Island Web Works

We’ve blogged before about how you know whether to trust a web-form. We highlighted that sites capture personal information and often ask you for a username, email address and/or a password. The odds are that you will use the same password on the site as you have on many other sites. Everyone does it, right?

Once you have registered with the site, after convincing yourself of a certain level of trust in the site owner, you might not think that even if the infrastructure of the site is sufficiently secure that no-one could ever hack in to your personal data, that the site would then broadcast – in plain text – your username and password. That would be crazy!

This is what recently happened to me. While using a leading retailer’s online presence, I was sent a “courtesy” email containing my username and password.

But if they emailed you the details, that’s private, surely? Not at all. If someone knows enough about you they may have a good attempt to hack your email password and they then know an awful lot more than a few passwords. Equally, I often have to explain to people that email is not like a telephone conversation. Your emails get passed, bounced, redirected and filtered through any number of servers before it gets to the recipient’s inbox and it is all in plain text. Every one of those servers (and there is no policing of what servers may be allowed to route across the internet) can take a copy of your email. The recipient’s machine may already be compromised by malicious code such as viruses, harvesting personal data and transmitting it “back to base”.

So what’s the answer?

The User’s responsibility

It’s easy to say you should have different passwords for different web-sites. I’m betting you wouldn’t be able to name all the web-sites you registered with in the last month, let alone remember the unique passwords you applied to each of them!

There are options available, though. You could create a tiered list of passwords. High-security passwords for your email (distinct from your banking), moving down to weaker and easier to remember/relate for less important/trusted sites such as forums, etc. It would certainly be a good idea to keep separate passwords for your email, banking and any sites that store your credit card information. Maybe another password for your social media life (Facebook, Twitter, etc.) and “throwaway” passwords for other sites which you may not even return to.

Another option is to use a tool such as KeePass or LastPass. These securely store your password either locally on your machine in a heavily encrypted file or on the cloud, so you can access your passwords anywhere. KeePass is particularly useful when working with particularly secure passwords such as server login details as you can add multi-factor authentication (eg. a USB key). LastPass is more orientated around the web-user, providing browser extensions that help retain form information including passwords. This allows you to generate unique passwords as you need, or at least manage a larger number of passwords that you use infrequently.

The Web-site’s responsibility

The web-site’s responsibility is two-fold. First, it must store your password securely, second it must not compromise that password.

Storing your password securely ideally means generating a one-way hash from it. Your password is taken (over a secure HTTPS connection, of course) and put through a mathematical algorithm which produces a seemingly random sequence of bytes. So a password “LetMeIn” becomes “bc9d9cb353c87531f61d6f21d5cc072e”. What’s important is that this method is different from encryption because it is not feasibly possibly to reverse the output sequence of bytes back to the original password. Your imaginative password remains secure! However, depending on the algorithm used, this is not without its problems. The possibility of collisions (multiple passwords generating the same hash) and ability to authenticate using a hash (meaning you only need the hash, not the original password) can pose problems for site owners. It’s up to them how they work with these risks, if they are deemed sufficiently important. Some sites may use encryption, but encryption is reversible and all you need are the keys. There should be no reason why a site would need to know the original password.

While a web-site may be hosted in secure data-centres, with ISO certification, behind firewalls, PCI policies and the like, these measures are rendered useless if your password is compromised. Unfortunately, this happens a lot in sites, as we have seen above. Many sites send your details out in an email, which may be hacked into or “wire-tapped” by an intermediate server or process. (Paradoxically, it is actually more secure to display your password back to you on the screen over an SSL connection than to send it in an email. The downside for the site owner is that this often requires a lot more effort.)

As the site owner doesn’t “know” your original password, actions such as emailing you your forgotten password become impossible. This is why sites send you “activation links”, which have time limits. You request your password using known information (essentially publicly available) such as your email address, which is used to send a unique code that may be clicked on for you to enter a new password. This is protected by your email password (you need access to your email to click the link), is often time-sensitive (the link will only work for an hour or so) and when using SSL is encrypted. This is always the method Island Web Works recommends our clients to use.

Remember, it only takes one compromise in security to trash a brand.

admin Articles, Web Site Development

We have been reluctantly quiet on the blogging front over the last couple of months, and it’s not for want of talking about what we are doing and how we enjoy working with our clients on projects. The problem about being busy is that you are not able to find the time to blog about being busy and the benefits that brings to projects both active and future. We are a small team and as such our service is personal. We invest a lot of time in our client relationships and we can see that this has positive effects on both our clients’ and our business. Blogging is in addition to this relationship building but no less important.

