Hosting Policies and Information

This is for people who are hosting at gigo.com, or who are thinking about it. This applies for both individuals and for domain hosting. If you have requests, send them to postmaster@gigo.com, which is never filtered. You might mail me at my normal address, it'll more likely not be missed by me (postmaster gets a LOT of spam).

Table of Contents


Logins

Most gigo.com accounts are mail only. For those accounts, I'll need the plain text password to store into the database. In order to keep your password secure over your pop/imap sessions without SSL, your mail client will send a crypted version of your password - the mail server needs the unecrypted version to compare against.

People with a legitimate use for SSH logins (DNS editing, and uploads via SFTP/SCP), will get a unix login. These passwords should be different from mail. Additionally, they should not be a weak password. You can give me a starting password and you can change it; alternately, you can run:

perl -ni -e 'print crypt("yourgoodpassword","xx") . "\n";'

DNS hosting

Depending on my relationship with you, I may be willing to slave your DNS zone, and/or allow you to maintain your zone files directly on my system (only if I trust you to ssh access). If I slave DNS from you, expect SOA checks once a minute. I don't support the NOTIFY protocol.

DNS is replicated (not slaved) to 4 servers. ns1.gigo.com updates once a minute; ns2 through ns4 update 10 seconds after. If ns1 goes offline, ns2 through ns4 will continue serving indefinately. These 4 servers are split across 3 geographic regions and 3 different internet service providers.


Mail hosting

Several notes here:

  • We support webmail, imap, and pop; all support SSL using the server name mail.gigo.com
  • For sending mail, we require SMTP authentication. Click the box that says "use password" for sending mail.
  • We do "greylisting" (intentionally giving temporary errors to servers we don't know). Legimate mail can be delayed up to 20 minutes the first time someone mails you; afterwords it "knows". While this does stop a lot of spam, some of you may not like it. I can bypass this for specific addresses and/or specific domains.
  • We do run SpamAssassin, the standard for spam filtering. However, we do not discard mail automatically - we merely mark it so you can filter it easier. SpamAssassin settings are configurable at mail.gigo.com. It is up to you and your mail filters what to do with this information.
  • Viruses and trojans are disguising themselves as many different types of attachments. We now block most attachments other than image files and zip files. If you have your own domain name and I am hosting it, I can disable this for you. If you do not have a domain name, I'm afraid you're stuck with @gigo.com's policy.
    • (Technical reason: I use different MX records for people who do not want this filtering, and MX records are per-domain, not per-user, on the internet dns system).
  • I do try and fight the spam problem best I see fit. I'm open to ideas and requests. I may not honor them, but I'm open to hearing them out. Note that what I do may delay email, or in some extreme cases even cause mail to be rejected (never discarded or black holed).
  • Despite what I do to stop spam, please, don't mail me when you get spam. I know you get spam. You'd get more without my help. But I can't make it all stop. You might be interested in the next option though:
    • Opt-in feature: If you use webmail or imap, I can have your incoming mail sort itself into two different mailboxes; one for mail from people you know (almost never spam) and a seperate box for mail from people you don't know (almost always spam). This feature uses your "Sent" folder to figure out who you know, so it is always up to date.
  • If you're a unix shell user, I can do both mbox and maildir. maildir is default; it plays best with the mail server. If you use mutt, you might prefer mbox format. Pine users should use imap.
  • I do support using procmail.


Web Hosting

Depending on your needs, I may offer/agree to host your web site. Note that I pay for bandwidth. In some cases I may have to decline serving your web site, due to costs. See the later section "Cost".

Notes about web hosting:

  • Your web directory is at /www/virt/yourdomain.com
  • That'll serve both yourdomain.com and www.yourdomain.com.
  • Stats are updated daily, at stats.gigo.com
  • Logs are in /www/logs . There's a seperate log for CGI.
  • If you know what a .htaccess, you can use it. I'm running Apache 2.2.x. with php and cgi
  • I can support webdav. DreamWeaver and GoLive both use webdav. Contact me. Note: If we convert your site to webdav, your entire web directory will only be accessible webdav only - as your files will be owned by the web server.
  • CGI will probably run as you. If it doesn't, and you want it that way, mail me. Otherwise, it runs as the web server.
  • PHP runs as the web server. Sucks. Make sure your files are readable by "other". Make sure if you need something writable, it can be written by "other". Make sure you won't be too upset if some other process manages to overwrite it.
  • Before installing web applications, please consult with me.
  • Before installing perl scripts you found on the net, please consult with me.
  • The above statements are so that I can audit what you are doing and make sure my server will remain safe. It is not meant to stop you from doing stuff.


    • Specific web applications:

    • gallery version 1.x: BANNED.
    • gallery version 2.x: Allowed; limited conditions. Has to run on cell.gigo.com specifically, which is a virtual machine that has its own little sandbox, for security concern reasons. Ask me to set it up a site for you. Do not install your own copy of gallery2.
    • Movable Type (Blogging): I'll install this for you if you want it. I usually install this with its own account to limit the damage that can be done. I'm personally using it and like it. Note that to use it for more than just personal use , it costs money. Even for non-profits.
    • If you are not a web designer, and you don't want to pay for a web designer, and your needs are modest, have me install a blog for your web site, and a gallery, and call it "Done". You can do everything you need to via a web browser.
    • SquirrelMail is installed here; you can read your email via a web browser at mail.gigo.com


    Jabber Chat

    if your email is handled stored on gigo.com, you can use your email address and password for any jabber client (including Google Talk). Any address that delivers to your account can be used. You may be prompted to register the jabber account; go ahead say "yes". The access is tied to your email address and account.

