What’s the situation?

This is a do-it-yourself service. We’ve got a lot of carefully-developed policies, procedures, and features to allow most people to handle most situations without our intervention. We also have ways of handling the exceptions, and those generally work very well.

But, unfortunately, the structure of our service does enable a critical failure state. It generally happens when a member is wrong about two things at once.

The first one could be nearly anything. What their username is. What email address they gave us when they signed up. How Unix filesystem permissions work. How their own domain name is spelled. How to transfer their membership to someone else. Whether or not they’re using a VPN. (Each of these is a recent actual example.)

Regardless of what the first thing might be, the second thing they are wrong about is always the same: they think that they need our help to deal with the first thing and that we won’t help them. And (this is important!) they are always wrong about that.

Although that’s a problem, it’s still a solvable problem. The critical failure requires a bit more. It requires that the person needs our help (even if only to tell them how to help themselves!), but they are actively doing something to prevent us from helping them.

We’ve probably seen all the ways that can happen by now. We’ve done our darnedest to put up signs pointing people in the right direction, and we’re always willing to further improve them. People will eventually be able to sort it out (with or without our help as needed), as long as they are willing to read and follow those signs.

The “Forced Assistance For Obstinance” policy covers what happens when they aren’t.

The Obstinance of Indifference

Sometimes there is a way for people to accomplish what they want, even if it doesn’t comport with our TACOS. Transferring a membership to another person is the classic example. When you change your contact email address, you’re asked if the new email address is the same person or a different person. If you say it’s a different person, you get a short page explaining how to transfer assets between people and why it’s important to do it that way.

Some people click the back arrow and change the answer to “same person” and submit the form again. There’s a process. There are really good reasons for the process. It’s not even difficult. They just don’t care. And sooner or later, they find out firsthand about the really good reasons in a way that causes problems that we have to deal with.

The Obstinance of Rage

Sometimes, the person can’t accomplish what they want. That’s understandably frustrating. And sometimes they don’t handle it… optimally. They fall into a three-step process:

1) Do not follow the advice they’ve been given.
2) The situation does not improve.
3) Return to step 1.

That persists, building up energy and anger with each repetition, until their stack overflows and they reach escape velocity, erupting forth in a sizzling ball of white-hot rage.

At that point, we’re no longer a service provider; we’re a villain. It is not sufficient to solve the original problem anymore. Now, it has to be solved in a way that triumphs over the villain. And that means forcing us to do what they want without following our (villainous!) policies. It’s a moral imperative!

NearlyFreeSpeech.NET does not negotiate with terrorists

Aside from blatantly violating our policies and leaving us to clean up the mess, there are various ways people attempt to force us to do various things.

I’m not going to give too many examples, because sharing an exhaustive list of ways to harass us seems like maybe not the best idea. But for the purposes of illustration, let’s take a PayPal dispute.

If a member of our service files a PayPal dispute over a payment they made, yes, we have to respond to that. We go dig up our records of the charge, the associated services provided, and our refund policy and provide that to PayPal. Our track record on such disputes isn’t perfect, but we win the vast majority of them because we charged what we said we would and provided the services we said we would, and the dispute was never really about the payment in the first place.

Does that force us to waste our time? Yes. Does it do anything to help the member with their problem? No. Though in some cases, they’ve worked themselves into such a tizzy that the idea that they’re punishing us is satisfaction enough. (However, perpetrating payment fraud as a method of inconveniencing others usually isn’t a great strategy. The backfire can be brutal.)

That’s pretty much the type of situation we’re dealing with. Whatever they wanted, there was another, better way to get it. But they elected the way of pain.

And it didn’t even work.

The “Forced Assistance For Obstinance” Policy

A “Forced Assistance For Obstinance” event occurs anytime we are forced to do something for or in response to a member that is outside the normal scope of the support that member is eligible for.

When that happens, a $50.00 fee will apply. That’s the same fee we’ve charged for years for dealing with a membership transfer that violates our TACOS and causes problems we have to deal with. Indeed, that’s an example of something that will now be covered by this policy. As will payment disputes.

In addition, if you’re a baseline member and the activity precipitating the event appears to be an attempt to obtain support consistent with what’s available to a subscription membership, we’ll convert your membership for you. (The cost of the switch will be deducted from the $50.00 fee.) We may also prevent you from downgrading the membership, either for a period of time or indefinitely in order to make sure that we’ll be able to assist you in the future if needed. If that’s unacceptable, you will always have the option to cancel. (Do note that people who’ve intentionally been making our lives difficult have historically greatly overestimated the dismay the prospect of their departure would elicit.)

Bottom Line

Look, we’ve all dealt with a company we are pretty sure was fucking with us just because they could. We’ve all dealt with stupid policies that appear intentionally designed to make it harder to get what we want. We’ve all dealt with companies that act like they resent customers for existing. (In fact, I’m pretty sure OptumRX checks all those boxes at once!)

This is not that company.

This is a small business. I am the owner. I have been personally involved every day for the past 23 years in trying to make the best service possible, and to do right by every one of my customers. Even the dickheads.

We want you to be successful. We are always here to help you. I am always here to help you. I see every support ticket. I personally have over 13,500 posts on our forum. I am not a hard person to reach.

