Apr 28, 2019
kalpesh

Magento Imagine Dev Exchange 2019

Magento Imagine 2019 is just 2 weeks away, I cannot wait any longer now! This year would be crazy for me, as I am participating in Contribution Days as a Maintainer that happens on Saturday and Sunday before the conference, and also hosting a Dev Exchange table after the conference on Wednesday. Also, this would be my first Imagine from agency side, so things would be different.

As many of you know, I have advocated Magento Security for quite a while now. From submitting core security bugs to adding an entire Security topic in the Magento 2 Professional Developer Plus certification, I realized there is many more things to do. This year I am going to host Dev Exchange where I will share my security ideas and also get ideas and feedback from the community. One very important thing that we would address this year is third-party extensions security. Pablo Benitez, CTO at eBizmarts, will join me bringing in business perspective when talking about third-party extension security. Talesh Seeparsan will bring his past Dev Exchange experiences on security and help us in guiding and noting down all the ideas and feedback that we would discuss with all the participants.

If you are coming to Magento Imagine and would stay little late on Wednesday, please stop by our Dev Exchange table and join the conversation. Here is the topic and details we submitted for Magento Imagine Dev Exchange 2019:

 

 

Make Magento more secure

It’s 2019 and security is a top priority of Magento/Adobe. Every participant in the ecosystem has their part to play to keep merchant stores secure. Let us discuss current low hanging fruits in the ecosystem and share strategies/tools for managing them effectively. For each item we will outline the topic and it’s security shortcomings then begin a deeper investigation into solutions with knowledge and idea sharing before moving to the next one. This is a co-hosted panel: Kalpesh Mehta leading with deep technical security experience and Pablo Benitez bringing the experience and technical/business concerns from an extension developer for a fully rounded conversation. Special thanks to Talesh Seeparsan and Kristof Ringleff for bringing their past Dev Exchange experience around extension security.

1.) Extension Developers write secure code.

With the proactive and nimble approach Magento has taken to core security, many time agencies and merchants find external 3rd party extensions makers have not put in as much effort. How can we encourage their developers to take a more secure coding approach? Can Magento community maintain secure coding practices document like technical guidelines, security? Validate code using a tool like PHP CodeSniffer ? What solutions already exist that we can rely on? What processes already exist that we can implement?

 

2.) Better ways to report vulnerabilities on a merchant’s site

Magento has a bug bounty program to report vulnerabilities in their code and websites. If a user or security researcher finds vulnerabilities in some Magento powered web store, not owned by Magento – an Adobe company, how can they reach out to the right person on the merchant’s team? How to pass the information given the sensitive nature of the issue? Should Magento accept security.txt standard?

 

3.) Code review in community submitted Pull Requests

Is Magento doing security code review when someone submits a PR to core code? What to check for when doing code reviews to identify security risks?

 

4.) Add Security topics in Developer certifications

Magento has already included Security topic in Magento 2 Professional Developer Plus exam. Can we ask Magento to include Security in Associate as well as Developer exam? Can it help developers learn security best practices?

 

All recommendations and suggestions will be documented and shared with the Magento security team and the community afterwards. Remember to keep the privacy of your client intact while discussing vulnerabilities and attacks.

Feb 9, 2019
kalpesh

I am one of the Top 50 Magento Contributors of 2018

This week Magento announced top contributors from the past year. I was so thrilled to see my name in the top 50 Magento contributors of 2018. It is an honor to be on that list, with other Magento legends most of whom are/were Magento Masters.

It is just incredible that there were 5,900 contributors that Magento can quantify in 2018. I am so proud to be in the top 1% of the contributors who were recognized in the Top 50 contributors list. It is a very difficult job to find who contributed most or whose contributions impacted most given such a large community contributors, but Sherrie Rohde, Magento Community Manager, just excels in that.

For all those contributors who couldn’t make it to the top 50 list, here is a thankful quote by Sherri with an orange heart!

Keep contributing!!

