Rapid Web News

So many people have smart phones now. Almost everyone in our office has one, be it an Android powered device, a Blackberry or an iPhone.

With one of the biggest features of smart phones being their near anywhere web browsing, the mobile website market is every increasing. Going to a website on a phone which has not be optimised for mobile devices can be a huge pain to navigate well and could easily turn off your visitor (and potential customers), while an optimised website can make the experience a pleasant and swift experience.

In terms of mobile websites, there are two main types.

• Optimisation of an existing website

This mainly involves ensuring the website displays well on mobile devices, and tends to revolve around changing the styling for mobile devices which not performing any major functionality changes.

• Development of a full mobile site

Such development creates a bespoke, fantastically user-friendly experience, designed specifically for smart phone users. Such developments can be specifically designed for touch interfaces and can focus on quickly getting mobile users the information they require and directing their attention to the areas of your site that will let them enquiry or purchase the product/service your company is offering.

Without a doubt a fully fledged and specifically designed mobile site is the optimal solution for you and the best experience for your customers.

If you’re increasing in optimising your website for mobile phones or indeed, creating a bespoke mobile experience for your site, please feel free to get in touch!

The PHP scope resolution operator in PHP is a useful feature when you need to access methods or variables within a static context. It can often be useful in reducing namespace conflicts. Especially when using custom code with off the shelf systems to avoid conflicting function redefinitions.

There have been a few cases where previously defined function errors have cropped up when adding a pre made system to a custom developed application. This is has been most prominent with Word press or any system which has generically named functions. It’s often unavoidable to prevent function clashes as it requires knowing any other external system definitions which of course isn’t always possible.

Keeping generic function names in a class is a possible option to reduce the problem; however this brings about the requirement of instantiating a class before being able to use the function. Another way to get around this issue is to use the scope resolution operator to statically call functions or even properties. In PHP this can be achieved using the scope resolution operator, otherwise known as the double colon operator.

Example:

class foobar {

public static function call_me() {}

}

Usage:

foobar::call_me();

The scope resolution operator should be used wisely. It is often best practice to only use static methods when they are stateless in nature, i.e. basic helper functions that do not modify any external state beyond their own contained execution.

A variety of Internet firms have stated that online video streaming records have been broken over the course of the UK’s recent royal wedding.

“The royal wedding has broken records for the biggest ever live streaming audience online, according to a internet firms.

…

The BBC website meanwhile wobbled under the strain this morning as huge numbers of Britons accessed its coverage.

Visitors were intermittently greeted with an error message saying the website was experiencing “abnormal traffic” around the climax of the ceremony after 11am.

A spokesman said: “We are experiencing some technical issues with BBC Online due to the sheer weight of traffic, which may cause the site to be slower than normal in some cases.”

Other major websites appeared to be cope with the royal wedding, an event that was widely expected to break traffic records.

YouTube’s live stream, which was expected to attract 400 million viewers, ran smoothly.

…

Akamai, a major traffic carrier, said that its own record of 1.6 million concurrent live streams during the World Cup was broken.

And Livestream, which provided online video for the Associated Press and CBS, also said the royal wedding was its most popular stream ever.

It is likely to take several days before a complete picture of how many watched the royal wedding online emerges, however.

Network upgrades by mobile operators along the royal wedding route were successful in ensuring that well-wishers were able to call, text, tweet and update Facebook.

O2 and Vodafone installed temporary network base stations around Hyde Park and St James’ Park to double capacity. A spokesman for O2 said it was braced for 65 million royal wedding pictures to be posted online from smartphones.”

The Telegraph

The inventor of the web has said that governments must act to preserve the principle of net neutrality.

Sir Tim Berners-Lee told the BBC that legislation may be needed if self-regulation failed.

He been asked by the UK government to negotiate an agreement on an open internet between service providers and content firms like the BBC and Skype.

Sir Tim would prefer self-regulation by the internet industry, but progress has been slow.

“If it fails the government has to be absolutely ready to legislate,” he said.

“It may be that the openness of the internet, we should just put into law.”

Net neutrality, the idea that all traffic on the internet should be treated equally, has been a controversial issue in the United States and is now moving up the political agenda in the UK.