The caveat is that help is not unconditional. If you want our help, it’s provided on our terms. Terms that keep our members’ data and assets safe, and keeps our service financially afloat.

We don’t provide email support. If you email us, you’re going to get an autoresponse. Do what it says. If the type of help you want is something (rare) that we charge for, pay for it. If we say you need to post on the forum to get help, post on the forum to get help. If we say you need to follow the process, follow the process.

And if you’ve been our loyal customer for 150 years and you can’t believe that you’re being treated so despicably, yeah, good instinct. Don’t believe it. You’re not being treated like that. There’s something specific you’re doing that’s keeping us from helping you.

Whatever you do, don’t spiral into a self-feeding rage demon until the main thing keeping you from solving your problem is being so angry that you can’t think straight and you lash out at people who really, genuinely would love to help you if you would let them. It’s really bad for your digestive system.

Also, it costs $50.00.

This doesn’t affect the ability of sites to be accessed via HTTP, although we (continue to) strongly discourage that.

If this has been enabled for your site, you’ll see the emoji next to aliases other than the permanent .nfshost.com alias in the Site Names & Aliases panel on your Site Information panel in the Member Interface.

Our special thanks to Let’s Encrypt, whose service provider integration makes this possible.

• One server type to rule them all?
• A forum facelift.

The Kitchen Sink: One server type to rule them all?

For quite some time, we have offered the “Apache 2.4, PHP, CGI” for PHP users and the “Apache 2.4 Generic” type for people who want to run Node.JS or other custom web server processes. It’s possible to run PHP under Apache 2.4 Generic as FastCGI, but it often requires you to rethink the structure of your application. That can be tricky if you didn’t write the application. There are workarounds but… they kinda suck. We’ve heard from several people in that position that they hate being in that position and wish they could just have both. Now, they can. We’ve added a server type called “The Kitchen Sink” that includes support for Apache, native PHP support, CGI, and custom daemons and proxies. This is great for people who need to run apps that are part PHP and part not, as well as for people with PHP apps who want to jam something like Memcached or Redis in there with it.

“The Kitchen Sink” is available on an experimental basis right now; from the Site Information panel, it’s enabled by editing your site’s service type. It may… or may not… get a different name when it leaves experimental status.

A forum facelift

As some of our longtime members may know, our member forum was originally based on phpBB 2. phpBB 2, however, reached end-of-life in 2009, so we’ve long since ditched most of the innards in favor of more modern, up-to-date code designed for PHP 8, not PHP 3. What we haven’t ditched, until now, is the now-brutally-outdated early-2000s-era aesthetic. We’ve made some behind-the-scenes fixes over the last couple of weeks designed to make the forum easier to understand and use. We’ve also finally put some effort into the design. That update went out today.

This is nothing groundbreaking; we tend to avoid “groundbreaking” when it comes to usability. But it’s a solid update from the early 2000s to at least the mid-2010s. This also isn’t the most important thing in the world but we wanted to close out the year with something a little bit fun but still beneficial. It’s been an absolutely wild year!

We hope the functional and design changes will make the forum easier to browse and read and more pleasant to interact with. I’ll still post there as my usual curmudgeonly self, though; apparently, no upgrade can fix that.

More information about the forum updates is available in the forum.

That’s all for now! More updates to come as soon as we’re finished tamping down the bugs flushed out by these!

• We’re replacing our Intel Xeon servers with brand-new AMD Epyc servers.
• All our existing file storage will be migrated from SATA SSDs to NVMe PCIe 4.0 SSDs.
• Most of our content will be served from New York City rather than Phoenix after the upgrade.
• Various things may be intermittently weird or slow for the next couple of weeks as we shift them around, but we’re working hard to minimize and avoid disruptions to hosted services.

NearlyFreeSpeech goes Team Red

There’s no question that Intel has been good to us. Xeons are great processors. But these days, AMD Epyc… wow. The processors aren’t cheap, but the compute performance and I/O bandwidth are outstanding. 128 PCIe 4.0 lanes? Per CPU? Except for the speedup, this change should be transparent to most people. By and large, we’ve tried to protect people from building things too specific to exact CPU models by masking certain features, but there is probably some random instruction set supported on the old machines that isn’t present on the new ones. So if you’ve done something super-weird, you may have to recompile.

I don’t want to make any specific promises about performance. After all the speculative branch execution fixes, the security layers needed for our system to protect you properly, and other overhead, these things never quite reach their maximum potential. But, so far, they’re so fast!

Here’s the catch. Some ancient site plans bill based on storage space but not CPU usage. These plans have been gone for about ten years. They were an incredibly bad deal for people who wanted to store lots of data, but it cost basically nothing if your site was tiny and used lots of CPU. That wasn’t sustainable for us. We grandfathered those sites at the time because we’ve always paid a flat rate for a fixed amount of electricity whether we use it or not, and those sites have been running on the same hardware ever since (Intel Xeon X5680s!). Neither of those things will be true going forward, so it’s the end of the road for those plans. We plan to temporarily allocate a bare minimum amount of hardware to those sites for a few months and then let affected people know that they’ll be migrated to current plans around the end of the year.

