Vending Machine Humor

The vending machine in our lunch room is notorious for taking your money and teasing you with a bag of chips dangling from the slot where it should drop. I suspect there’s a pretty high, 20%-ish “you aint gonna get what you want” rate on this clearly aging food dispensing unit. (Vending machine in lay terms) Sometimes shaking works, but we’ve heard that humans don’t always win in these situations.

A few times a week there’s usually a typical post-it note venting displeasure to the vending machine guy over the loss of money. Yesterday there were a lot of these, and I found this one in particular to be really funny.. largely because the evidence is overwhelming.

Well, Danielle.. I don’t know who you are but I hope you are one day reunited with your ABBA-ZABA, we feel your pain.

Blesta 3.0: API Design

This is the first article, in what will be a series for Blesta 3.0, our next major release. When we sat down to discuss the primary goals of Blesta 3.0, one of the first topics to come up was API design.  The two major issues we discovered with the original API design (of 1.0) were that:

1. It was limited in its capabilities
2. It was difficult and cumbersome to update

By implementing Blesta on top of an MVC framework (minPHP) we were able to create an automatic API, which eliminated both of these issues entirely.  Within an MVC application the model contains all of the business logic, so the only thing required to complete the API is a controller to handle access to the various models.  Since models are objects, the API controller can instantiate and access all of the public methods within a requested model.  This facilitates requests on logical objects that may perform specific actions.

In addition, the API controller could now fulfill requests in any number of various formats (e.g. json, xml, etc.).  The syntax was simple: /api/model/method.format.

The only thing necessary to complete the RESTful design were HTTP status codes, and the API controller easily handled those.  The result is an automatic RESTful API system, that not only grants access to the Blesta core, but to the back end of any plugins installed within that copy of Blesta as well.

In case you missed it, this means that ALL public model methods will be accessible through the API. We’re really excited about the new API and how much support it lends to developers.

Blesta 3.0 is currently in active development. A release date has not yet been determined.

minPHP Framework Released

           _       _____  _    _ _____
          (_)     |  __ \| |  | |  __ \
 _ __ ___  _ _ __ | |__) | |__| | |__) |
| '_ ` _ \| | '_ \|  ___/|  __  |  ___/
| | | | | | | | | | |    | |  | | |
|_| |_| |_|_|_| |_|_|    |_|  |_|_|
framework

minPHP is an extremely lightweight, object oriented MVC PHP framework brought to you by the same people who developed Blesta. minPHP is free, open source software released under the MIT license.

Download it at minphp.org.

One of the most awesome things about minPHP, aside from the fact that it’s awesome in itself, is that it’s being used as the framework for Blesta 3.0. Blesta 3.0 is in active development, with a release expected in the early part of next year.

We’re excited to be able to offer something to the open source community, and if you’re a developer we hope you give minPHP a try. As an added benefit, if you’re familiar with minPHP you’ll be a Blesta 3.0 development rockstar right out of the box.

Ooh, my spider-sense is tingling.

Suhosin

Suhosin is a (somewhat) commonly installed PHP module used by shared hosting providers to prevent (to some degree) malicious PHP code from compromising a shared environment.  Sounds great, but the problem is it spreads its tentacles into areas where, if unaware of its presence, can cause some very unexpected results.

This was the case in Blesta, until recently.

The issue experienced in Blesta was related to session handling.  Blesta uses a database to maintain session information, for added security and to permit load balancing.  Normally, a session ends when the user closes their browser, however it can be revive if a cookie is stored on the user’s machine and is then read when they revist the site.  But because Suhosin encrypts session data by default, our revival code had access to only encrypted data.  Essentially, the session couldn’t be revived.  The only way to decrypt the data is to have Suhosin do it.  So what we did was rename the session prior to starting it, which tricks PHP into thinking the session never ended, and so Suhosin takes over and decrypts the Session just in time.

The psuedo code looks something like this:

$session_id = $_COOKIE[‘session_id’];

session_name($session_id);

session_start();

VPS.NET Robot

The team at VPS.NET was kind enough to send over one of their amazing little robots. Here he is right after I took him out of his anti-static (To prevent electrical issues during transport) bag.

A closeup..

The little guy wasted no time and promptly got to work. I switched the flip from “node management” to programming, and he started away filling in the stub methods for some objects in the new Blesta 3.0 that’s currently under development. Took him a few minutes to learn the Dvorak key mappings (He comes with native QWERTY support only) but once he got the hang of it, it was a sight to behold. I should have taken video.

He also loves to get into things. He finished up all his work early, and I caught him playing with the paper clips. Crazy little guy!! What a personality.

So, a big thank you to VPS.NET and all the staff! Nick, Ditlev, Terry, Carlos, and the rest, well done!