LATEST FROM OUR BLOG

Take your daily dose of (only) relevant news, useful tips and tricks and valuable how to's on using the latest web technologies shaping the digital landscape. We're here to do all the necessary information sifting for you, so you don't have to, to provide you with content that will help you anticipate the emerging trends about to influence the web.

Can LastPass Just Block Your Account and Withhold Your Passwords? Yes! Here Is What They Have Put Us Through
What if you lose your LastPass master password? Then you're doomed... You'll lose your password vault for good. But hey, you can still to lose all your sensitive data even if you don't forget that crucial password! I mean, if it has already happened to us... Apparently, there's no guarantee that one day, for no reason, LastPass won't:   lock you out of your account and block your access for... mere fun keep advising you to use their recovery password form… one that doesn't work and that you had already tried, several times, with no success keep suggesting that you're some sort of a "liar", insisting that you had, in fact, changed your master password and that's why you can't log in now keep giving you a "suicidal" advice: delete your account and open a new one, even if this means losing all your data refuse to allow you to retrieve the data that you stored in your "old" account to export it to that new account they keep insisting to create refuse to refund you the money you had paid, in advance, for a service that apparently doesn't serve your needs: it keeps you blocked out and puts a garnishment on your passwords   So, just beware of which company you choose to trust with your sensitive data! Their "The last password you'll ever need" slogan might just turn into: "The last password you'll ever have". For once they block you, you'll be left with... none.  But let's rewind and go back to the day when it all started. Little did we expect for it to turn into our worst-ever scenario, considering that we had been happy LastPass users since... 2009.   1. It Started Like Just Another Ordinary Log In to Our LastPass Account... But —  surprise, surprise — we couldn't sign in. And our master password was the same old one: we did NOT forget it! I mean, we had been LastPass users for almost 10 years': We were fully aware of what would happen if we ever lost that priceless password! So, we jumped straight to their “Recover Account” form, which brutally served us the following message: And it was about that time that things started to go wrong. When the “ordinary” slowly turned into... extraordinary: An extraordinarily bad experience with the LastPass support team.   2. When in Trouble, Contact LastPass Support and... Start a Deaf Dialogue This is where our deaf dialogue with lovely Michelle from LastPass's support team started. And it was such a nice and fruitful chat that we had there! I let her know that, by some mysterious reasons, that day, from all the other days in the previous 9 years, I couldn't access our account. Nor could I use their recovery account system for... it didn't work. Lovely Michelle either:   suggested that I was lying when I told her about my attempts to use their recovery account form understood everything just too well, but she had a script to follow, so she decided to ignore parts of my message thought she was dealing with some a retarded person    … and told me that, in fact, I had managed, somehow, to change my master password. Then she kindly advised me to... go through their recovery account steps. Even though I had told her I already had done that. But, who was I to come in between her and the script she had to follow blindly? And then came her somehow “suicidal” advice for us, the OPTASY team, one of the loyal LastPass customers: To delete my current account (for which I had already paid in advance) and create a new one! Just like that!   3. News Alert! LastPass Can Block You Out and Withhold Your Stored Data For that's what happens when they advise you to delete your account and “start over”: Your password vault goes... down the drain or gets stuck in their cloud, no matter how you want to look at it. Here's a tricky question for you: What would be a worse scenario for you?    To lose all the passwords that you've trusted LastPass with? To lose all your passwords with no guarantee that no one else can access them later on?   And here's charming Michelle's brutally honest answer to my legitimate question(s): “What's gonna happen with all the records in our OLD account? How can we import them into the new one?” And that reply just... sent cold shivers down our spines...   4. Being Punished Without Fault: No Refund and No Chance to Export Our Data Now, you do guess that it was about then that we reached the climax of our conversation with the LastPass support team (aka Michelle). And so, masochistically enough, we dared to pop up another question: “If you're not able to help me reset the password, please let me know how can I export all the data from my old account and refund the money I paid in advance.” The answer was a... slap in the face, like the previous ones: To sum up now:   locked out from our LastPass account, after several years left to somehow make their not-working “recovery account system”... work for us forced to keep trying it over and over again given just one option: to create a new account and lose all our passwords (and the money paid in advance, as well)   Can you imagine that we trusted LastPass for years?  And that we ended up getting treated like this? With no fault.   5. Their Invariable Response? To Start Over and Knowingly Lose All Passwords Needless to add that I kept on explaining to the LastPass support that in vain did they point out to the recovery steps to take: I had already taken them, even before I had even contacted them in the first place. With zero success... I claimed back the money we had paid in advance for their password manager service, as well as the possibility to export our password to that new account that they insisted that we should set up. Michelle's answer: The END! No happy ending, though, to this story of our terrible experience with LastPass. Who would have thought that all these years we were trusting them with our most valuable data! And that one day they'd just... kick us out and withhold precisely that sensitive data with:   no fault from our side no clear explanation on their side So, just beware, be informed, be skeptical about trusting LastPass... ... Read more
Adriana Cacoveanu / Oct 12'2018
Can I Trust LastPass with My Passwords? No! Our Unexpectedly Bad Experience with Them