If you want to check this now:

1. Go to the Site Information panel for your site.
2. Find the “Billing Information” box.
3. If there’s been a red-text message “($10.24/GB/Month – Legacy Billing!)” on the “Storage Class” line for the last ten years, you’re affected.

To change it, find the “Config Information” box and edit the Server Type. Pick the closest option. (If in doubt, “Apache 2.4, PHP, CGI.”)

Quoth the raven, “NVMe more!”

It’s something of a sore point that our file storage performance has always been a bit lackluster. That’s largely because of the tremendous overhead in ensuring your data is incredibly safe. Switching from SATA SSDs to NVMe will give a healthy boost in that area. The drives are much faster, and the electrical path between a site and its data will be shorter and faster. And it’ll give all those Epyc PCIe lanes something to do.

But there’s a little more to the story. To get adequate resiliency, sacrificing some performance is a necessary evil. It just flat-out takes longer to write to multiple SSDs in multiple physical servers and wait for confirmation than to YOLO your data into the write cache of a device plugged into the motherboard and hope for the best. We accept that. And we’ve always accepted that our less-than-stellar filesystem performance was the compromise we had to make to get the level of resiliency we wanted. However, we’ve always suspected we were giving up too much. It’s taken years, but we’ve finally confirmed that some weird firmware issues have created intermittent slowness above and beyond the necessary overhead.

So we expect our filesystem performance to be dramatically better after the upgrade. Don’t get me wrong; it won’t be a miracle. The fastest SAN in the world is still slower than the NVMe M.2 SSD on the average gaming PC (or cheap VPS). But one keeps multiple copies of your data live at all times and does streaming backups, and one doesn’t. And it should be a hell of a lot better than it has been.

Related to this, we’ve made some structural changes to site storage that will make moving them easier and faster. That has some other benefits we care a lot about that you probably don’t, like making storage accounting super fast. It should also make some other neat things possible. But we need to explore that a little more before we announce anything.

New York, New York!

Things have changed quite a bit since we started. As much as I love Phoenix, it’s not the Internet hub it was when I lived there in the 1990s. While some benefits remain, I no longer believe it’s the best place for our service. We see dumb stuff we can’t control, like Internet backbones routing traffic for the US east coast and Europe from Phoenix through Los Angeles because it’s cheaper. New York, on the other hand, is functionally the center of the Internet. (More specifically, the old Western Union building at 60 Hudson Street in Manhattan.)

It will surprise no one that Manhattan real estate is not exactly in our budget, but we got close. And, more importantly, we are parked directly on top of the fiber serving that building. It’d cost about ten times more to shave 0.1 milliseconds of our ping times.

This change will make life demonstrably better for most people visiting hosted sites; they’re in the eastern US and Europe. But we’re not leaving the west hanging out to dry. We can finally do what I always wanted: deploy our own CDN. After we’re finished, traffic for customer sites will be able to hit local servers in Phoenix, New York, and Boston. Those servers will transparently call back to the core for interactive stuff but can serve static content directly, much like our front-end servers do today. That’s already tested and working. You might be using it right now.

The new design is completely flexible. It doesn’t matter where your site is located; traffic enters our network at the closest point to the requestor, and then our system does the right thing to handle it with maximum efficiency.

It’s now technically possible for us to run your site’s PHP in New York, store your files in Boston, and have your MySQL database in Phoenix. But “could” doesn’t always mean “should.” We’re still constrained by the speed of light; a two-thousand-mile round trip on every database query would suck pretty hard. (But I’ve done it myself with the staging version of the member site. It works!) So everything’s going to New York for now.

Keeping it weird

This change means we have to move all your data across the country. Sometime in the next few weeks, each site and MySQL process will be briefly placed in maintenance and migrated across our network from Phoenix to New York. For most sites, this should take less than a minute. We’ll start with static sites because they don’t have any external dependencies. Then we’ll move each member’s stuff all at once so we don’t put your MySQL processes and site software into a long-distance relationship for more than a few minutes. Once we have a specific schedule, we’ll attempt to make some information and, hopefully, some control available via the member UI to help you further minimize disruption. But our goal is that most people won’t even notice.
There may be some other weirdness during this period, like slowness on the ssh server, and you may actually have to start paying attention to what ssh hostname to use. All that will be sorted out by the time we’re done.

Some longtime members may recall the 2007 move where it took us over a day to move our service a few miles across town. At the time, we wrote, “Should we ever need to move facilities in the future, no matter how long it takes or how much it costs, we will just build out the new facility in its entirety, move all the services between the two live facilities, and then burn down the old one for the insurance money.” Oh my god, it took a long time and cost so much money, but that’s exactly what’s happening. (Sans burning down the facility! We love our Phoenix facility and hope to continue to have equipment there as long as Arizona remains capable of sustaining human life.)

Final thoughts

These changes represent an enormous investment. Thus, much like everyone else these past couple of years, we will have to pass along a huge price increase.

No, just kidding.

Our prices will stay exactly the same, at least for now. (Except for domain registration, where constant pricing fuckery at the registries and registrar remain the status quo. Sadly, there’s nothing we can do about that. Yet.) In fact, they might go down. We bill based on how much CPU time you use, and it’s likely to take less time to do the same amount of work on the new hardware.

