Fixpoint

What is it?

We got an in-house machine desk up and running last October,⁽ⁱ⁾ after explorations and attempts that eliminated various imagined or desired alternatives until we pieced together one that worked for us.

The primary cause was our own need for long-term reliable, no-bullshit, in-WoT hosting. Since our capacity needs so far remain modest, we're making the excess available for rent, primarily in the form of Virtual Private Servers based on the industry-standard open source QEMU/KVM technology. That means you get your own root shell and can do pretty much whatever you want, within the constraints of a shared machine, though you'll need some command-line knowledge to set things up. We're also open to developing higher-level managed services as demand arises. If business grows beyond the current capacity, well, the lively plant gets the water as far as I'm concerned.

It's housed in a residential building in central Panama City, Panama, partitioned from living quarters. It's not my own home-office but readily accessible from it if necessary. The building has a security watch and two levels of traditional access control in which I'm directly authorized. That is, there are no biometrics, smart locks, webmob apps,⁽ⁱⁱ⁾ artificial idiocies, or generally speaking anything by which either The Man or The Machine would be empowered to stop me from getting at the stuff.⁽ⁱⁱⁱ⁾

Internet service is through a commercial account at a local provider with dedicated, symmetric bandwidth, fiber optics to the premises and fully buried cables. This was quite the pain to set up, and for some reason the bandwidth is still quite costly per megabit here in the "Hub of the Americas". We own the gateway router which holds our public IP addresses; these are from a block of eight of which five are usable, which was the most we could get for now. We have the full escalation ladder with direct phone numbers to their operators in the event of trouble, at least on paper if not yet put to the test.

Electric power comes from the usual residential monopoly provider, which is to say it fails from time to time for no particular reason. At this location, most outages are momentary, and ones lasting more than a day should be rare. I'm finding two three: 11 hours in November 2024, local failure, 7 hours in March 2025, gridwide failure, and some hours in May 2025 due to an individual circuit breaker tripping without our noticing in time, resolved by switching to a different circuit. To smooth over the bumps as best we can, we've invested in a beefy line-interactive UPS: an off-the-shelf APC model with hot-replaceable battery (and such replacements said to be available locally, too). So far it's weathered all the minor hiccups just fine... but interested parties have learned it's NOT big enough to boil water for coffee too! Finally, following the May incident I rigged up an active power probe so as to get some advance notice when we're running on battery.^(iv)

The main host server is built around a board and processor that I've been holding onto since around 2012, having purchased new and briefly used in my personal workstation. I've now transplanted them to a spiffy new case^(v) and added a full contingent of error-correcting DRAM modules. The latter are recognized by the Linux EDAC driver and supported even on the "consumer" grade board - props to AMD. Specs are as follows:

• CPU: AMD Phenom II X6 1090T at 3200 MHz with six physical cores, 512k level-2 cache per core and 6M shared level-3 cache.
• DRAM: 32G ECC (32830296k available after system overhead as per "free")
• Storage: 551.6G (available after system overhead as per "df") in software RAID1, across two SATA hard disk drives with conventional magnetic recording and straight 512k sector size.^(vi)
• Network: integrated PCI Express Gigabit Ethernet controller, Realtek.
• Entropy source: S.NSA FUCKGOATS, USB connected and streaming to all virtual machine guests by rngnet protocol.^(vii)

The system board is from one of the first generations pushing the UEFI monstrosity, but I still coerced it to boot in standard PC BIOS mode - funnily enough, by connecting an older graphics card with UEFI-unaware VBIOS.

What can I run on it?

In theory, any OS that can run on QEMU 2.8.0 with KVM acceleration on AMD64 should work; you can send us a disk image, we'll adjust the virtual devices and assist with network configuration as necessary. It'll boot from MBR, meaning you have full control of your bootloader and kernel, as on a physical PC.

For more convenient and better supported options, we have disk images ready to go for Gales Linux^(viii) and CentOS 6, with their full distribution mirrors on the shelf in case of need.

