by Michael Cropper | Mar 23, 2016 | Developer, Security, Technical, Thoughts |
If it ain’t broke, don’t fix it, right? Wrong. This is the belief system of inexperienced software developers and businesses owners who are, in some cases rightfully so, worried about what problems any changes may cause. The reality though is that as a business owners, development manager or other, you need to make sure every aspect of software you are running is up to date at all times. Any outdated technologies in use can cause problems, likely have known vulnerabilities and security issues and will ultimately result in a situation whereby you are afraid of making any changes for fear of the entire system imploding on itself.
Ok, now I’ve got that out of the way, I assume you are now also of the belief system that all software needs to be kept up to date at all times without exception. If you are not convinced, then as a developer you need to come to terms with this quickly, or as a business owner you have not been in a situation yet which has resulted in a laissez-faire attitude to software updates costing you tens of thousands of pounds to remedy, much more expensive than pro-active updates and regular maintenance.
The biggest challenge software developers face at the coal face of the build process is the inherent unpredictability of software development. As a business owner or user of a software application, whether that is an online portal of some form, a web application, a mobile app, a website or something in between, what you see as a user is the absolute tip of the iceberg, the icing on the cake and this can paint completely false pictures about the underlying technology.
Anyone who has heard me speak on software development and technologies in the past will have no doubt heard my usual passionate exchange of words along the lines of using the right technology, investing seriously and stop trying to scrimp on costs. The reason I am always talking to businesses about this is not as part of a sales process designed to fleece someone of their hard earned money. No. The reason I talk passionately about this is because when businesses take on board the advice, this saves them a significant amount of money in the long run.
To build leading software products that your business relies on for revenue you need to be using the best underlying technology possible. And here lies the challenge. Any software product or online platform is built using a plethora of individual technologies that are working together seamlessly – at least in well-built systems. Below is just a very small sample of the individual technologies, frameworks, methodologies and systems that are often working together in the background to make a software product function as you experience as the end user.
What this means though is that when something goes wrong, this often starts a chain reaction which impacts the entire system. This is the point when a user often likes to point out that “It doesn’t work” or “This {insert feature here} is broke”. And the reason something doesn’t work is often related to either a poor choice of technology in the first place or some form of incompatibility or conflict between different technologies.
To put this into a metaphor that is easier to digest, imagine an Olympic relay team. Now instead of having 4 people in this team, there were 30-50 people in this team. The team in this analogy is the software with the individual people being the pieces of software and technologies that make the software work. Now picture this. An outdated piece of technology as part of the team is the equivalent of having an athlete from 20 years ago who was once top of their game, but hasn’t trained in the last 20 years. They have put on a lot of weight, their fitness level is virtually zero and they can’t integrate as part of the team and generally have no idea what they should be doing. This is the same thing that happens with technologies. Ask yourself the question, would you really want this person as part of the team if you were relying on them to make your team the winning team at the Olympics? The answer is no. The same applies with software development.
Now to take the analogy one step further. Imagine that every member of the relay team is at a completely different level of fitness and experience. Each member of the team is interacting with different parts of the system, but often not all of the system at once. What this means is that when one of the athletes decides to seriously up their game and improve their performance, i.e. a piece of technology gets updated as part of the system, then this impacts other parts of the system in different ways. The reality of software development is that nothing is as linear as a relay team where person 1 passes the baton to person 2 and so on. The reality of software development is that often various pieces of technology will impact on many other pieces of technology and vice versa and often in a way that you cannot predict until an issue crops up.
So bringing this analogy back to software development in the real world. What this means is that when a new update comes out, for example, an update to the core Apple iOS operating system, for which all mobile applications rely on, then this update can cause problems if a key piece of technology is no longer supported for whatever reason. This seemingly small update from version 9.0 to 9.2 for example could actually result in a catastrophic failure which needs to be rectified for the mobile application to continue to work.
Here lies the challenge. As a business owner, IT manager or software developer, you have a choice. To update or not to update. To update leads you down the path of short term pain and costs to enhance the application with the long term benefits of a completely up to date piece of software. To hold off on updating leads you down the path of short term gain of not having to update anything with the long term implications being that over time as more and more technologies are updated your application is getting left in the digital dark ages, meaning that what would have been a simple upgrade previously has now resulted in a situation whereby a full or major rebuild of the application is the only way to go forward to bring the application back into the modern world. Remember the film Demolition Man with Wesley Snipes and Sylvester Stallone, when they stayed frozen in time for 36 years and how much the world had changed around them? If you haven’t seen the film, go and watch the 1993 classic, it will be a well spent 1 hr 55 mins of your time.
The number of interconnecting pieces powering any software product in the background is enormous and without serious planned maintenance and improvements things will start to go wrong, seemingly randomly, but in fact being caused by some form of automatic update somewhere along the lines. Just imagine a children’s playground at school if this was left unattended for 12 months with no form of teacher around to keep everything under control. The results would be utter chaos within no time. This is your software project. As a business owner, IT manager or software developer you need a conductor behind your software projects to ensure they are continually maintained and continue to function as you expect. It is a system and just like all systems of nature, they tend to prefer to eventually lead towards a system of chaos rather than order. There is a special branch of mathematics called Chaos Theory which talks about this in great depth should you wish to read into the topic.
As a final summary about the inherent unpredictability of software development. Everything needs to be kept up to date and a continual improvement process and development plan is essential that your software doesn’t get left behind. A stagnant software product in an ever changing digital world soon becomes out of date and needs a significant overhaul. What this does also lead to is the highly unpredictable topic of timelines and deliverables when dealing with so many unknown, unplanned and unpredictable changes that will be required as a continual series of improvements are worked through. What I can say is that any form of continual improvement is always far better than sitting back and leaving a system to work away. For any business owner who is reading this, when a software project is delayed, this is generally why. The world of software development is an ever moving and unpredictable goal post which requires your understanding. Good things come to those who wait.
by Michael Cropper | Mar 6, 2016 | Future, News |
My primary role at Contrado Digital is talking to businesses about their ambitions, goals, plans and naturally the many problems they face within their businesses. While we can help out with most problems businesses face when it comes to digital, growth, online marketing and technology, one of the problems that we kept hearing was around recruitment. Not just for digital roles, but for many industries and organisations of all sizes struggling to recruit their ideal candidate.
