Gandi Bar

Managing IaaS Cloud Hosting resources via API

Thomas — Thu, 03 May 2012 10:04:00 +0200

After the release of our Simple Hosting management API last month, in May we're adding an API to manage resources on our IaaS Cloud Hosting service.

To put it plainly, with the new API you will be able to add, delete, modify and renew resources in your hosting account. That includes shares, processor cores, live memory allocation, disk quota and network interfaces. The only prerequisite is having sufficient funds in your prepaid account.

This release opens up new possibilities, such as:

the ability to resell our servers directly from your external site linked with the Hosting API, with a personalized interface to Gandi's system that includes your services, for example.
the ability to add and allocate new resources to a server automatically according to the configuration of your own services, on the fly. The Flex system allowed you to add resources that were already in your Hosting account based on a single parameter: the resource share. Now, you can order CPU, RAM, network interfaces and disk quota and allocate them to your servers individually, all on the fly. In other words, you can now purchase and allocate any hosting resource you need with the API, as the need arises.

Documentation for this new API is available at http://doc.rpc.gandi.net/

Note: The API is available in test (OT&E) until the end of the week. It will be available in production on May 7th.

Accented .FR domains

Ryan — Fri, 27 Apr 2012 15:23:00 +0200

On May 3rd, some of you will be able to register the first .fr domain names with accents (as well as in other extensions managed by AFNIC). The large majority of others will be able to do so as of July 3rd. Why? Here are some more details...

We spoke about this a bit in an earlier post that also concerned IDNs (and specifically the Russian extension, .РФ), and I recommend that you refer back to it to see what an IDN domain or an ASCII domain is.

Anyway, as mentioned above, as of May 3rd, AFNIC will authorize .FR, .RE, .PM, .YT, .WF, and .TF domain owners to register the accented form (IDN) of their domain without accents (ASCII). This possibility will therefore first be reserved to owners and their existing ASCII-domain.

For example:
We are the happy owners of GANDI.FR. Because of this, on May 3rd, if we use the owner handle of this domain, we will be allowed to register the domains GÀNDÎ.FR, or GÅÑDÌ.FR if we so chose.

However, if we didn't own GANDI.RE, then we would not be able to register GÀNDÎ.RE, for example, and we would need to wait until July 3rd before we could benefit from the first-come, first-served right to purchase the domain.

There are a total of 30 accented letters that may be used with your accented AFNIC domain, which we list below:

All(*) of the accepted ASCII and IDN letters that can be used are available in this AFNIC document under article 2.2.

If you obtain an error while trying to register your accented domain between May 3rd and July 3rd, and if you are sure to own the unaccented version of it, contact Gandi's support which will investigate what the hold-up might be and make any corrections as needed in order to allow the registration to go through.

For the others, your orders will be submitted as soon as possible following the general opening on July 3rd

Finally, we would like to remind you that accented domains managed by AFNIC must meet the same registration rules, and have the same prices as their unaccented forms.

* In application of RFC3454, the character 'ß'is converted to a double 's' during registration.

Gandi Support for Code the Change

Thomas — Mon, 23 Apr 2012 11:08:00 -0700

Are you a computer software professional who wishes their work had more meaning? Do you see all kinds of problems in society you wish you could use your skills to help correct? Well, check out Code the Change. Mahatma Gandhi said "Be the change that you wish to see in the world". That's often a challenge for computer science professionals. We tend to get recruited for hot projects like social media, virtualization, or cloud computing, and it sometimes is difficult to see the social good of all our hard work. At the same time, it's frustrating to see so much going wrong in the world that we could help fix, if we knew who needed our help, and how to give it to them efficiently.

How many more gifted and creative people would enter the computer science field if they knew that their work would be uplifting, socially relevant, and valued by society? How do we motivate ourselves and our peers to come up with the creative solutions we know we need to fix the world's problems?

Well, there are organizations out there that are making a difference. So besides sending your favorite non-profit a little extra cash, how can you contribute?

That's where Code the Change comes in. With their "Code Jams", they give you the chance to spend a short time creating solutions for the technical and software challenges faced by non-profits. You can do good with code!

They are also actively creating a network of schools, and connecting computer scientists to the non-profits that need their help. By offering students career counseling and guidance, Code the Change is inspiring those who might otherwise choose another subject, just because they do not see the social value in becoming a computer professional.

Some of the projects Code the Change has helped out are:

Anjna Patient Education - Interactive Health Module
Occupy Wall Street - Federated General Assembly
SIRUM - Tooltips: Donation of unused medicines
Endowr "Enabler": Financial Aid Reform

Gandi is proud to support Code the Change. Check out their site!

What do you think of your registrar supporting this project?
Are we spending the money you give us wisely?
Tell us what you think! Leave a comment!

Gandi Stands in Opposition to CISPA

Thomas — Tue, 17 Apr 2012 13:45:00 -0700

Some of you may have heard about the Stop Online Piracy Act, or SOPA. Gandi took a position against this legislation for good reasons. The US Congress is once again considering acts that abrogate existing privacy law on the Internet, this time in the name of stopping cyber attacks. One particularly heinous act is called CISPA, the Cyber Intelligence Sharing and Protection Act.

The problem is, CISPA is worse than SOPA. Here is a breakdown of some of what CISPA would do:

Extend the National Security Act to cover "cybersecurity" threats, loosely defined.
Allow US intelligence services and private companies to monitor and collect information we users place on the Internet, including emails, text messages, VOIP calls, web sites we visit, etc.
Allow US intelligence services to legally share the data gathered with private companies, and allow private companies to share data they collect with US intelligence services.
Allow private companies and/or US intelligence services to block or even modify data sent over the Internet.

Given these powers, the US government would have unprecedented power to snoop on data from any site they do not like, in the name of “cybersecurity”. Oversight is minimal; in fact, even with recent amendments, the bill explicitly limits public oversight of enforcement of its provisions. The data they snoop can then be used in the prosecution of "cybercrime", presumably in an effort to shut down such sites. They just need a "significant" purpose. Sound vague to you? It is.

Originally CISPA included “theft of intellectual property” in its definition of cybersecurity threats. That made it an effective tool for the US government to go after file-sharing sites and copyright violators. That language was removed under pressure from advocacy groups, but the remaining language is so vague that it leaves open the possibility of defining at least some violations of IP law as "cybersecurity related".

It is interesting to consider that a site such as Wikileaks might fall under the definition of a cybersecurity threat in CISPA. One wonders if that is what the US government really wants to shut down: the exposure of embarrassing truths on the Internet?

We at Gandi are a multi-cultural, multi-opinionated team of Internet experts. Unlike the bill's sponsors (which include AT&T, Facebook, and Google) we do not think that CISPA is the right approach to stopping cyber attacks on government agencies and private companies. We get our fair share of attacks, and trust us, we don’t like it, but what is the real price of fighting these bad actors with laws? We feel the comprehensive nature of the CISPA legislation offers a bazooka-to-swat-a-horsefly approach, and bazookas always cause collateral damage. We know what that phrase means from the Bush era: innocent people getting hurt. That price is too high. Try again, US lawmakers. You can do better (See Cybersecurity's 7-Step Plan for Internet Freedom, from the Center for Democracy and Technology, for example).

Read the bill! Form your own opinion and share it! Do you agree with us? Take action with the EFF, or Avaaz.

We want to hear your thoughts. Do you care what your registrar and web host has to say about these repeated legislative assaults on internet users? How important are these issues to you? Let us know in the comments.

Simple Hosting API: Empowering Web Hosting Resellers

Thomas — Thu, 12 Apr 2012 04:58:00 -0700

Yesterday we added Simple Hosting management features to our public Simple Hosting API. If you are a reseller of Gandi's Domain Name and Cloud Hosting services, these features beg the question of reselling Simple Hosting: Can you do it?

Of course you can!

For example, imagine you want to resell hosted Ecommerce turnkey solutions to your customers. You use an app that runs in PHP on a MySQL database, and you know how to use an API. Then it's easy to offer Ecommernce solutions to your customers with Simple Hosting.

A simple command (paas.create) lets you create an instance. Another (paas.vhost.create) associates a domain or subdomain of your choice to the instance, and you then directly upload the code for your app to the the vhost, using sFTP. Presto, your customer is online in a few minutes! If you are short of instances, or need to beef one up to a larger size, the API supports commands to buy more resources as well.

Our API is XMLRPC, and supports many libraries. Lots of programming languages are available for accessing it (PEAR, for example, or PHP, or PERL).

Wondering about prices? Well, we've not implemented any sliding scale or reseller price breaks (mostly because the price is so low already) but, if you decide you want to resell our solution to your customers, either via the API or via the website, you can always contact us (reseller@gandi.net) to see what we can do for you.

Gandi Spring Fashion! : 500 Free t-shirts via Twitter

Thomas — Tue, 10 Apr 2012 01:19:00 -0700

Did you know Gandi doesn't advertise? We have no TV ads, magazine spreads, or radio spots. Our philosophy from the start has been that advertising is unnecessary, and that our customers good words are the only trustworthy way people should learn about us.

Obviously, without the open channel of paid ads, our ability to spread the word and gain new customers is limited. It's up to you, happy Gandi customers, to do your part and let others know we exist.

The way we see it, we offer you the same services we would use in your position, if we had a team of specialists to set them up for us. These products have to work, because only customers who like what they are getting will recommend us. That's you, our sales team. Every time you mention Gandi, our alternative approach and the services you enjoy, you make it possible for more people to discover us and join the Gandi community.

That's why we're putting up a little marketing operation on the Twitter social network:

From April 10 to 14, you have the chance to win a fantastic Gandi "#no_bullshit" T-shirt! Just re-tweet one of our messages from the @gandibar account
We will award 100 t-shirts every day, drawing at random from the list of users who retweeted one of the messages listed below, or any news you like that we tweet, to @gandibar.

- message #1 Win one of 500 Gandi t-shirts on Twitter between April 10th and 14th! http://www.gandibar.net/post/2012/04/10/Gandi-Spring-Fashion-%3A-500-Free-t-shirts-via-Twitter
- message #2 If you have a domain name at Gandi, you get 50% off on a year of Simple Hosting. https://www.gandi.net/domaine/simple-hosting
- message #3 You get a free SSL cert with each domain at Gandi https://www.gandi.net/ssl
- message #4 DNSSEC is available at Gandi for 16 domain name extensions. http://www.gandibar.net/post/2012/03/02/DNSSEC-at-Gandi
- message #5 The Gandi April Newsletter is available online. https://www.gandi.net/news/en/2012-04-10/627-general_newsletter_april_2012/

ATTENTION: The purpose of this campaign is to convey useful information, and to find new Gandi customers, not to spam the Twitter network.
Also, we would appreciate your ethical, responsible behavior during this campaign. We will consider only a single retweet per day per user. Additional retweets within a day are welcome, but will not be considered for the drawing, even if you retweet a different message.

Another important point: we will send the winners a code by "DirectMessage", which can be used to get a t-shirt. You should follow @ gandibar so we can send you your DM, should you win.

For those allergic to Twitter, we will launch another campaign by the beginning of summer

DNSSEC at Gandi (UPDATED)

Thomas — Tue, 20 Mar 2012 11:06:00 -0700

DNSSEC (Domain Name System Security Extensions) is a way to secure a previously insecure protocol: DNS. The most technically adept among Gandi’s customer community have been asking for DNSSEC support for a long time, and now, we are pleased to say, it is available!

This option is useful only if you know how to configure your own DNS servers, and at this point, it is enabled only for a relatively small number of popular domain name extensions.

The basic principle is to use digital keys and signatures to secure DNS from attack, such as DNS cache poisoning. When properly deployed, DNSSEC enables visitors to a secured domain to have an additional level of assurance that they have reached the site they intended to reach (authentication). The Registry for the domain stores the public key, and the authoritative DNS server stores tha private key. The resolving client checks the digital signature of the response to see if it is complete and authentic, i.e. that it comes from the authoritative DNS server.

For detailed information, see: http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions

To allow domain name owners at Gandi to use this facility, Gandi has created a tool that allows posting the public key(s) to the registry.

