Camp tools
By Jeff Boes
January 14, 2013
Devcamps are such a big part of my everyday work that I can’t imagine life without them. Over the years, I developed some short-cuts in navigating camps that I also can’t live without: I share them below.
function camp_top() {
if [ -n "$1" ]
then
cd ~/camp${1}
elif [[ $(pwd) =~ 'camp' ]]
then
until [[ $(basename $(pwd)) =~ '^camp[[:digit:]]+' ]]
do
if [[ $(pwd) =~ 'camp' ]]
then
cd ..
else
break
fi
done
fi
}
alias ct='camp_top; pwd'
function cat_root() {
camp_top $*
cd catalogs/* >/dev/null
}
alias cr='cat_root; pwd'
function pages_root() {
cat_root $*
cd pages >/dev/null
}
alias pr='pages_root; pwd'
function what_camp() {
c=$( camp_top $* 2> /dev/null; basename $( pwd ))
echo $c
}
(“cat_root” and “pages_root” are very Interchange-specific; you may find other short-cuts more useful in your particular camp.)
There’s nothing terribly ground-breaking here, but if bash is not your native shell-tongue, then you might find these useful.
What I do is to stash these somewhere like “$HOME/.bash_camps”, then …
shell camps
Use Metasploit to Verify Rails is Secured from CVE-2013-0156
By Brian Buchalter
January 10, 2013
On January 8th, 2013 Aaron Patterson announced a major security vulnerability on the Rails security mailing list, affecting all releases of the Ruby on Rails framework. This vulnerability allows an unskilled attacker to execute commands remotely on any unpatched Rails web server. Unsurprisingly, it’s getting a lot of attention; Ars Technica estimates more than 200,000 sites may be vulnerable. With all the hype, it’s important to separate the facts from the fiction and use the attacker’s own tools to verify your site is secure.
Within 36 hours of the announcement of CVE-2013-0156, the developers at Rapid7 released a metasploit exploit module. Metasploit lowers the barriers to entry for attackers, making the whole process a point and click affair with a slick web GUI. Fortunately, the Rails security team has provided many easy to implement mitigation options. But, how do know you’ve really closed the vulnerability, particularly to the most automated and unskilled attacks? No better way than to try and exploit yourself.
It’s best to scan your unpatched site first so you can be certain the scan is working as expected and you don’t end up with a false positive that you’ve eliminated the …
ruby rails security
Conversion Tracking via JavaScript
By Steph Skardal
January 8, 2013
Most analytics conversion tracking is done these days with JavaScript or invisible pixel requests on the page that indicates a user has reached a conversion event, such as the receipt page. For example, Google Analytics conversion code might look like this on the receipt page:
_gaq.push(['_setAccount', 'UA-XXXXX-X']);
_gaq.push(['_trackPageview']);
_gaq.push(['_addTrans',
'1234', // transaction ID - required
'Womens Apparel', // affiliation or store name
'28.28', // total - required
'1.29', // tax
'15.00', // shipping
'San Jose', // city
'California', // state or province
'USA' // country
]);
_gaq.push(['_addItem',
'1234', // transaction ID - necessary to associate item with transaction
'DD44', // SKU/code - required
'T-Shirt', // product name
'Olive Medium', // category or variation
'11.99', // unit price - required
'1' // quantity - required
]);
_gaq.push(['_trackTrans' …analytics
Company Update January 2013
By Phineas Jensen
January 4, 2013
With the busy holiday season just behind us, we haven’t had as much time to write blog posts about what we’ve been doing in the past few months. So here’s an update on some of our latest projects:
-
Brian Buchalter has been implementing new features for of a major release of Collaborative Software Initiative’s open source product, TriSano, which provides case and outbreak management, surveillance and analytics for global public health.
-
Dave has worked on deepening our contacts with content providers and agencies using or interested in using the Liquid Galaxy platform. Recently back from Japan, Dave sold a Liquid Galaxy system to a research group in Kyoto.
-
David has been working on an HA (highly available) PostgreSQL database system with automatic failover, dynamic node creation/population, and configuration synchronization.
-
Greg Sabino Mullane has been speeding up slow queries, debugging pg_bouncer problems, expanding the abilities of Bucardo, and many other PostgreSQL-related activities.