Oct 20, 2018
kalpesh

Magento 2 Certified Professional Developer Plus Workshop

Last month I and Jonathan from Corra participated in the M2 Developer Plus certification workshop which happened in London. The goal of this new certification is to test the developers’ skills in Magento 2 Commerce and Open Source. This exam is intended to be difficult than the Professional Developer that was launched earlier this year. The exam will be scenario-based, so don’t come memorizing class and method names to the exam, it will not help 🙂

Participants

Developers from Magento, an Adobe Company and few SIs participated in this workshop to come up with the questions for this exam. Everybody was highly skilled in Magento 2, and submitted very good questions which will make it difficult for the developers to pass this exam 🙂 Partners who participated – Corra (I an Jonathan Lorenzi), Something Digital (Max Chadwick), DCKAP (Jaykanth), Vaimo (Sergii) and Cream NL (Julian).  And there were Alex Paliarush and Iryna from Magento. Vitaliy Golomoziy and Vinai Kopp were top of the game, submitting and reviewing some crazy amount of questions respectively. It was great to work with all these awesome folks for four days. This was all possible under the guidance of Peter Manijak, Director of Certification & Special Programs at Magento U.

New topics

This exam added two new topics that are different than Professional exam. First one is of course Magento 2 Commerce features. The other one, which I personally advocated for few years to include in different areas of the Magento ecosystem, is Magento Security.

Magento Security

I proposed this topic to Peter Manijak few weeks before the workshop, he really liked the idea and gave his support to include this in the certification. We were not sure whether to add objectives in other topics or to create an entire new topic for this. Peter took this to the team and we agreed to keep it as it’s own topic. We also got support on this topic from Richard Huie-Buckius, Head of Training & Certification Services at Magento, an Adobe Company. I am very grateful to Peter and Richard for understanding the importance of Security in Magento and making it a part of the certification. Peter is personally a big fan of Security so huge props to him on including this additional topic to the exam.

The goal to introduce Magento Security in the exam is to test developers’ abilities in security area when they develop something in Magento. Security is a part of development, every developer who works on Magento needs to know at least the basics of security to write secure code while developing extensions or custom in-house modules. The exam will test the developers on frontend, backend and overall architectural related security questions. For full details, wait for the study guide 🙂

Launch date

The certification will be available to the developers in November 2018 (as per the tweet from Magento U handle).

Thanks

It was a great opportunity for me to participate in this workshop. I learned a lot from all the participants and am thankful to Peter Manijak and Corra for allowing me to participate in the workshop!

Aug 13, 2018
kalpesh

Magento 2 Certified Professional Developer Exam Experience

M2 Certified Professional Developer test is here for a while now and I finally got some time to prepare and appear for this test. It asks you 60 questions which you have to answer in a time limit of 90 minutes. So basically you get 1.5 minutes to answer each question. Though you should not waste time if you are able to answer the question quicker, as there are many questions in the test which are lengthy and requires more time to understand the question. If you are a non-native English speaker, you may have to read some of the questions 2-3 times before fully understanding what it is exactly asking. Passing score is 64% – so you need to get 39 correct answers out of 60, which is almost 2 out of 3 questions. At the end of the test, you get the score on screen which is great to know instantly if you passed or you need to re-take the test.

Yesterday I took the M2 Professional Developer test and passed it. I found it difficult to be honest, questions were lengthy and answers were confusing. Magento recommends developers to at least have 1.5 to 2 years of experience before taking this test to pass, but I think you can still go for the test if you have worked on 4-5 Magento 2 projects hands on with around a year of experience. I believe that is enough if you are fully into Magento and understand the architecture of the system and technical concepts of various features it offers.

I found SwiftOtter very useful, along with it’s practice test where it offers 44 questions https://swiftotter.com/technical/certifications/magento-2-certified-developer-practice-test. However, it’s not guaranteed that you will pass solely by studying their guide and practice test. You also need to understand the code and should have experience working on it in the M2 projects to clear the exam. I suggest taking the practice test once you have read and understood the topics in the guide and Magento DevDocs and are ready to face the real test.

