August 01, 2007

Explosive Not Accepting Customers

After 10 years of providing hobbyist and non-profit personal colocation, is no longer in the business. The economics of colocation have changed over the years and we can no longer provide a competitive product without substantially changing the way we do business.

Our uplink has gone from the early days behind GrendelNet on a 256kbit fractional T1, to Dave Rand and his frame relay network and a short-lived but very fast connection, commercial colocation at's San Jose facility, some dark days behind XO, and the Speakeasy HDSL-encapsulated T1 which has served us well for the last 3 years or so.

Our longest continuous customer was Cameron Spitzer and the California Green Party, who started service in August of 1998.

Along the way we learned a lot and had a great time. Thanks to all our friends, providers and customers throughout the years.

Posted by eric at 10:50 AM

September 04, 2006

Main server OS upgrade

The main server,, has been upgraded to CentOS 4.4 ( We built the OS disk image offline and have now swapped it in. We believe most services are currently working properly, but please let us know if you notice something not working like it used to. hbm out.

Posted by hbm at 11:32 AM

June 17, 2004

Service Outage

If you're reading this, it's because we're back up after several hours of T1 downtime. We went down hard at 1050hr PDT, and I opened a Speakeasy ticket at 11:05.

They, in turn, opened a Covad ticket after it was clear that there wasn't a software problem, and Covad got an ILEC dispatch out here at about 1400hr PDT. The SBC tech said that our new Speakeasy T1 was not provisioned cleanly when it was first installed; that there was a split (tap) between the NOC and the neighborhood box, and that the circuit had dropped below tolerance.

After some head-scratching, I convinced him that he didn't need to provision a new set of pairs for us because we had a perfectly good set from the old XO T1 that was no longer in use. He was (to his credit) very, very reluctant to reuse pairs that still had voltage across them, but I showed him the disconnect order that was executed June 1, and he agreed to swap the pairs. This worked; service was restored at 1530hrs PDT.

Since the Speakeasy circuit went live, I did notice some minor errors in the DSU interval logs which are explained by this theory; however we are not sure what caused the (previously usable) signal to suddenly go bad. I do not expect a recurrence of the problem.

Posted by eric at 04:32 PM | Comments (0)

May 18, 2004

Email Account Details

This post lays out, for the record, how your email client should be configured to access your High Performance Email account.

The Basics

  • Your IMAP4 or POP3 (incoming mail) server is
  • Your SMTP (outgoing mail) server is also, either the default port (25) or, because some ISPs block that, port 587. It requires your username and password.
  • If you don't want to use a standalone client, you can access your mail via Webmail at

UPDATED Feb 4 2005 New filter interface, webmail, SMTP port information

(Details behind the "Read more" link...)

Security Information
We support and recommend the following security options, at least some of which your mail client should implement:

  • SSLv2, SSLv3 and TLSv1 - Use port 993 for traditional IMAP-over-SSL or the default port 143 if your client can do STARTTLS negotiation. Please use some form of SSL encryption to protect your password!
  • SMTP AUTH on port 587 - Same username and password as for your IMAP login, supports STARTTLS and SSL, allows you to use our mail server for your outgoing mail no matter where you are.
  • CRAM-MD5 / DIGEST-MD5 authentication - However our server does not support Microsoft SPA (Secure Password Authentication) which is a checkbox option in Outlook and Outlook Express.

Mail Filtering, Antivirus, and Spam
Our IMAP server supports the Sieve mail filtering language. You can configure Sieve filters to automatically deliver messages into subfolders, send vacation messages when you're out of town, and much more. There is a web interface to configure your filters which you can access at Keep reading for an example of how to use Smartsieve to set up a filter.

Spam Filtering
Your incoming email is automatically protected against spam and viruses. You will still receive some spam because we delete only those mails which are clearly Spam (score more than 20 points on SpamAssassin), or fail the virus checks. Anything that might be a legitimate mail gets tagged and delivered. If you want to filter out these spams, follow these steps:

  1. Using your mail client, create the mailbox you want to drop the Spam into
  2. Log into Smartsieve, and from the main menu, click "New filter rule", and fill in the form so it looks like: ( Screenshot)
     If mail header: "X-Spam-Flag" contains: "YES" 
     File into: [Pick mailbox]
  3. Click "Save changes".
  4. Click "Manage Scripts", and make sure that your script is Active. If not, check its checkbox and click "Active". You're done!

Your Quota
You can have up to 200MB of mail on the server. To find out how much mail you're currently using, log into Webmail; the bar in the top left corner of the screen shows how much you've used and what percentage of the quota limit that comprises. Once you hit your quota, you will not be able to receive new mail! Messages will bounce back to their senders with a message saying you're out of storage space, until you bring your usage back down below the limit by deleting some old mail. If you are a really high-volume mail user and want to negotiate a higher quota limit, please send an email to, we'd be happy to discuss the options with you.

Posted by eric at 11:11 PM | Comments (0)

May 12, 2004

New Certificate Installed

If you've been connecting to the web or IMAP servers with SSL, you
may receive a pop-up warning that our server certificate has changed. This is legit; we bought a "real" certificate from the nice folks at FreeSSL. For verification, the certificate's fingerprint is:

Posted by eric at 11:21 AM | Comments (0)

Pricing and Services update

I've updated our services and pricing page to reflect reality and to present some new services we're offering. Of particular interest -- we're now able to offer redundant Internet connections to customers who need additional reliability or who want to load balance across two providers. Our primary connection is a T1 to, and our secondary is a 384Kb SDSL connection to (If there is sufficient interest we can pretty easily upgrade the SDSL to a 768K circuit)

Posted by eric at 01:14 AM

December 10, 2003

Brief outage this afternoon

Our T1 went down for about 40 minutes today, between 1:45 and 2:30 PST. I phoned in a trouble ticket at about 1:55 when it seemed clear that it wasn't coming back on its own. Although I haven't definitively heard back from whether the outage was widespread, traceroute from offsite stopped just before the router which terminates the upstream end of our connection, so I assume it failed and needed a reboot or manual failover. Click on through for some in-depth traceroute geekery.

Here's how a traceroute to the end of our T1 looks when things are normal (I've trimmed out the pre-XO hops and removed the timings for clarity):

 8 (
 9 (
10 (
11 (  

XOs naming convention describes the interface type and logical location on the router in the first 'hostname' component of the fully-qualified domain name i.e. ge13-0 means Gigabit Ethernet port 13 on slot 0. The name of the router itself is next, between the first and second dot; here we see RAR2, MAR2, CLR2. The rest of the name is pretty self-evident: "cityname dash State dot country dot xo dot net."

The hop in line number 11 is the end of our T1 connection. The other end of the connection isn't shown in this example because there are no responses to our traceroute packets with its address as their source (here is a decent explanation of why exactly this is so), but I have it on good authority that the address is So when, sitting at work, I noticed that things inside the colo were no longer pinging, my next traceroute attempt was to this address, to try to determine whether the outage was our fault or theirs:

 7 (
 8 ( 
 9  * * *

"Aha!" I thought. "If I can't even get to the upstream router, the problem is likely on their end, not ours. And since it's been down ten minutes, I bet they don't know about it. " I called the problem in and things were restored pretty quickly.

For reference, here's what that traceroute looks like now that everything's working again:

 8 (  
 9 (  
10 (  

Interpreting the differences between this output and the last, we see that when the problem was in evidence, we got "* * *" for the last line (which would have continued for a while longer but I interrupted it). When it's fixed, traceroute exits normally having gotten to the router named 'CLR2' . CLR2 is one hop beyond the MAR1 router which was the last thing before we started seeing stars. So we can deduce that CLR2 had some failure, and the T1 came back up after somebody in Fremont gave it a swift kick.

Posted by eric at 03:45 PM

October 16, 2003

Seeking a Colocation Home? is an ideal match for a certain kind of colocation customer.
If you're either paying more for commercial colo than your site is generating or you're a hobbyist/nonprofit currently piggybacking your server on an underpowered consumer-grade DSL line, we might be the right solution. Check out our pricing and services page for more information.

Posted by eric at 11:24 PM