Re: Help Request for our Webshop
On Sunday 23 September 2007 18:47, Sean Moss-Pultz wrote: On 9/23/07 Dr. H. Nikolaus Schaller wrote: [snip] And your requirements may really be complex enough that the pre-built OSS stack isn't viable. In that case, I would take a closer look at the requirements and see if you can drop any for release 1. Build when all else fails (unless it is your core competency, like say a linux phone distribution :P ) I 100% agree on that... The standard Open Source Web Shop is OSCommerce (http://www.oscommerce.com/). No offense at all to those guys, but this didn't meet our needs. We've already spend over two months trying to rework that and figured that writing something from scratch would be easier in the long run. I've done work on OSCommerce once, and I've got just one advice for anybody having to work on that code. Run and hide! We really have an _extremely_ complex global logistics model that needs to be implemented. FIC has distribution hubs all around the world. They just do business to business transactions now. So we need to develop something that can ship direct to our customers (and retailers and even factories) from those hubs. Is it a Webshop you are looking for or do you actually need an ERP/Supply Chain solution? I've never really looked into these (it's on my very long list of 'things to check out') , but there is Compiere, Adempiere, Tiny ERP, Apache OFBiz, OpenMFG... I honestly don't know if any of these are mature and robust enough to support your logistics, but i might be easier to start from there and add a webshop (if it isn't there allready). Also, how are the current b2b transactions handled, its not alway impossible to insert consumer orders into b2b systems and it might just be the way to get this working with minimal impact. AVee -- Write a paper promising salvation, make it a 'structured' something or a 'virtual' something, or 'abstract', 'distributed' or 'higher-order' or 'applicative' and you can almost be certain of having started a new cult. -- Edsger Wybe Dijkstra (1979) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
Ted Lemon [EMAIL PROTECTED] wrote: On Sep 23, 2007, at 10:09 PM, Dr. H. Nikolaus Schaller wrote: Why haven't you said that initially? It would have saved me to even mention oscommerce and you the discussion about it. 'cuz he's a big meany! No, wait, that can't be it! Maybe he figured anyone who was qualified would already know what a steaming heap oscommerce is (zencart is a futile attempt to make oscommerce cleaner and more featureful). More likely, though, he just didn't think of it! :') I swear Sean said: Preferable this webshop should not be written in PHP. Either Perl, Python or Ruby would be fine by us. Maybe he realized that no matter what he said, the community would have to get their initial wave of second-guessing everything out of the way first, so he didn't bother saying something more like: We would prefer that this webshop not be written in PHP because none of the existing PHP solutions impress us in the least (no, we really mean that, yes, we've look at oscommerce, no, don't bother mentioning it, yes, the person looking at it for us knew PHP, no, really, we're not kidding), but leave open the possibility that somebody talented could possibly write something suitable using PHP, which is why we're only expressing a strong preference here, not an absolute requirement. and so on and so forth for another 3 pages covering everything else that they've thought of, looked at, suspect somebody will mention, etc., etc., etc.. Or maybe not. Only Sean could say for certain, and I'm pretty sure it doesn't really matter in the grand scheme of things. After all, on this one, they're the customer and the customer is always right. ;-) --Jon Radel [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
Hi, There is also something called OFBiz (Open For Business - http://ofbiz.apache.org/) out there in the java world. I think it may be considered as a very mature product but it needs to be customized and it is the point were it can cost a little because it is not a dummy project. There is just a big codebase (you can do everything with it and many things are also implemented) and I think it is well written. Bye, Mimil On 9/24/07, Joshua Layne [EMAIL PROTECTED] wrote: On Mon, 24 Sep 2007 13:27:45 -0400, Ian Darwin [EMAIL PROTECTED] wrote: I've done enough work in django (python) recently that the idea of going back to PHP sounds like some kind of really brutal punishment. The code is really much easier to read, because the code and presentation are kept in separate files. The original idea with PHP of embedding code in HTML was cool in theory, but in practice I think templates are a lot easier to maintain. Django isn't perfect, but I can see why people are edging towards it and away from PHP. it's also very possible to code PHP using MVC - it just takes discipline. easier to use a templating engine (like smarty) because it forces the dicspline on you, but also extra overhead - I would argue it is better to do it yourself using strict separation. It's not just PHP - Java EE had the idea (long ago) of embedding code in HTML, but now we tell people to get the Java out of the JavaServer Pages. It's funny in a sad sort of way - the original MVC paper was published in 1979, darn near three decades ago, and way too many developers still haven't got the idea. It's bad when they mess up one application, but when they publish a framework, and zillions of people