December 28, 2014

How to send HTML Mail to a Mailing List

Many stores use GNU Mailman to maintain a mailing list for store sales and newsletters. Satchmo has this as a built-in option, for example. It isn’t too bad an option, after all. You can easily set options so that it is “push only” and therefore only the mailing list owner can send mail.

(Yes, it really isn’t a great idea. I heartily recommend a service such as Aweber to manage your list, which will lead to much better legal compliance and more professional results. But bear with me, not all store owners want to pay for additional services.)

However, what if you want to send nicely formatted HMTL newsletters? How do you get your mail client to send those so that they’ll look nice for your customers? Answer, you don’t. You send it manually from the commandline.

Here’s how…

[Read more...]

Technorati Tags: , , , ,

Free Code Signing Certificate from Adobe

Score! I just got a free Adobe AIR code signing certificate from Thawte. Adobe is giving out 125 of these to the first people who upload to the new Adobe Air Marketplace.

This is a $300 value, and it is good thinking by Adobe, because while I enjoy making free apps for AIR, I wouldn’t have spent the money on the cert otherwise.

Warning, this only works if you have a company to associate the cert with. You can’t get one without a company. That’s why everyone should have at least a solo company set up at all times. It gives you freedom to do a lot of stuff closed to the rank-and-file.

[tags]adobe air,developer certificate,free[/tags]

Setting up SSL for Lighttpd/Django

My latest client Farinaz Taghavi is finally in beta on her site, and one of the last steps to push her live was to set up SSL for her.

Luckily, I’ve done this a number of times, so it was quick and easy to do, but still I had to refer to various reference sites and remember exactly what I do differently than some.

First off, I use the Lighttpd configuration I describe in "Django and Lighttpd Configuration for smooth SSL", I don’t have any need to vary it much from what I did for my other site, but since I am using Satchmo for my ecommerce engine on this one, I can’t have a separate domain name for my secure and non-secure domains. In other words, I want both http://farinaz.com and https://farinaz.com to work.

The changes are simple, but since it is slightly different, you can download it and modify for your own use: lighttpd_ssl.zip

In that file are the two very important lines:

ssl.pemfile = "/etc/lighttpd/ssl/farinaz.com/farinaz.com.pem"
ssl.ca-file = "/etc/lighttpd/ssl/farinaz.com/farinaz.com.crt"

The rest of this article will discuss how to acquire those files.

Creating the Certificate

1. Create a working directory. I always put them in “/etc/lighttpd/ssl/servername

mkdir -p /etc/lighttpd/ssl/yourserver.com
cd /etc/lighttpd/ssl/yourserver.com

2. Create your server key, and then (optionally) remove the password from it. The only critical question is “common name”, which must be the domain name you want to secure. In our example, “yourserver.com”

openssl genrsa -des3 -out yourserver.com.key 1024
openssl rsa -in yourserver.com.key -out yourserver.com.nopass.key

3. Create the CSR (Certificate Signing Request) that you’ll be using at the certifying authority to get your cert.

openssl req -new -key yourserver.com.nopass.key -out yourserver.com.csr
cat yourserver.com.csr

4. Copy the text to your clipboard. It will look something like this:


-----BEGIN CERTIFICATE REQUEST-----
MIIBrzCCARgCAQAwbzELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8G
A1UEBxMIUG9ydGxhbmQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
[... and so on ...]
2JwW20fix2pFjK22E+jUvNh25cTRWpUKeTt5OEoE3hgkPZCjZPuzvXt7dw5N1CBv
1a9vX8LRMPRd+TtlOEBHhNZ2DLSkzAvTg4RI+1uPLN3KBpRp9FCTaPEmeuLfMBwl
Y7Se
-----END CERTIFICATE REQUEST-----

5. Go to a good cheap certificate source. I like to use Name Cheap since they are in fact cheap, their control panel is very usable, and they are not underhanded in business dealings unlike the infamous GoDaddy. (I currently have 49 domains with them!) Namecheap has SSL certs for as low as $12.88 per year.

A short aside. There is no reason I can see for 99% of all site operators to get anything more than the cheapest possible cert from RapidSSL. Ignore all the sales hype. The simple fact is that no one except extreme geeks even know or care about levels of certification, the vetting process, or any of that. It is simply not a factor in purchasing decisions from anything I’ve ever seen, and I used to work for a company that sold expensive certs!

6. After you purchase your cert, the site will ask you what type of system you have. I’ve never seen Lighttpd listed as an option, so you should select “Apache + OpenSSL”

7. Next it will ask for your CSR. Paste in the text you copied in step 4.

8. Make sure you can receive email at the address where the certificate authority will send the confirmation! Wait for it, and click the confirmation link.

