBSD if they offered it. Much like OpenBSD it's a lot more pleasant for sysadmins!
It took me about an hour to put all of this into an ansible playbook. I think there are couple of examples out on blogs about this as well. If there is interest I'll share my playbook.
Writing this playbook paid off already for the second installation of the box.
The most I know about securing a Linux vps I picked up from this: http://feross.org/how-to-setup-your-linode/ . If there is an ultimate resource on how to start securing a *nix vps then please do let me know. If I knew what to search for I could but a lot of this is unknown unknowns to me.
Shameless plug: a small side project I did with my team at nodeSWAT [1]: CMify [2] - a web service to easily generate your ansible playbooks. Somewhat naive so far, if there is interest we'll extend it.
PSA: If you just update the kernel using system tools within the instance, it'll still boot the old one. (At least it did few months ago.)
The grub (or other bootloader) and kernels that are installed inside the instance's disk image are silently ignored and the vm uses a kernel stored outside of your instance's image. You can select which kernel image you want to boot in the control panel. The problem is that the kernels available in there are updated very, very rarely. For popular distributions like Ubuntu they can lag several months, for others it can get up to, say, _two years_ [1].
Since digitalocean "doesn't support custom kernels" it appears that the only way to use something up to date (and stay secure) is to write a script that loads a custom kernel using kexec. :S
edit: The fact that they use kvm (and that kexec works) which means real visualization but can't boot user's kernels is just very, very weird. The only technical reason i can think of is that they can't manage to make it work with their control panel. If that's the reason, then it's very worrying. (The "right" way is easier to code and it's the solution that you'd think of first and it makes custom kernels a non-problem, but they picked one that both has obvious problems and is harder to setup, i can't think of a reason why.)
Second shameless plug on this page: if running your own linux kernel or BSD is really important to you, http://prgmr.com can do that and we have out of band console access so you can debug why it's not working (I was having problems with that when I was checking whether some linux+xen bugs were also present on ec2.)
At this time we only support xen paravirtualization(PV) though, which almost, but not quite, all major distributions have. Notably we can't run 64-bit freebsd right now because they only have HVM support. I'd like to change that but it needs more testing first. Here is a partial list of distributions supporting xen: http://wiki.xen.org/wiki/DomU_Support_for_Xen Really any linux distribution with a modern kernel can be made to support it though as support has been in mainline for a long time now.
Actually, I really would love to use prgmr. The thing is, the price point is super far from Digital Ocean. Compare https://www.digitalocean.com/pricing/ to http://prgmr.com/xen/plans.html . The difference is a bit of a joke. If you're able to provide competitive pricing, I'd be thrilled though.
Yeah, I'm working on it. I announced upgrades to some of my customers several years back, and failed to deliver many of said upgrades, so I'm not going to give hard dates... but I recognize that competitive pricing is a prerequisite to the survival of the company, and I'm working towards that end.
As is industry standard, I'm upgrading existing customers (e.g. they stay on the same price plan, but they get more resources) before I offer those new price plans to the general public. I have maybe... 1/3rd of my customers upgraded to the plan I promised several years back (that has more disk and less ram than the plan I am upgrading to now.)
A big part of the problem is that I made a huge business mistake a year ago that cost me most of the money I would have used for upgrades. But, I've got a few options on the table, one of which is just consulting for a while;
if I go with used hardware, I'm within $50K of having enough hardware to upgrade everyone to "competitive, but not great" pricing. - that's maybe 3 months of full-time contracting work. Completely reasonable. Of course, used hardware is a lot like 'technical debt' - pay me now or pay me later, but it might make sense, just to get the monkey off my back. (That, and dealing with hardware problems is part of my core skillset; I can probably eek more reliability out of used garbage than most companies can.)
I'm talking 2-3x that for new hardware, which is a lot less realistic without some sort of loan or lease, something I should look into, but eh. I am thinking that used hardware until I'm competitive, then start buying new hardware once I start getting new customers on board might be the best way to go. The company is vastly easier to run when it's slowly growing rather than slowly shrinking.
I dug into this a while ago; I recall (but can't source at the moment) an eventual statement by the DO guys to the effect of:
1. their original "inject kernel into OS and boot from it that way" architecture was designed that way on purpose, so that users could downgrade kernels out-of-band as a way to rescue a bad upgrade;
2. but now they've got thousands of droplets configured that way, so switching architectures to something sensible will require either A. forcibly installing grub on, and restarting, every one of their nodes (not something people expect out of a VPS provider), or B. coming up with some sort of glue that can manage both the nodes expecting an injected kernel, and nodes that want to boot on their own, and providing a way to transition your nodes from one to the other.
Basically, it's a mess. A bit like the problems Heroku had with its Alpine stack.
Is it actually likely that someone would brute force a password? I always install fail2ban, but it's more just to stop bots from filling up my logs with junk and eating my bandwidth/CPU. Unless you use dumb passwords, the odds are phenomenally low.
I'm not sure, but I've come around to realize that it's always worth installing and configuring fail2ban just for the reasons you mentioned, if nothing else. I have a demo server that, for a while, was being hammered so hard by ssh brute-force bots that it kept getting knocked offline. I installed fail2ban and no more problems since. I personally can't recommend fail2ban highly enough.
fail2ban is based on the horribly flawed premise of correctly parsing arbitrary text logs from tons of different programs that wrote their log format without any concerns about parsing that output later. Not surprisingly there have been numerous vulnerabilities in fail2ban that let an attacker ban arbitrary hosts such as your DNS server, database, etc.
A better approach is something like pam_abl which is a pam module that will accomplish mostly the same thing but only for login attempts and without the crappy plain text log parsing.
I'm amazed noone ever mentions GRSecurity as must have. It will reduce the risks of an actual comprise significantly. Non-patched Linux is always full of rootkit potential.
Why would you use that over iptables? It's simple and doesn't require installing a package.
> There is a lot of functionality built into these
> utilities, iptables being the most popular nowadays, but
> they require a decent effort on behalf of the user to
> learn and understand them.
It's just a nicer interface to iptables. Instead of changing my iptables config file you can do things like 'sudo ufw allow 22' or 'sudo ufw allow http' for example.
You should still understand iptables but you do not need to config everything manually.
