Warning: Cart66 Vulnerability

UPDATE: Please see this follow-up post.

Last summer we were working on an e-commerce site that integrated Cart66 with WordPress. As part of the development effort there, my team at Crowd Favorite discovered a vulnerability in Cart66.

We reported this to the Cart 66 team on July 11, 2011 and received the following response on July 12, 2011:

Alex,
We are aware of this issue and are working on a solution. I dont have a date for the fix but we’ll keep you posted.

Last week (on April 10, 2012) I received the following email:

Hello Alex,

We haven’t heard from you in 3 or more weeks so we are going to go ahead and solve this ticket. Do not hesitate to reply if you have any further questions.

My guess is that this is an automated email generated by their ticket system, but it reminded me I’d never properly followed up on the issue. We tested the current version of Cart66 (version 1.4.5) and the vulnerability is still present.

At WordCamp San Francisco last summer I posed a question during the Q&A session to get input from others on the best way to handle this situation. The agreed on course of action was to:

  1. Responsibly disclose the issue privately to the developer.
  2. Give the developer time to address the issue.
  3. Go public with the information if the issue is not addressed (it’s more important to let the users of the software know about the issue than it is to extend any “security by obscurity”).

As such, we plan to release the details of this vulnerability in two weeks (on April 30th).

We sincerely hope that the Cart66 team will address the vulnerability with a release that fixes the issue before this time (and responsibly notify their customers of the issue and the importance of upgrading). However, given the overall lack of response we’ve seen from the Cart66 team on this issue, my recommendation would be to evaluate other e-commerce solutions.

Mac Window Positions

I started the following post back in August of 2011; Sean’s comment on my previous post prompted me to dig it up.

Now that I’m back to using a laptop full time, I’m right back to the old hassle of having my windows scatter all over the place when I connect and disconnect an external display. It looks like this is an annoyance I share with others, as there are a bunch of utilities out there that hope to solve this problem:

I evaluated a variety of options:

I can’t remember the details of each at this point, but I tried a couple of them for a week or so each (pretty sure I did both Stay and Display Maid, can’t recall on Size-Up or Optimal Layout).

After evaluating a few options, I saw the same problems consistently:

  1. While windows would be restored most of the time, they wouldn’t be restored all of the time. The difference here was better than default OS X window handling, but not that much better.
  2. There was no option to pull all apps to one desktop when plugged in to a monitor, then distribute them again when unplugged. I’m assuming this is an API/SDK limitation as this seems like a pretty obvious feature idea.

The solution I ended up with is less than ideal: let OS X handle the window distribution and learn to work on a laptop with only a single desktop. I still go back to multiple desktops if I’m going to be unplugged for a long stretch of time, but moving things back and forth between desktops is way too fiddly.

I’m certainly open to better solutions (or new ones that have come out in the last six months) – suggest away in the comments.

Restore Terminal Window Size in OS X After Unplugging Monitor

I’ve generally loved the move from multiple machines to a single laptop (that I plug in to an external monitor when I’m at my desk). A minor hassle that I have to deal with a few times a day is resizing windows that have been “adjusted” when I unplugged from my monitor.

For example, my terminal often goes from this:

Terminal (normal)

to this:

Terminal (tiny)

I found that in BBEdit you can hit Cmd+/ to restore a window to it’s expected size. I then discovered that Terminal.app has a “Return to Default Size” item under the Window menu. A quick addition in the Keyboard prefs:

Keyboard Prefs

and I can now use Cmd+/ to fix my Terminal.app window size as well.

I see three reasons for the Instagram acquisition:

1. Talent
2. Idea
3. Product

If 1 or 2 are the primary reason, the product dies.

17 Replies

70% of the Problem

There was a pretty good tempest in a teacup regarding Readability over the last few weeks. While I’m sure I didn’t exhaust the available material, I did read the articles I linked above as well as a few others. I link to these because they were written by folks I’ve known well by reputation/production (and…

1 Reply

The right balance is between making only the changes necessary while making enough changes to keep things elegant.

1 Reply

Pro tip: If you’re using a string that can be localized as a key in your “next step” code block, you’re doing it wrong.

1 Reply

I had a handful of the songs but somehow I didn’t have the entire Lyle Lovett “The Road To Ensenada” album. Situation rectified.

Spring in Colorado

7046640971_5e4b7d57f9_b

The trees fall for this every year; it’s like Charlie Brown trying to kick that football. They blossom too early and get surprised by snow a few days later. IT’S A TRAP!

On Paper

Paper for iPad

Quite simply, Paper is the best app I’ve seen in a long time.1 It just turned my iPad from a device I leave at home for email, browsing and playing games to a business tool I want to have with me all the time. Over the last six months I’ve been using paper sketches more…

22 Replies