osCMax 2.0.4 Release: Security Management

on November 10th, 2009 | File Under ecommerce -

The osCMax project recently released an updated version of osCMax which removes the File Manager and Define Languages tools due to unspecified security concerns.

Details can be found in the osCMax forums – http://www.oscmax.com/forums/announcement-discussions/20984-security-notice-oscmax-2-0-4-released.html and in the osCMax Blog – http://www.oscmax.com/node/341

Few details are available but this flaw may also affect CRE Loaded and other osCommerce derivatives…

No Comments

osCommerce code modifications and PS-Pad

on February 6th, 2009 | File Under development, ecommerce, Open Source -

I’ve recently had to rebuild my working toolset again, following a catastrophic static electricty event which bricked my primary working machine.   The situation is not entirely gloomy though.  It has brought me the opportunity to work with a few new (to me anyway) open source tools.  One of them is the PSPad editor.  Its a handy little editor – and a worthy competitor for my old standby, HTMLKit.  The feature list is different – and one feature comes in REALLY handy as I work on catching up with some cart customization tasks that I want to capture in a modification list.  You know the routine – generating a list of instructions such as “near line 12849823  find  this code and after it add this” and so on.

PSPad has a nifty search feature that really helps here.  On the search box, you can elect to “List” the search results.  This opens a status window with the search results – and presents a button that can be used to open the list in a new file.  The results look like this:


222: ‘v_products_quantity’          => $iii++,
261: p.products_quantity as v_products_quantity,
289: ‘v_products_quantity’          => $iii++,
296: p.products_quantity as v_products_quantity
396: ‘v_products_quantity’   => $iii++,
488: p.products_quantity as v_products_quantity,
539: ‘v_products_quantity’   => $iii++,
546: p.products_quantity as v_products_quantity

Nifty.  How is this handy?  A number of ways.

First – if you are adding or modifying a given field, this gives you a listing of where it occurs in the file – with line numbers.  This provides a handy guide taking you directly to where you need to go in each file.   Simply work from the bottom of the list upwards, and the references will let you  generate your new code quickly and efficiently.

Next, if you are careful – this listing can form the basis for an instruction list.  The filename is even listed at the top for you already.   Using macro’s you can quickly change:

546: p.products_quantity as v_products_quantity


At about line 546:


p.products_quantity as v_products_quantity

Insert After:

p.products_unit_size as v_products_unit_size

There are a couple of small gotcha’s to watch for here.  The routine does truncate long lines.  Just copy and paste the actual lines from the target file over the output for the result being modified and you’re ok.  Matching the target code to a fixed release point of the distribution you’re starting from is also up to you.  Still, a handy approach to generating modification instructions whether for distribution to others, or just a helpful log of a mission accomplished!

No Comments

New osCommerce Project Launches – Same as the Old ?

on November 25th, 2008 | File Under development, ecommerce, education, Open Source, osCommerce, Personal -

Recently, Rhea Anthony, widely known to long time osCommerce users as Vger and a former member of Harald Ponce de Leon’s osCommerce development team launched a bid to assume control of the osCommerce code base and community.  She and a number of other major contributors to osCommerce have relocated their oscanswers.com forum to a new domain – http://www.oscommerceproject.org , and releasing a distribution based on the most recent osCommerce release 2.2 RC2B which they are calling osCommerce 2.0 Final.

That community members involved as long as this team can’t recall that the current osCommerce 2.2 development work was preceded by an osCommerce 2.1 release is a clear indicator of the necessity of this action if osCommerce is to survive as a project at all.  8+ years between releases is entirely too long.

In her first blog post as osCommerce Project leader,  Rhea tells a bit about herself and comments on the reasons for this drastic action.  If you have any interest in osCommerce at all, I strongly encourage you to read this post.  It is an interesting description of one view of the osCommerce community from a member who has been persistent and energetic in contributing to others.  But, it is one view.

The term “believer” has been a very powerful term in the osCommerce world in both positive and negative ways.  I can easily sympathize with Rhea’s obvious disappointment at the disdain directed towards community members who claimed to be or were described as believers.  Having been among those who were disparaged by groups of “osCommerce beleivers”  because my own beliefs differed from their own, I also understand the disparagement.  We all beleive in something.  But some community members have and do beleive that the rest of us should beleive what they do and nothing more.

