• Home

  • Custom Ecommerce
  • Application Development
  • Database Consulting
  • Cloud Hosting
  • Systems Integration
  • Legacy Business Systems
  • Security & Compliance
  • GIS

  • Expertise

  • About Us
  • Our Team
  • Clients
  • Blog
  • Careers

  • VisionPort

  • Contact
  • Create a key pair using SSH on Windows

    Bianca Rodrigues

    By Bianca Rodrigues
    January 24, 2013

    I recently joined End Point as a full-time employee after interning with the company since August 2012. I am part of the marketing and sales team, working out of the New York City office.

    One of the frequent queries we receive from our non-technical clients is how to create an SSH key pair. This post is an introduction to using SSH on Windows for anyone who needs some clarification on this network protocol.

    SSH stands for Secure Shell, which is used to provide secure access to remote systems. PuTTY is an SSH client that is available for Windows. Using the concept of “key-based” SSH logins, you can avoid the usual username/password login procedure, meaning only those with a valid private/public key pair can log in. This allows for a more secure system.

    To begin, install PuTTYgen, PuTTY and Pageant on your Windows system:

    Let’s focus on PuTTYgen – used to create a private/public key pair.

    1. After downloading PuTTYgen, run puttygen.exe
    2. In the “Parameters” — “Type of key” section, make sure “SSH-2 RSA” is selected:

    *Note: SSH-2 RSA is what End Point recommends. The others work as well, and your business may have some reason to use them instead. …


    security

    CSS sprites: The easy way?

    Richard Templet

    By Richard Templet
    January 21, 2013

    I’ve always been interested in the use of CSS sprites to speed up page load times. I haven’t had a real chance to use them yet but my initial reaction was that sprites would be quite painful to maintain. In my mind, you would have to load up the sprite into Gimp or Photoshop, add the new image and then create the css with the right coordinates to display the image. Being a guy with very little image editing skills, I felt that managing multiple images frequently would be quite time consuming. Recently, I was dealing with some page load times for a client and the use of sprites for the product listing pages came up as an option to speed them up. I knew the client wouldn’t have time to create sprites for this so I went searching for a command line tool that would allow me to create sprites. I was quite happy when I stumbled upon Glue.

    Glue is free program that will take a directory of images and create a png sprite and a css file with the associated CSS classes. It has a ton of useful options. A few of the ones I thought were handy was being able to prefix the path to the image with a url instead of a relative path, being able to downgrade the png format to png8 to make the file …


    css performance tools

    Camp tools

    Jeff Boes

    By Jeff Boes
    January 14, 2013

    Devcamps are such a big part of my everyday work that I can’t imagine life without them. Over the years, I developed some short-cuts in navigating camps that I also can’t live without: I share them below.

    function camp_top() {
      if [ -n "$1" ]
      then
          cd ~/camp${1}
      elif [[ $(pwd) =~ 'camp' ]]
      then
          until [[ $(basename $(pwd)) =~ '^camp[[:digit:]]+' ]]
          do
              if [[ $(pwd) =~ 'camp' ]]
              then
                  cd ..
              else
                  break
              fi
          done
      fi
    }
    alias ct='camp_top; pwd'
    
    function cat_root() {
      camp_top $*
      cd catalogs/* >/dev/null
    }
    alias cr='cat_root; pwd'
    
    function pages_root() {
      cat_root $*
      cd pages >/dev/null
    }
    alias pr='pages_root; pwd'
    
    function what_camp() {
      c=$( camp_top $* 2> /dev/null; basename $( pwd ))
      echo $c
    }

    (“cat_root” and “pages_root” are very Interchange-specific; you may find other short-cuts more useful in your particular camp.)

    There’s nothing terribly ground-breaking here, but if bash is not your native shell-tongue, then you might find these useful.

    What I do is to stash these somewhere like “$HOME/.bash_camps”, then …


    shell camps

    Use Metasploit to Verify Rails is Secured from CVE-2013-0156

    Brian Buchalter

    By Brian Buchalter
    January 10, 2013

    On January 8th, 2013 Aaron Patterson announced a major security vulnerability on the Rails security mailing list, affecting all releases of the Ruby on Rails framework. This vulnerability allows an unskilled attacker to execute commands remotely on any unpatched Rails web server. Unsurprisingly, it’s getting a lot of attention; Ars Technica estimates more than 200,000 sites may be vulnerable. With all the hype, it’s important to separate the facts from the fiction and use the attacker’s own tools to verify your site is secure.

    Within 36 hours of the announcement of CVE-2013-0156, the developers at Rapid7 released a metasploit exploit module. Metasploit lowers the barriers to entry for attackers, making the whole process a point and click affair with a slick web GUI. Fortunately, the Rails security team has provided many easy to implement mitigation options. But, how do know you’ve really closed the vulnerability, particularly to the most automated and unskilled attacks? No better way than to try and exploit yourself.

