Technology Strategy

Why Netlify?

When it comes to hosting for static sites like this one, that uses Hugo, there are a few options out there now. It used to be that the default answer was to use GitHub Pages and Jekyll to host your site. There weren’t many well publicized alternatives out there that allowed you to host it all for free. Add in CloudFlare in front of GitHub Pages, and you had a well protected site that would be able to weather most issues, and be performant for most users.

When Should I Use Magento 2 Helpers?

One of the objects that developers familiar with Magento 1 will instantly recognize are helpers. When working with Magento 1, helpers proved to be a special type of object that looked similar in invocation to a singleton, but in reality it was more of a lazy way to share functionality between multiple locations. The main benefit to using a helper in Magento 1 is that it made it easier to access the __ function for translations and it was directly accessible from the template files .phtml. I’m sure many of you can relate to accessing a helper with the familiar Mage::helper('modulename');.

The Magento 2 Learning Curve

The learning curve for various products and platforms tends to vary greatly depending on the complexity of the system you are learning. For example, people that understand how to use the internet and communicate online via email or Facebook are generally able to figure out how to work with Twitter without much of an issue. On the other hand, when you are looking at the learning curve for designing airplanes that are able to carry people, it should be much more difficult to understand how to start as compared to starting to use Twitter. (Yes, I know there are people out that think learning to use Twitter is exceedingly difficult, and make paper airplanes all day long.)

The Best Way to Learn Magento 2

The very best way that I have found to figure out how to develop with Magento 2 is to write unit tests for a module. It not only requires you to figure out how to work with phpunit, but to also look at the existing codebase for examples of how the Magento 2 team works with the same objects and handles the same kinds of tasks. Once I wrote a full set of unit tests for my first Magento 2 module, I felt that I had a much better grasp of the workings of Magento 2 than I did before I started writing the unit tests.

Magento 2, Docker, and macOS don't mix

I was excited when the Docker team launched their better-integrated solution for running Docker containers on OS X this past summer. It allowed our team to switch from using full Vagrant/Virtual Box based virtual machines for local development to a much lighter-weight solution. Compared to the Vagrant setup, Magento 1 seemed to run a bit faster and require fewer resources when running in Docker.

However, when trying to setup a similar environment with Magento 2, the performance numbers didn’t quite line up when using a macOS host. I’m sure a little background as to the system setup would make things a bit more clear.

Weird Errors Running Magento 2 Unit Tests

One of the great promises with the release of Magento 2 was that the core codebase would ship with unit tests built in so that you could have some way to be able to tell if you did something to break the site long before you ever pushed your code to production. In reality, though, since you should never directly edit the core files, instead only override their functionality, as a Magento 2 developer, there is little that you should be able to do that will cause the shipped tests to fail. Instead, the testing framework for unit tests makes it much easier for the extension developers and customizers to be able to unit test their custom code to ensure that the code does exactly what they expect it to.

Magento 2.1.3 Upgrade Static Files Not Loading

Magento just released an update to the latest version of their ecommerce platform to up the version from 2.1.2 to 2.1.3. There are a few differences between the versions, and one of those differences relates to the handling of the static files and what method is used to bust the cache of browsers to ensure users get the latest code whenever changes are deployed. Unfortunately, this upgrade by default breaks sites that aren’t aware of the changes needed to make this work properly.

Don't Use MongoDB For The Wrong Things

The early phases of a greenfield project always seem to conjure up grand ideas of how to use the hottest new technologies to accomplish your goals. Many times, these grandiose plans give way to a more level-headed design discussion where more realistic technologies are adopted. However, there are a few times where the developer with the idea to use the hottest new technology is the one in charge, and ends up getting his way.

Verify Magento User Access to Admin Functionality

When working with Magento, there will inevitably come a time where you need to manually check to see if the currently logged-in user has access to a specific piece of functionality as defined in the ACL settings. Personally, I have come across this situation more often when creating my own custom modules and their custom permissions, but they can be used to check the permissions of any module.

As is so often the case, Alan Storm has documented the exact solution for this scenario. Lets say that your ACL configuration is setup as it is below…

Never Explicitly Trust Software Because It Is Open-Source

One of the major ideas behind open source projects is that allowing anyone that wants to view the source code of a project to be able to do so should make bugs and security weaknesses easy to find. While this did not work so well with OpenSSL and its various bugs that have been exposed recently, I do have an example where it worked extremely well.

Magento is an eCommerce platform that has two separate editions. One is a completely open-source and free as in beer Community edition. The other is a somewhat expensive Enterprise Edition. There is a large community of Magento developers that create extentions, or addons, for these two editions of Magento.

Authenticate Magento Admin Users

Magento’s admin interface allows you to do the vast majority of everything that you would ever want to do to manage your eCommerce website. However, there are times when the rigidity of the framework makes it difficult for developers to appropriately customize a layout.

One of the things that we have done to combat these limitations is to create a new administration section of the website specifically for the use of developers and other advanced administrators of the site. In order to do this as seamlessly as possible, one of the requirements was to enable current admin users to use the same authenticated session across the standard Magento admin and our new custom admin systems.

The Amazing Magento Configuration

At the heart of every piece of PHP in Magento is the XML configuration files that tell core Magento code where to find functions and what to do with them. It seems to be the biggest hurdle that most developers face when they begin developing with Magento.

When going through a bit of code recently, I discovered something in the configuration that looks like it should have never worked, but amazingly enough, has worked without issue the entire time it has been in place. Let’s see if you spot the bit of strangeness.