There are some prerequisites: first, you must possess the skills needed to set up and manage your own DNS server, generate a key, and install the private key on your DNS server. Your domain name cannot use Gandi's DNS as it’s primary server, but you can still have ns6.gandi.net as a secondary DNS if you like. Finally, your domain has to be in one of the following extensions:

Several other extensions are managed by Gandi and are also compatible with DNSSEC. They will soon have the option added. They are:

When you have your DNS server and private key in place, just use the new DNSSEC Management screens to populate the Registry with your public key. If you need help, please take a look at our Wiki page about the use of DNSSEC at Gandi. http://wiki.gandi.net/en/domains/dnssec

Update (08/03/2012): DNSSEC is now available for .ORG

Update (19/03/2012): DNSSEC is now available for .CO.UK, .ORG.UK and .ME.UK

The Importance of Our Customers

Thomas — Mon, 19 Mar 2012 20:37:00 -0700

Now that the redesign of our backend system is nearly complete, it's time to move on to the phase we've been internally calling Gandi V4. It will consist of an optimization of our website (for speed, usability, etc) and the introduction of Domain name and Web Hosting tools and web interfaces that some of you have been requesting for months, or even, in some cases, for years.

This is our opportunity to remind you that we are listening.

We have an ongoing need to hear your opinions, whether positive or negative, which we use to improve our services.
You can submit your feedback on the lower right-hand side of our contact page.

We carefully monitor this and post it publicly.

A contact address is also available, where you can submit your reactions to our updates, and of course your comments are always welcome right here at the Bar.

We test each version extensively before release, but bugs, some more annoying than others, occasionally persist. You are always welcome to submit a bug report with a link to a screenshot, for example, to our customer service team.

We also have an ongoing need for you to spread the word about what we do:

We do not buy keywords in search engines - we rely on your satisfaction and word of mouth alone.

We don't advertise, so we appreciate it when you mention our updates in your social network or directly on your website.

We don't buy banners, so our logos are available for download if you want to show that your content is hosted on our Cloud platform or that your domain name is managed with us.

It all boils down to our need to work closely with our users, because our intention is to treat you the way we would like to be treated: Our door is open to you, literally! If you are in Paris or San Francisco, don't hesitate to stop by, have a coffee and chat. We will always be available for you to talk to, be it personally, by email, by Twitter, or by blog post.

We know this is an unusual policy in our industry. We are, nonetheless, firm in our belief that it is the most ethical way to operate. The fact that we don't advertise means that your satisfaction is critical to our success; it is indeed the only way for us to reach new customers. And if that's not a source of motivation to give our existing customers the best service we can, then we don't know what is.

И лове РФ

Thomas — Mon, 19 Mar 2012 19:59:00 -0700

So, I've stumped you, right? Rest assured, I haven't been replaced by Olga the masseuse over vacation. It's just a quick introduction to the first TLD extension available at Gandi in IDN format, .RF (Russian Federation).

To find out what the title of this post means, read on.

For starters, what's an IDN?

This is a good place to start. IDN, which stands for Internationalized Domain Name, designates a domain name containing "language-native" characters (in other words, non-ASCII). The ASCII character table basically consists of all non-accented Latin characters used in English (yes, ASCII stands for American Standard Code for Information Interchange). In order to "regionalize" domain names, more and more registries have established the ability to create domain names containing nonstandard characters, or IDNs.

This makes it possible to purchase "bébé.com," for example, which is distinct from bebe.com (the two domain names can have entirely different owners).

How does it work?

It works in the same way as any other domain name, with one slight exception: accommodations are made for web tools that weren't designed to display non-ASCII characters. Not to worry; these tools catch up quickly. Today, virtually any user with an up-to-date browser can already enter a domain name with accented characters and the website will appear normally.

For example, if I visit the website www.île.com in Chrome, I'll see http://www.île.com/ in my address bar, as opposed to my out-of-date version of Firefox (3.6), which still displays http://www.xn--le-pja.com/.

This isn't a display error, and it is indeed the same website, but in the latter case, the older browser displays the accented form in an ASCII format called Punycode. This is easily identifiable thanks to the "xn--" preceding the other letters.

So what's the point?

First and foremost: localization. Effectively, words can mean entirely different things depending on the accents used. For example, the site manana.com will certainly yield different content than mañana.com, yet without IDN there can only be one site with that name (It's also worth noting that Google knows the difference between the two searches.). This is a great opportunity to stake out a domain name that's perfectly suited to the meaning and language you have in mind.

Gandi already has over 50 extensions that support IDNs, including .com, .net, .eu, .de, and .es.

And while we're on the subject of extensions that support IDN, you should know that .fr IDNs will be available on July 3, 2012. There will be a two-month sunrise period where it will be possible to register IDN versions of domain names for those who already own the ASCII version.

For example, the lucky owner of the domain name cafe.fr will be first in line to register café.fr. And since the .FR rule also applies to the other AFNIC extensions (.re, .yt, .pm, .tf and .pm), they will all be IDN-ready on the same date. And don't forget that the recent opening of these extensions to Europe means that 30 new characters ( https://www.afnic.fr/en/products-and-services/idns.html ) can now be used.

Slight clarification:
Since AFNIC uses a unique identifier to identify the domain owner, the IDN version of your domain will have to be obtained through the same registrar as that where the ASCII version is registered. Finally, priority rights are only valid on the domain as a whole, i.e. the owner of cafe.fr will have priority over café.fr but not café.re!

So what about .РФ?

Still on the subject of IDNs, the extension .РФ (which translates to .rf, for Russian Federation) is a special case because here, it's the extension itself that is "IDN-ified." It's not the first IDN domain: Egypt (.مصر), Saudi Arabia (.امارات ) and the United Arab Emirates (.السعودية ) secured their respective national IDN extensions on May 5, 2010. However, the .РФ is the first in Cyrillic and the first offered by Gandi. Interest in the French community will be fairly limited, since the .fr extension doesn't accept Cyrillic characters (choose Russian as your language at checkout), but we know that some customers at Gandi will be interested in the novelty of creating a domain with cyrillic characters.

As for the title of this post, it simply means "I love .RF."

Register a .РФ?

.РФ

If you want to convert a Latin text into Cyrillic, try this link.

Monitor Your Domain Name

Thomas — Wed, 07 Mar 2012 22:41:00 -0800

Why Monitor Your Domain Name?
A domain name is a distinctive mark, one that lets your customers, your suppliers, all of your contacts know who they are communicating with on the Internet. Depending on the popularity of your brand, your domain name may be subjected to counterfeiting or abuse, in the form of cybersquatting. This can damage or abuse your online identity, allowing others to masquerade as you, to their advantage.

