Thank you for this service!

I've been a Linux user since 1998.

CentOS is my current distro of choice (use to be Fedora, but Fedora goes EOL too quickly)

Anyway - I also breed snakes as a hobby, and have a small website where I make my snakes available to others. It's low traffic, not profitable enough to justify a dedicated server, it's my hobby.

I was very happy with my hosting company, they always did me right. But about a month ago, I had an epileptic seizure, first one in years, and I injured my back. I did not check on my website during that time at all until a few days ago, when I saw that gallery2 was broken. It had been working ever since I installed it.

I tried to ssh in to fix it - the host couldn't even be found.

So I contacted tech support, and found out they had moved my account to a new host. No e-mail telling me they were going to do it, no e-mail telling me they did it. My gallery2 has been broken for a month - had I known they were moving me, I would have logged in to check on things - but with my bad back, the state of my website which has always worked was the last thing on my mind.

So - I get the new host name, and I still can not log in. At least I'm getting a password prompt though.

On a hunch - I try the original password they sent me years ago - the password that I immediately changed because you don't use a password that has been sent to you in a plain text e-mail. It worked.

I asked them about it, and they said it was because I changed my password with the password command, not in their gui cpanel application.

Oh my gawd.

That means they are storing passwords in a database that cpanel can access - and I bet most users use cpanel to manage it rather than the passwd command from the shell like I do. Talk about a security risk! You just don't do that. When you migrate to new hardware, you migrate the entries from the shadow file - and when you offer a gui mechanism (like cpanel) for password changing, the change needs to go directly to the shadow file and should never be stored anywhere.

I bet the way they were doing it, all someone needed was my original password - the one mailed in a plain text message - and they could have logged into my cpanel (which I never used) and altered stuff.

Furthermore, they switched from gentoo to Debian. That's actually a good switch, but they neglected to use the same UID/GID for the apache daemon - which is why my gallery2 broke. I don't run 777 permissions on the gallery2 data directory, that's dumb - I allow apache to read/write to it. But since apache now had a different UID/GID - it no longer even had read access to it, hence the breaking.

Anyway - I was quite disgusted with the whole thing. An online friend pointed me to this service, and I am extremely grateful - because it lets me admin the server the way I want to, without the extra cost of 1U of rack space.

I already have modern PHP RPMs patched for suhosin since CentOS is my distro of choice anyway and I customized PHP for my own development use some time ago. I was able to easily build gallery2 RPMs using the Fedora 9 src.rpm, and everything is currently working exactly as I want things to work without any need to submit support tickets and hope that the junior admin on the other side knows what he/she is doing.

Hopefully linode continues to live up to my expectations, I was very happy to see that the CentOS 5 image had a secured SSH Server config from the start (CentOS by default allows root login, so that's the first thing I went to change - linode had already done it), yum updating to 5.2 went flawlessly, adding the EPEL repo went flawlessly, installing my custom packages went flawlessly, I'm currently very happy.

Now I just need to wait for the domain transfer to finish (from old serving company to godaddy) - and I can update the dns records and will be good to go.

I'm very glad to see xen being used for such affordable root access hosting, and it's awesome that they let me choose my distro - I can test stuff out here at home and be fairly confident it will work on production.