Simple is being able to simply say "allow all outgoing traffic and incoming traffic should only be allowed for HTTP(S) and SSH" and being able to figure out how to do it by just invoking "ufw --help".
Maybe someday I'll learn about iptables, I'm sure it's going to be worth it, but for now ufw does the job for me.
Indeed, it is. Even if you want to cargo cult that without understanding it, you might get bitten because running those commands again will not do what you expect, since they're not idempotent.
You will now reply telling me how to deal with this situation, for example if I want to now listen on a different port, or how I get FTP (or some other protocol that needs "-m state" to work. The need to do this proves that using iptables is more complicated that your example.
I've not played with iptables much, but when I do, I'm always struck by how easy it is to read rules, yet hard to write from scratch. This being said, a simple config like this is trivially googleable.
I think that's a little unfair... Your server needs to be hardened against drive-by SSH password guessing and similar nonsense regardless of how or where it's connected to the internet.
That is true but as per the poster above, I've seen 10x the attack traffic on a DO IP address so any zero-days and you're already herded into a predictable net block ready to be poked.
This is true for pretty much any VPS-only hoster, they all have well defined ranges and tons of targets to attack. I see thousands of attempts a day at Linode and hundreds at Leaseweb (dedi and VPSes) and DO. It's just part of doing business.
Rest of the world doesnt know I have ssh up and if I'm ever in a hotel or something I can tunnel through my home or login to DO's panel and allow another ip
Don't do that. I did that once and our static ip changed suddenly despite lots of money being spent on it. That was a painful day driving from London to Manchester for me to get to the console.
I could imagine this being quite dangerous, like being on holiday, there's a power outage, fire, ISP error, etc at home and no way to control your server.
I have essentially a static IP (A 'dynamic' IP with a 6month lease that stays the same on renewal and follows my account regardless of where I live), but you're super fucked if for some reason your IP changes. I usually set it to the /24 I'm assigned from.
Yes, they have issues with IPs having been blacklisted.
I ran into that in connection with MIPSpace. Large swathes of DO IPs are blacklisted by MIPSpace, which impacts my deliverability for a small double opt-in hobby list.
- Digital Ocean says they can't get MIPSpace to remove IPs.
- MIPSpace will only deal with me if I can get DO to add rwhois/SWIP for my IP
- Digital Ocean doesn't offer that feature (of course).
So I'm somewhat stuck there. Not as though things are going to be any better elsewhere on another cloud service, I suppose, though I never had these issues at AWS. But moving back would triple the cost of running an equivalent mail server.
Hopefully some of the funding here can be used by DO to actually clean up their IPs and manage the issues with the less reasonable blacklists like MIPSpace - who doesn't send abuse notices, and seems pretty capricious, from what I'm reading. Since DO are in the business of renting IP addresses, it would be good if those IP addresses were not usually on some blacklist somewhere.
MIPSpace is stupid if they think you can get SWIP from DO. This is not DO's policy, but the RIR. I seem to remember that for ARIN you need a /30 or larger of consecutive IP address space to qualify for SWIP. This may even be a /28.
So while DO is saying no, I'm wondering if it's because they don't offer the space required to SWIP the ranges. In addition to not offering the size, it would incur additional administrative overhead.
According to https://www.arin.net/resources/request/reassignments.html it's actually mandatory to provide whois tracking for assignments /29 or shorter prefix, and optional for /30 or longer prefix. I can't find any reason they wouldn't be able to provide it if they wanted to.
Their DMCA / Copyright / bad content process is horribly, horribly broken, and they will generally (where I think generally is the most polite way to put it) take the side of the accuser, even if that accuser is anonymous, or random, or fraudulently making the accusation.
How do you suggest that they would proceed, considering that the DMCA forces them to "expeditiously remove or disable access to the allegedly infringing material", on the contingent of being liable themselves for copyright infringement?
The dispute (counter-notice) and put-back procedures in the DMCA say that the provider can put the content back online if the copyright owner does not bring a lawsuit within 14 days. I don't see anyone in that thread saying they violate this procedure; all I see is talk about some 48 hours limit, which is definitively not in the law.
I have personally never been a customer of Digital Ocean, in large part because, having heard these stories, would prefer that DO at least mention the matter to me before terminating service or locking my account.
Knowing first hand that other providers handle the exact same scenario with ample amounts of equitability informs my decision that there's a better way to go about it.
Effectively, it's the kind of policy that would allow me to jokingly refer competitors to becoming DO customers.
I haven't seen any case law, but just looking at the text it certainly looks like VPS hosting can't be 512(a) in normal cases without an incredibly distorted reading -- the VPS hosts systems don't do "intermediate or transitory storage" of client data, they do relatively permanent hosting at the direction of the client, exactly the kind of relationship addressed in 512(c).
512(a) would apply to, say, an ISP that stood between a system hosting allegedly infringing content and those accessing it, not to the owner of the physical system hosting that content who allowed a third party to control a VM on the physical system on which the content was hosted.
> The DMCA prescribes a dispute policy, that allows the accused to refute the evidence provided by the accusers.
No, it doesn't.
The DMCA provides both a safe harbor for hosts against infringement liability (the take down notice procedure) and a safe harbor for hosts against any liability they might have for taking down content (the counter-notice procedure), but neither of these procedures are strictly mandatory, they just provide a liability shield for certain liabilities that the host may have had without them.
But most hosts have taken pains to assure that they have no liability in the latter case through terms of service, so there is little reason for them to be concerned with the counter-notice procedure.
If a host does not follow the entire OCILLA playbook in every case, unconditionally, across the board, the host no longer qualifies for any safe harbor whatsoever. Then it's open season on copyright violations. Think $400,000 per song style open season.
The real liability threat remains third parties, not customers, and disregarding the prescribed counter procedure is handing them the keys to the bank. If you see a host playing fast and loose with the rules, for example your content not being restored in 10 to 14 days after counter notice with no further action, it's time to go after their registered agent.
> If a host does not follow the entire OCILLA playbook in every case, unconditionally, across the board, the host no longer qualifies for any safe harbor whatsoever.
The 512(c) safe harbor rules are clearly written in a transaction-specific manner rather than the way you describe, and every case I've seen on them has focussed on whether they were followed as relevant to the transaction and not addressed whether the host followed them "unconditionally, across the board". So, I think your conclusion is wrong.
