London Magento Meetup
London Magento users group – March 2016:
Security, Inventory Syncing, and Migrating Data from Magento 1 to 2
The London Magento Users Group is the largest and most active Magento meetup group in the world, with over 1,100 members and meeting on a monthly basis. Last week we attended their March event which was filled with pizza, beer, wine, and nearly 60 Magento enthusiasts, plus another 28 viewers watching on the live stream. The whole event is on video here and below is a summary of what went down.
Talk 1: Magento security, by Piotr Kaminski
“In Magento 2, they’ve done away with issuing stand-alone patches to fix security problems.”
The night opened up with a remote video presentation from Piotr Kaminski, senior product manager at Magento. He’s been with Magento since way back in 2003 as a programmer, and now he’s responsible for all of Magento 1, Magento application security, and the Magento 2 developer experience and translations.
Piotr gave a riveting talk about Magento’s security, starting with a brief history to better understand what led us to where we are now. He also gave a fascinating recap of the exploit in early 2015 which really woke up merchants to keep their Magento servers up to date with the latest security patches.
He then reviewed some of the ways Magento stays ahead of hackers: extensive code reviews, penetration testing, and a very successful ‘bug bounty’ program which rewards community members for reporting security bugs. They’ve also improved their communication about security: setting up a dedicated security alert newsletter, writing a detailed best practices guide, and broadcasting their alerts far and wide in the community to remind merchants to patch as soon as possible.
I thought the biggest change was in Magento 2. In Magento 2, they’ve done away with issuing stand-alone patches to fix security problems. They’ll only issue minor release versions, so instead of worrying about whether you’ve applied the right patch, you simply upgrade to the newest release. This should takes much of the burden off merchants and make it easier for them always stay secure.
Here’s a list of Piotr’s security recommendations:
- Sign up for Magento’s Security Alert Registration: no spam, it’s only for security alerts, so don’t wait – sign up now!
- Read Magento’s Security Best Practices guide.
- Get rewarded for finding security bugs? Check out Magento’s Bug Bounty program.
- Try MageReport.com for scanning vulnerabilities on your website. It’s not 100% perfect, but it’s a good start.
- Have your developers watch Talesh Seeparsan’s YouTube channel, it’s great for security training.
Talk 2: Integrating inventory management into Magento, by John Dixon.
“Front end performance can be affected with as few as 10 products updated in bulk via Magento’s API.”
Next up was John Dixon, product manager at BrightPearl. One of BrightPearl’s features is to maintain real-time inventory information, and John reviewed a number of the questions and challenges that they faced when they integrated this feature into Magento. In one part that stuck with me, he highlighted how background API updates affect front end user experience — even bulk updating the stock of as few as 10 products.
He then presented a series of key questions to answer when considering how to update and manage orders and inventory. In one illuminating story he discussed how fast they thought that their order-syncing processes were, until a customer launched a flash sale and the orders spiked much higher and it couldn’t keep up. He also noted the importance of having a backup plan for when there is an outage in the synching processes, because it’s bound to happen at some point, so that you can recover quickly without affecting sales or customer experience.
Talk 3: Migrating data from Magento 1 to 2, an experience report by Marcin Szterling.
“There is no silver bullet solution.”
The last talk was by Marcin Szterling, lead Magento developer who lifted the hood on migrating data from Magento 1 to Magento 2. He launched with some of his conclusions: It’s not a 1 day task, there is no silver bullet solution, and you will need to do some cleanup on both the source data and the migrated data. In a nutshell, “Reserve time for it and prepare for battle!” His own migration took over three weeks, though he also was doing a lot of research along the way.
Then he went into detail about his experiences using each of the migration tools available today: Magento’s official tool, Ubertheme’s tool, Cyrill Schumacher’s tool, and using a .csv based export/import. In the end, Marcin heavily modified Magento’s tool to achieve his migration, and even then he still had to do a lot of clean up work on the resulting data. So it appears that today’s migration tools just aren’t robust enough, yet, to make this migration a painless process. He also shared an interesting link to Alan Kent’s blog post about how Magento is planning the evolution of their M1 to M2 tool.