Thinking about the size of our company, I was reminded of how other businesses find time to blog on a regular basis, work on the latest in technologies and maintain their customer relationships and investment in projects. This can be a challenging proposition, and it has a lot to do with how large the company is and how the cost of that time is passed on to the customer.

I had cause to go across to the UK last weekend and I was able to meet with former colleagues. Former colleagues that work within the same industry sector as ourselves and have essentially developed their careers alongside, though independently of, mine. What was interesting was how the size of the company plays a large part in the ability of the company to blog and work on projects that may not have a direct financial benefit to the company.

Through our discussions, it was clear that we represented businesses of a small, medium and large nature. The larger multi-national company was able to work on technologies such as Java that have a greater impedance in terms of speed of development, but had the staff to support these changes and development of internal procedures and software. The other two smaller companies were clear in their commitment to using Microsoft technologies due to the speed of development that they provide, resulting in a lower cost to the client. The relationship between project cost and project price is clearly more closely aligned within the smaller development company.

What was clear that each one of us, regardless of size of business, was excited and motivated by the possibilities the technologies we employed offered us. While this had the negative effect of boring the non-technical people with us, it is clear that the industry moves fast and it is every company’s responsibility to keep up with the latest developments and technologies and to achieve this requires employing enthusiastic developers. Though this enthusiasm often “leaks” into our social circles reducing our ability to adequately hold a conversation in everyday life (!), it is clear in the work we produce and writing around the subjects we work in that our businesses are committed to providing a great product for clients. How the business gets there depends on size to a large extent, but this in no way affects the quality of the result.

While it would be nice to have departments we can allocate to certain projects, or individuals charged with solely developing internal processes and software that the client will never see in a bid to improve efficiencies, the reality of most businesses is that project cost directly influences project price. As such the client must be respected insofar as they should not be expected to absorb this cost. At Island Web Works, we have put various systems in place including a support-ticket system, structured automated testing programmes and a continuous improvement process with regards our code, documentation and client contact. These improvements go alongside our existing work and as such directly influence the result in a positive manner but at minimal cost.

Bringing together people within the team who are individually motivated within their area (customer relations, design and programming) we can each bring the very best of our areas to the table. My own contribution has been of formalising procedures, improving quality assurance and introducing appropriate technologies into the business’ portfolio of skills. These have come from my own enthusiasm for these areas both within and without the working day. Our lead designer Andreas can put life in the most dry of topics and as a comprehensive portfolio of work. Finally, our managing director brings a passion for working with individuals within companies rather than faceless users behind a series of board meetings.

It is clear that while size can matter, the enthusiasm for the employees within a software business is the key to successful project delivery for clients. Island Web Works may not have the assets of larger multi-national software consultancies, but we have just as much enthusiasm and are all the more agile in responding to requirements of us. From the excitement of having the initial whiteboard sessions within the office to delivering the final product, pride and commitment remains a constant.

Nathan Articles Java, Microsoft

Cards on the table, I [personally] am not an Apple fan. That is not to say they haven’t had some amazing success with their iPhone/iPad products. The smart-phone market really needed that charismatic device to give it a boost and Apple seem to have achieved this very well.

Smart-phones are phones that try to provide much of the functionality your laptop or desktop does, but in a mobile footprint. With features such as emailing on the go, synchronising with your desk-bound computer’s contacts or playing games for time-suckage they were very definitely a niche market for power-users and geeky-types. They were never really easy to use, and industry politics fragmented the market just as much as they did with the browser wars of the 90’s. If you were a Microsoft user, you’d use Windows Mobile, if you were in Europe, you’d remain loyal to Nokia and if you were a business user, you’d use BlackBerry.

Apart from the trickiness in setting up their internet with your network provider, internet access was difficult. Browsing web-sites on mobile devices was not a very enjoyable experience. Web site developers didn’t think (or care) that people would access their site on a mobile device, with a 3inch screen, so didn’t put the thought into how their site should behave. What resulted is a mess for both the web-site and web-browser. The web-browser would try to accommodate the developer’s shortcomings and try to make sites work, often by mimicking a desktop browser interface. Zooming pages down, resizing pages, etc. were some of the techniques which, in my opinion, were wrongly used to fix what was essentially a problem of the web developer. In much the same way, Internet Explorer can often be a horrendous development experience because of the little “fixes” added to the browser to overcome deficiencies in the web-site mark-up.

