So their AUP is full of a lot of crappy policies. Not allowed to use all the RAM you're assigned. Not supposed to use all the bandwidth you're assigned. Not supposed to use all the CPU you're assigned. No crons or background services -- what the fuck? No IRC, TOR, or p2p activity. They have an obscenity/morality clause. Cannot do any webdev that uses custom headers -- would even suggest that running wget or curl with a --user-agent flag is in violation.
And they require a valid address and phone number to even register. Screw off.
Please note that in order to protect the integrity of
our cloud, Atlantic.Net verifies phone and other
contact information prior to account activation. Please
be certain to provide a working phone number where you
can be reached in order to avoid delays in the account
I get the impression they've reused this AUP from a shared hosting environment though, as banning CGI scripts, "chat rooms", and background services are not things practical to police on VPSes anyway but are commonly policed on shared hosting. Statements like "Any database stored on Atlantic.Net servers shall be limited in size to 50% of the total disk space allotted for a particular domain" seem to back up this hunch, since it's talking about space for a "domain" and not a VPS or server.
I think they need to improve their AUP as I'm not convinced that it's what they intend for VPS services, too much of it doesn't make sense for that sort of environment.
His right what?
I'm only making this jab because, like another user pointed out, there's an unprofessional amount of grammatical and typographical errors in your copy.
I respect you guys, and one of my friends has a bunch of cages with Atlantic. But not everyone has that connection or the wherewithal.
You mean "as another user pointed out" :-)
You mean "What?" :-)
You mean "an unprofessional number of grammatical and typographical errors"
That subsection is a morality clause, regardless of their explanatory blurb.
 http://www.gandi.net/static/contracts/en/g2/pdf/MSA-1.3-EN.p... (Note that this is the English copy of their rules, which is not binding. You are bound to the French version.)
The spirit of this is to avoid abuse on our cloud. If you don't feel comfortable providing us with contact information, we're probably not the place for you. I'm working on the AUP tomorrow, the cron/background services doesn't make sense or the RAM.
Why should I trust you with my information if you can't even handle your own?
What kind of abuse do you think it is preventing? How does it prevent abuse from anyone but the least motivated abuser? If I wanted to abuse your service, I could pay people $0.50 on mechanical turk to register accounts for me (indeed this is a fairly common low-skill-low-reward task on mturk).
I'm sorry but this plus the launch of your HIPAA hosting, which was also plagued by typos and wrong ToS, doesn't inspire any sort of confidence in your abilities at Atlantic.net.
LOL. You want to use 1 petabyte for cheap?
If using the service that Atlantic is offering is going to somehow bankrupt them, then perhaps they shouldn't offer it.
(I'm exploring the possibility of a new kind of service which requires each user to have their own private cloud server, with all the cloud servers talking to each other.)
This has nothing to do with me being untrusthworthy and everything to do with _you_ being untrustworthy. Work on changing my perception of you, or don't.
I ran nginx as proxy + one web app in a DO instance. CPU usage always < 2% for the whole system and serving 20-40GB of mainly html,js, css, json per month.
Do you consider the web app as background services?
Is it ok to expand my next server instance to your solution per your biz model/AUP?
web app is acceptable. Sounds like a great use for one of our servers!
Thanks to everyone who pointed this out.
Edit: Jesus the more I dig into this the more worried I become about what the hell kind of business you're running. Assuming you're on the only one to use the `mp99e99` handle with any regularity, I'm greatly concerned.
But that issue with background services or cron - for that price, that's exactly why I'd consider their service. May I know what might be the reason why they don't allow this?
Nonsense. There are plenty of cheap hosts that don't do that sort of validation.
>May I know what might be the reason why they don't allow this?
Either they copypasta'd a boilerplate AUP -- in which case they're inept. Or they don't know how to properly virtualize and manage those provisions -- in which case they're also inept.
And then their users run warez hosts and botnet slaves, which then get DDoSed, saturating their neighbors' links. No matter how well you virtualize and manage your provisions, if one user has caused your incoming 10G to be saturated on layer 2, there's not much you can do at layer 3 to QoS that.
Personally, the combination of "nearly free" and "personally identifiable such that there won't be people translating 'cheap' into 'good for one-off masks for illicit activity'" is a real selling point to me.
People who run botnet slaves large enough to get DDoSed by their fellow botnet masters are smart enough to own Voip numbers for verification. The verification keeps 12year olds off not really anyone else. But it also stops legitimate users from signing up.
well, you can blackhole the target. Essentially, you tell your upstream to drop all traffic to one of your /32s (the one being targeted) at it's upstream. It finishes the job for the attacker, which is sad, but so long as you are willing to lose the customer in question, it solves the problem for you.
For details of how to set this up if you are a he.net bandwidth customer, see:
nearly all other bandwidth providers provide similar facilities; there are a few other things you can do to make this sort of thing more robust.
But the point is that there are things you can do about incoming DDoS attacks... if you are willing to kill all traffic to the target IP address.
I mean, for most ISPs this isn't automated... in my case, my pager goes off; I log into my quagga box, and I start typing. So you still see downtime, and yeah, you want to avoid it. But there are things that can be done.
OVH's CEO, Oles, doesn't care about their big clients and happily changes the terms of their contract (in less than legal ways) to screw them. I'd rather not do business with them.
Source? Especially when accusing them of doing something illegal?
Look around their forums 2-3 years ago. Many of their HG and HGXL customers had their server's 10Gbps link limited to 300mbit, their bandwidth go from unlimited to metered, internal bandwidth change, their bandwidth go from ok to shitty quality (OVH's "volume" network). Similarly, if you had an entire rack of 10Gbps servers (SO ~5-8 servers) they limited the entire rack to 1 or 2Gbps.