Wow.. Something new. How we can contact you to ask more questions? Can you please send us an email? (In bottom of main page).

Intercom will be working on next week. It's strange situation. We'll try to reproduce on testing stage. Thx you! I notify you via Intercom. Ok?

I got the same problem (login: bernat). Running on plain Ubuntu 14.04. I have also tried to unlink the agent to relink them, but "Link new" button gives the landing page where we choose the free/non-free version. So now, I don't have any server instance...

Also, I didn't log with GitHub because I didn't want to give write access to anything. You should give the option to only request the email address.

Got it! Thx for comment!

Yes. In few weeks will announce DO support, after AWS+Azure.

Hm.. try to start it without --privileged. WI think it's not necessary now. I don't remember the main reason why we use that flag. Please try without and can you send me feedback about. If it will work good - we'll update installer. Thx you!

> I don't remember the main reason why we use that flag.

Troubling.

Having access to the docker socket which runs as root seems equivalent.

Exactly! I asked our developer team and they said me this reason.

We hope so! :)

Oh no... We'll notify you when we'll fix this issue :( Thx for comment.

Hmm.. Why do you think so? Maybe we can discuss it by e-mail or skype. We need to know what's the reason you thinking so.

It's really quite simple. I'm on an anti-account binge, and have been for a while.

Primarily, I just hate accounts. I have hundreds of them man. It's absurd. I don't bother trying to log in to most of them any more, if it's not a service I use every day I go directly to recovering the username and password, because I'll never get it in the three or five or 10 tries I'm allowed before the account is locked/they start giving me captchas. Often enough, that system breaks, and then I'm left having to email admins and beg them to help. That's always a fun coin to toss.

So I don't make 'em any more, unless I literally have to. Quite seriously, the only new account I recall opening in the last two years is with the Australian government, because it was mandatory to do my tax return via that system. Maybe there's one or two others, I don't know. e: I remember the other one, it's this one! tada, own goal!

I'm currently locked out of the government system, because their secret question/answer system didn't like my answers. I have to call them during business hours to fix it. I moved to another country recently, so that's going to be cheap and stuff.

Secondarily, I'm starting to critique peoples use of accounts. Lots of people implement a username/password system when they don't need it, because it's easy to do so. As a developer myself, I am taking a stand against lazy development.

Maybe I don't fully grasp your product (I'll be honest, the instant I saw "sign up now" my shutters went down), but it seems like a graphical docker container configuration management tool is less effective as a web app than a desktop app, and doesn't need an account system either way.

For example, if you're using the accounts for saving flow setups, could that not be done with a combination of URL parameters (encoding customer specific data like IP addresses) and page ID's to a key-value database (with the benefit of data de-duplication), thus allowing me to save my work with a simple ctrl-d to bookmark it? As a side benefit, I can share it just by emailing it to people.

Hey, maybe I'm wrong, maybe your system really does need accounts, but I'm still not going to make one. I have to draw the line somewhere if I want this endless account sprawl to end.

We'll fixed soon! Our mobile version is not good now. We are focused on it now.

Yeah... sorry for that.. We will fix it on Monday also HTTPS. It's not good, but we tried to open product faster!

Security should not be an afterthought. Especially not when you're trying to get me to trust my data to your platform.

You are right. But you can play with our platform this weekends, and on next week we'll opening agent to open-source and enable security. We have some delay with SSL delivery. :(

When I see security as a second-class citizen on user-visible elements, I assume that the same philosophy was applied on the parts I can't audit, even after the front-end stuff was fixed.

Just get a free cert from StartSSL while you wait for your other cert to go through. It's better than nothing.

Asking people on HN to send their passwords in the clear is suicide.

I, for one, aint playin with anything you build. You aint coming close to having sudo on any of my machines if I can help it.

This shit with "enable security" as after-thought has to stop.

I agree. Basically makes me distrust the whole thing inside and out; who knows what other bs engineering practices were used in non visible parts of the stack? Shipping is great, but please don't ship insecure stuff as a product you want customers to use. Please.

We are enabled HTTPS. THX for your comments.

Next: installer update. Give us few minutes.

Great. Glad to see you're taking this seriously and hopefully it is a good lesson learned for the future!

Here: https://www.ssllabs.com/ssltest/analyze.html?d=app.lastbacke...

Overall Rating: C This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.

That attitude might work for a social network for cats, but it's not going to fly if you're asking users to trust you with their production servers.

Fair enough. Regardless, congrats on the release.

It's a bit more than DNS. It's sending all of your traffic through cloudflare, and they cache content/act as a CDN. But they can theoretically inspect/modify all traffic.