Updates on SolusVM alternatives?

MannDude

Just a dude
vpsBoard Founder
Moderator
Lot of different panels were being said to be in the works after the SolusVM exploits. What are the updates?

I know there are a few providers rolling solutions for themselves, what about the options available to other companies?
 

Magiobiwan

Insert Witty Statement Here
Verified Provider
Feathur is being rolled out for BlueVM OpenVZ Clients now, with KVM Support to come after our roll-out is done. Almost ready for full release :D
 

Francisco

Company Lube
Verified Provider
Capisso, the hosted solution, looks to still be getting github commits.

The one Kujoe was supported is still going to be released I think but it'll need a lot of love according to Joe. Progress on this one got murdered since Dimebag is a useless sack.

ServerIan was looking for funding on his but the price was simply too high and I think he said screw it.

Francisco
 

Jade

NodeServ
Verified Provider
Capisso, the hosted solution, looks to still be getting github commits.


The one Kujoe was supported is still going to be released I think but it'll need a lot of love according to Joe. Progress on this one got murdered since Dimebag is a useless sack.


ServerIan was looking for funding on his but the price was simply too high and I think he said screw it.


Francisco
Do you know when Joe will release his?
 

KuJoe

Well-Known Member
Verified Provider
The panel I am working on (VPSM) is in testing right now. I have about 75% of the OpenVZ controls done and I'm working on the IP management right now. I was going to upload the work that is done to a Google Code repo I setup but there are current developments and other things going on so I'm holding off on this for the time being.
 

Jade

NodeServ
Verified Provider
The panel I am working on (VPSM) is in testing right now. I have about 75% of the OpenVZ controls done and I'm working on the IP management right now. I was going to upload the work that is done to a Google Code repo I setup but there are current developments and other things going on so I'm holding off on this for the time being.
Can't wait to see it :)!
 

drmike

100% Tier-1 Gogent
*ME* wonders how many folks are still holding Solus back from public for use and requiring customers submit tickets to manage their service...
 

Francisco

Company Lube
Verified Provider
*ME* wonders how many folks are still holding Solus back from public for use and requiring customers submit tickets to manage their service...
123systems still is and CVPS is as well I think? I can't recall anyone else.

Fran
 

perennate

New Member
Verified Provider
With the official module? The official module had security issues too.
IMO that was issue with curl, who says your root password can't have a bunch of dashes and random letters that happen to contain the request boundary? Now SolusVM won't let you set your root password to, like, anything.
 
Last edited by a moderator:

JackDoan

New Member
IMO that was issue with curl, who says your root password can't have a bunch of dashes and random letters that happen to contain the request boundary? Now SolusVM won't let you set your root password to, like, anything.
Good! I always set it to something lame and IMMEDIATELY change it inside the VPS to something else. There's no need for Solus (or WHMCS) to store it.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Good! I always set it to something lame and IMMEDIATELY change it inside the VPS to something else. There's no need for Solus (or WHMCS) to store it.
Same here. Usually something temp, and once I get the VPS welcome email the first command I issue is 'passwd' and that I store somewhere safe.
 

SkylarM

Well-Known Member
Verified Provider
IMO that was issue with curl, who says your root password can't have a bunch of dashes and random letters that happen to contain the request boundary? Now SolusVM won't let you set your root password to, like, anything.
We generate random passwords for clients and in the welcome email tell them to change their password to something secure that only they know. It's not a good idea to have your service password sitting in two databases if you can help it.
 

Francisco

Company Lube
Verified Provider
We don't push passwords to people anymore.

We used to but we stopped doing that since we had far too many complaints about root passwords.

When billing2 merges we'll most likely making it so when a new VM provisions against you it'll email/TXT it to you.

Francisco
 
Last edited by a moderator:

perennate

New Member
Verified Provider
Good! I always set it to something lame and IMMEDIATELY change it inside the VPS to something else. There's no need for Solus (or WHMCS) to store it.
Sure, but my point was that probably more applications than SolusVM are affected by failure of POST boundary to actually be a boundary between the arguments, which are passed as an array (this has since been fixed in curl). And for your second statement: setting password in VM doesn't necessitate storing it in web application.
 
Last edited by a moderator:

Cloudrck

Member
Verified Provider
Any organization can take Proxmox VE and modify it anyway they like (open source). Seems to be the most stable platform around. The only issue is that it doesn't hold your hand as SolusVM does/did.
 
Last edited by a moderator:

kaniini

Beware the bunny-rabbit!
Verified Provider
The stuff I did/am working on is available on Bitbucket like it always has been.  I'm not too interested in a commercial product though -- I consider use of the software as a reward for being clueful enough to put it all together and make it work.
 

acd

New Member
Any organization can take Proxmox VE and modify it anyway they like (open source). Seems to be the most stable platform around. The only issue is that it doesn't hold your hand as SolusVM does/did.
Most of the features of Proxmox are wasted as an end user platform since it doesn't support quotas at all. You can't reasonably grant the VM.Allocate, VM.Config or Datastore.Allocate privs. Maybe in the next few iterations that will get cleaned up. (And don't say DIY, because if you have the skill to prevent people from over-allocating CPU time in anything other than the most naive way--disable cpu priority & limit total core count, you don't need to be using proxmox. Same thing goes for io time, etc.)
 

Cloudrck

Member
Verified Provider
(And don't say DIY, because if you have the skill to prevent people from over-allocating CPU time in anything other than the most naive way--disable cpu priority & limit total core count, you don't need to be using proxmox. Same thing goes for io time, etc.)
I disagree, I don't see how you can come to such a conclusion. It's that mentality that keeps software from reaching it's full potential. If someone has the skill, why re-invent the wheel with another system when one could modify Proxmox? It's open source for a reason. I look at Proxmox VE as a platform to build upon and for users to make better.
 
Top