Ok, so maybe I agree with that.

But one way or another. This statement...



... needs to be changed then since they are clearly not communicating openly.

_________________
If all else fails, reboot...
PHP Tutorials and MySQL Tutorials

Yes, they are. They communicated the breach to the world. That's open. To expect nitty gritty details about said breach is ludicrous.

"Somebody broke in" isn't, by any stretch of the word, 'open'.

Which is probably why they said quite a bit more than just, "Somebody broke in". Even if someone published a step-by-step guide to how it was done, included an HD video of the act being done - your Linode would be absolutely no safer than it is today. Instead of focusing on minute details that don't matter, what you should really be concentrating on is whether or not Linode took what learned from the event and did a full review apply ing what they learned to a) all the potential points you're not thinking about, b) all the potential points you have no clue even exist and c) how your own instances are configured and secured.

What did they learn? What happened in the event? Do a full review of what? Apply what?

How do you propose that we concentrate on something that we have no idea what it is?

_________________
If all else fails, reboot...

PHP Tutorials and MySQL Tutorials

They've already told you what happened, weeks ago. I don't think its a big stretch to say some of the recent enhancements were probably directly inspired by that event. You're berating this to death in my opinion, almost like you're trying to micro manage your service provider which is insane.

Unlike you, I refuse to speculate.

Also, I don't care about the details. I just want the part about "communicating openly" to be removed.

_________________
If all else fails, reboot...

PHP Tutorials and MySQL Tutorials

To use what both of you have said. If Linode was a typical collocation provider and had a break in where someone stole machines would that be good enough information for you? Would you want to know maybe how the thieves broke in, how they were going to prevent it from happening again and generally what is going on?

Lets take it in another direction. Lets say Linode is a managed hosting provider that uses a key to login to servers and that key was compromised and used to login to a server to steal data (this has happened at other providers). Would you want to know how they are going to stop that from happening in the future? How that key was compromised? Why was that key allowed in an area that someone can get to? etc?

By just dismissing this as a "vps/cloud" provider you have to trust you aren't being very realistic. Yes we have to have some trust that Linode will protect its' systems but at the same time we have to have the trust that there will be detailed communication if that trust is breached.

I believe in Linode and its' staff 100% and they are by far the best provider on the market for my needs but this could have been handled way better. It seems Linode took the playbook from Dropbox (blog post and forum post only) instead of being transparent (such as sending an email notifying customers), I'm no longer a dropbox customer because of what they did and there are ample alternatives. Linode likely wanted to reduce panic and general negative press but I think they have lost some trust of their customers. Stuff happens, thinks will break, attacks will occur and it is how they handle it that shows what type of company they are and in my book they have fallen short here.

The topic has been beaten to death and obviously communication isn't happening so you can either live with it which or vote with your wallet. I'm still happy with the service and I trust that Linode is working on the back end so I'll give them the benefit of the doubt. I trust every single team member there and they are some of the hardest working people I know. If there is another issue like this and it is handled the same way then I'll use alternative providers.

That's just not true.

This.

I don't get the problem here. They had a breach. They told us about it. They gave as much detail as was necessary to tell us what happened. Why people are going this lunatic crazy over it for more details is just bizarre to me.

_________________
Sandbox

I absolutely agree with you.



I gave up on page 3 of this thread because, quite frankly, these Linode fanboys simple do not listen to reason, nor any opinion other than their own.

(Flame me all you want. It's okay. I'm not here, nor will I be responding any further.)


Now, the Linode team has always been very responsive and I have always praised them in the past. However, with this issue, there has been no information besides the first status post. All requests for any additional detail (anything!) is denied.

What does this mean to mean? This means that the original cause of the issue is somehow embarrassing to Linode. This is why they will not release any information on what exactly happened.

By not releasing such information, I have lost faith in Linode. Had Linode released such information, I would have gotten a laugh, and said "We're all human. Life goes on. Thanks for letting us know."

Linode used to be my home. I had about a dozen clients on Linode. Now, it's down to about 5. I moved to a datacenter with my own dedicated hardware. I have moved a few clients as well. New clients will be placed on my hardware.

It isn't because I have dedicated hardware. It is because I can no longer trust Linode after this breach.

If the Linode team cares at all, they would respond to this thread. They respond to many others. Why is this thread less important?

Pot, meet Kettle. Kettle, meet Pot.

_________________
Sandbox

I've been partisipating in these forums on and off for about 8 years now, I've had various numbers of Linodes on and off during that time starting with a 80Meg UML machine. I've had very few problems and the ones I have had were resolved quickly. However I have to say the above comment is spot on. There are 'contributers' on this board that will quickly shout down any perceived criticism of linode or it's service regardless of the validity of the criticism.

IPv6 support was a good example, before IPv6 was deployed at linode and after it was deployed at many other providers anyone that asked for it on these forums was told they didn't need it and they were insulted for asking.

There were a few examples of people who canceled their accounts and didn't get a refund for the unused part. These people were soundly mocked for no good reason.

There was one chinese guy who got all frustrated at Linode wanting copies of the front and back ( PCI rules anyone? ) of his credit card and his passport. He was told he must be a scammer or somesuch thing on this forum based on nothing but his country of origin. Sad, that was a potential customer.

In this latest incident Linode screwed up, there is no denying it. No doubt Linode are doing everything they can to fix the situation but it doesn't not distract from the point that they did screw up. Yet the fanboys deny it, they make excuses, they try to derail any criticism.

These people are just a minority of forum contributers but they are vocal. I don't believe these people are sockpuppets. I believe these people just have a flawed view of reality caused by some kind of cognitive bias. I would not trust these people with a root account on any machine running anything I care about.


TL;DR - Linode screwed up, fanboys are unable to accept this so keep trying to derail this thread.

Did they screw up by allowing some Linodes to get compromised?

Probably (although if it was inside job, there's nothing that could be done about it).

Did they screw up by not providing second-by-second analysis, real-time video of the breakin, names addresses and birthdays of the criminals, and a full dump of the control panel source code?

No.

Do point out where anyone denied the issue in this thread or denied that there was a screwup. The only thing that's been posted of late is that it's ludicrous the way some of you expect linode to provide detailed instructions for how to hack their systems.