Rapid Web News

We’re very happy to announce to recent launch of Banky T-shirts.org, a website that sells t-shirts from the graphic artist Banksy, and donates £1 of each Banksy t-shirt to a charity of your choice!

This website uses our in-house e-commerce system to power the online e-commerce shopping experience and the WordPress blogging system to power the Banksy News section.

This Banksy t-shirt website is a great example of how our in-house e-commerce system can be heavily customised, added-on to and made bespoke for the needs of the particular system. In this case, the charity choice during the basket and checkout stages is a custom piece of functionality that has been integrated into our system. This is shown on the front-end of the system as part of the customer experience, as well as in the administration to keep record of required charity donations based on each Banksy t-shirt which is sold.

If you want, please go ahead and browse one or more of these awesome Banksy t-shirts!

The PHP scope resolution operator in PHP is a useful feature when you need to access methods or variables within a static context. It can often be useful in reducing namespace conflicts. Especially when using custom code with off the shelf systems to avoid conflicting function redefinitions.

There have been a few cases where previously defined function errors have cropped up when adding a pre made system to a custom developed application. This is has been most prominent with Word press or any system which has generically named functions. It’s often unavoidable to prevent function clashes as it requires knowing any other external system definitions which of course isn’t always possible.

Keeping generic function names in a class is a possible option to reduce the problem; however this brings about the requirement of instantiating a class before being able to use the function. Another way to get around this issue is to use the scope resolution operator to statically call functions or even properties. In PHP this can be achieved using the scope resolution operator, otherwise known as the double colon operator.

Example:

class foobar {

public static function call_me() {}

}

Usage:

foobar::call_me();

The scope resolution operator should be used wisely. It is often best practice to only use static methods when they are stateless in nature, i.e. basic helper functions that do not modify any external state beyond their own contained execution.

This is a technical post provided as advice to server administrators having issues with the HSBC payment gateway system.

HSBC have recently updated the SSL certificates on their payment gateway system. However it seems they did not provide the intermediate certificates for the certificate authority they used. This leaves the job of updating the CA bundles up to HSBC’s clients. The following advice refers to resolving the issue on a Linux server.

Step 1 – Check the problem is definitely related to an SSL Certificate mismatch

To do this, it is best to simply request the main secure-epayment API via curl. Running the following command will suffice.

curl https://www.secure-epayments.apixml.hsbc.com

If this issue is present, you will likely see a message such as the one below. If you do not see this message or one similar, the issue is likely to be unrelated and we recommend you contact HSBC’s epayments support line to resolve the issue.

 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
 More details here: http://curl.haxx.se/docs/sslcerts.html

 curl performs SSL certificate verification by default, using a "bundle"
  of Certificate Authority (CA) public keys (CA certs). The default
  bundle is named curl-ca-bundle.crt; you can specify an alternate file
  using the --cacert option.
 If this HTTPS server uses a certificate signed by a CA represented in
  the bundle, the certificate verification probably failed due to a
  problem with the certificate (it might be expired, or the name might
  not match the domain name in the URL).
 If you'd like to turn off curl's verification of the certificate, use
  the -k (or --insecure) option.

Step 2 – Update the CA bundle on your server

Obviously it is possible to remove the verification of the SSL certificate, but this is heavily not recommended due to potential negative security implications. To update the CA bundle file from the curl website, use the following commands. Note that may have to adjust to certs path mentioned to conform to the distribution and configuration of your operating system. Also, it is recommend to back up any existing ca-bundle file and any related configuration.

 cd /etc/pki/tls/certs/
 wget http://curl.haxx.se/ca/cacert.pem
 mv cacert.pem ca-bundle.crt

The file available from the CURL site shown above is generated weekly from the latest Mozilla certs, so should be reasonably up to date with all existing certificate authorities.

Step 3 – Test the CA bundle update has resolved the issue

This is merely a case of rerunning the curl command from step 1 mentioned previously. If the update has been successful you should now see the following response from HSBC (or similar) indicating a secure connection has been established.

 <?xml version="1.0" encoding="UTF-8"?>
 <EngineDocList>
  <EngineDoc>
   <MessageList>
    <MaxSev DataType="S32">6</MaxSev>
    <Message>
     <AdvisedAction DataType="S32">16</AdvisedAction>
     <Audience DataType="String">Merchant</Audience>
     <Component DataType="String">CcxXmlInput.A</Component>
     <ContextId DataType="String">CcxXmlInput</ContextId>
     <DataState DataType="S32">1</DataState>
     <FileLine DataType="S32">793</FileLine>
     <FileName DataType="String">CcxXmlInstance.cpp</FileName>
     <FileTime DataType="String">13:30:24Jul 14 2009</FileTime>
     <ResourceId DataType="S32">8</ResourceId>
     <Sev DataType="S32">6</Sev>
     <Text DataType="String">The HTTP method received is not valid.  Only POST is accepted.</Text>
    </Message>
   </MessageList>
  </EngineDoc>
 </EngineDocList>

Step 4 – Restart any dependant services

This step may or may not be required depending on your software and/or configuration. You may need to restart any services which are dependent on the updated CA bundle.

For example, the following commands are commonly used to restart the Apache 2 webserver.