It’s evident there’s a lot of hard work done by the Magento U team and developers who contributed to this test by writing questions and answers. It’s really hard to pass this test if you don’t have deep understanding in Magento 2 concepts and don’t have enough practical knowledge to prove your M2 abilities.

I think this test could have done even better if it had also focused on:

Security – Not a single question was asked on this topic. I am not talking about Payment, PCI and Magento Vault things when I say Security, I mean writing code that does not leave behind security vulnerabilities. It should be must for a backend or full-stack developer to at least have a basic understanding of how to write secure code, Magento had a great opportunity to include some good security questions (like CSRF token, escaping user-submitted data, XSS prevention, preventing file path exploits, sanitizing user data before saving/getting from db, etc..) here, but….

Readability – Most of the Magento developers are from non-native English speaking countries, myself included. I feel there were few lengthy questions which were just difficult to understand for non-native speakers. I also heard similar complaints from few developers who took this test confirming that they had to read some of the questions 2-3 times which took much of their time to just understand what the questions were trying to ask. That’s a disadvantage to many developers and I believe Magento U will take a note of that when writing upcoming new test questions.

Let me know your thoughts! Kudos to Magento U team for creating such an outstanding test.

Mar 20, 2018
kalpesh

Setting up Magento 2.2.3 on Valet+ (requires MacOS)

Wondering what is Valet+? It is a development environment for MacOS. If you have previously used Vagrant and/or Docker, I think you would just love Valet+. Valet+ is very easy yet fast development environment, as it doesn’t require you to edit /etc/hosts, vhosts, mysql, etc.. For more information on Valet+ and how it differs with Valet, please read this: https://github.com/weprovide/valet-plus/blob/master/readme.md

Let me know in comments section which one you prefer out of these 3?

Okay so let’s come to topic and start preparing to install Valet and Magento.

1.) Install Homebrew if you do not have it already on your Mac

2.) Let’s install PHP 7.1

brew install homebrew/php/php71

If you already have php70, you can unlink it before running above command:

brew unlink php70

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
Kalpeshs-MBP:~ kalpesh$ brew install php71
Updating Homebrew...
==> Installing php71 from homebrew/php
==> Installing dependencies for homebrew/php/php71: libpng, freetype, gettext, icu4c, jpeg, libtool, unixodbc, readline
==> Installing homebrew/php/php71 dependency: libpng
==> Downloading https://downloads.sourceforge.net/libpng/libpng-1.6.34.tar.xz
==> Downloading from https://downloads.sourceforge.net/project/libpng/libpng16/1.6.34/libpng-1.6.34.tar.xz
######################################################################## 100.0%
==> ./configure --disable-silent-rules --prefix=/usr/local/Cellar/libpng/1.6.34
==> make
==> make test
==> make install
🍺 /usr/local/Cellar/libpng/1.6.34: 26 files, 1.2MB, built in 2 minutes 22 seconds
==> Installing homebrew/php/php71 dependency: freetype
==> Downloading https://downloads.sourceforge.net/project/freetype/freetype2/2.9/freetype-2.9.tar.bz2
==> Downloading from https://svwh.dl.sourceforge.net/project/freetype/freetype2/2.9/freetype-2.9.tar.bz2
######################################################################## 100.0%
==> ./configure --prefix=/usr/local/Cellar/freetype/2.9 --without-harfbuzz
==> make
==> make install
🍺 /usr/local/Cellar/freetype/2.9: 60 files, 2.7MB, built in 1 minute 53 seconds
==> Installing homebrew/php/php71 dependency: gettext
==> Downloading https://homebrew.bintray.com/bottles/gettext-0.19.8.1.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring gettext-0.19.8.1.yosemite.bottle.tar.gz
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local,
because macOS provides the BSD gettext library & some software gets confused if both are in the library path.