The abuse can take several forms. For example, you might find that someone has registered an identical second-level name to yours. Say you have the domain name “votremarque.fr”. You might find that a third party has registered votremarque.com, or .org. They might try inserting a typo, like “votrearque.fr”, or an alternate spelling like “lavotremarque.fr” or “votremarques.fr”. If you are monitoring, you can and take action to protect your domain and your reputation.

Gandi Corporate Services

Through the efforts of our Corporate Services team, we will be able to offer monitoring and reporting on the following types of events:

New domain name registrations that match or come close to matching your domains

Domain names where the content has been modified (activation, deactivation of a web site, or content of the page changing, for example)

Changes to the whois data on a domain name

You can get your results online, regularly. An email can be sent automatically informing you of the availability of your monitoring results for a given period. It may be quarterly, monthly, bimonthly, weekly and even daily.

For each newly registered domain name, you get a time-stamped screen capture, an automatic, customized label, court case data (if available) and the whois details.

For more information about Gandi Corporate Services click here .
WARNING: Corporate Gandi does not give legal advice. Be sure to check with your legal counsel should you need legal help to pursue those who abuse your online identity.

SSH Key Authentication Added to Gandi Cloud Hosting

Thomas — Wed, 07 Mar 2012 21:53:00 -0800

In the last update of our cloud hosting platform , we added a small feature to that will appeal to some of you: SSH key authentication for Expert mode VPS servers.

Passwords are a good thing, but unless we have a great memory or a password manager we trust, it often turns out we use the same 3 or 4 passwords, themselves variations on our "master password". SSH keys encrypt the authentication, and can even obviate the need to type a password, unless you want to.
Now, when creating VPS Server in Expert mode (though not with Gandi AI), you can choose from three methods of authentication:

password

SSH key

Both SSH Key and Password

You can use SSH keys to log in as root, as well. The only requirement for keeping the connection secure is that you maintain the security of the private key file. You can add to this by adding a passphrase to the key when you create it, but that is up to you.

This feature is already available for any new Expert Mode VPS Server on our cloud hosting platform, and is enabled at creation time.

On the Management and Coherence - of the Internet

Stephan — Fri, 02 Mar 2012 16:51:00 +0100
All of us here have seen this article, written by the head of EasyDNS, in which he gives his opinion as to the decision by Verisign, the operator of .com domains, to yield to the demand of the American judicial system.

The latter ordered them to forward two domain names to a page of their choice, specifically one that warns against online gaming and describes the legal actions taken by the authorities against the owners of those websites.

If I'm not mistaken, along with the MegaUpload affair, this is the second time that we have had to deal with this sort of thing. Here is a copy of the article:

----------------------------------------------
"Verisign seizes .com domain registered via foreign Registrar on behalf of US Authorities.

Yesterday Forbes broke the news that Canadian Calvin Ayre and partners who operate the Bodog online gambling empire have been indicted in the U.S., and in a blog post Calvin Ayre confirmed that their bodog.com domain had been seized by homeland security. As reported in Forbes (hat tip to The Domains for the cite),

According to the six-page indictment filed by Rosenstein, Ayre worked with Philip, Ferguson and Maloney to supervise an illegal gambling business from June 2005 to January 2012 in violation of Maryland law. The indictment focuses on the movement of funds from accounts outside the U.S., in Switzerland, England, Malta, and Canada, and the hiring of media resellers and advertisers to promote Internet gambling.

Sports betting is illegal in Maryland, and federal law prohibits bookmakers from flouting that law simply because they are located outside the country,” Rosenstein said in a statement. “Many of the harms that underlie gambling prohibitions are exacerbated when the enterprises operate over the Internet without regulation.”

That is a truly scary quote but we'll emphasize that: "The indictment focuses on the movement of funds outside the U.S." and that you can't just "flout US law" by not being in the US. What also needs to be understood is that the domain bodog.com was registered to via a non-US Registrar, namely Vancouver's domainclip. So Here's Where It Get's Scary…

No Bodog.com for you!We all know that with some US-based Registrars (*cough* Godaddy *cough*), all it takes is a badge out of a box of crackerjacks and you have the authority to fax in a takedown request which has a good shot at being honoured. We also know that some non-US registrars, it takes a lot more "due process-iness" to get a domain taken down.

But now, none of that matters, because in this case the State of Maryland simply issued a federal warrant was issued in the State of Maryland[1] to .com operator Verisign, (who is headquartered in California) who then duly updated the rootzone for .com with two new NS records for bodog.com which now redirect the domain to the takedown page.

This is exactly the scenario we were worried about when Verisign originally tabled their very troubling takedown proposal. Said proposal was quickly retracted, but here we have the same situation playing out anyway. Granted, this was an actual court order, to Verisign – not a "request" from a governmental or "quasi-governmental" agency as originally proposed.

But at the end of the day what has happened is that US law (in fact, Maryland state law) as been imposed on a .com domain operating outside the USA, which is the subtext we were very worried about when we commented on SOPA. Even though SOPA is currently in limbo, the reality that US law can now be asserted over all domains registered under .com, .net, org, .biz and maybe .info (Afilias is headquartered in Ireland by operates out of the US).

This is no longer a doom-and-gloom theory by some guy in a tin foil hat. It just happened.

The ramifications of this are no less than chilling and every single organization branded or operating under .com, .net, .org, .biz etc needs to ask themselves about their vulnerability to the whims of US federal and state lawmakers (not exactly known their cluefulness nor even-handedness, especially with regard to matters of the internet). The larger picture: root monopolies and the need to replace ICANN

The .com root will never be opened to a truly competitive bidding process. Verisign has pretty well ensconced themselves into the .com and .net roots indefinitely with built-in price hikes baked into the cake. I recall a conversation I once had with Tucows CEO Elliot Noss, back when they still owned Liberty RMS (which ran the .info registry and later sold to Afilias) – he lamented that if the .com registry bidding process were truly competitive, you would see a registry operator in there doing it for about $2 per domain. At the time the wholesale cost of a .com domain was $6 and is now $7.85 after their latest annual increase which is hard-coded into their contract.

I mention this because a truly competitive bidding process for the registry operator job would bring out both cost competition and stewardship competition: players who would table proposals on just how they would respect the rights of all their stakeholders, not to mention operators who may operate outside the United States.

