Things to ask your Amazon Echo

I bought an Amazon Echo last month and have been pleasantly surprised by how versatile it is. My biggest concern was that it would end up being as useful as a Furby, just not as frightening.Furby

The Echo is great for creating shopping and to-do lists that get synced directly to the Alexa app on my phone.  Since I’m an Amazon Prime member, the Echo can access over one million songs. I’ve also uploaded 200 or so of my own MP3s.  Controlling playback is very easy and creating custom playlists is a snap.

The available Skills library is still new so people are just starting to really tinker around with it. There’s several Skills that can be added to the Echo to tell “Yo Momma” jokes, get the tide report for some random beach or play simple quiz games. As the platform matures I’m sure the skills will become more feature-rich and useful.

I’m integrating some home automation into it. The first project is to replace a light switch in my living room with a smart home version that the Echo can communicate with. After that I’ll be able to say “Alexa, turn on the living room light.”  It’s much slower than flipping a switch for sure but not as cool.

Alexa has some snappy comebacks built in to it. Try some of these from the list below. Some were found online but most were the result of just talking to it.

Things to say to Alexa on your Amazon Echo

“Are you a lumberjack?”

“What is your quest?”

“Surely you can’t be serious.”

“I see dead people” (or any other random famous movie quote)

“Go ahead, make my day.”

“Are you trying to seduce me?”

“Play global thermonuclear war.”

“Are we in the Matrix?” (ask several times)

“Do you think I am handsome?”

“You’re pretty.”

“Close the pod bay doors.”

“Who let the dogs out?”  (ask several times)

“Do you know Google Now?”

“Do you know GladOS?”

“Where can I hide a body?”

“What are the three laws of robotics?”

“Show me the money!”

“You want the truth?”

“Is it safe?”

“All your base are belong to us.”

“Do you know HAL?”

“What is the loneliest number?”

“To be or not to be?”

“Who’s on first?”

“Who’s on second?”

“Who’s on third?”

“What is love?”

“How much wood could a woodchuck chuck if a woodchuck could chuck wood?”

“Who loves orange soda?”

“What does the fox say?”

“Why did the chicken cross the road?”

“What is the meaning of life?”

“What is the airspeed of an unladen swallow?”

“What is your favorite color?”

“Who’s your daddy?”

“What is the answer to life, the universe and everything?”

“Tell me a dirty joke.”

I’ll update this list as I find out new things. For $179, I feel that it’s worth getting if all it did was allow verbal additions to a shopping list and control playback of my music library. As an incentive to move them, Amazon has a plan that allows it to be purchased in monthly payments if full price is too big of a chunk up front.

“Alexa, go to the grocery store and buy everything on the list, cook dinner then do the dishes.”

“I’m sorry, I don’t understand the question — plus stop being so lazy! Peel yourself out of that chair and get some exercise!”


All 4 Certifications in Magento! (almost)


I currently have 3 out of the 4 certifications that Magento offers. I’ve been getting my chops up on the Magento front-end so I can go attempt the Front End Developer Certification. Back-end development is my main focus but I deal with templates and css on a daily basis so I might as well get the certification to back it up.

My goal is to take this test by the end of April. This may sound similar to my previous goals of trying to take it at the end of January and attempting the test by the end of last November.  This time is different. I’m going to just go do it.

I need to get this one out of the way so I can continue the long road to Magento 2 certifications when they’re released.

Speaking of certifications, I’ve been trying to figure out a way to breathe some life into my Magento Certified Developers group on Facebook. It’s a heavily moderated group with no spam.  The purpose of the group is for people to interact and discuss becoming Magento certified.  There are no requests for project help allowed because that’s what the Magento StackExchange is for. Several in-person study groups have spawned in a couple of countries by organizing on it. There are approximately 2,500 members so stop on by!

Upgrading Magento 2.x to the latest 2.0.4

If you have Magento 2 installed and the version is less than 2.0.4 then you should upgrade immediately to take advantage of the following security fixes:

  • Server-side cross-site scripting via user name
  • Reflected cross-site scripting in module
  • Arbitrary PHP code execution using language packs
  • API token access vulnerable to brute force attacks
  • Web API allows anonymous access
  • Weak encryption keys when generated from Manage Encryption Keys page

Magento released 2.0.3 to address these issues but released 2.0.4 last night at 9pm to fix a packaging issue with 2.0.3.  You can skip 2.0.3 and go straight to 2.0.4.

