Our Blog

Why Piggybak exists

By Brian Dillon
June 13, 2012

There are some clients debating between using Spree, an e-commerce platform, and a homegrown Rails solution for an e-commerce application.

E-commerce platforms are monolithic—​they try to solve a lot of different problems at once. Also, many of these e-commerce platforms frequently make premature decisions before getting active users on it. One way of making the features of a platform match up better to a user’s requirements is to get a minimal viable product out quick and grow features incrementally.

Piggybak was created by first trying to identify the most stable and consistent features of a shopping cart. Here are the various pieces of a cart to consider.

• Shipping
• Tax
• CMS Features
• Product Search
• Cart / Checkout
• Product Features
• Product Taxonomy
• Discount Sales
• Rights and Roles

What doesn’t vary? Cart & Checkout.

Shipping, tax, product catalog design, sales promotions, and rights and roles all vary across different e-commerce sites. The only strict commonality is the cart and the checkout.

Piggybak is just the cart and checkout.

You mount Piggybak as a gem into any Rails app, and can assign any object as a purchasable product using a the tag “acts_as_variant” and you’re …

2012 company meeting in New York City

By Jon Jensen
June 11, 2012

All of us at End Point will have a change of pace this week. We are spread out in different locations around the world, so we don’t get to see everyone face to face as often as we’d like. This week we’re meeting up at our main office in New York City to spend three days in person, sharing knowledge and experiences with each other.

We’re looking forward to hearing from each other on a wide range of topics reflecting both the scope and depth of work we do:

• Recent major ecommerce projects including ground-up rebuilds, legacy system integrations, new payment processing options, and feature enhancements
• Liquid Galaxy deployments, logistics, hardware improvements, and custom tours
• Development process topics around workflow, version control, and testing
• Operations (and “DevOps”) topics including configuration management with Chef and Puppet, and monitoring with Nagios
• The Piggybak Rails ecommerce gem
• User experience in projects using RailsAdmin, Django, and jQuery
• Database and web application security
• Transitioning ecommerce architecture to modern browsers and mobile apps using web services
• And social events ranging from a little friendly technical competition to bowling to a picnic in …

Detecting Postgres SQL Injection

By Greg Sabino Mullane
June 10, 2012

SQL injection attacks are often treated with scorn among seasoned DBAs and developers—​“oh it could never happen to us!”. Until it does, and then it becomes a serious matter. It can, and most likely will eventually happen to you or one of your clients. It’s prudent to not just avoid them in the first place, but to be proactively looking for attacks, to know what to do when they occur, and know what steps to take after you have cleaned up the mess.

What is a SQL injection attack? Broadly speaking, it is a malicious user entering data to subvert the nature of your original query. This is almost always through a web interface, and involves an “unescaped” parameter that can be used to change the data returned or perform other database actions. The user “injects” their own SQL into your original SQL statement, changing the query from its original intent.

For example, you have a page in which the a logged-in customer can look up their orders by an order_number, a text field on a web form. The query thus looks like this in your code:

$order_id = cgi_param('order_number');

$sql = "SELECT * FROM order WHERE order_id = $order_id AND order_owner = '$username'"; …

Devise on Rails: Prepopulating Form Data

By Steph Skardal
June 8, 2012

I recently had a unique (but reasonable) request from a client: after an anonymous/guest user had completed checkout, they requested that a “Create Account” link be shown on the receipt page which would prepopulate the user form data with the user’s checkout billing address. Their application is running on Ruby on Rails 3.2 and uses devise. Devise is a user authentication gem that’s popular in the Rails community.

A customer request was to include a link on the receipt page that would autopopulate the user create account form with checkout data.

Because devise is a Rails engine (self-contained Rails functionality), the source code is not included in the main application code repository. While using bundler, the version information for devise is stored in the application’s Gemfile.lock, and the engine source code is stored depending on bundler configuration. Because the source code does not live in the main application, modifying the behavior of the engine is not quite as simple as editing the source code. My goal here was to find an elegant solution to hook into the devise registration controller to set the user parameters.