Where the fsck is ICANN in all of this?

They are nowhere. They are collecting their fees, pushing their agenda of as many possible new-top-level domains and despite the fact that SOPA, ACTA, PIPA et aim directly at the interests of their core stakeholders, for whom they are supposed to be advocates and stewards. ICANN is conspicuous in their absence from the debate, save for a smug and trite abdication of involvement (i.e. "ICANN Doesn't Take Down Websites") – translation: "This isn't our problem".

And therein lies the issue. ICANN needs to make this their problem, because it very much is. If ICANN isn't going to stand up, and vigorously campaign for global stakeholder representation in these matters, than they are not only abdicating any responsibility in the ongoing and escalating crackdown on internet freedom, they are also abdicating their right to govern and oversee it.

They need to be visible, they need to be loud and they need to come down on the right side of these issues or they need to be replaced.

Of course, the replacement of ICANN will never happen. At least not by a non-US entity, which means we are once again headed to the unthinkable place that only crackpots and conspiracy theorists think possible: a fractured internet with competing roots. On the bright side, life will go on, and companies like mine will probably become exceedingly wealthy charging every internet user in the world fees to gain and project visibility across all the myriad internet roots that will someday exist because governments will refuse to approach it co-operatively. The only thing that will remain to be seen is whether we'll be deemed "criminals" for doing so."

----------------------------------------------
What about Gandi in all this?

My opinion on this topic? (since there may be some significant differences within Gandi). Let's just say that I am a fatalist and strongly believe in consumer freedom. In short, I am not sure that we can avoid this kind of a mess, however if consumers/citizens wake up (since yes, with the exception of our customers and what we saw during the boycott of GoDaddy, this type of reaction is rare) they may decide that no extension is irreplaceable, even the original one (.com).

If you don't agree with the policies and decisions of your provider or product manufacturer, then work to change it. Change provider as well. Make a decision and take a stand and act. Exercise your greatest power: that of where you spend your money.

With regards to the uniqueness of the web, it's a fact that it is American, and that it will probably explode one day, though this is not something that we want to see. But, as long as they manage to "talk" together and the whole thing "works"... yes I know I always had a utopian side

PS: It so happens that in this case, the persons targeted by the authorities are known to us, and, how can I say this...I am not going to shed any tears. This does not touch upon the root of the problem of course.

Simple Hosting at One Month In

Thomas — Mon, 20 Feb 2012 17:40:00 -0800

Our Simple Hosting has been available for a month now. This is our initial assessment, some feedback, and some links you may find useful.

After a month of availability, we now have about 3,000 active accounts on the platform. That's not bad. Most of the feedback we have had has been very enthusiastic, and users are saying it performs better than previous hosting offerings.

Many people have asked us to compare our Simple Hosting to the web hosting they currently use. Our main concern in doing this is that a lot of them use shared hosting. Even if these offers are comparable in terms of price, we can’t really make a direct point-by-point comparison, since the model is so different.

In a PaaS cloud like Gandi’s, each instance is compartmentalized. Resources are essentially dedicated to the instance. It’s completely different from shared hosting, and comparisons don’t make sense unless you are talking about what you can use it for.

Simple Hosting provides a single instance preconfigured with applications. While at the moment we offer only PHP/MySQL installed, you can run up to 100 virtual hosts under it. The database size is limited to the root disk size. That's it - Simple.

We chose to place functional limits on the number of simultaneous processes at a given time. For an instance of size S, this limit is 2. Of course, this does not mean that only two users can simultaneously access your hosted pages: we are talking about instantaneous process. Most of the pages of a website, CMS , shop, blog, wiki etc. are served by the cache system, so the process limitation really just introduces a small delay as the system switches context and serves up new content.

If you want a more technical explanation on the functioning of an instance, I highly recommend reading the note from our technical team on the technical side of this blog: The Gandi Kitchen. Even if you do not have a technical background, we think you will enjoy reading this; it is very detailed, very transparent and very rich, while remaining accessible.

For example, we discuss how we update the applications on Simple Hosting, including how we loaded and re-configured PHP5.3.10 fopen.

For general questions like "how to retrieve my password", etc., we have set up a list of frequently asked questions in our wiki. This should help most users to quickly find solutions by themselves. And of course, like we always do at Gandi, we are improving the interface using your feedback. You will, for example, soon be able to add an alias to a vhost without needing to create a symlink.

What’s next? Currently, most of us are taking a break from dev-hosting on the IaaS platform to finish the Snapshot backup options, and options to add and control bandwidth. We also have had a hard time with two of our storage units recently, which got all of our attention for a while. We’ll be right back to Simple Hosting to install the Snapshots options there as soon as they are done and tested.

Meanwhile, our infrastructure team is hard at work on the deployment of Simple Hosting at our US data center. It’s expected to be ready in early April! Yeehaa!

Once this part of the plan is complete, our team will move on to develop new types of Simple Hosting instances. Want a say in the priority? Add your suggestions and votes to the Wishlist!

Simple Hosting is live!

Ryan — Thu, 19 Jan 2012 10:15:00 +0100
After 4 months of beta testing, the Gandi team is proud to present our new hosting offer, now available to the general public. Simple Hosting has been designed to offer you the maximum possible flexibility and simplicity at a price that will allow everyone to use it.

Since its founding, Gandi has challenged itself to combine two things which don't easily go together: We want to be at the forefront of technological innovation in our field, and also to offer our services to as broad an audience as possible.

In 2008, we were among the pioneers of Cloud hosting in Europe, developing a complete IaaS (Infrastructure as a Service). This offer, which has been very successful since it was introduced, and which is still growing in users, was primarily aimed at system administrators and architects; people used to dealing with dedicated servers.

We have continued to expand our IaaS platform, which constitutes the foundation of all of our hosting solutions, and this time we wanted to make the technology available to the largest number of people possible. The idea is therefore to combine the flexibility of the Cloud with the simplicity of the traditional shared-hosting model, and to offer all of this at a price everyone can afford.

We therefore present you with a service offer based on a PaaS (Platform as a Service), which will give you all the flexibility you are used to getting from Gandi, but which will be very easy to use. This will be appreciated by webmasters who don't want to have to deal with server administration, but want to benefit from the advantages of Cloud Computing.

We are launching our Simple Hosting offer with a server that has PHP and MySQL already installed, and comes with dedicated disk, RAM, and CPU core resources. The flexibility of the offer allows you to increase or decrease the power of the server in a few clicks (and a few minutes), without the need for migration. We are also keeping the minimum commitment period to one day, so that you can easily create and use resources for only as long as you need them.

Our prices (and all prices below are listed excluding VAT), are designed to give you a very attractive offer that is economically feasible for you and for Gandi. Prices start at €4 euros per month (or an annual cost of €48), and we are both proud and happy to announce that we can guarantee this price.

The starting offer, that we call the "S", or small size, corresponds to a server with 256MB of RAM, one dedicated core, and a MySQL database whose size is limited only by the size of your disk!

We have devised 5 offers in total, for this first instance family, and have grouped them by size, in order to meet your needs. Here they are:

S Pack: $5, £3.50 or €4 per month

M Pack: $10, £7, or €8 per month

L Pack: $20, £14, or €16 per month

XL Pack: $30, £21, or €24 per month

XXL Pack: $40, £28, or €32 per month

Each size pack will give you twice as much power as the previous size, an exponential increase in power, though the price increase by pack size is basically linear. All the packs come with 10 GB of disk. However, the disk space can be increased just as it can with our IaaS offer, and at the same price: $0.25 (£0.16, or €0.18) per GB per month, up to a maximum of 1 TB (1000GB).

So, what can I run off of an "S" instance?

Many things, in fact. Our engineers have implemented a web cache system that allows us to run many simultaneous pages, as long as they are in the cache. The only real limit is the strict number of simultaneous processes. By strict, we mean simultaneous connections by X number of visitors.

In the case of "S" instances, this limiting number "X" is equal to 2. What this means is that only 2 visitors will be able to call PHP/MySQL at precisely the same instant (the others must wait until the end of the execution of the script before taking their turn, typically a few milliseconds).

Our offer is well suited to people who have created their website themselves, or done so with the help of popular tools such as Magento, Joomla!, Drupal, WordPress, punBB, etc. With predefined sFTP access and phpMyAdmin already in place, the management of such a website is surprisingly quick and easy to set up!

To help you with this, we have written up some installation guides of a few popular tools that will help you get your website published on a Gandi instance of any size.

During these 4 months of beta testing, we have been focused on the feedback we received from our testers, looking for the right balance between ease-of-use and security. We have arrived at something that we believe is really easy to use, and yet without sacrifice in the area of security, which is a constant problem, and one not dealt with adequately by some of the more "traditional" hosting offers.

We have already written several wiki pages that will answer the majority of your questions. And for those of you that are eager to get going, we have even written up a Quickstart Guide that will show you the basics in a quick and easy way. Of course, access to our customer service is included in our offer.

Currently we are only offering Simple Hosting out of the Paris datacenter, as we initially needed to validate the technology and infrastructure before ordering up the expansions needed to enable the American datacenter. This has now been done, and Simple Hosting will be available from at our American datacenter at around the beginning of April.

Of course this does not prohibit customers from around the world from benefiting from the current offer. If your visitors are mainly from the United States, however, you might want to consider waiting until our offer is available out of the Baltimore datacenter.

For our customers that have been seduced by our offer but don't yet have a hosting plan with us, we are offering a promo code to all domain name customers at Gandi.

This promo code will give you a 50% discount on the price of any instance you choose, in exchange for a one-year commitment(*). A "S" size at €2 per month, for example, will be a total of €24 for the entire year.
(*) Warning, this offer is limited to the first 3 million customers who request it

We recommend that you choose a S pack (with monthly renewal), and test your site on it, and then adjust the size of your instance as needed (since you are free to do this at any point). When you are sure, just renew your pack at the ideal size, using your promo code.

We have done everything we could to have our offer meet your needs, while staying true to our mission of helping the greatest number of people possible to profit from this wonderful platform for free speech: the Internet!

One more thing: as you know, we do not purchase any advertising, or ever pay anyone to say nice things about us. It's all honest word of mouth (ok, and twitter plays a part too). So, should you like to help us continue operating like this, we would be very grateful if you would purchase a pack of Simple Hosting, but even if you don't, you can still spread the word. Thanks for your support, and we wish you a happy 2012!
The Gandi Team

The Evolution of Domain Names

Thomas — Mon, 16 Jan 2012 17:08:00 -0800
Here is a bit of context for Domain Names, where they have been, and where they are going, especially with the new gTLDs on the way.
Back in the late 70s, in the early days of the Internet, the network designers needed a method of telling the hosts on their network apart. They went through several iterations and changes to address schemes and communication protocols, eventually coming up with the Internet Protocol (IP) address scheme. They initially assigned names to addresses in a single file called HOSTS.TXT, which they copied to all of the small number of interconnected hosts.

After passing this file around to all their hosts got a little impractical, they created the domain name system or DNS, in 1983. This grew into a global infrastructure, which, despite it’s relatively simple mission (returning a unique numeric IP address when given a text-format name) is now a multi level hierachical database, comprised of thousands of DNS and bind servers.

The Evolution of the Registry and the Registrar

At first, the US government doled out domain names for free, mainly to universities and research institutiuons. After the Internet migrated out of these institutions, and companies and individuals got involved, the free distribution of domain names soon came to an end. In 1993, registration of domain names became a private, subsidized business, at least for .com, .org, and .net extensions. In 1995, fees were introduced.

NSI (Network solutions), who had operated the handing out of free domain names, became the sole Domain Name authority for the Internet, taking over this function from InterNIC, who had contracted it to them in 1991. The initial fee was $100 per name, for two years.

This changed in 1998, with the delegation for DNS management to ICANN, originally formed to take over for IANA in the distribution of IP addresses. With this came the separation of the registry (the database administration portion of the task of updating the DNS system) and the registrar (the commercial business of collecting registration fees and administering the Domain Name registration process).

Dozens of registrar companies like Gandi SAS began to form, offering services that complement the ownership of a domain name, such as hosting services for web and email. NSI maintained a monopoly on .com, .net, and .org, but NSI was purchased by Verisign in 2000, and Verisign sold off the registrar portion of the business in 2003. NSI still runs as a registrar, and Verisign remains the accredited registry for .com and .net extensions.

