TinyCP - Any experiences?

YmpkerYmpker OGContent Writer
edited December 2019 in General

Has anyone been using TinyCP? Any experiences you can share regarding this cp?
It looks pretty light-weigth and clean.

Demo: https://tinycp.com/page/show/demo

Thanked by (4)flips Abdullah Moe pepa65
Tagged:

Comments

  • SagnikSSagnikS Hosting ProviderOG

    @Ympker said:
    Has anyone been using TinyCP? Any experiences you can share regarding this cp?
    It looks pretty light-weigth and clean.

    Demo: https://tinycp.com/page/show/demo

    I started using it after facing several stupid issues with Virtualmin. The UI is really fast and clean, and seems to just work so far. I'd like to have nginx support though :sweat_smile:

    Thanked by (2)Ympker pepa65
  • YmpkerYmpker OGContent Writer

    @SagnikS said:

    @Ympker said:
    Has anyone been using TinyCP? Any experiences you can share regarding this cp?
    It looks pretty light-weigth and clean.

    Demo: https://tinycp.com/page/show/demo

    I started using it after facing several stupid issues with Virtualmin. The UI is really fast and clean, and seems to just work so far. I'd like to have nginx support though :sweat_smile:

    Thanks for the feedback :)

  • vyasvyas OGRetired

    Thanks.. just installed it - I agree that the UI is fast and clean. This is definitely something I can keep using on a test vps till it is ready for prime time.

    Thanked by (1)Ympker
  • AmitzAmitz OG
    edited December 2019

    The name of the panel though... Pedobear, pedobear...

    But it looks like a nice sleek panel. I wish there was something like a security audit that it has passed...

    Thanked by (1)Ympker

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1974 and still perfectly happy.

  • YmpkerYmpker OGContent Writer

    @Amitz said:
    The name of the panel though... Pedobear, pedobear...

    But it looks like a nice sleek panel. I wish there was something like a security audit that it has passed...

    Free panels rarely pay for audits like this since they only live from donations anyway.

    Thanked by (1)Amitz
  • Sure. It just helps with trust issues... ;)

    Thanked by (1)Ympker

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1974 and still perfectly happy.

  • SagnikSSagnikS Hosting ProviderOG
    edited December 2019

    Amitz said: I wish there was something like a security audit that it has passed...

    To be honest, if it were open source one can technically get it audited themselves, but it being closed source doesn't help :(

    Thanked by (2)Amitz pepa65
  • YmpkerYmpker OGContent Writer
    edited December 2019

    @SagnikS said:

    Amitz said: I wish there was something like a security audit that it has passed...

    To be honest, if it were open source one can technically get it audited themselves, but it being closed source doesn't help :(

    Well since they are (not yet) making any money from it, they don't have to proof anything to anyone. Those who like it can participate on their forums and get to know the members of the team, their ideals etc. those who don't.. well, can just use another free solution. If it was a paid panel, it'd be another story. I mean, my YmpKit on GitHub is nowhere near as stable/advanced as a project like Tinycp. But I also developed it for me to ease my personal workflow, not anyone elses. I shared it to get potential feedback/bug reports and to let others benefit from it, too. I don't want to proof anything to anyone though. That being said, I don't think they'd be opposed to someone donating them a security audit, or a security firm that wants their product to succeed, doing it for free. Wasn't there some security audit guy on this forum?

    Thanked by (1)pepa65
  • SagnikSSagnikS Hosting ProviderOG

    @Ympker said:

    @SagnikS said:

    Amitz said: I wish there was something like a security audit that it has passed...

    To be honest, if it were open source one can technically get it audited themselves, but it being closed source doesn't help :(

    Well since they are (not yet) making any money from it, they don't have to proof anything to anyone. Those who like it can participate on their forums and get to know the members of the team, their ideals etc. those who don't.. well, can just use another free solution. If it was a paid panel, it'd be another story. I mean, my YmpKit on GitHub is nowhere near as stable/advanced as a project like Tinycp. But I also developed it for me to ease my personal workflow, not anyone elses. I shared it to get potential feedback/bug reports and to let others benefit from it, too. I don't want to proof anything to anyone though. That being said, I don't think they'd be opposed to someone donating them a security audit, or a security firm that wants their product to succeed, doing it for free. Wasn't there some security audit guy on this forum?