The last few years have been pretty weird. COVID aside, NearlyFreeSpeech.NET has been keeping pretty quiet. There’s a reason for that. I’m proud of what NearlyFreeSpeech.NET is. But there’s a gap between what is and what I think should be. There always has been. And that gap is probably bigger than you think.

So I spent some time… OK, nearly three years… more or less preserving the status quo while I did a very deep dive to learn some things I felt I needed to know. And then, I spent a year paying off tech debt, like getting our UI code cleaned up and onto PHP 8 and setting up this move. So four years went by awfully fast with little visible change, all in pursuit of a long-term plan. And in a few weeks, we’ll be finished. With the foundation.

“It’s a bold strategy, Cotton. Let’s see if it pays off for ’em!”

To make a long story short, we spent so long on the 2023Q2 quarterly software build that it was July, and we still had problems. We finally have a clean build that passes all of our hundreds of internal tests. But we also have the 2023Q3 quarterly build running just as smoothly. Since 2023Q2 won’t get any security updates through the FreeBSD ports team, having our non-production members test it doesn’t seem useful. And we’re sure not going to roll it out to production sites untested.

And so, we are skipping it. The default realm for production sites will be the (now very thoroughly tested) 2023Q1 realm. And the default realm for non-production sites will be the shiny new 2023Q3 realm. As always, we’ll backport security fixes as needed from 2023Q3 to 2023Q1.

No more PHP 7!

For those sites being upgraded from 2022Q4 to 2023Q1, it’s worth reiterating that PHP 7.4 was deprecated in 2021, and security support ended in November 2022. If your site still runs on PHP 7 eight months later, you’re in for a bad time. The PHP developers are ardent adherents of “move fast & break things,” and backward compatibility is the thing they break the most. Back in February, we posted information about this, including some advice for updating, in our forums.

Looking forward to the next 20!

That does not reflect well on those people.

We’ve received quite a few emails (and signups) from them in the past week or so. They appear to believe that “free speech” means they can say whatever they want without repercussions. (It does not.) They expect us to agree with them about that. (We do not.) And they believe they’re entitled to our reassurance and, in some cases, assistance. (They are not.)

We have zero time and even less energy to waste on such nonsense. It is also difficult to express the full magnitude of our disinterest in passing some Internet Randolorian’s “free speech” litmus test. So we close all such inquiries without responding.

But I do want to make some things crystal clear.

First, we’ve been in the free speech business for nearly 20 years. We are experts at this. (We are capable of seeing through even sophisticated arguments like: “I said it. Therefore, it’s speech. Free speech is speech. Therefore what I said is free speech!”) So if getting your content online depends on your web host misunderstanding what free speech is, please save yourself some time; we’re not the right service for you.

Second, yes, hosting illegal content on our system will get you kicked off. You won’t get a refund. But it does not end there. There’s a school of thought that we can’t possibly be a “real” free speech host if we ever cooperate with the authorities. We didn’t go to that school. If you abuse our service to break the law, we will not only cooperate, we will turn you in ourselves.

When we cooperate with law enforcement, we do not do so blindly. We review their activities, both for abuse of power and to make sure proper processes are followed to protect our members’ rights. Such things are vanishingly rare, not (as they are sometimes depicted) the default. So if you’re expecting that we will automatically say, “Shove it, coppah!” anytime the police come calling about your site, we’re not the right service for you.

Finally, if you’re a racist, we’re not on your side. We are not your allies. We are not sympathizers. The “Free Speech” in our company name is not a secret dog whistle to you. We believe that America accomplished what it has despite the hatred and bigotry that has always plagued us, not because of it. We believe diversity is America’s spicy secret sauce, which we love. And we have no interest in living in a sea of mayonnaise. We do not want you to host your garbage here. We will not lift one finger to help you do that. We will kick you off the instant you give us a reason. We’re not the right service for you.

Despite having no single point of failure from the hardware perspective, each site’s content is still backed by a single system image (necessary for coherency), so these updates may cause some temporary disruptions to affected sites. We will do our best to minimize that.

We do also plan to upgrade our core database servers. These are fully redundant, so we do not anticipate disruption, but the possibility does exist. We hope this upgrade will resolve an issue that mainly manifests as intermittent errors in our member interface early in the morning (UTC) on Sundays.

This bill is, as the name implies, ostensibly intended to fight sex trafficking. Sex trafficking is awful, and should be fought. But a lot of sex trafficking experts think that this bill won’t have that effect. That it will actually make things much worse for sex workers. For example, those sex trafficking victims that are supposed to be protected may suddenly find it illegal to talk about their experiences. Whoops.

(Yes, that’s a Jezebel link. If they don’t match your politics, fair enough, try Reason. Pretty much nobody on any side thinks this is a good idea, except a handful of underinformed celebrities. This is not a right-left issue.)

That’s probably reason enough not to pass it, or at least to go back and take another look. But that’s not the end of the story.