This lack of tolerance from and courtesy towards others is a deadly poison for any community.  The cure begins with leadership.  So, it is an encouraging step that Rhea has made the effort to establish regular communications via her blog early in the process of transforming the oscanswers forum into the oscommerce project site.  Keep it up, Rhea.  I can’t say I’m a great blogger either.  But I can say it does get easier with time.  Along the way, I hope to see  you create a more open and accepting osCommerce community.  Towards that end, here are a few suggestions:

  1. Don’t settle for a development team.  Build a development community whose activities are open to all.  When viewpoints differ, establish working groups to represent those viewpoints with code that can prove or disprove their theories.  This is the one of the most powerful uses of branches.  They feed the tree, they don’t starve it.
  2. Build a documentation group.  Insist on performance from them, and cooperation with them so that technical documentation is available to all.  You can’t build consensus without it.
  3. Open the community to discussion of related projects in some way.  No project can benefit from code comparison and evaluation when the discussions are splintered across dozens of forums.  At the very least, branches should be able to post links and route discussion accordingly.
  4. While disparagement and exclusion of community members should be avoided like the plague, the same can not be said of code contributions.  Once API documentation is published, contributions which fail to comply with coding standards should be ruthlessly separated from the rest or even deleted.  Establishing separate management of experimental API code is essential.
  5. Open development discussions.  Smoke filled rooms are great for monopolists.  They have no place in Open Source.  So what if crackers can see your plans.  It is not like they can’t read your code.  Keep your code discussion lively and take some time to explain things.   Knowledge is power, but its like manure – its got to be spread to be effective.

At this early stage, it is hard to see much difference between this new osCommerce Project and the old one. Time will tell, and I’m sure the differences Rhea mentioned will become apparent soon.  The sooner, the better.

It is good to see new osCommerce releases, and active development.  As one old Democrat to another, I’m happy to bid the new osCommerce Project welcome to the open source ecommerce community.


CRE Loaded: You’ve Lost That Loving Feeling…

on November 4th, 2008 | File Under creloaded, osCommerce -

In an unpublished article I started on October 15, I stated “Kerry Watson’s new article was posted today on ecommerceguide.com. You can find it at: http://www.ecommerce-guide.com/news/news/article.php/3777841 . It is entitled, “Can Iozzia Get the CRE Loaded Love Back?”. The short answer is no.”

While I still think I blew off a bit more steam than I want to publicize so quickly after Chain Reaction’s devastating implosion (or indeed – at all), events since then have made me reconsider addressing the issue in this venue though not the conclusion of my initial paragraph.  First off was the management of the all too expected eruption of steam following Sal’s “grand return” and the unbanning of a number of long time community members who were neither happy at being banned, or impressed with claims of change.  One of the most vociferous was Michael DesMarais of Supreme Center Hosting .

Read More


New Easy Populate Tutorials In Development

on October 3rd, 2008 | File Under development, education -


We are finally resuming the development of educational materials here at our nascent Open Source eCommerce University. A new Flash tutorial on updating prices and quantity with Easy Populate is in rough draft, along with a written guide. Its not before time. Its been months since we released anything new in the Moodle installation – but it is getting a face lift, with a new theme to match the rest of the site and new content to match. We will be trying some new arrangements for our classes, and bringing live chat to the table in the near future for those who wish to meet vendors versed in CRE Loaded, osCommerce and other packages serving the Open Source ecommerce marketplace.

Look for a first release of this tutorial in 2 to 3 weeks max.

No Comments

CRE Loaded Founders Leaving?

on September 22nd, 2008 | File Under creloaded, development, ecommerce, osCommerce -

Recently a blog entry by Anna Bergman entitled, “Why Would you Want Cre Loaded for your E-store?” was brought to my attention.  Not only for its content, but due to the nature of a reply to that post.

First, lets address Anna’s content.  She notes that:

“CRE Loaded currently has 39 additional modules over and above the many that are already included in the default OsCommerce installation. CRE Loaded also offers powerful shopping cart solutions in both the free and paid editions. CRE Loaded has a better template system and its “affiliate manager” allows you to specify the per sale payment percentage rate for each of your affiliate accounts as well as providing a tiered structure that is based on sales performance.”

