WP Tavern › Forums › Create Topic
Marcelo Too much hype, I would think it twice. TL;DR: trying to control OS features from a OS based CRM is as bad idea as it was Windows 3.1, running on top of the OS instead being Windows the OS itself, like nowadays it is. To control the OS from within WP you are relying on WP, which depends of its MySQL database and will need the right PHP permissions and settings to send commands to the operating system, which must be correctly escaped and using an API to avoid being abused. Building a hosting panel on top of WP don’t look like a good idea. And here’s why, from my sysadmin and WP power user point of view: STABILITY: you will try to control OS features from an Apache/Nginx based application? And what will happen when you save Apache configurations and the daemon have to be restarted, or even better, when you have to upgrade and recompile an entire Apache server, or upgrade to a newer PHP and/or MySQL version. Lots of Ajax calls will be lost, broken, and if it is not finely coded, you can end with a blank, unresponsive, screen. HARD TO INSTALL: if HostPress is intended to be easy of use for non sysadmins, I don’t see how easy may be its first installation from the console when a non sysadmin doesn’t ever know how to load a console. Hosting companies should sell servers with HostPress preinstalled, like they currently do with cPanel, only that HostPress will require them to first go configuring the basics of LAMP to meet basic requirements, install WP, install HostPress, configure it, and secure it, and pray that the user is not dumb enough to set a weak password, which will obviously happen, unless HostPress check the quality of passwords. Maybe HostPress should implement an all-in-one install like WP-CLI does. SECURITY: WHAT ABOUT XSS VULNERABILITIES? Consider the fact that new XSS vulns will be discovered, and they may be found in the WP core, or even within HostPress. This is two software products to be patched, compared to cPanel being only one. Also, WP don’t have autoupdates for major versions. Combine that with the fact people don’t use to check for updates: It’s a matter of time before your server becomes vulnerable/unstable. Plesk and cPanel have autoupdates for minor and major versions, AND it also upgrades the OS binaries to keep you up to date and secure. SECURITY: WHAT ABOUT FIREWALL PROTECTION? since HostPress is replacing cPanel, you won’t be able to use ConfigServer Firewall (the ultimate free server firewall), you should stick to any of the console based firewalls, like APF. It will need a daemon to interface with HostPress, and in busy servers the flow of such communication could lead to a high IO that would help slow down the server performance, helping bots to perform a DDoS with less efforts. The UI basic requirement for a firewall is to have the LESS possible amount of layers between it and the OS. And if you must operate it from HostPress, you have the load time of WP core+theme+plugins, the performance of Apache, PHP, MySQL, and then the daemon to control the firweall at OS level. Such a thing could turn the server unresponsive with the smaller brute force attack to a WP login page. SCALABILITY: WHAT ABOUT DUMB USERS? One thing that make cPanel great for sysadmins, is that end users cannot install plugins to extend its functionality. Of course, there is an API and a lot of cPanel plugins does exists, but they are fortunately not intended for end users. And there is a reason: non-tech people will do a mess if they can install any plugin they want. And that’s exactly what may happen with HostPress. They will have to do an amazing coding job to hide menus and prevent users from installing anything beyond HostPress. The WordPress install used by HostPress cannot be used to anything else than running HostPress. Enabling an API to install plugins is the recipe to give support to thousands of tickets. The available plugins will then need to be installed from soemthing similar to the Play Store, being previously tested and approved. OS INTEROPERABILITY: HostPress will need a couple daemons running in the background at OS level, along with WP cron tasks to monitore it. Those daemons should be the real actors and be able to do a lot of things: included but not limited to install/update/configure/uninstall services like Apache, MySQL/MariaDB/postgreSQL, PHP, Exim, Courier/Dovecot, DNS services, IP associations, TCP connections, FTP, SSH, syslog, monitor bandwidth, firewall, cron tasks, and be able to manage a couple 20-30 extra components like Perl, CGI scripts, PECL, PEAR, and so on. You name it. I really think they will go nuts trying to manage efficiently all these thingies from WP screens. DESIGN: oh I bet HostPress will be blazingly beautiful. No doubt at all. But given all of the items above, I wouldn’t use it. I guess why GoDaddy didnt answered his messages: they dont have time to write such a large explanation of how this project may fail. In regards of the crowdfunding itself, I think $175k is a small budget and 1 server guru is not enough. Just consider why cPanel is made by dozens of engineers with a high grade salary… The purpose of this comment is not to boicot, but to help him have a more comprehensive view of what are some of the problems they will be facing if they are serious about this. Hope it helps. Best regards!