If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/gettext/bin:$PATH"' >> ~/.bash_profile

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/gettext/lib
CPPFLAGS: -I/usr/local/opt/gettext/include

==> Summary
🍺 /usr/local/Cellar/gettext/0.19.8.1: 1,934 files, 17.0MB
==> Installing homebrew/php/php71 dependency: icu4c
==> Downloading https://ssl.icu-project.org/files/icu4c/60.2/icu4c-60_2-src.tgz
######################################################################## 100.0%
==> ./configure --prefix=/usr/local/Cellar/icu4c/60.2 --disable-samples --disable-tests --enable-static --with-library-bits=64
==> make
==> make install
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local,
because macOS provides libicucore.dylib (but nothing else).

If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/icu4c/bin:$PATH"' >> ~/.bash_profile
echo 'export PATH="/usr/local/opt/icu4c/sbin:$PATH"' >> ~/.bash_profile

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/icu4c/lib
CPPFLAGS: -I/usr/local/opt/icu4c/include
For pkg-config to find this software you may need to set:
PKG_CONFIG_PATH: /usr/local/opt/icu4c/lib/pkgconfig

==> Summary
🍺 /usr/local/Cellar/icu4c/60.2: 249 files, 67.2MB, built in 9 minutes 15 seconds
==> Installing homebrew/php/php71 dependency: jpeg
==> Downloading http://www.ijg.org/files/jpegsrc.v9c.tar.gz
######################################################################## 100.0%
==> ./configure --disable-silent-rules --prefix=/usr/local/Cellar/jpeg/9c
==> make install
🍺 /usr/local/Cellar/jpeg/9c: 21 files, 736.3KB, built in 1 minute 30 seconds
==> Installing homebrew/php/php71 dependency: libtool
==> Downloading https://homebrew.bintray.com/bottles/libtool-2.4.6_1.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring libtool-2.4.6_1.yosemite.bottle.tar.gz
==> Caveats
In order to prevent conflicts with Apple's own libtool we have prepended a "g"
so, you have instead: glibtool and glibtoolize.
==> Summary
🍺 /usr/local/Cellar/libtool/2.4.6_1: 70 files, 3.7MB
==> Installing homebrew/php/php71 dependency: unixodbc
==> Downloading http://www.unixodbc.org/unixODBC-2.3.5.tar.gz
######################################################################## 100.0%
==> ./configure --prefix=/usr/local/Cellar/unixodbc/2.3.5_1 --sysconfdir=/usr/local/etc --enable-static --enable-gui=no
==> make install
🍺 /usr/local/Cellar/unixodbc/2.3.5_1: 41 files, 1.9MB, built in 4 minutes 22 seconds
==> Installing homebrew/php/php71 dependency: readline
==> Downloading https://homebrew.bintray.com/bottles/readline-7.0.3_1.yosemite.bottle.tar.gz
######################################################################## 100.0%
==> Pouring readline-7.0.3_1.yosemite.bottle.tar.gz
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local,
because macOS provides the BSD libedit library, which shadows libreadline.
In order to prevent conflicts when programs look for libreadline we are
defaulting this GNU Readline installation to keg-only..

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/readline/lib
CPPFLAGS: -I/usr/local/opt/readline/include

==> Summary
🍺 /usr/local/Cellar/readline/7.0.3_1: 46 files, 1.5MB
==> Installing homebrew/php/php71
==> Downloading https://php.net/get/php-7.1.14.tar.bz2/from/this/mirror
==> Downloading from https://secure.php.net/get/php-7.1.14.tar.bz2/from/this/mirror
######################################################################## 100.0%
==> ./configure --prefix=/usr/local/Cellar/php71/7.1.14_25 --localstatedir=/usr/local/var --sysconfdir=/usr/local/etc/php/7.1 --with-config-file-path=/usr/local/etc/php/7
==> make
==> make install
==> Caveats
The php.ini file can be found in:
/usr/local/etc/php/7.1/php.ini

✩✩✩✩ Extensions ✩✩✩✩

If you are having issues with custom extension compiling, ensure that you are using the brew version, by placing /usr/local/bin before /usr/sbin in your PATH:

PATH="/usr/local/bin:$PATH"

PHP71 Extensions will always be compiled against this PHP. Please install them using --without-homebrew-php to enable compiling against system PHP.

