Hacker News new | past | comments | ask | show | jobs | submit login

As someone who isn't a DO customer, the thing that most dissuades me from this about becoming a customer is that this is a case of insecure by default. How many more of those are lurking around?



Here's another compound fuckup for you:

1. DigitalOcean users are unable to install their own kernel updates!

2. DigitalOcean have to bother making a new kernel image available via their admin interface; they haven't done this for over six months of Debian kernel updated in my experience.

3. Even if DigitalOcean did make a new kernel available, there's no notification to inform the customer that they have to log in to the admin interface and pick the new kernel from the list, then reboot their VM.

4. The list of kernels in the admin interface is sorted... bizarrely. I check it every so often and there is no sensible overall naming scheme; you are presented with a popup menu listing every single kernel for every single distribution; the latest kernel for Debian is in the middle of the list.

5. My attempt to resolve these issues with DigitalOcean support covinced me that the person I was corresponding with has no idea what a kernel even is, much less that DigitalOcean's list of available kernels is... lacking.

This situation, plus a couple the longstanding lack of progress towards IPv6 support; lack of ability to control kernel parameters; lack of a way to snapshot the filesystem for backups; makes me an unhappy DigitalOcean user who is going to jump ship for Bytemark at the earliest opportunity.


Funny, I've been able to update off the standard package repos


You may have updated the package, but did you really boot from it? Run 'uname -v' to check:

    $ uname -v
    #1 SMP Debian 3.2.46-1
DigitalOcean systems do not boot from the kernel image installed within your VM; they are externally provided.

This reminds me of something I omitted from my original rant. I've actually had to pin the kernel image package that I've got installed on my VM to the version that DigitalOcean provide:

    linux-image-3.2.0-4-686-pae:
      Installed: 3.2.46-1
      Candidate: 3.2.51-1
      Version table:
         3.2.51-1 0
            550 http://http.debian.net/debian/ wheezy/main i386 Packages
         3.2.46-1+deb7u1 0
            550 http://security.debian.org/ wheezy/updates/main i386 Packages
     *** 3.2.46-1 0
            100 /var/lib/dpkg/status
Because an unforseen ABI break in some netfilter module means that if I install the newest package, then reboot, one of the modules used by my iptables setup fails to load. ferm notices this and rolls back my firewall configuration--to the default state which allows all traffic. I noticed this, but I wonder how many other customers with similar setups did not, and hence have not noticed that their iptables rules are incorrect or absent.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: