Pagoda Box – scalable platform for your PHP application

I got my hands on a private beta of Pagoda Box.  It is a platform that you can deploy your PHP applications to.   I gave it a brief look around and I have to say it’s pretty sweet.

Right after you register and get access to your dashboard, you can add applications.  Applications are cloned from GitHub repositories.  Both public and private repositories are supported.  Once you add an application, you can access it at http://your-app-name.pagodabox.com. If you’d rather have your own domain – you can assign it to your application from the dashboard and all that will remain to be done is adding an A-record in your DNS zone.  Super easy!

There is more to it, even at this beta stage.  Pagoda Box supports a number of PHP frameworks, including all major ones – CakePHP, CodeIgniter, Lithium, Symfony, Zend, and more.  You can also optionally have a MySQL database for your application.  They even help you out with outgoing email.

On top of that, you have control as to how many instances of the application you want (the more you have, the more requests you can serve at the same time, and the more you’ll have to pay).  There are statistics of your application performance, requests, and a few other parameters (I’m sure those will grow together with the project).

I’ll admit, I am too used to hosting my projects on my own servers to take immediate advantage of Pagoda Box.  But I am now seriously considering which projects I can move out of my server and into this platform.  It just makes things so much easier.  Deploying and re-deploying works wonders for any GitHub commit of your project.  Initial resources that one usually needs to try an idea out are free of charge.  If the idea picks up, the prices are more than reasonable (and comparable to other hosting solutions).

Out of those things that I consider necessary, I haven’t see any mentioning of files (uploaded via application, for example), support for build systems (such as Phing), and some sort of common library of frequently used code (PEAR modules, for example).  But I’m sure that either I simply didn’t look for these hard enough, or they will be added in the future.

If you are a PHP developer or involved with PHP source on GitHub in any other way, I suggest you try it out.  You can request a private beta invite directly from Pagoda Box website.  Or, if you prefer, I can send you one (I have about 10 of them left for now).  Also watch the demonstration screencasts,  and read through other platform features.

Upgrading to PHP 5.2.x on CentOS

Today while setting up yet another project on my hosting server.  The server runs CentOS 5.6, which means PHP 5.1.6 is used.  However the new project required PHP 5.2.0+.  It turned out upgrading PHP is trivial.  There is even a Howto Guide in CentOS wiki.  The steps are:

  1. Add CentOS Testing repository to yum.
  2. yum update PHP packages.

That’s all folks!

What happened?

The long story short : I lost my blog, as well as a few other web sites.

Here goes the longer version.  I have been moving a whole bunch of web sites from my reseller hosting account at EuroVPS to a brand new VPS account at VAServ.  Site by site, blog by blog, database by database.  To keep things simple, once I made sure that the site was moved properly, I deleted the copy from the old hosting (after a week or so).

When I was almost done with the move and there were just a few more left, something really bad happened a VAServ.  All company’s servers got compromised.  The attackers gained control over thousands of VPS accounts across hundreds of servers, and then they deleted whatever they could.  The effect of this was so devastating that it was extensively covered in the news.

According the VAServ, hackers utilized a security hole in the HyperVM software, which was written by LXLabs.  Apparently, HyperVM is known for its poor security, but things never went wrong at this scale. (In other news, LXLabs founder was found dead in a suspected suicide a day or so later.  And the rumour has it that the break-in had nothing to do with HyperVM, but was VAServ negligence)

Now for the most interesting part of the story – the lost data.  How did that happen?  OK, the company got hacked and all data was deleted.  But what about the backups?  It turned out, there were no tape backups.  The only backups VAServ had were on the network storage.  And, of course, that data got deleted by the attackers.  Imagine that.  Web sites, databases, emails, DNS records.  Everything is gone.  Well, not everything – they managed to recover some servers, but not all by far.

My sites were on one of those servers which experienced 100% data loss, and which had no backup.  That was when I contacted EurVPS support and asked them to restore my recently deleted sites from tapes.  After all, it’s better to lose a few weeks of work, rather than a few years.  Guess what?  It turned out, EuroVPS has no backups either.  When I insisted, saying that backups are a part of my hosting plan, they corrected themselves and said that they have backups, but, as advertised on the site – weekly only.

Screenshot
Screenshot

Let me ask you a simple question.  How do you understand the phrase “weekly backups on tape”?  My understanding was that there’s a scheduled backup task (every weekend or  so), which dumps data on tapes, and those tapes are moved out of the building somewhere.  Eventually, of course, they are rotated (monthly, or annually, or so).  But there is a certain period which you can go back to and restore from those weekly tapes.

It so happened, my understanding was wrong.  Weekly tape backup means one backup within a week on tape.  That is, there is no way to go more than one week back using tape backups.  I was shocked a bit, but there was still a chance to get something.  I clearly remember that I deleted two sites five days ago.  I asked EuroVPS support to restore at least those.  To which they replied that those two sites aren’t on the backups either.

What?  How? Err…  I know, of course, that the loss of data is my fault as much as theirs. I should have done my own backups, downloading them to my own machine.  And I’m deeply sorry for not doing so.  But on the other hand, having paid for hosting, I do expect uninterrupted power, redundant network connection, and properly organized backups.  If that’s not how commercial hosting is different from home servers, than I don’t know how.

Currently, I am setting up a new VPS host, reconfiguring domains for the new IP, installing a bunch of WordPress blogs, and issuing a whole lot of apologies.  Those things that can be recovered, will be recovered.  Those things that were important and were lost, will be started a new.  And those things that were not important and were lost, will remain lost.

Let this be yet another painful lesson on the importance of backups.