✩✩✩✩ PHP CLI ✩✩✩✩

If you wish to swap the PHP you use on the command line, you should add the following to ~/.bashrc, ~/.zshrc, ~/.profile or your shell's equivalent configuration file:
export PATH="$(brew --prefix homebrew/php/php71)/bin:$PATH"

✩✩✩✩ FPM ✩✩✩✩

To launch php-fpm on startup:
mkdir -p ~/Library/LaunchAgents
cp /usr/local/opt/php71/homebrew.mxcl.php71.plist ~/Library/LaunchAgents/
launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.php71.plist

The control script is located at /usr/local/opt/php71/sbin/php71-fpm

OS X 10.8 and newer come with php-fpm pre-installed, to ensure you are using the brew version you need to make sure /usr/local/sbin is before /usr/sbin in your PATH:

PATH="/usr/local/sbin:$PATH"

You may also need to edit the plist to use the correct "UserName".

Please note that the plist was called 'homebrew-php.josegonzalez.php71.plist' in old versions of this formula.

With the release of macOS Sierra the Apache module is now not built by default. If you want to build it on your system you have to install php with the --with-httpd option. See brew options php71 for more details.

By 31st March 2018 we will deprecate and archive the PHP tap.
Some of the formulae will be migrated to homebrew-core.

For more details, see https://github.com/Homebrew/homebrew-php/issues/4721

To have launchd start homebrew/php/php71 now and restart at login:
brew services start homebrew/php/php71
==> Summary
🍺 /usr/local/Cellar/php71/7.1.14_25: 345 files, 39.9MB, built in 11 minutes 5 seconds

3.) Install Composer

brew install homebrew/php/composer

4.) Finally install Valet+

composer global require weprovide/valet-plus

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Kalpeshs-MBP:valet kalpesh$ composer global require weprovide/valet-plus
Changed current directory to /Users/kalpesh/.composer
Using version ^1.0 for weprovide/valet-plus
./composer.json has been created
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 15 installs, 0 updates, 0 removals
- Installing tightenco/collect (v5.4.33): Downloading (100%)
- Installing symfony/process (v3.4.6): Downloading (100%)
- Installing nategood/httpful (0.2.20): Downloading (100%)
- Installing psr/container (1.0.0): Downloading (100%)
- Installing container-interop/container-interop (1.2.0): Downloading (100%)
- Installing php-di/invoker (1.3.3): Downloading (100%)
- Installing psr/log (1.0.2): Downloading (100%)
- Installing symfony/debug (v4.0.6): Downloading (100%)
- Installing symfony/polyfill-mbstring (v1.7.0): Downloading (100%)
- Installing symfony/console (v3.4.6): Downloading (100%)
- Installing mnapoli/silly (1.5.1): Downloading (100%)
- Installing psr/simple-cache (1.0.1): Downloading (100%)
- Installing illuminate/contracts (v5.6.12): Downloading (100%)
- Installing illuminate/container (v5.6.12): Downloading (100%)
- Installing weprovide/valet-plus (1.0.11): Downloading (100%)
symfony/console suggests installing symfony/event-dispatcher ()
symfony/console suggests installing symfony/lock ()
Writing lock file
Generating autoload files

5.) Add export PATH in your .bash_profile

vi ~/.bash_profile

and add below line on top (after PATH line if you have one already)

export PATH=”$PATH:$HOME/.composer/vendor/bin”

to reflect our current changes in the current terminal tab session, run:

Continue reading »

Pages:1234567...35»

Welcome to my Blog

Kalpesh MehtaHelping Magento developers in their day-to-day development problems since 2011. Most of the problems and solutions here are my own experiences while working on different projects. Enjoy the blog and don't forget to throw comments and likes/+1's/tweets on posts you like. Thanks for visiting!

Certifications

Recognition

Magento top 50 contributors

Honor

Contributions