October 2017 | Page 2 of 2 | Magento Hosting

CAll Us: +1 888-999-8231 Submit Ticket

Community Collaboration With Magento Open Source

Photo by rawpixel.com on Unsplash

Magento 2.2 has arrived! The newest release fixes 428 bugs, with 17 percent of those being community contributions.

The full release notes can be found here.

The 17 percent represents 71 bug fixes that would’ve likely been overlooked if not for the efforts of the Magento community. This result was thanks in no small part to plenty of Contribution days and hackathons, improved GitHub management, and the tireless effort of the Community Engineering team.

At Meet Magento Sweden, I was fortunate enough to participate in the Contribution Day in Stockholm.

Digging into the code, I developed a fix in response to issue report #9278, “Create new CLI command: Enable Template Hints.” You can read more about this new CLI command here.

However, this is far less about singing my own praises and more about highlighting the process behind its approval and eventual inclusion. The issue in question had the “Up for Grabs” label, which means pretty much what you’d think – anyone can take a shot at resolving an issue that was already tagged by the Community Engineering team.

After writing and testing the code, I showcased the new feature during the allotted demo time at the end of Contribution Day, then submitted the pull request (PR) to the develop branch for the upcoming Magento 2.2.

As we speak, there are other branches in use, and the develop branch always used as the integration branch for upcoming releases. For example, 2.3-develop will point to the 2.3.x releases, 2.2-develop pointed to 2.2.x, and so on.

Usually, once the pull request is submitted, someone from the Community Engineering team checks the submission, asks for more input if needed, and, if and when it’s ready, approves it for merging. The team uses self-explanatory labels to identify the status of each pull request, and is intended to keep things user-friendly and transparent.

If you’re curious about Magento Open Source, I recommend starting with the Magento Issue gates to fully understand how issues and PRs are labeled. After that, head to the Magento automated testing standards and the Magento Code of Conduct so we all can get along on GitHub while working together to achieve great things!

Posted in:
Magento

Source link

WordPress Says No To React, Forcing Gutenberg Editor Delay

Photo by Michael Mroczek on Unsplash

Javascript has become increasingly important to WordPress developers over the last couple of years. Anyone working on the web front-end needs to know Javascript, but the introduction of the WordPress REST API has focused the cutting-edge of WordPress development on Javascript and frameworks like React. But, in what must be welcome news to React competitors like Vue, the WordPress project will no longer use React because its license is viewed as potentially harmful.

The move away from React will force a rewrite of key WordPress front-end apps and components, including the new Gutenberg editor, which will be delayed by several weeks at least. The decision doesn’t affect most WordPress theme and plugin developers, who are free to use any framework they like, but it highlights an issue with React that is worth considering.

The anti-React stance, which was announced by WordPress creator and lead developer Matt Mullenweg, is a response to Facebook’s refusal to modify React’s BSD+Patents license. The license has caused controversy in the open source community, and WordPress is only the most recent project to ban its use.

Developers have embraced React because it makes it easier to design, build, and maintain complex front-end interfaces for the web. React is distributed under a BSD+Patents license. The BSD license is a standard open source license which allows anyone to use the code. The “Patents” component of the React license is, however, is definitely non-standard.

In brief, it says that anyone can use React for any purpose, but that they lose the right to use any Facebook-patented technology — including in React — if they sue Facebook for patent infringement. The worry is that any company that makes a significant investment in React and similarly licensed software will face a dilemma if Facebook infringes their patents: they can sue and be forced to abandon that investment or let Facebook get away with it.

The patent issue was recently brought to a head when the Apache Foundation decided that no Apache project could directly depend on React — necessitating the rewriting of a lot of code.

Facebook says that the BSD+Patents license allows it to make React and other open source projects available to the community, while reducing the number of frivolous patent lawsuits it has to deal with.

But there’s a concern that using React will cause many companies and developers to avoid using WordPress and other projects using React. For the majority of developers and companies, the BSD+Patents licenses isn’t likely to cause problems directly — most of us don’t have patents to protect. For open source projects like WordPress, it’s more complicated.

