In addition to needing a place to host your GIT repository online, you will also need a place to host your Open Software Development website. Later, we will explain how you could host your project website for free using Codeberg pages. But there are other extremely low cost options that would be better for hosting your Open Software Community website. Sadly, many otherwise noble open source projects use one of the Big Three Monopoly Cloud Servers to host their project website. We will therefore explain why this is yet another extremely bad idea.
Cloud server hosting is now the most profitable division of three of the largest corporate monsters in human history. In 2021, Amazon Web Services (AWS) annual Cloud revenue was about $48 billion. Microsoft Azure cloud annual revenue was about $67 billion. Google Cloud annual revenue was about $16 billion. The total was $131 billion. This additional $131 billion per year in additional revenue is the single most important reason the valuation of all three of these corporations has risen to more than one trillion dollars in the past 5 years.
But even if you do not mind being ripped off to the tune of $131 billion and even if you do not mind helping these three mega corporations achieve the greatest concentration of wealth and power in human history, you need to understand this: As Edward Snowden revealed in 2013,, all three of these corporations are “Prism Partners.” This means they are directly tied to the US military and have placed back doors in their Monopoly Cloud to allow the US Military (aka NSA and CIA) to access all of your data.
Even if you do not mind the US Military having access to all of your data, you also need to be aware that all three of these corporate monsters are located in the US and are therefore subject to the draconian US Patriot Act. The Patriot Act allows US federal agencies to take down your website or VPS without notice and without a court hearing.
As a result of the draconian US Patriot Act, it is not wise to host your website or Virtual Private Server with a US based hosting company. The only way to have a truly secure website or VPS is to use a web host that is not located in the US.
Even if you do not mind the threat of having your Open Software project website being taken down without a court hearing, you should know that all kinds of other bad things may happen to you if you choose to go with the Monopoly Cloud. For example, in 2021, it was revealed that Microsoft installs their own back door into all sites hosted on the Azure cloud – and hackers quickly figured out how to exploit this back door!
Microsoft Azure Automatically Installs Back doors on Linux Virtual Machines
A Microsoft program called Open Management Infrastructure, with four vulnerabilities, is automatically installed on virtual Linux machines on the Microsoft Azure cloud. News has surfaced of a rather dangerous practice in Microsoft Azure, whereby when a user creates a Linux virtual machine and enables certain Azure services, the Azure platform automatically installs Open Management Infrastructure (OMI) on the VPS. The user won’t know it.
https://www.kaspersky.com/blog/vulnerabilities-in-omi-azure/41977/
Although a stealth installation might sound terrible on its face, this one actually wouldn’t be so bad were it not for two issues: First, OMI has several known vulnerabilities, and second, OMI has no automatic update mechanism in Azure.
Vulnerabilities in the Open Management Infrastructure, and how attackers can exploit them
On 2021 September’s Patch Tuesday, Microsoft released security updates for four vulnerabilities in the Open Management Infrastructure. One of security flaws, CVE-2021-38647, allows remote code execution (RCE) and is critical, and the other three, CVE-2021-38648, CVE-2021-38645, and CVE-2021-38649, can be used for privilege escalation (LPE) in multistage attacks when attackers have penetrated a victim’s network in advance.
When Microsoft Azure users create a Linux virtual machine aka VPS and enable a series of services, OMI —vulnerabilities and all — deploys in the system automatically. The services include Azure Automation, Azure Automatic Update, Azure Operations Management Suite, Azure Log Analytics, Azure Configuration Management, and Azure Diagnostics. Open Management Infrastructure has the highest privileges in the system, and because its tasks include collecting statistics and syncing configurations, it is generally accessible from the Internet through various HTTP ports. Experts say the vulnerability is very easy to exploit.
For example, if the listening port is 5986, attackers could exploit the CVE-2021-38647 vulnerability and execute malicious code remotely. If the OMI is available for remote management (through port 5986 or 1270), outsiders can exploit the same vulnerability to gain access to the entire network neighborhood in Azure.
Three different kinds of Linux servers
Due to increasing problems with Windows Ransomware, it should be obvious that you do not want to host your business website on a server using the Windows operating system. Therefore, most web hosts now use servers running the Linux operating system. But there are several different versions of the Linux operating system. The three most commonly used Linux versions used by web host companies to run their servers are called Ubuntu, Debian and Centos.
Centos is a free version of the Red Hat Linux operating system. However, in 2019, IBM bought Red Hat for $34 billion and in December 2020, Red Hat sent shock waves through the Web hosting business by announcing that they were ending support for Centos. Web hosts using Centos were suddenly faced with either using the more expensive Red Hat operating system and passing the increased costs along to their customers (that would be you) – or moving to the Ubuntu or Debian operating system.
At the same time, many small business owners are becoming alarmed about Ubuntu’s marketing strategy. Ubuntu is currently owned by a corporation called Canonical. But Canonical has been openly looking for a buyer. That buyer appears to be Microsoft.
Microsoft is already using and promoting the Ubuntu operating system on their Azure Server farm in Quincy Washington. They have also been changing the code base of the Windows operating system to make it more compatible to Ubuntu. It is only a matter of time until Ubuntu follows in the footstep of Red Hat and Centos and gets swallowed up by a corporate giant.
