May 5, 2016

Tech Debt and the Illusion of an Easy Framework



As web development became more and more complicated, developers big and small began relying heavily on third party platforms which they would then modify and theme, Everyone has heard of them, Wordpress, WooCommerce, Magento, etc. We followed this trend with all the rest.

In theory they allow us to free up our time spent building a platform and instead be creative. Another company is taking care of security, building plugins and features, and we can coast on that.

In reality we found ourselves putting out fires from security hole to security hole to serious security hole to major security hole… You get the rest. We didn’t feel secure at all.

But the features! Point, click, plugin installed, so easy, we don’t need to write code anymore...

Not so fast, these plugins quickly put us deep in technical debt .

What does tech debt mean in this case?



It means risk. Often these plugins were very poorly coded by offshore developers, have security exploits of their own, are barely or incorrectly documented, never tested or tested against a fictional demo that didn’t involve thousands of products thousands of customers and thousands of orders and dozens of other plugins. We have purchased plugins for hundreds of dollars only to find obvious bugs inside of them which would have prevented the plugin from ever functioning as described.



It means Slowwwwwwwwwwww sites , seriously slow. Bad code that does complicated things hundreds of times once for every product on a page or in your catalog, taking 5-10 seconds to load a single page. The solution was often to stick a slew of additional plugins for Magento site speed that add their own debt to the equation



It means insecure sites , some overseas developers are not in any way liable if your store, your livelihood is destroyed by careless code overriding secure functions. Often these plugins become crucial to the operation of the store, but those aforementioned security exploits come out and the plugins are incompatible putting you in a terrible situation of choosing essential function, or security. Even when you can update plugins often make this take many hours more.



It means buggy sites , this is code ridden with spelling errors, coding bugs throwing Millions of errors into the log files every day, reacting in unexpected and seemingly random ways, odd bugs where some users would simply see a white page or be unable to checkout, or HTTPS not working because the plugin developer hardcoded your Ecommerce plugin to be HTTP:// only!



It means expensive sites … We have personally seen cheap plugins require integrations taking dozens of programming hours, dozens of hours of project management, and days of delays while we wait for responses from support contacts outside the US that often come back with difficult to decipher language from non-native English speakers. We have seen days of delays come from language barriers and support that is less than stellar. We have seen plugin developers testing untested code on live sites to see what fixes their bugs, we have actually seen "reputable" plugin developers install and leave Unprotected Exploitable Backdoor Hacking Tools on e-commerce sites to make their work easier and other reckless and unprofessional actions.

All of this turns your formerly simple site into a maintenance nightmare completely negating all savings plugins ever could have had. We often end up spending more time fixing a bug in bad code than it would have taken to just write the functionality from scratch.

So we threw the whole plugin mess out.

E-dreamz is very proud to announce we built our own solution in house, the bones are based on some excellent code written by very smart people, but the platform was built entirely in house by our team of developers. We call it Echo+ (echo.edreamz.com)

Echo+ was built with each and every one of these issues in mind, we refuse to get burned again.

Echo+ is simple to update , we have built everything on a platform that allows us to code once and update all Echo+ sites briskly, we never want any of our clients running old versions, and if we build it right, you won’t have to.

Echo+ doesn’t run plugins! Instead we integrate properly safely and securely with trusted vendors via their documented API’s. Other common plugins, we built right in, but we built them the right way. Our rapid component builder lets us build an array of features quickly in a secure updatable way.

Echo+ kills it on speed, we built the system from the ground up to make efficient calls of the database, followed up by intelligent caching at every layer that never causes issues like bolted on solutions, but results in some serious speed.

Echo+ is secure. Advanced XSS filtering, built in firewalls, protections against malicious injections, cutting edge system requirements, lots of geeky stuff makes us sleep well at night knowing our foundation is rock solid.

Echo+ is stable. No plugins fighting, a simple clean code base we wrote recently, things done the right way the first time keep us out of tech debt hell.

Echo+ is a great option to consider , if you are considering a solution like Wordpress, Magento, Joomla, etc, Give us a call, we would love to talk about our experiences here, and how Echo+ can help you avoid getting stuck in tech debt.

Icon made by Freepik from www.flaticon.com - Main image by www.stockmonkeys.com

BACK TO BLOG

By: Josh Hibbard

Systems Administrator