Employers struggling to find the right skills for the job, not getting enough applicants applying for their jobs and in many cases, companies having to turn down work as they don’t have the right skills to fulfil the work. Even after paying thousands of pounds in job advertisements and recruitment related fees. This clearly isn’t a good situation for anyone involved. So we thought we could do something about that.
Introducing Tendo Jobs. The revolutionary recruitment platform is designed to link employers directly with job hunters in a fully transparent, seamless and highly efficient way. The risk free platform allows you to promote your job to active job hunters for free. Never worry about the traditional high cost of recruitment ever again.
Register now as an employer to promote your job vacancies to job hunters looking to find their next role. The platform has been designed to allow you as an employer to be fully in control of your recruitment process. With our sophisticated ApplicantRank algorithm working in the background, the perfect applicants are automatically prioritised for you so you don’t have to go sifting through hundreds of CVs.
If all of this wasn’t enough, while we are in the early stages of launching, everthing is completely free to use for early adopters! So if you are recruiting currently or know of a company that is recruiting, share this information.
by Michael Cropper | Feb 13, 2016 | Developer |
To set the scene. Firstly, you should never be hosting emails on your web server, it is extremely bad practice these days for a variety of reasons, read the following for why; Really Simple Guide to Business Email Addresses, Really Simple Guide to Web Servers, Really Simply Guide to Web Server Security, The Importance of Decoupling Your Digital Services and most importantly, just use Microsoft Exchange for your email system.
Ok, so now we’ve got that out of the way, let’s look at some of the other practicalities of web application development. Most, if not all, web applications require you to send emails in some form to a user. Whether this is a subscriber, a member, an administrator or someone else. Which is why it is important to make sure these emails are being received in the best possible way by those people and not getting missed in the junk folder, or worse, automatically deleted which some email systems actually do.
Sending emails from your web application is not always the most straight forward task and hugely depends on your web server configuration, the underlying technology and more. So we aren’t going to cover how to do this within this blog post, instead we are going to assume that you have managed to implement this and are now stuck wondering why your emails are ending up in your and your customers junk folders. The answer to this is often simple, it’s because your email looks like spam, even though it isn’t.
Introducing Sender Policy Framework (SPF Records)
The Sender Policy Framework is an open standard which specifies a technical method to prevent sender address forgery. To put this into perspective, it is unbelievable simple to send a spoof email from your.name@your-website.com. Sending spoof emails was something I was playing around with my friends when still in high school at aged 14, sending spoof emails to each other for a bit of fun and a joke.
Because it is so simple to send spoof emails, most email providers (Microsoft Exchange, Hotmail, Outlook, Gmail, Yahoo etc.) will often automatically classify emails as spam if they aren’t identified as a legitimate email. A legitimate email in this sense is an email that has been sent from a web server which is handling the Mail Exchanger technologies.
To step back a little. The Mail Exchanger, is a record which is set at the DNS level which is referred to as the MX record. What this record does is that whenever someone sends an email to your.name@your-website.com, the underlying technologies of the internet route this email to the server which is handling your emails, the server which is identified within your MX Record at your DNS. The server then does what it needs to do when receiving this email so you can view it.
For example, when hosting your email on your web server with IMAP (as explained before, you shouldn’t be doing this), your MX record will likely be set to something along the lines of ‘mail.your-domain.com’. When using Microsoft Exchange, your MX record will be something along the lines of ‘your-domain-com.mail.protection.outlook.com’.
What this means is that if an email is sent from @your-domain.com which hasn’t come from one of the IP addresses attached to your-domain-com.mail.protection.outlook.com, then this looks to have been sent by someone who is not authorised to send emails from your domain name, and hence why this email will then end up in the spam box.
With Microsoft Exchange specifically to use this as an example, you will also have an additional SPF record attached to your DNS as a TXT type which will look something along the lines of, ‘v=spf1 include:spf.protection.outlook.com -all’, which translates as, the IP addresses associated with the domain spf.protection.outlook.com are allowed to send emails from the @your-domain.com email address, and deny everything else.
This is perfect for standard use, but doesn’t work so well when trying to send emails from a web application. Which is why we need to configure the DNS records to make the web server which is sending emails from your web application a valid sender too.
How to Configure your DNS with SPF Records
To do this, we simply add the IP address of your web server into the DNS TXT SPF record as follows;
v=spf1 include:spf.protection.outlook.com ip4:123.456.123.456 –all’
Your records will likely be different, so please don’t just copy and paste the above into your DNS. Make sure you adapt this to your individual needs. That is it. Now when your web application sends emails to your users, they will arrive in their main inbox instead of their junk folder. Simple.
A few handy tools for diagnosing DNS propagation along with SPF testing include;
by Michael Cropper | Feb 7, 2016 | Developer |
Quick reference guide for how to implement. Let’s Encrypt is a new free certificate authority, allowing anyone and everyone to encrypt communications between users and the web server with ease. For many businesses, cost is always a concern, so saving several hundred pounds for a basic SSL Certificate often means that most websites aren’t encrypted. This no longer needs to be the case and it would be recommended to implement SSL certificates on every website. Yes…we’re working on getting around to it on ours 🙂
We recently implemented Let’s Encrypt on a new project, Tendo Jobs and I was quite surprised how relatively straight forward this was to do. It wasn’t a completely painless experience, but it was reasonably straight forward. For someone who manages a good number of websites, the cost savings annually by implementing Let’s Encrypt on all websites that we manage and are involved with is enormous. Looking forward to getting this implemented on more websites.
