We had a plan to post this last year, but we forgot.

On August 13th 2004, ten eleven years ago, our first ever invoice for a virtual dedicated server was paid.

Mythic Beasts Ltd.                http://www.mythic-beasts.com/
103 Beche Road
Cambridge
CB5 8HX

To:



────────────────────────────────────────────────────────────────
Invoice date                                        02-Jul‐2004
Invoice number                                                         
────────────────────────────────────────────────────────────────

────────────────────────────────────────────────────────────────
Ref         Date            Description                 Amount
────────────────────────────────────────────────────────────────
 xxxx     2004‐07‐02  VDS256 virtual dedicated         £400.00
                      server server-name 2004‐07‐02 to
                      2005‐07‐01
────────────────────────────────────────────────────────────────
                                      total            £400.00
────────────────────────────────────────────────────────────────

This VM ran until 2009 at which point it upgraded to a much faster dedicated server. It’s still operational today.

Over the intervening years, our basic service has evolved through three different virtualisation technologies and the virtual machines are now thirty two times the size that they started.

• 256MB, User Mode Linux
• 1024MB, User Mode Linux
• 1024MB, Xen
• 4GB, KVM
• 8GB, KVM with SSD

As computers have become much larger and faster it’s increasingly hard to find a single application that can fill the capacity of a single machine, meanwhile service oriented architecture means that even simple applications are now built out of lots of lighty loaded servers, virtualisation is the magic that means that fifty applications built from tens of servers each can fit into a handful of physical servers. Whilst managing the hardware has become much simpler the number of instances to manage has exploded.

Increasingly these days not only are the servers virtual but the entire infrastructure, routers and all. We now have entirely virtual networks existing within our VM cloud using virtual routers to route traffic to virtual machines.

If you read security lists, you will already be aware that we’re expecting a new release of OpenSSL tomorrow to fix a high severity vulnerability.

We will be reviewing the details as soon as the vulnerability is released, and will be patching the affected servers shortly after the updated packages are released, if necessary we will be contacting customer to reissue keys as we did after the now infamous Heartbleed vulnerability.

If you have any questions, or would like to upgrade to a manged service so we catch these kinds of issues for you, you can contact us at support@mythic-beasts.com.

One of the Mythic Beasts, Rhosyn has written an article on filtering for trefor.net, a widely read blog on technology and networking.

The part we particularly like this this quote,

As a long standing customer of Mythic Beasts 
(shameless plug; outstanding service and support, 
so good that I switched companies recently to work 
for them)

tldr; Apple say IPv6 support vital, we offer £20pa off any VM that is IPv6 only.

Apple have announced that as of iOS 9, all apps require support for IPv6 and must run on an IPv6 only network. The motivation is fairly clear, T-Mobile USA runs an IPv6 only network, Comcast is deploying IPv6 and on IPv6 launch day in Finland 5% of users had IPv6 enabled simultaneously. Google sees around 7% of all traffic as IPv6 now.

Like it or not, IPv6 is here and the predictions of a lengthy period of being dual stack were wrong. Nobody bothered to turn on IPv6 until IPv4 ran out, then instead of IPv6 and Network Address Translation we’re skipping quickly to IPv6 only. If your application doesn’t work on an IPv6 only network an increasing fraction of users simply can’t use it.

At Mythic Beasts we’ve been using IPv6 for a long time. Two years ago we rebuilt the hosting infrastructure for Raspberry PI to be IPv6 only for all internal connections. A future article will explain our scale up to vastly more VMs, many IPv6 only. IPv6 at Mythic Beasts isn’t an add-on, if our IPv6 connectivity breaks, customers go offline. We’re steadily working on spreading IPv6 connectivity throughout other providers.

We’ve been offering developers IPv6 only Virtual Machines for experimentation for a while, and have one of the most comprehensive IPv6 connectivity checkers for hosted software which is very good at demonstrating that enabling a v6 address isn’t quite enough.

Every single connection to this website uses IPv6.

The best way to build the hosting infrastructure today, is to have an IPv6 only network for the whole thing and a single IPv4 address on the load balancer for ‘legacy’ IPv4 connections. To give everyone an incentive to do it right, today we’re extending our IPv6 only VM offer – all virtual machines that are IPv6 only will be discounted for the lifetime of the rental.

If you’re really interested, this presentation at the North American Operators Group about the largest US ISPs moving straight to IPv6 only deployments including the information that over 20% of US users have native IPv6.

SSL Certificates do two things. They encrypt the traffic between the end user and the website, and they provide authentication that confirms the website is who they say they are. As we previously wrote about at present the authentication step is done using a piece of maths called SHA-1.

What the SHA-1 function does, is to provide a signature that says ‘The Certificate Authority confirms that the public key for Mythic Beasts is ….’. It’s extremely important that nobody else can forge this signature, otherwise anybody could present their public key instead of the Mythic Beasts public key and intercept all of the data.

Now SHA-1 has been subject to a lot of analysis by people attempting to forge keys, and slowly progress has been made. SHA-1 has not been “broken”, but thanks to improvements in mathematics and computing, the estimated cost of forging a certificate has steadily fallen from more-money-than-exists to a-large-country-could-do-it and in the next 5 years is likely to reach script-kiddy-with-a-botnet-could-do-it.

So Google, Firefox and others now refuse to accept SHA-1 based certificates that will last into 2017. Whilst you can’t forge them now, in two years time it’s likely that well funded organizations may be able to do so. As a result, the Internet has had to migrate to SHA-2, a new function that achieves the same as SHA-1 for proving authenticity but has no known attacks: forging a SHA-2 signature is currently believed to be entirely infeasible. Google’s announcement of their intention to deprecate SHA-1 was greeted with dismay and anger, but in the end had the desired effect. The certification authorities moved quite quickly to make SHA-2 the default.

At Mythic Beasts this week, we replaced our SSL certificate for all our servers. As expected, the new certificate we were issued was SHA-2 based. Deployment of the new certificate went smoothly, sufficiently smoothly that not a single customer noticed. A short time later we realised that we now didn’t seem to receive any support mail at all.

Our ticket tracking system runs on top of mono, an open source reimplementation of .NET. The older version of mono it uses doesn’t have support for SHA-2 certificates, so our tracker was seeing the secure connection, failing to authenticate and refusing to send or receive email. Briefly we worked around this by turning encryption off for the support system – as the traffic is entirely within our network we aren’t so worried about it being intercepted.

However, we know that our end-users use a wide variety of different clients for email, some of which are quite old and obscure. So we thought it was rather likely that we were breaking email functionality for existing customers with the SHA-2 certificate. We decided the sensible thing to do would be to use the new SHA-2 certificate just for websites, and obtain a new SHA-1 certificate for mail applications.

We will face the same issue again in 12 months. (Except we don’t even know if the certification authority will still offer the choice of getting a SHA-1 certificate then.) We’re hoping that a year will force a number of updates to mail clients and system libraries such that next year we can deploy SHA-2 everywhere. Eventually, we will have to draw a line, and say that if our customers’ clients don’t support SHA-2, they will have to upgrade them, or use unencrypted access.

In a little known fact, here are two old men singing about SSL security beginning with a limited understanding of SHA hashes. It delightfully uses the metaphor of a journey to meet their loved one to show how the process of security is a continuous process that can never be fully achieved.

At UKNOF31 we presented a talk entitled Catastrophic Unplanned Success, a slightly rushed history of how some of the rapid scale-up of RaspberryPi from the point of view of the hosting provider, detailing some of the issues we’ve dealt with during their extremely rapid scale up, and attempting to educate the teenagers into a proper DDoS rather than the half-hearted ones they’ve tried so far.

https://indico.uknof.org.uk/getFile.py/access?contribId=5&resId=0&materialId=slides&confId=33

We believe this talk was videoed, we’ll put the video up here too once it’s published.

Some time ago we were forwarded a plea by Liz Upton who’s sort of famous on the internet for some sort of cheap computer, on behalf of World Possible, which said

This brings us to good news / bad news.  Last month we pushed through 5TB of
FTP traffic, and over 20TB of FTP traffic on the year.  That's great, about
700 RACHEL downloads - but our web host isn't as excited with our success
and cut us off yesterday.