Open source projects are often used by big companies with patents — or by smaller companies that might be bought by big companies with patents. Those companies will not want to give up their right to sue for patent infringement or buy a company with products that carry that risk. The concern is that using React in WordPress will discourage a large swath of its potential user base.

For WordPress users, the most obvious impact of the project moving to a different front-end framework will be the delayed release of Gutenberg, which is expected to be a headline feature in a future WordPress release. For developers, it might be worth considering whether React is the right choice for future WordPress-related projects.

Posted in:
WordPress

Source link

Four Ways to Win at PCI Compliance

If you’re an online merchant, and your store accepts credit cards as payment, then you’ve probably already heard the term PCI compliance. If you haven’t, then start here, and then come back to this post.

The Payment Card Industry Data Security Standard (PCI DSS) was created by banks and credit card companies to protect their cardholders. Failing compliance can result in fines ranging between $5,000 to $500,000. Add to that the probable loss of consumer confidence, civil litigation, and suspension of credit services, and the inconvenience of maintaining PCI compliance far outweighs the cost of ignoring it.

Here’s four ways to become and stay compliant. We can’t promise they’re easy, but we can promise they’re essential.

1. Read and understand the PCI DSS, or find someone that can

This is no easy task. The PCI DSS requirements document weighs in at a staggering 139 pages. The PCI Quick Reference Guide knocks it down to 40 pages, which is hardly convenient, but does suggest the PCI might have something close to a sense of humor (spoiler alert: they don’t).

So while we urge you to read it and try to understand all of it, many smart and successful people aren’t particularly qualified to do so. As your hosting company, we can provide some assistance, but only you or a third party hired by you can assess your systems. Find a Qualified Security Assessor (QSA), a security firm trained and certified by the PCI, to guide you through the labyrinth.

2. Use a PCI-compliant hosting provider

If you’re already a Hostdedi client, then you’re all set. While using us or another PCI-compliant host can’t alone make you PCI-compliant, we take great care to cover things on our end so you can focus on yours.

3. Make sure your developer is PCI-savvy

A knowledgeable developer can help bake compliance into your site. In addition, any third party with access to your systems should be following established best practices for security.

4. Do a self-assessment every year

Compliance is not a one-time requirement, and the PCI changes them every so often to address emerging threats. Take the time to complete the self-assessment questionnaire (SAQ) every year will help keep you current and committed. You can download a SAQ from the PCI DSS website.

Upon request, we also provide a PCI Responsibility Matrix that outlines exactly which standards are yours, which are ours, and which are shared. The document is available to Hostdedi clients through our Support Team, and makes it easy to answer questions about your web host.

It’s rigorous, but worthwhile – think of it as exercise for your PCI-compliance muscles. Put it on your calendar during your slowest month so you can face your busiest ones with confidence.

Earned, not given

PCI compliance is required by the industries holding the keys to the eCommerce kingdom. Moreover, the holidays are a stressful time for consumers, and their trust in your brand is your greatest asset. Defend it with vigor and vigilance, and you’ll likely never have to learn the cost of regaining that trust.

Posted in:
eCommerce, Security

Source link

Twitter’s Direct Message Cards Are Icebreakers For eCommerce Chatbots

Photo by skeeze on Pixabay

Chatbots are taking the world by storm. Over the last year, the media has been full of stories about how chatbots are changing the way eCommerce merchants and other companies interact with customers. It seems as if every major instant chat provider has created a framework for building chatbots. This enthusiasm for chatbots is driven by the ubiquity of instant chat applications and the desire of brands to inject themselves into those conversations. Facebook Messenger, Slack, and Apple’s Messages, see huge user engagement, and brands want to be wherever the users are.

But how do you get people to talk to your chatbots in the first place? The user has to instigate the conversation. Potential users of a conversational interface have to be both aware of the existence of a chatbot and have some understanding of why engaging with it is good for them, and, unlike with a traditional web interaction, Google isn’t much help.

Twitter’s Direct Message Cards are an attempt to address the problem. Available in limited beta to Twitter advertisers, Direct Message Cards are promoted rich tweets into which advertisers can embed a series of canned responses. The tweet itself contains a prompt, and when the user chooses one of the options, it’s passed to the brand’s account, and they can respond with further automated DMs or by looping a human into the conversation.