Disclaimer as always, make sure you know what you’re doing before jumping in and just following these guidelines below. Every web server setup and configuration is completely different. So what is outlined below may or may not work for you, but hopefully either way this will give you a guide to be able to adjust accordingly for your own web server.
How to Set up Lets Encrypt
So, let’s get straight into this.
- Reference: https://community.letsencrypt.org/t/quick-start-guide/1631
- Run command, yum install epel-release, to install the EPEL Package, http://fedoraproject.org/wiki/EPEL. Extra Packages for Enterprise Linux, lots of extra goodies, some of which are required.
- Run command, sudo yum install git-all, to install GIT, https://git-scm.com/book/en/v2/Getting-Started-Installing-Git
- Clone the GIT repository for Let’s Encrypt with the command, git clone https://github.com/letsencrypt/letsencrypt, http://letsencrypt.readthedocs.org/en/latest/using.html#id22
- For cPanel servers, need to run a separate script, hence the next few steps
- Install Mercurial with the command, yum install mercurial, http://webplay.pro/linux/how-to-install-mercurial-on-centos.html. This is Mercurial, https://www.mercurial-scm.org/
- Run the install script command, hg clone https://bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x /usr/local/sbin/letsencrypt && ln -s /usr/local/sbin/letsencrypt/letsencrypt-cpanel* /usr/local/sbin/ && /usr/local/sbin/letsencrypt/letsencrypt-cpanel-install.sh, https://bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x
- Run the command to verify the details have been installed correctly, ls -ald /usr/local/sbin/letsencrypt* /root/{installssl.pl,letsencrypt} /etc/letsencrypt/live/bundle.txt /usr/local/sbin/userdomains && head -n12 /etc/letsencrypt/live/bundle.txt /root/installssl.pl /usr/local/sbin/userdomains && echo “You can check these files and directory listings to ensure that Let’s Encrypt is successfully installed.”
- Generate an SSL certificate with the commands;
- cd /root/letsencrypt
- ./letsencrypt-auto –text –agree-tos –michael.cropper@contradodigital.com certonly –renew-by-default –webroot –webroot-path /home/{YOUR ACCOUNT HERE}/public_html/ -d tendojobs.com -d www.tendojobs.com
- Note: Make sure you change the domains in the above, your email address and the {YOUR ACCOUNT HERE} would be replaced with /yourusername/ without the brackets.
- Reference: https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621/
- Run the script with the commands;
- cd /root/
- chmod +x installssl.pl
- ./installssl.pl tendojobs.com
- Again, change your domain name above
- Set up a CRON Job within cPanel as follows, which runs every 2 months;
- 0 0 */60 * * /root/.local/share/letsencrypt/bin/letsencrypt –text certonly –renew-by-default –webroot –webroot-path /home/{YOUR ACCOUNT HERE}/public_html/ -d tendojobs.com -d www.tendojobs.com; /root/installssl.pl tendojobs.com
- For reference, The SSL certificate is placed in /etc/letsencrypt/live/bundle.txt when installing Let’s Encrypt.
- Done!
Note on adding CRON job to cPanel, this is within cPanel WHM, not a cPanel user account. cPanel user accounts don’t have root privileges so a CRON job from within here won’t work. To edit the CRON job at the root level, first SSH into your server, then run the following command to edit the main CRON job file;
crontab -e
Add the CRON job details to this file at the bottom. Save the file. Then restart the CRON deamon with the following command;
service crond restart
It is recommended to have a 2 month renewal time at first as this gives you 4 weeks to sort this out before your certificate expires. Thankfully you should receive an email from your CRON service if this happens and you will also receive an email from Let’s Encrypt when the certificate is about to expire so there are double safe guards in place to do this.
On-Going Automatic Renewal & Manually SSL Certificate Installation
Important to note that when you automatically renew your Let’s Encrypt certificates, they won’t be automatically installed. The installssl.pl script doesn’t seem to handle the installation of the certificate. Instead, you may need to update the renewed certificates within the user cPanel account for the domain manually. To do this, open cPanel and view the SSL/TSL settings page, update the currently installed (and about to expire) SSL certificate and enter in the new details. The details for the new certificate will need to be obtained via logging into the ROOT server via SSH and viewing the updated SSL certificate details in the folder, /etc/letsencrypt/live/yourdomain.com where you can use the command pico cert.pem and pico privkey.pem to view the details you need to copy over to cPanel. It’s decoding the SSL certificates in these two files to make sure the dates have been updated, you can use a tool such as an SSL Certificate Decoder to decode the certificate. If the certificate is still showing the old details, then you may need to run the command letsencrypt-auto renew which will update the certificates.
Hope this is useful for your setup. Any questions, leave a comment.
by Michael Cropper | Jan 12, 2016 | Digital Strategy, Future, News, SEO |
Welcome to 2016. After reviewing the physical post received for the first week back in the office, I can only sit here with my head in my hands pondering why businesses are still failing to grasp how fast the world is really moving around them and adapt accordingly. We’ve our usual tips and advice blog post on their way for what you need to be focusing on in 2016 for your digital strategy, but in the meantime I feel the need to express my opinion on the state of what can only be described as utter junk that had been posted out to me and the company. Please, just stop.
As you can see above, this is just a small selection of the garbage that was received, promotional pens labelled as “The Mythic Stylus Pen”, OK, I’m sure I know what one of these is, it’s not a unicorn walking down the street of Manchester blowing rainbows from its backside for f. sake. Sale catalogues, promotional material, wall planners, seriously who uses wall planners in 2016? Come on folk, please stop this. All of this junk received went straight into the bin. Stop wasting your money on junk and start to market your business effectively through digital channels. We live in a digital world, it’s time to bring your business into the 21st century.
