Recently, I’ve been giving some thought to the risks associated with the “Miscellaneous HTML” and “Scripts and Style Sheets” (a.k.a. “Miscellaneous Scripts” in Magento 1) features in Magento. For those who don’t know, these are two text fields that accept any arbitrary input which is then rendered globally in the footer or header (respectively).
This was mainly spurred by Willem de Groot’s findings on credit card skimming. These fields are typically implicated in these types of exploits. I took Twitter to voice some initial thoughts on the matter.
My Tweet there was just something that had popped into my head, but at this point, I’ve had more time to think on the matter and wanted to share my thoughts.
A while back I published a post on improving your full page cache hit rate. In a conversation on Twitter, I was asked to provide suggestions on what Magento can do to improve hit rates.
@maxpchadwick Do you have suggestions on what we can do to improve cache hit rates?— Blue_Bovine (@Blue_Bovine) June 17, 2016
Riding on the coattails of my previous listicle, 5 Enterprise Page Cache Pro Tips, I decided to publish a post in response. However, I’ve broadened the subject from “What can Magento do to improve hit rates?” to “What can Magento do to improve the
Enterprise_PageCache module”. Based on my experience working with the module, these are the top 5 missing features that I’ve identified…
I recently heard about Ngrok on The Changelog podcast. It sounded cool at the time, although I wasn’t exactly sure what I would need it for.
Then, when the new GitHub projects feature was announced I started thinking about how we could start using that to manage statuses of individual tasks and have it update the ticketing system we use at work. While, unfortunately, Github projects doesn’t seem to support webhooks when moving cards between columns at this time, I still had some fun setting up Ngrok and directing Github webhooks to my local computer. In the end, I decided to record a screencast so you can get started playing with these fun tools too.
Recently I’ve been working on a little side project called pngarbage. It’s a command line tool for scanning webpages and identifying image bloat. The tool is written in Go which allows me to distribute a single binary with no dependencies. I’m just in the infancy of the project and plan on (ok…hope to be) adding a bunch of new features. With that in mind, one thing I’ve been thinking about recently is auto-updating strategies.
I spent some time thinking about tools I use daily that implement auto-updating. The first one that came to mind is oh-my-zsh, one of the most starred repos on Github. If you’ve used it before you’re probably pretty familiar with this screen…
I spent a bit of time reviewing how oh-my-zsh goes about auto-updating and thought it would be worthwhile to do a short write up of my findings.
I recently obtained my first Magento certification, passing the Certified Developer exam. I had taken the exam a year and a half prior and didn’t pass. I’d been doing Magento development professionally for nearly 18 months at that point.
I spent a bunch of time studying this time around and one question stuck with me in the end…Should the certification exam be “open book”? I have my own opinions on the matter, but rather than sharing them, I decided to take a poll of the Magento Twitter community first to get the lay of the land.
Now, the results are in, let’s take a look at what the #realmagento community on Twitter thinks. Then I’ll lay out my own opinion on the matter.
I dealt with a pretty interesting issue today. The symptom can be summarized as follows…
When I access
example.com/1/2/3/4I get redirected
I spent some time reviewing and ultimately found that
Mage::getUrl() was the cause. In this post I’ll explain to you how and why.