An amendment slipped into the bill also proposes to override section 230 of the Communications Decency Act. Without overstating the case in any way, CDA 230 is the reason small companies like ours can exist. It protects us from liability for the actions and content of our customers. That means if you don’t like what one of our customers has to say, you can’t sue us about it. The First Amendment is great, and we love it, but in everyday practice, CDA 230 is what keeps rich people and companies from filing nuisance lawsuits to force us to either censor our customers at their behest or drown in legal fees. They know that, and they hate it.

As the EFF has pointed out, if this protection is weakened, pretty soon the small voices will be silenced. Not because what they have to say is illegal, but simply because it might be. Fear of liability will force providers like us to either moderate all the content that appears on our service — massively Orwellian and expensive — or simply proactively disallow anything that might possibly create liability. Or just shut down and leave the Internet to the likes of Facebook.

In that climate, the only people who will be able to have websites will be people who can afford teams of lawyers and people who only say things so boring that they don’t run any risk of creating liability. Remember when mass communication consisted of three broadcast TV channels and everything said on them had to be approved by the channel’s “Standards & Practices” department, which censored much more than any law required them to because that was cheaper than fighting? Do you miss those days?

If you’re not that worried about us, that’s fine. Here’s why you should still care. Does your website have a forum? Does your blog allow comments? Do you have a feedback form? A wiki? Could someone post spam anywhere on your site offering sex for money? If so, enjoy your ten years in Federal prison. (And yes, we’ve seen several cases where people engaging in illegal activity find unmonitored corners of sites that allow user-contributed content and use them to communicate. We act to shut that down when we find out about it, but we’re strongly against sending the operators of those sites — or us — to prison for “facilitating” those communications.)

This sort of crackdown on online communication has been attempted several times in the past, usually around intellectual property. (Remember SOPA, PIPA, etc.?) But intellectual property owners, despite being good lobbyists, aren’t very sympathetic public figures. Sex trafficking victims are.

That is definitely reason enough not to pass it. But that’s still not the end of the story.

If you live in the United States and you ever took even a high-school level civics class, you probably ran across the concept of an ex post facto law. This refers to a situation where, if I’m in government and you do something legal that I don’t like, I make a law against it, I make that law retroactive, and then I use it to prosecute you for what you already did. That’s not how law works, and it’s not allowed.

But FOSTA contains this little tidbit:

(b) EFFECTIVE DATE.—The amendments made by this section shall take effect on the date of the enactment of this Act, and the amendment made by subsection (a) shall apply regardless of whether the conduct alleged occurred, or is alleged to have occurred, before, on, or after such date of enactment.

Whoops. I guess Mrs. Mimi Walters of California (the author of the text above) skipped civics class. To be fair to Mrs. Walters, the US Constitution is very vague on this point, and the language is convoluted and hard to follow. (“No Bill of Attainder or ex post facto Law shall be passed.” – Article 1, Section 9)

That’s not the only problem, nor is it only my opinion. The US Department of Justice agrees, raising “serious constitutional concern” about the ex post facto nature of the law and states that the is broader than necessary (meaning it criminalizes not only more than it needs to, but also more than the authors think it does). They are also concerned that despite making so much stuff illegal, this bill makes it harder to prosecute the actual sex traffickers.

When the Department of Justice tells you you’re making too much stuff illegal, obviously you take a step back and fix things… unless you’re the US House of Representatives.
In that case, you pass it as-is 388-25.

That’s right, the US House passed a bill that, our own liability concerns aside, makes it harder to prosecute sex traffickers, but criminalizes people speaking out against sex trafficking, including former victims. What the hell? Do sex traffickers suddenly have really good lobbyists?

The bill has now moved on to the US Senate. Internet superhero Senator Ron Wyden of Oregon is doing his best to save us all once again, as he has done so many times before. But he needs our help. If you’re in the US, please call or email your senators today and urge them to send FOSTA back to the drawing board in favor of something Constitutional, limited, and effective. FOSTA is none of those things.

This isn’t intended to be such a post.

This is a post to acknowledge that our service has a couple of serious issues that require more urgent attention.

1. The cost and threat of DDOS attacks is escalating so quickly that unless we act, they will drive us out of business.
2. It’s time for us to move toward ICANN accreditation.

Addressing these concerns will require some major shifts in our pricing model. To be completely honest and upfront, these changes will primarily affect those sites and members that are currently paying the least. After the changes, the prices at the low end will still be low, but not as low, and in some cases, lower-cost sites may have a different set of options than they have in the past.

Summary of changes

Here’s a short summary of the changes we are making:

• We are eliminating the current static/dynamic site distinction in favor of three tiers (plan selection available on November 1st, existing sites with no plan billed as Non-Production as of November 1st, and as Production sites as of December 1st):
  • Non-production site ($0.01/day) – Static and dynamic functionality, limited realm selection, limited # per membership, might be automatically opted in to some betas, not for production usage or revenue-generating sites;
  • Production site ($0.05/day) – The “standard” option. Full set of realms, unlimited quantity, no automatic beta opt-ins, usable for production or revenue-generating sites; and
  • Critical site ($0.50/day) – An option unlike anything we’ve (publicly) offered before with 24×7 custom monitoring.
• Bandwidth charges will largely be eliminated (not officially, but in practice, no one will pay them). (Effective November 1st for new sites, on or before December 1st for existing sites.)
• Resource (CPU/RAM) charges will decrease over 60%, from 17.22 RAUS/penny to 44.64 RAUS/penny.
  (Effective November 1st for all sites that use resource billing.)
• Domain registrations will increase by $1.00/year. (Effective October 1st.)
• We will be adding a significant fee to certain violations of our Terms & Conditions of Service that are extremely rare but cause significant hassle for us. (Effective immediately, with a limited amnesty period until December 1st.)

