A Beginner’s Guide to PCI DSS Compliance and TLS Versions
By Elizabeth Garrett Christensen
March 29, 2016
I recently did some research for one of End Point’s ecommerce clients on their PCI compliance and wanted to share some basic information for those of you who are new to this topic.
TLS
TLS (Transport Layer Security) is a standard for secure communications between applications. TLS is the current version of what used to be called SSL, the secure sockets layer. In the case of a financial transaction, this is the communication between the website selling a product and the end user. TLS works by encrypting data between two endpoints to ensure any sensitive data (such as financial details and private customer information) is exchanged securely. As security measures increase, new versions of TLS are released. To date, TLS 1.2 is the most up-to-date, with TLS 1.1 being considered safe, and TLS 1.0 being phased out. For details about OS versions supporting the latest TLS standards, please see Jon Jensen’s write-up here.
Compliance with PCI DSS
As all online retailers know, becoming and staying compliant with PCI DSS (Payment Card Industry Data Security Standard) is a big job. PCI is THE ecommerce security standard and in order to accept payment with Visa, MasterCard, American Express, and …
ecommerce hosting payments security
Learning from data basics: the Naive Bayes model
By Kamil Ciemniewski
March 23, 2016
Have you ever wondered what is the machinery behind some of the algorithms for doing seemingly very intelligent tasks? How is it possible that the computer program can recognize faces in photos, turn an image into a text or even classify some emails as legitimate or as spam?
Today, I’d like to present one of the simplest models for performing classification tasks. The model enables extremely fast execution, making it very practical in many use cases. The example I’ll choose will enable us to extend the discussion about the most optimal approach to another blog post.
The problem
Imagine that you’re working on an e-commerce store for your client. One of the requirements is to present the currently logged in user with a “promotion box” somewhere on the page. The goal is to maximize our chances of having the user put the product from the box into the basket. There’s one promotional box and a couple of different categories of products to choose the actual product from.
Thinking about the solution—using probability theory
One of the obvious directions we may want to turn towards is to use probability theory. If we could collect the data about the user’s previous choices and his or her …
machine-learning optimization probability ruby
Creating a video player with time markers — step by step
By Piotr Hankiewicz
March 17, 2016
Introduction
Today we will show you how to create a video player with time markers using JavaScript and HTML5 only. Libraries that we will use are proven to be stable enough for production projects. What we want to achieve? The final result is visible below:
To simplify (or to make it harder for some of you :)) this tutorial we won’t use any package management tools. The demo is available on Github here: https://github.com/peter-hank/video-with-markers
Requirements
We will need some libraries (all of these are free to use in commercial projects):
- Video.js — https://github.com/videojs/video.js,
- Videojs-markers plugin — https://github.com/spchuang/videojs-markers.
- jQuery — http://code.jquery.com/jquery-2.0.3.min.js
- Sample video file — http://download.blender.org/peach/bigbuckbunny_movies/BigBuckBunny_320x180.mp4
Step 1 — creating a project skeleton
Let’s create a new folder for our project and call it video-with-markers. Inside let’s create a new file called “index.html”, three folders: “css”, “js” and “var”.
We also need to copy libraries files and put it into a proper directory:
html javascript video
Spree Admin pages unreachable (500 errors)
By Kent Krenrich
March 17, 2016
I was notified a few minutes ago by one of our Spree clients that their admin interface was unreachable due to errors.
Digging into the logs, I discovered SocketErrors (DNS lookup failures) were behind the 500 errors. Digging deeper, I discovered the SocketErrors were coming from a Spree file attempting to access “alerts.spreecommerce.com”. I confirmed in my browser that alerts.spreecommerce.com fails to resolve.
This Git commit discusses the removal of the class, but if you haven’t stayed current and you’ve left the “Check for alerts” box checked, you may need to do some manual editing of your stored preferences to get the UI to load again.
Spree::Preference.where(key: "spree/app_configuration/check_for_spree_alerts").first.update_attributes(value: false)It does appear that your app will need to restart to pull in this change.
