mrrsm
-
Posts
179 -
Joined
-
Last visited
-
Days Won
6
Posts posted by mrrsm
-
-
8 minutes ago, timnboys said:
You want someone to vouch for me talk to Michael dance he is by far my biggest user of my fraudrecord anti fraud module for blesta
As far as I know from reading his posts he is not a developer. He can probably vouch for you getting the job done in a timely manner and for a fair price but he has no say on your code quality which is where the question lies.
I personally don't need anyone to vouch for you right now as I am not interested in your Blesta modules. I am guessing there are many others who are quite happy with the plugins/modules you have released though and didn't need a code audit or anything else to feel comfortable purchasing them.
I am just trying to help you understand why someone may want an audit. Like I said before, if you don't feel that is necessary, your best course of action is to say "I am sorry, we have no plans currently to get X audited." and leave it at that. That can be a sound business choice and doesn't need any follow up nor explanation on your behalf. Losing out on a customer is not always a bad thing.
-
30 minutes ago, timnboys said:
do you just want to see the source code of whmcs?
Yes I do, which is why I am not using it.
30 minutes ago, timnboys said:no you "trust" they know what they're doing and so should you on my stuff.
Why should I trust you? Trust is earned not given out freely.
30 minutes ago, timnboys said:ah who said I wasn't seasoned? I have been coding in php a long time and am seasoned.
You have nobody to vouch for you though which is the main problem. If I took your word on that it would be the same as hiring someone without an interview after doing nothing more then talking to them on the phone and them saying I am good at whatever you are hiring me for.
30 minutes ago, timnboys said:Already discussed with the auditor about just giving him the source code just so he decides it's "safe" like I already know but he said not a good idea since he could steal and copy it and sell as his own so that is why they are encoded.
If you are getting a real code audit you will have legal agreements in place which will prevent them from doing that. If they do steal your code you will have the legal means to recoup losses based on this. If you aren't getting a reputable auditor then you may be wasting money because why would I trust a random "Joe Shmoe" anymore then I would trust you. Your auditor needs to be the trustworthy third party who is essentially vouching for you.
Please don't take what I am saying as a personal attack as it is not. I am just trying to explain why someone asking for you to get a code audit is not an unreasonable request.
-
6 minutes ago, timnboys said:
This is also coming from a guy that asks developers for code audits each time lol
Blesta being mostly viewable source means one can audit it and see the design practices they used and feel good about what I am using. Personally, when I am putting someone else's code into something (a plugin or module) I believe is safe (Blesta) I prefer to have the knowledge that it is secure as well. Asking for a code audit on encoded software isn't that unreasonable of a request, especially if you are buying from a non-seasoned company/developer who doesn't have a large reputation and long history.
As a developer you can easily say no to his audit request and lose out on him/her as a customer. There is nothing wrong with going down that route but until you have a solid reputation it can be helpful to have someone vouch for you, in this case via a code audit.
- Paul, ExpertIntegrations and Michael
-
3
-
36 minutes ago, Paul said:
The Lifetime license is certainly the most likely to get a price hike. Because it comes with updates forever, we have to be careful about how many we sell.
I agree, $500 is crazy cheap for a lifetime license. $700-$800 is where I would expect it to be price wise. Anyone who is doing serious business will most likely keep their billing system around for way more than 5 years which would be the current break even between an owned unbranded and an owned lifetime. In my opinion a 10-12 year break even point makes more sense to me but I would need to feel very strongly that the company will continue on for that long and has a good history behind them. I believe Blesta is getting to that point where they have a solid history, albeit a bit slow at times, of new versions/features/and bugfixes and a strong roadmap which makes me think they will do well in the market and be around for many more years.
50 minutes ago, Paul said:We have no plans whatsoever to go to a per-client billing model. I just don't see that ever happening, I'm not a fan of the model. In theory it sounds great and fair, but in reality it only works for SaaS.
I agree 100%, if I am hosting the software nothing in the software changes regardless of the amount of users I have. Only the server requirements change. If they are hosting it for me I would be ok with them charging me per user. However I am not even sure how safe I would feel letting another entity control my billing platform as that is the lifeline for me to bring in income.
-
17 hours ago, timnboys said:
(and possibly switch to blesta 4.0 license manager plugin if it is better hopefully than 3.x was)
What was wrong with the version 3 of the Blesta license manager in your opinion?
On 9/13/2016 at 10:16 AM, cogative said:Our other two plans are the "Start-up plan" priced at $20/month, and the "Business plan" priced at $50/month.
The prices seem a bit steep for what you appear to be offering (That is my opinion at least).
The "Start-up plan" seems to make the least amount of sense to me as the "Free" tier is essentially a trial. If you need more then the trial you probably need/want unlimited if you are serious about licensing some software.
For $50/month I would need something that provides better service then what it would cost me to develop/buy/run this myself.
I would estimate server cost being at most $20/month if I rented 4 $5/month Digital Ocean servers and load balanced them as well as a $100 one time fee for the Blesta or WHMCS license plugin. That is probably over estimating on server needs as 1 server will probably work for most people for a significant amount of time.
