Skip to content

Category: Web Dev

Relating to web design, web programming, web servers, and other web topics

Bespoke Software Development Tips

Software lies at the core of business efficiency. It may be a lot cheaper to go for a software solution that is bought off of the shelf. However nothing meets the efficiency and effectiveness that can be reaped through implementing a bespoke software solution. This type of software will be completely tailor-made in order to suit your business; the size of your company, the activities you need to carry out, the data you need to store and your goals for expansion in the future. Read on to discover the top seven tips for having your own bespoke software developed.

Feasibility check

A lot of people overlook this point; however a feasibility check is essential. What is the purpose of developing your software? How is it going to provide you with improved efficiency? How will ROI be affected?

Technology infrastructure plan

Draw up a plan compromising of all the technologies and servers utilised in your business at present. This is essential because the software you develop needs to be compatible with the technology you use if you are to benefit from a cost efficient and time effective software development process.

Outsourcing

Outsourcing can ensure your software runs effectively for a lifetime. You can of course take advantage of the fantastic professionals out there who are trained and qualified in software development. But what a lot of people do not realise is that not only will you have the peace of mind that your software development is in the hands of the best, but you will also know you are covered in the future should any glitches occur. This is because these businesses provide substantial care and after support.

A long testing period is essential

Whether you are getting a company to develop your software or you are doing it yourself testing is imperative. This does not merely relate to a quick hour of playing around on the software. You need a testing period of approximately a month in order to ensure everything runs properly.

Find a robust software programming language

Believe it or not, but all software does not speak the same language! From Visual Basic to Java to C++, the choices are vast. Don’t try and go for something unusual – this will make bespoke software development and integration of other systems extremely difficult. Make sure you opt for a robust option. Aside from the three just mentioned other good options include; VB.NET and C#.

Web-based software application

Web-based software solutions are on the rise, with so many options, from SD-WAN to productivity apps. These are seen as highly beneficial as the only thing that is required is an internet connection for it to run. This type of software is seen as the future.

Lots of features are not always a good thing

It can be very easy to get distracted and build a software solution with a monumental number of different features. However, if these are not necessary, then don’t include them. The whole point of bespoke software is so that you can manage segments of your business efficiently. Pointless features simply complicate it.

If you follow the seven tips given in this article then you should have no issue when it comes to developing the perfect bespoke software solution for your business.

Leave a Comment

Using IFTTT to connect Reddit to Discord

I spent far too long this morning trying to get posts from a particular subreddit to show up in a particular channel on a Discord server I belong to. There was a lot of bad and wrong information out there on how to do this, and finding the correct way took me down many incorrect pathways.

The goal here is to set up the workflow like this:

Reddit post in /r/yoursubreddit > IFTTT applet > Discord webhook > posted to your Discord channel

Essentially, the Discord webhook is a very simple Discord bot that is fed content by IFTTT when someone posts to the subreddit of interest. The webhook takes that content and feeds it to the channel you desire.

For the record, this is the way to do it.

Prerequisites

  • A sufficient user role to edit the channel settings on Discord of the channel you want to post your Reddit content to.
  • Webhooks capability enabled for your Discord user role *and* for the channel you want to use. See here for more info on how to enable Webhooks.
  • An If This Then That (IFTTT) account.
  • Optional: an image/icon for the webhook. This will show up for the account that will be posting the Reddit post to your Discord channel. I used this one.

The Setup

Let me preface this by saying that these instructions were created using the desktop version of Discord and a desktop web browser. It may be a little more tricky on mobile, and what you see may be a little different, but perhaps not.

Create a webhook for your Discord Channel.

1. Go to the Discord channel you want to use and click the gear icon to Edit Channel:

 

 

 

2. Click Webhooks in the left-side menu, then click the blue Create Webhook button on the right.

3. Give your webhook bot a name such as “Reddit post bot” and select the channel you are having it post to.

4. This is where you can optionally upload an icon for this bot. This will show up as the user icon when this bot posts to Discord.

