Building Tools For A Better Patching Process

On May 31st, Magento announced security patch SUPEE-9767 and Magento Enterprise Edition v1.14.3.3. These security updates address 16 separate platform vulnerabilities, 8 of which are considered high severity.

The patch notes call for manually updating a setting in the admin panel prior to deployment.

Before applying the patch or upgrading to the latest release, make sure to disable Symlinks setting in System > Configuration > Advanced > Developer > Enable Symlinks. The setting, if enabled, will override configuration file setting and changing it will require direct database modification.

Magento SUPEE-9767 patch notes

This step is required to properly implement the fix for the vulnerability identified as “APPSEC-1281”, which Magento has classified as high severity.

This setting must be set to “No” for patch to be correctly applied

As part of our patch assessment process we decided to build a small Magento module which automates the steps required to toggle this setting. Not only does this save us time as we roll the patch out across our client base, but, more importantly, it helps reduce the risk of human error during patch implementation.

We’ve made the module publicly available through GitHub. Hopefully this helps improve the process of patching across the entire Magento ecosystem.

Happy Patching!

Written by: Max Chadwick, Senior Programmer

Rolling Out MasterCard 2-Series Compatibility at SD – Part 2

In part 1 of this series we looked at the high-level process of how SD rolls out updates that impact its entire Magento client base. Specifically, the following questions were posed:

– Which versions of Magento are affected?
– What options are available to remediate the issue?
– What are the potential pitfalls developers will encounter when applying the required fix to the code base?
– How can we QA the fix to confirm it has been correctly incorporated into the code base?
– How quickly does this change need to be rolled out? (E.g. security patches need immediate response, changes such as Mastercard 2-Series compatibility can be scheduled in advance)

This blog post will answer each of these questions individually, using the example of the Magento 2-Series compatibility changes.

Which versions of Magento are affected?

The fix for 2-Series compatibility was incorporated into Magento 1 Enterprise Edition version (Community Edition version and Magento 2 version 2.1.3. Therefore, any client running Magento 1 less than version or Magento 2 less than version 2.1.3 is affected.

What options are available to remediate the issue?

The issue can be remediated by upgrading the Magento code base to a version that includes the fix, or applying a Magento supplied patch dubbed “SUPEE-8967”. Something Digital prefers upgrading clients to the latest version of Magento whenever possible, but sometimes it is impractical, in which case patches may be applied.

What are the potential pitfalls developers will encounter when applying the required fix to the code base?

Magento is a highly extensible platform. This is a feature that makes it attractive to developers and merchants alike. However, with this flexibility comes the power to make customizations that lead to incompatibility with future Magento updates.

Specifically, in the case of the Mastercard 2-Series patch, there are the following risks (warning, technical jargon follows):

– validation.js, the JavaScript file which validates credit cards may be overridden in the local theme.
– The site may be using a custom payment method that implements its own validation logic, separate from the fix to Mage_Payment_Model_Method_Cc provided by Magento.

How can we QA the fix to confirm it has been correctly incorporated into the code base?

Given this risk, it is important to find a QA process that the can followed to ensure the fix has been applied correctly.

In this case, we can confirm the patch has been applied correctly by ensuring we can get past the “Payment” validation section of checkout. We can use a testing credit card number for this – Authorize.NET lists a couple. If the patch has not been applied correctly, we’ll see an error like the following.

If everything is OK, we’ll get past Magento’s validation and the transaction will be sent off to the payment gateway.

How quickly does this change need to be rolled out?

Sometimes, these types of changes need to be applied very quickly. For example, when the shoplift vulnerability was announced, SD worked to get its client base patched as quickly as possible.

In the case of the Mastercard 2-Series, there was roughly a one month window over which SD could review and roll out the patch.

Talk to Us

We’d love to tell you more or answer any question you have about Mastercard 2-Series compatibility, or our process in general. Contact us if you’d like to hear more. We’re looking forward to hearing from you!

Written by: Max Chadwick, Senior Programmer

Phillip Jackson – Keynote at Meet Magento Sweden

We are casting a spotlight on SD’s Phillip Jackson who will be giving the keynote speech on May 30th at Meet Magento Sweden (that’s right I said keynote, hold the applause until the end please). Now I’ve had the pleasure of witnessing a few of Phillip’s talks and let me tell you, they do not disappoint. In this talk two-time Magento Master Phillip Jackson will talk about the failures and challenges that led to success in his career, and the changes coming in our industry which may prove that the hardest battles are still ahead of us.