I can see Direct Message Cards being particularly useful to eCommerce merchants, who can use Twitter’s targeting to prompt engagement with product or promotion specific tweets, and then follow up with targeted conversational responses depending on the option the user chooses.

If Direct Message Cards sound a little like the menu trees of old, you aren’t the first to have made the link. In spite of the hype around chatbots, the state of the art in conversational interfaces isn’t particularly sophisticated. The more ambitious chatbots are, the greater the chance of frustrating users who expect human-like conversations and end up with something closer to a menu tree or an 80s text adventure.

That said, for some eCommerce interactions, Direct Message Cards are likely to prove appealing to retailers, who benefit from the opportunity to open a direct line of contact to interested shoppers and to reach a wider audience through organic sharing.

Although I’ve focused on the way Direct Message Cards can be used with conversational interfaces, in essence they’re just rich media tweets that support multiple calls-to-action and integrate with Twitter’s direct message system. JollyChic is using Direct Message Cards to engage with shoppers and, after a limited interaction in a chat interface, direct them to the appropriate product page on their store or to an app install page.

Although Twitter isn’t at the forefront of social eCommerce, over the last couple of years they’ve rolled out several eCommerce-friendly features in a bid to attract retail adversing dollars. Direct Message Cards are an excellent addition that has the potential to help eCommerce merchants engage with customers along a more meaningful and personal dimension than simple promoted tweets.

Posted in:
eCommerce

Source link

Translating Your WordPress Site Isn’t As Hard As You Think With Weglot

Photo by smilingpixell on Pixabay

English is the most common language on the web, but that doesn’t mean businesses can afford to ignore other languages, especially if they intend to sell products or provide services to international customers. The web is a global communication network, and although it’s easy for people who live in the US to assume everyone is happy with English, that’s not true even in the US, where many speak Spanish as a first or second language.

Further afield in Europe, Asia, and Africa, there’s no guarantee English is spoken. And, even if English is spoken by many people in a business’s target demographic — as is true in Western Europe — the evidence shows that most people prefer to do business with sites that provide content in their native language.

If you intend to sell in areas where English isn’t widely spoken as a first language, it makes sense to translate at least some of the content and interface text on your WordPress site.

Once upon a time, translating a site was a complex and expensive proposition, but with a combination of modern technology, a translation-friendly CMS like WordPress, and cloud translation platforms, translation is within the reach of most site owners.

Machine translation is an obvious option, but site owners should take care if they decide to rely exclusively on machine translation, especially if they can’t show the translation to a native speaker of the target language. In some cases, machine translation produces accurate results of a quality that can be used on a business site. But there is plenty of room for things to go wrong: ridiculous, offensive, or just plain bad translations are not unusual, especially for idiomatic language use and for languages that aren’t well covered by machine translation corpuses.

Fortunately, for WordPress users, there are several plugins that make it easier to translate content. I’d like to take a closer look at one of these, Weglot. Weglot is a translation service with a WordPress plugin that simplifies the building of multi-lingual websites.

Weglot provides widgets that can transform a monolingual site into a multi-lingual site, allowing a site’s users to choose their preferred language. It works across all parts of a WordPress site, including content, menus, widgets, and other site components. And, importantly, it creates SEO-friendly web pages in the target language with appropriate permalinks and HTML markup.

But the most impressive part of Weglot is its translation capabilities. By default, Weglot uses advanced machine translation to convert text between languages. Site owners can edit the translations before they go live. Using machine translation in Weglot, it only takes a few minutes to translate a site, but, as I’ve already mentioned, machine translation isn’t always reliable. For important web pages or for pages where machine translation doesn’t produce satisfactory results, Weglot allows site owners to order professional translations by native speakers in the same interface. With a combination of machine translation and professional translation, it’s possible to create a multi-lingual WordPress site in next to no time.

Creating a multi-lingual site used to be out of the reach of many businesses and publishers, but with a modern CMS like WordPress and translation service like Weglot, it can be fast, easy, and inexpensive.

Posted in:
WordPress

Source link