Domain names continue to evolve. The separation of the registry and the registrar has allowed entities such as governments to form part of the picture once again. The ccTLDs (Country-Code Top-Level Domains), introduced in 2010, are mostly managed by different registries. These registries are sometimes government agencies or offices, sometimes independent companies on contract to governments. They are delegated the authority by IANA (http://www.iana.org/domains/root/db/), and may implement a variety of restrictions and rules for who may register and for what purpose. This is why you need to be a resident of the EU to have a .it domain, for example, or an address in Germany for a .de.

In 2011, after long discussion, the .xxx domain was introduced, ostensibly to allow pornographers to more easily designate their domains as hosting adult material, though certainly not all pornographers agree that this is a good thing for their business, or that ICANN acted appropriately in allowing the xxx extension (see this lawsuit).

That’s where we are now, or where we were until last week.

Avoiding Friday the 13th , on the 12th of January, ICANN announced unrestricted gTLDs as available for application. If you are wondering what an unrestricted gTLD is, think “dot brand” instead of “dot com” and you will get the idea. Here’s a link to more info.

The new gTLDs certainly have the potential to disrupt the relatively settled state of domain names we know now and are more or less comfortable with. ICANN is moving ahead with the proposal despite the obvious potential for confusion, the need to rebrand millions of products and services around new names, and the resistance that is being put up from many entrenched interests like the ANA.

Critics of ICANN’s handling of the initial gTLD proposal in 2008 point out that the registries (and, for that matter the registrars, like Gandi) stand to make a lot of money when the new monikers start to be allowed. It is not unlike a real estate boom, with green fields to be developed. It is up to ICANN to prove to it’s critics that it is not bowing to inappropriate pressure from those who star to gain, and that it’s interests are not in conflict when it approves such regulations.

As big a deal as this is, we will have time to adjust to it gradually. Only 1000 gTLDs will be released a year, and the first of them won’t show up for about a year at the earliest. The application price is so high ($185,000 USD), that it puts a gTLD name out of the reach of most small businesses. The ability to obtain and resell a name that is not related to the business you do, or one that relates to many businesses, not just yours, will be restricted severely. It will be very hard to “typo-squat” or snap up gTLDs and resell them to later claimants.

Still, to really manage one of these names and all of it’s ancillary brand protection provisions is probably much more expensive than just the application fee.

Gandi is cautiously optimistic that ICANN will be able to manage the release well, and we are looking forward to what the creative minds in the community will do with the new digital real estate. It certainly will cost some businesses a significant amount of money to take advantage of the opportunity, but that’s true for a lot of things. It’s the businesses that manage opportunities and take risks that reap the benefits, and having more opportunities is never a bad thing.

New Domain Name and Email API

Ryan — Fri, 06 Jan 2012 21:00:00 +0100

Those that have been following our blog closely are aware that we have been doing a complete overhaul of our domain name platform over the past year.
With this overhaul comes a new domain name and Email API, replacing that already available to resellers. As a special surprise, the new API will also be available for non-resellers too!.

A new API, but still in RPC XML

We have made the decision to make the same API available to you that we use for the gandi.net website. This means that you will benefit from all our improvements at almost the same time as we do (like new extensions, new products, etc.).
This also means that you will have access to all of the extensions that Gandi provides, and that the price catalog can be queried directly via the API (thanks to new methods that allow you to query for the price at your price rate).
You can also create lists of operations, domain names, and contacts that you can apply filters to.
Finally, you may manage your Gandi Mail out-of-office reply via the Email API.

Documentation is already available at this address, and it contains examples in Python, Php, Nodejs, Perl, and Ruby.
You will find a step-by-step tutorial on how to use it, on this page or, if you prefer, you may download it as a PDF file.

The major differences

The idea from the beginning has been not to change everything, so your migrations will be smooth, using familiar terms and calls. Since we are mentioning migration, you should know that the current (old) API will not be updated, though it will be supported until June 30th, 2012 to give you time to start using the new version.
Concerning your migration, the two APIs are compatible and you can migrate between them method by method, giving you constant control over your transition to V2.
One point that may seem a bit trivial, but which will cause problems for some: there is no longer a method for logging in with a login and password in the new version. You must use an API key, which you can get here for your Gandi interface.
Finally, remember that this new API is open to everyone, whether or not you are a reseller. The only requirement is that you must have at least one domain name at Gandi and/or have a prepaid account that has enough funds for your operations.

What is an API used for?

Our API lets you do the same thing with domain names from your website as we do on ours. For example, you can use the scripts to program renewal reminders at the dates that you choose, provide your family, friends, or customers (if you are a reseller) with your own interface that will allow them to create email or web forwarding addresses, program out-of-office replies for their email, etc.

When will it be available?

The OT&E (Operational Test and Evaluation) test platform is already available at the address https://rpc.ote.gandi.net/xmlrpc.
The production platform will be available in 3 to 4 weeks.

Changes to come

What we will soon be integrating into the new domain name API (and not into the V1 API) will please many of you. The finishing touches are being added to DNS zone file management. Additionally, we expect DNSSEC to follow a couple weeks after that. Owner changes are in the works, however we still have one more migration to do in our system before it will be compatible with the API methods.

Update: as of Feb 28, 2012, the new API is active. Documentation is available at http://doc.rpc.gandi.net/

As a reminder, if you have not yet activated your API on your account, you will need to activate it and use the API in OT

Price Increase for .COM/.NET/.BIZ

Leland Vandervort — Mon, 26 Dec 2011 12:25:00 +0100

As you may already know, ICANN, the regulatory authority for domain names, authorized the principal registries (.com, .net, .org ...) to increase their pricing in 2007. Of course, the registries were not slow to take advantage of the opportunity. A 7% increase in 2007, and a further 7% in 2008, was followed by yet another 7% increase in mid 2010. Now, Verisign will once again be increasing prices, theortically for the last time, on 15 January 2012 by a further 7%. This makes for a total real increase of 31%, which, given the margins on the product is an enormous pill to swallow. Here is what we will do for you...

Not wanting to pass these price increases on to you, our customers, we absorbed the increases in 2007 and 2008. We were helped in this by the low dollar to euro exchange rate, and you benefitted accordingly: our pricing did not change. In 2010, we did increase prices, but eased the pain by applying the increase solely to domain renewals, making sure that we would maintain your confidence through our hard work to be more efficient. Of course, we were also hoping that the economic situation would not deteriorate, destroying this delicate balance.... you know the rest, unfortunately.

