[Sir_Cmpwn]

[Disclaimer: Linode dev here]

I see a few people^W^Weveryone here talking about security. If you didn't read the whole blog post, you might not have noticed the new Linode manager that we're working on being mentioned. Check it out, it's open source: https://github.com/Linode/manager

If you haven't been present in other discussions about Linode security, one of the major factors (in my opinion) is the current manager. It's a large and old ColdFusion codebase, and it's hard to maintain. The new manager is backed by the new Python API and the whole system is significantly easier to reason about with respect to security. I think that the new manager should help ease some concerns, and it's going to be pretty great in other respects too. Hit me up with any questions you have, I'll do my best.

In other news, I run a bunch of Linodes myself and I'm stoked to see these upgrades, even though I get my Linodes for free ;)

[Veratyr]

I think most people are concerned about the response to security incidents around as much as they're concerned about the security incidents themselves.

Improving the manager is certainly a good step but there's a lot of work to be done to regain users' confidence.

[Sir_Cmpwn]

That's very much true. We've been pushing for more transparency company-wide as a result. It's hard to demonstrate that we'll handle this better without another security incident to be transparent about (and let's all hope we don't get there), but we've been pushing for more transparency overall. On my team this means that we're doing our development in the open, we've switched from an internal Jira to a public waffle.io backlog: https://waffle.io/linode/manager (it's just been prioritized too, we're doing sprint planning in 10 mins).

[fweespeech]

> I see a few people^W^Weveryone here talking about security. If you didn't read the whole blog post, you might not have noticed the new Linode manager that we're working on being mentioned. Check it out, it's open source: https://github.com/Linode/manager

Open sourcing the UI while keeping the actual portion that manipulates the data + handles authentication ( the API ) doesn't have substantial security benefits since its largely available to the end user already.

While I am sure you are correct that the rewrite in Python is easier to reason about and more secure, I feel the way you've presented it might imply it is secure because the source is available which is not the case.

[Sir_Cmpwn]

I don't think I'm implying that by making the manager open source we are making it more secure. The place where security gains come into play is things like the new design of a stateless API talking to a static frontend app, which I think is a much less fragile system in terms of security.

And yeah, the Python API is much easier to reason about security-wise in general.

[LinuxBender]

I am looking forward to the updated interface and happy to see you are moving away from ColdFusion.

I have been with Linode for many years and have always been happy with the service. Thank you and thanks to the Linode staff for everything they do.

If there was one thing I would like to see come back, it would be the 1024 or 1536 nodes (1 or 1.5GB ram). I understand the overhead or scaling issues might not make it worth while for Linode, but I would be interested.

[Sir_Cmpwn]

My team has nothing to do with that sort of decision, so forgive me for being vague, but I believe it's on the radar. The changes done today definitely help the odds.

[LinuxBender]

I completely understand. No worries.

[desireco42]

:) I probably wouldn't know what to do with more then one or two hosts, but I am envious to know you can have as many as you want (within reason, I am sure)

Also... ColdFusion! Awesome.