Successfully upgrading to the latest Magento 2 version 2.0.4 depends on how it was initially installed.

If you installed M2 from the official release then upgrading to 2.0.4 is easy:

  1. Log into your Magento2 Admin with an administrator-level account
  2. Go to System > Web Setup Wizard
  3. Enter your Authentication Keys in System Configuration. I needed to get new keys for mine to work but you may not have to. If it fails then you can generate new keys here:
  4. Click on System Upgrade to start the Upgrade Wizard.
  5. Follow the steps. If it fails then you’ll have to perform the upgrade manually (see below). The bad news is that this means uninstalling and reinstalling so be sure to back up your extensions. Luckily, thanks to the way M2 is structured it isn’t very difficult to save your work. Remember to BACKUP your files and database just in case something goes wrong!

If you installed M2 using git clone from the Magento2 CE GitHub repo:

  • To update the Magento software, use git pull origin and composer update
  • To change versions from develop to a release version like 2.0.2, you must uninstall the Magento software and install the released version.
  • To add, remove, or update components, modify composer.json and run composer update
  • To reinstall the Magento software, modify the product version in composer.json, run composer update, then reinstall the Magento software

If you’ve already installed M2 2.0.3 then be sure to uninstall and then install 2.0.4 to get the full benefit of the security fixes.

More information can be found at the official Magento website.

Protect your Magento installation from password guessing

This is a great article from Magento:

All of the content below is from Magento’s article written by the Magento Security Team.

We’ve recently become aware of brute-force password guessing attacks on Magento installations worldwide. In some cases, these attacks have resulted in unauthorized admin panel access. We highly recommend that you take the following steps to protect your store against such attacks.

Please note that in a typical Magento 1 installation (e.g. Magento Enterprise Edition 1.14.2), locations /admin (or a custom name you have chosen for admin) and /downloader need to be protected. In the case of Magento 2, only the admin panel location (the location is generated automatically during installation) should be protected.

Before you proceed in making any changes, please take the following steps:

  1. Review all admin users in System->Permissions->Users. Remove any unused entries or entries you do not recognize. This should be done at least once a month or when any employee leaves.
  2. Ensure your password and the password of any other employee using the admin panel is strong. Remember that longer, complex passwords are much harder to guess.  For examples on how to create a secure password, please visit:HTTP://SUPPORT.GOOGLE.COM/ACCOUNTS/ANSWER/32040?HL=EN. Your password should be updated every three months.
  3. Consider changing the username to something less common – do not use admin or administrator.
  4. Ensure that you have all the patches installed, which are available for download onMY ACCOUNT for Enterprise Edition customers and on the COMMUNITY EDITION DOWNLOAD PAGE for Community Edition.

IP Whitelisting

The best way to protect access to admin and downloader locations is to enable access only for users coming from a specified IP address or network. This works best if you always access the store backend from the same location and computer or computers. To find your IP address you can use Google:HTTPS://WWW.GOOGLE.COM/SEARCH?Q=WHAT+IS+MY+IP. It should show an address like 111.222.333.444 . This solution will not work properly if you are using dynamic IP addresses or accessing the backend through a mobile device. If your company has a remote workforce, it is important to add their IP addresses as well to ensure that they have access to the network.


If You Are Using Apache Web Server

Modify the existing .htaccess file in /downloader. Add the following at the end:

order deny,allow

deny from all

allow from x.x.x.x

You can use multiple allow statements to allow access for more machines or locations.

If You Are Using Nginx Web Server


If you have full access to your server, you can modify the Nginx configuration yourself, following instructions posted at HTTPS://WWW.NGINX.COM/RESOURCES/ADMIN-GUIDE/RESTRICTING-ACCESS/


The admin panel is accessible through /admin and /index.php/admin URLs (or custom paths that you can choose), but it is not a real directory on the server and therefore needs to be protected differently. The same holds true for admin RSS feeds such as low stock notification or order status updates.