start using it... we tried teaching basic design patterns to some of our internal developers (we aren't a software shop, but do write some internal apps) - the feedback: Why would we ever need this? good development practices are rare IME. anyway, somewhat far afield from openmoko. As long as the solution they build makes the neo orderable and deliverable (without my identity being lifted...), I'm happy :) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On Sat, 22 Sep 2007 17:33:42 +0200, Sean Moss-Pultz [EMAIL PROTECTED] wrote: Dear Community, We have a specification and database model in place for our new webshop but we can't find the resources needed to implement this in the near future. I think it is great that you ask this of the community first. I was wondering just the other day why Openmoko never posted any job openings on the list, and now you did. Having people who are enthusiastic about the project working on it can only be for the better. Cheers, Richard ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
Am 22.09.2007 um 19:11 schrieb Joshua Layne: Sean Moss-Pultz wrote: Dear Community, ... Preferable this webshop should not be written in PHP. Either Perl, Python or Ruby would be fine by us. Hi Sean, This may be a stupid comment (and feel free to ignore it if it is), but why build your own? Having worked on ecom sites in the past and seen how convoluted individual requirements can make a site, I've come to the conclusion that there are significant advantages in doing just what everybody else does. a brief googling * turned up 'substruct' - open source, based on ruby on rails - meets a subset of your requirements, but may be extensible enough that you don't have to reinvent the entire wheel, only the shiny new spin-rims. * Based on about a minute and a half of investigation - there are probably more appropriate projects out there, this is just an example. And your requirements may really be complex enough that the pre- built OSS stack isn't viable. In that case, I would take a closer look at the requirements and see if you can drop any for release 1. Build when all else fails (unless it is your core competency, like say a linux phone distribution :P ) I 100% agree on that... The standard Open Source Web Shop is OSCommerce (http:// www.oscommerce.com/). The only requirements it does not solve are * it is witten in PHP * it has its own database model Let me add another (stupid) question: Why do you need your own web shop with CC processing? Do you want to keep the ship worldwide from California model? I got the impression that the community would prefer to have more local resellers. So you would be able to completely outsource the issue of certified and secure CC payment processing if your business relation is with resellers only (and not with end-users). Most Taiwanese companies require to have T/T or L/C and deliver FOB. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
2007/9/23, Dr. H. Nikolaus Schaller [EMAIL PROTECTED]: The standard Open Source Web Shop is OSCommerce (http:// www.oscommerce.com/). The only requirements it does not solve are * it is witten in PHP * it has its own database model Hi! Recently I'm running a one-person project on oscommerce and the deeper I get inside the code the more I see what a piece of ugly written software this is... Each file is a mixture of HTML, PHP and even SQL. There are no templates, no MVC nor other model, code is buggy, unmaintened and uses PHP classes like tables. It's a software that stuck in time five years ago... I would never do anything in oscommerce again. regards cayco ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
Am 23.09.2007 um 10:21 schrieb Krzysztof Kajkowski: 2007/9/23, Dr. H. Nikolaus Schaller [EMAIL PROTECTED]: The standard Open Source Web Shop is OSCommerce (http:// www.oscommerce.com/). The only requirements it does not solve are * it is witten in PHP * it has its own database model Hi! Recently I'm running a one-person project on oscommerce and the deeper I get inside the code the more I see what a piece of ugly written software this is... Each file is a mixture of HTML, PHP and even SQL. There are no templates, no MVC nor other model, code is buggy, unmaintened and uses PHP classes like tables. It's a software that stuck in time five years ago... I would never do anything in oscommerce again. I guess that is the reason why Sean asked for something new preferably without PHP. In PHP it is much easier to mix everything than to use a clear MVC concept (although someone could argue that a single PHP script contains all M=MySQL, V=HTML, C=PHP)... Let's hope they find a solution that is better and does not draw too much from the development budget and time they have. Developing something new from scratch would IMHO also be a waste of resources and does not guarantee that it is finished within a reasonable timeframe (e.g. October where we all await new devices to ship :-). ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On 23/09/2007, Dr. H. Nikolaus Schaller [EMAIL PROTECTED] wrote: Am 23.09.2007 um 10:21 schrieb Krzysztof Kajkowski: 2007/9/23, Dr. H. Nikolaus Schaller [EMAIL PROTECTED]: The standard Open Source Web Shop is OSCommerce (http:// www.oscommerce.com/). The only requirements it does not solve are * it is witten in PHP * it has its own database model Hi! Recently I'm running a one-person project on oscommerce and the deeper I get inside the code the more I see what a piece of ugly written software this is... Each file is a mixture of HTML, PHP and even SQL. There are no templates, no MVC nor other model, code is buggy, unmaintened and uses PHP classes like tables. It's a software that stuck in time five years ago... I would never do anything in oscommerce again. I guess that is the reason why Sean asked for something new preferably without PHP. In PHP it is much easier to mix everything than to use a clear MVC concept (although someone could argue that a single PHP script contains all M=MySQL, V=HTML, C=PHP)... If you make use of a PHP framework then it is perfectly possible to use a clear MVC concept. Let's hope they find a solution that is better and does not draw too much from the development budget and time they have. Developing something new from scratch would IMHO also be a waste of resources and does not guarantee that it is finished within a reasonable timeframe (e.g. October where we all await new devices to ship :-). -- Vincent ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On 23 Sep 2007, at 15:02, Vincent wrote: I guess that is the reason why Sean asked for something new preferably without PHP. In PHP it is much easier to mix everything than to use a clear MVC concept (although someone could argue that a single PHP script contains all M=MySQL, V=HTML, C=PHP)... If you make use of a PHP framework then it is perfectly possible to use a clear MVC concept. Let's hope they find a solution that is better and does not draw too much from the development budget and time they have. Developing something new from scratch would IMHO also be a waste of resources and does not guarantee that it is finished within a reasonable timeframe (e.g. October where we all await new devices to ship :-). My comments are they it's better to use an commerce engine that gets regular security testing and patches. If you roll your own then you need to be proactive in monitoring the system for intrusion attempts. Decent security testing and auditing costs money. If you use an existing engine and you get hacked then you have someone to sue if they were incompetent. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On 23/09/2007, Giles Jones [EMAIL PROTECTED] wrote: On 23 Sep 2007, at 15:02, Vincent wrote: I guess that is the reason why Sean asked for something new preferably without PHP. In PHP it is much easier to mix everything than to use a clear MVC concept (although someone could argue that a single PHP script contains all M=MySQL, V=HTML, C=PHP)... If you make use of a PHP framework then it is perfectly possible to use a clear MVC concept. Let's hope they find a solution that is better and does not draw too much from the development budget and time they have. Developing something new from scratch would IMHO also be a waste of resources and does not guarantee that it is finished within a reasonable timeframe (e.g. October where we all await new devices to ship :-). My comments are they it's better to use an commerce engine that gets regular security testing and patches. If you roll your own then you need to be proactive in monitoring the system for intrusion attempts. Decent security testing and auditing costs money. If you use an existing engine and you get hacked then you have someone to sue if they were incompetent. A bit of mis-quoting, that wasn't written by me but by Dr. H. Nikolaus Schaller [EMAIL PROTECTED] And surely, you mean someone to hold responsible instead of someone to sue? Especially if we're talking about an open source project... ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community -- Vincent ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
Giles Jones wrote: If you use an existing engine and you get hacked then you have someone to sue if they were incompetent. I would think many third-party solutions have some sort of disclaimer in their documentation against this. But then, that's the beauty of open source -- if you find a bug or security hole, you can patch it yourself. -id ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On 23 Sep 2007, at 15:35, Vincent wrote: And surely, you mean someone to hold responsible instead of someone to sue? Especially if we're talking about an open source project... Who says you should use open source? It's great when it comes to doing free development and community stuff. But when it comes to making money you have to look for the safest, cheapest and highest performing product. If you get defrauded of thousands then a simple I'm sorry from an open source developer isn't enough. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On 23 Sep 2007, at 16:20, Vincent wrote: I didn't, but it is an option I presume. Things like the amount of security auditing, speed of notification of security risks and fix times are important. Most web applications are open source by the very nature that they are usually written in scripting languages. No, but having him repay the damages isn't what I'd find comforting either. And anyway, as Ian said: most third parties will have a disclaimer and open source projects are mostly delivered as is, without warranty of any kind, so you won't have someone to sue anyway. Mistakes happen. What I think will be difficult is writing a new site engine without repeating all the security issues identified over the years in other projects. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