Thankfuly, Debian is different. Debian is owned and controlled by the community that uses it. It therefore can not be sold.
The Azure Cloud is used for Data Mining
To make matters worse, in February 2021, after a person created a new Ubuntu Virtual Private Server on the Microsoft Azure Cloud, they learned that there private information was shared by Microsoft with Ubuntu – and that anyone setting up any Ubuntu server anywhere had their private information sent to Ubuntu.
This shocking level of data mining has sent many business owners searching for a more private server option for running their online business databases.
Millions of businesses use CentOS and/or Ubuntu for their servers. Millions of businesses will now need to look for another more dependable option.
In my opinion, the best server option for any business owner, big or small, is Debian. Debian is not a corporation. Debian is a community of web developers and computer programmers who are building a free open source secure operating system for themselves. The Debian community is much like the Linux community. Linux is also not a corporation. Linux is a community of programmers who developed their own free open source code base to run their own computers. Debian takes the Linux code base and turns it into a user-friendly operating system. This is why I have recommended Debian as the ideal server for business websites.
Web Hosting Control Panel Problems
A control panel is a Graphical User Interface (GUI) used on servers to help website owners and administrators control their web hosting account. The most common Web Hosting Control Panel is called Cpanel which is the front end for a website account manager called Web Host Manager (WHM). Historically, using this control panel to administer your website cost less than one dollar per month.
In May 2017, a predatory investment group called Oakley Capital bought the second largest Control Panel program called Plesk. Then in August, 2018, Oakley Capital bought cPanel – giving them a nearly complete monopoly of the web hosting control panel market. Currently, Cpanel is a monopoly controlling over 90 percent of the web hosting market.
In June 2019, the new owner of cPanel shocked the web hosting world by announcing that they were increasing the price of Cpanel/WHM by 500% to 1000%. This price increase has been passed from web host providers to web host users (that means you). To make matters worst, the new price structure favors larger server farms over smaller independent web hosts.
It also favors major corporations over smaller independent business owners. For example, I previously paid a small flat fee that was the same regardless of the number of websites I had. The new price structure is based on the number of accounts on each server. Given that I manage about 50 websites, the new price structure is actually an increase of 5000%.
This is a massive blow to the hosting industry as the entire market is going to have to go up in price. Multiply this massive price increase times more than one billion websites in the world and suddenly instead of all of us small business owners paying $1 billion per month for the privilege of using Cpanel and WHM, we now get to pay a collective $10 billion PER MONTH! And there is nothing stopping these vulture capitalists from raising the price again.
What makes this even more ridiculous is that Cpanel is very poorly made and very difficult to use. I have written countless articles trying to explain to my students how to use it.
Worst of all, Cpanel is so poorly made that it is not very secure. For example, in November 2020, researchers found that it was easy for hackers to compromise any website using Cpanel because Cpanel failed to place a time limit on their Two-Factor Authentication screen.
This meant that hackers could take all the time they want using automated programs to crack both passwords and get into peoples accounts, steal their databases and destroy their businesses. After the November 2020 fiasco, many small business owners, including myself, started researching other options.
Free Open Source Options to Cpanel
There are a few closed source commercial Control Panel options. These are Direct Admin, Interworx and WebMin/VirtualMin. Their monthly prices are currently much less than Cpanel. But they are still significant. For example, a standard license for Direct Admin is $30 per month. A license for Interworx is $20 per month.
This is on top of the price of web hosting. However, there is nothing stopping any closed source commercial option from jacking up the price of a control panel on small business owners.
There is simply no need for small business owners around the world to give up a billion dollars per month of their hard-earned income just to use a control panel that is essentially nothing more than a few lines of computer code.
Recognizing this problem, many small web developers have banded together to start several free open source community driven control panel projects. These control panel communities are like the Linux and Debian communities, only focused on building the worlds best, easiest and most secure web hosting control panel. There is one community developing a free open source control panel that is substantially better than all the rest. The control panel is called Hestia. Here is a link to their website: https://hestiacp.com/
Hestia can be set up as a single owner single permission system or a multi-owner multi-permission system. One way to evaluate any open source project is to go to their GIT page, which is where they are building their code as a community, and then read their Issues page which is where they are resolving problems and considering the addition of new features. None of the Hestia open issues are critical security issues. Many are just feature requests. Here is the link to Hestia’s Issues page: https://github.com/hestiacp/hestiacp/issues
Another way to evaluate an open source project is to go to their community forum and see how many questions remain unanswered. Like most free open source community projects, Hestia has an excellent community forum where beginners can get answers to their questions. Here is a link to the Hestia community forum. https://forum.hestiacp.com/
Here are some of the Hestia Control panel many features:
Good Bye Cpanel Hello Hestia!
The big benefit of a Virtual Private Server (VPS) is that you no longer need to pay the Cpanel blackmail fee. Even with an unmanaged VPS account, your hosting provider will install Debian (or any other Linux operating system) on your VPS for free. All you need to do is then install the Hestia Control Panel inside of the Debian operating system. You get a control panel that is easier to use and more secure than Cpanel. You also can get a unique IP address so that your emails get through to your customers without being blacklisted.
What’s Next?
Now that you know why you should stay away from the corporate Repository host monopolies and the corporate cloud monopolies, we will review yet another danger to Open Software Development, namely using a Windows 11 computer.