Since the Apple iPhone, web-sites have started to do things how they should be done … properly. When developing a site, some consideration should be made for alternative platforms (mobile phone, tablet, projection, television) and sites are approaching this using one of two techniques:

• Developing their site according to web standards and mobile-aware stylesheets. Therefore, a mobile user sees the same site as a desktop user, but with an optimised layout. This is the preferred method.
• Developing a specific web-site for the mobile interface. This essentially doubles the work, but can result in a more optimised experience though confusion between two essentially different web URLs may result. This is a method employed by the BBC, Twitter and Facebook, all complex sites so reducing the “noise” (and therefore data charges).

The down-side of the Apple iPhone/iPad/i* model is the concept of the “app”. An App is an application that fulfils a discrete function, and tends to be small, cheap and easy to install for the user. Brilliant idea.

This is where I must be missing the point.

Apps are essentially proprietary. If you have an Apple device, you can only use apps on the Apple app-store. If you have an Android, you can’t access the apps on the Apple app-store, due only to the developer’s decision - which may be due to resource, device accessibility, preference or ability. The user suffers. A web-page (maybe an “HTML5 app“) is accessible by all.

Apps are difficult to update. If an app is released and a security hole is identified, or a bug found that requires urgent attention, it becomes difficult to “push” that update out to the users. The app becomes subject to the politics and workflow associated with its respective store. In the case of the Apple App store, updates are particularly difficult to deploy, even for minor fixes. Issuing a fix on a web-page is done exactly once and is visible to all instantly. Users suffer with bugs.

Apps require wider skill-sets. Developing apps requires a programmer able to access the development skills and resources of the target device. For Apple, it’s Objective-C, for Windows Phone, Silverlight and .NET, for Android it’s Java. These tools are essentially free, but for how long and how much did it cost to train up that programmer? Users suffer if the developer isn’t completely “clued-up”, businesses have to pay for same functionality many times.

Apps are political. The politics behind the respective app-store for the device will ultimately define your user experience, the delivery of your app and your ability to effectively support your users. Politics and the freedom app-stores create for developers range from the “open” Android store to the dictatorial Apple store. “Thou shalt not use any environment other than Objective-C” meaning iPhones can’t access Flash or Silverlight content. (Though Apple are not alone in this restriction.) Users suffer due to missing content. Income streams may be wiped out, overnight.

Many apps require internet access for functionality to be available, and there are many examples of this. The BBC iPhone/iPad app - isn’t that just sucking in an RSS feed? Facebook for iPhone - again, just using an internet data-source and rendering content? There is surely no need for these apps? Why isn’t a web-page sufficient, particularly as both sites have dedicated mobile sites. The only reason why I would imagine that they would need an “app” would be for offline access, a “cache content and look later” model - but HTML5 defines a standard for local file storage which is implemented on iPhone which would achieve this.

Perhaps the app offers an improved user experience using the native user-interface API, but that itself is not a strong enough reason. If the user is browsing using an iPhone, use an iPhone skinned CSS stylesheet, likewise for Windows Phone, etc. If it’s accessibility of the web-site that’s the issue, the phone OS should allow bookmarks of sites to become first-class citizens within the OS user experience. Windows Phone 7 does this excellently with pinnable “tiles” representing bookmarked sites on the Start screen. Thumbnails instantly identify the purpose of the site.

For me, the only reason an application should be developed is if the functionality is not available within a web browser. And that would be access to local resources or OS features. The Facebook for BlackBerry application integrates with the phone’s Contacts application to allow access to Facebook profiles, for example. This would clearly not be possible from within a web-browser but offers a seamless user experience. Facebook for Windows Phone 7 is similarly a first-class citizen within the phone itself, though not via an “app”.

So what explains this tendency for every site to reproduce identical functionality and content to the original web-site? I can only think that “sex sells”. The “there’s an App for that” model is seen to be sexy, cool and easy to use. Few companies are as guilty of over-marketing the banal and simple as Apple, and they have achieved it right here. They have developed an eco-system, a culture and a platform that stifles innovation, widens the gap between the developer and the user and acts anti-competitively towards key rivals. I remember another company getting its hands very publicly slapped for similar practices, but Microsoft just weren’t “sexy” enough.