Below, we’ll discuss why we need these changes and then go through them in detail.

About DDOS attacks & bandwidth

Defending against DDOS attacks is very difficult and very expensive. The first key step to fight them off is being able to absorb the inbound traffic they generate. That takes massive amounts of bandwidth. And although already massive, the amount needed is constantly increasing. Right now, we have enough bandwidth to cope with about 70% of the attacks we encounter. That 70%, of course, starts from the bottom. And the success rate is falling. Larger attacks can knock our entire service offline, at least for a little while.

Unfortunately, this is an area where “pay for what you use” simply no longer works. We charge for bandwidth based on outbound traffic from member sites. But we pay for vastly more bandwidth than that to deal with attacks, and we need more still.

Worse, the equipment needed to mitigate DDOS attacks at wire speeds of 40Gbps and 100Gbps is pick-your-jaw-up expensive compared to 10Gbps gear (or, really, anything else we currently use), and it needs both costly maintenance agreements to stay up to date with evolving attack techniques and well-paid professionals to keep it all working.

So what we currently charge is not covering what we currently pay, much less the additional costs it would take to get the success rate up to 85-95% and keep it there as attacks increase in frequency and scale. That’s got to change. We need to increase our revenue, not just enough to cover our current costs, but to cover the additional costs of the bandwidth, equipment, and people necessary to make sure our service is secure, protected, and reliable, now and in the future. That entails charging everyone more.

Most people’s first reaction to that is, “Well, I’m not getting attacked, why should I have to pay more?” Here’s why: most of the sites affected by any given DDOS attack are not the site being targeted. That’s getting worse. We’re seeing more and more attacks on infrastructure, rather than hosting IPs. In such attacks, collateral damage is the whole point. Those typically affect everyone, and are often much harder to deal with. When your site is negatively affected by a DDOS attack on someone else, these are the resources we need to have even a chance of doing something about it.

Even if an attack targets a specific site we host, attacks are frequently non-specific enough that we never figure out who it is. But in those cases where a specific site is being targeted and we know which site it is, does it matter? Sometimes it’s easy to argue that the site operator must have done something to provoke an attack. And sometimes that’s even true. But it’s frequently not. In the longest and most debilitating attack we’ve ever experienced where we identified the target, that target was a small site about a video game. Did that site “deserve it?” How about the website for the orphanage using the same IP address? Should we just wash our hands of it and tell that person, “Sorry, you have to go elsewhere, video games are way too controversial for us to handle?”

Even if we do know the target of the attack, and it’s not just “us,” it’s not like we can send that member a bill. I mean, we could, but nobody is going to pay a surprise $10,000 bill from a service that claims that you’ll never be on the hook for more than the amount of money you decide in advance to put in.

“Who should have to pay for protection from DDOS attacks?” is a trick question. No one should. Period. Because DDOS attacks shouldn’t happen. They definitely shouldn’t be several orders of magnitude easier and cheaper to launch than they are to defend against. But “should” and “is” are miles apart, and we have to take the world as it is, not as it should be. So who does have to pay for protection from DDOS attacks? Everyone.

Protection isn’t optional. There’s no point in offering our service if the minute anyone calls our bluff we have to fold. We’ll never be able to provide every site protection against every attack. There are other — much more expensive — services like Cloudflare’s $200/month “Business” plan that can help sites worried about the last few % of attacks we can’t hope to mitigate. But we can do a lot better than this, and we must do better than this. Free speech, it turns out, is heinously expensive, and the cost is rising rapidly.

Hence, we’re changing our pricing to reflect that all sites, regardless of size or activity, must contribute toward the collective cost of protection from attacks. That wasn’t an easy decision, but we believe it’s the only workable option in the current online climate.

New site types

Non-Production Sites ($0.01/day)

We know that some people who host with us really do need the absolute lowest possible price, and this is it. This is a plan designed to minimize the price by reducing access to some features that are expensive for us, and giving us some flexibility with respect to how we host these sites. As such, this offering represents a subsidy; it’s below our costs. That has three main consequences:

• Non-Production Sites may not be used for production services, or for sites that generate any kind of revenue. If you’re making money on your site, we’re not willing to lose money to host it. Personal sites are OK. Beta sites are OK. Development sites are OK. Resume and portfolio sites are OK.
• Non-Production Sites must constitute no more than half of the sites on your membership, rounded up. So if you’ve got one site, it can be non-production. If you’ve got more, you’ll have to maintain a mix. If your ratio falls out of balance (e.g. by deleting Production sites), we’ll apply an adjustment charge.
• Non-Production Sites will help us improve our service. When we need sites to help test new features in the future, those sites will be automatically drawn as needed from the pool of Non-Production sites. They will also be limited to upcoming stable, beta and experimental realms to help us make sure third-party software updates are production-ready. (Realms are the huge collections of third-party software we provide preinstalled for all sites. Stable realms are rotated quarterly, and beta and experimental realms receive continuous rolling updates.)

