DimeCadmium
New Member
That was the idea. The only issue for me is whether Linux'll allow the login shell to be setuid 
Yet Another SolusVM Alternative: VPSM
- Thread starter KuJoe
- Start date
- Status
DimeCadmium
New Member
Okay, how did I not know about this one
Yep, that'd be good. I've also been thinking, even if the user's shell can't be setuid, I suspect the authorized_keys command="" can be. I'll have to test that all before I know though
Yes, it is possible, but you shouldn't do it this way. Instead use a setuid-helper binary for things which absolutely need setuid.That was the idea. The only issue for me is whether Linux'll allow the login shell to be setuid
That way you have a reduced attack surface.
DimeCadmium
New Member
Normally I'd agree, but the idea is that essentially anything it tries to do will require root: vzctl, "console"s, etc. On the other hand I'll get to it when I get to it!
Just to let everyone know the plans I'm finalizing a timeline with KuJoe right now that's looking at a August 1 completion (at least for the features he requires).
Last edited by a moderator:
DimeCadmium
New Member
What does the license have to do with the "loftiness" of the goals? I'd say the license would make it more likely to meet those goals because anyone can make it meet the goals even if I were to {quit,die,disappear}.
Edit: oh, and this is a serious question - I'm curious what your reasoning is for this, because I've heard similar things before.
Last edited by a moderator:
Please keep in mind that even though this software is open source (MIT license), it is still a paid project that will receive a paid external audit upon completion. I know some people associate FOSS with lesser quality or hobby work so I wanted to dispel that association with VPSM.
acd
New Member
The goals are lofty in that you're giving the feature set away for free. MIT & BSD licensed code usually end up getting ripped off and having the smallest feature set because their license is so permissive, resulting in a reduced userbase except for projects that are effectively the "killer app" of their category. My experience has been that a lot of these projects, without proper funding, management, and/or dedication, get abandoned, which I hypothesize is because of a lack of positive reinforcement for the developer, either through "people use my product and credit me, that's awesome" or monetary feedback through licensing for bugfixes and commissions for feature additions. Long term maintenance of a software project is a commitment that requires significant effort; it's not a one-and-done deal, especially with technology that is in flux like VPSes and on top of software stacks like PHP. If the developer isn't getting SOME kind of return on investment, he's not going to continue sinking time into it.
Additionally, it's unlikely for someone else to pick up the mantle for your software projects regardless of open source license. Most developers with the enthusiasm to do so will boldly try to restart their own instead of using yours, many (arrogantly, I've been guilty of this too) believing they can do it better than their predecessors "because they're better". Hell, on this board alone, I count SEVEN different vps manager projects in various states of development. Your best chance of finding a developer to continue the project is having a user who wants to keep using it after you've dropped who takes up support, which I haven't seen very often in the open source community.
This is obviously my personal opinion, and there are many counterexamples to it. But KuJoe announced a project with no development plan--especially no timeline, no formal requirements, no architecture plan (api/rpc style/backend software if only a language/front end software/access control model/middleware used/etc), and source code repository smaller than this post with only an expected feature set. Sound familiar? Anyone remember Diaspora?
Maybe you guys are much better at project management than I credit you with at first glance, but I see a lot of initial red flags. As far as I know, only you (DimeCadmium) is listed as a developer so far, on a project that'll be at least 2k LOC, if done quick and dirty. Your github account has not been used enough to credit your skill level as capable of taking on such a project; your longest commitment to a project was 7 commits over 4 days. Granted, I know github is not a good reflection of skill or dedication, but that's all I have to base my judgement on.
As much as I would like to see this project succeed, I simply don't have enough information to judge if that is likely.
best regards and best of luck,
-tw
Additionally, it's unlikely for someone else to pick up the mantle for your software projects regardless of open source license. Most developers with the enthusiasm to do so will boldly try to restart their own instead of using yours, many (arrogantly, I've been guilty of this too) believing they can do it better than their predecessors "because they're better". Hell, on this board alone, I count SEVEN different vps manager projects in various states of development. Your best chance of finding a developer to continue the project is having a user who wants to keep using it after you've dropped who takes up support, which I haven't seen very often in the open source community.
This is obviously my personal opinion, and there are many counterexamples to it. But KuJoe announced a project with no development plan--especially no timeline, no formal requirements, no architecture plan (api/rpc style/backend software if only a language/front end software/access control model/middleware used/etc), and source code repository smaller than this post with only an expected feature set. Sound familiar? Anyone remember Diaspora?
Maybe you guys are much better at project management than I credit you with at first glance, but I see a lot of initial red flags. As far as I know, only you (DimeCadmium) is listed as a developer so far, on a project that'll be at least 2k LOC, if done quick and dirty. Your github account has not been used enough to credit your skill level as capable of taking on such a project; your longest commitment to a project was 7 commits over 4 days. Granted, I know github is not a good reflection of skill or dedication, but that's all I have to base my judgement on.