I’m not sure what the chances are your particular config key might vary, so please use the above with caution.
spree ecommerce
QuickCheck - property based testing in Haskell and JavaScript
By Kamil Ciemniewski
March 16, 2016
In my last article, I presented a functional programming pattern. The goal was to reach out to the developers who weren’t familiar with advanced type systems like the one found in Haskell and make them a bit curious. This time I’d like to take a step further and present a testing approach coming from the same world, that can be used with mainstream languages with a great success.
Many ways to test the code
The importance of testing is almost a cliché nowadays. Out of this relevance, a large number of testing frameworks and paradigms have been created. On the paradigm level we have notions like TDD and BDD. On the level of implementations we have hundreds of projects for each language like RSpec in Ruby and Jasmine or Mocha in JavaScript.
The ideas behind the libraries don’t differ that much. All of them are based on the idea of providing code examples with assertions on how the code should behave in these particular cases.
A bit more revolutionary in its approach was the Cucumber project. In its essence, it allows business people to express the system logic by stating it in specially formed, plain English. An example taken from the Cucumber’s website reads:
Feature: Refund item …functional-programming haskell javascript testing
Hue’s on First: How we used responsive bulbs to join software and hardware for a busy medical practice
By Liz Flyntz
March 14, 2016
In 2014 we began working with a busy bariatric surgery office in Long Island to create a system that would allow the practice to better manage doctor paging and patient wait time. By placing a responsive, color-coded light bulb and tablet outside each examination room, the staff could see which rooms were empty, which were occupied by a patient waiting on a specific doctor, and in which a doctor-patient consultation was in process. Outside each room is a tablet with information including the patient number, the attending doctor’s name, and the wait time.
In addition to providing a comprehensive, granular paging service for doctors, Fast Track also provides feedback to the practice. This feedback includes average patient wait times per doctor, per time of day, and per procedure. This allows the practice to make necessary changes and increase patient satisfaction and peace of mind.
I asked Danny Divita, one of the main developers on this project, to tell us more about the Hue/ FastTrack interface.
LF: Describe the project for which we used Hue bulbs. What were all the pieces that needed fitting together?
DD: The Hue bulbs are being used for a bariatric clinic to alert the staff …
case-study api design user-interface hardware architecture
MediaWiki extension EmailDiff: notification emails improved
By Greg Sabino Mullane
March 11, 2016
One of the nice things about MediaWiki is the ability to use
extensions to extend the core functionality in many ways. I’ve just released a
new version of an extension I wrote called EmailDiff that helps provide a much needed
function. When one is using a MediaWiki site, and a page is on your
watchlist—or your username is inside
the ‘UsersNotifiedOnAllChanges’ array—you will receive an email whenever a page
is changed. However, this email simply gives you the editor’s summary and states
“the page has been changed, here’s some links if you want to see exactly what”.
With the EmailDiff extension enabled, a full diff of what exactly has changed is sent
in the email itself. This is extremely valuable because you can quickly see exactly what has
changed, without leaving your email client to open a browser (and potentially have to login),
and without breaking your flow.
Normally, a MediaWiki notification email for a page change will look something like this:
Subject: MediaWiki page Project:Sandbox requirements has been changed by Zimmerman
Dear Turnstep,
The MediaWiki page Project:Sandbox requirements has been changed on
16 November 2015 by …mediawiki
Strict typing fun example — Free Monads in Haskell
By Kamil Ciemniewski
March 11, 2016
From time to time I’ve got a chance to discuss different programming paradigms with colleagues. Very often I like steering the discussion into the programming languages realm as it’s something that interests me a lot.
Looking at the most popular languages list on GitHub, published last August, we can see that in the most popular five, we only have one that is “statically typed”. https://github.com/blog/2047-language-trends-on-github
The most popular languages on GitHub as of August 2015:
- JavaScript
- Java
- Ruby
- PHP
- Python
The dynamic typing approach gives great flexibility. It very often empowers teams to be more productive. There are use cases for static type systems I feel that many people are not aware of though. I view this post as an experiment. I’d like to present you with a pattern that’s being used in Haskell and Scala worlds (among others). The pattern is especially helpful in these contexts as both Haskell and Scala have extremely advanced type systems (comparing to e. g. Java or C++ and not to mention Ruby or Python).
My goal is not to explain in detail all the subtleties of the code I’m going to present. The learning curve for both languages can be pretty dramatic. The …
functional-programming haskell programming