5. Copy the Webhook URL, or keep it handy, so that you can paste it elsewhere in a few steps.

6. Click Save.

Create an IFTTT recipe

8. Open your IFTTT account, go to My Applets, then click New Applet.

9. Click the blue “+this” to add the first action.

10. Use “Search services” to search for Reddit, and choose the “Any new post in subreddit” trigger

11. For the “Subreddit” field, enter the subreddit you want to use without the “/r/” in front of it. For example:

12. Click Create Trigger.

13. Now you should see something like the following:

 

 

Click the “+that” link.

14. This time, under “Search services,” search for “webhooks.” Select the result and click “Make a web request.”

15. Now you can paste the Webhook URL you created in Step 5 above into the URL field here.

16. For “Method” choose POST and for Application Type choose “application/json”

17. Here’s the crucial part. Under “Body” copy and paste this entire line of json code exactly as-is EXCEPT, change YOUR BOT’S NAME to the name you want to give this bot (such as “Reddit Feed Bot” or “Fred”):

Optionally, you can change the “I have received a new post!” text to anything you want to show up any time there is a new post to Discord from this bot. Leave all the rest of the code as-is.

18. Click Save.

That’s it! Any new posts in the subreddit you chose should now show up in the Discord channel you chose. Keep in mind that it isn’t instant. It usually take about 15 to 30 minutes for new posts to show up for me, for whatever reason. If anyone knows how to speed that up, please feel free to post the solution in the comments section below.

Enjoy!

Leave a Comment

Speaking at Drupal Camp Asheville

I will be doing a talk on Drupal and Security at this year’s Drupal Camp Asheville. I will cover some security best practices for Drupal developers, how to avoid certain Drupal-specific security gotchas, some lessons learned in keeping Drupal sites secure, and some handy tidbits you can use to prevent the bad people from ruining things.

The times for the various speaker sessions haven’t been announced yet, but stay tuned. I hope to see you all there!

#dcavl

Leave a Comment

A jQuery 1.x vulnerability exists and no fix is planned

I haven’t seen much talk about this issue around the Internet, so I thought I’d present what I’ve learned for others to be aware of. It mainly has to do with the fact that jQuery 1.x (and 2.x, for that matter) were replaced by 3.x, yet they are still thriving in many, many projects, applications, and websites to this day.

While doing a security review of some code the other day, a retirejs scan informed me that jQuery 1.x contained a Medium vulnerability regarding cross-domain requests in ajax. According to Snyk:

“Affected versions of the package are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.

Remediation: Upgrade jquery to version 3.0.0 or higher.”

“Upgrading to 3.0.0 or higher seems pretty drastic,” I thought to myself. Well, according to a comment I found on jQuery’s GitHub page, this is actually their stance, and they don’t plan on patching 1.x because it is a ‘breaking change’:

https://github.com/jquery/jquery/issues/2432#issuecomment-290983196

So it would behoove you to upgrade to jQuery 3 if you don’t want to be susceptible to this vulnerability. The magnitude of that may seem rather staggering if you consider all the projects across just about everything (WordPress plugins, Drupal modules, etc etc) that bundle the 1.x version of jQuery, and haven’t updated it in years.

While the vulnerability may not be relevant if you are not making cross-domain ajax calls, this is but one risk that has come to light for which there will be no fix. And it’s not exactly reasonable to assume that developers know they need to avoid that if they intend to use jQuery 1.x.

The longer jQuery 1.x sits in your project, the higher a risk it becomes.

As the impending OWASP Top-10 for 2017 says, “Applications and APIs using components with known
vulnerabilities may undermine application defenses and enable various attacks and impacts.”

Long story short: Keep your bundled libraries up to date!

Leave a Comment

WordPress Security from WordCamp Asheville 2016

One of the coolest things about WordCamp is that they post videos of each talk and presentation on WordPress.tv for viewing afterwards. It give you the chance to see all the great presentations you may have missed, or to revisit the ones you attended.

With so many WordCamps happening all over the world, it is a great resource.

My presentation from WordCamp Asheville 2016, titled WordPress Security: Don’t Be a Target, is now live on WordPress.tv.

Leave a Comment