Since everybody and their dog have started writing VPS panels, I figured I might as well provide an update on CVM, answering some frequently asked questions.
Is CVM still being developed?
Yes.
Why isn't it done yet?
As the amount of donations I received for CVM were nowhere near covering my living expenses, I had to take on other paid open-source work to keep a roof above my head. This means that a significant chunk of my time is now invested there, and not in CVM.
Aside from this, I've had various things slowing me down; focus issues, having to move, etc.
So what will happen now?
There are no plans to abandon CVM, or change its course.
I currently have a stable income from the other work I took on. This is (barely) enough to cover my living expenses. I am currently renting and not squatting, which means I won't have to move unexpectedly - this greatly helps for my peace of mind
I've developed a very specific todo list application to help me get rid of my focus issues, and get more things done. So far, I've noticed an incredible increase in focus, productivity, and overall happiness. Most of my todo list currently consists of CVM-related tasks, so development will move along fairly quickly from now on - my estimate is that while a large chunk of my time goes to aforementioned paid open-source work, I can still put about 30-40% of my development time into CVM.
I've also forced myself to start using a proper branch model in the version control; this should make things less messy and speed up development as a result. The repository, as always, can be followed here (be sure to look at the correct branch).
When will it be done?
Historically speaking, I've been terrible at giving ETAs and actually meeting them. I won't be giving a hard deadline this time - I'd just end up going past it anyway.
As my todo list application is relatively new, I'm still in the process of compiling a full list of what has to be done in CVM. When I have a more complete list, I'll post my CVM todo items in here frequently to give an idea of the progress.
Will it support Xen/KVM/etc.?
The plans for this are still the same as they originally were - the initial version will feature OpenVZ support, and support for KVM and Xen will be added later on. Other virtualization platforms will be considered after that.
How can I send you suggestions/questions/etc.?
Either post in this thread, e-mail me at [email protected], or file a ticket in the GitHub repository (in case of feature requests or suggestions). I'll update this post as new questions are asked and answered.
I also want to emphasize that I provide a 48-hour security patch guarantee. If a vulnerability of some sort is reported to me with enough information to figure out where it is, I guarantee to have a security patch available within 48 hours of the initial report. This obviously does not apply to things that are physically impossible for a human to do in 48 hours, such as rewriting an entire panel - in this case, it will be fixed as soon as humanly possible.
Be sure to send vulnerability reports to [email protected]. If I don't hold up to this guarantee, feel free to post everywhere about how I don't take security seriously
EDIT: My OTR/GPG keys can be found here.
Conclusion
The last year has been quite challenging for me - I've had a lot of things in my personal life to deal with, quite a lot of distractions, and quite a few large changes. I'm still here, still writing open-source code, and still really wanting to finish CVM - not just the first version, but as a continuously developed project.
Then, a last note to those that are currently working on their own panel: please do realize that writing a proper VPS panel entails a lot of challenges, and one hack or controversy could mean your project is dead in the water. A VPS control panel is one of those things where security is just so vital that you can't afford to compromise on it; don't make the mistake of cutting corners or thinking "oh, I'll fix that vulnerability later". I wish you best of luck, but ensure that you know what you're doing.
- Sven
Is CVM still being developed?
Yes.
Why isn't it done yet?
As the amount of donations I received for CVM were nowhere near covering my living expenses, I had to take on other paid open-source work to keep a roof above my head. This means that a significant chunk of my time is now invested there, and not in CVM.
Aside from this, I've had various things slowing me down; focus issues, having to move, etc.
So what will happen now?
There are no plans to abandon CVM, or change its course.
I currently have a stable income from the other work I took on. This is (barely) enough to cover my living expenses. I am currently renting and not squatting, which means I won't have to move unexpectedly - this greatly helps for my peace of mind
I've developed a very specific todo list application to help me get rid of my focus issues, and get more things done. So far, I've noticed an incredible increase in focus, productivity, and overall happiness. Most of my todo list currently consists of CVM-related tasks, so development will move along fairly quickly from now on - my estimate is that while a large chunk of my time goes to aforementioned paid open-source work, I can still put about 30-40% of my development time into CVM.
I've also forced myself to start using a proper branch model in the version control; this should make things less messy and speed up development as a result. The repository, as always, can be followed here (be sure to look at the correct branch).
When will it be done?
Historically speaking, I've been terrible at giving ETAs and actually meeting them. I won't be giving a hard deadline this time - I'd just end up going past it anyway.
As my todo list application is relatively new, I'm still in the process of compiling a full list of what has to be done in CVM. When I have a more complete list, I'll post my CVM todo items in here frequently to give an idea of the progress.
Will it support Xen/KVM/etc.?
The plans for this are still the same as they originally were - the initial version will feature OpenVZ support, and support for KVM and Xen will be added later on. Other virtualization platforms will be considered after that.
How can I send you suggestions/questions/etc.?
Either post in this thread, e-mail me at [email protected], or file a ticket in the GitHub repository (in case of feature requests or suggestions). I'll update this post as new questions are asked and answered.
I also want to emphasize that I provide a 48-hour security patch guarantee. If a vulnerability of some sort is reported to me with enough information to figure out where it is, I guarantee to have a security patch available within 48 hours of the initial report. This obviously does not apply to things that are physically impossible for a human to do in 48 hours, such as rewriting an entire panel - in this case, it will be fixed as soon as humanly possible.
Be sure to send vulnerability reports to [email protected]. If I don't hold up to this guarantee, feel free to post everywhere about how I don't take security seriously
EDIT: My OTR/GPG keys can be found here.
Conclusion
The last year has been quite challenging for me - I've had a lot of things in my personal life to deal with, quite a lot of distractions, and quite a few large changes. I'm still here, still writing open-source code, and still really wanting to finish CVM - not just the first version, but as a continuously developed project.
Then, a last note to those that are currently working on their own panel: please do realize that writing a proper VPS panel entails a lot of challenges, and one hack or controversy could mean your project is dead in the water. A VPS control panel is one of those things where security is just so vital that you can't afford to compromise on it; don't make the mistake of cutting corners or thinking "oh, I'll fix that vulnerability later". I wish you best of luck, but ensure that you know what you're doing.
- Sven
Last edited by a moderator:
