Hacker News new | comments | show | ask | jobs | submit login

So will I get a nastygram if I buy 10 of these and push the whole 1TB every month?


So their AUP[1] is full of a lot of crappy policies. Not allowed to use all the RAM you're assigned. Not supposed to use all the bandwidth you're assigned. Not supposed to use all the CPU you're assigned. No crons or background services -- what the fuck? No IRC, TOR, or p2p activity. They have an obscenity/morality clause. Cannot do any webdev that uses custom headers -- would even suggest that running wget or curl with a --user-agent flag is in violation.


And they require a valid address and phone number to even register. Screw off.

    Please note that in order to protect the integrity of 
    our cloud, Atlantic.Net verifies phone and other 
    contact information prior to account activation. Please 
    be certain to provide a working phone number where you 
    can be reached in order to avoid delays in the account 
    creation process. 
No thank you.

[1]: https://www.atlantic.net/support/acceptable-use-policy/

In their AUP, they have headings followed by full explanations. Under their "obscene materials" section, they specifically only talk about child pornography, which seems fair enough.

I get the impression they've reused this AUP from a shared hosting environment though, as banning CGI scripts, "chat rooms", and background services are not things practical to police on VPSes anyway but are commonly policed on shared hosting. Statements like "Any database stored on Atlantic.Net servers shall be limited in size to 50% of the total disk space allotted for a particular domain" seem to back up this hunch, since it's talking about space for a "domain" and not a VPS or server.

I think they need to improve their AUP as I'm not convinced that it's what they intend for VPS services, too much of it doesn't make sense for that sort of environment.

Your right. I am going to work on this tomorrow, it was adapted from a prior business model. Thanks for pointing this out!

> Your right.

His right what?

I'm only making this jab because, like another user pointed out, there's an unprofessional amount of grammatical and typographical errors in your copy.

I respect you guys, and one of my friends has a bunch of cages with Atlantic. But not everyone has that connection or the wherewithal.

> like another user pointed out

You mean "as another user pointed out" :-)



> What.

You mean "What?" :-)


> there's an unprofessional amount of grammatical and typographical errors in your copy

You mean "an unprofessional number of grammatical and typographical errors"

Is there any chance to be able to pay with paypal?

Highly doubt it. The amount of hoops you'd have to jump through to get services with this guys is not worth it. The time I wasted trying to sign up for 10 of these cost me more than the cost of the servers.

Terrible experience.

We don't current accept paypal. But we're working on it.

If they borrowed liberally (ie copy and pasted) an existing AUP from some one else (typos and errors included) that doesn't even apply to their services, they don't deserve the ¢99.

That subsection is a morality clause, regardless of their explanatory blurb.

These kinds of policies are unfortunately commonplace and largely ignored. Gandi.net, which incidentally powers Amazon's Route 53 domain registration, requires that you agree to their "good moral standards" [0]. Gandi reserves the right to shut down your services without notice if, among many other reasons, they in their sole discretion deem you are doing anything deviant, you're not respecting someone's honor, or if the content isn't appropriate to each person's sensibility... where "each person" can be any of the millions of users you have using your services.

[0] http://www.gandi.net/static/contracts/en/g2/pdf/MSA-1.3-EN.p... (Note that this is the English copy of their rules, which is not binding. You are bound to the French version.)

Yuck. What other providers would you recommend that don't have such in their ToS?


The spirit of this is to avoid abuse on our cloud. If you don't feel comfortable providing us with contact information, we're probably not the place for you. I'm working on the AUP tomorrow, the cron/background services doesn't make sense or the RAM.

So you tried to launch this with great fanfare and couldn't be bothered to review your AUP? Or the copy in most sections of your site (typos, unmatched tenses, random spaces or lack thereof)?

Why should I trust you with my information if you can't even handle your own?

What kind of abuse do you think it is preventing? How does it prevent abuse from anyone but the least motivated abuser? If I wanted to abuse your service, I could pay people $0.50 on mechanical turk to register accounts for me (indeed this is a fairly common low-skill-low-reward task on mturk).

I'm sorry but this plus the launch of your HIPAA hosting, which was also plagued by typos and wrong ToS, doesn't inspire any sort of confidence in your abilities at Atlantic.net.

It's sad that nobody reads AUPs, not even the people who write (or rather, copy/paste) them.

> If I wanted to abuse your service, I could pay people $0.50 on mechanical turk to register accounts for me

LOL. You want to use 1 petabyte for cheap?

They're offering a Terabyte for 0.99 cents. It doesn't seem like too much of a stretch to assume that they'd be most attractive to people who wanted lots of capacity for a low price.

If using the service that Atlantic is offering is going to somehow bankrupt them, then perhaps they shouldn't offer it.

Upload rate would probably be restricted making it unviable as say a download server

Thanks. I just sent in a query about that to your support email. How would you feel about someone who bought a large number of $0.99/month instances, all of which had lots of network traffic with each other and were often compute-bound? Like the things one routinely does on Amazon AWS.

(I'm exploring the possibility of a new kind of service which requires each user to have their own private cloud server, with all the cloud servers talking to each other.)

Can't handle it right now; we just launched and we're limiting one per customer to try to accommodate everyone.

I don't feel comfortable sharing my phone number with businesses because I have seen what they do to my email inbox.

This has nothing to do with me being untrusthworthy and everything to do with _you_ being untrustworthy. Work on changing my perception of you, or don't.