Marcelo
Too much hype, I would think it twice.
TL;DR: trying to control OS features from a OS based CRM is as bad idea as it was Windows 3.1, running on top of the OS instead being Windows the OS itself, like nowadays it is. To control the OS from within WP you are relying on WP, which depends of its MySQL database and will need the right PHP permissions and settings to send commands to the operating system, which must be correctly escaped and using an API to avoid being abused.
Building a hosting panel on top of WP don’t look like a good idea. And here’s why, from my sysadmin and WP power user point of view:
STABILITY: you will try to control OS features from an Apache/Nginx based application? And what will happen when you save Apache configurations and the daemon have to be restarted, or even better, when you have to upgrade and recompile an entire Apache server, or upgrade to a newer PHP and/or MySQL version. Lots of Ajax calls will be lost, broken, and if it is not finely coded, you can end with a blank, unresponsive, screen.
HARD TO INSTALL: if HostPress is intended to be easy of use for non sysadmins, I don’t see how easy may be its first installation from the console when a non sysadmin doesn’t ever know how to load a console. Hosting companies should sell servers with HostPress preinstalled, like they currently do with cPanel, only that HostPress will require them to first go configuring the basics of LAMP to meet basic requirements, install WP, install HostPress, configure it, and secure it, and pray that the user is not dumb enough to set a weak password, which will obviously happen, unless HostPress check the quality of passwords. Maybe HostPress should implement an all-in-one install like WP-CLI does.
SECURITY: WHAT ABOUT XSS VULNERABILITIES? Consider the fact that new XSS vulns will be discovered, and they may be found in the WP core, or even within HostPress. This is two software products to be patched, compared to cPanel being only one. Also, WP don’t have autoupdates for major versions. Combine that with the fact people don’t use to check for updates: It’s a matter of time before your server becomes vulnerable/unstable. Plesk and cPanel have autoupdates for minor and major versions, AND it also upgrades the OS binaries to keep you up to date and secure.
SECURITY: WHAT ABOUT FIREWALL PROTECTION? since HostPress is replacing cPanel, you won’t be able to use ConfigServer Firewall (the ultimate free server firewall), you should stick to any of the console based firewalls, like APF. It will need a daemon to interface with HostPress, and in busy servers the flow of such communication could lead to a high IO that would help slow down the server performance, helping bots to perform a DDoS with less efforts. The UI basic requirement for a firewall is to have the LESS possible amount of layers between it and the OS. And if you must operate it from HostPress, you have the load time of WP core+theme+plugins, the performance of Apache, PHP, MySQL, and then the daemon to control the firweall at OS level. Such a thing could turn the server unresponsive with the smaller brute force attack to a WP login page.
SCALABILITY: WHAT ABOUT DUMB USERS? One thing that make cPanel great for sysadmins, is that end users cannot install plugins to extend its functionality. Of course, there is an API and a lot of cPanel plugins does exists, but they are fortunately not intended for end users. And there is a reason: non-tech people will do a mess if they can install any plugin they want. And that’s exactly what may happen with HostPress. They will have to do an amazing coding job to hide menus and prevent users from installing anything beyond HostPress. The WordPress install used by HostPress cannot be used to anything else than running HostPress. Enabling an API to install plugins is the recipe to give support to thousands of tickets. The available plugins will then need to be installed from soemthing similar to the Play Store, being previously tested and approved.
OS INTEROPERABILITY: HostPress will need a couple daemons running in the background at OS level, along with WP cron tasks to monitore it. Those daemons should be the real actors and be able to do a lot of things: included but not limited to install/update/configure/uninstall services like Apache, MySQL/MariaDB/postgreSQL, PHP, Exim, Courier/Dovecot, DNS services, IP associations, TCP connections, FTP, SSH, syslog, monitor bandwidth, firewall, cron tasks, and be able to manage a couple 20-30 extra components like Perl, CGI scripts, PECL, PEAR, and so on. You name it. I really think they will go nuts trying to manage efficiently all these thingies from WP screens.
DESIGN: oh I bet HostPress will be blazingly beautiful. No doubt at all. But given all of the items above, I wouldn’t use it. I guess why GoDaddy didnt answered his messages: they dont have time to write such a large explanation of how this project may fail.
In regards of the crowdfunding itself, I think $175k is a small budget and 1 server guru is not enough. Just consider why cPanel is made by dozens of engineers with a high grade salary…
The purpose of this comment is not to boicot, but to help him have a more comprehensive view of what are some of the problems they will be facing if they are serious about this. Hope it helps.
Best regards!
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