9. Wait a few minutes to get your cert.

10. Copy the text of the cert to a file on the server. I just use emacs and paste in the contents of the cert I copied from the email. Save it as “yourserver.crt”.

11. Finally, create your pem file.

cat yourserver.com.nopass.key yourserver.com.crt > yourserver.com.pemchmod 0600 yourserver.com.pem

12. Verify that lighttpd has SSL.

/usr/local/sbin/lighttpd -v

It should say something like “lighttpd-1.4.11 (ssl).” If it doesn’t then you need to recompile it. Use the instructions on cyberciti.biz for that if you need it.

13. restart the server.

/etc/init.d/lighttpd restart

Done. This takes me about 15 minutes, most of that waiting on emails.

[tags]ssl,lighttpd,satchmo,django[/tags]

Why you should use Caching in your webapp.

cache manager Why you should use Caching in your webapp.

Look at that hit rate! That isn’t unusual, a 75% hit rate for cached elements in a well designed system. That cache page is copied from an e-commerce site undergoing testing for a couple hours, by the way. Most of the caching is from presentation stuff, such as menuing and page widgets.

I think that the incredible hit rate goes to prove that for most any real application, you should be thinking about caching sooner rather than later. Build it in. It is not “premature optimization” to design it up front.

The background of that screenshot

For my Django apps, I use a cache manager application I wrote in a brainstorm fugue state a couple months ago. I really needed it for my still-in-testing InvisibleCastle gaming site rewrite, since I do so many lookups and repetitive viewing of the same information.

Once I’d written and debugged it — which took longer than I’d have liked, of course — I started using it as a matter of course in all my client projects. Then last week I had another brainstorm and actually wrote a quick set of management pages for it. Now I can observe the cache in operation, clear it, or even a subsection of it. It has been invaluable, and I can see the vast increases in speed it affords my apps by simply comparing the performance with and without the cache running. I haven’t run formal trials, but it feels at least twice as fast, probably more.

[tags]django,caching[/tags]

Lighttpd on Cpanel VPS

Working on a new project for a client, I need to run Django/Satchmo. At my advice, the client purchased a VPS from LiquidWeb to run it on.

The problem is that I want to run with Python 2.5 instead of 2.4, and I don’t want to use Apache 1.3. Unfortunately, that’s what comes stock with CPanel. So, I came up with a decent workaround that I haven’t seen documented anywhere else.

What I did was to set up Lighhtpd on one of the other IPs provided with the account, and I simply use my custom-compiled Python with that.

[Read more...]

Howto use Satchmo as an App

Note: This article is out of date. Since I wrote it, I’ve become a core developer on the Satchmo project, and Satchmo is usable by default as an App (or rather a collection of apps) rather than as the whole project.

I’m going to be using Satchmo to power the backend of a highly customized store that I’m building for a new client. This is an early-stage, yet strong Python ecommerce framework, which gets much of its power by being built on Django.

Of course, anyone reading my site can clearly see that I am strong in favor of that choice.

I ran into one little issue when I was first setting it up according to the directions. I was told to modify files in the Satchmo directory itself. No! I won’t do it! Not on an actively developed application like that. How would I keep my modified branch in sync with the development branch?

Why is that wrong?

In general, you never want to modify something that is a moving target. Even if it is a hassle, you should set things up so that the thing-which-will-be-getting-updated is isolated from your own code. Otherwise you’ll certainly have to face that most annoying of development tasks, merging someone else’s code.

Well, luckily it wasn’t so hard to set up Satchmo for use as an App, rather than as the base site.
[Read more...]

Simple, degradable Flash embedding using jQuery

flash effect Simple, degradable Flash embedding using jQueryNow that I am doing professional web layouts for clients, I find myself appreciating the quick, easy, and well-documented jQuery library. I just don’t have time to hassle with Dojo and its size, widgets I don’t need, and messy documentation.

Recently for one client I needed to use a flash sidebar. The image was a slowly rotating, “fanned picture” slideshow provided by my designer partner. This would be OK, except I really dislike all the tag soup of object embedding, especially on dozens of pages. Also, I wanted to make sure that the site wouldn’t look strange with Flash turned off. In that case, I wanted to use a simple freezeframe of the first slide from the image set.

[Read more...]

Google Checkout – Initial Impressions from a developer

shopping cart Google Checkout   Initial Impressions from a developerThis weekend I wrote my first Google Checkout integration module in my favorite language, Python. I didn’t expect much, largely because I am used to the more simple and limited offering from PayPal. I thought the initial offering from Google would be simple, limited, and straightforward.

Nope.

It goes about as deep as you’d want to go, but almost all the “deep features” are optional. At the easiest, you can simply post a “buy now” button, much like you can do with PayPal. But at the most advanced, you can have complete order flow tracking with multiple order states, split and recurring payments, with tax-tables, zip-code based shipping tables, and a complete coupon system.

