

FreedomCP private beta: SaaS control panel for Python & PHP apps on Ubuntu - kluikens
https://freedomcp.com/

======
memset
This is neat; I've just signed up for the beta.

I'm curious to know what the difference will be between the "free" and "pro"
options. What kind of pricing (ballpark) do you think you'll have?

~~~
jsamuel
Thanks for signing up. We plan to keep the basic app and server management
free. What you see in the current private beta will all remain free.

Pricing is a hard question to answer before we're ready to commit to it. At
the moment, we're focused on learning what people need and continuing to
improve our free tier. Definitely let us know (support@freedomcp.com) if there
is specific functionality you'd like to see.

------
vlucas
I just checked out the product and it looks good so far. This could be a nice
step in-between PaaS and running your own servers, which I'm guessing is the
sweet spot you guys are going for.

The main (and obvious) downside is that I'm a little hesitant to install an
unknown agent on my server that runs arbitrary commands from a 3rd party (even
if they are only run at my request and on my behalf). Namely, it's not hard to
imagine a scenario in which your central server gets compromised and then goes
on to compromise all your customers connected servers. Do you guys have any
plans to mitigate this risk or ease the minds of people worried about the
security issues like me?

~~~
jsamuel
I definitely understand your security concerns. My background is actually in
security research. The architecture we're implementing will prevent arbitrary
code execution on your servers if we were compromised by ensuring only signed
code is executed. And, of course, code signing will be done offline.

Relatedly, here's some of my research on creating software update and
deployment systems that are resilient to compromise:

[https://www.eecs.berkeley.edu/~jsamuel/papers/survivable-
key...](https://www.eecs.berkeley.edu/~jsamuel/papers/survivable-key-
compromise-ccs2010.pdf)

------
bubba1356
Ok just spun up a test server with digitalcloud on the beta, very easy to set
up. One thing I'd like to know more about is security/hardening on a vanilla
install.

I'd happily move a live site over to test if I know what's been done under the
hood as part of the install.

Either way I see this doing well.

~~~
jsamuel
Thanks for testing us out and for the positive words.

We don't do any additional server hardening at the moment. Our focus on
security right now is primarily on the security of our software and how we
configure services. Depending on demand, we'll consider how soon these
additional features are added.

We'll be adding more documentation soon and that will include architecture and
security docs that explain exactly how FreedomCP works and what gets
installed. Some of those details are in flux as we're still early in
development. Feel free to email support@freedomcp.com with specific questions
until we have more documentation.

Also, we're looking for people passionate about both server management and
security. If anyone's interested, check out our jobs page at
<https://angel.co/freedomcp/jobs>

------
speedmax
Great stuff, Kelvin..

Look forward to run some of my apps there.

------
ssazesh
Looks awesome!

------
farabove
Open source?

~~~
jsamuel
Hi, cofounder here. It's not open source. The FreedomCP agent that runs on
your servers is written in Python and can be audited but most of the code
resides on our side as it's a hosted service.

~~~
farabove
I noticed, am using it now and so far its really good. It delivers as
promised. Thank you for the nice free plan.