Here’s a little snippet of his talk:

“Success takes many forms – but the most satisfying is achieving personal success. Personal success can best be described as reaching your own personal achievements. Along the way we all face trials and hardship – and it’s our determination and perseverance that leads us to having satisfaction with your life and career.”

For those of you that aren’t familiar with Meet Magento, it is one of the leading conference series worldwide. It focuses on business, ecommerce, the Magento platform and the regional ecosystem. By focusing on these areas it covers all important ecommerce markets.

Yes we know this conference is all the way in Sweden but I have a few words that may convince you, ‘Phillip Jackson and Swedish Meatballs.’ How could it get better than that? Make sure you get your tickets before they’re sold out!

SD Partnership Profile: Logic Broker

SD Partnership Profiles: Logicbroker

The Logicbroker relationship started in early 2013 when our Director of Interactive Software, Jon Tudhope, needed to identify a Magento extension that delivered EDI translation. We were pitching to a large, multi-national apparel brand, and of course they needed a quick proposal. We started to look at Logicbroker, which was the leading technology in the space. They were immediately responsive and helpful, so we took a deeper look into forming a partnership.

Could we check the boxes for characteristics of a quality partnership (see original post)? Here’s what we found:

Quality of product or service

They had an easy-to-implement Magento extension with a history and an intuitive architecture.

Flexibility of engagement structures

They were willing to work with us on a POC, and they offered multiple, transparent pricing objects.

Trust between the organizations

This had to develop over time, but we started dealing with individuals who could commit the company, so their word was more powerful than in other instances when we dealt lower-level salespeople.

Availability and quality of the client-service team

We were given direct access to their developers and collaborated with them to craft a solution.

Access to leadership for escalation

Within weeks, I was meeting the CEO for pizza at a conference in Chicago and playing in his foursome at a local golf outing. Suffice it to say, I was at the top of the organization.

Understanding that good services businesses serve their clients, not their vendor partners

This philosophy has been tested multiple times, and—like trust—it can’t be validated in the short-term. But these guys exemplify the client-first perspective.

So yes, check the boxes for Logicbroker. Not only are they the the kings of the EDI and drop-ship automation space for Magento, NetSuite, and others, but they would make for a great SD partnership. They started with a small, niche play, and they’ve grown their product through hard work and faith in their vision.

In short, we love these guys. Just completed some roundtable Q&A between Logicbroker’s CEO Peyman Zamani, their VP of Digital Commerce George Heudorfer, and me. Here’s the transcript of our conversation.

Jon Klonsky: Peyman, what inspired you to start Logicbroker

Peyman Zamani: About 6 or 7 years ago, I was still at Office Depot running ecommerce and doing some other things. I saw these powerful platforms bursting on to the scene—Magento, BigCommerce, Demandware. It was getting easy for people to set up their own web shop and process orders. They could go from 0 to 10 to 100 million dollars a year pretty quickly. But then I realized that everyone was neglecting the middle part—what was happening on the backend. Connecting to suppliers, fulfillment centers, drop-shippers, and order processing.

Everyone was thinking that the customer experience was about a great looking website and a great product assortment, which it is—but only in part. Ultimately when you attract those customers and sell to them, you still want to make sure the products are delivering on time, and the tracking and delivery notification happen properly. That’s also a part of it. And for the merchants, they need to ensure orders don’t short-ship or overship.

So I thought, wouldn’t it be great to create a platform that does all that. It would have to account for the older technologies like EDI or flat file data transfer that companies are still using in their warehouses and 3PLs. But it would need to modernize the supply chain data integration. That was the vision.

And also I was turning 40 (laughs). It was time to leave the Fortune 500 company, do my own thing and have a great story to tell my grandchildren. So that was the inspiration.


JK: So George, over to you. What role does Logicbroker serve in the ecommerce ecosystem?

George Heudorfer: With Logicbroker our Tag line—if you look at our logo—it’s “connecting your ecommerce ecosystem.” And I believe that’s where we present the most value. It’s providing the connectivity for the fragmented systems that play a role in ecommerce. Everyone is striving to launch a great ecommerce presence. But often behind the scenes, the systems are disparate, and it becomes very expensive to do these one-off integrations at any type of scale. With Logicbroker it’s very easy to onboard new spokes to that hub and leverage the now existing infrastructure to quickly add additional spokes: a drop-ship supplier, a big-box retailer, a marketplace, or a pure-play e-tailer. And it’s not just the connectivity, but it’s some of the performance management. It’s the overall enrichment that Logicbroker brings to that order lifecycle.