If you make use of a PHP framework then it is perfectly possible to use a clear MVC concept. Yes, it *is* possible, but that is not the point here to discuss possibilities. The topic is about which Webshop technology sould be used by OpenMoko. It appears that oscommerce doesn't use MVC in PHP (because it was apparently not started with MVC in mind several years ago). And therefore it appears to be quite difficult to maintain. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On 9/23/07 Dr. H. Nikolaus Schaller wrote: [snip] And your requirements may really be complex enough that the pre-built OSS stack isn't viable. In that case, I would take a closer look at the requirements and see if you can drop any for release 1. Build when all else fails (unless it is your core competency, like say a linux phone distribution :P ) I 100% agree on that... The standard Open Source Web Shop is OSCommerce (http://www.oscommerce.com/). No offense at all to those guys, but this didn't meet our needs. We've already spend over two months trying to rework that and figured that writing something from scratch would be easier in the long run. We really have an _extremely_ complex global logistics model that needs to be implemented. FIC has distribution hubs all around the world. They just do business to business transactions now. So we need to develop something that can ship direct to our customers (and retailers and even factories) from those hubs. The only requirements it does not solve are * it is witten in PHP * it has its own database model Let me add another (stupid) question: Why do you need your own web shop with CC processing? Do you want to keep the ship worldwide from California model? Hehe...that was just to get us through phase 1. It was never a long term plan ;-) I got the impression that the community would prefer to have more local resellers. So you would be able to completely outsource the issue of certified and secure CC payment processing if your business relation is with resellers only (and not with end-users). Most Taiwanese companies require to have T/T or L/C and deliver FOB. Oh man, if only it were that easy. The system that we want to build will also support resellers. But this is (yet) another logistics problem. Whether we're shipping direct to end users or retailers there must be a system that automates this process. Seriously, we've done our homework here. Writing something tailored to our needs is best. -Sean ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
Krzysztof Kajkowski wrote: 2007/9/23, Dr. H. Nikolaus Schaller [EMAIL PROTECTED]: The standard Open Source Web Shop is OSCommerce (http:// www.oscommerce.com/). The only requirements it does not solve are * it is witten in PHP * it has its own database model Hi! Recently I'm running a one-person project on oscommerce and the deeper I get inside the code the more I see what a piece of ugly written software this is... Each file is a mixture of HTML, PHP and even SQL. There are no templates, no MVC nor other model, code is buggy, unmaintened and uses PHP classes like tables. It's a software that stuck in time five years ago... I would never do anything in oscommerce again. regards cayco thanks for that abstract. i couldn't say it better. in fact we had developed a web shop even before the gta01 sales started and in the end put it into a deep, black hole. yes it was based on oscommerce, but as soon as you tried to get it maintainable or even secure, every competent person does run away or is not ready to take any responsibility. for example: oscommerce does not run with register globals off. everybody with even a glimpse of clue about php should now know that this is totally unacceptable to run and use when you have respect for your users and feel some kind of responsible not to put their cc data into an sql-db which gets read out from obviously unmaintainable php. so please spare us further mails with 'why no oscommerce' 'why no php' there are 4 major important facts for you to know: - it has to be secure by concept. not only by clean work. - it has to be maintainable code. which means less is sometimes more (we do not believe in paying by lines of code) - it has to perform. which does not mean we rule out scripting languages - the code has to and will be audited before put into use by a professional team who knows all the stuff a usual webcoder gives them.. so beware ;) this mail should de-motivate anybody. but i think it is important that we already took a punch at it and got a bloody nose. we really know what we want and what we don't, now. -- roh ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
sorry.. this of course should read Joachim Steiger wrote: this mail should NOT de-motivate anybody. but i think it is important that we already took a punch at it and got a bloody nose. we really know what we want and what we don't, now. first caffeine, then mail ;) -- roh ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
2007/9/23, Dr. H. Nikolaus Schaller [EMAIL PROTECTED]: The standard Open Source Web Shop is OSCommerce (http:// www.oscommerce.com/). in fact we had developed a web shop even before the gta01 sales started and in the end put it into a deep, black hole. yes it was based on oscommerce, but as soon as you tried to get it maintainable or even secure, every competent person does run away or is not ready to take any responsibility. this mail should de-motivate anybody. but i think it is important that we already took a punch at it and got a bloody nose. we really know what we want and what we don't, now. so please spare us further mails with 'why no oscommerce' 'why no php' Why haven't you said that initially? It would have saved me to even mention oscommerce and you the discussion about it. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On Sep 23, 2007, at 10:09 PM, Dr. H. Nikolaus Schaller wrote: Why haven't you said that initially? It would have saved me to even mention oscommerce and you the discussion about it. 'cuz he's a big meany! No, wait, that can't be it! Maybe he figured anyone who was qualified would already know what a steaming heap oscommerce is (zencart is a futile attempt to make oscommerce cleaner and more featureful). More likely, though, he just didn't think of it! :') ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
