[yomism]

My plan is to keep saying this on Starfighter threads, just in case there are people who have missed it. Take my advice or leave it: Please don't use Starfighter. If you are using it now, make immediate plans to switch. If you have friends who have used Starfighter, tell them to switch.

Feel how dickish this sounds without giving any reason whatsoever?

Please explain why.

[pen2l]

For whatever it's worth, I decided to get linode oh so many years ago because hdm, the security guy, very warmly recommended it to me. Indeed, a lot of very high profile security folks love linode (nmap.org/sectools.org is a good example).

Anyway, personally, I choose to still stick to Linode because their customer support is extraordinarily good. I'm speaking about my experiences in the last 5 years.

Concerning their handling of ddos attacks - I think with this changes made things should be much better.

[tptacek]

I might have recommended Linode "oh so many years ago" too.

I think you should ask HD and Fyodor again what they think about Linode in 2016.

[pen2l]

The fact that nmap/sectools is still in fact on Linode, right now, the fact that moxie still uses it, as well as jacob and other superstars are using it in 2016 isn't a testament to what they think? And, I think hdm still uses linode for a lot of things. So do many other security folks I hang out with.

I really think that if it was some other VPS, they could not have done much better. You remember the outages that Amazon had? It's just a matter of fact the way I see it, these attacks happen. We learn from it, resilience is built. Until a new type of attack takes place, and then the process repeats. I understand that uptime can't be 100% all the time -- the 1 or 2 days it was down in 2015 was an inconvenience, but not totally unacceptable. I also understand that if you're against very determined attackers, it's pretty tough. How will any of the other VPSs fare when the attacker happens to have an 0day or something?

By the way, I noticed a few years ago that bitcoin-related startups were likely to use Linode. That makes linode a huuuuuuge target. I really don't think that if it was some other VPS in the crosshairs, these determined attackers could have been stopped 3 or 4 years ago with the ferocity and resourcefulness they seemed to be equipped with.

[ryanlol]

> I also understand that if you're against very determined attackers, it's pretty tough.

You know what makes it even tougher? Using COLDFUSION in 2016.

[workitout]

I ask myself and myself says Linode is the best of all I've tried, which is many. So thanks for your wonderful insights but mine are better for me.

[ryanlol]

There's a pretty clear difference here.

Saying that would make you a dick.

The linode comment doesn't make tptacek a dick.

Why?

Because it's trivial to figure out why he's saying that by simply typing "linode" into google, but as of right now googling starfighter doesn't immediately bring up any reasons to avoid them.

Edit: Didn't mean to imply that parent was a dick.

[pyre]

> Because it's trivial to figure out why he's saying that by simply typing "linode" into google, but as of right now googling starfighter doesn't immediately bring up any reasons to avoid them.

This doesn't mean anything. I could get horror stories about any cloud service provider via Google yet we're only being told not to use Linode. Providing some context makes all the difference.

[tptacek]

For the love of God don't host your apps on Starfighter.

[cfcef]

But think of all the efficiency & security by obscurity I would gain by implementing my apps in AVR assembly! Plus it'd be hosted in the cloud.

[jvoorhis]

Weird machines as a service?

[nothrabannosir]

I don't think it's appropriate to throw around insults and claim jfgi when someone asks for a mordicum of clarification.

If you can't even manage one small teensy link, what respect does that show for your audience?

The only value comes from the ptacek brand, and the trust I have in him through context. But that's generally not a strong foundation to build an argument on.

To be clear: I trust him, but it's not his best post. And op was not out of line for speaking up.

Edit: sorry ryanlol I didnt mean you, but tptacek. It was perhaps too strongly worded. Didn't mean to attack anyone, just wanted to show support for yomism's point.

I consider myself a HN regular, but I dont read everything. Linode posts I subconsciously skip, as they don't interest me. This was honestly news to me. "Incomplete information", I believe that's called ;)

[ryanlol]

Who's throwing around insults? I specifically edited my comment to make sure it's not misinterpreted.

There's links elsewhere on this thread and Linodes security fuckups are a recurring subject of discussion on HN

[tptacek]

(1) "Mordicum" isn't a word in English, though it should be, and it is in Latin.

(2) Nobody is entitled to detailed comments from anyone on HN, and keeping comments terse simply isn't disrespectful.

I appreciate that it is annoying to have to make decisions with incomplete information, but that's life.

[dikaiosune]

I'm not sure what role spelling critique has in a conversation about technology providers, but to your second point I do think it's reasonable to expect that in public conversations claims be substantiated to a degree relative to their contentiousness. No one expects evidence or citations when you claim that good security is hard, but it's not so crazy to hope for even a respected member of the community to back up a stark claim. At the very least it's reasonable to ask for substantiation - whether or not the original commenter is comfortable discussing details.

[tptacek]

It's not a "claim". It's free advice. Take it or don't take it.

[psykovsky]

Good advices are rarely given, but sold...

[yomism]

I was going to apologize for using "dickish" in my answer before but seeing this you fit the definition perfectly ;-P

http://www.urbandictionary.com/define.php?term=dickish

I have read the horror stories thanks to ryanlol's posts but next time please post a link if you don't want to waste time re-explaining. Let's use the HTML powers!

[yomism]

It's dickish saying that without explanation. Like this it sounds like baseless smearing.

If he argumented the reasons before he could had just put a link. Sincerely, it's too much to ask?

[hobs]

To be honest, the number of "linode screwed up" posts on hacker news the last few years would be educational to you, and if I remember correctly, ryanlol even got a slap on the wrist due to one of those situations.

At this point, I am bored of people asking for citations on hacker news for things that are should be part of our tribal knowledge.

https://www.google.com/search?q=linode+hacks&ie=utf-8&oe=utf... About 2,810 results (0.34 seconds)

[yomism]

Tribal is the right word here with all the blind faith in medicine men and cargo cultism.

[hobs]

I meant it in the way of shared knowledge, just like we all know how to bypass a NYT filter, or that someone is going to complain about the lack of native scrolling in an article, especially on a Show HN.

I definitely agree that there is a huge amount of that type of thinking on HN (of course), reading the amount of people who used github but didnt know the different between it and git and were commenting today was a personal education.

[workitout]

I changed "linode" to "aws" in your link, very interesting results came up in Google.

[ryanlol]

Notable is the lack of any mentions of actual instances of AWS getting hacked.

[klibertp]

There was a link, you just missed it. It's labeled "tptacek" and links to this page: https://news.ycombinator.com/user?id=tptacek

Of course, you can judge it differently, but following that link convinced me that the claims are probably not "baseless smearing", that it's a well-intentioned advice. Just from the link itself I wouldn't know on what grounds tptacek came to his conclusion, and I wouldn't heed his advice without further research, BUT I'm 99% sure that if I researched I'd find many well-documented arguments in favour of tptacek opinion/advice. I'd even bet on this: you say it's baseless, I say I can easily find the reasoning and arguments behind what tptacek said. Want to bet?

Oh, by the way:

> Sincerely, it's too much to ask?

Let's turn it around: a person with a lot of experience offers an advice on the matter he's experienced with. Is it too much to ask the readers to first, at least, google a bit before commenting? Why do you think you are entitled to receive even more of that person's attention and time?

[tptacek]

(1) "Argumented" isn't a word.

(2) I'm comfortable with the fact that my suggestion sounded "dickish" to you, whatever that means. It is meant seriously, though.