Yes we are still paying $91/mo, we are keeping any excess donations that aren't spent immediately for future server costs because the upgrades get super expensive over the next few levels of upgrades. We will probably upgrade here in a month or two, we're definitely using up almost all of the level we're at.
ResurrectionofVoat wrote: ↑Fri Dec 25, 2020 12:57 pm
Btw here is some pretty current info about how much it costs to run Saidit. (This comment is from 4 months ago) The code for saidit is open source.
Yes we are still paying $91/mo, we are keeping any excess donations that aren't spent immediately for future server costs because the upgrades get super expensive over the next few levels of upgrades. We will probably upgrade here in a month or two, we're definitely using up almost all of the level we're at.
This would be enough for a low traffic site. You would have higher costs with a site like voat.
The main problem is that the back + front end needs to be scalable and designed for higher loads. Voat craps out if there are to many requests. A optimized site/software that requires less resources also saves costs. I don't think that sites like poal, saidit etc will perform good with the same user count and load that voat had (not counting in DDoS attacks)
Wowbagger wrote: ↑Thu Dec 24, 2020 4:45 pm
In reference to the Voat source code. That code is seriously out of date. We could set it up but it'd be missing features and we'd have to do a bunch of pen testing to find all of the exploits Putt patched and never pushed to that public repo.
Voat's code should be abandoned. A clone of the site should be avoided, in my opinion. Improve, don't repeat the same mistakes.
The code should absolutely not be used. A few of the exploits I found on voat and reported were a stored XSS inside of the subverse rules and a reflected XSS in the return URL for the site downtime page with the goat image.
offender wrote: ↑Sat Dec 26, 2020 7:40 am
The code should absolutely not be used. A few of the exploits I found on voat and reported were a stored XSS inside of the subverse rules and a reflected XSS in the return URL for the site downtime page with the goat image.
Did @PuttItOut ever get around to fix it? (probably not)
We also found ways to unmask usernames in anon subverses. Did a minimal proof of concept using @argosciv's idea. It was fun.