If you see a host playing fast and loose with the rules, for example your content not being restored in 10 to 14 days after counter notice with no further action, it's time to go after their registered agent.
Under what grounds? Taking down your content isn't violating your copyright. If they lose their safe harbor status, some future copyright holder could sue them, but I don't see how you could.
Call me crazy, but do you think filling these issues are probably part of why they're raising funding?
Getting ahead takes capital and i'm sure they're aware of what makes them inferior, you can't raise $37m without a good story on how you're going to use it to get ahead and win.
Do you actually have evidence of this or is this an off the cuff statement?
Having worked for some big hosts myself, i know how hard it can be to make changes once you have people using your platform. I suspect DO are in a similar situation and are looking to make a big leap forward with new growth leveraging their existing brand. I have no real evidence of this, but it feels like a sensible course of action.
No one likes giving up equity and taking money unless there is a damn good reason for it.
Amongst other obscure jobs I've been employed to dig people out of the crap many a time in the hosting sector so yes I'm pretty close to this sort of stuff.
Normally in these situations, much as they do with DO already with disparate DC capabilities, you deploy infrastructure side-by-side and slowly port it over from one system to another. Developing the capabilities isn't really a big problem even if you build it versus buy as the total developer / administrator / server ratios on these sorts of companies are pretty favourable to massive automation.
I suspect they really do just want the money. Either than or they've short-sold themselves as a bargain host and now have trouble generating revenue and will lose too many customers if they crank prices so they're riding the investor's crack pipes via hype.
The latter is all too common unfortunately. One of the UK's "leading" hosts I did some consultancy for in the mid 00's actually relaunched with just under 50 CentOS servers with shared hosting/cPanel stuff on them but priced too low. They got customers but not enough to pay for the cage. Spent a couple of months moving their shit into a single 42U and consolidating their billing and provisioning system. They're still around now and can pay the bills. I did it for cash - I wouldn't want the equity myself.
Ramnode absolutely sucks. I can pull maybe 100k/sec off them if I'm lucky from UK in their US and NL data centres which is abysmal. Cancelled my account the day after opened it.
Thanks dude, working on it and I'm really happy with the core after two years of building and testing. We've just finished building our own data centre, a nice steady influx of customers are buoying us up, and we recently hired two new developers to fix up our various front-ends. It's definitely looking more presentable by the week.
It looks interesting but as a potential customer, here are the my thoughts going through it (feel free to ignore me, I know you didn't ask):
- The site doesn't look good on my Retina MacBook Pro, mainly due to the extensive use of low resolution images for things like gradients and text (I don't understand that at all).
- Only pricing is in GBP, it'd be nice to have something else as a reference (a little "roughly $16 USD" in brackets would be nice)
- Straight up asks for my full address and phone number, without stating a reason why they're necessary or how they're used
- Takes me to a payment page and asks for my credit card number on a plain looking page served with a Class 1 SSL certificate (no organization validation) and again, with no indication how it'll be used
I was actually looking to give it a try after filling the address fields and phone number with "Nopenopenope" but lost it at the (subjectively) dodgy looking payment page.
A redesign and some explanations on signup pages would do you a lot of good I think :)
I actually like the Linode guys. They have been around for quite some time, and solid as hell. They don't have all the hipster devs talking about them as much, but I think they are more viable than DO.
Actually you can run custom kernels on DO VMs, in fact I have a machine doing that right now. In fact if push came to shove I reckon you'd even be able to get Windows to boot on a DO VM; it would be difficult but do-able.
I got FreeBSD running on by dropping into the PXE shell a while back. Didn't last past reboot, though: DO does some weird stuff to boot operating systems (maybe it wipes out the MBR every time?)
Got a $20 credit for my trouble (good PR!), and then promptly moved on to a provider that actually supports my needs.
1. Dependency on ColdFusion. Seriously that product is dead, poorly maintained and powers the entire front end. That's scary. Even more scary than PHP written by outsources from Elbonia. They got hacked due to this.
2. Billing system is take then refund credit rather than billing afterwards.
3. From my location their latency and throughput sucked even in their EU DC despite being only 11 miles from my house.
Regarding being potentially wide-open to exploits due to kernels being out of date, I would recommend installing ksplice uptrack (https://www.ksplice.com/). It allows you to apply kernel security updates without rebooting your machine. It's excellent, and I wouldn't consider running Ubuntu without it.
Resizing is our #1 issue with DO. The current quick resize adds cores and RAM just fine, but it's a one way trip.
It's not possible to shrink upsized instances like you can on Linode. On DO you can't even restore a snapshot or backup to a smaller instance size - you must rebuild from scratch.
I guess the right way to handle this is a configuration management tool, but this is a real pain since there is only local storage.
Yes, this is vital, but it's still not going to help you maintain existing data. A config management tool isn't going to fill out your logs, for example.
I really like these guys. It's really no-nonsense hosting, which as a developer, is exactly what I need.
I've been (stupidly) running my website, VPN, and e-mail servers all on a single EC2 instance, mostly because I had a bunch of AWS credits. I got some Google Cloud credits, so decided to move it there. I then realized that I'm spending $60 a month on a single instance, which despite having "free" money, is stupid.
I split everything up into Docker containers, and run them on Droplets now. Sure, I pay $5/month now for each server, but that's fine. One of the e-mail servers is for my wedding; I'll turn it off when I don't need it anymore. The interface for bringing up new Droplets is simple and clean, and lets me do exactly what I need to, no more and no less.
If you look at AWS or Google Cloud, there are so many available services that it can be daunting to get simple things going. I mean, it's not that bad, but once you've seen DO's interface, you realize how unnecessary a lot of it is.
I would still likely use AWS/GC for cases where I need to respond to changing load needs, which incidentally, is exactly what you're supposed to use it for. A DO + AWS hybrid infrastructure would be most ideal IMHO.
Agreed, as a beginner I found the amount of configuration that is needed to set up an EC2 instance to be overwhelming. After seeing DO's interface and how easy it is to spin up an new droplet I was hooked.
Its been a really great and easy testbed where I can test out new things I am learning. Now I can get a VPS running linux serving up webpages with apache in about 20 min. Add in the great price and I have been hooked for over a year.