On top of that I don't see any privacy policy nor terms of service. What kind of up time are you guaranteeing?
Do you have api docs I can look at without signing up?
There are a lot of things I would want/need to evaluate before I would even bother signing up.
On the positive side, not having to manage the license server could be a great benefit to some people/companies.
You have to show the value you are bringing as if your service is down for any reason that could disrupt all of a companies licensees which would be VERY bad.
-
Forced SSL is the best part imo.
Already found some broken ones though
On the lounge page (https://www.blesta.com/forums/index.php?/forum/17-the-lounge/) I got 4 ssl errors
Mixed Content: The page at 'https://www.blesta.com/forums/index.php?/forum/17-the-lounge/' was loaded over HTTPS, but requested an insecure image 'http://www.blesta.com/forums/uploads/profile/photo-thumb-499.png'. This content should also be served over HTTPS.
index.php:2404 Mixed Content: The page at 'https://www.blesta.com/forums/index.php?/forum/17-the-lounge/' was loaded over HTTPS, but requested an insecure image 'http://www.blesta.com/forums/uploads/profile/photo-thumb-11796.jpg'. This content should also be served over HTTPS.
index.php:2888 Mixed Content: The page at 'https://www.blesta.com/forums/index.php?/forum/17-the-lounge/' was loaded over HTTPS, but requested an insecure image 'http://www.blesta.com/forums/uploads/profile/photo-thumb-10467.jpg'. This content should also be served over HTTPS.
index.php:3189 Mixed Content: The page at 'https://www.blesta.com/forums/index.php?/forum/17-the-lounge/' was loaded over HTTPS, but requested an insecure image 'http://www.blesta.com/forums/uploads/profile/photo-thumb-10467.jpg'. This content should also be served over HTTPS. -
-
I need a way to seek my active clients to a WordPress install, so that I can provide premium content.
Active clients should be created as wordpress subscriber users. I would also like for their access to be restricted when their account cancels.
Does anyone have any ideas on how to make this integration?
It all really depends on how you want to manage users.
I feel like you will need a wordpress plugin to provide you access to modifying users from Blesta. You could then either have the universal module handle setting up paid accounts for you. The only hangup would be the initial password would have to be set for the user and provided to them and then they would need to change it (force them to change it).
Another way would involve having users register on wordpress and use the api to see if they have an active subscription in blesta for the premium content.
Either way there isn't a drop in that will just make this work as far as I know.
-
I just force https on the apache file (HSTS)
That will force it back to https but it doesn't fix the fact you should be sending people to the https directly from your links regardless.
UPDATE `emails` SET `text`=REPLACE(`text`, 'http:', 'https:'), `html`=REPLACE(`html`, 'http:', 'https:')
That is useful as doing them manually sucks as it takes a while otherwise
-
It's being done in 4.0 and has a lot of features. It's been planned for ages and all worked out, so it will be released.https://dev.blesta.com/browse/CORE-621
It doesn't, as far as I know, need any core work done which makes it a better candidate for a 3rd party dev to tackle it. Just because their task has a lot of features doesn't mean that someone else couldn't develop them as well. I would rather them fix things in the core which make everything easier for other devs and users and have cyandark and others work on plugins that they have the current capabilities to develop themselves.
-
i prefer fo the dev to not lose time in something that will be ready in core in version 4 . so the simple work has been done .
@cyandark thanks for your work and sharing .
Is the core one done yet? If it isn't why couldn't this be the main plugin for mass mailing and the blesta dev's can work on other tasks.
-
We're going to be supporting ours for life
I figured you would support it which is why I made that note. I can't imagine Blesta without you around.
That's where Mujahed had a choice, wait for Blesta to get more popular and finally get more orders for his paid plugins or go full time with a company to keep him in his house, etc.
I think that this is one of the main reasons why there aren't any large 3rd party dev's yet. The market share isn't quite there yet to make it a main full time gig.
-
-
Maybe if you had paid him more, he wouldn't have to close down due to lack of revenue/profit.
He set his prices not his customers.
On another note, it is really disheartening when two companies (ModulesBakery and ModulesGarden), out of the blue, dissolve or stop supporting plugins/modules they made and users paid for. (Yes I know different circumstances apply for each of them) While I am glad the code got open sourced I am now less likely to purchase a module from someone as I have been burned twice now. If I wanted to build and support a module myself I could/would. However I would rather pay someone else who has done the work and will support their modules into the future.
It seems that Blesta doesn't have a proven ecosystem of 3rd party dev's. Granted a lot of great modules live on these forums and are slowly getting into the marketplace most of them are free (which is great for most people). As of right now there aren't any, that I know of, paid modules or plugins (note that I have excluded theme developers and premadekb which is listed as other in the marketplace) with developers who are still around and working on them.
I am bundling in BlestaCMS in with this as Modules Bakery was the dev but I believe Licensecart will still support it and possibly have someone else maintain the code (or do it himself maybe?).
