Our Blog

Ongoing observations by End Point people

Enhancing Your Sites with Vue.js

By Greg Davidson
December 26, 2017

Vue.js Logo

Framework Fatigue

When developers consider and evaluate front-end frameworks they often think in terms of writing or rewriting their entire project in Framework X. “Should we use Vue, React, Preact?” or “I heard about Sapper the other day, has anyone tried that?” The running joke response (back-end developers especially love this one) is to the effect of: “If we wait a couple weeks there will be ten more choices!”

All joking aside, frameworks like Vue and React offer many great benefits and can be incrementally adopted to enhance existing sites. There is no need to rewrite your entire project as a Single Page Application to take advantage of what frameworks like Vue offer. I have taken this approach on a couple of my projects recently and been very happy with the results.

Start Small

One of the benefits of using a framework in this way is that you’re not forced to adopt its entire toolchain and specific workflow immediately, such as using ES6/2015, webpack, and Babel right off the bat. I simply loaded the minified, minimal version of Vue I needed on my page and I was off to the races.

If you are familiar with Angular, Vue has a similar concept of custom directives. I used this to build a small countdown timer directive for a customer who wanted to dynamically display the time left before promotions ended. By offloading the DOM updates and rendering to Vue, I was able to create a useful feature very quickly with lean and readable JavaScript code.

Here’s what the widget I delivered to the client looked like:

<countdown-timer start="{start date/time}" end="{end date/time}" />

They were able to drop this snippet onto their pages and use multiple instances of the widget on their product listing page with ease.

Wishlist Pagination

For another project I needed to display wishlists in the cart, below the items the customer had previously added. The wishlist feature is very popular and used by a large number of customers. Many customers have dozens (some hundreds...

javascript html frameworks vuejs

End Point Featured as Global Leader in Ruby on Rails & Ecommerce Development

By Ben Witten
December 21, 2017

As the year comes to a close and we reflect on the goals we’ve accomplished and the work that made it all possible, we are proud to announce our inclusion on the Clutch Global Leaders List, encapsulating the 475+ most highly reviewed companies from around the world. We placed as a leader on both Top Ruby on Rails Developers and Top Ecommerce Developers, being the best New York-based firm on the former and in the top three from New York on the latter.

Achieving the status of a Clutch Global Leader in not just one, but two categories speaks volumes on the effort we’ve put forth in 2017. We couldn’t have hit this milestone without skilled work from End Point staff and the great relationships we’ve nurtured with clients. Looking back on these memorable projects, here are some of the things are clients wrote on our Clutch profile:

“I’ve worked with a lot of different service providers. Results can vary across the board. End Point is very transparent about what they’re working on in terms of providing complete details. We don’t have any surprises at the end of the month as a result. They’re very dependable, delivering what they promise every time,” explained the Director of Ecommerce for a tourism marketing company.

They went on to describe our flexibility and close partnership:

“Many of their team members are instrumental in helping us keep doing everything that we need. Our business evolves and changes. They help us make sure that what we’re building is up to snuff, and scales well with our company. We’ve grown considerably since we’ve hired them.”

Another client, the owner of a B2B platform, commented on our project management expertise and what it was like to work with our team:

“I am very satisfied with End Point. They are a fantastic company to work with. Their engineers are outstanding, their communication skills are excellent, and the delivery speed is great. I have nothing but good things to say about their company.”

To learn more about our clients...

company ruby rails ecommerce

Mobile Device and Application Management (MAM vs. MDM)

By Joe Marrero
December 20, 2017

Businesses of all sizes have been increasingly using mobile devices for all kinds of activities. Some of these activities are pretty common, like being able to read and respond to work email and manage work calendars. On the other hand, some companies are using mobile devices for more specific niche activities like checking in customers, using device cameras to read barcodes and UPC stickers, or even temporarily storing sensitive business related data.

As a result of the proliferation of mobile devices for work use, corporations and smaller businesses are finding the need the exhibit finer control over how their employees and customers use their devices. This is where mobile device management (MDM) and mobile application management (MAM) really shine and help solve many of these types of problems.

What is MDM?

Mobile device management (MDM) is a software solution that allows organizations to manage the maintenance, deployment, and configuration of mobile devices that are issued to members of the organization. All of this magic tends to be done via a store or portal application that users download onto their devices.