“Trust LastPass at your own risk!” would be our answer. One based both on:   this password manager's own “beefy” record of critical security vulnerabilities, cross-site scripting bugs, breaches and major architectural issues our bad experience with LastPass, as a client   And before we dig into the heavy load of evidence that we base our “case” on, allow us to expose some of their former clients' testimonials:   “I lost my entire LastPass passwords in March 2017. It was a disaster for me. I have had LastPass since the beginning, can you imagine all the passwords saved over the years? I think you should do some research on LastPass and the changes, the bad changes that have happened with LastPass” (Barbara's comment, 5 Best LastPass Alternatives to Manage Your Passwords)   “About a month ago when I tried to log in to LastPass I got the message that I had entered the wrong vault password - but I can assure you that nor I, nor my cat has changed it... When I contacted LastPass, they in a rude manner "taught" me that what I hadn't experienced what I had in fact had experienced, since it is "impossible", and their "help" consisted in giving me the clue to the main password to LastPass - i.e. the password, which I explained to them isn't valid anymore... “ (Robert's comment, You Should Probably Stop Using LastPass Temporarily) “Around a month ago I switched from LastPass to Bitwarden as my password manager. To make sure my passwords were protected I deleted my LastPass account, now I get an email asking me to renew my subscription for my DELETED LastPass account. I wonder what else they stored about me... “ (user/dumah310, LastPass storing email from deleted account) 1. But First: How Does LastPass Work? In plain language: LastPass stores your encrypted passwords (and secure notes) in the cloud and secures them via a master password. And the “master password” is both the strength and the main vulnerability of this password management service. Now before I back up the above statement with our own experience with LastPass, here's an excerpt of an “enlightening” HackerNews post: “Users must also devise a “master password” to retrieve the encrypted passwords stored by the password management software. This “master password” is a weak point. If the “master password” is exposed, or there is a slight possibility of potential exposure, confidence in the passwords are lost.“ 2. 5 Security Vulnerabilities Over the Last 7 Years... and Still Counting “How secure is LastPass from being hacked?” I'll leave it to you to evaluate it while going through its “impressive” record of security flaws and vulnerabilities reached over the last years:   2.1. In 2011 a Cross-Site Scripting Vulnerability Was Detected   In February 2011 Mike Cardwell, a security researcher, tracked down an XSS bug on the company's website. Once “exploited”, this vulnerability could basically enable attackers to steal:   hashed passwords the list of websites that users log into (along with the IP addresses, time and dates of their logins) their email addresses underlying cryptographic salts   LastPass fixed that bug within hours.   2.2. That Same Year A Second “Likely” Security Breach Was Identified Later on that year, in May, the company's team spotted a new “anomaly” in both their incoming and outgoing network traffic. Therefore, suspicions arose that a hacker might have accessed their servers. What kind of risks did this “abnormal activity” entail? Well, the attacker could check thousands of passwords in a short period of time, using a combination of user emails, guesses on their master password and the salt. As LastPass CEO confirmed it himself back then, in an interview for PCWorld.com: “ You can combine the user's e-mail, a guess on their master password, and the salt and do various rounds of one-way mathematics against it. When you do all of that, what you're potentially left with is the ability to see from that data whether a guess on a master password is correct without having to hit our servers directly through the website.”    2.3. In 2015 A Hacker Attack Compromised the Company's Servers   Here's another answer to your “Can we trust LastPass?” question: In June 2015 a post on the company's blog announced that their team had detected suspicious behavior on their network. The result? LastPass servers got hacked and the cryptographically protected content compromised. And we're talking here about:   user passwords password reminders cryptographic salts email addresses   2.4. In 2016 A Vulnerability that Enabled Reading Plaintext Passwords Was Exposed Within a year, in July 2016, a new security vulnerability in the autofill functionality was identified and then detailed by the representative of DETECTIFY, an independent online security firm. Basically, the article raised new suspicions about whether one could trust LastPass with their passwords: The URL-parsing code of the LastPass browser extension — the HTML piece of code that was added to every page that the “victim” would visit —  was poorly written. Sloppy enough to enable a potential attacker to read plaintext passwords once the user landed on a malicious website.   2.5. In 2017 a “Major Architectural Problem” Was Discovered  In June 2017 Google's security researcher Tavis Ormandy made a new discovery: A security vulnerability in the LastPass Chrome extension (that applied to Firefox and Edge, as well), which, once exploited, could enable a hacker to steal passwords or engage in remote code execution. He described it as a “major architectural problem” to point out that this time we weren't facing some... signs of carelessness, but a hole in LastPass' security shield instead. “How safe is LastPass?” Users started to ask themselves again and many even started looking for alternatives.   3. About Our Own Unexpectedly Bad Experience as a LastPass Client  Let us share with you some glimpses of our rough experience as LastPass users.  I would start by saying that: Yes, the worst-possible scenario did happen to us. We've apparently lost all the passwords “safely” stored in our LastPass account. There are zero chances to retrieve them, to export them to another password manager or/and to get a refund, considering that we had paid for one year in advance. How did it all begin? With us trying to log into our account, as usual. But, we got this “welcome” message instead: “Invalid password” We next tried to reset our master password, using their reset password form. With no success, though: “LastPass account recovery failed for... Your current web browser did not save account recovery data on this computer. Please try account recovery again with every browser and on every computer you...” And then the “dialogue of the deaf” began, with: Us stating that we did NOT reset our password, for it was not possible and the LastPass support team claiming that we did restart it. And telling us that there's no option but to:   create a whole new account say goodbye to all our passwords "safely" stored there for good; there's no chance to export that user sensitive data to another password manager service lose all hope of getting a refund for the money we had paid in advance, due to their “No refund policy”   In short: if for some mysterious reasons, one day LastPass doesn't recognize your current master password anymore and you're not allowed to reset it either... you're doomed. Now, can you guess what's our answer to this question: “Can we trust LastPass?”   4. Bottom Line: Should You Trust LastPass? “Trust this service at your own risk!” For one day, no matter whether you've:   disabled the auto-fill functionality enabled a two-factor authentication (for both LastPass and your other critical accounts) chosen an "invincible” master password for your LastPass account kept both your software and your machine “spotless clean” and up-to-date used one different password per account   … you still run the risk to find yourself locked out!   Just talking from experience...   ... Read more