    Fair enough, afaik, they have a plan to make it paid sometime in the future (about $1/mo iirc..?) They probably will get something done then I believe.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @SagnikS said:

    @Ympker said:

    @SagnikS said:

    Amitz said: I wish there was something like a security audit that it has passed...

    To be honest, if it were open source one can technically get it audited themselves, but it being closed source doesn't help :(

    Well since they are (not yet) making any money from it, they don't have to proof anything to anyone. Those who like it can participate on their forums and get to know the members of the team, their ideals etc. those who don't.. well, can just use another free solution. If it was a paid panel, it'd be another story. I mean, my YmpKit on GitHub is nowhere near as stable/advanced as a project like Tinycp. But I also developed it for me to ease my personal workflow, not anyone elses. I shared it to get potential feedback/bug reports and to let others benefit from it, too. I don't want to proof anything to anyone though. That being said, I don't think they'd be opposed to someone donating them a security audit, or a security firm that wants their product to succeed, doing it for free. Wasn't there some security audit guy on this forum?

    Fair enough, afaik, they have a plan to make it paid sometime in the future (about $1/mo iirc..?) They probably will get something done then I believe.

    Yeah, they suggest on the frontpage that they may be charging a "minimal fee" at some point. But until then, I believe that one shouldn't expect them to invest any money in an audit. Once they go commercial, that's another story.

    Thanked by (1)SagnikS
  • Thanks for this. I'm going to give this a try on my development server as a possible replacement for Virtualmin. The interface seems to be very clean and easy-to-use.

    Thanked by (1)Ympker
  • ulayerulayer Hosting ProviderOG

    It looks nice, I'll give it that, but their security claims on the index don't make much sense... kind of turned me away from it.

    Our custom security layer over HTTP.
    Connection to the IP is now secured.
    Our own guardian software.
    
    Thanked by (1)pepa65

    Universal Layer LLC, a privacy conscious hosting provider
    Check us out @ ulayer.net / twitter.com/ulayer_net

  • Not HTTPS, but HTTP + some custom something? Sounds weird ... :p
    Did try it out a bit on Debian 9. A bit buggy for Apache. Will retry on Debian 10.

  • @ulayer said:
    It looks nice, I'll give it that, but their security claims on the index don't make much sense... kind of turned me away from it.

    Our custom security layer over HTTP.
    Connection to the IP is now secured.
    Our own guardian software.
    

    You can encrypt stuff with javascript on the client and then pass it to the server.
    So its even encrypted when send over HTTP, without HTTPS.

  • ulayerulayer Hosting ProviderOG

    @Neoon said:

    @ulayer said:
    It looks nice, I'll give it that, but their security claims on the index don't make much sense... kind of turned me away from it.

    Our custom security layer over HTTP.
    Connection to the IP is now secured.
    Our own guardian software.
    

    You can encrypt stuff with javascript on the client and then pass it to the server.
    So its even encrypted when send over HTTP, without HTTPS.

    This sounds questionable. From their statement, can't really gather what they're doing at all, they're using buzzwords.

    The JavaScript to do all of that could be modified in transit if sent over HTTP though. It sounds like a backwards concept.

    Universal Layer LLC, a privacy conscious hosting provider
    Check us out @ ulayer.net / twitter.com/ulayer_net

  • YmpkerYmpker OGContent Writer

    @ulayer said:

    @Neoon said:

    @ulayer said:
    It looks nice, I'll give it that, but their security claims on the index don't make much sense... kind of turned me away from it.

    Our custom security layer over HTTP.
    Connection to the IP is now secured.
    Our own guardian software.
    

    You can encrypt stuff with javascript on the client and then pass it to the server.
    So its even encrypted when send over HTTP, without HTTPS.

    This sounds questionable. From their statement, can't really gather what they're doing at all, they're using buzzwords.

    The JavaScript to do all of that could be modified in transit if sent over HTTP though. It sounds like a backwards concept.

    Sounds weird indeed?

  • But aren't all the browsers wanting everyone to use HTTPS now? Or at least be moving your websites to use HTTPS in the near future.

  • YmpkerYmpker OGContent Writer

    @geekyhillbilly said:
    But aren't all the browsers wanting everyone to use HTTPS now? Or at least be moving your websites to use HTTPS in the near future.