With a little effort you can use the API[0] to spin up or destroy droplets. Sure, AWS and other services do that for you but I think this one of those cases where rolling your own isn't a crazy endeavour.
The reason I finally settled with DigitalOcean after trying AWS, GC, RackSpace and WebFaction etc, is it's stupidly simple interface. I start things with just a few clicks and few words typed and then it's just like I am in my good old Ubuntu terminal.
Though I run my low volume email server, VPN, proxy, ownCloud on one droplet and it works just fine - no load, no issues.
Completely agree with you, we definitely broke a few promises.
We ran into this problem because we were used to our development cycle that we had in 2012, but in 2013 our growth really took off and we spent most of our time working on scaling challenges.
That unfortunately pushed us back on a lot of different timelines. Now that we've grown the company from 5 people to over 50 and with this latest round we're finally catching up and able to move things forward at a better pace.
We are reviewing and reprioritizing our product roadmap this weekend and next and will be providing more updated timelines and also issuing more updates if we fall behind on the new estimates.
Fwiw....I love your interface and simple pricing. However, IPv6 is a deal breaker so I left. I understand things get busy... the problem isn't that ipv6 isn't available, it's that you didn't/don't communicate it. This makes me hesitant to become a customer again...
The other one that you really need to fix to access larger markets is having multiple users per accounts. Eventually you need roles as well, but just the simple fact of setting up multiple email accounts on one droplet account is a barebones necessity for any sensible customer that consists of more than a handful of people... According to a thread somewhere you announced that this would be done sometime in 2012, but it still isn't...
I've found that more often than not, this is because those who are constrained to smaller budgets tend to be personally invested in the success of their business where return on investment is of critical importance (i.e. small business owners).
DigitalOcean banned me because I was using their server to fetch chromium's source code so that I could git-bundle/rsync it's 12 GB mammoth of a repo and download it to the third-world country that I live in (my network connection is really bad even though it's the best money can buy). Apparently I violated their TOS. As long as they limit their TOS to such narrow purposes as hosting a wordpress site or doing straight-forward things, I don't think they'll get too far. With AWS, amazon doesn't care if I spawn out a 1000 node render farm, as long as I'm paying, it's all fair game.
> With AWS, amazon doesn't care if I spawn out a 1000 node render farm, as long as I'm paying, it's all fair game.
For smaller numbers of instances it's true that you can spawn whatever you want and use them for whatever you want, as long as you pay the stated rates. But for larger numbers of instances you do actually have to tell Amazon what you want them for, and your requested use-case "will be considered". You can't just spin up 1000 instances and pay the stated rate without getting prior authorization; the API will block new instances after a certain point. Here are the default instance limits: http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run...
Try Linode. Far better service in every way. I've done similar things on Linode (as well as used it for SSH tunneling to appear in a different country to reality), never a problem.
Second, it's integrated. Which, to me at least, feels much more natural than AWS where you rent a virtual server, and then a database separately, persistent storage separately... Because it's integrated, it's also simple.
And they have a datacentre* in Amsterdam. Even two of them, right in the heart of the European Internet. That means latency to their servers is not noticeable in much of the EU.
* Yes, yes, probably more like a cage or whatever they rent.
Correct me if I'm wrong, but aren't they a cloud provider? Ie. a bunch of machines connected into a distributed network, acting like a single virtual machine but with unlimited speed, memory and bandwidth, with the possibility of downtime completely eliminated, and where one only has to pay for the speed, memory and bandwidth one uses.
Aside from Google App Engine, no cloud services provider, whether IaaS or PaaS, gets even close to the description you're providing, and even GAE doesn't really.
That's true in the same way that double taxation is a concern when setting up a corporation. It kind of is, but it's really not.
Due to downvotes, I guess I better explain what I mean: Basically, EC2 provides instances where "if you restart your server you lose your data". You don't use those when that would be a problem for you, you use EBS backed instances which do not have this problem. Or you do it some other way. Point being, this is technically true but it's not really a problem in practice.
The double taxation reference refers to it being a somewhat common misconception among people that have taken a business class before that US corporations are "double taxed". IE, corporate profits are taxed, then your personal income is taxed. This is technically true but does not actually matter because you pay yourself a salary (which is taxed as income), but this is deducted as an expense from corporate income (thus not double taxed).
I don't get the analogy. With EC2 you either lose your data when rebooting, or you have to use network storage (iSCSI) which has advantages and disadvantages.
BTW, when I invest in a corporation, I do get double taxed. The profits are taxed at the highest possible income tax rate, then I pay 15% tax on the distribution of profits.
Of course if I work for that corporation, I opt to take the "profits" as a bonus. I pay all the taxes in that case, but at least there isn't double taxation.
I'll pick this comment out of the many to reply to rather than spamming - you do not lose your data when you reboot an EC2 instance. Local ephemeral stores are retained unless you terminate or 'stop' your instance - but a reboot is just fine.
"Local ephemeral stores are retained unless you terminate your instance"
That sentence makes no sense to people with no AWS experience. But if you give someone with Linux experience secure shell access to a DigitalOcean server they can hit the ground running.
If you shut down your server you lose the data that was stored on the local drives, no different to DO. If you shut down your droplet on DO you lose the data stored on the local drives (in fact DO now scrubs the disks on shutdown after a recent security screw-up). The only difference is that most folk on AWS use EBS storage (something which DO still doesn't offer) which allows you to have drives which can continue to exist after your server is no more and allows you to attach more storage without getting a bigger server.
It's not rocket science:
instance = virtual server ("droplet" in DO speak)
terminate = shut down
ephemeral store = local disk
An EC2 instance is just a virtual server so anyone who knows Linux, Windows, BSD or even Solaris can "hit the ground running" there too.
When you say shutdown are talking about issuing commands from the command line like 'shutdown now' or 'reboot'? Because with Digital Ocean you DO NOT lose your data when you issue those commands. I know from experience.
Terminate in EC2 is basically the same as the Destroy call of DO. In both cases you will destroy the data stored locally. Rebooting an EC2 instance will not result in data loss, same as DO.
I really appreciate your comment. I feel really dumb for not knowing that. I always assumed the worst. Want to reboot and instance to just check the init process?... can't do that on Amazon. I'll pick a different platform. I was way off base.
