Blog

Measuring round-trip time with nping

Published: March 21, 2017

Tags:

Recently, I was debugging a performance issue where a site was spending an above average amount of time running HGETs against a Redis instance. I came upon this snippet of text from Redis’ benchmarking documentation.

Network bandwidth and latency usually have a direct impact on the performance. It is a good practice to use the ping program to quickly check the latency between the client and server hosts is normal before launching the benchmark

https://redis.io/topics/benchmarks#factors-impacting-redis-performance

However when I went to ping the server running Redis I didn’t have much luck…

$ ping -c 10 -W 1 172.24.16.119
PING 172.24.16.119 (172.24.16.119) 56(84) bytes of data.

--- 172.24.16.119 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9999ms

GROUP-ing a product collection the right way with groupByAttribute

Published: March 12, 2017

Tags:

Recently, I was reworking the implementation of a featured products widget which showed up on the home page. In order to show a variety of products we decided to GROUP BY manufacturer. This way only one product would show up per brand. The initial implementation looked something like this…

$collection = Mage::getModel('catalog/product')->getCollection();

// Do some other logic

$collection->getSelect()->group('e.manufacturer_value')

This was working fine in dev (and production). However, when I merged some new code into the develop branch and deployed it to staging I started getting exceptions.

Magento's "Use HTTP Only" Cookie Setting

Published: March 8, 2017

Recently, while checking out Mozilla Observatory I learned about the HttpOnly Set-Cookie directive. If you’re not familiar with it, here’s an explanation from MDN…

HTTP-only cookies aren’t accessible via JavaScript through the Document.cookie property, the XMLHttpRequest and Request APIs to prevent attacks against cross-site scripting (XSS).

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Directives

The “HttpOnly” name is a bit confusing and is sometimes misinterpreted as having something do to with HTTP vs HTTPS. However, that is not the case. The idea is that the cookie is made available to the server as part of the HTTP request (“HTTP only”). However, the browser has no access to it.

This provides a layer of security against XSS as, even if an attacker is able to get malicious script to execute on a web page, the attacker won’t be able to access precious cookies, which are often the only key needed to compromise a user (or admin) account.

This got me interested in investigating how Magento manages that flag. I decided to dig in to get a better understanding. Here, I’ll documented my findings…

WTF Is uenc?

Published: March 6, 2017

Tags:

If you’ve worked with Magento before, you’ve probably seen a URL that looks like this…

https://example.com/checkout/cart/add/uenc/aHR0cDovL21hZ2VudG8tMV8xNF8xXzAuZGV2L2xpbmVuLWJsYXplci01MzguaHRtbA,,/product/406/form_key/giZIAWUXy2azlHw1/

Have you ever wondered to yourself, WTF is uenc?

In this post I’ll explore that question…

Against List View

Published: March 1, 2017

Out-of-box, both Magento 1 and 2 provides the ability to toggle between “Grid View” and “List View”.

A screenshot showing toggling between list view and grid view in Magento 2

“Grid View” displays the products in an image grid, as pictured above. It is the default “mode” for viewing a category or search results page.

In “List View” the products are listed in a single column as pictured below.

A screenshot showing toggling between list view and grid view in Magento 2

Not only is list view unnecessary, it’s also harmful. Here I’ll explain why…

Stripping A Query Parameter From A URL in PHP

Published: March 1, 2017

Tags:

Recently I needed a function to remove a single query parameter from a given URL in PHP. This seems like the type of thing that there should be a canonical answer for, but, if you run a Google search, you’ll see that there are many ways to skin this cat.

After giving the task some thought, I wound up implementing essentially what is described in this Stack Overflow answer. In this post, I share the approach, along with the final code.