Onwards and upwards. No more Same Stuff Different Day garbage. Think differently, revolutionise your business with digital channels and opportunities for your business to flourish in 2016. The same activities from the last 10 years quite frankly aren’t going to cut it in 2016.
by Michael Cropper | Nov 18, 2015 | WordPress |
Parallax design is a trend on many websites at the minute which can often give a classier feel to any website design. There are a few things you should know about it as this impacts the different styles that you may or may not like related to parallax design. Before we look at some of the considerations, let’s just compare this with a few examples of how this can look in practice.
Above you will notice nothing happens as you scroll. This is just a standard image.
Above you will notice how the image stays steady as you scroll, which reveals a different part of the image as you scroll.
Above you will notice how the image moves as you scroll and so does the part of the image you are viewing.
Working with Parallax Design
When working with Parallax Design, there are certain aspects to consider. Specifically the underlying technology you are using on your WordPress website or other front end framework. Depending on the underlying technology you have in place will depend on how simple or difficult this type of effect will be to implement on your website. Always consider the underlying technology choices to give you the most freedom when wanting to add cool effects like this to your website. When working with poor technologies, often your only choice is to look at rebuilding a website from scratch. When working with good technologies, you can implement this style on various parts of your website with ease, just as we have done here to highlight the different options available when working with the right technology.
by Michael Cropper | Nov 15, 2015 | Developer, Technical |
Naturally working on a lot of web application projects in multiple languages from Java EE to PHP to websites to mobile applications, one common thing that we see time and time again is the lack of thought that goes into design patterns for websites and web applications. Often having to pick up projects at this point, generally when they have already gone seriously wrong, we can’t but help think that there must be a better way to prevent these issues we see through sharing best practices to ensure scalable web applications are built and can be maintained with ease. Specifically for this blog post we are going to look at the Model View Controller MVC design pattern.
If you are working in any form of software development, website development or web application development, I’d argue that this is one of the most powerful design patterns to get your head around as when you fully understand the relatively simple approach behind the MVC design pattern this allows you to think about the structure of your code and project before jumping in and writing a single line of code. By taking this time up front, I can absolutely guarantee that this will save you an unbelievable amount of time working on your application over time and most importantly, for the businesses you are working with this will help to ensure bugs, features, functionality improvements and tweaks can be delivered much faster with fewer errors.
What is the Model View Controller MVC Design Pattern
So let’s just take things back a step as if you haven’t been working away on larger web application projects previously, you may not even be aware of the MVC design pattern, hopefully you are away of what design patterns actually are if you are working in web application development though, if not, then I recommend going on a date with Amazon to learn about design patterns.
The MVC design pattern is a way of structuring your code to break up the key elements of your web application which includes;
- Model: These are the bits of code that actually do things
- View: These are the bits of code that make the things look pretty
- Controller: These are the bits of code that control what happens when someone requests a resource such as a page on your website, the business logic of your web application
Ok, so it’s a little more complex than that in the background, but that is MVC explained in the simplest way. I’m not going to talk about the theory of MVC to the n’th degree, instead I’m going to look at the practicalities of MVC while dabbling into the Single Responsibility Principle design pattern and how the two link together extremely well.
For the purposes of this blog post, we are going to focus on Java as the programming language to highlight this concept as Java is better than PHP. Fact (in my opinion). 😉 (cue the haters…). On a serious note though the reason why we’re looking at Java for this example is because it is more suited to using a structured MVC design pattern for projects than PHP is, on the whole, which is due to the separation of the Model (Java classes), the View (JSPs) and the Controller (Java Servlets) which link in nicely together. For the same MVC setup in PHP you will probably be looking at something like the Zend Framework which has been designed to focus around an MVC architecture. With that understanding, let’s look at the practicalities of MVC and why this is such an awesome design pattern that you really need to be using.
Benefits of the MVC Design Pattern
Before we jump into a few simple examples of using the Model View Controller MVC design pattern, lets first just look at why this is such an awesome design pattern and why you should seriously consider using this for a variety of the web application projects you are working on.
Separation of Concerns
Being able to separate the key parts of your web application into the Model, the View and the Controller is an extremely efficient way of working. Being able to separate out the key functionality within your application from the business logic from your application and separating the visual and layout side of your application means that you can clearly focus on the task at hand and work effectively throughout your code.
Focused Developers and Niche Sill Sets
By breaking out your web application into key aspects this allows individual developers within the team to be highly specialised and focus on the areas that they are good in without worrying about other skill sets that are likely outside of their expertise. For example, front end developers who are extremely proficient in HTML, Javascript and CSS are likely to be a little confused by back end technologies such as Java Servlets, database connectivity and APIs. Likewise, developers focusing on the business logic of an application are likely more well suited to this opposed to writing the key functionality and connecting with external APIs and more.
This also allows updates to various points within your web application without impacting the other aspects. For example, you can quite simply make changes to your user interface without impacting the business logic within your application. This is an extremely powerful setup to allow your web application to be modified with ease.
Parallel Development across Multiple Teams
As your web applications grows, multiple teams of developers will be working on your application code base to enhance features and functionality. By using a true MVC design pattern, this allows multiple people to work on your code base with ease.
As your web application grows using a non-MVC design pattern, you will soon reach the point whereby developers are struggling to work on a project without impacting the work of another developer, to the point whereby this may actually restrict the amount of work that can be completed during any given time scale. This is not a good position to be in and if you reach this point, you will soon see how much more efficient the MVC design pattern really is.
MVC in Practice
Within Java, you have your deployment descriptor which is designed to control how requests are handled when a user types in a URL on your website. For example, when someone visits www.example.com/login/ the web.xml file will send the request on to the Controller file named Login.java in this example;
The Controller – Login.java
Taking this example, the Controller is just a standard Java Servlet which is designed to handle the incoming request and control whatever you want to do with these requests. For example, and keeping things basic, on a login page a user may have been redirected to this page after trying to access a restricted resource and it would be nice to redirect the user back to the page they were trying to access instead of to a generic login landing page;
The concept of the Controller is designed to take care of the business logic part of the web application so you can build in the logic you require whilst keeping the key functionality separate. This is hugely important as this means that as the development team grows one team can be working on the business logic while another team can be working on the key functionality without impacting the workflow of either team. The above example is purely the Controller which then forwards the request onto the JSP to provide the View aspect of the process, but we have missed one key aspect, the Model. In the example above there are no calls to and Model classes designed to pull in key data, so let’s look at an example where the Model is used before we look at the View part of the process.