That being said, do they dump your instance if they reboot the physical server? I was under the impression that "Oh we want to upgrade they hypervisor kernel, your instance is toast", was fairgame/default on Amazon.
> That being said, do they dump your instance if they reboot the physical server? I was under the impression that "Oh we want to upgrade they hypervisor kernel, your instance is toast", was fairgame/default on Amazon.
Nope. In most cases, you get two weeks warning before a physical host is decommissioned. I've gotten as little as 24 hours (guessing it was a more significant than usual hardware issue).
When that happens, you can just stop the instance, then start it again. That moves it onto a new physical host. If you don't do it in the 14 days, Amazon does it automatically. No loss of data, and just a few minutes of downtime if your startup scripts are OK.
If you get a notification that your instance is going to get terminated - then yes, you can stop/start, but then you will lose ephemeral disks (but not EBS volumes). If you get a notification that your instance is just going to get rebooted, then nothing's going to get lost.
As I said above - the terminology can get hairy pretty fast. It's valuable to take stock of what you really need persisted, and what use can be made of 'scratch disks'. Local ephemerals are fast and cheap (included in the price of any instance). They come with the operational overhead of needing to rsync data off of them yourself if you want to retire that instance however.
No, not ephemeral disks. They're typically used for temp files, caches, etc., or servers you can afford to lose. EBS volumes are persistent and work just fine between stop/starts.
But there are a myriad of scenarios where booting to a AWS image, effectively a CD, is preferred. Having a non-writable filesystem is cool, where that non-writability allows for the saving of temp files and such, but if it were ever compromised, I would just reboot it, and it's exactly how it used to be. Even smarter, I would boot up another clean instance and take that one down, then remap the elastic IP to cut over.
For data that must be stored, I can use a EBS, or a database instance.
Like the grand-parent said, you pick what makes sense. Saying that ephemeral storage is a bad thing would be true if that were all they offered, but it isn't, and it ephemeral images are sometimes preferred.
A reboot doesn't cause you to lose data on your ephemeral storage. I think you mean "stopping" an instance and then "starting" it again (on another host), not rebooting it.
You are correct, that is what I meant, but I've taken to calling it 'rebooting' because all the intro-to-EC2 stuff I've seen listed their "how to reboot the instance" instructions as stopping and starting it, so I figured it's the appropriate vernacular, however incorrect it might otherwise be.
Double taxation isn't related to the salary you get paid but the dividends that a corporation pays out. A corporation pays taxes on income then when it pays it out as dividends you pay taxes on it again, hence double taxation. As far as I'm aware you are unable to deduct dividend payments from corporate income for the purposes of taxation.
You're right. But you're not going to avoid the stock market (where you might get paid in dividends) because you want to avoid double taxation. However, when forming a company for the first time, you'll hear double taxation cited as a reason you might not want to form a corporation. This is stupid because you're not going to pay yourself in dividends. Of course there are many reasons you might choose one business form over another -- I'm just saying that double taxation really isn't one of them.
Likewise, if you are deciding between digital ocean and AWS -- there are many reasons why you might want to go with one over the other. One of the reasons is not because you lose all your data when you restart a machine on AWS. I mean, look, I'm considering giving DO a shot for various reasons, but AWS losing my data because of some oversight in their service that DO has fundamentally engineered around isn't one of them.
In both cases, I'm not saying one is better than the other -- all i'm saying is some distinctions are subtly stupid to the point of being manipulative. As in FUD. That's my full thought process on this matter, I don't think I've got anything past that, haha
If you run a company and are paying yourself excess profits as salaries or bonuses, you are paying payroll taxes on that money. If you have a C corp you are paying taxes on that money as dividends. If you have a pass through entity of some sort (S corp, LLC, etc) you can avoid paying payroll taxes on distributions and also avoid double taxation.
Unless I'm missing something with AWS, what oversight in their system causes you to lose data? They are quite upfront and transparent that your data does not stick around unless you use EBS.
The IRS has been cracking down on people who use that loophole.... The doctor that has $50k in FICA earning and $200k in partnership distributions. Using that kind of loophole is playing with fire. You might get away with it for life, or might get stuck with a $250k tax bill at any time.
Isn't that only the case if you are paying yourself mainly via distributions? If you are paying yourself a market rate salary and taking any profits at the end of a good year via distributions would they frown on that? Assuming you have shareholders who don't work in the business (say family) I don't see how else you could distribute proceeds back to them.
The self-employment tax covers K-1 distributions, etc. If you're inactive (not actually working for the pass-through entity, only receiving profit distributions) your taxes are additionally higher on those distributions.
In summary: typical pass-through entity distributions are typically taxed as self-employment income and subject to the SET which attempts to recover the missing employer's half of tax payments. You cannot avoid all employer's half of taxes by taking them as distributions, and whomever told you that has misled you.
Now, what you might actually be thinking here, and would be correct, is that for those who earn less than a certain income (which would place them in the top tax bracket), the effect of applying all of those payments as self-employment income generally results in a lower tax rate than the corporate tax rate, and allows for deductions that companies may not have available to them.
Interesting, that's contrary to what I've heard from multiple sources (and pretty much all literature about the subject that I can find) about S-Corp distributions (again assuming you are being paid a market salary that you would hire someone at to perform similar tasks).
"If you have a pass through entity of some sort (S corp, LLC, etc) you can avoid paying payroll taxes on distributions and also avoid double taxation."
What you're talking about does not apply to LLCs, it is a special situation only related to S-Corps. Generally speaking, pass-throughs such as LLCs all distributions are taxed as self-employment wages, except under certain conditions.
Hmm.. question for u. Say I start a corporation, with just me and another partner, and I need to pay myself... So the revenue earned by the company that's paid to me. that's taxed once by the company. And then again by me as salary. No? Isn't that how it works?
Yes and no. What the other comments are ignoring is that the deductibility of salary paid to owners is capped, precisely to avoid the shenanigans they're trying to achieve (i.e., avoiding double taxation using the corporate form).