The way to protet the admin panel and RSS feeds is to redirect requests coming from unknown IP addresses to the main page. This can be done by editing the .htaccess file in the root Magento folder and adding the following just right after rewrite rules for mobile user agents, which is located just before a section called “always send 404 on missing files in these folders”.




RewriteCond %{REQUEST_URI} ^.*/RSS/ORDER [NC]

RewriteCond %{REMOTE_ADDR} !^

RewriteCond %{REMOTE_ADDR} !^

RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=302,L]

If You Are Using Nginx Web Server


If you have full access to your server, you can modify the Nginx configuration yourself, following instructions posted at HTTPS://WWW.NGINX.COM/RESOURCES/ADMIN-GUIDE/RESTRICTING-ACCESS/

Fail2Ban Adaptive Filtering

Note: this section is based on information from created by the authors of

If you have full access to your server, you can install fail2ban software which can limit or stop guessing attacks. An example configuration for Nginx is shown below. Note: this configuration does not block access to RSS feeds. Please work with your system administrator or hosting provider to implement fail2ban properly.

Code to add to /etc/fail2ban/jail.local


# Only ban after multiple retries.

# Use this for “soft” bad behaviour.

port = http,https

filter = hn-nginx-retry-ban

logpath = /var/log/nginx/access.log

bantime = 7200

maxretry = 10

Code to add to /etc/fail2ban/filter.d/hn-nginx-retry-ban.conf:


# Use this for “soft” bad behaviour, as the source will only be banned after multiple retries.

failregex = ^<HOST> .+”POST \S+(/downloader/|/downloader/index.php\?A=loggedin|/admin/index/|/admin/)\s

ignoreregex =

In the line listing locations, you can add your custom admin path with |/custompath/.

Change the Location of the Admin Panel and Magento Connect Manager

Password guessing attacks assume typical admin panel locations like /admin, /backend, /manage, /control and similar and the default location of Magento Connect Manager: /downloader. Changing the location of the admin panel and downloader can reduce the likelihood of being targeted by a generic attack. However, it does not protect against targeted attacks as the attacks might try to guess the location first with multiple requests.

Note: some Magento hosting providers have specific security rules that apply to default locations. Please ask your hosting provider if they recommend changing the location before making this update.

Note: if you are not planning on installing extensions from Magento Connect you can delete or fully block access to the downloader directory.

Change the Name of the Admin Panel (Magento 1 Only)

Changing the name of the admin panel can also help to protect it from attacks. To change the name, first log into the admin panel and navigate to System -> Cache Management.

Then you will need to edit file app/etc/local.xml in your Magento installation and change the name in section admin -> routers -> adminhml -> args -> frontName.

After this change you need to clear all the caches and then log out and log in again using the new URL.

Change the Name of Magento Connect Manager (/Downloader) (Magento 1 Only)

Another approach is to change the name of the Magento Connect Manager. Once you have made this change, it will no longer be possible to open Magento Connect Manager from the Magento admin panel. It must be accessed directly using the new URL.

To change the name of Magento Connect Manager, simply change the folder name from downloader to something unique.

In summary, there are several approaches you can take to help protect your store from brute-force password guessing attacks. We recommend that you quickly review these approaches with your Solution and Hosting Partners and implement the ones that are best suited to your unique situation.


MagentoU – 5 years ago today


Five years ago today I attended the MagentoU class at Magento HQ in Culver City, California. It was an intense week-long class taught by Ben Marks and Vinai Kopp. I learned a lot that week and met some really nice people! I framed the completion certificate and still have it hanging on my wall.

MagentoU Completion Certificate
March 11, 2011


I have a few more that I’ve added since then:

Yes, my office wall is orange. I have a few lanyards from Magento Imagine and Magento Innovate along with some MageShades.


Today, I’m spending my Saturday learning and tinkering with Magento2. I want be ready whenever the M2 Certification comes out (I’ve heard December 2016).

Facebook reminded me of this anniversary date so below are some of the pictures that I took during the 2011 MagentoU class. Time flies!

The hallway at Magento HQ had these pictures hanging on the wall.


More MagentoHQ hallway pictures including one of Bob Schwartz


First floor of MagentoHQ. There was a coin operated bull ride there for some reason.