The Model
So let’s imagine that whenever somebody accesses the login page, an email is sent to someone. You would never do this in practice as this is just pointless, but this highlights the concept of the Model. In the same context and looking at something more practical, you would use the Model to retrieve some data from the database such as a snippet of text for example which is controlled by a content management system type setup. Never the less, we’ll use this as an example.
The functionality to send an email has been broken out into its own class designed to break out the business logic which is “When someone views the login page, send an email” from the actual functionality for sending an email.
The Model – SendEmail.java
Looking specifically at the Model class, this is designed to actually implement the core functionality that you require. In this example send an email. From here, you can control specific functionality and separate this functionality completely away from the business logic of the application. Here helps you to work more efficiently by building up a solid and scalable library of core functionality that drives your web application rather than just simply working with a system which contains highly coupled code.
Taking this example beyond the simple SendEmail() functionality which is purely focused on completing a specific action in the background, another more specific example would be to collect data from the database which is then sent on to the View which is for the user to see who has requested the original resource. For example, taking the MVC web application to the perfect situation whereby every single aspect of content is purely database driven, the result would be a Model class along the lines of getMetaTitle(url) which is designed for the Controller to generate the correct meta data for the page that has been requested.
The Model classes are where the real power lies within your web application. Here lies the true power of how your web application implements the cool features and functionality throughout the entire system. The Controller allows you to do exactly that, control how the Models are pieced together when a specific URL is requested which allows you to create the fantastic experience for your website visitors.
The View – Login.jsp
So let’s look at a more practical example whereby you have used a Model class to retrieve some data from the database for what the HTML H1 should be. Once you have received this data in the Controller Servlet you need to then add this data to the Request object so that this can then be retrieved by the View JSP;
As can be seen in the code above from the Controller Servlet, setting the attribute for the data that you wish to pass to the View is the next step in the process. From here, now let’s look at the View part of the MVC design pattern to look at how to retrieve this data in a safe way.
Here we can take a look at the View, login.jsp, which is designed to handle the visual side of the web application. From here you have the ability to retrieve data passed to the View from the Controller and there are several ways of doing this.
At the most basic level, you can use a small scriptlet such as;
<%= request.getAttribute(“htmlH1”) %>
Which is will output the data contained within the stored attribute named “htmlH1”. So if you wanted to wrap this in a H1 tag then this would look as follows within the JSP;
<h1><%= request.getAttribute(“htmlH1”) %></h1>
Simple and effective. The problem here though is that as your web application scales, particularly on an international level, this isn’t the best approach to take as there can be a variety of differences for different locales such as time and date formatting along with currency formatting etc. So lets look at how best to handle requesting data from the Request object and displaying this within the View JSP through the use of the Java Standard Tag Library, JSTL.
JSTL has been designed to be a more user friendly way of displaying content within the JSP without the need for using scriptlets which should never really be used if possible. With JSTL the tags used will look very similar to any web developer who has been using HTML for a while. They follow the same logic with tags and attributes, the difference being is that JSTL is designed to apply common activities to JSPs such as simple items including displaying some content such as the HTML H1 tag content or something more advanced such as a For or While loop. Below follows on form the basic example given already, with the use of displaying the HTML H1 tag on the page;
Here there are a few things to point out to understand what is happening. Firstly, there are two lines at the top which allow you to use the full power of JSTL which are;
<%@ taglib prefix=”c” uri=”http://java.sun.com/jsp/jstl/core” %>
<%@ taglib uri=”http://java.sun.com/jsp/jstl/functions” prefix=”fn” %>
The first line is for using the Core JSTL functionality, while the second line is to use the JSTL functions for things such as data manipulation. In this example, we’re only going to need the core functionality. So is you notice the section for displaying the HTML H1 tag is as follows;
<h1><c:out value=”${htmlH1}”/></h1>
The <c: prefix in the code above is telling the JSP to use the JSTL Core functionality which was referenced previously in the page. Next this is telling JSTL to display the contents contained within the attribute named “htmlH1” which we set previously in the Controller Servlet. So that when you look at this on the original Login page you just requested then you see this information as you would expect;
Sounds simple, right? Well, yes, it actually is extremely simple to use a Model View Controller MVC design pattern when you think through the structure of your code instead of just jumping in and writing code. The difference being is that when you stop to think about the design pattern that you are using within your web application that you can quite easily make huge improvements both now and in the future. The Model View Controller MVC design patter is just one of many extremely powerful design patterns that you should seriously consider using to make your code easier to create, scale and maintain in the future.
Summary of the Model View Controller MVC Design Pattern
Hopefully this covers the Model View Controller MVC design pattern in enough detail to understand why this is such a powerful design pattern to use when developing your web applications and also looks at the practicalities of implementing such a design pattern. Sure, you will certainly be writing more lines of code to implement such a design pattern although I can guarantee that you will be creating a much more efficient system overall and a system that is easier to scale and maintain in the future.
The key to implementing a great MVC design pattern throughout your web application comes down to planning. You need to be planning this design pattern extremely well and to make sure that your entire development team is working towards the same goals. It is important to discuss these things on a regular basis as this will ensure that everyone is developing code with this design pattern in mind.
by Michael Cropper | Nov 6, 2015 | SEO |
What is the Yoast SEO Plugin
Before we get started, let’s first just look at what the Yoast SEO plugin actually is. This is the leading free plugin available in the WordPress space which is designed to allow you to customise the basic on-site technical SEO items on your website. This helps Google to crawl and index your website easier which in turn can help to increase visibility in the search engines. The Yoast SEO plugin powers over 22,000,000 websites to put its popularity into context. Quite simply, you would never use anything else, Yoast is awesome.
