I see a few people^W^Weveryone here talking about security. If you didn't read the whole blog post, you might not have noticed the new Linode manager that we're working on being mentioned. Check it out, it's open source: https://github.com/Linode/manager
If you haven't been present in other discussions about Linode security, one of the major factors (in my opinion) is the current manager. It's a large and old ColdFusion codebase, and it's hard to maintain. The new manager is backed by the new Python API and the whole system is significantly easier to reason about with respect to security. I think that the new manager should help ease some concerns, and it's going to be pretty great in other respects too. Hit me up with any questions you have, I'll do my best.
In other news, I run a bunch of Linodes myself and I'm stoked to see these upgrades, even though I get my Linodes for free ;)
Improving the manager is certainly a good step but there's a lot of work to be done to regain users' confidence.
Open sourcing the UI while keeping the actual portion that manipulates the data + handles authentication ( the API ) doesn't have substantial security benefits since its largely available to the end user already.
While I am sure you are correct that the rewrite in Python is easier to reason about and more secure, I feel the way you've presented it might imply it is secure because the source is available which is not the case.
And yeah, the Python API is much easier to reason about security-wise in general.
I have been with Linode for many years and have always been happy with the service. Thank you and thanks to the Linode staff for everything they do.
If there was one thing I would like to see come back, it would be the 1024 or 1536 nodes (1 or 1.5GB ram). I understand the overhead or scaling issues might not make it worth while for Linode, but I would be interested.
Also... ColdFusion! Awesome.
Why could there not be a $5 1 GB plan? I have quite a few instances for which I don't need even 1 GB, let alone 2.
Doubling the RAM is great but what about storage? Why is RAM and storage still coupled? It's a pay for what you don't use system, having to upgrade to a 24 GB, 8 core box just to get some decent drive space. Ridiculous.
I have been with Linode for many years now but it's lack for even some basic modularity will see me leave to AWS soon.
In 2013, the support started going downhill. Then there were a series of security breaches, with absolutely abysmal responses from Linode. I now expect to be off of Linode by the end of 2016 (mostly to AWS, with some DigitalOcean), even though in many aspects I still prefer Linode.
To be fair, unless you are running critical infrastructure and/or processing things involving money...Linode's quality of security is adequate. (i.e. For hobbyists and small businesses that don't touch take payments but rely on ad revenue )
Security is pretty terrible everywhere in the hosting business unless you colocate your own stuff in a locked cage or pay the tier-1 vendors who cost 100% more than Linode.
How much is a locked cage really needed?
To me the risks are really someone messing with your cables and taking you off line, or accidentally pulling a power plug, which is QOS really. Not security. Can't remember when I heard of someone carting off a server or plugging in a cable to the console port (once they have gotten even into the racks and are on cameras) and doing any harm. Even if this does happen it seems fairly remote and not a concern unless you are really doing something so important that you need to lock up the servers. Sure price not being an object why not lock them up.
Among others, OP (likely) isn't referring to your own box specific security.
and they had their own massive DDOS attack which went on for days last winter (dec 2015?)
Does any [Linode users] have any experience with them?
For a company so new they have a surprisingly amount of more features than Linode (eg BSD support, more data centers, dedicated instances, etc)
Note: I'm no way affiliated with either company.
Edit: adding clarity and intent. My edit is in brackets. I'm no shill :)
Linode I use as an rsync server, fossil server, and for IRC. It's running Arch Linux. I would like to run FreeBSD on it, but I didn't know you could when I got it. The Vultr one is a Postgres server running on DragonFlyBSD that I use as a database for various hobby projects. I experiment with various distributed computing projects with the two of them.
I'm very happy with both of them. I'd like to unify on one for ease of payment and maintenance, but I can't decide which. :(
Linode pros:
- Recently the $10/mo plan went from 1GB RAM to 2GB! EDIT: So apparently I should've read the link… that was what this is about. Thanks for the extra RAM!
- 4GB extra disk space (20GB vs 24GB).
- I like their management panel better.
- liXXX-YY.members.linode.com is an alias for your instance. It's much easier to remember than my Vultr IP.
Linode cons:
- I'm worried about security.
- Installing OSes other than the available images is hard.
Vultr pros:
- Custom ISOs are nice for those of us who vastly prefer BSD servers.
- So far no security breaches?
- May be slightly faster, but it's hard to say given the OS difference. I suspect it's just DragonFlyBSD being DragonFlyBSD.
Vultr cons:
- Web management is mediocre; Linode's is better designed and shows me more information.
- Young, who knows what their security is actually like.
- A little more expensive for what you get. I don't mind much though.
If any Linode people are reading this, I think I would settle on Linode _IF_ I can get some assurance about security practices. It's a nice service. I like you. It would be extra nice if you roll out some custom ISO thing eventually.
EDIT: Obligatory "not affiliated with either company". Just a dude that wants to host some place for his fossil repos, rsync, and Postgres server. One of these days I'll just maintain my own server on a Free platform (not Intel, not x86_64) and not use any VPS provider.
I hated everything about Ramnode, but I can't remember specifics. I stuck with Vultr after just setting up some storage instances because it was nice having everything in one spot. I've been able to host some wargames/CTFs as well because of the custom ISO support.
Seems like there's a lot of tinfoil around eye-level here; FYI not a shill and definitely accepting suggestions for other VPS with root, big storage, and custom os/iso options.
I'd say RamNode is also decent (they do very well in benchmarks) but their support, management and infrastructure is terrible. They were pretty heavily compromised (personal information, passwords etc. leaked) due to a SolusVM vulnerability and refused to remove personal information to prevent it being compromised in the future.
Their instance performance is better than DO in my experience, though I don't know how they compare to Linode.
Edit: Vultr has been reliable as well, but I've experienced a few outages (not lasting many minutes I think) in the 6 months I've been using them.
Overall I've been happy with it, the instance performs up to spec and has had only one downtime event over the year (was down for just over an hour).
Though I don't spend a ton of time using their interface or APIs, it does seem that they are continuously improving them and delivering helpful features.
- decent performance (both IO/CPU)
- custom ISOs (yay BSD!)
- elastic IPs
- plenty of locations (so far tried only NY and EU)
- good support
The migration took 2 minutes and 10 seconds, by the way.
1. Managed firewall service, such as AWS Security Groups. I really do not want to have to manage hundreds of iptables scripts.
2. Easy point and click, yet advanced private network management such as AWS VPC. Last I checked, I had to run OpenVPN on top of my Linode setup, which really was not ideal.
Have these things been improved lately on Linode?
On other front, Why is it the bigger the instance the small the "upgrade" discount. On lower level you essentially get double the Memory. On Higher end you get 30 - 50% only.
And any plan to upgrade to Xeon-E5 v4? I would love to see Compute and Memory Instances.
Now I will wait for DigitalOcean wishes to Linode! :p