Up to a limit, your salary as owner is deductible to the corporation. Generally, the "safe" limit is usually the current SSI maximum wage. Beyond that, the IRS is very likely to re-characterize wages paid to owners as dividends. While this actually results in a lower (direct) tax to the owner, it usually results in higher taxes to the corporation, plus penalties and back interest.
Note that this is generally true for LLCs, S-Corps, and C-Corps, though the precise rules differ based on the type of entity. You'll definitely want to talk to a lawyer or accountant.
A company paying its owner $10mm in salary cannot deduct all $10 million. It could probably get away with paying a six-figure salary (fully deductible), but the rest would be re-characterized as a dividend and the underlying "salary" expense would not be deductible. At the numbers we're talking about in this hypothetical, the corporation would be treated as severely underreporting its tax liability--meaning the highest penalty rates, back interest, and possibly including jail time.
I'm a (moderately [1]) happy customer. But I have to ask, isn't this industry slowly turning into just virtualized hardware leasing? After the management tools commoditize, and I think there's a solid risk of that, isn't it just price and DC-location that differentiate?
And in that vein, wouldn't the winner in each area just be the one who bought their hardware the most recently? Instructions/dollar are still increasing on each CPU generation, but it'll take more than one generation for each machine to pay itself off. So, whoever is closest to the current generation pays the least per instruction, and can charge the least.
Or, maybe it's memory/bandwidth, which are mostly commodity, but slightly bottlenecked by the hardware (e.g, max on a motherboard, NIC throughput). Maybe the combination of prices in cpu, memory, and bandwidth leave enough variation between competitors to keep the field a little open? I donno.
[1] Modulo concerns about their ssh key management. I haven't looked after the last news ping on it.
> isn't this industry slowly turning into just virtualized hardware leasing? After the management tools commoditize, and I think there's a solid risk of that, isn't it just price and DC-location that differentiate?
Well, I don't think it's like aircraft or auto leasing. More like apartment or office leasing -- there's also a property management, maintenance, and operation dimension.
You're not just paying for hardware in a rack. You're paying for electricity, cooling, fire prevention, connectivity, and some level of uptime. i.e. You're paying for not having to worry about a bunch of stuff, so you can focus on your core business problems.
Even with standardized management software, at some point a human needs to go into a cage, or deal with the backhoe emergency. (OK, unless someday Amazon drones are deployed in data centers, instead of doing residential delivery. :))
Classic TC title "to Take on AWS"... Don't make me laugh buddy. AWS is probably more than 1,000+ people operation with 30 different products and a marketplace, support and ops teams. DigitalOcean is purely a VM seller with no cloud or storage features.
I've been using DO for about 5 months now, and love it. I still host my main websites other places (dreamhost, who, despite some issues, has been consistent in improvement, and is fair in prices), and I use DO for stuff like mumble servers, a few games, as a ssh proxy from less secure locations, and as some as a shared shell with friends for various skullduggery and fun. Very impressed with DO's service and price, but even more so ease of use.
My main issue is that I would like a hardening script, instead of having to go through each new one I spin up and lock it down.
Love DigitalOcean. Sorta sad they still don't offer OpenBSD though.
OpenBSD -- the world's simplest and most secure Unix-like OS. Creator of the world's most used SSH implementation OpenSSH, the world's most elegant firewall PF, and the world's most elegant mail server OpenSMTPD. OpenBSD -- the cleanest kernel, the cleanest userland and the cleanest configuration syntax.
The thought of OpenBSD developers doing any kind of marketing, honest or otherwise is amusing. These are the last people that would do anything other than simply letting the work speak for itself.
"At no time was customer data "leaked" between accounts. This would require that a user not scrub their volume after destroying their server; in this instance data would be recoverable and should be considered not sensitive."
For a long time, if you deleted a DO virtual machine, it would not delete your data by default, so that the next customer would receive it on the block device to be recovered.
When I pointed this out to them, after it caused me a few thousand USD in credits I had to issue to my customer (as I remediated DO leaking my customer's data (through my use of the service)), they maintained "there's no leak because we give you a checkbox".
There is absolutely no circumstance, checkbox or no, in which delivering my data on disk to another customer is okay.
After I made a huge stink about it, it ended up at the top of HN, and they switched to a sane default (scrubbing disks after a user deletes a VM). It shouldn't even be an option, but there it is.
Despite all of this, though, they continued to lie about the root cause: they were careless with their customers' data and trust.
It looks like they've hired some people who aren't dicks and have since updated the blog post with sanity. Nice to see, but still: be mindful of how these people conduct themselves.
That doesn't really say anything about the comment you're replying to. You can be happy with a service regardless of their honesty, especially if you're not aware of any dishonesty that's occurring.
Yeah, I still use them for throwaway stuff occasionally because cheap and I still have credit sitting in my account.
I won't top it up again but as long as you know they're somewhat dishonest and reckless with customer data then it's okay to use for stupid stuff like distributed builds or something (provided the source code you're building isn't private/secret/proprietary).
I am running these services in a $5/month DO droplet: dns [named], ntpd, httpd [apache], smtp [postfix], imap [dovecot], webmail [roundcube], vpn [pptpd]. It's taking 350MB off 500MB RAM.
Now after adding getmail to back up gmail I am now wondering what more I can do with it.
I had used it to setup a test server and had no issues -- FYI, the date on the article is today, but the original article has been available for a few months so perhaps the article has been updated.
AWS is a cloud service provider with a huge ecosystem of services. Digital Ocean is a VPS provider.
It's like comparing a harddisk manufacturer to Apple.
Even EC2 is barely an overlap, since EC2 is a computation unit in the convenient form of a (very ephemeral) virtual server, not the virtual equivalent of an actual, permanent server. (And you're going to be in a world of hurt if you use them like that.)
If you can scale your system using only 0.5 GB per node, you get more cpu per dollar since the 5$ and 10$ levels both have 1 cpu. Higher levels seem to be multiples of the 10$ level. Does anyone have experience with this in a production system with a lot of users? Are there horizontally scalable database systems that work well on many nodes with only 512MB each?
Most DB systems will be tremendously helped by having far more RAM than that to cache, and also usually by having fewer nodes than you get when only having 20GB total disk space per node.
The main place where I could see this being appealing would be complex analytic jobs (since they're more CPU-intensive), but even so, if on 512MB nodes it has to spill to disk because there isn't enough RAM (or transmit a bunch of data across the network because it split the job over two nodes) and on a bigger machine it didn't need to, you probably would have been better off with the bigger machine.
