Go Go Gadget Cart Racing

We’ve been cooped up inside, cranking away on code.. so we thought Labor Day weekend might be a good time to get out and do something that didn’t involve a keyboard. We went cart racing at K1 in Anaheim on Saturday and it was good times all around. K1 Speed does indoor electric cart racing and the carts are pretty fast, fast enough to get into trouble around some of the bends. Here’s Cody, while we’re all waiting to race, sporting his iconic and all around incredibly awesome Blesta t-shirt.

Here’s Cody and Tyson, both Blesta developers. You know those video tutorials? Tyson made them.

And here are our scores after our second race. As you can see, Tyson beat me by 1/5th of a second! I’ll have to get him back next time…

Saasdir Top 25 Award

Blesta won the saasdir.com award for Top 25 most popular for August. Check it out and place your vote for us for September!

PHP & C

For those familiar with C, PHP seems strikingly similar. From the syntax to the function calls. It’s almost as if you could replace a couple asterisks (*) with dollar signs ($) and add a PHP-tag or two, and you could run your C source raw.

#include <stdio.h>
 
main() {
	char *phrase = “hello world!n”;
	printf(“%s”, phrase);
}

<?php
function main() {
	$phrase = “hello world!n”;
	printf(“%s”, $phrase);
}
?>

The Big Blue C In recent time PHP has diverged from C’s familiar convention, in an attempt to offer a higher level experience. Much of this relates to IO. For example, PHP 4 required you to call fopen, then fwrite, and finally fclose in order to write content to a file, just as you would do in C. In PHP 5 file_put_contents was added in, which operates more of how you would expect from a scripting language. Although much has changed, some things likely never will. For example, command line parameters are handled in just about the same way. And while I haven’t viewed the source, I suspect fgetc directly invokes the C library. In fact, just about every function in the standard IO library (stdio.h) in ANSI C is represented in PHP. Static, Extern and Global PHP and C handle static variables within functions in exactly the same way. However, since PHP refuses to search the call stack outside of a function’s scope, a global keyword is required to pull these variables into scope so they can be used within a function. While this works similar to C’s extern declaration, unlike in C, you can’t ever use a variable defined outside a function, even if declared before the function, unless it is declared global or is one of the special “super global” types. C You Later PHP never had pointers, though they do offer references similar to Java. The difference being that a reference can’t be moved or reassigned as a pointer can using pointer arithmetic. PHP 5 raises errors when attempting to pass references to functions. While it’s still possible to pass by reference, the function or method signature must define it and the call must not include the ampersand (&). This is because, as of PHP 5, non-primitive types are implicitly passed by reference. While in some respects PHP has moved away from its C influence, in other aspects it’s become more similar. PHP 4, for example, added capabilities for variable length parameters, although in a much different way than C. Nevertheless, the C influence appears to be dwindling, in favor of higher level capabilities, such as XML parsing, and simpler IO. So it’s unlikely we’ll see new primitive C constructs, such as goto’s any time soon… or will we?

VPS.NET Module Released

Yesterday we announced support for VPS.NET on our forums, and it turns out Blesta is the first billing app to make use of VPS.NET’s new API. You can read about it on their blog too. VPS.NET has a unique node based VPS offering where more nodes mean more VPS and we’re proud to be the first to offer support. Big thanks to Carlos and Ditlev from VPS.NET! You can watch a video tutorial on configuring the module

here. In the future we will be extending functionality including.. 1. Implementing the VPS.NET node selector tool in an order template. 2. Allowing clients to select the OS Template at order, as opposed to only being set on the package level. 3. Adding a reboot option to the client area. If you’re looking to resell a VPS solution, be sure to check out VPS.NET!

Encoding vs. Encryption

Encoding and encryption are both routines performed on data, however the end results are quite different. In the case of encryption the purpose is to disguise the data such that it can’t be read, except by the intended recipient. On the other hand, encoding is used merely to work the data into a more suitable format. Sometimes these methods are used in conjunction, as we’ll see later in this article, but frequently developers mistakenly substitute encryption with encoding, which can cause some very serious security issues.

While there are many different encoding algorithms, one of the most widely used in web development is base64. As the name suggests, base64 maps 6-bit blocks of binary data into 64 different character representations. The phrase “hello world!” in base64 encoding appears as “aGVsbG8gd29ybGQh,” a somewhat random looking set of characters. However, if we examine the string in more detail we see right away that a very limited set of characters are in use, and applying base64 decoding gives the original “hello world!” message back.

<?php 
echo base64_encode("hello world!"); // prints aGVsbG8gd29ybGQh
?>

A typical application for encoding is transmitting binary data across the Internet. If not encoded, the binary data will likely become corrupt. This is because some systems may interpret the data differently. To ensure this doesn’t happen we can encode the data before sending it, and decode it upon arrival.

It’s important to point out that encoding should never be used in place of encryption. The reason for this is due to the very nature of encoding, which allows data to be easily converted from one representation to another. Only the algorithm is needed, no key is required. To an attacker, it’s like coming across a front door with a dozen knobs and no lock. The only thing standing between them and what’s inside is finding the right knob to turn.

When storing or transmitting sensitive information encryption should always be used. As with encoding algorithms there are many different encryption algorithms (ciphers), perhaps even more than the former. It’s worth noting that ciphers typically have very short life spans, and while popular ciphers in use today have withstood rigorous attacks, it’s likely that will not always be the case.

What makes a good cipher is high entropy. The more random a string appears, the more difficult it is to crack. Because of this many encrypted strings contain unreadable characters, which can often be lost or corrupt when transmitting or reading. To prevent that from happening we can encode the encrypted string into a readable format before storing or transmitting. Anyway, let’s take a look at an example.

Our “hello world!” phrase, encrypted using the AES cipher looks like “R4OuDkO7P5Z6fLHzpuC8ZQ==” in base64 encoding, or “4783ae0e43bb3f967a7cb1f3a6e0bc65” in hexadecimal (I’ve left out the plain-text representation here because it contains almost no readable characters). The only way to convert this data back into its original form is to decrypt it using the same algorithm and key that was used to encrypt it. Since the key is kept private, an attacker will have a very difficult time recovering the plain text even if he knows the algorithm used.

It’s easy to mistake an encoded string with an encrypted string, especially if we assume an attacker has no idea what encoding is being used. For example, if we take our base64 encoded “hello world!” string and reverse it we get “hQGby92dg8GbsVGa.” An attacker may recognize this as a base64 encoded string, and it is a valid one, however, simply decoding this without first reversing the string will result in what appears to be a random collection of characters. While this may deter some attackers, it’s absolutely no substitute for encryption.

<?php 
$a = strrev(base64_encode("hello world!")); // $a = hQGby92dg8GbsVGa
echo base64_decode($a); // prints unreadable characters
echo base64_decode(strrev($a)); // prints hello world!
?>