Magento's preDispatch Observer

One of the decisions that always seems to arise when adding functionality to a Magento website is what the best strategy is for doing so. Should you override the controller or function, edit it in place, or use an observer to listen for a particular event to occur.

It just so happens that if you want to make sure that you have some sort of validation logic that runs before a particular controller action is executed, the easiest way to implement it is via a preDispatch observer. The other aspect of preDispatch controllers is that they can be configured to listen only for preDispatch events from a particular module, or they can listen for preDispatch events from every module, allowing you to add some password expiration policies to the adminhtml side of your website, for example.

5 Ways to Keep Your Nude Pictures Secure

With the recent revelation that there was a massive release of naked or revealing photographs of many female celebrities, it seems to be an important time to remind people how to make sure private photos and other information don’t get shared all around the internet without your permission. As a result, here are my top 5 ways to keep your nude pictures secure.

1. Don’t Take Nude Selfies - Yes, the best and easiest way to keep your naked selfies out of the sight for the public viewers on the internet is to never take a naked selfie in the first place. Just don’t do it.

   #rant #security

   Read More

Hackers Exploiting Gullible Magento Site Administrators

Nexcess recently released a report of a Recent Exploit using Fake Magento Extensions was able to skim credit card information from affected Magento websites. While it seems that some of the stores were breached by correctly guessing simple admin usernames and passwords, others seemed to be the result of site administrators installing Magento Extensions that included backdoors that gave the hackers remote access to the website. Once the backdoor was installed, the hackers went on to modify core Magento files, ensuring that when a credit card order was placed, the credit card information would be saved to a text file that was hidden with an image file name extension .jpg, .gif, .bmp and saved in the /media directory, allowing the hackers, and anyone else on the internet to download the credit card information.

Orphaned Attribute Data in Magento

Its always entertaining to look at the source of an application that originates from outside your organization. It frequently highlights ways of using technology I was not familiar with beforehand, and sometimes leaves me shaking my head in disgust. I initially started looking at a relatively new third-party module thinking that I would find some sort of major bug that was causing the issues the site was experiencing, but was surprised to find that was not the case.

Unintended Consequences with Magento Observers on Sales Orders

Anyone that uses Magento to place orders will be hard-pressed to consider this process a speedy one. While it takes a while to process the order under the best of circumstances, there are a few things that you can do that actually make it worse.

One of those things that can make it worse is creating an observer that runs in the middle of the saving of the order processes that is always slow-running, or continues to get slower over time as the data that the Magento site grows. While the observer may run well at first, over time as the data grows, some random symptoms may show up, including database deadlocks and even some missing sales orders.

Magento Version 2, is it just Microsoft Windows Longhorn AKA Vista?

Magento version 2 was first introduced in 2010. It is now almost halfway through 2014, and the public has not seen any alpha or beta release of Magento version 2 as of yet. The new version of Magento promised to replace PrototypeJS and Scriptaculus with jQuery as well as reorganize the database schema to remove the slow EAV tables and migrate to a bit of a flatter table structure. However, it seems that the latest updates on the direction for Magento 2 show that the database schema will not be changed much after all.

Magento appending __SID to URLs

When trying to fully optimize a Magento website to run as fast as possible, I tend to opt for turning on all of the caching options in Magento, and then put the Varnish caching server in front of the web server with the Turpentine plugin. However, when you do this with some configurations, you start seeing the __SID query string parameter added to the end of the site’s url. Unfortunately, when the Turpentine plugin sees the __SID query string in the URL, it means that this page request will bypass the cache and load it directly from the server, slowing things down.

Magento Adminhtml and Relative Links to Static Resources

Relative links in URLs allow you to only specify the path to an resource that is in the same or subfolder of the current folder. Lets say the current page you are on is http://example.com/test/ and you want to reference an image at http://example.com/test/image.jpg. You could put the full http://example.com/test/image.jpg in the src attribute of the img tag, or you could use just image.jpg instead. This works well when you are not sure what the directory path is the parent directory of your code. However, it can cause some issues when your code is moved to another location, but some resources are not moved, such as image.jpg.

Saving Products in Magento Deletes Tier Pricing

Magento’s framework makes many things simple to accomplish when working with the products and categories of your eCommerce website. However, I have found one scenario that doesn’t exactly work as expected.

Tier Pricing in Magento

Magento allows you to setup custom pricing levels based upon the quantity purchased. You set the minimum quantity purchased to enable the lower price when the part is added to the customer’s cart. You could see where losing the tiered pricing for an entire catalog of products would be a big deal for a site.

Creating a Best-Sellers Category with Magento

Magento allows you to organize products in categories, and a single product can be a member of quite a few separate categories. As a result, you can create a category that is specifically for your top selling products. You could manually keep track of which products sell the best, either by number of sales completed, or by the actual quantity of each product that were sold. If you want to spend all your time managing this category, then this is the way to go. However, there is a much easier way to manage the products in the category.

Login Problems with Magento and Varnish

When you have a Magento website configured to use Varnish as a caching frontend, there are certain scenarios where you may have some problems logging-in to the frontend of the website. It poses some unique problems that are not frequently seen on a typical website. This issue typically manifests itself to the end user by visiting the login page, entering the correct credential, submitting the form, and then the page reloads the login page again instead of redirecting to the My Account page or whatever page is specified in the configuration.

Magento FrontName Naming and SSL/HTTPS

One of the things that has always been an issue for sites that are based on Magento is that they are slow. Well, to be fair, sites using Magento Enterprise Edition that take advantage of the built-in full-page caching functionality seem to have decent page load times. One way to take care of this slow load time issue is to utilize a third-party full-page caching solution such as what Varnish provides.