Review my app for making server stacks social

This looks like a great idea but I have a few concerns/questions about it:<p>1) As others have mentioned, there needs to be transparency on what each script does to make sure that it is not malicious. Is there a way to inspect the code without running it?<p>2) How do you protect the communication between stackfu and the user's servers? I saw in the video that you provide some keys, but is the connection thoroughly secured to prevent any potential spoofing? What about a potential attack that would come through the site itself and potentially access all users' activated servers? I would be very cautious to have stackfu installed as a daemon on a production server without knowing it's secure inside out -- even if I only enable it when I need it.<p>3) Did you consider developing a stackfu shell client? Using the command line client, you could provide some basic features like searching and running scripts. Since the scripts are started from the server itself this might be more secure. Although, you still need to make sure that the scripts are actually coming from stackfu (in case it was somehow spoofed), similar to package distribution systems (yum, apt, etc.). Another utility for the client could be to allow/disallow queued scripts sent from stackfu and maybe even a monitoring tool (see the output, previous logs, etc.).<p>4) How do you handle different *nix configurations? Do script authors need to make different scripts for each distribution? Do you provide a facility to only search for scripts that are compatible with your server(s)?<p>5) Aside from the number of deployments, do you have a rating system? Script failure and success rates? The number of deployments is hardly enough for me to choose from say 20 different Wordpress installation scripts.

I can't comment on the technical parts of what you're offering as I don't know Rails, but it might be a good idea to use full sentences in your introductory text:<p>"For example, deploying full rails environment to your server for your new app. Or as simple as installing and configuring iptables on your existing live server. "

I would never in my life allow an external machine to run arbitrary commands on my server. This is like giving root to some person I don't know.<p>Even if I could read all these scripts the service is going to execute, nobody tells me that the script I'm seeing on the web service is the script that actually gets executed.<p>Now. I don't insinuate that the OP is trying to take over servers, but we all know about bugs and/or the famous disgruntled employee.<p>If I could install this service in my own network, having full control over the scripts and the service itself, this could be useful, but giving root to some server not under my control?<p>This actually begins at the very first start of your video.<p>You want me to execute a script that I download using wget from a non-https-site. As root.<p><i>shudder</i>

I notice that the web site doesn't tell me what StackFu is. I don't want to have to watch a video just to find out if the concept is interesting enough to warrant the time it takes to watch a video.<p>Anyway, it looks like a cool idea and I wish you the best of luck. And I've signed up for the beta. I still haven't watched the video.

If anyone wants to find out more, Join us at #stackfu on Freenode IRC and follow @stackfu on twitter.

what is the "social" part? I'm not entirely sure I get what the product is. is it the sort of thing where if you don't get what it is, you probably don't need it?

The flow in the video looks great.<p>Easier to get into than Chef :) Hope it works as well (or better)<p>Signed up for the beta

Did the idea for this come from Linode's Stackscripts?

it's pretty neat, I'm windows developer. this kind of makes me switch to linux.