Two Levels

At the basic level, you can simply have Google handle taking payment for your shopping cart. You can have line items for each cart item, and a shipping charge. Once the customer buys, you get an email, and you manage the charge request and the shipment status on Google’s site.

That’s what I am doing on eBookTribe for now. Here’s the Django template for an order from that site:

<?xml version="1.0" encoding="UTF-8"?>
<checkout-shopping-cart xmlns="http://checkout.google.com/schema/2">
<shopping-cart>
<items>
{% for orderitem in cart.orderitems.all %}<item>
<item-name>{{ orderitem.title }}</item-name>
<item-description>{{ orderitem.description }}</item-description>
<unit-price currency="USD">{{ orderitem.price }}</unit-price>
<quantity>{{ orderitem.quantity }}</quantity>
</item>{% endfor %}
</items>
</shopping-cart>
<checkout-flow-support>
<merchant-checkout-flow-support>
{% if edit_url %}<edit-cart-url>{{ edit_url }}</edit-cart-url>{% endif %}
{% if continue_url %}<continue-shopping-url>{{ continue_url }}</continue-shopping-url>{% endif %}
</merchant-checkout-flow-support>
</checkout-flow-support>
</checkout-shopping-cart>

I think that is so clean, almost elegant. The bottom part is support for “continue shopping” and “edit cart” links from Google’s site.

“Level 2″ integration with Google occurs when you give Google a callback url, which must be SSL enabled. Using that callback, Google and your website can communicate regarding status changes, and your site can request card capture, refunds, set shipping status, etc. I’m looking forward to coding this part, but for now, I’m going to launch with just the level 1 integration.

Security

I’ve never been fond of how PayPal forms are so easily modified by customers. All the information is right there in the form, to be manipulated at will. That means that the merchant, me, has to manually verify totals and match it to the order before shipping. Google has a much better solution.

With Google Checkout, you get a merchant ID and key. You convert the shopping cart XML into a base64 representation and post that as one form element, and you post the signed hash for it in another form element. Since your key is private, and visible only on the server side, your customers cannot modify the form prior to submitting it.

An encoded google shopping cart form looks something like this:

<form name="google_form" action="https://sandbox.google.com/cws/v2/Merchant/YOURMERCHANTIDHERE/checkout" method="post">
<input type="hidden" name="cart"
value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGNoZWNrb3V0LXNob3BwaW5n
LWNhcnQgeG1sbnM9Imh0dHA6Ly9jaGVja291dC5nb29nbGUuY29tL3NjaGVtYS8yIj4KICAgIDxz
aG9wcGluZy1jYXJ0PgogICAgICAgIDxpdGVtcz4KICAgICAgICAgICAgPGl0ZW0+CiAgICAgICAg
ICAgICAgICA8aXRlbS1uYW1lPlF1aWNrIEJlYXV0eTwvaXRlbS1uYW1lPgogICAgICAgICAgICAg
ICAgPGl0ZW0tZGVzY3JpcHRpb24+VGl0bGU6IHRlc3Qgb3JkZXIgMTwvaXRlbS1kZXNjcmlwdGlv
bj4KICAgICAgICAgICAgICAgIDx1bml0LXByaWNlIGN1cnJlbmN5PSJVU0QiPjE0Ny4wMDwvdW5p
dC1wcmljZT4KICAgICAgICAgICAgICAgIDxxdWFudGl0eT4xPC9xdWFudGl0eT4KICAgICAgICAg
ICAgPC9pdGVtPgogICAgICAgIDwvaXRlbXM+CiAgICA8L3Nob3BwaW5nLWNhcnQ+CiAgICA8Y2hl
Y2tvdXQtZmxvdy1zdXBwb3J0PgogICAgICAgIDxtZXJjaGFudC1jaGVja291dC1mbG93LXN1cHBv
cnQ+CiAgICAgICAgICAgIAogICAgICAgICAgICAKICAgICAgICA8L21lcmNoYW50LWNoZWNrb3V0
LWZsb3ctc3VwcG9ydD4KICAgIDwvY2hlY2tvdXQtZmxvdy1zdXBwb3J0Pgo8L2NoZWNrb3V0LXNo
b3BwaW5nLWNhcnQ+Cg=="/>
<input type="hidden" name="signature" value="XvnIeUBLq2loVK78RU/+PaqRLXo="/>

<input type="image" name="Google Checkout"
src="http://checkout.google.com/buttons/checkout.gif?merchant_id=YOURMERCHANTIDHERE&w=168&h=44&style=white&variant=text&loc=en_US"
alt="Fast checkout through Google"/>
</form>

Conclusion

Google Checkout is quite a bit more difficult to get working initially than PayPal, but much more rewarding. After working with it for only a weekend, I think that PayPal should be quaking in its books. This is one excellent solution, and one that I really look forward to continuing to explore.

