New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Patrick did, he posted about it. @SecNinja
I tried to hire them but they said they don't look at code. Oh well.
EDIT: Nevermind, I re-read the e-mail and they do look at some of the code (just not all of it).
PM me
someone is taking revenge for alphascam now no more cheap web hosting , also no more alpha , master, beta reseller offer on LEB
Didn't realize Martin Shkreli runs the show at cpanel...
We've always been upfront that our specialty is in practical security testing, not auditing source code.
With that said, we of course do look over the source code but it's not our main focus. There are many companies out there that do source code auditing line-by-line and I can guarantee they charge 100x more than we do and miss things that we have found using our testing methodology.
A good example would be the security research we're currently doing with anti-virus software and how some of the top vendors are affected. These companies have million dollar budgets, some of the brightest minds in security, how many dozens of developers and QA people... and yet... we somehow find ways to gain root or admin level access. (Expect some news articles dropping soon!)
Do we miss things? Sure, but I always tell clients we strive to find 99% of security flaws in their software and I like to think we meet that. #shrugs
Miss your presence around these parts Pat.
The owner of cPanel, https://oakleycapitalinvestments.com/
Thanks for the response, I wasn't saying it was a bad thing that you don't do line-by-line auditing merely addressing that you don't do it which I felt some people got that impression based on a comment about a code audit you did of VestaCP many moons ago.
I am very interested to see how this affects hosts here, in particular hostmantis as they are arguably one of the most competitive price wise.
I'd support a move away from cpanel..
Did cpanel get completely bought out? As in, did the original management team make their exit from cpanel already?
Guys, so I might be dumb since I don't understand the new pricing / tiers.
Let's talk about the small people, people like me with a WHM license for VPS, paid monthly to host 5 accounts.
Also let's talk about managed hosts like KnownHost, for example I have services there too. I assume they would have to charge more to their customers now? Since they include cPanel on their VPS.
Also how much the prices will increase for partners reselling cPanel/WHM licenses? For example buycpanel or licensepal.
Let's talk these scenarios.
https://www.prnewswire.com/news-releases/oakley-capital-to-invest-in-cpanel-300699788.html
According to cPanel's about me page, "J. Nick Koston" is still CEO.
https://cpanel.net/company/
so overall news is Oakley Capital killed half the internet in one stroke ?
Half of companies that post offers on Low End Box perhaps.
Awesome name: Pony control panel or cPony
even normal cpanel companies will struggle because many sells unlimited reseller hosting
pPanel.
Well "unlimited reseller" was never really a good idea.
Didn't vestacp had a huge security issue last year?
Just one security issue?
The whole thing is a gaping security hole.
If anyone wants to participate: their slack shared invite still works https://cpanelcm.slack.com/join/shared_invite/enQtMzYzNzMxODk5NTY4LTU5ODNiNDUwMjcyMjRkNThjY2UxNmU5ODUyZGFhODU3YmU4MjYwOGM4Njc5YTU5MzAzODVmZmI2NWQ0YzI2MzE
True, but exim had a security issue and so did the Linux kernel itself had issues.
Vestacp issue was worst than even the exim issue.
Do you mean the one where a server not running VestaCP got hacked or do you mean a security issue in the code itself?
What I meant was there's always security issues on all softwares. It's the matter of who finds it first. If VestaCP gets used more often, there will be more people contributing to the code, thus a chance of vulnerability getting fixed faster
the Hestia project is a small group of people that decided after the incidents around Vesta last year to fork it and change quite some things, especially security related.
it was decided to have that more as a personal fork with own repos that are controlled by more than one dev alone, and available for the members of the group for the time being.
of course it's also public for everyone to use and review, but we do not aim for being a competitor to whomever.
however, our own infrastructure makes us less relying on updates happening over at Vesta or not and gives the possibility to decide and review on what to merge or develop and what not etc. rather than waiting for a single guy.
that's also why so far it's only debian/ubuntu - no centos user here (there is a centos-based fork from belgium madeIT, but can't tell much about that).
and that's why the website and board are quite grandfathered. it's easier to handle issues directly in github amongst a group rather than tracking them down in a forum.
we only already provide the forum in case the number of users will grow and there is a place needed for community-driven support ;-)
mariadb and nginx are pulled from their official repos to have the newest version. for php it uses surys repo to have the newest release of multiple versions. the UI itself made a ton of process while leaving most parts of the UX intact.
there are quite some features where it already is on top of vesta, like using seperate ssl-certificates per mail domain (optional) and so on and forth - but still much work to do as big parts of the underlying code is obviously still from Vesta, it's a fork after all ;-)
after a few capable people finally took on the coding tasks and it made quite some progress in the last months, version 1.0 was released just a few days ago.
despite a lot of testruns, that also came with quite some unforseen bugs (not security related) in specific use case scenarios, which have been dealt with in a timely manner in 1.0.1
I use Hestia in production since the beginning and have never looked backed, however - that is my decision and responsibility and not someone else (as it goes for the use of all free git projects)
btw: standard vesta backups are restorable into hestia directly so there is a migration path for that, but yet nobody thought about cpanel ;-P
TL;DR; this is a group of some self-motivated people driving it to their needs. I can only suggest, you'd try it yourself, but it always be your own responsibility to know what you are doing (as it would be with vesta too). feel free to reach out to me, if you have you more in depth questions.
Sounds right up my taste alley.
Taking a look https://github.com/hestiacp/hestiacp/releases
give it a try, you'll probably also love the freshened UI ;-)
and let me know what you think whether positive or negative, every feedback is welcomed.
College apartment actually, atleast 20 years ago.
I actually remember that night...I was on the phone with Nick and was explaining this reseller function that I wanted implemented, and I went to sleep, and the next morning I woke up and he had it coded and ready for testing.
That is pretty much how alot of the new features got added back then...thank's to Nick's Red Bull addiction.
.