    If you have a domain that I host for you, you can use that for jabber purposes. Sure beats @jabber.org!

    No support is given for jabber other than basic login access.


    IRC

    A local IRC server is available at irc.gigo.com. That server is part of BSDNET; a more robust address to use is irc.bsdnet.org which will give you a working server, even if gigo.com's is down. irc.bsdnet.org uses dns anycast to help you find a working server relative to your part of the internet.

    No support is given for IRC access. You are expected to either know IRC, or be willing to go out and learn about it, to use this resource. The server (and the network) are open but are intentionally small and not well advertised.


    Unix Access

    This is only granted for people I know personally. If I don't know you, don't ask for it. If I did grant you access, please keep your unix and mail passwords seperate.


    Passwords

    Please, don't use passwords that suck. Yes, it may be easy for you to memorize, but.. you're also making it easier for people to take over my computer, costing me time, possibly money, and I'll hate you. And so will my goldfish. It is very important that you do use a good password.

    Mail passwords should be seperate from unix/scp/sftp passwords. If your mail password gets hacked, it can embarrass you, get my server blacklisted for spam, and cost me lots of money. But, the security of the server itself would at least still be intact.

    Passwords that suck have a word from a dictionary in it. Or a name. Or a word with a number after it. Those all suck. Hackers will use dictionaries of english words, names, other languages, etc. They will try adding numbers to it. They'll try UPPERCASE lowercase MiXeDcAsE.

    A good password will be made of letters and numbers (and perhaps more!) that have no meaning. I often make up words with gibberish sylables and a couple numbers so that I can easily memorize the password. Another possibility is to think of a phrase or a book title or something else that means somethign to you - then take the first letter of each word. Those first letters can become your password.


    Cost

    I don't have a set price for serving your needs on my system. If you can contribute to help offset my costs, that'd be awesome. If you can't, well, that's fine too. Your paying to help keep the lights on is not a strict requirement.

    Note that I do shell out about $200 a month for good bandwidth. That buys me 1 megabit (somewhat less than a typical DSL line's download speed). I'm allowed to go 100x faster than that. The catch is, is I have to pay for any sustained usage. The way this works is my provider looks at what did over the month, takes the top 5% of the usage and forgets about it. Whatever my peak is after that, is what I pay for. And if that's over 1 megabit, boy do I pay extra for it..


    Who I host for

    Friends. Family. Hobby groups. Non profits providing a public good. People on a mailing list I host, who are having problems with their current email provider.


    SLA - Service Level Agreement

    I don't have a contractual relationship. Therefore there is no specific agreement on server uptime or accessibility requirements. If this bothers you, there are several commercial alternatives. That said..

    I personally am dependent on the services of gigo.com. If something is down, I do care. I do want to fix it as quickly as possible; I do also have constraints of having a job that actually pays the bills. If I have two emergencies, the one that feeds my children is going to have precedence. For non-emergencies, if you have a problem with system, I would like to get it resolved quickly and get you back on your way, as a matter of pride and reputation.

    My contact info is available on request.


    Backups

    Multiple layers of backups are done:

    • The system drive is mirrored. Should one drive fail, I can have the data center people remove the failed drive, reboot, and the system will come back up.
    • Snapshots are made daily. If you have shell/sftp access, /disk2/snapshots/ has dated snapshots of the system. If you accidentally goofed up your files today, you can go get yesterday's or last week's copy pretty easily, without my help.
    • The snapshot drive is mirrored. When I travel to the SF Bay Area, I stop in at the data center, and swap mirror drives. What I keep at home is a copy of the snapshots. This may not be directly bootable but has everything it takes to rebuild a new system, and has multiple days of data.
    • Your own backups. You should not depend on me. What if I fail? Be prepared. Those if you with shell access and who are familiar with rsync, can do rsync on a daily or weekly basis. Please use the hostname slow.gigo.com for doing backups - this way I can manage our costs. This address will slow down traffic to keep us under limit. I'll adjust the limits as needed and able, without having to ask you to adjust your speeds (or worrying about two people's backups going at once).


    AUP - Acceptable Use Policy

    This is going to be real short, to the point.

    • I, the operator of the server, run it how I see fit. And if you're abusing my server, I'm going to do whatI need to limit that abuse.
    • If your web site goes nuts, I'm going to slow it down. Depending on the circumstances I'll work with you to figure out how to better handle it, perhaps via commercial means. If truely needed I'll disable your web site or the abused resource.
    • If you spam, I'm going to disable your your access permanently. I'll deliver your files by electronic or othe means, but I will cut you off, with prejudice.
    All this said: I don't want to react to any of it. I'm just not interested. But I will protect my server and my costs and reputation as needed.


    Thanks for your time reading this.

            - Jason Fesler