mrrsm

Just remember there are a bunch of open source modules/plugins/templates/gateways/etc from naja7host. That doesn't include his helpful code posts in this forum. Plus he has been around the forum since the end of 2012. That gives me a lot to go on to base his coding skill off of as well as his reputation around this community. You are fairly active on the forums but from what I can see you don't have any open source projects for blesta that I can look at. You haven't yet contributed enough to the community to be considered at naja7host's level. Maybe in the future as contribute more and have more people using your modules/plugins and reviewing them, but not yet.

As far as I know from reading his posts he is not a developer. He can probably vouch for you getting the job done in a timely manner and for a fair price but he has no say on your code quality which is where the question lies. I personally don't need anyone to vouch for you right now as I am not interested in your Blesta modules. I am guessing there are many others who are quite happy with the plugins/modules you have released though and didn't need a code audit or anything else to feel comfortable purchasing them. I am just trying to help you understand why someone may want an audit. Like I said before, if you don't feel that is necessary, your best course of action is to say "I am sorry, we have no plans currently to get X audited." and leave it at that. That can be a sound business choice and doesn't need any follow up nor explanation on your behalf. Losing out on a customer is not always a bad thing.

Yes I do, which is why I am not using it. Why should I trust you? Trust is earned not given out freely. You have nobody to vouch for you though which is the main problem. If I took your word on that it would be the same as hiring someone without an interview after doing nothing more then talking to them on the phone and them saying I am good at whatever you are hiring me for. If you are getting a real code audit you will have legal agreements in place which will prevent them from doing that. If they do steal your code you will have the legal means to recoup losses based on this. If you aren't getting a reputable auditor then you may be wasting money because why would I trust a random "Joe Shmoe" anymore then I would trust you. Your auditor needs to be the trustworthy third party who is essentially vouching for you. Please don't take what I am saying as a personal attack as it is not. I am just trying to explain why someone asking for you to get a code audit is not an unreasonable request.

Blesta being mostly viewable source means one can audit it and see the design practices they used and feel good about what I am using. Personally, when I am putting someone else's code into something (a plugin or module) I believe is safe (Blesta) I prefer to have the knowledge that it is secure as well. Asking for a code audit on encoded software isn't that unreasonable of a request, especially if you are buying from a non-seasoned company/developer who doesn't have a large reputation and long history. As a developer you can easily say no to his audit request and lose out on him/her as a customer. There is nothing wrong with going down that route but until you have a solid reputation it can be helpful to have someone vouch for you, in this case via a code audit.

I agree, $500 is crazy cheap for a lifetime license. $700-$800 is where I would expect it to be price wise. Anyone who is doing serious business will most likely keep their billing system around for way more than 5 years which would be the current break even between an owned unbranded and an owned lifetime. In my opinion a 10-12 year break even point makes more sense to me but I would need to feel very strongly that the company will continue on for that long and has a good history behind them. I believe Blesta is getting to that point where they have a solid history, albeit a bit slow at times, of new versions/features/and bugfixes and a strong roadmap which makes me think they will do well in the market and be around for many more years. I agree 100%, if I am hosting the software nothing in the software changes regardless of the amount of users I have. Only the server requirements change. If they are hosting it for me I would be ok with them charging me per user. However I am not even sure how safe I would feel letting another entity control my billing platform as that is the lifeline for me to bring in income.

What was wrong with the version 3 of the Blesta license manager in your opinion? The prices seem a bit steep for what you appear to be offering (That is my opinion at least). The "Start-up plan" seems to make the least amount of sense to me as the "Free" tier is essentially a trial. If you need more then the trial you probably need/want unlimited if you are serious about licensing some software. For $50/month I would need something that provides better service then what it would cost me to develop/buy/run this myself. I would estimate server cost being at most $20/month if I rented 4 $5/month Digital Ocean servers and load balanced them as well as a $100 one time fee for the Blesta or WHMCS license plugin. That is probably over estimating on server needs as 1 server will probably work for most people for a significant amount of time. On top of that I don't see any privacy policy nor terms of service. What kind of up time are you guaranteeing? Do you have api docs I can look at without signing up? There are a lot of things I would want/need to evaluate before I would even bother signing up. On the positive side, not having to manage the license server could be a great benefit to some people/companies. You have to show the value you are bringing as if your service is down for any reason that could disrupt all of a companies licensees which would be VERY bad.

Forced SSL is the best part imo. Already found some broken ones though On the lounge page (https://www.blesta.com/forums/index.php?/forum/17-the-lounge/) I got 4 ssl errors Mixed Content: The page at 'https://www.blesta.com/forums/index.php?/forum/17-the-lounge/' was loaded over HTTPS, but requested an insecure image 'http://www.blesta.com/forums/uploads/profile/photo-thumb-499.png'. This content should also be served over HTTPS. index.php:2404 Mixed Content: The page at 'https://www.blesta.com/forums/index.php?/forum/17-the-lounge/' was loaded over HTTPS, but requested an insecure image 'http://www.blesta.com/forums/uploads/profile/photo-thumb-11796.jpg'. This content should also be served over HTTPS. index.php:2888 Mixed Content: The page at 'https://www.blesta.com/forums/index.php?/forum/17-the-lounge/' was loaded over HTTPS, but requested an insecure image 'http://www.blesta.com/forums/uploads/profile/photo-thumb-10467.jpg'. This content should also be served over HTTPS. index.php:3189 Mixed Content: The page at 'https://www.blesta.com/forums/index.php?/forum/17-the-lounge/' was loaded over HTTPS, but requested an insecure image 'http://www.blesta.com/forums/uploads/profile/photo-thumb-10467.jpg'. This content should also be served over HTTPS.