Adriana Cacoveanu / Oct 09'2018
What Makes Magento 2 the Best Choice for Mobile Commerce? 6 Obvious Reasons to Consider It
Why Magento 2 and not Shopify, WooCommerce, Joomla, BigCommerce, Volusion and the list of popular e-commerce platforms could go on? Why is Magento 2 the best choice for mobile commerce? After all, they all provide responsive product pages design, right?  Yes, but that's just the “tip of the iceberg”.There are lots of other factors to consider, as well, when striving to ensure your e-store's success on mobile:   the shopping cart the checkout experience the page load times (considering the high level of unpredictability specific to mobile connectivity) the admin UI the “manage your store on the go” functionality   … and so on. Magento 2's built to meet all your mobile commerce-specific expectations, plus a few more. Now, out of all the most obvious reasons why you should consider it as your platform of choice for your mobile e-store, we've selected the 7 most compelling ones:   1. Intuitive and Easier to Use Admin UI A huge “leap” forward from Magento's discouragingly complex and confusing former admin panel. How is it better?   it's cleaner it's more (non-technical) user-friendly it's easier to use    Practically, in Magento 2 store admins are no longer dependent on developers for every little change they need to make in their online stores. From finding precisely the tools they need to adding new product listings, admins can now perform all the common tasks in their dashboards much quicker.   2. A Simple Checkout Process: It Makes Magento 2 the Best Choice for Mobile Commerce And this is that part of your mobile e-store that can make or break its reputation for good.  A cumbersome, overly complex, lengthy checkout experience will only make your customers “run for the hills” and never come back to... pick up their abandoned carts (and maybe even spread the news about the frustrating checkout experience they had in your store). Do you see my point here, right? This platform's simple, frictionless checkout process is directly responsible for the success of any e-commerce website using Magento 2.   3. All Magento 2 Themes and Templates Are Responsive by Default Magento 2 comes jam-packed with free, responsive themes for you to just scan through, select from and use to deliver mobile-friendly shopping experiences. That, of course, in addition to the always available options of:   going with a third-party theme having a Magento 2 developer build a custom theme for you, from scratch, and to tailor it to your store's specific needs   4. Easy to Manage Your Magento 2 Store Right On Your Smartphone Another enhancement that makes Magento 2 the best choice for mobile commerce.  Just imagine that as a store admin you'll get to manage all its features:   catalog management features CMS SEO and marketing features order management   … on the go, right from your mobile phone, right from your admin panel. And it's this type of convenience that turns Magento 2 into the most popular platform among e-commerce business owners.   5. Caching Capabilities And you need to consider how unpredictable a mobile connectivity can get.  Luckily, Magento 2's got your back: its catching capabilities are the “safety net” you need when your online store's visitors are facing issues of limited connectivity. It supports Varnish Full Cache, which makes it easy for developers in your team to boost your Magento store's performance despite the internet connectivity's limitations.   6. Powerful Built-In Marketing Features  Speaking of conveniences, Magento 2 provides you with a heavy load of robust marketing features right out of the box. I'm talking here about:   visual merchandising optimized product category pages  sharing an email drag and drop functionality wishlist creation feature customer segmentation   In short: all the modern features you could possibly think of for “fueling” your mobile marketing strategy with. The END!  What do you think, can these 6 reasons here stand for 6 clear answers to your question:   “What makes Magento 2 the best choice for mobile commerce?” ... Read more
Adriana Cacoveanu / Sep 20'2018
How Can You, As a Client, Prevent Missed Deadlines on Your Web Projects? 6 Best Practices
Lots of helpful tips and tricks, tons of best practices, plenty of great advice on how to prevent missed deadlines on your web projects. And yet: all these “how to's” are targeting project managers, team leaders and, overall, web development teams. But what about you, the client? What can you do to help the teams working on your web projects avoid missing deadlines? What best practices should you adopt in order to streamline the development process? And what bad client habits should you break to avoid scope creep and, implicitly, delaying your own project? Now that we've gone through all your possible questions and dilemmas as a client regarding the “deadline issue”, let's dig for some answers, too. In this respect, here are the 6 best practices that you should stick to when working with a web development team, to ensure that they'll meet their deadline:   1. Clearly Articulate all Your Project Requirements — Ideas, Vision, Expectations Do speak now or forever hold your peace! In other words: share your detailed specifications, your requirements, even just your glimpses of ideas in a very early phase of your project's development life-cycle. This way, you'll empower your contacted team to come up with an accurate project estimate. And thus, to ensure that they'll meet the deadline you will have agreed upon. What's your vision for the project? What do you expect your software product to do? What features should it incorporate? What are your predictions in terms of website traffic? Be sure to express all your requirements as accurately as possible, whether under the form of:   drawings on a sheet of paper detailed specifications verbal explanations screenshots   2. Over the Budget? Discuss Prioritization of the Key Features Another best practice to prevent missed deadlines on your web projects, as a client, is to prioritize specific tasks included in the project.  