New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!
FoxVM - (Custom Panel-Billing System) | $3/month | Dallas/Texas | Your own ISO | 24/7 Support
Hello members of LowEndTalk!
We are Arcanum Services LLC (US), a web hosting company that aims to provide highly reliable services at affordable rates.
You can view our company details here
Today we are announcing our new project foxvm.com
Screenshots
Features
- Custom support center
- Custom billing system
- Custom control panel
Offers
- 1 vCPU Core
- 1GB RAM
- 30GB Storage
- 100Mbps / 1TB Bandwidth
- 1 IPv4 + 1 IPv6 Address
- Location: Dallas/Texas [ Internap datacenter ]
- Price: $3 / month
- Register your account
Addons:
Additional IPv4: $1/month
Additional 1TB Bandwidth: $2/month
1 Week trial is also available if you ask for it via our support center.
If you have any inquiries on our services or about our company, please ask away in the comments section or shoot us an email at [email protected]
Thank you!
This discussion has been closed.
LowEndBox & Low End Talk.
Comments
Is a custom billing panel a selling point to anyone? Genuinely curious, because I don't give two shits about a providers billing panel.
Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.
It actually depends on the client, its away for us to show that we care about our clients and constantly improve our Hardware/Network/Software for the future needs for them.
Out of curiosity, who's Lee Eun Kyung?
Will any twitter update be given in Korean?
I don't speak the language.
test ip or looking galss?
The meaning of life lies in exploring the unknown forever...✅
Sorry for this honest mistake and i have updated our website with our official twitter account is https://twitter.com/FoxVM_Official
Thanks!
Test IPv4: 45.59.68.220
Well yeah, that's what I was asking. Question was aimed at others rather than yourself.
Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.
I like the name, @MacPac. Good luck!
This network speed ........... have to faint
The meaning of life lies in exploring the unknown forever...✅
Whut
Security Consultant
Ah, this happens when there is a lot of people viewed the btc address without sending, its Blockchain.info API and it should be fixed now.
Thank you!
Well it automatically appears, perhaps only call out when somebody clicks the bitcoin button?
Security Consultant
@eastonch
Yeah it will automatically appear, Bitcoin is the only complete payment gateway right now and we are working to add PayPal and authorize.net
It's a bit weird to launch your service without the most common payment method from this section of the industry. Good luck, well done making your own panel. It is very time consuming.
Oddly it is. The ease of installing WHMCS+SolusVM with default settings doesn't exactly add confidence in new brands. The extra effort doesn't go unnoticed. It's a way of communicating commitment.
Dual E5-2620v2 + 50TB / 1Gbps = $49.99/mo! (US)
No concerns around security or anything like that?
Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.
Fair point. Never hurts to pay our resident @joepie91 to try to break it
Dual E5-2620v2 + 50TB / 1Gbps = $49.99/mo! (US)
@jarland There's one way we can break everything guaranteed.... (won't mention, against the rules)
@trewq
Yeah, right now Paypal is just buttons and we verify the orders manually and it shouldn't take a few days to implement PayPal API because there is already an SDK for it and I had to release it before that.
@Jarland
I have already invited @joepie91 to try to break it, many others too and I have grown up in a community of security geeks since the days before hax.tor.hu to wechall.net and the time i have spent in those communities have teached me and still teaching me to never trust the user input therefore I can guarantee to you and to our clients that its secure than many of the existing systems.
Not trying to be a ass here but... someone explain to me... What is the point of "extra effort" if it inevitably means a sub-par product? You'd have to be an absolute tool to consider "custom billing panel" and "custom control panel" as a selling point. Any development spent on re-inventing the wheel could have been spend on adding additional features to the service IMO. For example, it's very clear from the screenshots that this "custom control panel" has extremely bare-bones features implementing a free backend API. All they did was add a GUI with a few buttons hooked up to the API... As for billing, it's great that they want to do something custom, but again... what's the point? If your "custom product" offers LESS than the standard whmcs+solusvm combo... it tells me that your business has priorities in the wrong place... I can guarantee you that the ticket system is no better than the one built into WHMCS... the invoicing system is probably worse... even basic things like updating billing information, profile information, requesting cancellations, seeing active products, all take an extraordinary amount of time to write for what amounts to just the bare-bones of a billing system. Not even going to mention security...