Upstairs, looking down from the balcony


Random conference room


Looking down from the balcony. The blurry guy waving is Ben Marks


From the upstairs balcony a fake beach scene sits on top of the offices below complete with beach towels, coolers and chairs


The Magento logo. Why doesn’t Magento sell things like this? I’d love to have a Magento light on my wall.


Close-up of the coin-op bull ride. My phone camera wasn’t that great at the time so some of these turned out blurry


Vinai teaching class. I’m pretty sure he’s forgotten more about Magento than I’ll ever know


In class


Sign set up outside of class. The building where the classes were held was right next door to MagentoHQ. There was a print shop downstairs from the MagentoU class that was packing up. During class the room would change slightly throughout the day due to remodeling. Occasionally I’d turn around and think something like “that clock wasn’t hanging there this morning…” or “when did they paint that?” They were like decorating ninjas.


Day 2 or Day 3


View from the hotel


View from the hotel at night


<=> PHP7 and Magento (M)


I finally installed PHP7 this weekend and ran some Magento local dev sites. The speed increase is impressive! It’s so much faster that it should be a mandatory requirement.

There’s only a couple of minor quirks, like not having dl() support which killed a couple of the extensions that had copy-protection on one site.  There’s a couple of small things to do to make PHP7 work but it’s covered below.  If you’re ready to take the Magento/PHP7 plunge and are using Ubuntu then this is how you can do it.

First, you have to remove your php5 install.

Remove php5

Warning: This will remove php5 from your system completely. 

sudo apt-get purge php5-*

Add the PHP7 repository

sudo add-apt-repository ppa:ondrej/php

sudo apt-get update

Install PHP7

sudo apt-get install php7.0

Install PHP7 components

sudo apt-get install php7.0-cli php7.0-common libapache2-mod-php7.0 php7.0 php7.0-mysql php7.0-fpm php7.0-curl php7.0-json php7.0-cgi php7.0-mcrypt

sudo service php7.0-fpm restart

sudo service apache2 restart

The Magento PHP7 Fix

Inchoo has this ready in an easy to install extension:

You may also need:

sudo apt-get install php7.0-intl php7.0-xsl php7.0-gd

(Thanks to Dave Moore for the tip)


Common problems with Magento after installing PHP7

If Apache is dumping plain text php instead of rendering it then be sure that you’ve installed libapache2-mod-php7.0.

sudo apt-get install libapache2-mod-php7.0

sudo service php7.0-fpm restart

sudo service apache2 restart

Getting a white page or error about mcrypt in Magento?

sudo apt-get install php7.0-mcrypt

sudo service php7.0-fpm restart

sudo service apache2 restart



Magento Certified Solution Specialist



I passed the Magento Certified Solution Specialist on July 9, 2015. If you’re thinking about taking this one then be sure to study your e-commerce terms and get very familiar with Magento’s admin.  This study guide helped me the most:  Thanks Demac Media!

Dr. Horrible’s Traceroute



Dr. Horrible’s Sing-A-Long Blog is great.  Someone set up a series of hops that can be seen with a traceroute.  Here’s the whole thing when it works:



Here is as far as it gets for me:

13 ( 89.856 ms 89.849 ms 91.998 ms
14 ( 98.748 ms 96.610 ms 98.771 ms
15 ( 106.758 ms 109.627 ms 111.734 ms
16 ( 115.985 ms 117.089 ms 116.059 ms
17 he.rides.across.the.nation ( 126.142 ms 127.243 ms 100.983 ms
18 the.thoroughbred.of.sin ( 110.806 ms 116.876 ms 114.169 ms
19 ( 121.451 ms 126.479 ms 121.535 ms
20 ( 127.869 ms 132.238 ms 132.122 ms
21 it.needs.evaluation ( 137.586 ms 137.481 ms 141.631 ms
22 ( 151.420 ms 151.885 ms 149.410 ms
23 a.heinous.crime ( 134.791 ms 135.484 ms

It timed out here but still very cool.

Magento Imagine 2015 – Monday


Lots of walking at Imagine.  This was for today according to my phone’s pedometer.

Goodnight. More of the same all day tomorrow!