The app begins an enrollment process when the user enters their credentials that the organization previously issued to the user (usually the user’s email and password). After the device is enrolled, the user gets prompted to accept if the device should be managed as a work device. After the enrollment completes, the store app can push configuration, some device level policies for enforcement, and any required applications.

Some of the useful things you can do with MDM:

  • Install apps autonomously: Some corporations have their own suite of mobile applications that they require all employees to use. MDM allows organizations to push down required apps to a device. When a newer app is available, the new app gets pushed down to devices automatically. This makes it easier to deploy apps to all employees and ensure users have the latest apps on their devices...

mobile android ios security

Reconciling Android source code

By Zed Jensen
December 19, 2017

Recently, a client came to us with an interesting problem. They needed some changes made to an internal-use Android app that had been created for them by another company, but they didn’t have up-to-date source code for the app, and they had no way of getting it. They gave us an old archive of source code, a more recent working build of the app, and asked us to figure it out.

The working version of the app they sent us was built in early 2016, and the app was compiled for Android SDK version 22, which is 5.1 Lollipop. It came out in March 2015, so it was a year old even when the app was created, and the code was using lots of features which have since been deprecated.

After putting this source code in a Git repository, I started by building the app from the source they’d sent and comparing it to the working version. It looked mostly the same, but a couple of features were broken. At the suggestion of a coworker, I used BytecodeViewer to decompile the APK and took a look around.

BytecodeViewer screenshot

It was a little while before I was able to find any differences between the source we had and this decompiled code, but I did find a few logic differences. The source was also using a few old APIs that needed to be updated. With the needed changes made to the source code, I soon had a working build of the app that matched the functionality of the built APK we had.

This wasn’t the only thing wrong with the app, however. Another hurdle in picking up this project from its previous developers showed up when I had to fix a few odd problems reported by the users. One problem was on an information screen listing attributes of items. An example:

Details screen

The “Quantity” field worked just fine for any non-zero value, but if it was 0, the app was displaying 16 instead. This turned out to be very simple to fix. Below is the layout code involved:


android software-archaeology

Symantec Certificate Distrust (CertQuake)

By Josh Lavin
December 15, 2017

If you are accustomed to running your browser with the “developer tools” panel open (which probably indicates you are a web developer), you may have seen it show the following message:

The certificate used to load https://www.example.com/ uses an SSL certificate that will be distrusted in an upcoming release of Chrome. Once distrusted, users will be prevented from loading this resource. See https://g.co/chrome/symantecpkicerts for more information.

What’s this all about? Glad you asked.

The Root of All Certificates (well, most)

Symantec is a company that operated a “PKI” (Public Key Infrastructure) business. As a Certificate Authority, they would dole out digital certificates to requestors.


These certificates are used to secure the communication we have with websites. When a site uses a certificate correctly, you will see the leading part of the URL begin with https:// (known as the protocol), and the “green-lock” icon in your browser.

Certificates can also be issued with more stringent requirements on the company obtaining them, where they must verify their company by providing articles of incorporation, etc. These are known as “EV” (Extended Validation) certs, and browsers will show the company name in the URL bar next to the green-lock icon.

Essential Trust

Since users have become accustomed to trusting a website if the green-lock icon is present, especially if the name of the company behind the website appears in the URL bar alongside it, there is a lot of inherent trust in the system. All parties must honor that trust by operating with adherence to well-established security requirements.

The system to provide this trust includes:

  • browsers, who trust a built-in set of “root” certificates
  • root certificate issuers, who can send trust down the line to certificates ordered from their infrastructure (like Symantec)
  • websites, who install their certificates and configure their applications and web servers to use them properly

Poor Decisions

tls security browsers chrome

HGCI Summit Conference 2017, Malaysia: A conference on cloud, security and big data

By Muhammad Najmi bin Ahmad Zabidi
December 12, 2017

I was asked by a friend to give a talk in the HGCI Summit conference on November 28th, 2017. This conference is meant to bridge the academic world and industry via knowledge and experience sharing, focusing on big data and cloud topics. It took place in the Center of Advanced Professional Education (CAPE), a center under the Universiti Teknologi Petronas (UTP) which has its main campus in Tronoh, Perak, Malaysia.

I will highlight several tracks which I attended.


On the first day, several faculty members sat together within a forum in which they discussed the main issues academics face when they need access to high performance computing. An audience member shared her experience completing her research group’s work which took very long to be rendered, while she could do it in a day when she submitted the work in a university in the US. One of the forum’s members then replied she could always work collaboratively with the other universities, and he (the forum member) offered his university’s facilities to be used for her research. Inter-varsity network bandwidth was also discussed in the forum.

