• Home
  • Custom Ecommerce
  • Application Development
  • Database Consulting
  • Cloud Hosting
  • Systems Integration
  • Legacy Business Systems
  • Security & Compliance
  • GIS
  • Expertise
  • About Us
  • Our Team
  • Clients
  • Blog
  • Careers
  • VisionPort
  • Contact

    • Our Blog

    Ongoing observations by End Point Dev people

    Security review with Kiel: Time to be paranoid.

    Josh Williams

    By Josh Williams
    June 14, 2012

    IMG_0814.JPG

    Interesting! From storing encrypted documents and occasionally signing email, to its usage in pgcrypto in Postgres, I’ve done a bit with PGP keys and public key cryptography. But Kiel’s been running through a quick tutorial on security topics, and some of the PKI components are more important than I originally realized. For instance, part of the security that the public key infrastructure provides is the web of trust, which defines how identities can be automatically trusted based on which keys have signed and trusted other keys. In fact, we’re about to have a key signing party…

    In the mean time Kiel reminded us of some of the concerns surrounding other forms of PKI cryptography. The SSL infrastructure, for instance, relies on a set of provided certificate authorities which are assumed to be trusted, but may not be reliable. Plug-ins like Certificate Patrol can help, though. Of course also, as indicated by the recent collission attack, MD5 is no longer secure, and a number of CA’s still use it.

    More generally, the security ninja reminded us of where security breaches can occur and how they can affect us, even if they happen in a space far outside our control. But there are …

    security

    You shall not pass! Preventing SQL injection

    Marina Lohova

    By Marina Lohova
    June 14, 2012

    Greg Sabino Mullane presented a few extremely useful techniques for preventing SQL injection. His advice was mostly based on his recent real-world experience.

    IMG_0801.JPG

    The chunk of simple code was causing a potentially very dangerous security breach to the system:

    [query … where order_number='[scratch order_number] and username='[session username]']

    This code can generate this SQL query:

    select * from orders where order_number = '12345' and username = 'alice';

    Or this SQL query:

    select * from orders where order_number=' ';  delete from orders where id IS NOT NULL;

    This is a vulnerability, and you certainly do not want any random stranger to delete records from the “orders” table in your database.

    The problem was solved in no time by escaping user input.

    Here is Greg’s list of recommendations to make SQL injection impossible:

    1. Escape all user input passed to the database.
    2. Log extensively. If this system hadn’t logged SQL queries, they would have never noticed anything strange. They used tail_n_mail that tracks PostgreSQL logs and sends out emails whenever SQL exception occurs.
    3. Introduce fine-grained control for accessing and manipulating the database. …
    database postgres security sql

    Chef and Puppet Overview

    Josh Tolley

    By Josh Tolley
    June 13, 2012

    IMG_0741.JPG

    I started a job several years ago as a “configuration manager”, but had to admit when I started that I didn’t have any idea what “configuration management” really meant. The idea, as I soon learned, was to make sure all the servers, configurations, accounts, and other components of a system work together systematically. I’m not sure “configuration management” tools as such existed at the time, but we certainly never used them, though they’d begun to have a presence online before leaving that job for another opportunity.

    In systems we run at End Point, whether for ourselves or other clients, such configuration management tools have become critical, in particular for our Liquid Galaxy systems, which require a great deal of repetitive configuration.  So Kiel and Josh Williams have a fair bit of experience with these tools, and I was glad to hear their discussion of Chef and Puppet specifically.

    These tools have a common heritage, and are both Ruby-based. Ruby is a particularly good language for writing domain-specific languages (DSLs) like the one Puppet uses, so it’s interesting that Chef’s developers apparently abandoned the DSL idea, so Chef instructs its users run Ruby directly. …

    chef devops puppet

    End Point’s Ruby Slippers

    Kiel Christofferson

    By Kiel Christofferson
    June 13, 2012

    The next presentation of the day was Brian Dillon’s, entitled “End Point’s Ruby Slippers”.