If any of those limitations are undesirable for any reason, then a Production Site will be the more appropriate option.

We’ve found it’s faster, easier, and cheaper for us to develop and test new functionality when we have a robust base of real-world sites to test against. Our free bandwidth beta is a good example of such a test. That’s valuable to us, and that’s why we’re willing to offer this service at this price. We’ll make every effort to limit testing to sites that are compatible with whatever is being tested, and if the test breaks a site we’ll either opt it out if we detect that, or provide you a way to do so. And we’ll spread tests around to the best of our ability; it’s not our intent to draft every site into every test.

Whether or not a non-production site is participating in a test, we’ll still take feedback and problem reports about them, and we’ll still do everything we’re currently doing to keep them up and running.

Since this plan represents a subsidy, we have a certain amount of money in mind that we’re willing to “pay” our members for giving us the extra flexibility this plan provides. We’ll periodically evaluate the total number of non-production sites and may adjust the cost of this option if adoption rates are materially higher or lower than we expect. If needed, changes will be infrequent and announced in advance.

Each non-production site will also be able to use at least one gigabyte of bandwidth per day without being charged extra.

Production Sites ($0.05/day)

Production sites are the closest equivalent to current sites. As such, there’s not much to say about them. They will have full access to all features and realms, support static and dynamic content, and may be used for any production or revenue-generating purposes. There is no restriction to the number of them you can have. They may have some ability to opt into future tests, but that ability may be limited.

Although we won’t require it, we strongly recommend that if you are generating revenue from a production site, you should have a subscription membership. The cost is very small and if there is real money on the line then being able to ask for our insight and help when there’s a problem can be invaluable. It’s a good investment in your own success.

Each production site can use at least ten gigabytes of bandwidth each day without being charged extra.

Critical Sites ($0.50/day)

This is a new category of site available only to subscription members. It reflects a generalization of an informal arrangement we have with a few of our existing members who have sites that need special monitoring. This service is for sites that are particularly sensitive or important, sites that aren’t for the business, sites that are the business.

The higher price includes a custom entry for the site in our network monitoring system. That notification can be set to alert you, us, or both, in the event of a disruption. (We do reserve the right to adjust how vigorously it notifies us based on the frequency of monitoring events that result from issues determined to be under your control.) In the event of a disruption to our service, we will use the additional monitoring to ensure that service is restored as soon as possible.

Also, with critical sites, if we detect an issue, we will be able to devote more effort to investigating what’s going on to see if there is any helpful information we can proactively provide to the site operator, or if there is anything we can do on our end to help restore proper operation.

This doesn’t change the fundamental do-it-yourself nature of our service, nor will it keep sites online if they are hacked or compromised. To give an example, if we detect a WordPress blog is compromised, we disable it and our system sends out an automated notification via email to the site operator to let them know to take care of it. If that site were a critical site, we would still have to disable it, but we would send out a manual notification instead, including whatever information we can find about what’s going on, and if it were agreed upon in advance, we’d be able to alert the site operator by SMS as well.

If your site is vital to your business or generates enough revenue that you feel that a little extra attention is worth it, this is the option for you.

Each critical site can use at least 100 gigabytes of bandwidth per day without being charged extra.

General notes on site types

All site types will have full access to static and dynamic content, daemons, scheduled tasks, TLS, the ssh command line, and many other crucial features for modern sites.

With respect to bandwidth usage, each site type specifies an amount per day that won’t be charged, and that amount says “at least.” Officially, the policy is that usage in excess of the stated amount will be billable at the flat price of $0.10/GiB. However, right now, we don’t actually plan to bother keeping track of that. The goal is to cover our bandwidth costs, which are driven by attacks, not regular usage. If we’ve already charged you for inbound bandwidth to protect from attacks as part of the base site cost, we shouldn’t need to charge you again for outbound bandwidth because it’s already been paid for. So as long as site charges cover the bandwidth costs, as we expect them to, we can hold off on charging for overages. Naturally, if a site starts to use so much bandwidth that it’s becoming problematic, we’ll deal with it, but for now I kinda want people to give it their best shot.

The other “catch” is that it will be possible to upgrade sites to a higher plan, but it will not be possible to downgrade to a lower plan. Once a site is upgraded, that upgrade is permanent. Likewise, the daily costs will continue to apply even if the site is disabled.

This change will become effective for new sites on November 1st. At that time, existing sites will remain unchanged, but will be charged as Non-Production Sites. The option to choose a plan will be available in the UI on that date.

Starting December 1st, all existing sites that have not chosen a plan will be treated and billed as Production sites, but they will still have the option to make an initial plan selection. (So if you don’t get to this before the deadline, you’ll still be able to choose Non-Production for existing sites.)

Resource cost reductions

CPU and RAM resource charges for all site types will also decrease dramatically, from 17.22 RAUs per penny to 44.64 RAUs per penny. That’s a decrease of over 60% and will apply to both MySQL and sites. It should help make hosting larger, more active sites more affordable.