JK: What type of merchant should want to incorporate your technology? Obviously you’re not for everyone.

PZ: Correct. Any merchant that is serious about growing their online business could essentially take advantage of our technology. If they want to grow it by offering product to drop-shippers, if they want to simplify their warehouse integration, if they need to improve their 3PL integration, or if they need to automate to accommodate a growing order volume. Those are great merchants for us.


JK: Can you describe your most unique implementation?

GH: Part of the uniqueness of Logicbroker as a platform is that although each integration is slightly different. We’re using the same infrastructure for every implementation, but configurations are unique to each client.

If I can think of a specific example, we’re working with one of the world’s leading brands in the apparel space. They happen to run SAP as their ERP system. We started integrating with their Magento store for ecommerce, and they’re a pure EDI play. It was an acquisition they had made. They needed to be up and running very quickly. With Logicbroker, they could feed order information to their ERP as EDI. As strange as that is—they sent EDI to themselves and then back to themselves to close out shipments and keep inventory in synch.

From there, we grew that integration to connect not only the Magento store, but also ecommerce properties around the world. So APAC was a big play for them—to be able to bring in order information. But that didn’t come across as EDI, they went with an XML interface. It was very simple for the SAP side to be able to consume information in a simplified, standardized format, and then Logicbroker to organize the spaghetti for each of the ecommerce properties and their details.


JK: That’s very interesting. Were all of the properties on Magento?

GH: They were not.


JK: So Logicbroker integrates cross-platform also.

GH: It’s cross-platform. There’s a Shopify connection—which we haven’t released just yet. And there are marketplaces and big box stores sending orders via EDI, XML, and CSV for the B2B division. But to SAP, it comes in the same format every time with a different ID, based on the originating order.


JK: So George, what distinguishes your approach to client service?

GH: At Logicbroker, attitude is a reflection of leadership. There are lots of great technology solutions out there. We differentiate ourselves on the operations-plus-technology model.

We’re dPaaS (Data Platform as a Service), and we offer that white glove model, so we invest very heavily on our resources. They’re not only up to date on technology in our sector, but also have training and roots in supply chain automation.

Our clients don’t just get a username and password to our software along with a “best of luck.” That’s not the way it works, and it’s not the way we’ve seen clients be successful. It’s dedicating a point of contact who owns all things with that client and becomes the liaison with our development resources here at Logicbroker, our communications experts, our EDI mappers, our business team. All that flows through the dedicated point of contact. And that really is unique in our space. We size our company in a way that makes sense. We can scale that because our software scales, and ultimately deliver our customers not only a faster, but a more pleasant implementation.


JK: Do things ever go badly? How do you respond in those instances? Because from my perspective, that’s what people really want to know.

GH: I would love to say that everything always goes perfectly–but things do go wrong. And when they go wrong, the first thing from our side is we want to be an organization that lets all parties involved know that things have gone wrong.

Responsiveness is key. We have monitoring in place to alert us and ultimately our clients and trade partners. Even if we don’t have the answer, we want to at least raise the flag and say, “we’re looking into this. This may be something small or a symptom of something larger.” And then we get the right people engaged from our side. We not only provide the data, but also the tools and services to remedy things swiftly.

PZ: And just to add–Things go wrong, like George was saying. But luckily, over the years, we’ve been exposed to the ways things can trip us up. Maybe an FTP connection is down, or something happened with a certificate on the other side, or something else is going on. We can now anticipate where the problems might be, and we have field monitoring that alerts us immediately. I always told my product folks that if we have a problem, I want us to know first—before the customer. And we built our monitoring tools with this philosophy.


JK: How about both of you tell me something about your corporate values?

PZ: We’re very good at balancing work and life. We work really hard. Everyone here puts in maximum effort—not because I tell them to, but because they love what they do. We do cool stuff, and the team is responding even during the nights and weekends. If the customer asks for something, we’re responding.

But we also value the personal time that people need. If someone leaves early to go to a kid’s recital, or they volunteer for the robotic team, or they’re sponsoring a charity event; they’re encouraged to do those sorts of things. And the personal seems to extend to the client relationships—where clients tell us about going to a kid’s swim meet or to a fundraiser. We’re a relationship company, which is key for our success and corporate values.