One last thing, can the Tasty Cpanel Modules be updated in the marketplace to either point at the github or be removed: https://marketplace.blesta.com/#/extensions/2-Tasty%20cPanel%20Module
-
Thanks for the feedback, I will integrate the Email Component of Blesta in the Next Update.
Sounds awesome.
Past that, if you can add a task to be run during the cron job which will send emails in the background that would be even better. Granted this is probably quite a bit more work, it would make it so you don't have to worry about any timeouts.
-
This script is using the mail command which means it will not respect the email settings you may have set in the admin.
Also, beware of script timeouts. If you have a lot of customers this could be something that takes a little bit to run.
You wouldn't want to run it again as it will resend to that first batch of users a second time so be careful.
-
It's not a Blesta issue though so how do you expect them to fix it? It's a javascript issue and down to the people who do the script Blesta uses. And it's supposed to be a drag and not click slider.
If Blesta is using a library it is up to them to fix the problem. Whether that be update the lib, use a different lib, or write there own code for it. Regardless it is still a Blesta issue as they chose to use that code.
Note: I do not see that issue myself.
-
+1 I think it would be useful if it could either have a cal link that other calendars could pull in at the minimum
- evolvewh and Blesta Addons
-
2
-
We may also bring in some of the advanced management functionality into our official modules, and we *may* completely take over and fully support and maintain the digital ocean module.
This is good news, I hope you still put it up on github and allow others to contribute to it as well.
-
I will never upgrade. Plugin system cannot handle the heavy modifications to meet our company requirements.
Seems risky and a lot of work if you do update in the future.
Why not just make a script which would make the modifications to the database you have done and use vqmod to edit the core files? (I really don't expect you to do this as you have finished your project already it is just a suggestion for the future if you ever do need to upgrade the system)
-
I've used it many times when scanning a LAN and for seeing what ports and services are available on a given machine. There isn't much need to have it on most servers but it is almost always installed on my laptops.
- Blesta Addons and serge
-
2
-
What do you all think of Windows 10 spying? http://bgr.com/2015/07/31/windows-10-upgrade-spying-how-to-opt-out/
Have you done anything to circumvent this?
If you are using Android or iOS you are giving Google and/or Apple pretty much the same data you are giving Microsoft. While turning off most of the tracking stuff is fairly easy to do and only takes a min or two (although every article I have read makes it sound like you have to be a computer surgeon to do it).
-
I suggest if you are just afraid to help them to create an importer if you provide a way to decrypt the database, to simply Ioncube this tool.
Why would Blesta want to make an importer for another company to let a customer move away from Blesta?
There are a couple plugins that store and extract encrypted data into the database floating around the forums so there are plenty of people who figured out how to do this programmatically.
If the developer you are working with is having that much trouble I would suggest looking for a new developer to do this task for you.
A couple things to note:
1) You can't import directly from a database dump without having the system key. (If you have it you would just need to know what was encrypted and it shouldn't be that hard)
2) Blesta has a pretty good api that can get you most of the data you would need (the api supports decrypting and encrypting data (only some fields) I believe and if not you can add api calls to do just that)
How can i make it quick and easy to see if there is a major problem somewhere if i cannot decrypt the whole database, and look at it's content? How can i know if there was some code injected in the database? I understand Blesta peoples thought about protections on this, but if there was injections in framework like Rails, then there may be the same on other frameworks (a LOT harder to find, but still : everything is possible). In such case, or if there is a validation missing somewhere and someone is able to save corrupted data in the database, then we may never see it.
What is the size of your database, 1 or 2 clients with no plans to grow? I can't even imagine going through an even remotely large database by hand trying to see if something was wrong. As long as your database isn't corrupted (which would be a whole different issue) you should be able to view all of the data in the admin area and fix any bad data that exists for that one customer.
You have to have some level of trust with the software you are using. Trusting that they are properly handling use data, encrypting, protecting from exploits, and more. If you don't feel that a company has the same interests on security (or anything else for that matter), that company may not be a good fit for you.
-
That should be more than enough space.
Currently I am using around 4 GB of space for everything on the machine that blesta is running on (OS, db, files, etc). I am hosting downloads from elsewhere though otherwise those could add up as custom packages for people may be a couple hundred mb's a piece.
If you are doing design stuff just take into account the size and number of files you may be putting into blesta for your users to download. If you are hosting them elsewhere then it shouldn't be a problem.
WHMCS Price Increase - Good News for Blesta
in The Lounge
Posted
Just remember there are a bunch of open source modules/plugins/templates/gateways/etc from naja7host. That doesn't include his helpful code posts in this forum. Plus he has been around the forum since the end of 2012. That gives me a lot to go on to base his coding skill off of as well as his reputation around this community.
You are fairly active on the forums but from what I can see you don't have any open source projects for blesta that I can look at. You haven't yet contributed enough to the community to be considered at naja7host's level. Maybe in the future as contribute more and have more people using your modules/plugins and reviewing them, but not yet.