Software Development

Efiling – Web Based Company Formation Software

Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies 

Summary

Efiling is an award winning online company formations software product that was originally developed by dotUK and had undertaken a number or significant revisions and expansions in the lifetime of the product

Technical

Client Efiling Ltd – Online Company Formations Software

Platforms Web, Web Services, Kashflow, XML Gateway

Technologies PHP, CSS, JQuery, Javascript, MySQL, REST API, JSON, Kashflow, SOAP, XML, Python

Development Web Development, Web Services Integration, Kashflow Integration, Companies House Integration

Case Study

The Efiling Web Based Companies House Software product was initially conceived with the core functional requirements of offering a web based medium through which instruction to the Companies House Gateway could be sent, on receipt of which the gateway would act upon those instructions. Examples of commands which could be instructed include;

  • Formation of a UK Company (Eg Ltd, Plc etc)
  • Add / Modify / Resign a Director
  • Add / Modify / Resign a Company Secretary
  • Articles of Association & Memorandum
  • Change Registered Office

Version 1 of the software, developed exclusively by dotUK was utilising the Companies House Email Gateway, this protocol mean that instructions were issued by embedding commands in the email message subject and the payload (data fields, attachments etc) were embedded in properly formatted email message body. Responses from the Gateway were equally sent via email to a dedicated mailbox which was polled and monitored at the Efiling end.

Efiling is a multi tenanted system, which means the core platform is used by a near unlimited number of brand owners / companies withcompany formation needs. To function in this way data security and segregation is paramount as under no circumstances can data ‘leak’ between tenants on the system, and we built robust practices and data references into place to ensure this never happened. It also added significantly to the complexity of the system as we then had to manage website templates, company names, Companies House account details, email addresses and domains to manage, in essence near every variable in the system had to be configurable on a per tenant basis.

Billing for orders was another challenge to be managed, end user payments were taken by credit card on order, however brand owners were split between pre-pay (An account with a preloaded positive balance of funds) and credit accounts (Accounts with a preset maximum negative balance according to their credit limit), so we built a complex accounting structure that allowed for both charging models, and of course all associated reporting, statements, and invoicing required. Pricing levels (Both to Efiling, and charged by tenants to their clients) was also configurable and changeable on demand.

As the product matured additional features were added, which included expanding the standard statutory Companies House product offerings to allow tenants to offer bespoke, bundled packages, which included their own value add services (eg Company Secretarial, Mail Room services, offline products such as bound articles, hard copies of certificates etc). These were managed on a per tenant basis so significant upgrades to the tenant administration tools were made, and also to Efiling’s own system administration tools which sat above the tenants as an overview.

Soon Companies House began the process of decommissioning the email gateway service, which worked well, but was limited in terms of speed of service due to the delays faced in email delivery, and introduced a new XML based gateway. This gateway is in essence a secure web service that listens real time for commands sent direct over https (secure web traffic) and using documented (mostly!) XML documents as the payload. The benefits this service offered were that responses to instruction delivery were often available instantly, and it allowed us the option to ‘poll’ the gateway periodically for updates as opposed to wait for an email to arrive. It also increased reliability as we were communicating direct with the gateway as opposed to the round robin route email can on occasion take. dotUK were heavily involved in this transition, and the opportunity was taken to significantly improve other areas of the system such as document generation and storage.

Unfortunately it became apparent as the project progressed that some areas of the new gateway functionality were incomplete, undocumented, or not tested which meant we were frustrated in our ability to communicate progress to the client. However we took steps to optimise our time as efficiently as possible and made sure that we managed the project fully, this included taking responsibility for liaising with Companies House direct (who’s hands were tied by their own third party development team) and on occasion direct with the gateway developers themselves. Ultimately we were able to build and conclude testing of instructions in parallel with Companies House as we moved towards the deadline for switch off of the old email service. This was a regulatory deadline and was immovable.