    I think forcing SSL wouldn't be an issue. What the guys don't feel well about (including me) is that they use their "custom hardened HTTP" connection while they should be using HTTPS. Going with that people would assume there'd be more security flaws. Not that this has been proofed yet afaik but still..

    Thanked by (1)geekyhillbilly
  • @SagnikS said: I'd like to have nginx support though

    Seem like they have that now (v2).

  • @Ympker said: they should be using HTTPS

    They must be using https by now, there is no reason not to, and browsers are getting very hostile to non-ssl/tls.

  • FrankZFrankZ Moderator
    edited December 2022
  • Are we officially discouraging all necroposting? 🤔 B)

  • FrankZFrankZ Moderator

    @flips said:
    Are we officially discouraging all necroposting? 🤔 B)

    Don't you think that discouraging and maybe a bit of good natured mocking may be appropriate if you quote and answer someone from a three year old post ?

    Officially it was covered by Anthony in the first couple of comments in the rules thread.

    poisson said:
    Just checking if we need guidelines on necro posting. I know this place is barely a week old but it would be good to have a guideline for the future. I think people shouldn't be reviving threads older than two months for no good reason.


    InceptionHosting said:
    Covered in rule 1. :)

    Rule #1 Don't be a dick

    Thanked by (2)Falzo bikegremlin

    LES • AboutDonateRulesSupport

  • flipsflips OG
    edited December 2022

    Thanks, couldn't remember =)
    (In some forums it's almost the opposite, you get yelled at for opening new topics "when it's already covered", so it's nice to know and be reminded of the policies.)
    Not sure what punishment I deserve for being too lazy to scroll back to Anthony's rules, though ... :#

    Thanked by (2)FrankZ bikegremlin
  • FrankZFrankZ Moderator

    @flips said:
    Thanks, couldn't remember =)
    (In some forums it's almost the opposite, you get yelled at for opening new topics "when it's already covered", so it's nice to know and be reminded of the policies.)
    Not sure what punishment I deserve for being too lazy to scroll back to Anthony's rules, though ... :#

    Hey I completely understand, I am just trying my best to keep everything clean and orderly around here.
    Same as you I don't make any rules I just try to follow them. :)

    Thanked by (2)flips bikegremlin

    LES • AboutDonateRulesSupport

  • edited December 2022

    For the record: TinyCP has been & still is, completely stable and dependable, for the past few years, running a couple of my small informational websites. I have (small) donated to the cause on a number of occasions.

    Thanked by (4)Ympker ialexpw FrankZ skizio

    It wisnae me! A big boy done it and ran away.
    NVMe2G for life! until death (the end is nigh)

  • YmpkerYmpker OGContent Writer

    @AlwaysSkint said:
    For the record: TinyCP has been & still is, completely stable and dependable, for the past few years, running a couple of my small informational websites. I have (small) donated to the cause on a number of occasions.

    Thanks for the feedback mate :)

    Thanked by (1)AlwaysSkint
  • I thought this project was dead. It looks like they are bringing it back. I will have to spin up a VM on one of my Nodes and try it out.

    Vladimir S. - IT Consultant, Entrepreneur, Web Developer, and Disability Advocate.

    [email protected] | www.ivlad.net

  • @FrankZ said:

    @flips said:
    Thanks, couldn't remember =)
    (In some forums it's almost the opposite, you get yelled at for opening new topics "when it's already covered", so it's nice to know and be reminded of the policies.)
    Not sure what punishment I deserve for being too lazy to scroll back to Anthony's rules, though ... :#

    Hey I completely understand, I am just trying my best to keep everything clean and orderly around here.
    Same as you I don't make any rules I just try to follow them. :)

    My 2c:
    There are two ways of looking at forums.

    • Forums as a social, chat kind of place.
    • Forums as a loosely structured knowledge sharing base.

    Those who view them primarily as the first way, insist on opening new threads.
    Those who view them primarily as the second way, prefer adding to an existing thread/topic.

    I'm not really sure which way is better - and whether something in between is good or not (like this case, adding a response to a thread that isn't too long with dozens of posts).

    For example:
    I have often searched bikeforums.net. Threads with hundred posts are not easy to "go through" when searching info.
    On the other hand, having a search show dozens of threads on practically the same topic - and figuring out that the newest thread doesn't contain the best answer is just as tedious.

    Of course, I have always refrained from opening a topic if my problem has already been solved.
    Many people don't have that problem. :)

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

Sign In or Register to comment.