    IMG_0746.JPG

    Even as a relatively new End Point employee (3 months now), Brian has been assisting the growth of End Point in pursuit of sales and marketing. Brian started out by letting his fellow employees know that he finds himself very fortunate to have such a gold mine of unsung talent, expertise, and marketable skill at his disposal. Tortured with the thought of not fully representing that talent, Brian has been boiling a pot of ideas that might help him tell the world who End Point is and what we really do in an accurate and concise way.

    After reading aloud each employee’s “one sentence” (written upon note cards) attempting to describe End Point, Brian took us all through a little bit of company history he had dug up from the archives. We received an overview of what End Point has done since 1995. A pattern emerged; End Point is not afraid to take interesting chances. End Point is not afraid to venture into the unusual projects that result from discussion between innovative minds. End Point is not afraid to increase the breadth of their knowledge while sharing that knowledge internally in order to …

    company

    Git Workflows

    Mike Farmer

    By Mike Farmer
    June 13, 2012

    David Christensen is talking today about Git workflows.

    IMG_0721.JPG

    There are different ways that you can work with Git. Git doesn’t dictate a certain workflow so you are free to implement one that works best for you. Understanding git and how it works will help you develop an effective workflow.

    The Git object model provides Git’s flexibility and is as follows:

    • trees, blobs
    • commits
    • named commits: tags, branches

    Branch flexibility comes through combining of branches (merges, rebase).

    Good commits are key to flexibility/tools and should encapsulate the smallest logical change and a good log message describing the commit. It’s important to provide the why in your commit message in addition to what was fixed so that it’s clear to future developers.

    Branches contain all the magic of Git in that it’s just a pointer to a commit.

    Topic branches are convention driven branches that are merged off the master branch. They usually deal with a single topic and can be rebased onto master to provide a clean history. They can also be thrown away later so they don’t clutter up the repository.

    Integration branches are usually for different levels of the application integration, for example, staging and …

    git

    Integration Experiences

    David Christensen

    By David Christensen
    June 13, 2012

    Szymon Guz gave a talk which covered his experiences working for a large client on integrating an acquired business’ website and fulfillment processes into their existing backend and fulfillment systems.

    He gave us a detailed overview of their existing shipping fulfillment infrastructure, along with specific technical issues he encountered when integrating with the fulfillment models of the additional website.

    He also detailed some of the non-technical/project management challenges inherent when working with a large number of people on a project.

    clients integration

    Interesting jQuery Modules

    Carl Bailey

    By Carl Bailey
    June 13, 2012

    Marina Lohova talked about her favorite jQuery modules. It was the last talk of the day and she did not have much time.

    IMG_0760.JPG

    Her focus was on the functional plugins. Interesting modules that she mentioned include:

    • Ajax PayPal Cart
    • Sisyphus (uses HTML5 LocalStorage)
    • jImpress (presentations)
    • jPlayer (HTML5)
    • ResponseJS
    • lqTouch (adds mobile events like swipe)
    javascript jquery

    Liquid Galaxy NYC Annual Meeting

    Steph Skardal

    By Steph Skardal
    June 13, 2012

    I’m here in NYC for End Point’s annual company meeting and I’m kicking off our live blogging! We hope to blog about several of the sessions during and throughout the company meeting to give you an idea of what we are sharing at the company meeting.

    IMG_0709.JPG

    This first session is titled Liquid Galaxy past, present, and future. given by Ben. Liquid Galaxy is an immersive 360° Google Earth experience that has been leveraged for custom tours, GIS data, 3D models, and even video games. Here are a few of the things that Ben covered during his talk:

    • past: Liquid Galaxy was created in 2009 as a Google 20% project and initially meant for enhancing Google Street View. With a few initial features, it picked up some momentum. Jason asked End Point if they would be interested in supporting Liquid Galaxy and Ben attended a conference to check it out. From there, End Point’s invested time and energy to build out the Liquid Galaxy side of the business and learned several valuable lessons during the initial installations. These lessons yielded improved technology for improved maintenance and support.
    • present: The system is easier to deploy and has new features, such as a Google Earth tools, utilities for …
    company conference visionport
    Previous page • Page 140 of 219 • Next page

    Popular Tags

    Archive