As much as I would like to see this project succeed, I simply don't have enough information to judge if that is likely.
best regards and best of luck,
-tw
Last edited by a moderator:
DimeCadmium
New Member
Yes, that is why I chose it. However license violations are rampant anyways, so whether it's GPL or proprietary or MIT or WTFPL it doesn't really matter... However I fail to see how a permissive license translates to a small feature set. (see also next point)
MIT license requires attribution just like GPL. That is in fact why I chose MIT instead of WTFPL/"public domain" - attribution. "I wouldn't rip someone's software without credit, I don't want you to."
And frankly, if nobody is using my software because others have forked it and made better ones, great! I'll let them continue to make better ones. No, I won't continue to develop software X when there are better options that everyone uses (most likely, I would choose to work on the fork instead).
No, he announced a project with an (at the time) private and in-flux development plan, formal requirements, and architecture plan. Yes, source code is generall quite small when you haven't written any real code yet. I don't plan to write any code by tomorrow, either. I'd rather do my job (i.e. design program flow -> code program flow -> test program flow) than spew out low-quality code.
Essentially everything is available now on the site
- Timeline: http://vpsm.net/thread-3.html (No, I'm not sure I can get it done that fast. Yes, I think I can. This is my job for the next month, basically.)
- Requirements: in that link, and in the GitHub, more or less. They're spelled out a bit more perhaps in the contract (no, it is not and will never be "public" info).
- "Architecture plan": As stated several times before, that's what being decided now. (See also not going to spew out low-quality code.) Most of the info that's anywhere near decided is available in this very thread.
That's nowhere near true. Streak != longest commitment. (You might note that that streak was really 20 days, broken by Saturday, Wednesday, Thursday, Sunday, Tuesday, Friday. Presumably I had stuff to do so I could make money to... y'know... eat?)
Most of the stuff I have on Github is stuff that either got superseded by something else, or just hasn't gotten done because I have other priorities. KronOS (mustis/kronos) was originally supposed to be a team project (I only worked on it at all because the other coders convinced me to) and is now a... no one project. scrd was superseded by statsend; (aka: if someone finds a bug they should use software that isn't deprecated). statsend has, to my knowledge, no bugs; and no one wants any features of it (aka: if someone finds a bug they should report it on GitHub, not LET. Or at least somewhere I check, not LET). Etc etc etc.
So tl;dr if there's better software out there and no users of my software, no, I'm not going to maintain it, there's absolutely no reason to do so. If I am not aware of problems, no, I can't maintain it.
(Oh and by the way I don't get to eat if I don't finish because I don't get paid if I don't finish. That's more than enough motivation for me, I've already had my month of only-ramen for this year)
Last edited by a moderator:
DimeCadmium
New Member
Now that the wall-of-text is done:
If you have any comments, suggestions, requests, etc: http://vpsm.net/forum-3.html
If you want to discuss something with me: Freenode #jfr
Please, please, please do not comment on {the code,how I should do things,how the way I am doing things is bad,how the way I am planning to do things is bad} on IRC. Or anywhere else. Suggestions go on the forums. They do not go in #lowendbox, and they certainly do not go in unsolicited PM's to me. If you give me criticism without any reasoning or supporting evidence, said criticism will be moved directly to /dev/null. I have had about five issues with this in the past twelve hours.
If you have any comments, suggestions, requests, etc: http://vpsm.net/forum-3.html
If you want to discuss something with me: Freenode #jfr
Please, please, please do not comment on {the code,how I should do things,how the way I am doing things is bad,how the way I am planning to do things is bad} on IRC. Or anywhere else. Suggestions go on the forums. They do not go in #lowendbox, and they certainly do not go in unsolicited PM's to me. If you give me criticism without any reasoning or supporting evidence, said criticism will be moved directly to /dev/null. I have had about five issues with this in the past twelve hours.
Raymii
New Member
@KuJoe, you can use something like this: https://github.com/RaymiiOrg/restrict_ssh to even furhter lock down SSH, or just to log incoming stuff.
I really like the F/OSS part but beware that you might get ripped of, sadly.
Not everybody has all their stuff in github...
How could I get ripped off? We are making payments as portions are completed so if he disappears, he won't get paid and we'll hire somebody else.
I think you quoted the wrong person.
Last edited by a moderator:
I did think of that when I typed up this thread but we already had the name picked.
Yasa is easier to pronounce than VPSM. lol
Blame Cisco. I've been using way too much UCSM lately. :wacko:
Last edited by a moderator:
DimeCadmium
New Member
Getting ripped off happens whether it's open-source GPL, open-source MIT, public domain/WTFPL, closed-source, etc. The only question is how easy it is to be ripped off.
However, since it's MIT, you could technically say I'm explicitly allowing it to be ripped off.
Sounds awesome this would really change the market if it all works out.
Be aware that, unless you invent some other kind of meaning for the term, this will probably become trademark hell
- Status