This is not quite the truth.  CRE Loaded contains considerably MORE than 39 additional modules, and even more modifications to that module set intended to make it more powerful and convenient than its stock osCommerce parent.  Further, it has had a large number of security related modifications added.  I’m proud of the work I carried out first as Project Manager, then as Chief Operating Officer, and happy to be recognized as a founder of CRE Loaded. Read More

No Comments

osCommerce and Magento Differences: Its more than the API

on June 8th, 2008 | File Under ecommerce -

I’ve worked with osCommerce and its derivatives for quite some time now. So had the architects of the Magento shopping cart before they came up with the idea of building a completely new Open Source shop cart. Given that osCommerce is widely considered to be the most popular Open Source cart, and that it has at last count 4766 community contributions from its 178,210 members you might wonder why they felt the need for a new cart. It is a good question, and here are my comments on one aspect of the question.

osCommerce has a very minimal release schedule. The Open Source philosophy of “Release Early, Release Often” is just not on the agenda. The last few releases have been backports of new code with minimal impact in terms of business features available in the cart.

Magento has, thus far, offered frequent releases offering significant new functionality long requested by members of the osCommerce community. Data export tools and a much improved backend are only the beginning – the difference is just huge. osCommerce is rather undocumented – and certainly so in terms of official documentation released by the designer. It has a person (one) responsible for developing or leading development of documentation – but little if any cohesive information pertinent to the current release. osCommerce does have established (if poorly understood) API’s for module development and a large body of shipping, payment and order total modules exists.

Magento has selected a professional PHP development framework on which to base development – offloading part of the development and documentation cost while taking advantage of organizations known for excellence in training. Varien has made an effort to get documentation in place with a wiki which, if not regularly maintained, does offer documentation by development team members which can be used to build shipping and payment modules. These are certainly very reasonable areas of focus for a project in this stage of its life cycle, and the practice bodes well for the future.

The osCommerce website features an active community forum with many involved community members. Quite a few of those members are technically accomplished and offer willing assistance. But there is little to no participation from the project members – announcements are few and far between and while many fans of the project constantly urge new members to wait for the 3.0 release of osCommerce – the 3 year wait for a release strains their credibility to the breaking point. If not further.

The Magento website encourages participation and has many actively involved members from both the community AND the project. The rapid move from the 0.7 release to a full 1.0 release is a welcome change. While it has resulted in some lag between semi-official Wiki postings on the APIs intermittent postings and updates by official developers offers a new hope that finally some balance between progress and stability will be available in an Open Source eCommerce project.

By now, the picture should be clear. You could say that the  single biggest problem faced by the osCommerce community is the lack of an osCommerce project. Lacking this challenge, even the technical difficulties related to an EAV based database management scheme and the high demand for buzzword compliance placed on Magento coders is unlikely to hold this new kid on the block back for long.


Some Comments on the Commercial Implications of Open Source Software

on April 10th, 2008 | File Under creloaded, development, ecommerce, Open Source, osCommerce -

Recently, I was asked to explain how I thought any company could protect their brand when releasing software under the General Public License. This shortly after I encountered a post stating CRE Loaded “Never made it clear” the software was released under GPL. The second assertion is quickly dealt with. Provided the user can read basic English – the licensing is posted in the footer of every CRE Loaded distribution as follows:

E-Commerce Engine Copyright © 2003 osCommerce Portions Copyright © 2003 – 2006 CRE Loaded Project
osCommerce provides no warranty and is redistributable under the GNU General Public License
Chain Reaction Works, Inc provides no warranty except as to associated support contracts
which are limited by and to the Service Level Agreement.
Powered by Oscommerce Supercharged by CRE Loaded

If this does not make it clear the observer is either illiterate, stupid or criminal and hoping his potential victims suffer those conditions.

Frankly, I don’t understand how this long after the initial GPL release anyone could not understand it’s implications. Probably the most important fact about the GPL is that is is a license. Let me say that again – slowly: the General Public License is a LICENSE.

A license is defined by Mirriam-Webster as “ c: a grant by the holder of a copyright or patent to another of any of the rights embodied in the copyright or patent short of an assignment of all rights”. Parse that slowly if you will. “A grant by the holder of a copyright or patent” – the developing authority holds either a copyright, a patent, or both to their software. “short of an assignment of all rights” – the developing authority retains rights to the software. There. Was that so hard?

So, the question is, to what rights to do the developers retain ownership and/or control. The nature of software licensing should make it pretty clear that those rights include the copyright – which the GPL allows them to enforce; and the rights to trademarks, service marks and other tools used to brand the software. Given that anyone in the software industry in general and ecommerce in particular deal with licensing every day by now we should understand this. A huge percentage of all computers sold around the world carry with them a Microsoft software license. This is a given. Yet no one doubts that that license allows them to use the software, but does not give them a right to call themselves Microsoft, claim a partnership with Microsoft, use the Microsoft Logo on their own products or in any other way represent themselves as being a part of Microsoft.