And this practice gets particularly helpful when you find yourself budget-constrained. What are the essential features and functionalities that your website/application should have? Identify them, then discuss prioritizing those specific implementations with the development team.  This way you:   stay on budget (still) meet the deadline set some realistic expectations draft an updated roadmap for your development team to follow   Tip: are you familiar with the MVP (minimum viable product) philosophy?   3. Give Them Timely Access to Materials They Need to Move Forward More often than not, it's clients' failure to carry out their own parts of the projects (on time) that lead to significant delays in the development process. And forgetting/overlooking/refusing/being out of reach to give your development team timely access to those materials that are crucial for their work is one such example. I'm talking here about materials such as:   project-specific content data brand fonts   … and other resources they might need to advance in their work.  Which leads us to another best practice that clients (too) often fail to follow:   4. Be Reachable: Stay Active on Communication Channels  It's crucial that you be available on (all) communication channels. The team of web developers working on your project might need:    your approval on certain tasks that they will have completed before they can focus on the next development phases your input to the next-in-line deliverable your decision regarding a multi-solution challenge they're facing   So, you do get the point: the more difficult it'll be for them to reach you, the higher are the chances that they miss their deadline.   5. Ask Your Questions to Prevent Missing Deadlines on Your Web Projects Do dare to ask the project manager, the customer service manager or team lead all your questions. Whether technical or not. For you do not need to be a Drupal, Magento, WordPress, React, Laravel, Angular or any other technology expert. Yet, you must ask your development team any inquiries that you might have regarding the used tools and platforms. ... regarding their specific procedures, internal processes and, overall, their particular approach to project management. Ask your questions and allow them to shed light on any “blurriness” that you might be facing. Otherwise, confusions will only lead to last minute changes of scope and missed deadlines.   6. Set Realistic Deadlines to Accommodate Your Last-Minute Requirements, Too Are there any last minute changes, unplanned requirements or off-the-plan tasks that you need to integrate into your project's development cycle?  Talk about them with the project manager and maybe you'll reach an agreement to add a few more developers to your project.  And also, keep in mind to set a realistic deadline to accommodate all these emergencies, as well.    What's a Scope Creep More Precisely? Something that many clients are guilty of, I must say.  It comes down to: Changing the scope of a project.  And there are multiple causes for this:   urgent, last-minute requests coming from the client, that imply high volumes of extra work poor scheduling poor budgeting lack of cooperation   The END! These are the 5 most effective best practices to adopt, as a client, in order to prevent missed deadlines on your web projects.  ... Read more
Adriana Cacoveanu / Sep 18'2018
What Is the Best WordPress Plugin for Posting to Social Media? Top 5
Repetitive (not to say boring), time-consuming... And it all gets even more cumbersome when you add more authors to the equation and you increase frequency to more than just 2 posts a week. Yes, I am talking about regularly sharing your blog posts on your social media. But what if you could just schedule them and create your own calendar? And automate the whole process? Then, the question that arises is:  “What is the best WordPress plugin for posting to social media?” One perfectly equipped to:   cope with an above-the-average posting frequency  work in the context of a multi-author WordPress blog re-post old posts, as well track the overall success of your posts   And there sure are lots and lots of “luring” WordPress plugins to schedule posts, so: Which one best meets all your particular requirements? Let me give you some clues here. 5, to be more specific: WordPress' Default Feature for Scheduling Posts: Main Limitations Let's not jump straight to the WordPress plugins to schedule posts for social media before we've evaluated what the platform's built-in feature offers us, in this respect. For, you can very easily schedule your blog posts to social media in WordPress without the need of a plug-in solution. Here's how this out-of-the-box functionality works:   you go to Settings > General, in your admin panel you set your Timezone (since WordPress uses Universal Time by default) next, once you're ready to hit the “Publish” button and launch your blog post “out into the wild”, just hit the “Edit” button next to it … and set the time and date that you'd like your post to be shared on social media then, you click the “Schedule” button   And that's it! Your post will get automatically published according to your preferences of time and date. But what if:   you'd need to go through this process several times... a day? there are several authors posting on the same blog and, implicitly, sharing content on the same social media accounts?   For more complex expectations about your scheduler, you go with a plugin. With the best WordPress plugin for posting to social media, that should meet all your requirements.   1. Blog2Social A hands-off solution to rely on for both:   automating your posting on social media; from your WordPress blog straight to your social media networks scheduling their publishing; you get to set a specific time for your posts to go live   It will automatically share your content on LinkedIn, Pinterest, Medium, Twitter... Screenshot: WordPress.org  Features you'll love:   automated posting to several social media networks setting the time and date that you want your posts to be published tracking and monitoring your posts' success on each network tailoring your posts' templates so that they fit each network's specifications you're allowed to select the right images for your posts automated re-publishing of your scheduled old posts   2. Social Auto Poster     If this is not the best WordPress plugin for posting to social media, then it's definitely the most flexible one: You get to configure it to the slightest detail; to fine-tune it till it meets even your “overly” specific needs. Moreover, it enables you to auto-share both new and older blog posts. Screenshot: Codecanyon.net Top features:   choosing the post type to be shared auto-sharing new blog posts to those specific social networks that you will have selected custom scheduling: set the most suitable days and hours for sharing content on social media auto-posting to all your linked Facebook accounts supporting any kind of format: post, eCommerce products, page, custom post type   A social auto-poster WordPress plugin that's conveniently compatible with a whole “plethora” of networks: Tumblr, Facebook, Twitter, Pinterest, Instagram...    