Looks a lot more modern. I like it from what I have seen so far at least.

It all really depends on how you want to manage users. I feel like you will need a wordpress plugin to provide you access to modifying users from Blesta. You could then either have the universal module handle setting up paid accounts for you. The only hangup would be the initial password would have to be set for the user and provided to them and then they would need to change it (force them to change it). Another way would involve having users register on wordpress and use the api to see if they have an active subscription in blesta for the premium content. Either way there isn't a drop in that will just make this work as far as I know.

That will force it back to https but it doesn't fix the fact you should be sending people to the https directly from your links regardless. That is useful as doing them manually sucks as it takes a while otherwise

It doesn't, as far as I know, need any core work done which makes it a better candidate for a 3rd party dev to tackle it. Just because their task has a lot of features doesn't mean that someone else couldn't develop them as well. I would rather them fix things in the core which make everything easier for other devs and users and have cyandark and others work on plugins that they have the current capabilities to develop themselves.

Is the core one done yet? If it isn't why couldn't this be the main plugin for mass mailing and the blesta dev's can work on other tasks.

I figured you would support it which is why I made that note. I can't imagine Blesta without you around. I think that this is one of the main reasons why there aren't any large 3rd party dev's yet. The market share isn't quite there yet to make it a main full time gig.

Feature Request: There should be a report plugin (or whatever) so users can report broken plugins or malicious plugins.

He set his prices not his customers. On another note, it is really disheartening when two companies (ModulesBakery and ModulesGarden), out of the blue, dissolve or stop supporting plugins/modules they made and users paid for. (Yes I know different circumstances apply for each of them) While I am glad the code got open sourced I am now less likely to purchase a module from someone as I have been burned twice now. If I wanted to build and support a module myself I could/would. However I would rather pay someone else who has done the work and will support their modules into the future. It seems that Blesta doesn't have a proven ecosystem of 3rd party dev's. Granted a lot of great modules live on these forums and are slowly getting into the marketplace most of them are free (which is great for most people). As of right now there aren't any, that I know of, paid modules or plugins (note that I have excluded theme developers and premadekb which is listed as other in the marketplace) with developers who are still around and working on them. I am bundling in BlestaCMS in with this as Modules Bakery was the dev but I believe Licensecart will still support it and possibly have someone else maintain the code (or do it himself maybe?). One last thing, can the Tasty Cpanel Modules be updated in the marketplace to either point at the github or be removed: https://marketplace.blesta.com/#/extensions/2-Tasty%20cPanel%20Module

Sounds awesome. Past that, if you can add a task to be run during the cron job which will send emails in the background that would be even better. Granted this is probably quite a bit more work, it would make it so you don't have to worry about any timeouts.

This script is using the mail command which means it will not respect the email settings you may have set in the admin. Also, beware of script timeouts. If you have a lot of customers this could be something that takes a little bit to run. You wouldn't want to run it again as it will resend to that first batch of users a second time so be careful.

If Blesta is using a library it is up to them to fix the problem. Whether that be update the lib, use a different lib, or write there own code for it. Regardless it is still a Blesta issue as they chose to use that code. Note: I do not see that issue myself.

+1 I think it would be useful if it could either have a cal link that other calendars could pull in at the minimum

This is good news, I hope you still put it up on github and allow others to contribute to it as well.

Seems risky and a lot of work if you do update in the future. Why not just make a script which would make the modifications to the database you have done and use vqmod to edit the core files? (I really don't expect you to do this as you have finished your project already it is just a suggestion for the future if you ever do need to upgrade the system)

I've used it many times when scanning a LAN and for seeing what ports and services are available on a given machine. There isn't much need to have it on most servers but it is almost always installed on my laptops.

If you are using Android or iOS you are giving Google and/or Apple pretty much the same data you are giving Microsoft. While turning off most of the tracking stuff is fairly easy to do and only takes a min or two (although every article I have read makes it sound like you have to be a computer surgeon to do it).

Why would Blesta want to make an importer for another company to let a customer move away from Blesta? There are a couple plugins that store and extract encrypted data into the database floating around the forums so there are plenty of people who figured out how to do this programmatically. If the developer you are working with is having that much trouble I would suggest looking for a new developer to do this task for you. A couple things to note: 1) You can't import directly from a database dump without having the system key. (If you have it you would just need to know what was encrypted and it shouldn't be that hard) 2) Blesta has a pretty good api that can get you most of the data you would need (the api supports decrypting and encrypting data (only some fields) I believe and if not you can add api calls to do just that) What is the size of your database, 1 or 2 clients with no plans to grow? I can't even imagine going through an even remotely large database by hand trying to see if something was wrong. As long as your database isn't corrupted (which would be a whole different issue) you should be able to view all of the data in the admin area and fix any bad data that exists for that one customer. You have to have some level of trust with the software you are using. Trusting that they are properly handling use data, encrypting, protecting from exploits, and more. If you don't feel that a company has the same interests on security (or anything else for that matter), that company may not be a good fit for you.