What will it cost me?

I did a few rounds of pondering to come up with a pricing model, weighing the desires of simplicity and effective resource utilization and considering the various underlying costs, constraints, and growth options. The result is this, in satoshi per month:

(2208 + 5.856*usdsat)*size + 11.88*usdsat*bandwidth

• usdsat is the current USD to Bitcoin exchange rate, in satoshi per dollar. This can be readily derived from the commonly reported figure of dollars per BTC as: 10^8/BTCUSD.
• size is the provisioned virtual machine size, in integer "slices" of the available host resources, dividing them evenly in 32 for around 1 GB RAM per slice.
• bandwidth is the billable network bandwidth in megabits per second, minimum 1. Like size, it is allocated in advance. Unlike size, it is not guaranteed, and is burstable up to the full available uplink bandwidth (currently 20 Mbps). We won't oversubscribe the link, but actual bandwidth available at any given time will depend on other users' traffic. To incentivize adequate capacity allocation, we plan to meter consumption, sampling monthly as the average of bytes sent and received, with overage billed at 2x marginal, based on the exchange rate for the respective month.^(ix)

The key points of the model are that bandwidth can be configured independently of server resources based on your particular needs, and that the price offered will fluctuate from month to month to stay competitive given the dollar pricing of some underlying components. We may also change the formula itself from time to time. However, at time of purchase, the value of a contract is fixed in Bitcoin terms for its duration; available durations are 3, 6 or 12 months, with a discount of 5% for the 6-month and 10% for the 12-month. Credit may be offered in some cases, informed by WoT standing; otherwise, contracts must be prepaid in full, and a security deposit may be required to cover overages. We will compute the exact BTC figure and state it when we quote you for a contract or renewal.

We offer your first month with us as a trial period, in which you may cancel at any time and receive a pro rata refund for unused time.

The constants in the formula are based on the costs of operating the service, excluding labor, as follows.

Capital outlays:

• Cost of equipment = 1`380`000 sat
• ISP charges from installation and testing interval = 740`000 sat (figured back in March; meanwhile increased but I'd say that's on us)
• Total amortized over 5 years = 424`000 sat/year = 35`333 sat/month
• Markup 100% = 70`666 sat/month
• Over 32 slices = 2`208 sat/slice/month

Recurring costs:

• Rent on space and power consumption (based on measured 3-month average) = $93.69/month
• Markup 100% = $187.38/month
• Over 32 slices = 5.856 USD/slice/month
• Internet connection, 20 Mbps with block of 8 IPs = $118.80/month
• Markup 100% = $237.60/month
• Over 20 Mbps = 11.88 USD/Mbps/month

Here are some monthly rates figured for your convenience based on an example usdsat from today of 973:

• Minimum subscription: 1 slice + 1 Mbps (1G RAM, 17G disk, 306G transfer) : 19`465 sat or ~ $20
• High memory: 16 slices (~16G) + 1 Mbps (16G RAM, 275G disk, 306G transfer) : 138`053 sat or ~ $142
• High bandwidth: 1 slice + 10 Mbps (1G RAM, 17G disk, 3T transfer): 123`498 sat or ~ $127

What's the catch?

JWRD's VPS hosting is a private, not a public service; access is a privilege, not a right. We reserve the freedom to refuse, suspend, or terminate service at any time and for any reason. A minimum requirement is to maintain an RSA key registered and in good standing in the Web of Trust; we will use this key, or a subordinate key at your instruction, to secure any sensitive communications related to your account. In the event that we have to terminate your service without notice, we will make an effort to return you your data, for instance as a downloadable GPG encrypted filesystem image.

