Paper Source Client Profile
By Adam Vollrath
June 13, 2012
I know Richard best from his sysadmin work on End Point’s Hosting Team. But I also worked with him for our client Paper Source, covered by his presentation at our company meeting today.
Paper Source began in Chicago back in 1983. Since then they’ve opened more brick and mortar stores every year, now up to 54. End Point is now maintaining their e-commerce store, which supplements these well.
Richard and his team have integrated Interchange with many other software packages, including Adobe’s Scene7, Authorize.net, Great Plains, Endeca, and CoreMetrics. This adds up to many scheduled cron jobs every night. We also handle hosting of the production and Camps development servers.
clients
The Berkman Center projects
By Terry Grant
June 13, 2012
Brian Gadoury and his awesome socks gave a great and informative presentation on our client Berkman Center.
The Berkman Center’s mission is to explore and understand cyberspace; and to study its development, dynamics, norms and standards.
Brian’s first project was called Zone One that is a document repository tool that houses all of the electronic documents for use by Harvard. You can search by document name, tags, and content. Zone One is written using open source technologies such as Ruby on Rails, Postgres, Solr, and DevCamps.
The application includes an array of features that allow you to interact with the search results and the documents themselves. Each entry can have detailed meta-data associated with it, that can be referenced by future users.
One of the nice features of Zone One is its upload feature. It allows you to drag and drop files into a section the form for upload. The upload interface also includes a very nice SFTP system that utilizes virtual users on the system you are uploading to, to manage the files being uploaded and connected to the entry you are creating.
Phase two of the project will include features to export to external repositories, a bulk import …
camps clients rails
TriSano and Pentaho at our NYC company meeting
By Jon Jensen
June 13, 2012
Josh Tolley just spoke to us about the TriSano open source project he works on. It helps track and report on public health events, using data at least partly gathered from doctors following special legal reporting requirements to look for epidemics.
A lot of this is about data warehousing. Public health officials collect a lot of data and want to easily report on it. Typically they use SPSS. Need to filter the data before doing analysis.
And what is a data warehouse? Store all your data in a different way that’s efficient for querying broken down by time (OLAP). Such queries don’t usually work very well in normal transactional (OLTP) database.
Dimension tables: E.g. different public health departments, sex, disease. Fact tables: Contains the numbers, facts that you may do math aggregation against, and links to dimension tables. The key to the whole process is deciding what you want to track.
Pentaho is what we use for the query interface. To get done what we need to do, we have to make use of unpublished APIs, using JRuby to interface between Pentaho (Java) and TriSano, a Rails app. Postgres is the database.
Brian Buchalter then took over and delved more into the TriSano Rails …
java open-source rails casepointer ruby development
Web service integration in PHP, jQuery, Perl and Interchange
By Ron Phipps
June 13, 2012
Jeff Boes presented on one of his latest projects.
CityPass decided on a project to convert their checkout from being served by Interchange to have the interface served by PHP, but continue to interact with Interchange for the checkout process through a web service.
The original site was entirely served by Interchange, the client then took on a project to convert the frontend to PHP while leveraging Interchange for frontend logic such as pricing and shipping as well as for backend administration for order fulfillment.
Technologies used in the frontend rewrite:
- PHP
- jQuery for jStorage, back-button support and checkout business logic
- AJAX web services for prices, discounts, click-tracking
The Interchange handler is conduit.am that handles the processing of the URL. From this ActionMap the URLs are decoded and passed to a Perl module, Data.pm, which handles processing the input and returning the results.
An order is just a JSON object so testing of the web service is easy. We have a known hash, we post to the proper URL and compare the results and verify they are the same. New test cases are also easy, we can capture any order (JSON) to a log file and add it as a test case.
interchange javascript json perl php clients
Why Piggybak exists
By Brian Dillon
June 13, 2012
There are some clients debating between using Spree, an e-commerce platform, and a homegrown Rails solution for an e-commerce application.