Despite generally rock-solid performance and uptime, I had a bad experience with DO recently. After experiencing repeated hardware failures on a node (with lots of downtime), I followed the advise of their support and did a snapshot and destroy of the failing droplet and immediately attempted to create a new one from the snapshot. It failed to build. I then tried to build again from the automated backup they create when a droplet is destroyed, this also failed. Support just did not seem to understand the issue I was having, I kept getting canned responses about doing a snapshot then building a new droplet from the image, so I gave up.
The entire site had to be created again from backups on a different VPS provider. Surely their system should be able to migrate any droplets off failing nodes automatically, I mean hardware failures happen right?
I use linode and was drawing comparisons between two:
1. 8 cores on linode is what binds me to it. Linode rules here
2. Digital ocean is cheaper than linode
3. More Network transfer in linode (minimum 2TB)
4. Digital ocean offers more RAM
5. Private network - Does not exist on Linode. Shame. DO Rules..
Rocksteady reliability, I've had zero unplanned downtime on Linode over 2-12 nodes in 5 years.
DO had lots of hiccups with it's networking when I tried them (though was over a year ago so ymmv).
Everything I have on Linode earns me money in one way or another so they pay for themselves, I currently have 3 nodes for a total of $60 bucks a month, DO I could do the same for $15 but really $45 a month is nothing compared to the cost of a machine going down even briefly (even if it takes me an hour to fix, I bill more than that).
For me Linode hits the sweetspot of price/reliability.
My experience (running ~7 machines in Linode's NJ datacenter) was that around once every two months I wake up with an email saying "we restarted server X due to emergency maintenance". It's not annoying enough to switch - yet. And EC2 has the wrong CPU/Memory ratio for me (too little CPU - Linode rocks here!).
"The company is also working on IPv6, load balancing and eventually storage."
Looking at the feedback from their user base, and even rom my own experience, different storage options would be way more useful than IPv6 or even load balancing.
It's been incredibly difficult to get an answer out of them on whether they pool bandwidth[1], which would allow you to just build your own load balancers on their smallish instances while leveraging the transfer included in the rest of your clusters.
Communication is my biggest issue with DO - I generally like their service but it's majorly frustrating when they just refuse to answer any questions about things like IPv6 (The best I could get out of them on that was 'Look at the UserVoice page about it' - which I already had hundreds of times over the years. Not really a great answer since the latest post by then from a staff member was something like eight months ago saying there's be a public beta in October which never needs up happening)
It's really just been a lack of people coupled with intense growth, till recently we've been well well under 50. We're working on it, and now we have money to add lots more hires.
How can storage be more important than being reachable?
Please be aware that some internet users only have native IPv6 connectivity, and that IPv4 addresses are becoming increasingly scarce, especially if you are setting up thousands if not millions of virtual machines, like DO.
I moved my personal Web hosting from another provider to DO a couple of months ago. I'm spending the same amount I was paying the other provider, and I'm getting a hell of a lot more for my money. (I have two droplets running right now, one with my Web server and mail, one running some network services...and I have plenty of capacity on both to do more.) Plus, since it's an actual VPS as opposed to shared hosting, I have more control over it. I'm kicking myself for not having made the jump earlier.
No Pooled Bandwidth
Networking and Route, as well as capacity need some work. Linode is much better in this regards.
No Custom Kernels
IPs Problem.
Still no deploy to different physical hardware by default.
No Private Networking on most of its DC.
And possibly many other small things i didn't mention. To me most of those are deal breaker. And my problems with them is that are not fixing or improving these problem quickly enough.
While Linode's SSD are quickly approaching, and has none of those drawbacks.
Oh, and I wish they'd use real industry terms, not stuff like 'Droplet'. That's just stupid.
Right now, anyone at all who aren't GoDaddy or Network Solutions are better than Digital Ocean. You get what you pay for (AWS excepted, who are price gouging).
No IPv6 is fairly serious. As is censorship to the point I wouldn't feel comfortable using them in case I angered Big Google at some point. Their general lack of HA and resource shortages make them look like amateurs.
So what if I use Linode? I don't work for them. I use two other providers as well. My 'vested interest' in them is limited to my VPS there running. I don't get a discount for pointing out DO sucks and Linode don't ban me if I speak ill of someone they like.
PS. Is a VPS host really a 'cloud hosting provider'? That term makes me think of overpriced individual services that aren't a self contained system, like AWS/EBS/their hosted databases.
I've never been cracked, and chances are I know/care more about security than the average user here. Either you've misidentified me or you're lying about me.
$37.2m on a $153m post? That's a pretty big chunk of the company to give up. Looks like A16Z is going big on these guys. They're awesome, so that's great news!
Most VC's want 20%-25% ownership. And DigitalOcean is a very capital intensive tech company, needing to buy/build machines, pay for electricity, rent rack space, and pay for bandwidth. Virtually all tech startups on the other hand just need to pay for writing software and renting said machines/hosting.
Its simple. It costs half as much as equivalent providers for their VPS. Or less than half in the case of AWS. And it actually works even though its so cheap. No matter how rich you are it just doesnt make sense to pay double or triple.
The question is, do you really make money on $5 a month servers? I don't know if they actually are. The costs are for support people and now large numbers of engineers.
The thing is with that much funding it doesn't really matter if their income is greater than expenses. They can continue for at least another few years regardless. During that time sane people who just need a VPS will take advantage of it.
My recommendation for DO's business model is simply to set a precedent and make it a policy that if you pay only $5 then you don't get any kind of free support. That is the only real cost that sticks. So I suggest having a few different monthly support options available starting at zero support for $0 and up. That is the main business issue a provider like this has is the conflict between the desire to provide good support and the need to keep unit costs low. And the solution is to separate support out. The main challenge to doing that is sort of a cultural/expectations/marketing issue.
Thanks for the great question. We are actually profitable on every virtual server that we sell.
The reason we raised our seed round is that our growth began to outstrip our ability to acquire hardware and grow the business at the rate at which our customers were spinning up more droplets.
