The impact of this clear case of incompetence by the FBI is minor compared to what it could have been. A 1U Dell R610 can fit 96G of memory and two very fast 64 bit processors. You can fit 48 of these servers in a standard rack. Running VM's, that configuration could easily support 20 virtual machines per server (4GB/machine + OS) which gives you 960 websites per rack. And that assumes you need an entire machine for each website (no virtual hosts).
So the next time the FBI decides to knock over someone's rack, the impact could be a lot wider than a handful of sites.
US security agencies are becoming increasingly cavalier when it comes to seizing domains and hardware. This is becoming a significant risk for online startups like my company and the companies of other HN members. The suggestions here to mitigate this risk are not cheap. Setting up a fast enough link between data centers to have real-time replication is prohibitively expensive for most small companies.
I'd like to see legislation that lets us know what our rights are and that lays out a standard procedure for these kinds of data center incursions. I'd hate to see a cloud provider's rack get taken down in one of these raids, and I don't think any of us are happy about the government using our tax dollars to settle costly lawsuits caused by their own incompetence.
This is becoming a significant risk for online startups like my company and the companies of other HN members.
It's like a meteor strike: well reported, flashy, but very very not likely to actually happen to your site. How many websites do HNers collectively operate? How many have ever gone down because the FBI took their hardware? How many have ever gone down because, oh, the hard drive crashed? Because they pushed bad code live? Because they misconfigured a firewall? Because the hosting company had a network or power issue? Those are real risks for your business. (Bonus points: many interventions for these and similar issues fixes your FBI problem, too!)
In the event of a totally freak incident like this, you're probably going to have downtime and a day's worth of data loss, but recovery for most folks here is likely "Reimage the VPS(s) from the latest backup, hit the on switch, and change DNS records."
Sure, there are companies who don't care about a day's downtime, having to restore from backups and their customers don't mind if they're offline for 24 hours. I'd like to think that our company and many of the startups on HN are not in that group. I'd also like to think that we give a damn if another startup gets taken offline like this.
Asking "how people many have ever X or Y happen to them?" is downplaying the actual risk when obviously the risk has been increasing in the past year, half-year or so.
Yes, if you look at the risk of a US government raid on servers, domains, or what-have-you in the past 5-10 years, you can fairly compare it to a meteor strike or a "freak incident".
But things are changing, incidents and "collateral" are increasing, and if you look at just the past half year, you'll find it's gone from a meteor-strike level probability to a very small but definitely not dismissable chance.
That's not at all what he said, is it? What he said was, it's very unlikely that an FBI action is going to disrupt your site at all (and, that's true), and also that the same measures you must use to protect yourself from the altogether more likely event of a hosting company failure also protect you from FBI raids.
According to the 4th Amendment a warrant is supposed to:
"...and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
When they seize unrelated hardware they are clearly overstepping their bounds. I'd like to see the innocent parties take this to court and put a stop to this. We are far past the time when the FBI can claim ignorance as to how a colocation site operates.