We recently enabled a small security enhancement to the Spiffy Stores software to prevent a security attack called Cross Site Request Forgery (CSRF).

Basically, now an encrypted token is generated and inserted into every form on the store web pages. This prevents a hacker from copying a form from the site and tricking you into executing the form from a fake site, thus giving the hacker access to your account.

Whilst it was extremely unlikely that this sort of attack would work because of the way in which the Spiffy Stores software is designed, it never hurts to improve security wherever possible.

However, it turns out to have an unintended bonus effect!

Spiffy Stores is one of the few ecommerce solutions that has a “Contact Us” form built into your store. This form is generated for you automatically and you don’t need to use a third-party online form service to get something as essential as a contact form.

Now that we have added the Cross Site Request Forgery code, we are seeing instances of spammers who have “copied” the contact forms from various sites and have built them into scripts to try to spam our store owners with fake contact form submissions. All of these attempts are now failing because they are all detected as forgeries, and this means that your inbox will contain less of the spam generated by these pests.

Here’s a quick update.

We’ve added a small improvement to our Theme support by defining a new header variable which can be used in the Theme.liquid file as part of the section.

Rather than hand-coding author, copyright, description and keywords meta tags, you can just code

{{ header.author }}
{{ header.copyright }}
{{ header.description }}
{{ header.keywords }}

These variables will automatically generate the appropriate meta tags for your page’s content.

The advantage of these automatically generated tags is that they structure the description information in a way that makes it easy for the search engines to extract the relevant information about your product or page and this will appear as the snippet in the search results.

For details have a look at our Knowledge Base documentation

Liquid Template Variables – header

You may notice that some of the store configuration options have disappeared from your Toolbox.

Don’t Panic!

It’s all part of the plan. We’ve been building Spiffy Stores to be a powerful e-Commerce engine, and to that end, we’ve added a lot of configuration options that most users don’t need or understand. So we’ve started to hide them

By default, all users will see the basic set of options you need to get your Spiffy Store up and running. Most people will never need anything more than this.

But when your small business blossoms into a vast multinational corporation, we’ll be there to help you.

To enable the advanced options in your Spiffy Store, just go to “Your Account”, and edit your Staff Account. You’ll find an option there to enable all the Advanced Options.

I’ve been looking around for an implementation of a Multiset/Bag in Ruby to ease the pain of recording some of our statistics.

Some of the statistics we gather are most usefully stored as some form of “super” Set in which each unique element is stored together with a count of the number of times that element has occurred. These statistics are likely to have a large number of repeated elements, so this makes sense as it saves on space and processing.

So, after an extensive search, I was surprised at the paucity of solutions for this problem.

Eventually I hit upon

http://maraigue.hhiro.net/multiset/index-en.php

It does exactly what I want, but I decided that I would add the following custom functions. These two functions return all the items in a Multiset with the highest/lowest counts.

class Multiset
  # Return all the items with the maximum count
  def max_values
    max_value = @items.values.max
    @items.select { |k, v| v == max_value }.map { |i| i[0] }
  end

  # Return all the items with the minimum count
  def min_values
    min_value = @items.values.min
    @items.select { |k, v| v == min_value }.map { |i| i[0] }
  end
end

Facebook users have lower overall grades than non-users, according to a survey of college students who also ironically said the social networking site does not interfere with studying.

That disconnect between perception and reality does not necessarily mean that facebook leads to less studying and worse grades — the grades association could be caused by something else. However, it does raise more questions about how students spend their time outside class on activities such as facebook, part-time jobs and extracurricular activities.

“I’m just saying that there’s some kind of relationship there, and there’s many third variables that need to be studied,” said Aryn Karpinski, an education researcher at ohio state university.

Source: facebook users get worse grades in college

Linux users of the world unite… today is 1234567890 day. At 3:30pm today, Unix time will equal exactly 1234567890. It’s the geek version of the year 2000!

For various reasons, we are still running on Apache 1.3 which is fine, except for the fact that there is no easy way of determining whether a request is via an SSL session or not.

Unfortunately, this process was broken by the upgrade to Rails 2.2.2.

read on »

Our store software contains an extensive set of routines for processing uploaded images and resizing them into various image sizes. We’ve recently been adding some code to support a bulk import function and it’s become necessary to somehow fake uploading a file, given a specific URL for an image.

The basic plan is to use Net::HTTP to connect to the remote server and grab the image and save it in a temporary file. It turns out that Rails contains a UploadedTempfile class which is a subclass of Tempfile, and this is used by the CGI routines to handle any uploaded files.

read on »

We’ve just started up our blog and I’ve just discovered that blogging is dead.  Oh well… may as well not bother writing news about our software. I’ll just join the thousands of boring idiots floating about the twittersphere tweeting about the fact that they had a “cp of cfee”.  Morons.  Is anyone actually listening to you?  Do you have any friends?

How do I know that blogs are dead?   A big American journalist said so. He said he used to like blogs, but he stopped reading them because the good bloggers had said everything they had to say, and he didn’t like to listen to people that just repeat themselves.

Hey… it was in the news so it must be true!