The pricing for storage resources will remain unchanged for now. The reliability of our current storage has been very good, but the cost (to us) is really high in terms of both TiB/$ and IOPS/$, and that shows through in the pricing (to you). We want to bring this down, and if we can stop spending every penny we have on bandwidth, I believe some more R&D in this area will really pay off.

Domain Registration

Since 2006, we’ve used the services of a third-party company to offer domain registration. That worked out really well for many years. Then, in 2014, that company was acquired by another, much larger, company. Its new parent owns a large number of other hosting companies that compete directly with us.

Initially, things were fine. But over the past twelve months or so, there have been a few incidents where our customers didn’t get the quality of service we expect. We’re concerned that it will be increasingly problematic to outsource such a critical function to a company that is essentially owned by the competition. Not to mention our lack of control over things that are very frustrating to us and our members, like “monetization*” of expired domains, is getting pretty old.

Unfortunately, the other wholesale options in the industry really aren’t any better. To make a material difference, we need an ICANN-accredited registrar. That’s a complex and expensive undertaking. To that end, we’ll need to raise prices on domain registration, first to fund the accreditation effort, and then to meet the additional ongoing requirements ICANN imposes on accredited registrars in a way that will provide a quality of service that both we and our members will be satisfied with.

The fixed costs of operating a registrar are particularly burdensome for smaller companies like ours that can’t amortize those costs over millions of names, especially if we don’t want to get any “monetization*” on us. Accordingly, we will raise the price of all domain registrations by $1.00/year on October 1st and use that money to pursue domain registration independence.

*”Monetization” is a technical term used by the domain registration industry that means “we’ll do anything, however scummy, if there’s money in it.” It’s never a good thing and it has to be handled with scare quotes because if you get any on you, the smell never washes away.

Enforcing our Terms & Conditions of Service

Our Terms & Conditions of Service are some of the shortest and easiest to comply with in the industry. Over 99% of our members are happy to do so. But the ones who don’t are getting to be a real source of hassle and frustration for us. People don’t follow our policies, they create a jam for themselves, and then they invariably expect us to fix that jam for them. And we have enough members that even “less than 1%” is enough people to cause a steady stream of headaches.

Unlike, say, DDOS attacks, these are avoidable problems that people absolutely did bring on themselves, and for which they alone should bear the costs and consequences. That’s not currently the case. You’re paying for their mistakes.

Effective immediately, if we detect the following situations, we will apply a $50.00 fee (per incident) to cover the cost of having our staff clean up the mess and advise the people involved on how our service works and what they should be doing instead:

• One person who has multiple memberships. We will consolidate the multiple memberships into one membership with multiple accounts. (Definitely do not create multiple memberships trying to get around the per-membership limit on non-production sites!)
• Multiple people sharing access to a membership. We will reset the password, get ID and a promise not to do it again from the named member, and provide references to documentation on how to use our powerful account sharing features.
• Memberships that have been transferred from one person to another. We will require the recipient to transfer the membership back to the named member or, if we are unable to establish who that is, have the person create a membership in their own name, pay the $50 fee, and then we will transfer any accounts on the invalidated membership to the new person.

Pretty much, unless you’ve done something it says in bold print not to do on our signup page, you should never see this fee. But we’ve got to get the people who think they are exempt from what few rules we have to either straighten up and fly right or find some other host. Really, we’re fine with either choice.

If you are currently doing one of these things and we haven’t caught you yet, you will have until December 1st to take steps on your own to resolve the issue. We will waive the $50.00 fee if we learn about a violation from your good-faith effort to correct it. (E.g. if you request a transfer to consolidate your two memberships before we find out about it, we will process the request without applying the fee if it is submitted before December 1st.) If you need our help to resolve the issue before then, you’ll need a subscription membership, which is a much better deal than this fee.

Final thoughts

It’s very likely as a result of these changes, members paying more than a few dollars a month will wind up paying less, possibly substantially less. They’ll probably be very happy. But there aren’t very many of those.

There are others who will be able to make a few changes to consolidate usage and keep their costs about the same. Our per-alias site root feature may be particularly helpful for people with large numbers of static sites.

But, taken on a purely percentage basis, these changes are a large increase for many people. In many cases, that increase will be from pennies per year to dollars per year. Some of them will see the value in taking these steps and will be happy to pay more to support them. Some people… won’t.

For those who need it, it’ll still be possible to host a site with us for well under a dollar a month, and while that option is not without tradeoffs, that site will in many cases be able to do more than it could in the past.

For those who can afford it, and those who want us to support their business, we’re asking them to do a little more to help support our business in return.

A fair amount of this change is motivated by the inescapable truth that offering service at the price we’re offering it increasingly requires making compromises on the quality and future viability of our service. We’re not willing to do that. I have always believed that we are about offering a good value rather than the lowest price, and these changes reflect that goal.

For people who would prefer to accept those compromises to get the absolute rock-bottom price, there are and always will be providers who are willing to make them. But we are already farther down that road than I am comfortable with. I don’t like it here, and I don’t like what I can see ahead. We are changing course. We hope you’ll follow the new path with us, but if not, we’ll definitely understand.