For example, RamNode does what they do great. They run a solid service on top of whmcs+solusvm. BuyVM does what they do well, and a lot of their stuff is awesome because they have a custom panel that offers MORE than a standard solusvm install. Same goes for LunaNode which has cool features MORE than standard installs. Linode, DigitalOcean, Vultr, etc. etc. However, at the end of the day, if you're trying to sell a client on "custom-built ______" but your custom-built software doesn't even do 1/10 of what the industry standard software does... maybe you should rethink your choices.
Alright my mini-rant is over... Thanks for anyone who can answer!
@qq7119
This is due to slow CentOS 6.6 Repositories, perhaps you could try EPEL repo or elrepo.org
Regards.
@Jonchun
Great things start from small steps and i have already explained a lot about the security part, our users can use NORMAL HTML because we filter it using HTML-purifier, for CSRF (Cross-Site Request Forgery) we do csrf-magic, for SQL Injection every variable is getting verified before it gets to PDO and bindValue which is also verified it and you did miss there is an admin panel which is also growing with time and hopefully, we will have a complete custom setup better and secure than the standard setup.
Thank you!
@Jonchun
Ah and I forgot to mention that the custom panel is AJAX built on top of ajax.callback.php which is built to do tricky proxmox api calls and its not just buttons doing API calls.
It seems that you do not have manpower to handle ticket
The meaning of life lies in exploring the unknown forever...✅
@qq7119
Please be patient, I have already answered your message and I am handling your ticket.
It means someone gave enough of a shit about their product to sit down and spend time on it instead of spin up the default, cookie cutter, one-click install, turnkey hosting business. If that upsets you badly enough to insult me, I'm disappointed.
Dual E5-2620v2 + 50TB / 1Gbps = $49.99/mo! (US)
Answer what? There was no question. Nothing at all questionable about what MacPac is doing.
"Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)
The panel is for open-source?
All discounts will be used to providing hosting and support for novice and female webmasters
Yvonne Lu, Co-Founder of Lunadream Foundation telegram:minmemory
@loveminds,
nope but I may consider that in the future.
I did point out that you're not going to get far without providing an auditor with the source code... and I'm not going to test it in-depth unless it's paid work. "I've asked a bunch of people to break it" is absolutely not an indication that it's secure.
Node.js code review, tutoring and advice | Custom Node.js module development | Donate
"professor 200 IQ" -YokedEgg
You can think of me as a developer and auditor with his source code at the same time but thanks for your offer and we may consider that in the future.
Hint: Here is a little snippet of the source code
You're not using a templater with autoescaping enabled by default, and there's probably several XSS vulnerabilities in that snippet of code alone. And that's just one of the obvious categories of issues.
I would strongly recommend refraining from making any claims about security, based on that code snippet.
Node.js code review, tutoring and advice | Custom Node.js module development | Donate
"professor 200 IQ" -YokedEgg
@joepie91
Thanks for hitting the trigger but how exactly are you going input your xss to be executed by the last snippet while this snippet takes the input
Start here, and you should seriously hire either a competent developer or a competent auditor. This is not going to end well.
EDIT: To be clear - after having a discussion about this on IRC, I have no expectations that these issues are going to be resolved correctly, or that there's a serious regard for security. Thus, I can only recommend to stay away from FoxVM - it's probably going to get owned sooner or later.
Node.js code review, tutoring and advice | Custom Node.js module development | Donate
"professor 200 IQ" -YokedEgg
@joepie91
Thanks for trashing up our first attempt and we are not going to be owned sooner or later and history will be proof the otherwise.
I've given plenty of (free!) advice on how to approach security correctly. Choosing not to follow it, and stubbornly insisting that your current practices are fine, is entirely on you.
And honestly, if you're going to mention me in a way that suggests that I've already tried and found it secure... then don't be surprised if I point out that that isn't the case.
(But seriously, arrogance is the single fastest way to get owned.)
Node.js code review, tutoring and advice | Custom Node.js module development | Donate
"professor 200 IQ" -YokedEgg
@joepie91
You're probably right at some points, I have taken your plenty (free!) advice seriously and there is still a lot of work to be done.