    It’s best to scan your unpatched site first so you can be certain the scan is working as expected and you don’t end up with a false positive that you’ve eliminated the …


    ruby rails security

    Conversion Tracking via JavaScript

    Steph Skardal

    By Steph Skardal
    January 8, 2013

    Most analytics conversion tracking is done these days with JavaScript or invisible pixel requests on the page that indicates a user has reached a conversion event, such as the receipt page. For example, Google Analytics conversion code might look like this on the receipt page:

    _gaq.push(['_setAccount', 'UA-XXXXX-X']);
    _gaq.push(['_trackPageview']);
    _gaq.push(['_addTrans',
       '1234',           // transaction ID - required
       'Womens Apparel', // affiliation or store name
       '28.28',          // total - required
       '1.29',           // tax
       '15.00',          // shipping
       'San Jose',       // city
       'California',     // state or province
       'USA'             // country
    ]);
    _gaq.push(['_addItem',
       '1234',           // transaction ID - necessary to associate item with transaction
       'DD44',           // SKU/code - required
       'T-Shirt',        // product name
       'Olive Medium',   // category or variation
       '11.99',          // unit price - required
       '1'               // quantity - required
    ]);
    _gaq.push(['_trackTrans' …

    analytics

    Company Update January 2013

    Phineas Jensen

    By Phineas Jensen
    January 4, 2013

    With the busy holiday season just behind us, we haven’t had as much time to write blog posts about what we’ve been doing in the past few months. So here’s an update on some of our latest projects:

    • Brian Buchalter has been implementing new features for of a major release of Collaborative Software Initiative’s open source product, TriSano, which provides case and outbreak management, surveillance and analytics for global public health.

    • Dave has worked on deepening our contacts with content providers and agencies using or interested in using the Liquid Galaxy platform. Recently back from Japan, Dave sold a Liquid Galaxy system to a research group in Kyoto.

    • David has been working on an HA (highly available) PostgreSQL database system with automatic failover, dynamic node creation/population, and configuration synchronization.

    • Greg Sabino Mullane has been speeding up slow queries, debugging pg_bouncer problems, expanding the abilities of Bucardo, and many other PostgreSQL-related activities.

    • Jeff has been working on some major updates to the HydroPool site, including adding a set of “parts” products from an external supplier, with an interface that displays the schematic …


    company

    Paper Source: The Road to nginx Full Page Caching in Interchange

    Steph Skardal

    By Steph Skardal
    January 3, 2013

    Background & Motivation

    During the recent holiday season, it became apparent that some efforts were needed to improve performance for Paper Source to minimize down-time and server sluggishness. Paper Source runs on Interchange and sells paper and stationery products, craft products, personalized invitations, and some great gifts! They also have over 40 physical stores which in addition to selling products, offer on-site workshops.

    Over the holiday season, the website experienced a couple of instances where server load spiked causing extreme sluggishness for customers. Various parts of the site leverage Interchange’s timed-build tag, which creates static caches of parts of a page (equivalent to Rails’ and Django’s fragment caching). However, in all cases, Interchange is still being hit for the page request and often the pages perform repeated logic and database hits that opens an opportunity for optimization.

    The Plan

    The long-term plan for Paper Source is to move towards full page nginx caching, which will yield speedily served pages that do not require Interchange to be touched. However, there are several code and configuration hurdles that we have to get over first, …


    interchange nginx performance

    Oceanographic Museum of Monaco Liquid Galaxy

    Benjamin Goldstein

    By Benjamin Goldstein
    December 31, 2012

    In December End Point installed a Liquid Galaxy at the spectacular and renowned Musée Océanographique de Monaco, which is breathtakingly situated on a cliff overlooking the Mediterranean. The system, donated by Google, will be officially presented on January 21st to H.S.H. Prince Albert II of Monaco, who is the Honorary President of the Oceanographic Institute of which the museum is a major part.

    End Point set up and configured the system. Our expertise was also called on by Google to create and adapt Google Earth Tours focused on the world’s oceans, including a tour about Ocean Acidification. In addition, End Point engineers developed a customized panoramic photo viewer for the remarkable Catlin Seaview Survey panoramas, which display and provide a baseline dataset for the earth’s coral reefs.

    Many thanks are due to Jenifer Austin Foulkes, Google’s Ocean Program Manager, and to Jason Holt of Google for their work in supporting this project.

    It is difficult to speak highly enough about the Musée Océanographique de Monaco. Prince Albert I of Monaco was an oceanographer himself and created the museum in 1901 with a vision of bringing art and ocean science …


    visionport
    Previous page • Page 128 of 222 • Next page