The second round that we raised was again for the same reason. Growth has been completely unbelievable and we are humbled by the support that the community has given us. We thought that our initial Seed round would certainly be enough to cover our growth but quickly saw that growth was actually increasing so we made the decision to raise a second round in a rather short period of time.
We were immediately impressed by Peter Levine's knowledge of the space and we are super excited about having a16z on board as our partners. This round has certainly provided ample funding for us to continue to expand not worry that our growth is going to outstrip our ability to finance it.
I see from your site you're hiring for various positions, but currently all of those are listed as NY only.
I spent seven happy years working remotely as a system administrator, for a company listed in some of these comments, and wonder if this is something you've ever considered?
I know that payment issues and similar might complicate things, but I'm surprised there seem to be essentially zero remote-working positions advertised for a company that will have round-the-world clients/users/customers. (i.e. You're liable to get issues, tickets, and monitoring alerts round the clock.)
I suspect they make a fair bit of money from people like me, who are lazy and/or have full-time jobs, and have commissioned a server or three and never actually use them.
Mark my words these guys are gonna be huge. Sure they are lacking in a lot of areas (like bananas mentions) but thats why you get VC funding and hire a badass like Jeff Lindsay (http://progrium.com)
I'm really excited to see these dudes take on AWS with a higher-level and more performant platform.
Only tangentially related, but when did DigitalOcean redesign their website?
I think my initial dislike is due to it being changed, but there are tons of minor usability issues that I never noticed on their old website.
I'm happy to see a view for new articles in the tutorials database [0], but at the moment it doesn't make any sense. When I hit it just now, an article from 11 minutes ago is above an article from 1 minute ago. Not only that, an article on the 52nd page says "less than a minute ago". From clicking around, it seems like some process has touched every article recently and all those times, and how they are sorted, are meaningless. Also, at the moment the new and tending view gives the exact same outcome, at least for the first page.
We run our infrastructure on both AWS and DigitalOcean.
1) DO consistently beats the price performance.
2) DO has simple pricing model --> No ondemand / reserved instances
3) AWS is more feature rich but DO continues to add new functionalities like private networking and new data centers
Comparing DO to AWS is extremely disingenuous unless you're only comparing compute per $. Running in AWS, we get access to unlimited storage through S3, EBS volumes we can move between instances, a CDN, etc.
Digital Ocean is like the place with a bunch of servers in the garage. Yes, its cheap. No, I would not trust it to run my business.
I'm very interested to see how they think they can compete with AWS, considering Amazon's cost to acquire equipment and their AWS software engineering team.
You're right about EBS, however I kind of scratch my head over S3. Yeah, I guess it's integrated in the sense that you can access it from the same account, however, try creating an EC2 instance without a publicly addressable IP. You can't access S3 at all from your VPC, which makes S3 not usable in many use cases.
> however, try creating an EC2 instance without a publicly addressable IP. You can't access S3 at all from your VPC, which makes S3 not usable in many use cases.
I don't see the problem with this. Either give your EC2 instance in your VPC a dedicated public IP and configure the security group to disallow all inbound connections, or use a public IP that routes all traffic for your VPC and again, secure it with a security group.
We do this right now with our environment, as our application is heavily EC2<->S3 dependent. It works without issue.
My use case is different. I want to put data into S3, but want it only accessible on my instances in the VPC, none of which I want to have access to the outside world.
I realize many people probably don't have this particular need, however, I don't think it's completely unreasonable. Instead, I'm just mounting an EBS volume on an instance and running nginx to serve files.
> My use case is different. I want to put data into S3, but want it only accessible on my instances in the VPC, none of which I want to have access to the outside world.
Which you can still do, by using bucket policies/permissions in S3 (specifically EC2 IAM roles in this scenario).
I think we're arguing different use cases though. If your content is only used or getting served from one machine, EBS volumes. If you need to have it served to the world, available to multiple instances, etc, S3.
Must be nice to have your providers competing with each other. Everyone knows Bezos loves a good ole race to the bottom better than anyone. I suspect we'll see even steeper AWS price cuts this year in response.
I would love to see DO or Linode do a S3 type service as well. I prefer the persistent virtualization of DO and Linode to EC2 but also want to use a nice quick persistent file store that isn't on my own slice.
I could just use S3 from Linode but that would result more paid bandwidth and increased latency.
Rackspace Cloud has both persistent disks for VMs (on SSDs in RAID 10, so fast and reliable) and an S3 like storage system called Cloud Files. Sounds like that's the combination you want?
I don't know exactly what I have to implement to support SSHFS. But really in my mind a service like Reesd (or S3) is used through a networked API to read and write files, not through an exposed file system (although sure it can be exposed that way, just that it is not the "philosophy"). E.g. if you implement a music streaming service, you would access mp3 through say a REST API, not on disk, before streaming them.
While not suitable for production operations, my go to has been a random one man vps shop. I have used him for years, because it is the cheapest plan I have seen. I pay $20/year per server, which makes it an easy decision to add another one whenever an idea comes up.
No matter where I go, the prices don't get any better than they do in OVH. A 240 GB SSD (2 X 120), quad core, 32 GB RAM, unlimited bandwidth for just $60/month?
I've been using DO for about a year, and I've been mostly happy with it but that's because the project I run http://www.mybema.com doesn't receive as much traffic or active users as I'd like it to. DO has gone down far too many times in the last year for me to be able to be completely confident in them with a 100x userbase.
I use them for remote DC's (assia, EU, etc.) at $5 each.
Only their billing is a hot mess, mostly because they think it works and their customers are wrongly entering the CC #. For 4 months now, same problem and they have off-shore support that reads scripted answers. They just read the closest answer related to billing.
I am reading Ben Horowitz's book, and it is interesting to me that they made an investment into the same field as LoudCloud 15 years ago. Maybe they were just before their time.
* kernels lag terribly behind the distributions meaning you're wide open sometimes.
* can't resize or add storage
* no freebsd support or custom kernels
* VM availability problems. If you want to have another box, you aren't guaranteed to get one.
* no IPv6
* somewhat shonky security reputation.
* cant deliver to yahoo mail from their AMS2 IPs I've been given even after filling in numerous forms at yahoo.
Apart from that, they're the best hosts out there. I pick them over Linode, Hetzner and EC2 but not colo. Even at the price point they're at.