E-commerce platforms are monolithic—they try to solve a lot of different problems at once. Also, many of these e-commerce platforms frequently make premature decisions before getting active users on it. One way of making the features of a platform match up better to a user’s requirements is to get a minimal viable product out quick and grow features incrementally.
Piggybak was created by first trying to identify the most stable and consistent features of a shopping cart. Here are the various pieces of a cart to consider.
- Shipping
- Tax
- CMS Features
- Product Search
- Cart / Checkout
- Product Features
- Product Taxonomy
- Discount Sales
- Rights and Roles
What doesn’t vary? Cart & Checkout.
Shipping, tax, product catalog design, sales promotions, and rights and roles all vary across different e-commerce sites. The only strict commonality is the cart and the checkout.
Piggybak is just the cart and checkout.
You mount Piggybak as a gem into any Rails app, and can assign any object as a purchasable product using a the tag “acts_as_variant” and you’re …
ecommerce piggybak rails
2012 company meeting in New York City
By Jon Jensen
June 11, 2012
All of us at End Point will have a change of pace this week. We are spread out in different locations around the world, so we don’t get to see everyone face to face as often as we’d like. This week we’re meeting up at our main office in New York City to spend three days in person, sharing knowledge and experiences with each other.
We’re looking forward to hearing from each other on a wide range of topics reflecting both the scope and depth of work we do:
- Recent major ecommerce projects including ground-up rebuilds, legacy system integrations, new payment processing options, and feature enhancements
- Liquid Galaxy deployments, logistics, hardware improvements, and custom tours
- Development process topics around workflow, version control, and testing
- Operations (and “DevOps”) topics including configuration management with Chef and Puppet, and monitoring with Nagios
- The Piggybak Rails ecommerce gem
- User experience in projects using RailsAdmin, Django, and jQuery
- Database and web application security
- Transitioning ecommerce architecture to modern browsers and mobile apps using web services
- And social events ranging from a little friendly technical competition to bowling to a picnic in …
company conference
Detecting Postgres SQL Injection
By Greg Sabino Mullane
June 10, 2012
SQL injection attacks are often treated with scorn among seasoned DBAs and developers—“oh it could never happen to us!”. Until it does, and then it becomes a serious matter. It can, and most likely will eventually happen to you or one of your clients. It’s prudent to not just avoid them in the first place, but to be proactively looking for attacks, to know what to do when they occur, and know what steps to take after you have cleaned up the mess.
What is a SQL injection attack? Broadly speaking, it is a malicious user entering data to subvert the nature of your original query. This is almost always through a web interface, and involves an “unescaped” parameter that can be used to change the data returned or perform other database actions. The user “injects” their own SQL into your original SQL statement, changing the query from its original intent.
For example, you have a page in which the a logged-in customer can look up their orders by an order_number, a text field on a web form. The query thus looks like this in your code:
$order_id = cgi_param('order_number');
$sql = "SELECT * FROM order WHERE order_id = $order_id AND order_owner = '$username'"; …database monitoring postgres security
Devise on Rails: Prepopulating Form Data
By Steph Skardal
June 8, 2012
I recently had a unique (but reasonable) request from a client: after an anonymous/guest user had completed checkout, they requested that a “Create Account” link be shown on the receipt page which would prepopulate the user form data with the user’s checkout billing address. Their application is running on Ruby on Rails 3.2 and uses devise. Devise is a user authentication gem that’s popular in the Rails community.
A customer request was to include a link on the receipt page that would autopopulate the user create account form with checkout data.
Because devise is a Rails engine (self-contained Rails functionality), the source code is not included in the main application code repository. While using bundler, the version information for devise is stored in the application’s Gemfile.lock, and the engine source code is stored depending on bundler configuration. Because the source code does not live in the main application, modifying the behavior of the engine is not quite as simple as editing the source code. My goal here was to find an elegant solution to hook into the devise registration controller to set the user parameters.
ActiveSupport::Concern
To start off, I set up a …
rails