Blog

  1. Magento 2 in DTAP Environments

    Quality control by using DTAP

    Larger companies usually have multiple people involved in a Magento 2 project, including several developers, project managers, internal customers, end customers and other steakholders.
    All these people benefit from a properly maintained and properly running Magento 2 webshop.

    To properly maintain the quality of a webshop there's multiple factors in place besides the development process itself, including but not limited to the proper use of version control, project managmeent, release management, unit testing, functional testing and more.

    To facilitate this, companies usually use multiple environments to run the project on, which allows developers to efficiently develop code without others constantly being stopped in their tracks while code is still buggy or in active development.

    This is where DTAP usually comes into play. This short blog is ment as a technical guide into how to quickly and effectively manage a DTAP environment for your Magento 2 projects.

    Read more »
  2. Semantic Versioning for Extensions

    Semantic Versioning for extensions

    Semantic Versioning for Extensions

    So you are either looking for the best way to provide versioning for your extensions or maybe you do have a working versioning system and are looking for ways to improve it. This blog gives you our perspective on future-proof extension versioning. It does not matter if you develop extensions for Magento 2, WordPress, Drupal or any other third-party platform. This Semantic Versioning Model allows you to build a bulletproof solution which will work properly for years. It is designed to be able to be linked to the versioning of the platform, allowing customers to stay up to date without having to worry about installing a version which breaks due to platform incompatibility

    Read more »
  3. Hacking with Docker | For Fun And For Profit

    Hacking with Docker | For Fun And For Profit

    Why a blog about hacking with docker

    Many companies allow their customers to see / manage the docker containers by allowing them to be in the docker group. After all, tts very easy to say "Just hop on to the php container to do your work".

     

    Due to the way docker works, the docker engine needs escalated privileges to manage its containers and that means, anyone in the docker group, effectively has root access to the server.

    Your customer might not know this, but malicious users, who can beg, steal and borrow your customers ssh credentials, most definitely will.

    In our example, we've given our user sudo rights, but effectively you can achieve everything, including spionage.
    As an actual recent case, i had to modify SSH information to allow PasswordAuthentication and to force the server to reboot.

    To force the host to reboot from a container, you can add: -v /dev:/dev:rw to the docker run command.
    From there on, if you type reboot inside

    Read more »