3. NextScripts   Here's another “must-check” WordPress plugin that's loaded with social media integrations. Screenshot: WordPress.org Let us look over some of its “hard-to-resist-to” features:   automatically sharing both new and older posts you're free to configure which posts should and which ones shouldn't get published … and also the time and date for publishing them you're also free to delay your scheduled posts auto-importing mentions/comments from your social media accounts as WordPress comments   4. Revive Old Post   Is keeping the same level of consistency — through regular posting at... regular times of the day/week — getting a bit challenging? Maybe, at times, you have no fresh content to share with your visitors... Screenshot: Revive.Social Then how about bringing some of your old articles back into the spotlight? Especially since you have Revive Old Post at hand, probably the best WordPress plugin for posting to social media. Once you've set everything up, the plugin turns into a 100% hands-off solution. You'll be putting the whole process of re-posting old content on... autopilot. But, let us go through some of this plugin's key features. Basically, it empowers you to set:   the age of the posts to be re-published the number of posts to be posted per day the posting frequency how many times the same old post can be posted the format of the posts to be shared on social media   Note: once plugged in, the Revive Old Post enables you to track the traffic that re-sharing these old posts will bring on your blog, right in Google Analytics.   5. Auto Post Scheduler ​​​​​​ It makes the best WordPress plugin for posting to social media especially in the case of a multi-author blog. One with a high volume of content drafted for being published on a daily basis. Screenshot: WordPress.org Basically, it's one of those few WordPress plugins to schedule posts that takes the full process, with all its particularities, off your back: From sharing scheduled posts, to recycling old posts to be published, it will automate all posting to social media-related operations. The END! These are the top 5 WordPress plugins to schedule posts for social media that you should evaluate first when looking for the best social auto poster for your own website.   ... Read more
Adriana Cacoveanu / Sep 14'2018
What Is the Best Magento 2 Product Reviews Extension? Top 5
Let's just say that the default product review system in Magento 2 is... well... not 100% satisfactory for you. It does have its limitations; there might be some particular product reviewing and rating features that it can't provide you with. So, you start looking for an extension to compensate for this... inconvenience. But which one to go with? What is the most suitable Magento 2 product reviews extension for your own eCommerce store's needs? And it takes just a brief scanning of the large “pile” of Magento 2 extensions to start experiencing choice overload: How do you know which one's the best for your eStore? Which one suits your own idea of an “ideal” reviews system? But what if we narrowed them down to 5 choices only? The 5 best Magento 2 review extensions to start your searches with:   But First: The “Ideal” Magento 2 Reviews System —  Main Characteristics What features should the reviews system on your eStore have to meet all your expectations? Let me guess:   reviews should be accompanied by the customers' real names, photos and maybe even a link to their social media accounts, as well customers should be able to rate products on a “pros & cons” scale the reviews section should be easily noticeable on page the reviews system should empower you with the proper tools to use for encouraging customers to insert informative, relevant reviews only … needless to add that the UI of the add review screen should be highly intuitive the reviews should show product photos, as well the reviews system would enable you, the admin, to easily sort product reviews by relevance/helpfulness   The Default Magento Product Reviews Feature: How Does It Work? Before we delve right into the mini pile of Magento 2 product reviews extensions that I've prepared for you here, let's see: How does the default reviews functionality work in Magento 2? On the user's side, he/she writes down his review in the text description field popping up once he's rated the product from 1 to 5. Whereas on the admin's side, you get to configure those ratings at Stores > Attributes > Rating, right in your Magento 2 admin dashboard.                                        Images: Potatocommerce.com   The Advanced Review for Magento 2 Extension  You cannot run your evaluation of the best rated Magento 2 product reviews extensions and skip this module here. Why? Here are the top reasons for considering it:   it provides a detailed product reviews system, with pros and cons it makes it possible for the published reviews to be rated as helpful/unhelpful … and to be shared across social media networks, as well it features review captcha and report reviews, helping you minimize the risk of fraud and spam it boosts the product reviews system with custom rating values (quality, price and so on)   The Import/Export Product Reviews Extension  A handy Magento 2 extension if you're “juggling with” multiple online stores. Basically, it enables you to import/export product reviews from one eStore to another via CSV file.  Note: while importing them, you, the admin, get to set their status using the CSV file The extension's most valuable features:   it makes it possible for reviews to get transferred along with their titles and descriptions via CSV file it supports a multi-store environment it empowers you, the admin to approve/disapprove the submitted reviews   Magento 2 Review Booster: The Best Magento 2 Product Reviews Extension?  