Dr. Izzatdin

An interesting talk which I attended was delivered by Dr. Izzatdin from UTP. He shared his work on cloud-based crude oil refinery monitoring. The monitoring system web page is hosted on Microsoft’s Azure, where it will display the oil refinery data which were gathered batch by batch from the sensors. Metal corrosion is among the things monitored by the systems.

Mr. Aizat

I also attended a talk delivered by a friend of mine, Mr. Aizat from Informology. He shared the use of OpenStack for the provision of highly parallel computing instances. I saw that Aizat also used ready-made Ansible scripts in order to get the computing instances ready. By using Horizon (OpenStack’s user interface) it seems we could speed up the process of the instance provisioning. Aizat also shared a link for anyone interested to try out the “vanilla” version of OpenStack at TryStack

conference cloud security

Inserting lots of data efficiently in Rails + PostgreSQL

By Kamil Ciemniewski
December 4, 2017

This is going to be a very short post about a simple solution to the problem of inserting data fast when you really have a lot of it.

The problem

For the sake of having some example to think about, imagine building an app for managing nests of ants.

You can have thousands of nests with hundreds of thousands of ants in each one of them.

To make the fun example applicable for this blog post, imagine that you’re reading data files coming from a miraculous device that “scans” nests for ants and gives you info about every ant with lots of details. This means that creation of the nest is about providing a name, coordinates, and the data file. The result should be a new nest and hundreds of thousands of ant records in the database.

How do we insert this much data without hitting the browser’s timeout?

Approaching the problem

Regular INSERT statements provide a lot of flexibility that is normally much needed, but is relatively slow. For this reason doing many of them isn’t preferred among database experts for pre-populating databases.

The solution that is typically used instead (apart from the case in which a database needs to be restored, with pg_restore having no contenders in terms of speed) is the data-loading method called COPY.

It allows you to provide data in a CSV format either from a file or “streaming” this data into the client itself. Now because it’s almost never a good idea to use the database-superuser account for connecting with the database from Rails, the first option isn’t available (access to the file system is only allowed for admins). Fortunately, there’s the second option which we are going to make use of.

The solution

Here’s a short code excerpt showing how the above mentioned approach could be used in Rails for the fun little app described in the beginning:

# first, grab the underlying connection object coming
# from the lower level postgres library:
connection = Ant.connection.raw_connection

# generate the ants array based on the data...

rails postgres

Conference Recap: PyCon Asia Pacific (APAC) 2017 in Kuala Lumpur, Malaysia

By Muhammad Najmi bin Ahmad Zabidi
December 2, 2017

I got a chance to attend the annual PyCon APAC 2017 (Python Conference, Asia Pacific) which was hosted in my homeland, Malaysia. In previous years, Python conferences in Malaysia were held at the national level and this year the Malaysia’s PyCon committee worked hard on organizing a broader Asia-level regional conference.

Highlights from Day 1

The first day of the conference began with a keynote delivered by Luis Miguel Sanchez, the founder of SGX Analytics, a New York City-based data science/data strategy advisory firm. Luis shared thoughts about the advancement of artificial intelligence and machine learning in many aspects, including demonstrations of automated music generation. In his talk Luis presented his application which composed a song using his AI algorithm. He also told us a bit on the legal aspect of the music produced by his algorithm.

Luis Miguel Sanchez speaking

Luis speaking to the the audience. Photo from PyCon’s Flickr.

Then I attended Amir Othman’s talk which discussed the data mining technique of news in the Malay and German languages (he received his education at a German tertiary institution). His discussion included the verification of the source of the news and the issue of the language structure of German and Malay, which have similarities with English. First, Amir mentioned language detection using pycld2. Amir shared the backend setup for his news crawler which includes RSS and Twitter feeds for input, Redis as a message queue, and Spacy and Polyglot for the “entity recognition”.

Quite a number of speakers spoke about gensim, including Amir, who used it for “topic modelling”. Amir also used TF/IDF (term frequency–inverse document frequency) which is a numerical statistic method that is intended to reflect how significant a word is to a document in a corpus. For the similarity lookup aspect, he used word2vec on the entire corpus. In the case of full-text search he used Elasticsearch.

Later I attended Mr. Ng Swee Meng’s talk in which he shared his effort in the...

conference python
Page 1 of 169 • Next page

Popular Tags


Search our blog