GH: Everybody is very much invested. People here are great teammates. We care about each other; we care about the platform. We OWN the car. We’re not renting it, and it’s not a punch-the-clock type organization, where you come in from 9 to 5 and you hide in a cube. There are a lot of great organizations where you can do that, but the people that we bring on want to ensure that they get a taste. We move fast here. We’re nimble, and we have big goals. We’ve got a clear vision on where we want to be in 6 months or a year from now. We want to make sure we have the right people; we have the right seat on the bus for them that can help us all execute on that vision.


JK: Peyman, care to talk about your vision for growth? Keep it high-level.

PZ: I want people to think about Logicbroker when they think about supply chain data integration or data management or EDI in a digital commerce world. I want the them to just say Logicbroker—like “let’s just Logicbroker it.” The same way people use the term “Google” instead of “online search.” Did you Google that idea? We want to become a verb.

The market is very fragmented, very large. Some our competitors are generating lots of revenue from old technology. So we’re going after business with newer and better technology and better people. We can move faster and do more with what we have, and the industry is starting to recognize.


JK: What’s the strangest thing you ever purchased online?

PZ: Racks to set up my wine cellar.

GH: I was in a bar in Chicago, and I saw this amazing picture. It was black and white, and it just struck me. It was this giant science building at what could have been a university. It was completely engulfed in flames. And at the front of the building, in the snow, there was a football game being played. It was actually at Deerfield Academy in Massachusetts. The AP caught it in 1967, and I just had to have this picture. And this is early on in Internet commerce, but I tracked it down online, and I have it in my house.


JK: What’s the one technology that’s about to inspire change in retail?

GH: Personalization combined with artificial intelligence. In our business with drop-ship and extended aisle, the digital shelf where you’re not warehousing and you want to upload products quickly, how do you connect with your client—the brand customer, the retail customer—to make that happen? Personalization with artificial intelligence starts to break down barriers.

PZ: I’m going to say the same thing. Artificial Intelligence—around predictive behavior. We can be using it to help merchants predict what they need from suppliers. And even our support team is starting to incorporate AI in beta—so when a client question comes in, we will already know how to categorize and respond to the issue.


JK: Is there one company in online retail that you each admire? And why?

PZ: I admire Amazon.

I think these guys are solid, and all the competitors hate them. They have an impact in everything they go after. For them, it’s efficiency. When they pursue something, it’s all about automation. They think through what’s happening end to end, and they don’t cut corners.

GH: Zebit. They’re disrupting the underserved credit space, and I know the owners. They’re an incredible company with a tremendous idea.


JK: And one finale question: with conference season coming up, where are you planning to have a presence?

PZ: Shoptalk, Imagine, IRCE, Imagine and


I so appreciate your time here, guys. Thanks for indulging me.

For more information on Logicbroker, visit their site

Will be sharing another profile in the coming weeks, so be sure to check back. Have a comment? Send one now ›

SD’s Lindsay Pugh and 13 Wall-Worthy Tips for Facebook Ad Campaigns

SD’s Digital Marketer, Lindsay Pugh was featured in an article with Mailchimp’s Erin Crews and Jocelyn Hardy.

This article discussed some invaluable tips for getting the most out of your next Facebook Ad Campaign .

So what are some of these invaluable tips?

  • Check yourself before you…well…make a big mistake
  • Clarify your goals
  • Stay on brand
  • People want to see people
  • Call to a specific action
  • Be strategic about using incentives
  • Find similar customers
  • Meet people where they are
  • Know the value of your customers.
  • Don’t discount the value of new subscribers.
  • Give the people what they want.
  • Learn. Improve. Repeat.


This is only a snippet of the article be sure to check out the full Mailchimp article.

Women in Tech

On Campus with SD

SD employees had the opportunity to participate in the RPI Spring Career Fair and the NYU STEM Career Fair.

The CCPD’s annual Spring Career Fair and NYU STEM Career Fair attracts employers from across the country seeking to hire full-time, co-op and summer interns. Students from all five RPI schools (Architecture, Business, Engineering, Humanities, Arts and Social Sciences, Science and IT) and STEM Undergraduate students from NYU Tandon School of Engineering are encouraged to attend the career fairs.

Both career fairs combined attracted over 5,500 students and alumni.

After meeting a high volume of bright students and alumni from RPI and NYU, Something Digital decided to invite a group back to take part in a two-day Student Workshop. This gave prospective candidates a sneak peek on what it’s like to work at Something Digital by touring our Bryant Park office and engaging employees at their desks! On day two, students underwent a full day of interviews with hiring managers for Development, Project Management and other open roles.

