Sometimes disks get bigger and smaller at the same time

Disks just keep getting bigger. So, as the technology allows, we like to increase the disk space allocations of our hosting accounts too. We have just doubled the allocations of all our web hosting accounts. For the Super account, we’ve given it a 2.5x boost.

These are proper, full-fat GiB (2³⁰ bytes), not disk manufacturers’ GB (10⁹ bytes).

All of our web hosting accounts can host as many domains as you want (free, provided the domains are registered with us), with as many email addresses, mailboxes, and web pages as you want. You are limited only by the total disk space. And if that’s not enough, it’s easy to upgrade from size of account to the next.

Order hosting accounts here

Finally, please don’t be misled by the picture above. We no longer use floppy disks for storage. Instead, all our web hosting servers now use mirrored “enterprise grade” SSDs for the best possible performance.

Back in 2000, Mythic Beasts started by offering web and email hosting services on a single shared server. Since then, we have expanded in just about all possible directions, but we still offer shared hosting for web and email. It remains the most cost-effective way to establish a permanent online presence.

A single Mythic Beasts hosting account can support multiple domains. This has become particularly important with the current proliferation of new top-level domains, and the opening up of the second-level .uk domain space. With our shared hosting, you can have example.com, example.co.uk, example.uk, and example.club all hosted on a single account. And you can choose between serving the same content, redirecting to a canonical name, or serving different content.

Until now, enabling additional domains has required an email to support and a manual step at our end to link the new domain to your hosting account. But our dev team has now exposed this through the Customer Control Panel, and you can add your new domains instantly.

Here’s how it works now.

1. If you have registered a domain through us, you can add the standard configuration through the Customer Control Panel. The standard configuration sets up the “bare” domain name, example.com, for web and email hosting, and www.example.com for web hosting. There is no charge for this, and you can add as many domains as you like to your hosting account.
2. For all other cases, whether subdomains, or domains registered with other registrars, you will still need to email support. A one-off setup charge of £10 (inc VAT) will be levied per domain /subdomain. Or you can batch up to 5 domains in a single request for £20 (inc VAT). EDIT 2021: This is no longer the case, additional domains and subdomains are free to add and this can be done through the Control Panel.

As has been widely reported, a very major vulnerability in the bash shell was announced a couple of days ago (the event has been dubbed “Shell Shock” by the media). Sadly, the first set of updates released were insufficient to close the hole completely (“AfterShock” is the catchy name). Further updates were released late last night. These have been applied to all Mythic Beasts internal servers, and all managed customer servers.

Customers with unmanaged servers are urged to apply this second set of updates as quickly as possible.

So far, Apple have not released any updates for OS X. The version of bash distributed with OS X is demonstrably vulnerable to the security bug, so no doubt updates will be forthcoming. In the mean time, one possibility is to build bash from source; instructions for doing so can be found on the Internet.

We’ve been asked a few times recently about the announcement from the developers of the  Chrome browser concerning SHA-1 deprecation. This post gives some background, and answers the most common questions. If you’re in a hurry: don’t panic! Mythic Beasts has got you covered.

What’s it all about? For an SSL certificate to be trusted by browsers around the world, it needs to be digitally signed by a well-known and trusted body, called a Certification Authority or CA. (For the SSL certificates that we sell, the CA is usually GeoTrust.) When a certificate is issued, the CA takes the details of your certificate (most notably the address of your website, and the public half of your crypto key) and digitally signs them. When a user browses to your site, they receive your signed certificate and they check the CA’s signature of it to be certain that they are talking securely to the right site.

Except… the CA doesn’t actually sign all the data in the certificate. It first passes it through a cryptographic hash function, which securely reduces the data to a small fingerprint, and then it signs that. Currently, the hash function most commonly used in SSL certificates is SHA-1. This is going to change over the next couple of years.

What’s wrong with SHA-1? Cryptographic hash functions become weaker over time, as Moore’s law makes computers ever faster, and cryptologists discover flaws in the algorithm. A significant flaw in SHA-1 was first published back in 2005, and it is now believed that it may be feasible to find a SHA-1 collision by 2018 or sooner.

Is there an alternative? Yes! SHA-2 (also known as SHA-256) is already implemented in all major browsers. However, because of the nature of the problem, every SSL certificate needs to be upgraded, so we can tell browsers to stop accepting SHA-1 signed certificates. Note that SHA-1 has not yet been “broken”, and while weakened, it is still strong enough for the time being. However, for a smooth transition to SHA-2, we need to start now.

What’s the Google announcement? Although this has generated a lot of discussion, it doesn’t actually say very much that’s new. Microsoft announced in November 2013 that they will not accept SHA-1 signed certificates after 2016. The Chrome developers have recently confirmed that they will do the same, and have filled in some details for a hopefully smooth transition.

Rather than having a single cut-off date, Chrome will be gradually ratcheting up the level of warnings. SHA-1 certificates with an expiry date in 2017 or later will start to receive the “yellow triangle” warning in the browser address later this year. Of course, the connection is still encrypted, but this is a clear indication to users, and hopefully the site administrators too, that something is amiss.

By the middle of next year, if those sites are still running with a SHA-1 certificate that lasts into 2017, the warning will be upgraded to a red cross, making it crystal clear to all concerned that action is needed.

For SHA-1 certificates that have an expiry date in 2016, the situation is not so serious. Sites with these certificates will start to receive yellow triangle warnings next year, but the warning won’t be escalated beyond that. In both cases, only the security icon will be changed; there will be no click-through warnings. This move, which is also supported by Mozilla and Opera, is forcing the hand of the CAs, and much misinformation has been spread about it.

Is my certificate OK? Yes. Almost all^* certificates issued by Mythic Beasts have only a 1 year expiry, so your current certificate will not solicit any warnings from Chrome, or any other browser. ^*Very occasionally we do issue certificates for longer than 1 year; we’ve checked the issue dates for all these, and are in contact with all affected customers to reissue their certificates.

And then…? We already have a process in place for issuing SHA-2 certificates and renewals. It’s currently a bit more fiddly than we’d like (in fact, it involves obtaining a SHA-1 certificate and then reissuing it as SHA-2!), but we will be trying to make this slicker over the next few weeks. In any case, after October 2014, we will only be issuing SHA-2 certificates.

As you may be aware, ICANN, the body responsible for domain names has introduced a lot more “Top Level Domains” (TLDs). This means that you’ve now got a lot more choice than the traditional .com / .net / .org / .co.uk, etc.

You can now have names under .bike and .gallery, and very soon you’ll be able to have names under .kitchen and .land. Many more new TLDs have been approved, and will start appearing online in the coming months. (Given the quantities we drink, we’ve been wondering whether we should rebrand as mythic-beasts.coffee.)

Below is a list of the new TLDs being released in February. You can find prices for these domains on our domains page.

Congratulations to http://mikaellelebreton.photography/, our first customer (that we know of) to get a website up and running on a domain released this week.

Update 2014-02-26. Four new domains will open up today: .diamonds, .enterprises, .tips, and .voyage.

Our shell account servers sphinx and onza now support mosh (the mobile shell), which is an alternative to using ssh for command line logins. The key feature of mosh is that it uses its own UDP-based protocol, which means that a mosh login can persist during network outages, and even if the client changes its IP address! You can start mosh on your wifi at home in the morning, jump on a train and switch to 3G, then plug into the Ethernet at the office and the mosh login will still be working.

To get started, simply install mosh on your client (it’s already in the major Linux distributions) and type the appropriate command to log in to your shell account:

mosh myname@sphinx.mythic-beasts.com
mosh myname@onza.mythic-beasts.com

It’s relatively young software, so there may be a few teething problems (it doesn’t play well with gnome-terminal unfortunately, although there are alternative terminal emulators such as mrxvt that work much better). Still, our staff are already completely hooked.

Over the past couple of weeks we have been migrating the final customers from Bluelinux (a hosting company we acquired) to our own hosting platform. This process is now complete. Any customers having issues should contact us at support@mythic-beasts.com.

Customers with shell accounts have been moved to onza, for which the control panel is here whereas customers with non-shell accounts have been moved to yali, for which the control panel can be found here. These control panels offer a flexible interface for web and email configuration.

Customers have more space, more software available to them and upgraded versions of software previously available at no additional cost.

Today we have made a number of changes Onza and Yali.

• Each user can now read their own web logs, which are stored in /home/user/www/log
• PHP scripts no longer need the execute bit set to run
• All scripts in cgi-bin directories have been moved to /home/user/cgi-bin to conform with Apache’s security recommendations

We hope that these changes will make it easier for people to run and debug their code.

A customer wanted to use Django (this is a web application framework for the Python language), but found it wasn’t installed on their hosting server (which happened to be sphinx in this case). A couple of emails to support@mythic-beasts.com later, and they were up and running within 24 hours.
The moral of this story: if you’re trying to do something with a Mythic Beasts service, and seem to have hit a brick wall, do get in touch. If it’s at all sensible, we’ll try to make it possible, and if it’s not sensible, we’ll let you know!

Nominet is the domain name registry that ultimately controls .co.uk, .org.uk, and most other second-level domains under .uk. Till now, they have only allowed domain names to be registered for 2 years – no more, no less.

That changed today, 1st May 2012, and so we pleased to be able to offer Nominet domain registrations for up to 10 years. As well as receiving a discount for the longer registration period, you can rest assured that your domain is yours with no need to renew till 2022!

Or, going in the other direction, if you have a short-term project that deserves a .uk domain name, you could register for just 1 year.

We’ve also today added a bunch of new Top Level Domains that we can support, including .tel, .au, .nz, and extending our coverage of European countries: here are the full details of supported domains and prices. (Even more Top Level Domains may be available on request – email us if you don’t see what you’re after!)