What the osCommerce Project has to say on these issues can be found here, in their own statements on Trademarks and Copyrights. They are well worth reading. In fact, I would go so far as to suggest that they should be required reading of anyone who installs the software. They are easy enough to understand, but equally easy to forget. I am thankful to have been given reason to review them – and plan some site modifications as a result. I want it to be clearly understood that this site is about all Open Source eCommerce, not just osCommerce. Nor is there any connection between this site and the osCommerce project. We are not reviewed or controlled by the project, and other than their clearly identified RSS feeds all content here is copyrighted under terms substantially similar if not identical to those posted by the osCommerce Project.

Their position boils down to normal usage and common sense – materials are copyrighted by the producers, some rights are granted them as the site owner, all software contributed is donated under the same GPL which applies to osCommerce itself, and their trademarks remain theirs. This is as it should be, and not substantially different than many other Open Source projects. Another interesting document which can be found on the osCommerce project site is their Open Source Definition

The first three items are of particular interest here. To quote their document, making fair use, those items are:

  • Free Redistribution
    No restrictions are placed on parties from selling of giving away the software.
  • Source Code Availability
    The software must include source code and must also allow for binary distributions when there is a well-publicized means of obtaining the source code.
  • Derived Works
    Modifications and derived works must be allowed, and must be distributed under the same terms as the license of the original software.

So, getting back to the remaining question of how branding can be protected while the software is given away.

The pertinent GPL Version 2 clause in my opinion is section 7 (aka the “Liberty or Death” clause”). It says the following:

7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License”So – you can’t stop the software from being given away. But, ” It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims;” Brands and trademarks are property. They are subject to many property rights both implicit and explicit – though these vary significantly from one jurisdiction to the next (one reason there is a GPL 3.x). They existed when the first GPL was written – and this clause has the significance of requiring any further distribution for sale to be clearly identified as “Derived Works“.

So, you can modify commercial GPL software, you can give it away, or sell it. But you legally, morally or ethically cannot do so while claiming to be the original author.

There remain other issues, but from an ethical if not legal standpoint there is no real obstacle to commercializing Open Source software. In fact, there are many issues which push for it – the need or desire of business operators to be able to obtain support, or to acquire a version of the software which is less unstable than the free releases being just two good examples. More on those in a future posting.

No Comments

osCommerce University Rollout Progressing

on February 14th, 2008 | File Under ecommerce, oscuni -

by David Graham.

Well, it seems like it is taking forever, but osCommerce university
is progressing in its roll out phase.

One key issue has been the completion of my book, Inside CRE Loaded
– Volume 1: The Essentials. This is important as it will provide a
basis for coursework development in the coming months. It is now
progressing towards release, with the editorial process well in
hand. The eBook should be available within 1 to 2 weeks, and the
paperback release should follow closely.

We have also had some issues with e-mail setup over the past few
weeks, and thank goodness we are getting that resolved. With 3
users already signed up, I’m happy to see there is indeed some
community interest in the site.

One idea I am working on now, is a series of free
seminars/discussion groups covering the basics of ecommerce sites,
and the fundamentals of osCommerce site setup and configuration.
This is not only to build interest in the site, but to start as
quickly as possible to deliver on our promise as a premier
education site for Open Source ecommerce. I’m looking forward to
getting started!

No Comments

Flash Tutorial development in progress.

on February 14th, 2008 | File Under creloaded, osC Max, osCommerce, oscuni, Zen Cart -

by David Graham.

Well, it has been awhile since I posted here, and a progress report is way
overdue, so here goes.

First, I’ve completed our first FLASH tutorial on CRE Loaded. This
movie covers installation, and will be followed within a week on
equivalent material covering osC Max (60% done), Zen Cart and
osCommerce (each about 10% complete).

WINK has been a real blessing. This free Open Source Flash tutorial
creator (found at http://debugmode.com) manages screen captures in
a variety of ways which make capturing tutorials a relatively quick
and easy task. Additional tasks such as affects for video markup
are a bit more involved, but the package is definitely well worth

I have a pretty good sized number of tutorials to create before I
can launch a full course, but I expect to be able to move more
quickly as I get the first dozen or so created.

No Comments