Net neutrality is an important issue in Internet related politics. Without net neutrality, Internet service providers could offer packages in which certain online services, such as video streaming websites, e-commerce websites or certain web applications have increased priority over other web services.

The concept of net neutrality is such that all data traffic on the Internet is treating in an equal manner.  This is already becoming an issue in the case of Internet services providers which shape traffic of certain types. This is often done to curb data usage for high-use customers. However, when other traffic is prioritised and ISP to Internet/web company partnerships come into existence, this could mean that we see ‘packages’ of Internet access which allow faster access to certain websites while leaving other sites (who may not be able to partner with ISP financially) out in the cold.

This is a technical post provided as advice to server administrators having issues with the HSBC payment gateway system.

HSBC have recently updated the SSL certificates on their payment gateway system. However it seems they did not provide the intermediate certificates for the certificate authority they used. This leaves the job of updating the CA bundles up to HSBC’s clients. The following advice refers to resolving the issue on a Linux server.

Step 1 – Check the problem is definitely related to an SSL Certificate mismatch

To do this, it is best to simply request the main secure-epayment API via curl. Running the following command will suffice.

curl https://www.secure-epayments.apixml.hsbc.com

If this issue is present, you will likely see a message such as the one below. If you do not see this message or one similar, the issue is likely to be unrelated and we recommend you contact HSBC’s epayments support line to resolve the issue.

 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
 More details here: http://curl.haxx.se/docs/sslcerts.html

 curl performs SSL certificate verification by default, using a "bundle"
  of Certificate Authority (CA) public keys (CA certs). The default
  bundle is named curl-ca-bundle.crt; you can specify an alternate file
  using the --cacert option.
 If this HTTPS server uses a certificate signed by a CA represented in
  the bundle, the certificate verification probably failed due to a
  problem with the certificate (it might be expired, or the name might
  not match the domain name in the URL).
 If you'd like to turn off curl's verification of the certificate, use
  the -k (or --insecure) option.

Step 2 – Update the CA bundle on your server

Obviously it is possible to remove the verification of the SSL certificate, but this is heavily not recommended due to potential negative security implications. To update the CA bundle file from the curl website, use the following commands. Note that may have to adjust to certs path mentioned to conform to the distribution and configuration of your operating system. Also, it is recommend to back up any existing ca-bundle file and any related configuration.

 cd /etc/pki/tls/certs/
 wget http://curl.haxx.se/ca/cacert.pem
 mv cacert.pem ca-bundle.crt

The file available from the CURL site shown above is generated weekly from the latest Mozilla certs, so should be reasonably up to date with all existing certificate authorities.

Step 3 – Test the CA bundle update has resolved the issue

This is merely a case of rerunning the curl command from step 1 mentioned previously. If the update has been successful you should now see the following response from HSBC (or similar) indicating a secure connection has been established.

 <?xml version="1.0" encoding="UTF-8"?>
 <EngineDocList>
  <EngineDoc>
   <MessageList>
    <MaxSev DataType="S32">6</MaxSev>
    <Message>
     <AdvisedAction DataType="S32">16</AdvisedAction>
     <Audience DataType="String">Merchant</Audience>
     <Component DataType="String">CcxXmlInput.A</Component>
     <ContextId DataType="String">CcxXmlInput</ContextId>
     <DataState DataType="S32">1</DataState>
     <FileLine DataType="S32">793</FileLine>
     <FileName DataType="String">CcxXmlInstance.cpp</FileName>
     <FileTime DataType="String">13:30:24Jul 14 2009</FileTime>
     <ResourceId DataType="S32">8</ResourceId>
     <Sev DataType="S32">6</Sev>
     <Text DataType="String">The HTTP method received is not valid.  Only POST is accepted.</Text>
    </Message>
   </MessageList>
  </EngineDoc>
 </EngineDocList>

Step 4 – Restart any dependant services

This step may or may not be required depending on your software and/or configuration. You may need to restart any services which are dependent on the updated CA bundle.

For example, the following commands are commonly used to restart the Apache 2 webserver.

/etc/init.d/apache2 restart

/etc/init.d/apache restart

/etc/init.d/httpd restart

I hope this article aids any server administrators currently experiencing issues due to the recent HSBC epayments SSL certificate update.

Feel free to discuss this issue further in the comments section below.