Thinking Considered Harmful

The Technical Musings of Aaron Meriwether

Goodbye Linode, Hello Hetzner

Security | Meta

Sunday, January 25, 2015


There’s an old saying in Tennessee — I know it’s in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can’t get fooled again.
-_George W. Bush_

A long time ago I used to run Linux on a beige box at home as a webserver and router. Over the years, the box evolved, eventually being migrated to a VPS.

At first, I used Slicehost, and was very happy with them for a while, but eventually they were acquired by RackSpace and shut down.

At that point, I migrated to Linode, but they never quite felt as dedicated to doing things “right” as Slicehost had been. Over the next few years, they experienced several major security breaches, and still have not been able to explain to my satisfaction how these came about or what steps are being taken to avoid them in the future.

Additionally, the recent Snowden leaks call into question the integrity of all US-based providers with regard to engineered and incidental back doors for NSA access - if a back door is a known part of the system design, how secure can you really expect the system to be? Germany may not be as anti-NSA as Bolivia, but they are certainly not as buddy-buddy as the UK

So after the most recent Linode incident, I decided enough was enough and that I should find a new VPS provider. One possibility was to use the French company Gandi, through whom I already manage my DNS, but their VPS pricing is not terribly competitive, and they began operating a US-based datacenter, which implicitly subjects them to NSA purview.

Then I cam across a discussion on Hacker News about European VPS options, and the offering from Hetzner looked promising: for the same price as I had been spending on Linode, I could get a much larger VPS. Account creation process went smoothly - they did request a photo of my ID before approving the account creation, but that was quick and painless via email. Server provisioning was not quite as fast as Linode, but not bad. Their management console is all custom built in-house, and though not quite as polished as Linode’s yet, is entirely functional. What it lacks in polish it makes up for in utility - for example, provisioning SSH keys from the web interface, including support for Ed25519 keys, which I am now using.

I now have both a Linode and a Hetzner instance up and running, and have cut over DNS already. If all goes well until the end of the month (end of the Linode billing cycle), I will cancel my Linode service entirely.

So, goodbye Linode - nice try, but you’ll have to do better to keep business these days.