Installing the plugin is one thing. Knowing how to use the Yoast SEO plugin once installed is another. For many newbie webmasters, the Yoast SEO plugin can feel a little daunting at first yet it needn’t be when you know what you’re doing.
One important point to note about Yoast SEO though, and this is a big one, installing the Yoast SEO plugin on your WordPress website does not mean that you have taken care of your SEO. SEO is a little more complex than that… The Yoast SEO plugin simply means that your website isn’t technically bad and is not making life difficult for Google to crawl and understand the basic content on your website. If installing a single plugin on your website meant that you had “done SEO” then everyone would be doing it, right? Exactly. There is a lot more to SEO than just installing a plugin and making the options go green.
The Yoast SEO plugin is great, although it can mislead, not intentionally, newbies to SEO by thinking that if the page traffic light system is green then all is good and you can sleep easy at night. Green simply means that you have at least got the very basics in place. Red means that Google is not going to look too kindly on your website.
Ok, so now we’ve got that caveat out of the way, let’s take a look at how to get the most out of the Yoast SEO plugin and how you can work with this on a day to day basis. This type of work is not something we generally get involved with as it is simply too time consuming and hence costly for businesses. Instead, by us helping you help yourself, we can focus on the strategic side of your digital marketing.
General Settings Page
Your Information Tab
Website Name
The website name settings allow you to inform Google what your website is called. This is generally set to either your brand name as a business or if this is a personal blog, then your own personal name;
Company or Person
Self-explanatory, the company or person details allow you to specify this information to help Google understand who is behind the website. This information is often used to pull in various information from your website into the search results;
Webmaster Tools Tab
If you’re not using Google Webmaster Tools yet, what are you waiting for, get signed up at www.google.com/webmasters/tools/. This free tool will help you to understand how Google is viewing your business website. There are many ways for which you can verify your Google Webmaster Tools account, personally I prefer to use the Google Analytics option although if this is not possible for you then you can always use the meta tag verification option where you can place your code into this box here.
Security Tab
These settings allow authors and editors to redirect posts, noindex them and do other things which you might not want if you don’t trust your authors. Specifically these settings are really only relevant for websites with a large number of authors writing content on the website.
Titles & Metas Page
General Settings tab
You probably don’t need to change anything here so it would be recommended to leave these settings as they are out of the box unless you know what you are doing.
Homepage tab
These settings tell Google how your website should be displayed within their search results pages. It is important to fill this information out accurately so that Google understands what your website is about. It is important to note that you should keep your Meta Title set to around 65 characters and your Meta Description to around the 165 characters limit. Any more than this and your content will be snipped to fit within the standardised listings on Google. In the screenshot below, the Meta Title is the blue bit that you see on Google which is counted as a ranking signal and the Meta Description is the grey bit which is not counted as a ranking signal. This being said the Meta Description can allow you to entice potential customers to click through to your website when they see your listing alongside competitors.
Post Types tab
Unless you are an advanced user and know what you are doing, then you should probably leave these settings as they are by default. Changing settings within here could result in your accidentally telling Google not to include your website in their search results which means that you will not receive any traffic from Google. Which is probably not something that you want to happen. For reference, here are what some of the settings mean;
- Noindex: Ticking this option will tell Google to not include these set of pages within their index. This can be used for certain Post Types which may include low quality content in the eyes of Google or duplicated content. There are valid reasons to use this, although in most cases this should be left unticked.
- Follow: This means that Google will follow the links that are included on this set of pages and pass authority to the pages that are being linked to. Generally speaking, there is no reason why you would ever nofollow any links on your own website.
- Show date in snippet preview: This option provides additional information to Google when they crawl your website which indicates to them when the blog post or page was published. This can be useful for certain Page Types such as blog posts although can be problematic for static content such as ecommerce products or service pages on your website.
Taxonomies tab
As above, it’s probably best you leave these settings as they come for all of the same reasons outlined above in the Post Types section. Taxonomies within WordPress are ways of categorising the content on your website.
Archives tab
As above, it’s probably best you leave these settings as they come. Most business websites do not need to do anything with these settings unless concerned about being penalised for duplicate content.
Other tab
There is very little that really needs customising here for the majority of WordPress websites. If you are thinking about customising any of these settings, it’s best you seek the advice of an expert. To understand some of the phrases listed within these settings, here is what they mean;
- Meta Keywords tag: This is a piece of code that is used within HTML which was originally designed to help to categorise pages by including keywords for what the page is about. Do not bother about this tab, Google and all major search engines completely ignore this information so you will be wasting your time filling this out.
Social Page
Accounts tab
For all of the social media channels you are active on, list your information in here. This helps Google to understand which social channels belong to your business.
Facebook tab
Open Graph tags help Facebook to generate key pieces of information about the page on your website that is being shared on Facebook which is then presented in an ideal way for your audience. For example, when you see an image and title nicely listed on Facebook when you have shared some content, this is due to these tags being used.
For websites with a high number of social shares then it is recommended to implement these settings as this will make any content that is shared on Facebook from your website look better than if this information wasn’t present.
Most of the settings are self-explanatory which helps, the one point which you may not have come across before relates to the Facebook Insights and Admins. Within your Facebook business page, you will have a specific App ID which can be used to input into this section which helps to gather data about content that is shared on Facebook throughout the Facebook network. For example, whenever someone shares content from your website onto Facebook, when this setting is configured then you can see the reach of your content within the Facebook Insights reports which can help to gather data about how your digital strategy is performing and most importantly which pages on your website are most popular on Facebook. This is a more advanced setting, so if you aren’t sure what you are doing here then it is best to seek the advice of an expert.