Nathan Articles Android, Apple, iPad, iPhone, User Experience (UX), Windows Phone 7

Nathan prompted me today to blog about something, truth is I have been so enjoying blogging about various walks on the Isle of Man that I forgot I also had to blog about work. Anyway, we have been a little quiet on the blogging front recently partly due to the fact it was the holiday ’silly season’ but also because we have been rather pre-occupied with several internal projects.

We have recently developed an all new Social CMS software called Connexions - this will form the core of two significant client web developments that we are about to roll out as well as our own re-branded web presence - due to be launched in the next few days.

Part of the web site re-launch will entail splitting the Web side of our business from the ‘Business Intelligence’ side.

Unfortunately, the success of the Island Web Works brand is stymieing the Business Intelligence side of our business as many people associate this with ‘Web Marketing’ and ‘Google Analytics’ etc., and not the wider aspects of business automation and customer relationship management that help re-enable efficient business processes through effective use of workflow and IT. Where appropriate, we can provide bespoke software development as well as our own award winning CRM software.

As a team we have been together for nearly a decade. At the outset we were almost exclusively focused on web site design; however, over the past few years the ‘Business Intelligence’ side of our business has developed so significantly, we recognised a separate brand was necessary to reflect this part of our business.

Charles Articles

MICTA is looking to become the representative body and collaboration forum for the Isle of Man ICT (Information and Communication Technologies) industry.

Specifically to:

1. Be an inclusive and accessible association attracting the membership of the majority of organisations in the Manx ICT Industry
2. Represent and promote the Manx ICT Industry to: Isle of Man Government, Isle of Man Commerce and Export Markets
3. Arrange ICT Industry networking events
4. Organise ICT Industry exhibitions
5. Foster and nurture appropriate collaboration and cooperation within the industry
6. Increase on-island ICT business retention
7. Increase off-island business (exports)

NEXT WEDNESDAY 28th JULY at 6pm, there is a formative meeting being held at the Claremont Hotel - Sanderson Suite. Light refreshments will be provided. There will be a small £6 admission fee to cover the cost of room hire and refreshments.

Sometimes someone has an idea that should be supported - hopefully if you are involved in the IT industry on the island, provide services that include IT products and or services, software or hardware, then you will be there.

Initial support appears to be very strong, the more attendees the better.

Further information is on www.micta.im

Charles Articles, Events Event, MICTA

The Apple iPhone and latest offering the iPad have been slated by many ‘technical types’ as lacking connectivity and stymied by the need to use the iStore to download apps etc., however, I am beginning to realise that they have not only got it right, but will start an explosion of this type of self contained device in the coming years. My reasoning behind this is simple - a lack of (or desire of) understanding.

For an ageing demographic with money to spend and a desire to connect with the world at large - modern technology aka the P.C. is simply too complex.

When I started in IT in 1988 we had DOS, followed by Windows 2, 3, 3.1, 3x,  95, 98, millenium edition, 2000, XP, Vista and now Windows 7 (which I love), roughly 14+ Microsoft versions of OS not to mention the plethora of alternatives from IBM and the like. Add to that the various versions of word processing software etc.,  from Lotus, Microsoft, and the rest -  and you can see a very worrying trend. The software - or rather the seemingly infinite choice of software is overwhelming - even for “IT professionals”.

I had to test a client’s web site security recently - with their approval of course, however, in my search for a suitable program I found myself downloading software from an unknown/un-trusted source. The amount of time I spent following this exercise - just to ensure my PC was ‘clean’ was significant… and I am supposed to know what I am doing. The threats I was checking for are everyday threats faced by the masses. WHY? - because the modern PC allows you to download and install whatever you want to! Which is why (I think) Apple are ahead of the curve.

Think about it - the average user just wants to do whatever they want to do - surf the web, email friends, share photo’s etc. Wouldn’t it be great to know that no matter what you download - it cannot harm your ‘device’.  By building devices that are restrictive - i.e. you cannot install any old software on them, also means they are secure – e.g. neither can anyone else.

Prescribing software you have access to may limit choice, however, would the demographic these devices target really care? I think not, all many of us want is simplicity and peace of mind. Would they pay ‘over the odds’ for this – apparently so, and indeed they are doing, American sales in May for the iPad exceeded the 2 million mark – and demand in Europe is expected to reach similar proportions. This I think mark’s the start of a massive shift in the way we buy technology; little black boxes that do fewer things but provide peace of mind! It is starting to sound good to me.