Since then we have also been involved in other third party integrations, such as feeding bank account application into the Barclays Business accounts service (again an XML based gateway) and integration with the Kashflow web based accounts software using their SOAP based API. The advantages of using Kashflow were that it meant tenant accounting transactions were ultimately delivered direct into their accounts package, new customers automatically created, invoices and credits posted, thus automating tenant admin processes, actually reducing the amount of functionality required within the Efiling Back End, and actually adding significant value to the proposition.

For more information about Efiling, or to enquire about licensing their web based company formation software technologies please visit www.efiling.co.uk

H Jarvis Web Based Support Software and Customer Portal

Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies

Summary

H Jarvis, a North East and Marske based Quality Windows and Doors manufacturer head a need to improve upon existing quality control and customer support processes, increase efficiencies in service engineer response, and to allow end users to self service their own support cases

Technical

Client H Jarvis – North East based window fabricator

Platforms Web, Web Services, Outlook Calendar Sync

Technologies PHP, CSS, JQuery, Javascript, MySQL, REST API, iCal / Webcal, JSON

Development Web Development, Web Services Integration

Case Study

H Jarvis are a multi site company with bases of operation in Marske (North East England) and Blantyre (Scotland), and had an existing interconnected IT infrastructure linking the two sites. With that in mind it made sense to build a Web Based Software Solution, in this case utilising dotUK’s own bespoke web services framework.

This framework, built for purpose, is built upon a PHP, MySQL REST based API framework that allows seamless, consistent, and secure data exchange from the hosted API hub and the end client’s browser. Again utilising PHP and JQuery in the web client we were able to offer an improved experience to the end user, without the traditional stop, start, or click and wait frustrations of traditional web software. Functionality wise have built a central support system for all sites which registers and manages all currently active customer support cases, with SLA support and comprehensive management reporting. In addition to case reporting the system also offers manufacturing build orders for remedial work and iCal calendar synchronisation with Outlook.

Fitter appointments are booked by the agents on an informed intelligence basis to minimise unwanted travel time by allocating cases to geographic zones and forward looking appointments to ensure that fitters are booked in when next in the appropriate locale. This appointment picking process also includes real time estimates of travel time so the most informed appointment booking decision can be made.

End use wise the system also includes a web based portal for key clients to view and manage their support cases, including any updates, notes or case changes. This allows end users real time access to updates when they need it, yet at the same time freeing Agent staff from fielding update enquires directly .

The solution is built upon dotUK’s managed web services platform hosted in the North East which allows for scalable database clustering, high availability, and includes 24/7 monitoring and management, and full data backups to an offsite datacentre

Native App, Hybrid App, or somewhere in between?

I quite often get told “I want an app for my business”, not that they “need” one, they want one, which can often be the wrong place to start, as we’re justifying a want by creating the needs. Underneath it all there are many complex technical considerations and decisions to be made, often by us and trusted by the client, but these considerations come on the back of the business’s “needs” not it’s “wants”, and the app platform, is one of these.

So first off, what is a native app, or what app platforms are there? The lines are grey in the middle, so feel free to disagree with these definitions (happy to engage in the debate!) but broadly we have;

  • Native Apps – In it’s purest sense these are apps written in the native programming language of the mobile device you’re targeting, eg;
    • iOS (iPad and iPhone apps) – Uses Objective C (and now Swift)
    • Android – Uses Java (not Javascript! More on that below)
    • Windows Mobile – C# (pronounced C sharp)
    • Blackberry – Java, however not the same as Android (Pre Blackberry 10), however the latest Blackberry Priv handset is in essence an Android device.
  • Hybrid Apps (With Native UI) – These include platforms such as Xamarin, or Telerik AppBuilder, which is based on C# and F#, but the end result on each device is a ‘Native’ App using Native UI elements so the app feels at home to users on that platform. The end result is these are compiled down to ‘Native Apps’ on the device so often indistinguishable from true Native Apps.
  • Hybrid Apps (With Cross Platform UI) – This is the biggest ‘app’ space at the moment, filled by vendors such as Phonegap / Cordova, Appcelerator Titanium, normally pitched at Web Developers trying to get into the mobile space as it appeals to their existing HTML5 and Javascript skill sets.
  • Web Apps – Not really an app! Not in the mobile sense, but a traditional web site hosted and accessible to all and heavily optimised and responsive for mobile users.