Another product reviews and rating extension for Magento 2 that you shouldn't overlook while determining your best option. And here are some of its main functionalities:    pros and cons  reviewing the written feedback's helpfulness uploading images to product reviews the possibility to “lure” customers with different discounts/coupons for reviewing the products they buy review reminders adding comments to product reviews sorting product reviews by rating   The Magento 2 Product Reviews Extension  Another extension that has the potential to get you closer to that “ideal” Magento 2 reviews system of yours. Here's how precisely:   it enables customers to upload images of the product review form (no registration required) it's ideally easy to install & manage you get to integrate the product review functionality through a widget you, the admin, get to review the uploaded images' widths & heights   The Magento 2 Review Reminder Extension   Now, could you imagine the reviews system on your Magento 2 website without a powerful review reminder type of tool plugged in? I didn't think so... They make such handy tools to help you encourage customers, via email reminders, to post reviews for the products they've bought. Now, here are the key features of this specific tool here, an essential Magento 2 product reviews extension:   targeting specific groups of customers that you'd send your email reminders to sending automated reminder emails using coupons to entice customers to share their first product reviews and even choosing its template cleaning log records automatically, after a specific no. of days setting up the right time for sending the first reminder email   The END! These are the 5 best Magento 2 review extensions to add to your shortlist and start your “research” with.    feature-rich powerful easy to set up and customize on your side easy to use on your customers' side   … each module, taken separately, injects those product reviews functionalities into your store to help you enhance the built-in reviews system that the platform provides you with. ... Read more
Silviu Serdaru / Sep 13'2018
Designing for a Global Audience? 5 Things to Consider for Making Your Website Internationally Friendly
Designing for a global audience should be straightforward simple, right? You'd just translate the written content on your current website into all the different languages of your target audiences and you're good to go... Well, not even close. Closer maybe, but definitely not close.  For, as the Globalization & Localization Association (GALA) says it, far more accurately than I could: “The aim of localization is to give a product the look and feel of having been created specifically for a target market, no matter their language, culture, or location.” And proper localization (or contextualization, if you prefer) is precisely what you should aim for when trying to reach a global audience. Now, making your website internationally-friendly is subject to a lot of considerations; translating the written content into different languages is but one of the many steps to take. Let me point out to you just 5 of the essential ones to keep in mind:   1. Can Your Current Web Hosting Solution Handle That Amount of Traffic? Let's take this hypothetical (yet not impossible) scenario: You've been selling custom-designed stationary in Canada for a while now. Your eCommerce website's server is in Vancouver. Still, your Canadian customers just don't seem so “mesmerized” with your hand-crafted products as you expected them to be. So, what do you do? You go global! You start selling your stationary in... South Korea, as well, and online orders start to ramp up.  But your web hosting provider doesn't have servers in Asia, as well, to back you up with, and so the page loading speed on your website gets close to... lousy. There are scripts, files, images to be loaded and to all these all too common heavy-weighing factors, now you add the distance factor, as well...  Your server just can't handle it... In this hypothetical case here, you have 3 viable solutions at hand:   you supercharge your website with a CDN for high speed you replace your current provider with another one that can provide you web hosting globally you upgrade your current hosting plan, opting for one that can handle higher volumes of traffic   It's up to you how you'll equip your website to cope with the expected larger-than-normal amount of traffic.   2. Is the Used Imagery Culturally Relevant for Your International Audiences? And yes, when designing for a global audience you need to consider this aspect, as well: Will all the international audiences that you're targeting resonate with the images displayed on your website? Do these images convey the same message, irrespective of culture, location, spoken language...? Are there any culture-specific meanings or symbols that you might have overlooked? Make sure they're not “packed with” references that a global audience wouldn't understand. Or risk misinterpreting... And, above all: Take your research seriously when you're planning to reach global audience; ensure your site's imagery can't get interpreted as offensive in some of the cultures that you're targeting.   3. What Do Your Chosen Colors Symbolize in Different Cultures? Make sure that you base your color choice on an in-depth research on the color symbolism in different cultures. And not solely on aesthetic aspects. In this respect, the examples of colors having both positive and negative connotations, depending on the cultural area, are numerous: Take white, for instance, a color that means both cleanliness, innocence or/and... death (in China). Choose your color palette wisely and do not leave the selection up to your designers entirely. Designing for a global audience is no more than a compromise, after all: You trade visually-striking design for a globally-relevant one. One that's both... global and local.   4. Remember to Use Hreflang Tags when Designing for a Global Audience  Why bother?  Well, you could take the hreflang tags as some kind of “traffic signs” indicating to  the search engines:   that the content on your website has been translated into multiple languages precisely which version of that content they should deliver to your site's visitors, depending on their location   As for how you can add them to your site's content, the Moz team has a more than “enlightening” blog post on the topic of hreflang tags, so I'm not going to get into details here. Now, let's move on to the last point on my list of aspects to pay attention to when designing for a global audience:   5. Is Your Website Optimized for Globally Accepted Keywords? And “globally accepted” sure doesn't come down to: Showing the translated version of each one of your target keywords each time it shows up. Now, let's take this common example: What if you're optimizing one of your site's pages for the keyword “dinner recipes”, but in some parts of the USA the equivalent “supper” is more frequently used? Then, you'll need to:   do your own research on all the possible keyword variations  account for them when doing keyword optimization on your website's pages   Et voila: these are just 5 of the essential aspects to consider when designing for a global audience. As you can see, translating the words on your website is just the very base of the “pyramid” of techniques to apply for avoiding common gaffes when you go global. That if you want to do it the right, of course... Photo by Kyle Glenn on Unsplash. ... Read more
Adriana Cacoveanu / Sep 11'2018
Should I Use Docker in Production Environment? Is It Safe? 
