Liquid Web Hero

We thought we’d follow @liquidweb on Twitter so we could stay in the know. Since then, they’ve managed to plant a Liquid Web Hero inside our HQ. Who’s watching who?

It’s all good though, we don’t mind.. we’ve been blinded by his sheer awesomeness, captivated by his strong work ethic, and amazed by his dedication to all that is right and good.

We snapped a few shots lest you make us out to be liars.

Pictured here is the LW Hero (foreground) and Cody, our Lead Developer (background). Such level of awesomeness has arguably never been captured in a single photograph before now.

The LW Hero, warming up to a brainstorming session. This guy is tough, at first he underestimated the mass of the marker, and I had to fetch it out of the ceiling.. from the 2nd floor of the building.

What photo shoot is complete without a little Super Mario Bros 1-up action?

Anyway, a big thanks to Liquid Web! They were kind enough to send us one of their highly sought after Heroes and for that, we are eternally grateful. You can visit Liquid Web at [www.liquidweb.com][2]

[2]: http://www.liquidweb.com

Blesta 3.0: Two-Factor Authentication

Last week I discussed the new API design in Blesta 3.0.  This week I wanted to touch on the topic of two-factor authentication.

Two-factor authentication requires that a user wishing to sign into an account enter both something they know (a username and password) and something they have (a physical token).  There are many different methods of proving a user is who they say they are, but one of the best and easiest to use is one-time passwords.

Since most users reuse and tend to never update their passwords, if one system is compromised an attacker may have access to all systems the user has access to.  To solve this issue, OATH published the HMAC One-Time Password Algorithm (RFC 4226), and the TOTP addendum (a time based OTP algorithm).

TOTP requires that a user enter a 6 or 8 digit code that changes every 30 seconds, and once a code is used it can’t be used again.  All a user needs to do is share the secret key on their TOTP device with the server they want to authenticate with and they’re ready to go.

We were so excited to include TOTP, as well as Mobile-OTP, with Blesta 3.0, we had to port it over to 2.5.  And here at the office, we can’t imagine how we ever lived without it.

For the iPhone we recommend the following apps:

OATH Token – TOTP token

iOTP – Mobile OTP token

Vending Machine Humor

The vending machine in our lunch room is notorious for taking your money and teasing you with a bag of chips dangling from the slot where it should drop. I suspect there’s a pretty high, 20%-ish “you aint gonna get what you want” rate on this clearly aging food dispensing unit. (Vending machine in lay terms) Sometimes shaking works, but we’ve heard that humans don’t always win in these situations.

A few times a week there’s usually a typical post-it note venting displeasure to the vending machine guy over the loss of money. Yesterday there were a lot of these, and I found this one in particular to be really funny.. largely because the evidence is overwhelming.

Well, Danielle.. I don’t know who you are but I hope you are one day reunited with your ABBA-ZABA, we feel your pain.

Blesta 3.0: API Design

This is the first article, in what will be a series for Blesta 3.0, our next major release. When we sat down to discuss the primary goals of Blesta 3.0, one of the first topics to come up was API design.  The two major issues we discovered with the original API design (of 1.0) were that:

1. It was limited in its capabilities
2. It was difficult and cumbersome to update

By implementing Blesta on top of an MVC framework (minPHP) we were able to create an automatic API, which eliminated both of these issues entirely.  Within an MVC application the model contains all of the business logic, so the only thing required to complete the API is a controller to handle access to the various models.  Since models are objects, the API controller can instantiate and access all of the public methods within a requested model.  This facilitates requests on logical objects that may perform specific actions.

In addition, the API controller could now fulfill requests in any number of various formats (e.g. json, xml, etc.).  The syntax was simple: /api/model/method.format.

The only thing necessary to complete the RESTful design were HTTP status codes, and the API controller easily handled those.  The result is an automatic RESTful API system, that not only grants access to the Blesta core, but to the back end of any plugins installed within that copy of Blesta as well.

In case you missed it, this means that ALL public model methods will be accessible through the API. We’re really excited about the new API and how much support it lends to developers.

Blesta 3.0 is currently in active development. A release date has not yet been determined.

minPHP Framework Released

           _       _____  _    _ _____
          (_)     |  __ \| |  | |  __ \
 _ __ ___  _ _ __ | |__) | |__| | |__) |
| '_ ` _ \| | '_ \|  ___/|  __  |  ___/
| | | | | | | | | | |    | |  | | |
|_| |_| |_|_|_| |_|_|    |_|  |_|_|
framework

minPHP is an extremely lightweight, object oriented MVC PHP framework brought to you by the same people who developed Blesta. minPHP is free, open source software released under the MIT license.

Download it at minphp.org.

One of the most awesome things about minPHP, aside from the fact that it’s awesome in itself, is that it’s being used as the framework for Blesta 3.0. Blesta 3.0 is in active development, with a release expected in the early part of next year.

We’re excited to be able to offer something to the open source community, and if you’re a developer we hope you give minPHP a try. As an added benefit, if you’re familiar with minPHP you’ll be a Blesta 3.0 development rockstar right out of the box.

Ooh, my spider-sense is tingling.