So what are the pros and cons, and which do I need! Well there’s the conversation, but sit down with us for a cup of coffee, or engage with us and we’ll look at your “needs” and help you come to an informed decision, but some points to consider;

  • So you want a mobile friendly, easily accessible, cheap (relatively) way to engage with a mobile audience? On any device, wherever they are connected. – Then consider a mobile optimised website, no need for app stores, or worrying about platform related decisions, just out there.
  • Do you want to engage with the mobile audience? Eg send Push notifications, Know where they are physically located, use the camera, microphone etc? – Then for a good experience you need an App, that has access to the devices hardware, eg GPS, Camera, Microphone. Most Hybrid Apps will allow this, Native Apps without question.
  • Do you want the user to work offline? Ie when no internet connection? – If the app is to work disconnected, without a live internet connection then you are in Native, or Hybrid with Native UI territory. The app will need to read and write to a local database to store your work when disconnected, and then ‘phone home’ when back online, this needs more complex cross platform background services and databases.

Another consideration is user experience, end users engage with their mobile so much these days that functional apps should be second nature, they should pick up your app and start using it, it should be obvious, which is where Native Apps, or Native UI based apps win every day. The best example is deleting a record from a list. On an iOS device you swipe left, and tap delete. On Android it’s press and hold, then Delete. On a Native App, or a framework such as Xamarin which uses the Native App user interface (in fact it uses the same user interface tools as Native Apps so you don’t get any closer!) then that’s what you get, your end user feels at home. Yet on Cordova / Phonegap based apps, which pitch themselves as code once, run everywhere, you have exactly the same user interface and design on Android as you do on iPhone (sounds good, right?), except what you’ve achieved is an interface that all users find confusing, it’s not ‘natural’ on an iPhone, or Android, so your users have to learn to use your App.

tablet mobile app with phone mobile app

So what about the benefits to you, the customer? Well that comes down to price. Using a hypothetical example of an ‘app’ that needs to be on Android and iPhone, downloads user content from a web based Content Management System, that the user can interact and send content back including photos taken within the app, and the app owner can send push notifications based on GPS Location, your year 1 project prices differ as below;

  • If you go fully native, and certainly if you want your app available on more than one platform then you need to write the app twice, once in Objective C for the iPhone, and again in Java for Android apps, near enough double your cost – £9500.
  • A Hybrid, non native Cordova solution will be significantly cheaper, it gets written once, but your user experience suffers, based on the requirements above it’s possible though – £3000
  • Somewhere in the middle, a Hybrid App with a native UI, such as a Xamarin, the back end and core workings of the app only have to be written once, in C# for example, so a considerable development time saving, but the user interface is written individually for each platform using Native tools to get the perfect experience – £5500. The clever ones amongst you will notice that we’ve not mentioned Xamarin Forms, which is the Amber Nectar, negates the need to design the UI for each platform, but still gives the benefit of native UI on each device, if this is appropriate for you (and often is for line of business apps), then the price could drop further to near £4500 suddenly less than half the price but all the benefits

So what’s the conclusion? There isn’t one, the best answer is to engage with your chosen app developer (us we hope!), have a cup of coffee or two and talk through your requirements and come to a sensible conclusion based on your “needs”. What’s more concerning, is for those of you out there that have already had a mobile app commissioned did you have a conversation along the lines of the above? Have you got what you “needed” or what you were given?

