All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Panel, or no panel... no leaks...
So one thing I always seem to be coming back to is this:
- No matter what panel you use you always risk one thing: leaks.
There are some pros such as (easier for Staff, etc... billing, etc... you want to go to vacation, etc. very easy to understand if you sell a lot of shared hosting, VPS, etc.) but what in cases where you could in fact wait a few weeks, or even a month to get the payment, or simply get the payment through Signal, or Telegram?
Invoicing isn't that difficult, because they can send it to you via IM.
Now, the question is... some clients will naturally need the invoice, some not. Some are not in their home country, some simply don't care.
How many of you care to be provided support the old way (a la XMPP, etc) and given full access (IPMI, etc) but without having to bother of doing any stupid shit like filling out unnecessary client information, giving email accounts, etc. Purely through IM.
Is anyone interested in this?
This is solely for:
- Dedicated Servers (Unmanged) (Anonymous)
- IPv4 (Anonymous)
- Aged ASN's (Anonymous)
Would you bother with a panel, or would you:
- WHMCS / Blesta, etc
- Signal
- Telegram
I guess I am just curious, because a really fair amount of my clients only do IM, and they are around 45-65yo.
- WHMCS, etc.12 votes
- Email58.33%
- Signal16.67%
- Telegram25.00%
Comments
$7
My opinion is that if you are doing very few sales, and keep in constant contact with everyone, you can get away without having a panel very easily.
Though once you start scaling, you need to start keeping in mind everyone [as well as their details], keep those invoice safe on your side for taxes, and you WILL [this is a given] run into a point where you won't be able to keep up. It will probably all start small with you mixing up some details of a customer/business, though will eventually evolve into forgetting to send out monthly invoices as customer hasn't reached out to you etc..
Personally I think that point is around when you cross the threshold of 10-15 customers. Especially if you run a one man show, where you are not only responsible for invoicing but dealing with the customers as well. [If doing reoccurring services - completely different world on one-time payments]
Now coming to your point about leaks: why not mix both systems up? Internal system for keeping all customers data central for automatic creation of invoices [+accounting], safely hosted in your home, while simultaneously using instant messaging for sending invoices, payment reminders etc?
P.S Fix your poll - fell for that a few times for myself, but the first field is for the title [in case you do multiple polls]
Thank you for the very thorough response, brother.
I have no interest in scaling, per se. It's more of a specialized service for those in need, so I am not so much as worried about that, as much as I am worried about things like what happened to the beloved CC, etc.
I'd much rather, at least in my opinion, keep everything as down low as possible, especially considering that it's 2025 -- and there are just too many skids. More than back in the times of when the first Hackers movie came out with Angelina jolie, if you know what I mean.
One thing I really agree with you is that I would say yes and no: best way is a ledger, at least in my opinion, however, not that type of ledger, but the type of a ledger that only you are able to understand and decipher. IMHO.
Also, seems like I can't fix the OP, unfortunately... I HATE YOU VANILLA!!! DEVIL'S WORK. I tell you.
I'd say that majority of those "hacks" are just companies completely, and outright ignoring simple OpSec. Leaving everything in as simple state as possible, and going by: it hasn't happened to us, so it's not a problem.
99% of skids are just simply some teens looking at simple CVE exploits, and trying to poke random systems. 99.99% this results in no exploits being found, but there is that case of the 0.01%, which companies sometimes just don't know about, sometimes simply don't care to even secure their services in the slightest.
Thankfully for every 10 skids, there is usually at least one white hack dude who is looking out, and sometimes reporting stuff that are real issues.
Another problem that exists is just venture capitalists trying to make a quick buck, so they outright buy a company, then say fuck you to their Security team actively looking out for bugs, as they are in their eyes a useless number + WE'VE NEVER BEEN EXPLOITED. Well, there is a reason on why...
Very good point, to be honest.
Opsec is everything at the end of the day, but I guess that's the reason why I refuse to do anything to do with virtualization (even if Proxmox), not because it wouldn't bring additional revenue, but because it's yet another thing to worry about, whereas with bare metal, it's just one of those things where you let the client do whatever he wants, and if he messes it up, well, his fault, you know...
But, yes, you are right -- I guess I was MAINLY wondering how many people would willingly provide their information? Especially their email address, if all they could provide was their IM account.
Obviously, unless it's a bigger order, then they would have to pay by crypto.
But, otherwise... I think it would be a win -- win. Can't give, what you don't have, IMHO.
Thank you for the response, btw.
Working for one of those tech companies, one thing I learned is that the security team simply CANNOT be trusted. They can't even install Wordpress, I am not even joking... let alone login to a server... I have no fucking clue how they got their AWS certs.
That is true, though I'd say even simple OpSec will keep mostly everyone out [esp. when it comes to proxmox - just give it it's own network that's only accessible via a VPN + basic hardening and viola!]
I'd say that e-mail isn't really PI, and is the bare minimum, though I guess an IM account could be a replacement. Also not sure who your exact audience is, but as soon as you go to the threshold of selling to companies [esp. European], they will need proper invoices with all of their as well as your details for accounting.
From how I see it: this is a pleasant & calm exchange between the two of us, so I'm more than happy to engage!
I'd say there are 2 types of OpSec people:
1. People who are obsessed. They will lock everything down, and you will always have to chase them down for any kind of access with proper explanation
2. People who are just clueless, and got their certs by a stroke of luck/learning by the book. In here it's worthwhile mentioning the failing education system [not just school wise, but also the certs, courses etc...]. Majority of them I personally see as useless [still remember when I was doing cPanel certs], that don't teach you anything more short of: learn by the book for an exam that will have a few written questions. These companies don't care at all about the things they are teaching you. They only usually nowadays care about money. Very honorable mention in this case is CompTIA. Ancient, with useless information about nowadays tech, just running of their legacy reputation.
I've at this point worked with 2 companies from LET: ReadyDedis & Crunchbits, while simultaneously attending high school that was half a trade school. I've got my cert from it:
Guess how many of the things outlined in it I've actually learnt in school.
Answer: Practically nothing.
First exam was just pure bullshitting [about configuring routers etc...]. The school provided us wrong hardware that didn't support the features required by the exam, so I just bullshitted my way through it. One task was to create VLANs with different IP pools. I've just used descriptions, and as the person that was checking what I've done was a polish teacher [no kidding], she just straight up marked it as correct.
I'd say that my current knowledge was mostly learnt from Crunchbits & Readydedis, but now the new people are encountering another road block: lack of entry level positions + they just throw you in, and expect you to know everything from day one.
Now imagine a new OpSec employee joining a company for the first time with his 5-10 certs, not having any real world experience being tasked with running the whole operations. Result: Either you will have a very hard time getting anything done there, as he is scared that the company will get hacked, or you will get admin access to everything day 1.
Sorry for not quoting everything, but this is the most relevant of all to me:
It it is crazy how very few email options there are out there for the privacy-conscious... if you take out the usual suspects (Cock, Proton, etc) and you are basically left with the Tor affiliated ones that disappear every month or so... which led me to believe, if I were to allow Proton: No Russian users will be able to sign up... if I were to allow Cock: A fair amount won't be either, and vice versa... which leaves us in a situation where maybe the way of Telegram bots might be the future, even? Still.. I honestly do prefer emails, personally... especially iCloud -- but I can understand why a customer might not be able to do so.
I guess it will be interesting to see how other privacy-conscious hosts deal with this?