Blog of an Open Mind

Excellent thread I found today on the benefits of both Limited companies and sole traders. I see so many people jumping in head first into forming a company without first considering the implications…

Recently news surfaced that one of our main competitors, EKM powershop, have had to dramatically change the way their software works as it was revealed during a PCI audit that some store owners had been storing sensitive credit card information within their store database and then not removing the data after it had been processed via an offline terminal.

Now for quite some time Visa and Mastercard have been pushing the regulatory standards behind PCI compliance for the simple reason it is there to protect cardholder data from fraud and misuse.  In addition, it has been the case for a long while that storing the full card details including the CV2 code for longer than is necessary to complete the transaction was a practice to be avoided at all costs.

The net result of the EKM powershop audit was that their own proprietary gatway allowed store owners to obtain card details and then process the transaction offline through a terminal. They also advised customers to immediately delete card details after they had been processed.

Now there are two separate issues at play here…

Firstly the very fact that the software allowed card details to be stored in the first place is not a great practice to follow.  EKM powershop are not alone in this scenario as there are a number of eCommerce software packages out there which allow store owners to do this.  The crux of the matter is that the practice renders the software users in possible breach of PCI guidelines.

Secondly EKM powershop had to act swiftly to remove this gateway as it had transpired that certain customers were not removing card details after they had been processed.  This is in breach of the PCI guidelines and these merchants were leaving themselves open to fines and possible withdrawal of their merchant service.

Personally I feel that the store owners have been cut a raw deal here. The fact that the software allowed them to store card information in the first place simply should not have been available as an option.  Granted that the merchants were putting themselves in the firing line by not deleting the card details but software vendors such as EKM powershop and ourselves have a responsibility to their users that the software does the job required without raising possible security issues. There has obviously been a failure here…

For the record, our eCommerce software does not nor ever will store any kind of card information within its database or files.  This is simply to protect the cardholder and the store owner from this type of situation. With all this in mind I am willing to make the following offer to any EKM powershop store owner affected by this issue.,..

If you are considering changing to an alternative software provider I am willing to offer a 20% discount on our license fees and design services plus import as much data as possible from your current EKM powershop store.

If anyone wishes to take up this offer I will need clear tangible evidence that you are an EKM powershop store owner. For more information or to claim the discount voucher, please contact us through our support help desk

I don’t normally do this with competitors but on this occasion I personally feel the situation is quite shocking and a lot of people have been let down for a variety of reasons hence the offer of support…

Phil Williams
MD - Open Mind Commerce

Open Minded Solutions Limited are currently in negotiations with a leading UK merchant account & payment gateway provider to supply our eCommerce software to their merchants. At this stage it is anticipated that negotiations will be complete by late June.

Now a new partnership of this size does bring a new set of challenges to an existing, thriving business such as ourselves and a primary area of those challenges is exceeding customer expectations through an unrivalled level of customer support to new and existing clients.

We are therefore seeking tentative applications for a new position that will be based in our Edinburgh office.

The Position
The ideal candidate for this new and exciting position will be an individual who is passionate about providing an extreme level of support to clients in a manner that would exceed expectations. From a technical perspective they will also have:

• A strong working knowledge of Windows and Linux web hosting platforms
• Experience with troubleshooting and resolving network related issues, DNS, FTP, IIS and Apache platforms
• Experience of the technicalities of domain name registration and transfers, SSL certificate provisioning and PCI compliance testing.
• A background of providing superb customer service in an environment containing a mixture of businesses from small SMEs through to multi-million pound corporate clients
• A working knowledge of various server side scripting languages such as ColdFusion MX, PHP, ASP and .NET
• Although a wide programming knowledge is beneficial, the ideal candidate will have a strong background in developing and maintaining ColdFusion MX applications
• Be based in Edinburgh or the surrounding area as they will be required to work from our offices based in Edinburgh South.

The Benefits
Aside from working with an established and rapidly growing company, the chosen candidate can expect:

• An excellent starting salary based on background and experience
• Performance related bonus scheme (after qualifying period)
• Profit sharing scheme (after qualifying period)
• Sick pay and holiday entitlement
• A very friendly and exciting working environment
• Joining the company at ground level but with unlimited opportunity to grow all the way through to director level

At this stage the position is tentative but should negotiations be successful it is anticipated the position will be available from late July 2009.

So does this sound like you? If so please forward a detailed CV of your background and experience to Phil Williams at contact <at> openmindedsolutions.co.uk and we will contact you in due course.

This one had me totally stumped for a couple of hours…

OK I’d setup a VPN server on Windows Server 2003 Web Edition which is something I’ve done before a number of times using RRAS (Remote Routing and Access Services), set my VPN user up and allowed them access to the server…

Went to the client computer, set the VPN connection up and tested. Bingo, connects straight away, I could map the drives etc all without a problem…

Now I then setup a second user on the VPN server for access and setup a separate computer to connect to it.

Erm… No dice. I kept getting a vague 651 or 800 error message being sent back which indicated that I couldn’t connect to the server.

I found then that if I disconnected the first client and tried connecting with the second client all was hunky dory so it was only allowing one connection at a time. After several hours googling and a chat with the data centre we established something that I (nor they) had come across before in that Windows Server 2003 web edition only allows one incoming VPN connection! The solution is to upgrade to Standard edition when the limit is raised to 1,000….

This little nugget of info is buried deep amongst the tech notes and is not really the first place you would check.

