New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Whats with the real reasoning behind the conflict between buyVM and SolusVM recently?
Hi all,
So, being the king of causing controversy and not afraid to take criticism, I'll take responsibility for starting this topic.
As we know, BuyVM uses Stallion. I've just been provided with info on trusted grounds that actually, that these are the reasons for friction between BuyVM and Soluslabs:
BuyVM have actually accused SolusLabs of hacking them.
SolusLabs is accusing Stallion of being a decompiled version of SolusVM.
SolusVM apparently attempted to hack from their lisencising server.
BuyVM is accusing SolusLabs of causing drama.
Looking for some clarification from the community....
Comments
I would like to know also,
I think some of it was discussed in the closed DotVPS thread,
You can thank @dotvps for starting a shit storm between us and them. What happened was Jack was bugging at least myself and @kujoe to help him decompile/nullify his SolusVM license.
What we think went on is that when we told him to go away and learn some PHP and build his own like we did, he ran to SolusVM trying to get us in trouble. At one point someone tried to use the exploit that SolusVM had in its system back in September on us, but it didn't work. The exploit was never documented, simply stated 'update please'. Now, the person that tried to attack us - how did they get said exploit? We don't know. Solus claims innocence on the subject and we don't have any reason to try to drag them through the mud over it.
Now, in February of 2011 we dumped some of the SolusVM variables to work on our own IPV6 RDNS page integration since they were refusing to provide them. They got extremely angry at us and suspended us. After we sent them a copy of our code to show it was not malicious, they left us be. We continued paying them until the start of August when Stallion went live.
There was a retarded amount of code that was needed to get done so we were looking for shortcuts. Since we had made enough modifications to the frontend SMARTY files, we simply reused them. At this point, Stallion does look like SolusVM 1.7x's skin, but that won't be for much longer as our designer finishes documenting all of the data he needs fed to his code.
In the end, we sent SolusVM a fairly decent sized sampling of our frontend code to show that we're not BSing them nor using their setup. Stallion was originally spec'd as 'do everything that SolusVM does, but fix the key parts', but we gutted out so many things that we just don't need in the panel itself.
Francisco
@Francisco So did SolusLabs log into Stallion to "attempt" to hack?
SolusVM logged in since Jack seems to have insisted such. The logs have been a mess and we've left the subject at that.
For what it's worth, someone did try to inject our code, but failed horribly.
As Jason said, it is drama and we're hoping it'll be done with finally. We've heard nothing new from Phill nor Jason so I dunno. I've simply been too busy to go bother them about it.
Solus' biggest concern I figure is just that right now stallion is a complete drop in replacement for SolusVM's database and they feel the structure/naming is copyright - fair enough. If Stallion ever goes up for sale it'll have to ship with an update file of sorts that restructures the database enough to null/void that point, or, import it into our own structure.
Francisco
Recently, you had changed username. It was e-mail id before and now it is VMxxx was this changes made due to Hack attempt?
Stallion needs a lot of work to be marketable. Could we compete with SolusVM? We wouldn't want to. Our target market would be to target the bigger hosts (people with 20 - 30+ nodes) and are willing to pay a larger one off fee.
I don't want to deal with monthly licenses because the support is murder. I can't imagine how many people Solus has to have on support just to deal with all of the bone head 'hosts'
Francisco
Not at all, this was to merge usernames before sales go up. We have a lot of notification & alert systems coming in place and our target is to make it so when we log an abuse case (bad process running, heavy abuse, etc), we not only log an entry in stallion, it would log a ticket as well.
We needed an easier way to relate our ID's. There was quite a bit of mess from our starter months where lots of the fields weren't filled at all, so we had VM's documented in WHMCS w/o a vserverid for instance.
Francisco
So wait, did they try and inject code into Stallion or SolusVM? Im confused.
Stallion.
This all happened like...< 2 weeks ago. Now, i'm not naming names of who tried what since, as Aldryic & myself have said, we're tired of that drama.
The only modification we made to solus was adding our page and that was sent in full to them last February.
Francisco
But didn't you say they used a SolusVM exploit though?
Where does it say they are even offering support of any kind?
Edit:
Yes, I'm confused with that part too.
One provider emailed SolusLabs asking if OpenVZ supported Windows.
Re-read what I said carefully I'll explain it again and try not to be so confusing this time.