Twitter tab
The Twitter Cards tags do essentially the same thing as the Facebook Open Graph tags. They are designed to help Twitter understand what the content is about on the page that is being shared which can then be automatically used for generating the social media update and making this look good. Again, configure these settings accordingly if your website has a good amount of social shares.
Pinterest tab
This information is self-explanatory, configure these settings if you have a Pinterest account. Pinterest also uses the Open Graph tags which Facebook uses, so if you configure this information, make sure your setting within the Facebook tab are also configured correctly.
Google+ tab
This information again is self-explanatory, so configure the settings accordingly if your business is active on Google+, while it is still around.
XML Sitemaps page
An XML Sitemap is designed to help Google understand what content is on your website and easily identify all of the pages that they should be aware of. XML is a structured format which allows Google to understand specific information that relates to a specific page on your website. For example, some of this information includes the date the page was last changed which can help inform Google if they should re-crawl that specific page or not.
XML Sitemaps are essential for websites and it is important that your website has an automatically updating XML Sitemap so that whenever you make a change on your website then this is automatically reflected in your sitemap. Thankfully, WordPress handles this all automatically for you. For non-WordPress websites, there are free services such as Simple Sitemap Generator which allow you to quickly create a temporary XML sitemap while you work on building a more robust system and framework for your website to update all of this dynamically.
For the average business, you probably don’t need to configure any settings within here. Just make sure that you submit your XML Sitemap to Google via Google Webmaster Tools so that Google is aware of all of your content. There is a link provided to your sitemap for ease which is likely to sit at www.example.com/sitemap_index.xml
Advanced page
Breadcrumbs
The breadcrumbs settings within the Yoast SEO plugin is a little more advanced and requires a developer to set this up correctly. When this setting is turned on, and it is generally recommended that breadcrumbs are used as this helps massively with SEO, then you need to configure some PHP code and add a snippet to your WordPress theme. If this is a little beyond your level of expertise, then speak to an expert who can implement this for you.
Permalinks
Permalinks in WordPress are the URLs such as www.example.com/product-x/ for example. There are a lot of different types of permalinks throughout WordPress which are designed to show different content on your website.
RSS
Your RSS feed for your website can generally be found at www.example.com/feed which lists all of the recent blog posts on your website. This is useful for other systems to be able to pull in the content from your website onto theirs if needed.
For most users, customising the RSS feed is something that likely isn’t relevant as the default settings within Yoast SEO are more than sufficient.
Tools Page
There are a couple of handy tools within Yoast SEO, primarily the Bulk Editor and the File Editor. The Bulk Editor tool allows you to quickly change the meta titles and meta descriptions on your website in bulk without needing to go into each page to edit these individually.
The File Editor tool allows you to change important files such as your .htaccess file and robots.txt file from within the WordPress interface. These are for more advanced users, so if you aren’t sure what to do with these, then don’t use them and seek the advice of an expert.
Page SEO Settings
In addition to the default settings within Yoast SEO there are additional page and blog post specific settings which need checking over once you publish any page or blog post on your website. This information allows you to target specific keywords that are of interest for each of the individual pages on your website. It is important to note that these settings are the very basics to SEO, and simply turning these settings green does not mean that you now have a successful SEO strategy in place that is going to work for your business.
For the general settings tab on your new blog post or page, this allows you to focus on making sure the keywords you are targeting are within the key elements on the page. To do this, enter in the main keyword within your Focus Keyword settings tab then look to make sure that everything at least includes this target keyword as outlined on the page.
The next tab allows you to go into a bit more depth to make sure the content on the page is targeting this main keyword. The Page Analysis tab allows you to go into more detail to make sure the content you are producing is as good as it can be, with tips provided throughout;
Again, it is important to note that this is simply a guide for what can be produced and should not be seen as a strict rule to follow. Use your intuition here to avoid overly focusing on SEO when you should be focusing on the user experience instead.
The Advanced settings tab on the page should not be touched unless you know what you are doing. These settings can quite easily tell Google to not crawl and index the new content that you have just creased which you probably don’t want to accidentally trigger.
Summary of Yoast SEO for WordPress
In summary, it is important to configure all of the settings within Yoast SEO which are relevant for your business. There are no one set of rules that apply to every single website as this can vary hugely from website to website. As such, review which settings are most appropriate to use for your own website and do not change any settings unless you are confident that you know what you are doing.
The settings and configuration options within Yoast SEO are the real basics for SEO. Implementing all of these basic settings is going to allow Google to at least understand the content on your website currently. The next step for SEO, and the work that is going to generate you some real results is focused around content marketing and promotion which is a much bigger topic to cover.
As always, if there are any questions specific to your business where you could use a bit of advice on the topic then get in touch and we’ll be happy to guide you through the process and show you where improvements can be made.
by Michael Cropper | Oct 24, 2015 | Developer |
WordPress is great, right. It can do wonderful things, makes life easy for so many businesses and is our preferred choice for many business websites. This being said, because WordPress has been designed to work across almost every server configuration you can imagine, there are a lot of hacks in place which aren’t the most efficient way of doing things. WP_Cron() is one of these tasks. That’s why we have taken a look at this in a bit more details to see how we can improve the performance of our server by optimising core WordPress code across all websites we host. Before we jump into the finer details, let’s just look at what a Cron Job is, what is the WordPress Cron Job equivalent and how it works. Then we can look at how to improve server performance based on this understanding and hard data.
What is a Cron Job
A Cron Job is best understood to be a command that is executed at a certain point of time on a regular basis. For example, execute command on Every Friday at 5pm, or Every Month on the 3rd Day of the Month. A Cron Job is designed to automate functionality meaning that you don’t have to manually trigger something to happen. Cron Jobs are run from your Linux web server and have no relation to WordPress unless the command that is being run is designed to point at a WordPress file. For the purposes of this blog post, that basic understanding will suffice.