Now had I got an error along the lines of “Error code: xxx. You can only have one VPN connection to Windows Server 2003 Web Edition (you dumbass)” that would have been more helpful! Ok lose the dumbass bit but at least it would have been entertaining…

Vague error messages and response codes seem to be the hallmark of Microsoft at times so hopefully this post will help someone else out.

Came across this on another blog and I have to say that the future according to Microsoft looks superb…

Had a minor issue today from a client using Open Mind Commerce that took a bit of time to track down and solve but the solution was quite simple so I thought I would share…

Open Mind Commerce uses ISAPI Rewrite to produce search engine sexy (I don’t like the word safe) URLs so www.domain.com/store/d1-my-department/ is rewritten server side so the template actually executes www.domain.com/store.cfm?deptid=1

Now this works great until the client changes the URL structure in their settings which although a great feature for setting the actual URL can lead to duplicate content in the SEs.

I had to find a way to look at the URL before it was rewritten, compare this to the real URL in the database and then redirect if it was different.

Enter CGI.HTTP_X_REWRITE_URL

This variable supplies you with the raw URL before it is rewritten server side, bonza! So pseudo code time…

<cfif cgi.HTTP_X_REWRITE_URL NEQ "my stored URL">
<cfheader statuscode="301" statustext="Moved permanently">
</cfheader>
<cfheader name="Location" value="http://www.new-url-indatabase.com">
</cfheader>
</cfif>

All we are doing here is comparing the incoming rewritten url with the one that should be in use (from our database) and then using the cfheader command to do a 301 redirect. The result? No more dupes…

1. Your last name stays put.
2. The garage is all yours.
3. You can never be pregnant.
4. You can wear a white T-shirt to a water park.
5. You can wear NO shirt to a water park..
6. Car mechanics tell you the truth.
7. The world is your urinal.
8. You don’t have to stop and think of which way to turn a nut on a bolt.
9. Same work, more pay.
10. Wrinkles add character.
11. Wedding dress £2000. Morning-suit rental-£100..
12. People never stare at your chest when you’re talking to them.
13. The occasional well-rendered belch is practically expected.
14. New shoes don’t cut, blister, or mangle your feet.
15. One mood all the time..
16. Phone conversations are over in 30 seconds flat.
17. A five-day holiday requires only one suitcase.
18. You can open all your own jars.
19. You get extra credit for the slightest act of thoughtfulness.
20. If someone forgets to invite you, he or she can still be your friend.
21. Your underwear is £4.95 for a three-pack.
22. Three pairs of shoes are more than enough.
23. You almost never have strap problems in public.
24. You are unable to see wrinkles in your clothes.
25. Everything on your face stays its original colour.
26. The same hairstyle lasts for years, maybe decades.
27. You only have to shave your face and neck.
28. One wallet and one pair of shoes one colour for all seasons.
29. You can wear shorts no matter how your legs look.
30. You have freedom of choice concerning growing a moustache..
31. No wonder men are happier.

The amazing sleep walking dog

Ever noticed how in some sites when a non-full width design is used, the design jumps slightly when the page is shorter than the full screen? This is because in Firefox, the vertical scrollbar tucks itself away when it is not needed i.e. the page is shorter than the screen display. This doesn’t happen in IE.

The result is a s lightly jarring effect but luckily there is a simple fix…

In your CSS statements, either in your style sheet or in the HEAD section of the page, add the statement:

html {height:100%;margin-bottom:1px;}

What this basically does is fool the browser into thinking that the page is filling the screen vertically so it will show the scroll bar. The result is that the design no longer shifts as the vertical scrollbar is always displayed.

In the words of the tic-tac advert, neat huh?

Now any sysadmin know that MS SQL server can generate whopper log files for the databases especially if there are a large number of transactions taking place. It’s simple enough to shrink the logs periodically but I wanted to find a way to safely automate this.

A quick Google turned up this very informative post by Roni Schuetz. In essence it will loop through all of the DB logs and shrink them back to “normal” size:

CREATE TABLE #TDatabases(
DBName nvarchar(128),
DBLogicalName nvarchar(128)
)
INSERT INTO #TDatabases
SELECT db.name DBName, mf.name DBLogicalName
FROM sys.databases db join sys.master_files mf
on db.database_id = mf.database_id
WHERE db.name not in ('master', 'tempdb', 'model', 'msdb',
'distribution') AND type_desc LIKE 'log'

SELECT top 1 @VarDBName = DBName, @VarDBLogicalName = DBLogicalName
FROM #TDatabases
SET @VarRowCount = @@rowcount
WHILE @VarRowCount <> 0
BEGIN
EXEC(’ use ‘ + @VarDBName + ‘ backup log ‘+ @VarDBName + ‘ with no_log
dbcc shrinkfile(”’ + @VarDBLogicalName + ”’, TRUNCATEONLY) WITH
NO_INFOMSGS’)
DELETE
FROM #TDatabases
WHERE DBName = @VarDBName
SELECT top 1 @VarDBName = DBName, @VarDBLogicalName =
DBLogicalName
FROM #TDatabases
SET @VarRowCount = @@ROWCOUNT
END
DROP TABLE #TDatabases
SET NOCOUNT OFF

Now you can also automate this process by savin the above script into a SQL file and then creating a BAT file to run this command:

osql -E -i shrinkalldatabases.sql -o result.txt

where shinkalldatabases.sql is the above SQL script.

Set it to run once a week and Bob’s your Uncle. And yes I do have an Uncle Bob…