[tags]python, google checkout, gcheckout, gbuy, paypal[/tags]

Best flow schedule?

hammock Best flow schedule?What is your most productive dash/break schedule? I mean, when you are at your peak “flow” level, or more likely when you are trying to evoke your flow, what schedule do you use?

I’ve been thinking about this and experimenting a bit lately. It is a tough one to optimize since there are so many variables involved.

I’ve read people suggesting 35 minutes on/5 minutes off. That doesn’t work for me for anything other than getting small stuff done. If I have a stack of things to do, all moderately related, then that schedule is pretty effective. Just put your head down and plow through, lifting for a breath every half hour or so. But it is not effective for programming or creative work.

I need a longer period to get into it. It seems to take about a half hour to get the juices flowing. Less earlier in the morning or if I am very high-energy. More after a meal, especially a heavy one.

So, watching myself over the last few months, I think my most productive periods are in spurts of two or three hours, with a half hour break between them. The break is preferably something physical and non computer related.

After two or three such productivity sprints, I need a real break. That’s when I like to play ping-pong, do some gardening, or clean the house for a while (as a last resort).

I’d love to hear what other people think works best for them.

[tags]programming sprints,productivity,break periods[/tags]

Coding Flow and Techniques

mattock Coding Flow and TechniquesAny programmer will tell you that one of the characteristics of really getting into a programming "flow" is that your mind is completely engaged. I think of it sort of like a stack. I have all these small tasks which need to be accomplished, and which can’t be put off because they’ll block my progress.

So, I stick the current task on the top of the mental stack, and do the little diversion. The diversion might have more diversions which get stacked on top. But pretty much I do them in last-in-first-out order. For example, today I was programming an email confirmation system in Django.

    A stacked task example

  • I was testing my form template, and wanted to make it both pretty and XHTML valid (Stack: 1).
  • To do that, I needed to make a base template which the confirmation forms would extend (task 2).
  • The base template really should use CSS for ease of formatting, and for standards compliance (Stack: 1,2).
  • Oh, but CSS in Django really should be served by the media server, yet I haven’t mapped the media URL on my development server. I should do that now, or else it won’t resolve (Stack: 1,2,3).
  • Start NetInfo Manager, map it (Stack 1,2,3,4-complete).
  • Add the media url domain to Apache as a virtual host (Stack: 1,2,3,5-complete).
  • Bounce apache, test media domain (Stack: 1,2,3,6)
  • Troubleshoot why apache didn’t bounce properly – bad vhost line (Stack 1,2,3,6,7-complete)
  • Bounce apache, test media domain, success (Stack: 1,2,3,6-complete)
  • Test Django CSS from template, hard coding media URL (Stack: 1,2,3,8-complete)
  • Oh, but hard-coding is foolish when the media URL is stored in the settings. Is there a way to use the settings? (Stack: 1,2,3,9)
  • No, but I can write a templatetag. (Stack: 1,2,3,9,10)
  • Lookup template tag docs, write one to do media URLs for me. (Stack: 1,2,3,9,10,11-complete)
  • Test new template tag. (Stack: 1,2,3-complete,9-complete,10-complete)
  • Test base template with new tag. (Stack: 1,2-complete)
  • Test form, extending base template. (Stack: 1-complete)

If you are a programmer, you’ll recognize this style of thinking. If not, and you’ve managed to read this far, perhaps you’ll understand a bit more why we get flustered when people walk up to ask questions. If a programmer is managing a stack of tasks 5 or 6 items deep, it gets easy to lose the thread of what is going on.

I’ve been working for years at getting better about interruptions. I love the flow state, but I think that we programmers make it too fragile when we try to keep everything in our head. The thing is that always seems like you are almost there, so the time to write down anything about your stacked task is a waste of time. I’ve been fighting that tendency, with varying degrees of success.

For quite a while, I’ve been doing this mostly by keeping an engineering notebook. That way I can scribble notes which will – sometimes – lead me back to the path if I get distracted. Today I tried a new technique, which was to use the excellent little app Sidenote for OSX. It is just a little "Sticky" style note taker which lives on the side of your screen. It minimizes when not in use, and it autosaves all the time. That’s a nice bit right there, you don’t even have to think about saving.

Basically, I’ve started using it for two things. 1) To track my "stack" and 2) to track needed/possible future refactorings. I haven’t gotten fully in the habit yet, but I had a six hour long coding-flow session today, and Sidenote was a very helpful part of that. The stack is empty and I have one refactor to do. Plus, I got to code my heart out, which always feels great.
[tags]Sidenote,flow,coding flow,productivity,programming[/tags]