hosting

Christmas Cards for Schools Clustered Print Generation

Prior to Xyroh, Andy was the founder of dotUK (A software development firm based out of Yarm and Stockton on Tees here in the North East), again specialising as a developer in mobile apps, web applications and desktop software for a number of business clients – this is one of those portfolio case studies

Summary

Christmas Cards for Schools based in Middlesbrough here in the North East, part of Fundraising Creations, offer Fundraising solutions for Schools, their primary product being the production of bespoke printed and customised Christmas Card packs personalised with the pupils name, class and of course their own drawing. Having been responsible for the production of in excess of 1.1 million cards in the Christmas 2013 season efficiency and scalability are high priorities

Technical

Client Christmas Cards for Schools Ltd – Middlesbrough based School Fundraising

Platforms Linux, Web, WebServices,

Technologies PHP, Perl, CSS, Jquery, MySQL, REST, ImageMagick, Apache, Clustering

Development Web Development, Web Services Integration, Synchronisation

Case Study

To understand the scale and requirements to create, print and distribute in excess of 1million Christmas Cards in a 3 month period each year it’s probably beneficial to understand the workflow required, and the stages at which dotUK have been able to build out and scale, thus adding capacity each year.

• Participating Schools are sent Artwork kits

• Kits are returned and the drawings are scanned, grouped, and filed into our Web Based storage system

• School batches are processed within our processing cluster leading to the creation of digital print ready personalised images (1 Per child)

• Print ready images are synchronised to the print partner who takes responsibility for print and distribution, feeding back status to the storage system dashboard.

Due to the system being highly seasonal dotUK have built a bespoke hosting infrastructure that offers a cost effective, but highly scalable hosting solution. Services that are required year around are separated from the seasonal processing cluster, thus offering a base line cost for the majority of the year. The processing cluster is build in such a manner, that additional processing nodes can be added at 15minute deployment windows, and will automatically join in the pool of processing power, but can be removed when surplus thus reducing hosting and running costs that are unwarranted.

To maintain maximum data integrity, control, and compliance in excess of UK Data Protection requirements, the hosting cluster and processing engine is a bespoke, privately hosted solution provided, hosted, and monitored by dotUK

Depending on the solution offered to the school the workflow may include digital samples that are offered initially to the school prior to order, but ultimately school co-ordinators enter their school order quantities online through their own access portal, which triggers the print cluster and sync services to push final orders to the print partner.

In addition to the core card generation workflow, we also generate supplementary personalised products, and fully automate other ancillary services such as billing, marketing / kit requests and the ability for parents to view online samples prior to order

You get what you pay for – Mobile App Security

You get what you pay for – App Security

In the course of work this week I had a cause to audit an iOS App that a prospect had had developed by a local competitor here in the North East, the reasoning for this was that the prospective client was looking at moving the hosted back end (ASP .Net, SQL Server – standard stuff) and wanted a price.

The purpose of the audit was to check what network connections the app was making, and correlating with what I knew about the backend hosting, just to make sure there were no surprises, we didn’t have the source code for either end yet, it was just a pricing exercise at this point (As it happens the App is written using PhoneGap so we did have the source code, but my route was quicker).

So, I installed the app, redirected my iPhone through a proxy server, and fired up the app – and proceeded to stare in horror. The app instantly, on first run fired up an un-encrypted, un-authenticated connection to the backend host and promptly downloaded the usernames, password, emails, and more for every user in the system. It then keeps a copy of these locally, and uses those details to authenticate later.

Why is this bad, in laymans terms, because anyone, on the internet, who knew the url the app uses could download the same list. Would people be interested in logging in to this system? Probably not, do people use the same username and password for Amazon, Tesco, Online Banking – absolutely, and there’s the problem.

Solutions, well it’s about paranoia, but key areas;

  • Authentication – Implement simple basic authentication so that the app logs in to the webservice it pulls the data from.
  • Https – Implement and SSL connection, then at least all traffic too and fro is encrypted (important as Basic Authentication is over plain text, so without https it’s still sniffable)
  • Change the login mechanism to completely remove the need to download all user info at all.

What’s really frustrating though, and actually makes the ‘You get what you pay for’ title of this post a misnomer, is this wasn’t a cheap solution.  The client paid a very reasonable amount for this app and solution.  This is the sort of thing we see, and sadly expect, when a ‘cheap’ solution is offered as a counter to ours.  We’re not expensive, but not cheap, we do do things correctly though.  It’s a classic case of the customer not knowing what they’re not getting, they trust, and assume that a professional job is being done, without really asking too many questions about why it’s cheap.

In this case no excuses though, I’ll not name anyone, and we’ve raised the issue with the client – We certainly won’t be taking on the hosting until it’s resolved!

Andy Flisher is a Software Developer based in the North East of England with over 20 years software development experience. He is available for hire and specialises in cross platform mobile app development, web applications, desktop software, bespoke cloud architecture solutions and providing outsourced project management services.

Improving WordPress Performance – Use Azure CDN

A simple, incredibly cheap, and effective way of improving WordPress performance, especially if you have a global audience, or poor performing hosting that you can’t move away from.

Once the bastion of enterprise, a CDN is now a realistically affordable, and in some scenarios free solution for many small businesses.

Support for Open Source Technologies on Microsoft Azure App Service

Source: Improving WordPress Performance – Use Azure CDN | Microsoft Azure Open Source Development Support Team Blog

Andy Flisher is a Software Developer based in the North East of England with over 20 years software development experience. He is available for hire and specialises in cross platform mobile app development, web applications, desktop software, bespoke cloud architecture solutions and providing outsourced project management services.