/etc/init.d/apache2 restart

/etc/init.d/apache restart

/etc/init.d/httpd restart

I hope this article aids any server administrators currently experiencing issues due to the recent HSBC epayments SSL certificate update.

Feel free to discuss this issue further in the comments section below.

Wait… hold on. Firstly, what are MyISAM and InnoDB?

MyISAM and InnoDB are the two commonly used MySQL engines for database tables. MyISAM is the default database engine for new tables created in MySQL 4 and 5.

So, why would I want to use one over the other?

Good question. Perhaps it is best answered by going through the differences between the two database engines.

1. InnoDB is a more modern database engine than MyISAM, so some could say MyISAM is more reliable due to this, although there is very little evidence to support this.
2. However! Even though InnoDB is newer, it has much better error recovery. Corrupt tables are (with all hope) quickly restored to a functional state when the  InnoDB engine is in use, however recovery of MyISAM powered tables is significantly slower and less reliable. Corrupt MyISAM tables have been known to hold up the starts and restarts of the MySQL daemon.
3. InnoDB supports foreign keys natively, meaning you can enforce referential integrity at a database level rather than ensuring integrity at the application level.
4. Insertions and updates in InnoDB utilise row level locking, whilst MyISAM only supports full table locking. This means that mass inserts and updates, MyISAM table access can become significantly slowed down as MySQL has to wait for the database engine to release the lock on the table caused by the insert or update. InnoDB defaults to locking only the rows which are affected by the insert or update query, meaning the rest of the table can still be accessed without waiting for a lock release.
5. MyISAM supports full-text indexing. This means MyISAM tables can have text fields indexed, which significantly increasing SELECT queries which contain text type fields. The InnoDB table has no support for full-text indexing.

It looks like there is no clear winner?

You’re right. Even though InnoDB is, as said, much more modern, both database engines still have their place in modern database structures. In fact, your choice should be dependant on how you anticipate the table will be used.

So, when would I want to use an InnoDB table?

If data integrity is important to you, multiple related InnoDB tables inherently take care of the data integrity between tables due to their support of foreign keys and enforcement of referencial integrity. Additionally, if your table will be used for intensive write operations (inserts and updates) the InnoDB engine can handle this much better than MyISAM, due to row level locking.

InnoDB does fall down however in the fact that it does utilise more memory than MyISAM and as previously mentioned it lacks full text indexing.

InnoDB sounds great. What need do I have for the MyISAM engine?

You don’t need to deal with referential integrity or building DBMS enforced relationships between tables with MyISAM, simply because the engine does not support it. One could argue this makes MyISAM tables quicker to create and useful for smaller, quicker tasks as well as initial system prototyping.

MyISAM also tends to be faster at many operations, especially large scale SELECT queries returned many results. For tables which will be used mainly for data retrieval with less in the way or inserts or updates, the performance of MyISAM may be a deciding factor. As well as this generalised speed, the MyISAM engine supports full-text indexing, which would be useful for large tables that contain textual data that needs to be fully searched and/or sorted on a regularly basis.

Okay. So, which would you suggest? Give me a quick summary.

InnoDB should be chosen where data is written reguarly and data integrity and security is critical.

MyISAM is the best choice for tables in which there is large amounts of data, especially textual data, that is read from significantly more than written to.

Thanks!

No problem.

HTML 5 introduces several new tags which focus of defining the content of a page in a machine readable fashion.

In today’s websites, if a computer program attempts to pick out a particular part of a page, such as the main article, the sidebar or the top navigation, it would have difficulty. This is because every website structures its HTML differently, and most modern websites use <p>, <div> and <span> tags to surround their content. These tags generally define style. The new HTML 5 tags define content.

Defining content makes websites easier to parse by computer programs. This could benefit accessibility readers for the blind and allow content aggregating systems and ‘mash-up’ websites to easily parse, link to and cite your articles.

Here is a list of some of the HTML 5 tags that define content.

• <article> – Defines a main article on a page. Can include cite (citation) and pubdate (publishing date) attributes.
• <details> – States content details for a specific section. Can include an open attribute defining whether or not the details within are visible to the end-user.
• <figcaption> – States the caption for a figure as defined by the figure tag.
• <figure> – Usually used to group a set of elements.
• <footer> – Footer layout element. This is used to contain the footer content of the page, usually contains the website name, author and copyright information.
• <header> – Header layout element. This tag is designed to contain the top header of a document, usually showing the website logo, page and/or company title and subtitle.
• <hgroup> – A tag used to group together heading tags such as <h1>, <h2>, <h3> and so on.
• <keygen> – A key generation tag which defines a generated (encryption) key that can be associated with a HTML form.
• <meter> – The <meter> tag contains content which is deemed to be a measurement of some sort.
• <nav> – The <nav> tags stands for navigation and is designed to surround navigation links, such as those present in a sidebar bar or navigational header/footer.
• <summary> – The <summary> tag defines the title of a <details> element.
• <time> – This tags contains content which is a statement or measurement of time and/or date/time.

More information about HTML 5 tags is available from W3Schools. See the HTML 5 Tag Reference for more details on these tags and the other new tags in HTML 5.