I make no pretences that I love Xamarin, more so now they’re backed by Microsoft, be it Xamarin Classic, or Xamarin forms I can offer you and your business incredible value, especially across multiple platforms, but I’m by no means restricted to them (I actually spend the majority of my time working on a Java / Groovy based Android app for tablets). I’m just as happy dropping into true Native technologies, or a quick win with Cordova, but the choice is yours, not mine.

For more information on Mobile App Development please Contact Me

PS: For the avoidance of doubt, anything generated by someone with a ‘mobile apps for bizness’ account costing you about £500, they’re not apps, they are badly hosted websites pretending to be an app (turn airplane mode on your device and start the app, what happens!). The reality is that you won’t get any return on your ‘bargain’ £500 app, you’re just £500 poorer, sorry ????

Andy Flisher is a Mobile App Developer based in the North East of England with over 20 years software development experience. He is available for hire and specialises in cross platform mobile app development, web applications, desktop software, bespoke cloud architecture solutions and providing outsourced project management services.

Footnote: Originally written in June 2006 but edited to make more current in January 2019 when republished

You get what you pay for – Mobile App Security

You get what you pay for – App Security

In the course of work this week I had a cause to audit an iOS App that a prospect had had developed by a local competitor here in the North East, the reasoning for this was that the prospective client was looking at moving the hosted back end (ASP .Net, SQL Server – standard stuff) and wanted a price.

The purpose of the audit was to check what network connections the app was making, and correlating with what I knew about the backend hosting, just to make sure there were no surprises, we didn’t have the source code for either end yet, it was just a pricing exercise at this point (As it happens the App is written using PhoneGap so we did have the source code, but my route was quicker).

So, I installed the app, redirected my iPhone through a proxy server, and fired up the app – and proceeded to stare in horror. The app instantly, on first run fired up an un-encrypted, un-authenticated connection to the backend host and promptly downloaded the usernames, password, emails, and more for every user in the system. It then keeps a copy of these locally, and uses those details to authenticate later.

Why is this bad, in laymans terms, because anyone, on the internet, who knew the url the app uses could download the same list. Would people be interested in logging in to this system? Probably not, do people use the same username and password for Amazon, Tesco, Online Banking – absolutely, and there’s the problem.

Solutions, well it’s about paranoia, but key areas;

  • Authentication – Implement simple basic authentication so that the app logs in to the webservice it pulls the data from.
  • Https – Implement and SSL connection, then at least all traffic too and fro is encrypted (important as Basic Authentication is over plain text, so without https it’s still sniffable)
  • Change the login mechanism to completely remove the need to download all user info at all.

What’s really frustrating though, and actually makes the ‘You get what you pay for’ title of this post a misnomer, is this wasn’t a cheap solution.  The client paid a very reasonable amount for this app and solution.  This is the sort of thing we see, and sadly expect, when a ‘cheap’ solution is offered as a counter to ours.  We’re not expensive, but not cheap, we do do things correctly though.  It’s a classic case of the customer not knowing what they’re not getting, they trust, and assume that a professional job is being done, without really asking too many questions about why it’s cheap.

In this case no excuses though, I’ll not name anyone, and we’ve raised the issue with the client – We certainly won’t be taking on the hosting until it’s resolved!

Andy Flisher is a Software Developer based in the North East of England with over 20 years software development experience. He is available for hire and specialises in cross platform mobile app development, web applications, desktop software, bespoke cloud architecture solutions and providing outsourced project management services.

Xamarin announce UrhoSharp 3D Framework version 1.8

From: https://blog.xamarin.com/…

Been a while coming but Xamarin have pushed version 1.8 of Urhosharp, the .net binding to the Urho 3D engine.  This allows use across iOS, Android, MacOS and Windows applications.  Looking forward to giving this a play, especially the ARKit and ARCore Augmented Reality options for mobile.

Andy Flisher is a Software Developer based in the North East of England with over 20 years software development experience. He is available for hire and specialises in cross platform mobile app development, web applications, desktop software, bespoke cloud architecture solutions and providing outsourced project management services.