Today I was minding my own business at my desk when I stumbled upon university.cpanel.net, a site which allows you to obtain “industry certification” for the cPanel Web Hosting Manager.
The first thing I did was check the date; It’s not April 1st. So I sat there stunned for a minute or two, wondering if I should laugh or cry.
Upon further inspection, it actually seemed to be true. You can now go and do an online course and become a certifed cPanel technician!
For anyone who has done business with us in the past, we don’t make too much of a secret that we don’t think too much of control panels such as cpanel or plesk. In fact, we’ve quite openly published our thoughts on this in the past.
That said, trying to think about this a little, I’ve got to ask myself the question — “If you’re building a web-based interface which is designed to allow end-users to control their web-hosting service, then surely expecting certification is doing it all wrong?“
Whilst digging further, the actual value of this certification is admittedly some what questionable:
- The first level testing consists of a total of 18 questions, takes 15 minutes and you need to get 15 of the questions right.
- You can continue to re-take exams if you fail
- They can’t actually supply any technical theory or text books
- The advanced levels of training require you to be proficient in perl — surely if you need to use a programming language to configure your “easy-to-use” control panel, you’ve pretty much missed the point.
As we’ve discussed in the past — cpanel significantly and drastically reduces the barrier of entry to becoming a hosting provider. It allows people who would otherwise not be capable nor qualified to run a fully fledged hosting company and hide behind the pretty exterior of the cpanel user interface. This is scary. Why? some of the approaches and methods which are used by cpanel are considerably questionable.
Some of the observations which we’ve made include:
- Installing cpanel is like a unix security evolutionary throw back. A newly built machine had an extra 12 processes running as the root user.
- The security history is so poor that it has a “Scan for Trojan Horses” dialog page.
- There is no inbuilt firewall management utility, yet it is quite keen to change handcrafted firewall rules added by hand
- MySQL is compiled without SSL support
- The update dialog page has people have to chose between 4 different update sources — instead of just one which works.
- http is run as the nobody user
- It entirely ignores the Filesystem Hierarchy Standard and stores most files under /usr/local/x
- If you want to add an SSL certificate for a subdomain that isn’t configured, when you paste the certificate file in, cpanel will successfully parse the cert, extract the correct CN, and map it to the correct user. But when you then paste the key and submit, it’ll bomb saying the CN doesn’t exist. If it doesn’t exist, how did you manage to find a user???
- It actually comes with /scripts/fix_common_problems
Having courses which explicitly train people up to this level and little further is, to my mind, a grave misgiving. It suggests that anyone can spend some coin on an online test and become sufficiently proficient enough to comprehensively run a entire web hosting company.
Speaking as someone who has had 7 years experience in this industry, providing web hosting services is more complex than simply doing a handful of online tests and installing some random piece of software; doing it well requires the backing of a intelligent, experienced and knowledgeable team of system administrators. Thinking that any piece of software can replace this is not only naive, but a school of thought which potentially leaves the web-hosting industry, as a whole, to be brought into disrepute.