Due to the historic mismanagement of IPv4 resources by the regional registry, combined with present braindamage at the local provider, we face an acute scarcity of public address space. While we can supposedly add more bandwidth on relatively short notice, the same is not true for addresses. Thus, in order to get your own, we require the purchase of at least 8 Mbps capacity.^(x)

Otherwise, we will provide a private IP address with Network Address Translation through our shared public address. To receive inbound connections, we can forward "high" TCP or UDP port numbers (over 1024) to your VM, in moderation and on a first-come, first-served basis. To enable Web service on the standard HTTP port 80, we can forward requests to your site(s) through an Apache gateway. Port 443 will remain closed on the shared address to prevent brokenness (since the trend these days is toward defaulting to or even forcing HTTPS if its port responds at all). Finally, for address reputation reasons, the following activities are prohibited when using the shared IP:

• Outbound SMTP connections to TCP port 25 or 465 (587 "submission" is OK) ;
• Network or port scanning ;
• Automated web crawling, posting, scraping or archiving (human-initiated requests are OK).

Spamming is prohibited in all cases.

Our upstream providers require us to prohibit hosting pornographic material. For JWRD's part, we value freedom of expression and healthy human sexuality, but it is what it is. For now, we hazard to offer the clarification that we do not interpret this ban to cover text, schematic representations, or educational media. We don't expect our cost structure would be appealing for hosting video libraries in any case.

Use common sense and exercise courtesy toward your fellow tenants, our server, our network, and our provider's network. This doesn't mean "no cussing" but it does mean "don't fuck with our stuff".

How do I get started?

There are various ways to reach us but the most publicly accessible is to hop on our #jwrd IRC channel. Introduce yourself, tell us about your needs, stick around and be patient; someone usually checks in at least once a day. From there you can ask for help if needed on setting up your key and registering in the WoT.

The channel is also where we'll share any breaking news about the service in real time.

Can I bring a friend?

Of course - and we'll pay up to 10% of first purchase for referrals. Inquire within for details.

How awesome is this?

Pretty freakin' awesome. Cosmically awesome. Hits different, for those under 30.

I have more questions.

Others might have them too so ask away, right here in the comments.

1. To call it "machine room" or even "datacenter" would strain the terms but it's the same thing at heart. Feels crazy that it's been sitting there a year already doing little more than run a Bitcoin node, but then, what's a little extra testing time after 4-5 years of wanting it. [^]
2. "I'm going to make him a browser he can't refuse." [^]
3. Except that this city does occasionally go insane and deploys its ground forces to block movement of people altogether. In my 12-year memory, those times would be when Bahamas visited, when the Holy Potato visited, and when the panicdemic was declared. [^]
4. No thanks to APC with their undocumented USB management protocol, nor to the local electronics shops who couldn't get me any optoisolators; instead I went with our usual fiber optic data diode as a serial link with strong galvanic isolation. [^]
5. The original was structurally compromised when I shipped my desktops down to Panama like a noob, by air forwarding with little more than bubble wrap and ill-fitting cardboard boxes around the heavy items. I had to import the replacement case too, because the local supplies were mostly following the "gamer" fashion trends, favoring glass windows in place of steel with no conception of electromagnetic protection and no appreciation for hard drive bays. [^]
6. I attempted a storage refresh as well, with SAS, hardware RAID and all, but it ran aground between flaky suppliers on one hand, and flaky disk manufacturers on the other pushing such a bewildering array of quietly cheapened substitutes that it's no longer possible to correctly choose a hard disk without knowing in advance the exact application requirements. Whereas with solid state drives, the choice seems to lie between "enterprise" units with exorbitant cost per byte and "consumer" ones that will most likely eat your data at some point without warning. Harrumph.

   So, at some point we may be taking some planned downtime for a storage upgrade, once we get more information on what our customers need. [^]

7. This point alone arguably positions our service as the most secure in its class. Adding to this, you may also note that we don't do sysadmin through WWW interfaces and we don't do password reset backdoors. [^]
8. Or rather, we'll have one ready soon, including the latest Busybox fixes. [^]
9. For instance, if you've paid for 10 Mbps but your average usage for the month is 13.5 Mbps, you will be charged an additional 2*11.88*usdsat*3.5. [^]
10. This allows for at least a doubling of bandwidth before we sell out and have to invest further in whatever alternative. [^]