Thoughts about coding and books

Simple Erply and Magento integration plugin

Recently I helped a company to build e-commerce website with Magento. She had existing shops already and she uses Erply with almost 10000 items which she wanted to import into e-shop.

Even though Erply and Magento both are market leaders then importing the data from Erply to Magento was poorly supported. I took existing github project, forked it, upgraded to magento connect version and fixed many issues in it. It is still not fully stable but usable, expert help is still advised. You download the plugin from here

Simplest way to integrate Erply and magento is to:

  1. Install Erply plugin from Magento Connect service
  2. Download source of fixed plugin from
  3. Copy/merge folders design, code and etc from magento-integration-master/erply/app/ to app folder in your magento installatation. This overwrites old broken files.
  4. Enjoy

Issues fixed are:

  1. Missing price, description and some other fields import
  2. Fixed big number of product import
  3. Fixed category import
  4. Many more small things

Issue with large number of product import was that it takes very long time. PHP script execution may time out and process never finishes. Read more about Simple Erply and Magento integration plugin

Application code deployment from SVN with fast and simple rollback

Most important thing in every new release is the rollback procedure. Once you discover issues in new version then you need to be able to swithc back to previous version until you work on a fix. I have developed shell script to handle the automated deployment process and which allows quick and simple rollbacks if there are no database changes that dont allow easy rollback. Main idea is to

  • download code from SVN, GIT or similar
  • copy all code to new folder
  • replace all configuration with environment related conf
  • use symlink to switch between code versions

Here is example script that handles the automated deployment for you  Read more about Application code deployment from SVN with fast and simple rollback

Run Apache2 as specific user, non-root

It is very easy but hard to find exact syntax. None of the current google top searches bring it out. You have to use mpm_itk module and exact example of syntax is here, enjoy! <VirtualHost *:80>     ServerName     DocumentRoot /var/www/     <IfModule mpm_itk_module>         AssignUserId username groupname     </IfModule> </VirtualHost> In caseRead more about Run Apache2 as specific user, non-root[…]

Error: redirect_uri_mismatch – Reset google authentication oauth api secret

I have a few webapps where I am using google login.  When you are running the app in different domain then you will get error like Error:redirect_uri_mismatch The redirect URI in request: did not match registered redirect URI. Also  you might want to create new app for google oauth2 login. Anyway it is forRead more about Error: redirect_uri_mismatch – Reset google authentication oauth api secret[…]

Observations of Roboo usability and effectiveness agains DDOS

Before taking Roboo into use for protection against DDOS it is needed to take a look into cons and pros of it.

Firstly nothing comes without drawbacks and sideeffects. Here are some that you need to consider.

  • Searchengine crawlers have trouble indexing site. You never want that.
  • Webservice clients have issues. Api calls might breaks and SVN server over https does not work well.
  • Developers website by itself is not using the Roboo.

Good whitelisting plan must be developed to combat valid non-browser interactions.

I did some quick bruteforce analysis of performance  with 3 virtualmachines on vmware. Target was simple vulnerable web application WackoPicko used to test web application vulnerability scanners 1 core 1GB RAM. Roboo machine was ubuntu server 1 core, 1GB RAM. Third was more powerful server where httperf was run. All of these machines were run inside one physical server on vmware ESXi.

Here are the testing results: Read more about Observations of Roboo usability and effectiveness agains DDOS