Google Authenticator gets a new wave of interest from the web community, trying to put an extra layer on top of user authentication process. There’s a plethora of plugins and components that let you authenticate with Google, but most of them aim to OAuth and Google+ integration. Two-step auth gets aside.
I took few hours on research for the simple 2FA library available on the net and found TwoFactorAuth that already support Google URI QR-codes, that can be easily embedded into any framework/application running on PHP.
With few minor modifications it nicely got integrated into CakePHP 3.x framework. If you’re using CakePHP 3.x, you can install ‘develop’ branch, of CakeDC/Users plugin, and enable two-factor authentication with few minor modifications.
//config/app.php or any other config file that suites your app
some other custom configs you might need
'GoogleAuthenticator' => [
//enable Google Authenticator
'login' => false,
'issuer' => null,
// The number of digits the resulting codes will be
'digits' => 6,
// The number of seconds a code will be valid
'period' => 30,
// The algorithm used
'algorithm' => 'sha1',
// QR-code provider (more on this later)
'qrcodeprovider' => null,
// Random Number Generator provider (more on this later)
'rngprovider' => null,
// Key used for encrypting the user credentials, leave this false to use Security.salt
'encryptionKey' => false
When you enable it the CakeDC/Users Google Authenticator feature, upon ‘/login’ you will ll be redirected to ‘/verify’, where you should insert your verification code from the mobile app (Google Authenticator for Android).
If you’re already sharing a secret key with the website/app, you won’t have to synchronize an app with it. Otherwise, you’ll have to scan it first, as it’s described in the documentation. QR-code will appear on the ‘/verify’ action of the app.
Working with lots of projects at the same time in qobo.biz, I started to get confused on which branch I’m currently working.
Going back to the terminal, to check the diffs and commits, became a time waste in my daily routine, so I took a break during lunch, to get my vim plugins an upgrade. The catch of the day is the following:
Vim-Airline is a powerful status/tabline facelift of a default statusline with lots of customizations, and useful information on the files you work with. It nicely fits solarized theme, has color shift on different modes:
Vim-gitgutter – is currently my favorite. The plugin identifies on-the-fly differences in the files you’re working in.
And last, but not the least for today – git wrapper for vim – vim-fugitive. It comes very useful with its set of git commands that you can access directly from vim, for example:
* :Gblame - now you can blame yourself in all the bugs
* :Gstatus - what's the status?
* :Gbrowse - redirects you to repositories file in github/bitbucket
* :Gcommit - let the fun begin
And just to complete the list of cools stuff, I must mention tagbar, that I’ve been using for long time, and its phpctags addon, that can make your life easier with better PHP support.
To summarize it all, a bit of editors fun from Twitter:
It’s been already one month since I moved to Qobo Ltd, as a backend developer, so it’s about time to do some benchmarks on the work done.
The level of open source involvement of Qobo is enormous. All the projects I’ve been involved in before were always about open-source: it was either based on open-source, or using open-source solutions into some extend. Every time it ends up locking down the solutions for indoor use. It was either features the company didn’t want to share with the open-source community, or key business aspects that were crucial for competitive advantage. The story repeats over and over – the level of feedback to open source was minimal.
Contrarily, Qobo’s approach towards open-source is different. I didn’t do the exact measures, but it’s approximately 70-80% of code that goes to public repositories. Apart of advocating open-source within the company, we participate in other development communities, which helps us get things better. What’s the point of getting stuck with yet another closed-source plugin/module/library that others troubleshooted/patched and use everywhere. Examples? Well, it’s CakeDC community, CakePHP framework, WordPress, Bootstrap, and many others.
Side-effects of it:
You write better code (if you want to get things accepted in pull requests)
You stand on the shoulders of giants (community helps. Always)
Self-development (you’re not stuck with repetitive tasks)
Q: how many programmers does it take to change a light bulb?
Small teams, dedicated to certain projects or split by the expertise in certain technology or business aspects. Mind blowing speed of deployment & accuracy. The most appropriate way of describing the social system and involvement in the projects would be meritocracy – “We do it, because we can”.
Yarn is a package manager for your code. It allows you to use and share code with other developers from around the world. Yarn does this quickly, securely, and reliably so you don’t ever have to worry.
Yarn allows you to use other developers’ solutions to different problems, making it easier for you to develop your software. If you have problems, you can report issues or contribute back, and when the problem is fixed, you can use Yarn to keep it all up to date.
Absolutely great article by Seth Godin on hardware/software perspectives looking at the giants, like Apple. Few points need to be quoted:
Software can change faster than hardware, which means that in changing markets, bet on software.
It’s tempting to treat the user interface as a piece of fashion, some bling, a sort of jewelry. It’s not. It’s the way your user controls the tool you build. Change it when it stops working, not when you’re bored with it. Every time you change the interface, you better have a really good reason.
Hardware always gets cheaper. If you can’t win that race, don’t run it.
Getting users is far more expensive than keeping users, which means that investing in keeping users is the smartest way to maintain your position and then grow.
Software can create connection, and connection is the engine of our future economy.
The resulting character set is all one case, which can often be beneficial when using a case-insensitive filesystem, spoken language, or human memory.
The Base32 result can be used as a file name because it can not possibly contain the ‘/’ symbol, which is the Unix path separator.
The alphabet can be selected to avoid similar-looking pairs of different symbols, so the strings can be accurately transcribed by hand. (For example, the RFC 4648 symbol set omits the digits for one, eight and zero, since they could be confused with the letters ‘I’, ‘B’, and ‘O’.)
Base32 result excluding padding can be included in a URL without encoding any characters.