Blog
Keeping Notes While Debugging
Published: November 17, 2016
The majority of what I do in my day job involves maintaining inherited software. As a result, I spend a lot of time debugging. If you program for a living, there’s a pretty high chance you’re in the same camp.
To get to the bottom of some of the nastiest issues, one practice that has, time and time again, proven itself invaluable is keeping detailed notes throughout a debugging session. In this post, I’ll explain to you how this has helped me, and then offer some note-keeping tips.
The Dangers of "Miscellaneous HTML"
Published: November 12, 2016
Recently, I’ve been giving some thought to the risks associated with the “Miscellaneous HTML” and “Scripts and Style Sheets” (a.k.a. “Miscellaneous Scripts” in Magento 1) features in Magento. For those who don’t know, these are two text fields that accept any arbitrary input which is then rendered globally in the footer or header (respectively).
This was mainly spurred by Willem de Groot’s findings on credit card skimming. These fields are typically implicated in these types of exploits. I took Twitter to voice some initial thoughts on the matter.
#realmagento idea in light of research done by @gwillem. Content security policy, but for core config data rows.
— Max Chadwick (@maxpchadwick) October 20, 2016
My Tweet there was just something that had popped into my head, but at this point, I’ve had more time to think on the matter and wanted to share my thoughts.
5 Enterprise_PageCache Missing Features
Published: October 27, 2016
A while back I published a post on improving your full page cache hit rate. In a conversation on Twitter, I was asked to provide suggestions on what Magento can do to improve hit rates.
@maxpchadwick Do you have suggestions on what we can do to improve cache hit rates?
— Blue_Bovine (@Blue_Bovine) June 17, 2016
Riding on the coattails of my previous listicle, 5 Enterprise Page Cache Pro Tips, I decided to publish a post in response. However, I’ve broadened the subject from “What can Magento do to improve hit rates?” to “What can Magento do to improve the Enterprise_PageCache module”. Based on my experience working with the module, these are the top 5 missing features that I’ve identified…
[Screencast] Testing GitHub Webhooks with Ngrok and PHP's built-in web server
Published: October 26, 2016
I recently heard about Ngrok on The Changelog podcast. It sounded cool at the time, although I wasn’t exactly sure what I would need it for.
Then, when the new GitHub projects feature was announced I started thinking about how we could start using that to manage statuses of individual tasks and have it update the ticketing system we use at work. While, unfortunately, Github projects doesn’t seem to support webhooks when moving cards between columns at this time, I still had some fun setting up Ngrok and directing Github webhooks to my local computer. In the end, I decided to record a screencast so you can get started playing with these fun tools too.
Auto-updating software: Diving into oh-my-zsh
Published: October 12, 2016
Recently I’ve been working on a little side project called pngarbage. It’s a command line tool for scanning webpages and identifying image bloat. The tool is written in Go which allows me to distribute a single binary with no dependencies. I’m just in the infancy of the project and plan on (ok…hope to be) adding a bunch of new features. With that in mind, one thing I’ve been thinking about recently is auto-updating strategies.
I spent some time thinking about tools I use daily that implement auto-updating. The first one that came to mind is oh-my-zsh, one of the most starred repos on Github. If you’ve used it before you’re probably pretty familiar with this screen…
I spent a bit of time reviewing how oh-my-zsh goes about auto-updating and thought it would be worthwhile to do a short write up of my findings.
Should Magento Certification Exams Be "Open Book?"
Published: October 5, 2016
I recently obtained my first Magento certification, passing the Certified Developer exam. I had taken the exam a year and a half prior and didn’t pass. I’d been doing Magento development professionally for nearly 18 months at that point.
I spent a bunch of time studying this time around and one question stuck with me in the end…Should the certification exam be “open book”? I have my own opinions on the matter, but rather than sharing them, I decided to take a poll of the Magento Twitter community first to get the lay of the land.
Now, the results are in, let’s take a look at what the #realmagento community on Twitter thinks. Then I’ll lay out my own opinion on the matter.