So your panel is insecure right now?
@trvz
The statement you quoted is clear, there is no such completely secure system even the standard WHMCS/SolusVM are always having security issues and I am clearly saying we are doing our best to improve our panel security/usability/functionality.
Thank you!
Please understand that I'm not insulting you personally. I'm pointing out that your thought process is flawed if you immediately equate a "custom panel" to "caring about your business". In reality, if you cared about your business, you should want to provide quality product.
You can't argue that ONLY putting in time is the equivalent of providing quality. You still need to utilize the time spent efficiently in order to help achieve a quality product. A custom panel has the potential to help build a quality product, but not when it offers LESS than what's currently prevalent in the industry. Yes, a custom panel can be an indicator of caring about your business, but is not necessarily the logical equivalent.
Take MXRoute: You care about your product. You put time and effort into making the service better. However you don't waste your time on a "custom panel" that has extremely limited features. Why? Because an affordable and professional alternative, cPanel, exists.
Take FoxVM: @joepi91 gives plenty of advice on what should and shouldn't be done. Instead of accepting the criticism, the answer is basically "this is our first time its still a work in progress stop hating". To me, this does not indicate that they "care about the business." The panel is clearly not production ready, yet they're launching with it and trying to use it as a selling point.
I'll put it bluntly. This entire advertisement was basically a bunch of screenshots of their "custom website". It doesn't look like anything that would take longer than a weekend to code, especially if you simply use a framework with some prewritten libraries for stuff like billing and support. It looks to me more like a cheap attempt at being unique and hoping it will attract customers than actually caring about the quality of product.
My advice to OP: I would have taken this much more seriously (and maybe even ordered one to support you guys!) had you gona with a standard whmcs+solusvm or proxmox module combo so that standard functionality is available for clients, but then you also included screenshots of a custom panel in progress and demonstrated that you wanted to take your business the extra mile.
Right now, your focus is clearly not on making the product better or more reliable, or even on customer experience.... but on trying to market a " custom panel" as the key selling point for your service. You have to admit that objectively speaking, choosing premade scripts/software would have provided your clients more value and more features. Every great piece of software has to start from the beginning, but that doesn't mean your customers should have to see what's essentially a pre-alpha.
@jarland : Hopefully that clears up my stance for you.
@macpac : Don't take my post the wrong way. Would be awesome to see you succeed. Let me know if you have any questions about why I'm not sold on FoxVM's success yet.
This image sums it up pretty nicely
Edit: Am on a computer now and cleaned up some of the text.
Would you please solve my problem, but not here dispute and unrealistic logic, if you have enough time.....
The meaning of life lies in exploring the unknown forever...✅
@Jonchun: The main problem is that you sound so negative. You really should listen to your words.
First of all, MacPac never made any claim about how their custom panel relates to other panels. Presumably, a panel in a earlier stage of development won't offer all of the features of a panel that has been in development for a much longer time. This goes without saying. And MacPac didn't claim otherwise.
If one followed your reasoning, then one would never use a panel that offers less than whatever the "industry-standard panel" offers. But perhaps MacPac's panel does what they want/need a panel to do, or at least most of what they want/need a panel to do. In this case, why shouldn't they use it and continue to develop it (as needed)? (As always, security is a concern, but it's not as though you were demonstrating a security hole in their panel.)
In my reading of MacPac's offer, I understood that they were excited about their panel and wanted to convey this excitement to the reader. One can simply look past this and consider the details of their offer, if one wants, but it's hard to see why this should incite such a negative reaction on your part.
"Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)
@Jonchun: Just to add, if jarland's remark and not MacPac's panel was your target: jarland simply made a complimentary remark regarding MacPac's effort to develop a custom panel. He didn't recommend or endorse their particular panel (nor, I assume, could he have, because he isn't acquainted with it).
"Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)
It also goes without saying that a custom panel with less features is not a "feature" as advertised:
.
In such a cutthroat industry, why would you? Especially when the new panel is missing very basic functionality.
I see it negatively because all evidence points towards
1) a cheap attempt at trying to win clients with the words "custom". The only advantage of a custom panel is that you can add features that non custom panels don't have... This current iteration doesn't even come close to what non custom panels offer.