Looking forward to reading the new one. I have been evaluating your company for a month now and had decided to move some sites over, however as your AUP is written they would be in violation (cron jobs).

this was fixed, cron restriction removed.


I ran nginx as proxy + one web app in a DO instance. CPU usage always < 2% for the whole system and serving 20-40GB of mainly html,js, css, json per month.

Do you consider the web app as background services?

Is it ok to expand my next server instance to your solution per your biz model/AUP?

yes, we're fixing the AUP today to remove cron jobs.

web app is acceptable. Sounds like a great use for one of our servers!

BTW, just checkout your price, features pages, like your medium instance features/price.


I'm about to get signed up and start recommending this to a few small business, I'll be looking forward to this change on the AUP. Thank you for your response.

thanks, its updated. Cron and a few other things removed. I think you'll find it acceptable now.

Thanks to everyone who pointed this out.

That's good... the cron job thing (which is bizzare by the way) is a show stopper for me but if that changes I'll be spinning up several servers for sure.

Who wrote this? Why did something about cron jobs even make it into the AUP?

Shared hosting providers often don't allow background tasks, so I'd guess that's where it came from.

Why does 'your' AUP contain the same errors present in an AUP written in 2007?


Edit: Jesus the more I dig into this the more worried I become about what the hell kind of business you're running. Assuming you're on the only one to use the `mp99e99` handle with any regularity, I'm greatly concerned.

I understand that with that price for providing a server, they need to do some user validation - thus the requirement for address and phone.

But that issue with background services or cron - for that price, that's exactly why I'd consider their service. May I know what might be the reason why they don't allow this?

> they need to do some user validation

Nonsense. There are plenty of cheap hosts that don't do that sort of validation.

>May I know what might be the reason why they don't allow this?

Either they copypasta'd a boilerplate AUP -- in which case they're inept. Or they don't know how to properly virtualize and manage those provisions -- in which case they're also inept.

> Nonsense. There are plenty of cheap hosts that don't do that sort of validation.

And then their users run warez hosts and botnet slaves, which then get DDoSed, saturating their neighbors' links. No matter how well you virtualize and manage your provisions, if one user has caused your incoming 10G to be saturated on layer 2, there's not much you can do at layer 3 to QoS that.

Personally, the combination of "nearly free" and "personally identifiable such that there won't be people translating 'cheap' into 'good for one-off masks for illicit activity'" is a real selling point to me.

They, apparently, own their own datacenters and tout HIPAA compliant hosting. If they can't deal with incoming DoS traffic at the edge of their network I would be concerned...

People who run botnet slaves large enough to get DDoSed by their fellow botnet masters are smart enough to own Voip numbers for verification. The verification keeps 12year olds off not really anyone else. But it also stops legitimate users from signing up.

>No matter how well you virtualize and manage your provisions, if one user has caused your incoming 10G to be saturated on layer 2, there's not much you can do at layer 3 to QoS that.

well, you can blackhole the target. Essentially, you tell your upstream to drop all traffic to one of your /32s (the one being targeted) at it's upstream. It finishes the job for the attacker, which is sad, but so long as you are willing to lose the customer in question, it solves the problem for you.

For details of how to set this up if you are a he.net bandwidth customer, see:


nearly all other bandwidth providers provide similar facilities; there are a few other things you can do to make this sort of thing more robust.

But the point is that there are things you can do about incoming DDoS attacks... if you are willing to kill all traffic to the target IP address.

I mean, for most ISPs this isn't automated... in my case, my pager goes off; I log into my quagga box, and I start typing. So you still see downtime, and yeah, you want to avoid it. But there are things that can be done.

When I say "QoS", I'm referring to the quality of service of the other tenants sharing that uplink until you blackhole the DDoS. From my perspective running a VPS slice, there are periods where my uplink just dies—and there's nothing that can be done to "smooth" these away at the hypervisor level.

I suppose there's always a catch, but no background services? Talk about useless...

If you need cheap bandwidth, OVH is better option. https://www.ovh.co.uk/vps/vps-classic.xml More memory, more bandwidth. If talking about DO comptition, Vultr is also worth of chekcing out. https://www.vultr.com/pricing/

I don't need cheap BW but if they're going to offer it, is it a real offer it a bullshit rope people in offer? I have 20-25 "real" servers and a handful of VPSs from (good) providers that fulfill my needs well.

OVH's CEO, Oles, doesn't care about their big clients and happily changes the terms of their contract (in less than legal ways) to screw them. I'd rather not do business with them.

> OVH's CEO, Oles, doesn't care about their big clients and happily changes the terms of their contract (in less than legal ways) to screw them.

Source? Especially when accusing them of doing something illegal?

They will make changes to your contract, which you can only read after logging into your control panel, which you can't do unless you agree to your contract. Putting you in the catch22 of being unable to read your new contract without also agreeing to it before reading it.

Look around their forums 2-3 years ago. Many of their HG and HGXL customers had their server's 10Gbps link limited to 300mbit, their bandwidth go from unlimited to metered, internal bandwidth change, their bandwidth go from ok to shitty quality (OVH's "volume" network). Similarly, if you had an entire rack of 10Gbps servers (SO ~5-8 servers) they limited the entire rack to 1 or 2Gbps.

Basically you'd be better using this for static pages hosting only...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact