http://slashdot.org/askslashdot/01/04/05/1928226.shtml

They should read through the contract they signed with them. If it does not specifically state that charges will be incurred for security patches then I believe there may be some legal issues that could possibly be brought about.. It is not good business to have charges for patching known exploits.. But thats up to each individual..

Regards,
Brian P.

I'm not on Communitech's side or anything, but look at it from their angle. They probably are trying to charge dirt-cheap rates for their Cobalts that they lease out. They must have at least 200 of them. I think it will take a CT technician a LONG time to monitor each of them and make sure they all are up-to-date with security.

Although it wouldn't be hard for them to monitor Cobalt's list of patches and e-mail their customers when they should update. But still, the customer should not expect the host to patch up a server for them. That's the entire idea of an unmanaged dedicated server. The customer manages it.

I disagree. It isn't exactly a secret that the RaQ is intended for those who know little *nix, and any host renting them out should install all necessary patches before turning one over to a customer. At that time, the host should inform the customer that additional patches will be their responsibility, and tell them how to stay up-to-date on the issue. If a customer pays a host to reinstall the O/S, again, all necessary patches should be installed by the host at that time.

Not that I expect anything like this level of customer support or consideration from a host with the kind of reputation Communitech has.

All of the security packages are avaible at the cobalt website at http://www.cobalt.com/support/download/ for free. Why couldn't the guy from slashdot just go there and patch his server.

But, when you re-install the OS, the restore CD comes with the neccessary security fixes on it, so techincally it could be either the guys or Communitech's fault. Most likely, Communitech would argue that you can download them free and that is your responsiblity.

Another reason why reading contracts is very important.

Jim

I think initially the host should patch up known security holes. Once the server is up and running though it should not be the hosts job to keep the server current on all known security issues.

When you pay for the initial server, yes the host should correct any security problems. Although, most hosts do this, they are not required to. The thing is, if your a dedicated host and you have a server that does not have the correct patches on it, would you be putting the entire network in a vunlerable state.

Its a call that should be made by the host itself. The more security, the less tech support issues they have to respond to.

Also, I think that is stupid that they make someone pay $62 for a OS restore. All you have to do is hold the LCD Shutdown button and it automatically restores from a remote location within Cobalt Networks. So, its a major rip off.

Jim

The host should atleast have their customers on an updates list.

Is this a dedicated server we're talking about correct?? Or is this a Co-located one. If this is a dedicated box which I believe from the article that it is, it should be taken care of from the host not the client. We upgrade all of our dedicated boxes ourselves. If the client wishes to do so they may but the norm for us is to upgrade them ourselves. Now granted we dont upgrade every new release as soon as it comes out but we do stay on top of the security issues. I was under the impression that this was the norm with hosts but perhaps I was wrong.
One has to realize that even though it is a dedicated box and the client usually controls it, it is still our server and network, and eventually our problem if any of our servers are exploited both from a business and a customers point of veiw.. This is our stand on this issue, whether correct or incorrect I guess is up to each individual to decide.

Regards,
Brian P.

DigitalXWeb, are you from Communitech?

Jim

Jim,
I was just stating my company's policy on this topic. I do not work for Communitech , after going back and re-reading my post I can understand why you would think that. That post was in reference to my views only and not Communitech's.

Sorry for the misunderstanding. :)

Regards,
Brian P.

Oh ok, just wanted to know since you were saying things like "we". But i realize that.

Jim

(Note) I do not work for Communitech, nor do I agree with their business practices. In fact, I used to resell for them. I was forced to leave due to the way they treated me and my clients. (/Note)

Despite what I said in my "note", I am on Communitech's side with this one. When a customer signs a written agreement, they are expected to understand the agreement and abide by it. That is why dedicated hosts have their customers sign contracts before signing up.

If Communitech said in their contract "We will not be responsible for the upkeep of your server, nor will we install security patches," then they are completely in the right. They said in black and white that they aren't going to maintain the customer's server.

It was up to the customer to either install the patches themselves, or pay Communitech whatever they charge per hour to install them.

Vincent,

If that is stated in the contract then I agree with you,it would not be Communitechs problem and they do have the right to charge the customer to upgrade the servers. This is a perfect example of why customers should read and understand everything in any contract before signing. I may not agree with their procedures but they have covered themselves.