2) cutting costs on a solusvm + whmcs license rather than wanting to provide a quality experience for their clients as demonstrated by an extremely early launch. (And without getting their stuff audited either)
As for the efforts in making a panel... I certainly do applaud them. I definitely appreciate a startup that wants to be more than a cookiecutter host.
However, it looks like you're missing the bigger picture. They should have waited until the panel was complete/on-par with industry expectations before launching, or they should have launched using standard tools and provided evidence that they are putting in the extra effort if they really wanted to launch sooner. Choosing to launch an underdeveloped product is simply negligence, and doesn't demonstrate to me much other than " they spent a weekend or two hooking up proxmox api with a UI," and doesn't exactly inspire confidence in the future of the business.
@Jonchun This isn't playing to your strengths, and could undermine a few of your achievements. If people want to appreciate someone able to put forward this extra effort to create something unique, and the provider wants to do it, the only reason to shit on them over it from another provider's perspective is jealousy. There may be security concerns, but that's really not the focus of what you're talking about.
I recommend taking a page from my playbook. Take a look at my replies to competing mail provider offers.
Dual E5-2620v2 + 50TB / 1Gbps = $49.99/mo! (US)
LOL, I find all this entertaining, as I invested heavily on software. I could offer an all in one solution without macpac's custom coded panel, I have over $1000 of modulesgardens modules, I have an owned whmcs license, I have paid for solusvm over to run it entirely on that if wanted, and I also have paid for 1 year license of Zendesk. Over all, it's multi-thousands of dollars of money poured into trying to make people happy but #LET never fails to try to shit on business owners, regardless of what they try to do. Thanks all!
It doesn't matter though.
Awesome! You should use them! I highly recommend using a well-developed product(s) vs a weekend project. I think it's great to see a provider with potential in the market. I know you and MacPac must be excited to launch your custom offerings, but please don't kill your potential by launching with an incomplete product... Yes, it's a matter of principle, and I'm sure my $3 isn't going to mean much at the end of the day, but if you're willing to reconsider your approach, I can guarantee you I will sign up and give you a shot. It's your business, and your call. I gave my reasons for what raised red flags for me, and hopefully you take them into consideration.
I'm not sure why you're turning this in a personal attack against me. I've made my stance pretty clear and made some pretty solid points to back it up.
Again, let me re-iterate. I really do applaud the fact that they're trying to be different.
I'm speaking from a LET member's perspective? Even if I were speaking from another provider's perspective, wouldn't you say jealousy only really applies if the two businesses are in the same market/targeting the same clients?
Their attitude towards security was pretty worrysome. I'm not sure if you missed it.
I love your approach to competition, and I love that you're open about helping competitors. I share the same views, and thus am giving my take on what I believe would make their business better.
Just friendly advice. You're set on ignoring it, so by all means do
Dual E5-2620v2 + 50TB / 1Gbps = $49.99/mo! (US)
I'm trying to figure out how I'm ignoring you though. So far your argument has consisted of:
1)
I kindly gave solid reasons for why being unique doesn't make you useful, but you choose to ignore that fact.
2)
Apparently me pointing out some red flags somehow undermines my achievements or affects me as a person? I'm not really sure what you mean by this.
3)
I've kindly explained that someone offering low budget VPS out of OVH is not even remotely close to the market(s) I've been dabbling in. Are you still going to accuse me of being jealous?
4)
I'll leave @joepie91's quote to sum that point up:
Normally, you come up with quality arguments and back your statements up. Quite frankly, it feels like this time around you're favoring a side without having any solid reasons to defend it with.
It looks like you're taking this to be pretty black and white, and are ignoring the fact that I can appreciate someone's efforts, but still find their launch/business decisions questionable.
@jarland: Looks like this is going to get out of hand if we continue, so feel free to PM me if you have anything to add!
@Arcanum and @MacPac : I already spent some time writing this up, so it will be my last post in this thread. If either of you feel I'm randomly and baselessly attacking you, I encourage you to use the "Report" button and have the thread cleaned up. Hopefully you can see past the fact that it's not the super positive feedback you were hoping for, and accept that I've brought up some pretty solid points. I wish you both the best and am curious to see how this turns out.