Liz thought this was the sort of thing we might be able to help with. So we got in contact and we’ve set them up with one of our older inexpensive servers to act as a new host. As it’s an educational project that we’d like to support; we thought we’d donate some bandwidth to help out. Since it nicely coincided with a substantial bandwidth upgrade in our Cambridge data centre we’d put the service there.

So far they seem pleased!

which is handy because some of their other suppliers who pay Amazon rates for bandwidth were a little bit annoyed with them.

Mythic Beasts has been supporting Raspberry Pi since we saw a small Atmel based prototype that Eben Upton was tremendously proud of and that we thought nobody would ever want. However, we’ve always been wary of betting against Eben and the fact we’re now providing enough bandwidth to download copies of N00BS considerably faster than we can make cups of coffee suggests that, much though it pains us to admit it, we might have been wrong and Eben might have been right.

On Saturday Pete went to join Raspberry Pi at their 3rd birthday party. It was a lot of fun. He drank beer brewed by a brewery controlled by Raspberry Pis, saw the magical RFID announcing machine declare Liz Upton ‘The Tyrannical Goddess of Time and Space’ which clearly had been set to maximum flattery mode. There was also a neat synthesiser with keyboards and a drum machine hooked up doing all the instrument synthesis on an original single core model B which resulted in this sort of Raspberry Jam:

Expedited shipping on my replacement @Raspberry_Pi from @ModMyPi #PiBirthday #PiParty pic.twitter.com/xb0yZGsN9T

— Mythic Beasts (@Mythic_Beasts) February 28, 2015

But mostly it was just great to see how far we’d come. At the original Raspberry Jam soon after launch in 2012 we met a lot of people who were exciting and fired-up with plans to do awesome things. Now lots and lots of awesome things have been done.

When @Raspberry_Pi started we wanted to inspire kids to do awesome things. Now they’ve done awesome things and inspired us. #PiParty

— Mythic Beasts (@Mythic_Beasts) February 28, 2015

But I think it was Helen Lynn that summed it up best. She quietly said to me while surveying the amazing stuff in the room, ‘It really is loads better than when I was six’. Eben Uptons attempt to recreate the computers of his childhood in the 1980s has completely and utterly failed, it’s much cooler this time round.

Steven Allain

On Sunday night Pete was in the Hopbine and while buying some drinks the bartender asked him about his Raspberry Pi t-shirt and if he knew anything about it. One of the hazards of drinking in Cambridge is the barstaff are often considerably more knowledgable than you might expect at first.

Steven not only sells beer but is also a student at ARU studying zoology and has been using a Raspberry Pi and camera to look into monitoring and photographing things under water with motion detection. He commented that he’d just bought a Raspberry Pi model B+ and only a couple of weeks later the much faster model 2 B had come out and he wished he’d bought one of those instead, but as an impoverished student he couldn’t really justify replacing it.

Now we think taking photographs of fish and reptiles is pretty cool, so Pete took pity on him and gave him his model 2 Raspberry Pi in exchange for a future promise of some photographs of underwater things taken with his setup.

Ultimately this gets back to the real reason Mythic Beasts support Raspberry Pi. Not because it makes it cheap to run a formal curriculum for teaching in schools, but because it’s a catalyst for people to teach themselves. Steven may or may not have success in making a motion detecting under water camera but either way he’ll learn a lot in the process.

The mistake in all this? Not checking the Raspberry PI stock levels and Pete realising it’s going to take a few weeks before the replacement model 2 arrives – he’s back to his old much slower model B+ now and grumbling about it.

Taking a break from our usual articles about upgrades for VPS customers and mocking the hopelessly incompetent, we’d like to announce an upgrade for dedicated and colo customers in our Cambridge data centre. We’ve finally completed the upgrade of both of our links into Cambridge, so have increased bandwidth quotas, and reduced excess rates to just 7p/GB.

Details of the new specs can be found on our Dedicated Server, Colocation and Mac Mini Colo pages.