We really enjoyed meeting the students and can’t wait to do this again!

SD Career Fair

Interested in the joining the team? Check out our open positions or email us at [email protected]

Women in Tech

Introducing the Strategic Engagement Group

Something Digital no longer delivers Interactive Managed Services (IMS). Instead, we now provide ongoing Strategic Engagement Services (SES).

The name change became official in January of 2017. It represents the growth of our team and a significant change in both philosophy and process. After years of delivering post-launch solution support (as a more traditional managed service), we wanted to improve.

We realized that clients didn’t want to pay for a reactive block of hours to use as “things came up.” Instead, they wanted a proactive partner to deliver ongoing value. And we realized we only added value when we aligned the effort with a client’s business objectives. We were motivated to act, so in 2015 we started changing our service model to what exists to today.

The following list captures our approach:

– Business Review Meetings (semi-annually or quarterly)
– Maintenance of the Client Roadmap (changes, new features, technical debt, etc.)
– Regular Allocation of Development and Creative Resources
– Code Management (source control, code review, frequency of releases, etc.)
– Quality Assurance (regression testing)
– A/B Testing
– Digital Marketing and Strategy (analytics, email, SEO, PPC, etc.)
– Business Planning (Impact Analysis, Total Cost of Ownership, ROI, etc.)
– Downtime and Performance Monitoring
– Security Patch Management
– Emergency Support
– Regular Traffic and KPI Analysis
– Annual UX and Performance Audits

Each client is assigned a Strategic Engagement Manager (SEM), who serves as the point of contact, and a Primary Engineer, who develops expertise in the client’s codebase and the needs outlined in their roadmap. Additionally, clients are served by the larger SD resource pool, comprised of programmers, designers, digital marketing analysts, and other members of the SD team as needed.

Over a 12-month Strategic Engagement contract, we deliver all of these services as either value-based or hours-based agreements. Timing can vary, but we try to align with the seasonality of the client business.

We preach collaboration. The goal is to have regular interaction and align on how SD support complements client activity. We can deliver the service post-launch (for a solution SD produces) or post-rescue (for a solution SD takes over from another vendor). We’ve had success in both paradigms. In all cases, SD aims for long-term engagement, which leads to strong collaboration and trust.

We’ve become pretty good at delivering this service and have received recognition from our clients, trade partners, and peers. We’re striving for continuous improvement, but the results—as illustrated in the growth of our clients—are outstanding. So if you want some of the SD mojo, get in touch. We want to be your partner in success!

Written by: Jon Klonsky, Principal & Founder

SD_PapyrusBanner_20160519 Shout Out

In May 2016, Something Digital continued their relationship with Papyrus with the redesign of This included successfully implementing a responsive redesign on the Magento 1.14.1 platform improving accessibility and developing an innovative application that invites you to be the designer. SD integrated new features including Ajax multi-select filtering, one-step and multiple address checkouts, and the ability to link in-store loyalty program memberships to user accounts online.

The team here at SD is very proud of this site and excited to announce that it was featured in MageMojo’s What’s New with Magento: 25 Recent Magento Websites!

“The site looks great, is incredibly fast, fully responsive and has very intuitive navigation. We love that we can order cards online directly from a desktop or mobile device and it’s printed and mailed to us with beautiful inks on glamorous paper.

While these are all great facets of the Papyrus build, the most impressive thing we have found is how the site connects with the stores. Rewards points track in store purchases as well as online purchases and you can reserve your purchase from any of the 100+ stores they have around the country. Accessibility was also a major part of this build. They worked to ensure anyone could have access to the products and services for sale. Overall the team at Something Digital really knocked it out of the park on this site.”

Congrats again to the awesome SD team that launched this beautiful site!

logo IRCE

Visit us at IRCE! – Booth #769

SD is a proud sponsor of this year’s International Retailer Conference and Exhibition – The Main Event. Visit us at booth #769, drop your business card and enter to win a special edition Beats Pill!

MageTalk podcast will also be LIVE ON SITE hosted by our very own Phillip Jackson, he is our senior Magento solutions architect. Phillip will be interviewing “Magento Luminaries” and other ecommerce influencers in the Magento ecosystem. Follow us @somethingdigitl to find out who the interviewees are and when the interviews are taking place.

If you would like to set up a meeting with a member of our team, email me at [email protected] We looking forward to seeing you at IRCE!!