“Should I use Docker in production?”  Are you "torn” between: Docker's superpower as a container platform and all the security concerns related to the Docker model? “Seduced” by the names of all those giant companies — Twitter, Google, Amazon, eBay, Netflix —  who're already using Docker containers in production? Yet, still skeptical and hesitant to run them in production environment considering all the signaled data management issues?                     Now, instead of letting this question turn into a “haunting” dilemma, you'd better dug for some answers. Find out:   whether Docker is right for your own unique project, as well how a container infrastructure works (compared to a traditional environment)  what it takes to use Docker in production which are the common misconceptions and issues with Docker in production   And, most of all: based on your own use case, should you be running Docker in production environment or not?   1. The One Question to Ask Yourself: “What Will I Do with Docker in Production?” Before asking yourself:  “Should I be using Docker in production? How safe is it?” … you'd better answer one critical question: “What will I do with Docker in production?” And toying with the thought of using Docker containers does require a reevaluation of your system's whole infrastructure. From the ground up:   How will you monitor Docker containers in production? How will things be deployed? How will backups be performed? What about updates? How will they be handled?   Also, while giving yourself some realistic and straightforward answers to all these questions, try to consider different attack vectors, as well:   What services will your Docker containers get access to? Are you able to restrict their access to the host system? And what kind of “privileges” will they get?      So many things to clarify before you can ask yourself: “Should I use Docker in production?”    2. Container Infrastructure vs Traditional Environments How does a Docker container infrastructure work? It's critical that you fully understand what sets it apart from a traditional environment before you can assess whether it's safe for production usage in your project or not. Unlike traditional environments, where a sysadmin would normally run upgrades and restart services, in container infrastructures, containers are read-only, immutable... elements. In other words: security upgrades won't happen inside your Docker containers; for these upgrades to run, you'll need to redeploy newly upgraded versions of your containers. Note: since developers can push containers to your platform, you should define and enforce custom policies to limit the no. of privileges assigned to each one of the containers in your infrastructure.   3. 2 Most Common Misconceptions about Using Docker in Production Since it hit the systems scene (2002) and quickly “stole the show”, Docker's generated a lot of misconceptions. And probably the most common one (that all the other ones stem from) is that: "Docker's ridiculously easy to use; it's a “one size fits all projects/use cases/infrastructures...” type of technology." Well, not quite... Now, let's “bust some Docker-related myths” once and for all:   3.1. Running Docker in Multi-Host Production Environments Is (So) Simple It's almost grown into a universal truth that: Using Docker even in a multi-host production environment is... nothing but a child's play. It is technically possible, indeed, yet, it's far from simple! Before running Docker in a multi-host network —  in a robust and safe way, I mean —  you need to consider and to put in place the proper management of a whole lot of variables:   orchestrating container deploys with no downtime at all managing container logs ensuring that the private image repository's 100% secure managing container logs properly handling all container deploy roll-backs   And the list is almost a never-ending one... See? Sure, big companies manage to use Docker in multi-host production environments and to successfully handle all the above variables, yet the process's anything but trivial.   3.2. It's OK to Blindly Jump into Docker, No Matter The Infrastructure Tempted to go from “Should I use Docker in production?” to “I should/can definitely use it straight away!”? And this is yet another misconception that has grown out of the general idea that using Docker requires zero preparations; zero planning and evaluation of your current infrastructure. That it's conveniently easy to use and it fits all use cases. Wrong!  You need to take a whole lot of aspects into account before using Docker in production: It requires a robust, stable foundation/infrastructure! In other words, if your current system does not have:   an automated system setup  a fully secured least-privilege type of access automated deploys easy-to-be-restored and 100% secure database backups and more   ... you should reconsider using Docker in production ASAP. Or at least postpone your plan till you've filled in all those cracks in your systems' infrastructure...   4. Choosing the Right Path From Test Environment to Production Environment The very first step to take for “leveling up” from running Docker in your test environment to using it in production is: choosing the right path. This can be either:   predetermined by your own project's particularities (project-specific constraints such as a specific cloud service or datacenter)  DIY a rented cloud service a pre-made platform   Choose your path wisely!   5. 3 Key Aspects to Take into Account For a Smooth Production Usage of Docker   5.1. The Docker Engine: Tweaking Its Default Settings Is a Must As I've been trying to stress out here: Running Docker in production does require certain preparations and considerations. For instance, once you install the Docker engine to your distribution of choice (Ubuntu or Red Hat or... another one), you shouldn't stick to its default settings. They're not suitable for production usage! Therefore, it will require some tweaking so that your Docker engine can handle the load once in production environment. Moreover, your engine will be in charge of running the containers and nothing more. When it comes to:   cleaning up containers … volumes … logs   … these are all your configuration's responsibility. And 2 more words of caution/pieces of advice:   keep in mind to check the graph driver (go for Overlay2 if it's the latest version of kernel that you're using) keep both your Docker engine and the kernel safely up-to-date    5.2. A Well-Built CI/CD Pipeline Can Save Your Life And it's just partly an exaggeration... For once you run your Docker containers in production and you need to handle a complex infrastructure of services, having a reliable pipeline in place can do wonders. In short: if you don't automate the process of moving your containers across all the 3 stages of production — build phase, test phase, deployment phase — you'll go nuts... Tip: remember to script everything; also, to version control each and every script and configuration.   5.3. Security: Handle It Properly, Right from the Testing Environment In other words: no matter how tempted you might be to overlook this aspect once you finally have Docker running properly in production, don't underrate the security issue. Moreover, you should give it due consideration right from the testing environment... Once you deploy your Docker containers in production environment, be 101% cautious and vigilant to detect any network vulnerabilities threatening your data.   6. “Should I Use Docker in Production?” Is It Safe? Is It Efficient? Back to our initial question: “Is it safe to run Docker in production environment?” My answer to you is: It is, as long as you take into account all the above-mentioned technical aspects and variables and as long as you adopt the best practices for using Docker in production. Meaning:   applying updates running your CI tests automating... everything closely monitoring your Docker containers once in production using the available tools running only current versions running only one process per container  “supercharging” your orchestration tool with all the appropriate security measures (Kubernetes, Swarm, Titus, DCOS etc.)  etc.   