ActiveSupport::Concern

To start off, I set up a …

Integrating UPS Worldship - Pick and Pack

By Terry Grant
May 29, 2012

Using UPS WorldShip to automate a pick and pack scenario

There are many options when selecting an application to handle your shipping needs. Typically you will be bound to one of the popular shipping services; UPS, FedEx, or USPS or a combination thereof. In my experience UPS Worldship offers a very robust shipping application that is dynamic enough to accommodate integration with just about any custom or out of the box ecommerce system.

UPS Worldship offers many automating features by allowing you to integrate in many different ways. The two main automated features consist of batch label printing and individual label printing. I would like to cover my favorite way of using UPS Worldship that allows you to import and export data seamlessly.

You should choose the solution that works best for you and your shipping procedure. In this blog post I would like to discuss a common warehouse scenario refereed to as Pick And Pack. The basic idea of this scenario is an order is selected for a warehouse personnel to fulfill, it is then picked, packed, and shipped. UPS Worldship allows you to do this in a very automated way with a bit of customization. This is a great solution for a small to …

Simple Pagination with AJAX

By Jeff Boes
May 24, 2012

Here’s a common problem: you have a set of results you want to display (search results, or products in a category) and you want to paginate them in a way that doesn’t submit and re-display your results page every time. AJAX is a clear winner in this; I’ll outline a very simple, introductory approach for carrying this off.

(I’m assuming that the reader has some modest familiarity with JavaScript and jQuery, but no great expertise. My solutions below will tend toward the “Cargo Cult” programming model, so that you can cut and paste, tweak, and go, but with enough “how and why” sprinkled in so you will come away knowing enough to extend the solution as needed.)

Firstly, you have to have the server-side processing in place to serve up paginated results in a way you can use. We’ll assume that you can write or adapt your current results source to produce this for a given URL and parameters:

/search?param1=123&param2=ABC&sort=colA,colB&offset=0&size=24

That URL offers a state-less way to retrieve a slice of results: in this case, it corresponds to a query something like:

SELECT … FROM … WHERE param1='123' AND param2='ABC'
ORDER BY colA,colB OFFSET 0 LIMIT …

Liquid Galaxy at Doodle 4 Google

By Alejandro Ramon
May 21, 2012

Last week I went to Google’s New York Office on 8th Ave with Ben, intern Ben, and hired hand Linton. For those who have not experienced this wonderful place, Google’s building takes up an entire city block, is very colorful, and is probably one of the coolest places I have ever been to in the Big Apple.

Walking through the huge building is an experience in itself, with people riding Razor Scooters by you as you pass by street signs marking different areas in the office. It was explained to me that each floor is themed after a different place in the city. For example, the 10th floor, the main floor we were working on, is based on Queens. And of course they have the best break rooms. Free food everywhere! Also they have ball pits. You know you are awesome when you have ball pits.

Anyway, the reason we were at Google in the first place was to move the Liquid Galaxy on the 10th floor down to the 5th floor. It was great to see how many people came up to us and told how much they enjoyed using the system, and they all wanted to know when and if it would ever be back.

Moving the Liquid Galaxy went smoothly, and setting it back up on the 5th floor (at the “Water Tower”) went even smoother. …

Website Performance Boot Camp at UTOSC 2012

By Jon Jensen
May 21, 2012

I’ll keep brief my last post about this year’s Utah Open Source Conference.

I was asked to give on both day one and day two a talk called “Website Performance Boot Camp” which carried this brief description:

What’s the difference between a snappy website and a sloth that you turn away from in frustration? A lot of little things, usually. It’s rarely worth doing 100% of the optimization you could do, but getting 75% of the way isn’t hard if you know where to look.

We’ll look at HTTP caching, compression, proxying, CDNs, CSS sprites, minification, and more, how to troubleshoot, and what’s best to leave alone when you have limited time or tolerance for risk.

Here is the video recording of the first time I presented the talk. (The technician noted its audio was “a little hot”.)

Use this Website Performance Boot Camp direct YouTube video link if the embedded video doesn’t work for you.

The slides for this Website Performance Boot Camp presentation are available.

Thanks again to the conference organizers and the other speakers and sponsors, and the nice venue Utah Valley University, for making it a great conference!