[fweespeech]

> I'm gun-shy of Linode's many security issues, but hopefully this further drives down RAM prices of competitors. I'd love a $10 2G DigitalOcean instance.

To be fair, unless you are running critical infrastructure and/or processing things involving money...Linode's quality of security is adequate. (i.e. For hobbyists and small businesses that don't touch take payments but rely on ad revenue )

Security is pretty terrible everywhere in the hosting business unless you colocate your own stuff in a locked cage or pay the tier-1 vendors who cost 100% more than Linode.

[gist]

> unless you colocate your own stuff in a locked cage

How much is a locked cage really needed?

To me the risks are really someone messing with your cables and taking you off line, or accidentally pulling a power plug, which is QOS really. Not security. Can't remember when I heard of someone carting off a server or plugging in a cable to the console port (once they have gotten even into the racks and are on cameras) and doing any harm. Even if this does happen it seems fairly remote and not a concern unless you are really doing something so important that you need to lock up the servers. Sure price not being an object why not lock them up.

[panamafrank]

PCI compliance i think, also merchants wouldn't touch you with a barge pole if you don't have dedicated hardware... so no aws/gce.

[aroch]

Contemporary PCI compliance does not require dedicated hardware -- You can by PCI Level I compliant on DO, AWS and many other shared-infra providers.

Also, worth noting, since most places are integrating payments through, e.g., Stripe, the requirements on the gateway server are much lower.

[pfg]

You can definitely run PCI compliant infrastructure on services such as AWS. Stripe runs on AWS IIRC. Many (most?) AWS services are PCI compliant and using them won't prevent you from being PCI certified.