Francisco
They provide support if there's bugs. They also likely help guide people if they're a little confused. They have a fairly solid wiki but people are morons.
Francisco
@Francisco
Thanks for clarifying . Im just a bit confused if they logged into SolusVM or Stallion, because the login notification from Stallion looks a lot like SolusVMs.
But theres no copyright over layout I guess.
They did.
We simply reused the email templates too since they worked well enough.
Francisco
@Francisco To build Stallion from scratch or partial, SolusVM was reverse Engineered is it true? If it is so, then it is clearly SolusVM TOS violation.
Folder name, php file name and structure is still Solusvmise.
http://i42.tinypic.com/n2cy2h.jpg
http://i41.tinypic.com/okdd74.jpg
Also, regarding VPS Master is it Stallion pure breed or idea gained by reverse Engineering?
Ok, so this is what (possibly) happened:
Makes perfect sense.
They provide support if there's bugs. They also likely help guide people if they're a little confused. They have a fairly solid wiki but people are morons.
Yes, but their license agreement does not mention support so support they are offering is "out of courtesy". They are not legally obliged to offer any kind of support for their software (or I'm failing to find their Support Policy).
He already said it's not true, but even if it was (and I do believe when he says it wasn't) he wouldn't admit it here. Duh!
@Francisco
Im still a bit confused to this as well, i thought the whole of SolusVM was encrypted, so how did you modify it without breaking there TOS?
I must mention that i have absolutely no PHP coding skills (Basic stuff aside)
I also heard that the SolusVM /admincp was left on Stallion and could be accessed till it was moved.
SolusVM is encrypted with Ioncube (correct me if I'm wrong here), which can be decoded but takes time.
Nope.
As I said, we reused all of the folders and such and just replaced with our code as we went along. The only things we've used from solus is the DB & frontend and I guess the filenames. All of those would have to be changed fully before we could market it. The feature set was based on what SolusVM had as I said. They've since then expanded on their feature set but nothing we see of value.
That box is due for a reinstall the weekend before sales, at which point it'll go to /usr/local/stallion/ like all of the nodes are Statistics is still broken for the time being but will be fixed sometime this month whenever I get Collectd how I want it. The biggest issue is how to handle the actual graphing - use rrdtool or pull the data from the rrd's and use flot.
Francisco
He didn't, he built Stallion from scratch. Building your own software with the same functionality as other software is not copyright violation (yet).
Although their TOS forbids any kind of modification, which probably includes templates too.
The admin login uses their skin as the admin side is not a priority at all for us. It works but has lots of stuff that still needs to be ganked since I never coded it.
Right, which is my point There are sites that claim they can decode it (many claim to have decoded WHMCS), but I doubt it. Back in February I had to spend the better part of a night using include() tricks to try to find out what their lockout variable was.
All SolusVM did was get upset at us (again) and logged in to check the panel. The person that did the calls were reported to the cops as we were able to trace the IP back.
Francisco
@vedran
But if it was built from scratch then why would it be based around SolusVM's folders/file names and theme?
I'm not accusing Francisco of anything questionable, just struggling to understand this properly.
@VMport
Ioncube encoding can be decoded in about two seconds.
@subigo
Yes im quite aware of that, im asking if that's what has happened and if so, its breaking the TOS of the software.
To make it easier for me to develop as I went along. After they suspended us in February I started working on the pages slowly and got public testing on the hunks I could. When we did the full roll out there was some major bugs on my part and I botched our bandwidth accounting and was forced to reset everyone early - woops :P
The skin is still used and was honestly to save time. I was the only developer on stallion up until it released. Aldryic joins in on some of it, along side Nikki, but not all that often as they're both preoccupied with other things.
Reusing the solusvm names simply saved me time. Maybe that 'time' would have been a few days only, but considering we had the complete move & build out going on at the same time, everything helped
Francisco
@VMPort
I'm just saying that's the most likely case.
@Francisco
Come on, if you have the skills to code a virtualization panel from scratch, you definitely know that Ioncube can easily be decoded these days. I'd say 90% of any Ioncube encoded script can be decoded with the latest decoding tools.
@Francisco
Thank you for the explanation, its making a bit more sense to me now :P
I much prefer there older skin anyway, i cant stand the new one. I was pissed when i found out the old theme couldn't be used any more.