What is the WP_Cron
As mentioned previously, WordPress is designed to be able to run regardless of the finer details of the server settings in the background. What this means is that WordPress cannot and does not rely on the Linux Cron Job on the server to automate tasks as there is no guarantee that this will be available. Instead, WordPress has it’s very own version of a Cron Job which is a function confusingly named WP_Cron(). This has no relation to an actual Cron Job and is actually extremely inefficient in comparison. This function sits within the wp-cron.php file.
As Cron Job type functionality, such as that contained within the WP_Cron() function, can take a while to run this is actually run as a separate process in the background meaning that the user does not have to wait until the WP_Cron() finishes doing its jobs before loading the page for the user. This sounds great in theory, although when you realise that a single visit to your homepage is actually starting an additional process running in the background which is eating up precious server resources this nice functionality soon starts to get a bit annoying. In simple terms, think of this setup as the equivalent of how you would feel if every time you got into your car to drive to work that you also then had to drive a further 100 miles and back just because that was what was required. Seems pointless and a little over the top, right? Well, it is.
How does the WP_Cron work
So just how does the WP_Cron() actually work then. Well it has to be run in a fool proof way and the only way to do this is to be extremely verbose and err on the side of over enthusiasm rather than risk the WP_Cron() not actually running at all. As such, the WP_Cron() function is called whenever someone visits your website.
For small websites that get a low amount of traffic, this means that when someone visits the website, the WP_Cron() is run in a separate process in the background to check through if anything else needs to be done. These checks include things like turning scheduled blog posts into live blog posts, checking for theme updates, checking for plugin updates, multiple calls to third party websites along with any additional jobs that plugins have added to the list of things to do when WP_Cron() is called through the use of hooks, actions and filters. For small websites with not a great deal of traffic, this isn’t actually too bad although can result in a situation whereby the scheduled blog post you wanted to go live didn’t actually go live when you wanted it to because no-one visited your website.
For larger websites that get a lot of traffic and multiple concurrent users, this is a problem. Larger websites which are receiving 1 visitor per minute or even multiple visits per second, this process just gets silly. With endless checks for the same information again and again and again and again all straight after each other is just pointless and unnecessarily wastes server resources causing other problems. It’s the equivalent in the work place for when writing a report and after every sentence going to check your emails, complete all of the actions within those emails and then you can get back to writing your report. You’d be wasting so much time going through this process that you would probably never get the report completed.
So now we understand how the WP_Cron() function works, why and when it is called we can look at a more efficient method of running automated tasks. And this solution is to actually turn off the WP_Cron() functionality from running every time a user visits your website.
Disabling the WordPress Cron Job
This is actually extremely simple. While there are many plugins available to do the job, we would always recommend adding the following command to your wp-config.php file as this is the most efficient way to do this;
/* Disable WP Cron Running for Every Website Visit */
define(‘DISABLE_WP_CRON’, true);
In addition to this, we’d also recommend implementing the WP-Cron Control plugin which is designed to only allow the wp-cron.php file to actually run if there is a unique query string appended to the end. This is hugely important, since denial of service related attacks often target resource hungry processes and files such as the WordPress Cron file. When utilising this plugin in addition to the above, you will have the settings required for the next step below.
This will disable the WordPress Cron from running every time your website gets a new visitor. Now this is done, you need a way to actually run the WordPress Cron Job as you need this functionality to work for a variety of features on your website. As such, you’ll need to set up a Cron Job on your server. It you’re on Linux with cPanel, this is extremely simple to do with a command which is going to be specific to your individual server settings. That being said, not all web hosts are equal and some web hosts will actually have disabled this feature, so you’ll have to speak with your web hosting company for specific details about your own website.
Ok, so assuming that you’ve set up a separate Cron Job on your server now, great. You have now optimised the workflow of your WordPress website without breaking core functionality.
Results We Saw
We’re a big believer in tracking performance improvements for everything we do which is why we use a range of reporting technologies to enable us to do this. We disabled the WordPress Cron functionality around 12am on October 17th, midnight, on the majority of websites on one of our servers. The data is clear. I/O wait virtually went down to zero, which can be seen in multiple graphs. User CPU usages significantly decreased. All in all, CPU usage down from around 19% to around 9%. Seriously awesome results. The variety of graphs below are from two of the key tools we use, New Relic and Munin. The performance improvements are as a direct result of the number of processes running in the background being significantly reduced as the WordPress Cron isn’t being called every time someone accesses the website. Instead, this is now being controlled at the server level which allows us to schedule these tasks in at times when server load is unlikely to be high, such as in the middle of the night.
by Michael Cropper | Oct 24, 2015 | Developer |
Technical post for those who are looking for this information. If you’ve come across this blog post, then you probably know what this is and are just looking for a quick solution to the problem, so below is what worked for us. We needed PHP mbstring installing on the server, specifically related to a WPML (WordPress MultiLingual) setup we had in place which required this setting to work. So we needed to rebuild the default Apache & PHP settings accordingly. For reference and in case this relates to anyone else, this is the error message we were receiving which required this specific update;
Warning: filter_input(): charset `ANSI_X3.4-1968′ not supported, assuming utf-8 in /wp-content/plugins/sitepress-multilingual-cms/inc/not-compatible-plugins.php on line 32
Step 1: Login to WHM
I’m assuming you know how to do this…
Step 2: Navigate to EasyApache
Fairly straight forward;
Step 3: Edit the Default Profile
Click on the gear icon;
Step 4: Follow the list of Settings
Work through the list of settings clicking on “Next” until you reach the “Exhaustive Options List”. Within here you will find an option for “PHP Mbstring” which can be selected to be turned on;
Step 5: Save & Build
One you have worked through the above settings your web server will run through the whole build process and eventually complete as can be seen below;
Note
As with any web server changes, make sure you have a backup before working through this. It goes without saying, but never the less, every web server is different so please make sure you understand what you are doing before jumping in with these types of changes.