Charles Articles Apple

There are never-ending arguments raging in our offices regarding the potential future in the field of technology.  One of us might state that Apple is on it’s way out, or that cars will be auto-piloted in a few years.  This immediately triggers the other colleagues to retort in the strongest possible manner.

To settle these arguments once and for all we got the idea to publish our predictions for the technological future in a blog post, allowing you to comment and perhaps ultimately decide which version is the most plausible.

	Nathan’s predictions	Charles’ predictions	Andreas’ predictions
	Battery powered electric cars competing with regular cars with similar price/performance. (Con/Lib Transport policy will implement national charging network, Jet engine for Electric cars) Microsoft buys Yahoo outright after share price slump Apple lose market shares in mobile market to Google who will have bought HTC and terminated their Windows Mobile development	Price and performance of battery powered electric cars will be similar to regular cars Governments will legislate to limit performance of petrol cars.	Fuel cell electric cars competing with regular cars with similar price/performance Microsoft Bing disappears as a search engine Satellite phone functionality integrated into most mobile phones Electronic glasses available for mobile phones and netbooks which will project a 3D virtual screen
	Fuel cell electric cars competing with regular cars with similar price/performance Self-modifying line of business applications that adapt to usage in real-time	Holographic television becomes available There will be another World War probably over oil and gas resources	Petrol stations no longer allowed to sell petrol or diesel fuels Battery powered electric cars cease to exist Auto-piloted cars available NASA’s space program terminated permanently Batteries replaced by nano-engines
	Organic chips replace silicon computing chips “Table-top” fusion personal power plants available	Depends who wins!	Illegal to drive cars manually without a (very expensive) professional licence Hot fusion replace fission nuclear plants Quantum/light computer chips appears on the market

So there you have it.  The future according to Island Web Works.  Which version do you think is most likely to be correct?  Or perhaps you have your own predictions?  Let us know!

Andreas Articles Technology, The future

We made a conscious decision  about 3 years ago to re-focus on productivity solutions based around our own CRM software. Over the past 18 months or so we have also found ourselves developing bespoke solutions that operate standalone (i.e. do not require our CRM software to function). These solutions range from automating manual processes, through to the complete re-write  of legacy systems based on Excel spreadsheets or Access databases.

Events over the past year have highlighted how important innovation is to the health of the major economies. It will be interesting to see how many businesses take the oportunity to replace or even review their business processes in 2010. With worries about inflation surfacing and the associated pressure on wage settlements those that do will invariably be in a stronger position to capitalise on any upturn in business confidence later this year.

Charles Articles

Happy New Year!  I know February is approaching quickly, however, it is often the thought that counts.

Now that 2010 is upon us, Mergers & Acquisitions (M&A) and bankers bonuses are re-appearing, and there is talk of ‘growth’, does that mean that we can cast aside the lessons of yesterday and throw caution to the wind?… I suspect not. Business will continue to be hard won, service will continue to be of paramount importance, and clients will continue to seek value for money.

Optimism is returning, over the past few months we have noticed that larger projects are returning to the table, but the same projects need to be cost justified.

The internet continues to play an important part, the more people search for value, the  more you need to be extolling the value of your products and services. Like it or not, the web is the preferred research mechanism for many. Social media, whilst I personally avoid it, is gaining ground, with the ‘youth’ market and many businesses adopting it wholesale. Like most technology there is both an upside and downside, however, it is undoubtedly a technology that is here for a while yet.

If you haven’t already done so, I suggest it is worth reviewing your web site content, keeping contact information up to date, review the services offered and make sure you have a recent news item (or blog posting) to impress upon visitors that you are still here!

Charles Articles

Nathan  forwarded me a link recently extolling the fact that CRM is dead, long live CEM:

Whilst I don’t disagree with some of the points made in the article, I do feel that this type of argument requires you to take a ‘position’. Citing quotations such as:

“Do I have a relationship with 17 million people? I don’t think I do.
Do I interact with 17 million people? You bet.”
Jim VonDerheide, vice president, CRM Strategies, for Hilton Hotels

..to my mind completely overlooks the fact that for most small medium sized operations, CRM is actually about the business process, and getting things done ‘back-office’ in the most cost and time efficient manner thereby providing the client with an efficient and cost effective service.

It is obviously important for a business to present itself professionally and value its clients, however, let’s not lose sight of what business is about - singularly that is profit, profit pays salaries, rent, and every other incidental that needs to be paid for, lose sight of this at your peril.

Charles Articles CRM