We have now reached the point where, if we wish to continue to improve the quality of our service, keep the passionate, dedicated, development team we have happily innovating (a rare and wonderful thing), we are forced to pass on this latest price increase by the registries. That is why our domain creation and renewal rates will finally change.

Looking at our global sales figures, we can see that you place high value on our honesty and our long-term competence in this industry, traits we stay true to, and are constantly seeking to improve. We think this honesty, the respect we have for your privacy, and our dedication to quality are all the more important in a market that is being consolidated by unscrupulous companies. It seems that for some, the domain name services have no value in themselves, and are used merely as bait to capture new clients. These companies seek to sell you other products, where they make a profit. In coming years we believe they plan to be far less generous.

At Gandi, as our 10th anniversary promotion last year proved, we have a different approach. We believe that each year we need to actually prove the quality of our work is worth the price we ask, that we have a stable and sustainable business, and that you can trust us to tell you the truth, just as we are right now. The fact that we do this is why our loyal customers are our best ambassadors, and the reason why we value these customers so much: you ensure our success by believing in us. We hope that you know we understand the importance of your domain names, and that you can continue to trust us to manage them with complete honesty, transparency, and stability, like we always have.

In conclusion:

- On 15 January, the rates for .COM, and .NET will rise by $0.50 (fifty cents) on creations and transfers across all pricing grids, and for renewals.

- On 1 February, the rates for .BIZ will rise by $0.50 (fifty cents) on creations, transfers and renewals across all pricing grids.

As always, we are available to discuss these increases with you. Please feel free to share your comments.

Gandi's Opposition to the SOPA Legislation

Thomas — Fri, 23 Dec 2011 08:02:00 -0800
Several of our customers have asked us what our official position is in regard to the controversial SOPA legislation. We oppose it. These are our reasons.

Our position at Gandi is that censorship is generally a bad thing. So is piracy, and both need to be fought, but they must be fought by means that both assure accountability and the protection of private data. We support the free flow of Information, since we believe the only way a society can truly be free is when all of it's citizens can know the truth.

Governments need to keep secrets, and companies need to have their intellectual property protected. On this point, we agree with the goals of anti-piracy efforts, both technical and legislative. This goal can only be accomplished, however, with respect for the rule of law and by implementing fair use and due process. These are proven ways to prevent abuse of power.

SOPA presents a challenge to those charged with policing the respect of intellectual property protections, in that it is, at best, vaguely written, and it appears to roll back many of the due process safeguards and safeguards for free speech that US citizens, and those of many other countries, enjoy and have come to expect on the Internet.

SOPA also stocks the armories of law enforcement (in this case, the US attorney general) with a huge pile of anti-piracy virtual weaponry, which is largely indistinguishable from censorship weaponry, such as blacklists and takedown powers. We do not think blacklists are the way to go. They can be abused far too easily by those with political agendas and competitive axes to grind.

SOPA does not seem to us at Gandi to be an ideal solution to the piracy problem. The debatable effectiveness of SOPA aside, it is never a good idea to allow authorities huge powers of information control without also building in due process. SOPA has been criticized by many for removing due process, at least as it is currently written.

For these reasons, Gandi does not support SOPA. We encourage you to not support any business that does, and we welcome your comments and opinions.

The United States Congress is Set to Enable Internet Censorship Tools

Thomas — Fri, 16 Dec 2011 16:01:00 -0800
The US Congress is pushing through a controversial set of bills to protect copyrighted material from piracy, but that also threaten innovation and the free flow of information on the Internet.

In an open letter to lawmakers, the CEOs and founders of several innovative tech companies have cautioned that the Stop Online Piracy Act (SOPA) and the senate version, the PROTECT IP act, would have a "chilling effect" on innovation.
Some critics go so far as to compare the provisions of the bills to laws in place in counties such as China, which routinely blocks sites that the government deems undesirable. Certainly a lot of people see this legislation as a threat to the free flow of information. Mozilla went so far as to modify their Firefox browser logo (that gets displayed when you upgrade Firefox) to have a blackout bar across it.

Some in congress are suggesting alternative proposals, such as Rep. Darrell Issa (R-CA), who offered the Online Protection and ENforcement of Digital Trade Act ( OPEN act ). Others have offered amendments that would reign in the most radical powers that SOPA would grant the US Attorney General, but these amendments have so far been rejected by the committee.
The issues with SOPA are many: it would effectively end the DMCA safe harbor provision, in favor of immediate takedowns. It would even ban linking in search results or social media to offending sites. Because of these provisions, Youtube would likely not exist if SOPA had ben in effect when it was invented. Others complain that the definitions of criminal activity as so vague that they could be used to criminalize common uses of the Internet.
SOPA may not even accomplish it's stated goals: many, including Google Executive Chairman Eric Schmidt say that SOPA will be ineffective against piracy, and that it will fundamentally change the way the internet works.
It also may force companies to introduce instability to systems like DNS. For example, SOPA could require ISPs to cause DNS resolution to fail for sites that are suspected of piracy, even when such failures compromise the integrity of the Domain Name resolution system.
Who would benefit if SOPA passes? Apparently, RIAA, no stranger to copyright infringement lawsuits, and others with large investments in copyrighted material. See their open letter of support here.
It remains to be seen whether the interests that back SOPA as written will prove more powerful than the tech innovators and citizens groups who value the free flow of information.

Gandi is moving!

Ryan — Thu, 15 Dec 2011 14:45:00 +0100
Gandi is moving it's French headquarters to a larger and more modern location in Paris this week.

This is something of a big change for us, since our headquarters at Place de la Nation in downtown Paris were getting a bit cramped. We have therefore chosen a more modern and spacious location in the southern part of the capital.

A view of our new offices:

We will be packing up our things on Thursday, December 15th and will be fully operational once again as of Monday, December 19th in the morning.

What does this mean for you? There will be a slowdown in the processing of support tickets during this period, and an interruption in telephone support for resellers from Thursday the 15th at 13:00 GMT to Monday the 19th at 8:00 GMT.

Our new address in Paris is:

Gandi SAS
63/65 boulevard Massena
75013 Paris