Sean Moss-Pultz wrote: Dear Community, We have a specification and database model in place for our new webshop but we can't find the resources needed to implement this in the near future. We are looking for something as follows: * Accept numerous online and offline payment processing options * Add/Edit/Remove products, distributors, retailers, and customers * Support of inventory and RMA * Support for spare part ordering, stocking and shipment * Support multiple carriers / shipping methods * Automatic generation of invoices and shipping information * Secure transactions with SSL -- we need to have the highest possible level of security and privacy * Clean, maintainable code which will be audited before being put into full production. Preferable this webshop should not be written in PHP. Either Perl, Python or Ruby would be fine by us. Hi Sean, This may be a stupid comment (and feel free to ignore it if it is), but why build your own? Having worked on ecom sites in the past and seen how convoluted individual requirements can make a site, I've come to the conclusion that there are significant advantages in doing just what everybody else does. a brief googling * turned up 'substruct' - open source, based on ruby on rails - meets a subset of your requirements, but may be extensible enough that you don't have to reinvent the entire wheel, only the shiny new spin-rims. * Based on about a minute and a half of investigation - there are probably more appropriate projects out there, this is just an example. And your requirements may really be complex enough that the pre-built OSS stack isn't viable. In that case, I would take a closer look at the requirements and see if you can drop any for release 1. Build when all else fails (unless it is your core competency, like say a linux phone distribution :P ) my $0.02 josh If anyone is interested in developing this webshop, (for pay of course) please email [EMAIL PROTECTED] with the following information: 1) A summary of your qualifications 2) How much time you could spend on this project We will select from these emails a few especially qualified applicants and ask them to sign our NDA and then provide them with the complete specification and database model. There are too many confidential business details to just post this all publicly now. Thanks! Sean ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On Sep 22, 2007, at 10:11 AM, Joshua Layne wrote: a brief googling * turned up 'substruct' - open source, based on ruby on rails - meets a subset of your requirements, but may be extensible enough that you don't have to reinvent the entire wheel, only the shiny new spin-rims. The carts I've played with generally have no concept of credit card security. I did a project with zencart a while back, and had to retrofit my own credit card security model into the system because it just stored credit card information in the database, where an SQL injection attack would reveal everything. I haven't looked closely at substruct - maybe they do something smarter. My personal model for credit card security is to never store the credit card information on a customer-facing machine, and indeed only keep that information as long as it's needed, even on a back office machine. This way, even if you screw up the security on your customer-facing machine, the worst risk is that some info will be exposed until you detect the security compromise - there's no risk that everybody who ever ordered anything from you will have to get a new credit card. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
Ted Lemon wrote: On Sep 22, 2007, at 10:11 AM, Joshua Layne wrote: a brief googling * turned up 'substruct' - open source, based on ruby on rails - meets a subset of your requirements, but may be extensible enough that you don't have to reinvent the entire wheel, only the shiny new spin-rims. The carts I've played with generally have no concept of credit card security. I did a project with zencart a while back, and had to retrofit my own credit card security model into the system because it just stored credit card information in the database, where an SQL injection attack would reveal everything. Or you completely offload the problem. Paypal means that you never see the CC info at all. Ebay has perfectly functional web-stores. 50% of your buyers won't even need to do more than click 'buy now', and then click through to paypal and pay in seconds. There are many, many canned applications to print labels for packaging, and to compute shipping. Adding new stock is utterly trivial. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Help Request for our Webshop
On Sep 22, 2007, at 1:22 PM, Ian Stirling wrote: Paypal means that you never see the CC info at all. This is called throwing the baby out with the bathwater... ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