-
Jeff has been working on some major updates to the HydroPool site, including adding a set of “parts” products from an external supplier, with an interface that displays the schematic …
company
Paper Source: The Road to nginx Full Page Caching in Interchange
By Steph Skardal
January 3, 2013
Background & Motivation
During the recent holiday season, it became apparent that some efforts were needed to improve performance for Paper Source to minimize down-time and server sluggishness. Paper Source runs on Interchange and sells paper and stationery products, craft products, personalized invitations, and some great gifts! They also have over 40 physical stores which in addition to selling products, offer on-site workshops.
Over the holiday season, the website experienced a couple of instances where server load spiked causing extreme sluggishness for customers. Various parts of the site leverage Interchange’s timed-build tag, which creates static caches of parts of a page (equivalent to Rails’ and Django’s fragment caching). However, in all cases, Interchange is still being hit for the page request and often the pages perform repeated logic and database hits that opens an opportunity for optimization.
The Plan
The long-term plan for Paper Source is to move towards full page nginx caching, which will yield speedily served pages that do not require Interchange to be touched. However, there are several code and configuration hurdles that we have to get over first, …
interchange nginx performance
Oceanographic Museum of Monaco Liquid Galaxy
By Benjamin Goldstein
December 31, 2012
In December End Point installed a Liquid Galaxy at the spectacular and renowned Musée Océanographique de Monaco, which is breathtakingly situated on a cliff overlooking the Mediterranean. The system, donated by Google, will be officially presented on January 21st to H.S.H. Prince Albert II of Monaco, who is the Honorary President of the Oceanographic Institute of which the museum is a major part.
End Point set up and configured the system. Our expertise was also called on by Google to create and adapt Google Earth Tours focused on the world’s oceans, including a tour about Ocean Acidification. In addition, End Point engineers developed a customized panoramic photo viewer for the remarkable Catlin Seaview Survey panoramas, which display and provide a baseline dataset for the earth’s coral reefs.
Many thanks are due to Jenifer Austin Foulkes, Google’s Ocean Program Manager, and to Jason Holt of Google for their work in supporting this project.
It is difficult to speak highly enough about the Musée Océanographique de Monaco. Prince Albert I of Monaco was an oceanographer himself and created the museum in 1901 with a vision of bringing art and ocean science …
visionport
Piggybak: End of Year Update
By Steph Skardal
December 27, 2012
Over the last few months, my coworkers and I have shared several updates on Piggybak progress (October 2012 Piggybak Roadmap , November 2012 Piggybak Roadmap Status Update). Piggybak is an open source, mountable as a Rails Engine, Ruby on Rails ecommerce platform developed and maintained by End Point. Here’s a brief background on Piggybak followed by an end of year update with some recent Piggybak news.
A Brief Background
Over the many years that End Point has been around, we’ve amassed a large amount of experience in working with various ecommerce frameworks, open source and proprietary. A large portion of End Point’s recent development work (we also offer database, hosting, and Liquid Galaxy support) has been with Interchange, a Perl-based open source ecommerce framework, and Spree, a Ruby on Rails based open sourced ecommerce framework. Things came together for Piggybak earlier this year when a new client project prompted the need for a more flexible and customizable Ruby on Rails ecommerce solution. Piggybak also leveraged earlier work that I did with light-weight Sinatra-based cart functionality.
Jump ahead a few months, and now Piggybak is a strong base for …
ecommerce piggybak rails
Find your Perl in Other Shells
By Mark Johnson
December 26, 2012
Often when programming, it turns out the best tools for the job are system tools, even in an excellent language like Perl. Perl makes this easy with a number of ways you can allocate work to the underlying system: backtick quotes, qx(), system(), exec(), and open(). Virtually anyone familiar with Perl is familiar with most or all of these ways of executing system commands.
What’s perhaps less familiar, and a bit more subtle, is what Perl really does when handing these off to the underlying system to execute. The docs for exec() tell us the following:
exec LIST
exec PROGRAM LIST
[snip]
If there is more than one argument in LIST, or if LIST is an
array with more than one value, calls execvp(3) with the
arguments in LIST. If there is only one scalar argument or an
array with one element in it, the argument is checked for shell
metacharacters, and if there are any, the entire argument is
passed to the system's command shell for parsing (this is
"/bin/sh -c" on Unix platforms, but varies on other platforms).
That last parenthetical is a key element when we “shell …
perl