

Linode and the Google Cyber Attacks - markwalling
http://blog.linode.com/2010/01/15/linode-and-the-google-cyber-attacks/

======
donw
Totally unrelated to the article, but I've got to put my good word in for
Linode. I've never had such good service from a hosting provider, and frankly
for a (currently) tiny account.

~~~
rms
<http://prgmr.com/xen/> gets good reviews here, is run by a HN member, and has
the cheapest prices out of any VPS by far.

~~~
peterwwillis
_has the cheapest prices out of any VPS by far_

This is not accurate. There are many VPS's which are cheaper, many of which
have much greater capacity for the money. Some are fly-by-night scams. Others
have several years of stability with good support. Check forums and VPS review
sites to find the best match.

That said, I have nothing against prgmr or linode and would use them if I
needed a super-reliable VPS. (My main VPS is Linode, my secondary is with
Kerplunc Hosting)

~~~
rms
I meant cheapest per unit of RAM. Do you know of any decently reliable VPS
provider with cheaper prices for 256/512/1024 MB of RAM?

~~~
axod
Average website backends shouldn't really be limited by RAM unless you're
doing some really heavy lifting, or made some bad choices.

I'm more concerned about bandwidth. prgmr is close, but not quite as cheap as
linode when it comes to bandwidth.

Depends what your needs are though.

~~~
idlewords
That's simply false. RAM is the constraint of interest for plenty of single-
server websites that are running MySQL as a backend. You want a bunch of
memory for the database, plus enough left over to accommodate your web app.
That often means wanting a 2-4 GB machine.

Linode is something like $55/GB RAM per month, while prgmr.com is $14.

~~~
axod
2-4GB? wth are you doing?

I remember a post on here saying how hackernews was running on a new 8GB
server or something. There's no reason it couldn't run on a 200MB server
easily.

(Related: Is HN _really_ sluggish for everyone else as well? Like 3-4 seconds
per page load)

~~~
rms
If you really think you could run HN on 200MB of RAM, write a blog post about
how to do it and submit it here. I'm sure the community would like to know
how. I think your ability to write applications using minimal amounts of RAM
is out of sync with the median RAM use here.

~~~
axod
It'd mean writing in some 'un-hip' language. So I doubt anyone would be
interested in it here.

Using even 1GB of RAM for something like HN is just crazy.

------
staunch
I take it Google used Linode as a neutral/anonymous place to access stuff
from?

~~~
romland
I read it that way too. But I am still very curious where and in which context
Linode was mentioned in media.

~~~
glymor
_"The servers used in both attacks employ the HomeLinux DynamicDNS provider,
and both are currently pointing to IP addresses owned by Linode, a US-based
company that offers Virtual Private Server hosting. The IP addresses in
question are within the same subnet, and they are six IP addresses apart from
each other,"_

Quote attributed to VeriSign's iDefense security lab in
[http://arstechnica.com/security/news/2010/01/researchers-
ide...](http://arstechnica.com/security/news/2010/01/researchers-identify-
command-servers-behind-google-attack.ars)

------
tptacek
One article I saw implicated a Rackspace server in the attacker's side of
event. I presume that meant Slicehost.

If I was breaking into computers "off the clock", I'd probably look to just-a-
CC# no-questions-asked hosting providers (probably overseas) as my staging
ground. This is something new. Commodity virtualized VPS systems like
Slicehost are an awfully convenient way to launder attacks.

It's only been in the last couple years that VM slices have been so quick and
easy to buy.

~~~
mikeliu
Except to pay for one of these, you still pay via credit card, paypal, etc.
that links to real identifiable info. I was wondering why, if one of the
attackers instances were discovered by google, they didn't just hand it over
to the authorities and have them get a subpoena for the account info? or maybe
they did

~~~
rms
If you can stage an attack like this, you can steal credit card numbers or
phish your way to a Paypal account

~~~
tptacek
Not that it matters (I'm sure if they're actually paying for VM's they're
using stolen cards), but you can trade cash for anonymous credit card numbers
in a number of places. Simplest example: Google "Vanilla VISA".

------
polera
Linode is great, indeed. I'm a fan of <http://arpnetworks.com> lately, though.
Great service there too, and a good product for a good price.