In short: Docker is only as safe as its users' implemented safety measures. Technically, it can be used in production.  When it comes to safety, Docker's come a (really) long way since its early days.  With:   a whole set of best practices in place appropriate powerful tools to use for securing it ... Docker's once glaring security flaws (e.g. less isolation of containers as compared to virtual machines) now seem like a bad memory from its old “experimenty” stage. Yet, to your “Should I use Docker in production?” type of question I can only answer: “You should, if you don't do it blindly and you commit yourself to following the best practices”   7. In Conclusion... If I was to sum up, into a “shortlist of commandments”, all the recommendations, words of caution, clarifications, and explanations here-above, it would go something like this:   don't jump blindly into Docker; take your time to think through all the involved aspects keep in mind that it's far more unlikely for an attacker to exploit an insecure Docker container in your system than to... tap into social engineering for getting his hands on the password Docker's an extremely powerful tool, so running it on top of an unstable infrastructure is pretty much like driving a sports car on a pothole-riddled road ... Read more
RADU SIMILEANU / Aug 31'2018
How Do You Restrict Access to Content in Drupal 8? 6 Modules That Will Do the Job for You
We all love Drupal's granular permission and access control system! And yet: its life-saving hierarchy of user roles and permission levels is strictly for creating/editing content. Since Drupal wrongly assumes that all site visitors should be able to visualize all published content, right? But what if this default assumption doesn't suit your specific use case? What if you need to restrict access to content in Drupal 8? … to limit users' access to certain content on your website? So that not all visitors should be able to see all published nodes. In this case, Drupal's typical access control system for creating and editing content is not precisely the functionality that you need. But there's hope! And it comes in the form of 6 Drupal 8 access control modules that enable you to give content access of different levels, ranging from “average” to “more refined”.   But First: An Overview of Drupal's Typical Access Control System  Now, we can't just jump straight to the “more sophisticated” content access solutions in Drupal 8, not until we've understood how its basic access control system works, right? As you can see, in the screenshot here below, the logic behind it is pretty straightforward: while in your admin panel, you need to access the People menu > Permissions and there, you just assign different user types (authenticated, admin or anonymous) with specific sets of permissions (to administer blocks, to post/edit comments, to modify menus on your Drupal site etc.)   As you can see, Drupal's typical access control system is not configured so as to enable you to restrict visitors' access to specific content on your website. Or to limit user access to a more granular level other than the standard “logged in/not logged in user”.   1. Access by Entity   If you're not looking for anything “too fancy”, just a straightforward functionality for controlling access to view/edit/delete content entities, then this module's THE one. And here are 2 of its most common use cases:   you define some access-restricted premium content areas on your Drupal site, for “privileged” user roles only you grant publish/edit permissions to certain groups on your website, having specific predefined user roles   2. Content Access Definitely a go-to module when you need to restrict access to content — to specific content types — in Drupal 8. It enables you to:   set up specific access control roles define custom granular restrictions based on different user permissions (you could, for instance, limit access to certain content on your website for non-authenticated users only...) set up content types with restricted access    Note: do bear in mind that, once you've enabled Content Access, you'll need to rebuild your entire “collection” of access content permissions. The module is going to alter the way they work, that's why. Tip: if you need to control access to content nodes on your Drupal 8 site, this module's built to help you “refine” your restriction; for that you'll just need to define some more detailed permissions in People menu >  Permissions tab.   3. Permissions by Term A lightweight solution to restrict access to content in Drupal 8. One that enables you to set up access-restricted content sections on your website. Now, what makes it stand out from the other 5 modules in my list here is: The refined, taxonomy term-based restrictions that it allows you to create for specific nodes on your Drupal site. You can limit access to these nodes for:   specific user roles certain individual user accounts   How do you set everything up?   first, you enable the module then, on the term edit page, you define a specific role access for each taxonomy term  And there's more to look forward to!  Unlike Organic Groups and Group, the Permissions by Term module comes with very little overhead, in the form of light contributed code. In other words: for the taxonomy terms-based access control that it enables you to set up, it adds a new field to your current content types. That's all!   4. Node View Permissions When it comes to Drupal role-based access control (to content types or nodes) this module's simple, straightforward approach is exactly what you need. Not as “sophisticated” as Content Acess, yet conveniently easy to configure and to maintain. And also, the perfect choice if it's just a basic kind of content type access restriction that you need to set up. Summing up its functionality now, what you should know is that Node View Permissions enables you to define 2 types of... permissions:   “View any content” “View own content”   … for every content type listed on your Drupal site's Permissions page.    5. Group          It enables you, as the site admin, to structure content into... groups. Different group types, with their own hierarchies of group roles:   anonymous member outsider (a logged in user, but not a group member) other group roles that, as an administrator, you'll need to create   Needless to add that with Group you'll restrict access to content in Drupal 8 based precisely on these group roles that you'll set up. Furthermore, it allows you to define:   the most suitable permissions (view/edit/delete) for specific content types the most appropriate group roles   … per group type.  And the best is yet to come: All group types, group roles, group/content relationships are set up as entities. Meaning that they're fully fieldable, exportable, extendable!   6. Taxonomy Access Control Lite It's a restricted access to nodes, based on taxonomy terms, users and roles, that you get to define using this module: A user role-based access control... Note: mind you don't forget that, in order to restrict access to viewing/editing nodes on your Drupal website, you'll first need to reconfigure the existing user permissions. The END!  A bit curious now: which one of these solutions, ranging from straightforwardly simple to most refined, would you go for to restrict access to content in Drupal 8? ... Read more
RADU SIMILEANU / Aug 30'2018