Posts Tagged ‘software design’

Tech Tip: Websites on Github with Jekyll

We have been facing a challenge on how to manage the Styx Technology Group corporate website without having dedicated resources to host, deal with security, updates and maintenance. Having been in the website business for over a decade at the turn of Y2K,  having an easily maintainable solution was key for the long haul.

Enter GitHub pages (https://help.github.com/categories/github-pages-basics/), of course any decent software developer and team are using some form of version control, but the beauty is that it allows projects, users and organisations to have self hosted sites that are managed through a repository.  That in combination with Jekyll (http://jekyllrb.com/) supports content management without a database.

To further speed up our development process, we leveraged existing themes for the website look and feel that were close to our need, while keeping the site design very simple so that we focused on solving the problem at hand.

It was suddenly music to our ears as the team did not have to leave their IDEs (random plug for Jetbrains IDE tool suite that we have standardized upon)  in order to make updates to the website. Just create a new markdown document, verify and push … And bam!! the updates are done, version controlled and all, no more hassles with database configurations …

Need help getting your website up and running in such a fashion do shoot us an email at consulting at styxtechgroup dot com and we shall be happy to help and engage…. Have a great weekend

Advertisements

OpenMRS Module Development Learnings – 102

My team mates and I are completing a number of OpenMRS workshops focused on improving our module development capability. This blog post captures the unwritten lessons that we have picked up as a way of giving back our lessons to help others in the community (and will be moved to the OpenMRS Wiki once the lessons have been internalized and consolidated, as that is its natural home).
The approach is based on the following OpenMRS community articles:
  1. Creating Modules – https://wiki.openmrs.org/display/docs/Creating+Modules
  2. Creating your First Module – https://wiki.openmrs.org/display/docs/Creating+Your+First+Module
As you develop the module it is important to keep testing and verifying whatever you do especially when the module involves user interface components, extending the OpenMRS UI. The process we ended up using was as follows:
  1. Setup a module using the module creation command line utility
  2. Downloaded Spring Loaded from its maven repository http://mvnrepository.com/artifact/org.springframework/springloaded
  3. Downloaded and setup OpenMRS standalone from http://openmrs.org/download/ picking a version greater than 1.11.x which supports debugging options
  4. Once the standalone version is installed, open the openmrs-standalone-runtime.properties and add the following variables to the vm_arguments: (should all be one line – separated here for clarity)
    • -Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000
    • -Dmodule.development.directory={absolute path to root folder of the module}
    • -javaagent:{absolute path to spring loaded jar}
    • -noverify -Dspringloaded=inclusions=org.openmrs.module.modulepackage..* (note the two trailing dots before the *)
  5. Setup newly the module into an IDE (tested with IntelliJ & Eclipse)
  6. Installed a FileSync utility, RemoteSynchronizer for IntelliJ & FileSync (http://andrei.gmxhome.de/filesync/) for Eclipse
  7. Setup sync for the omod webapp folder into the standalone webapp folder located at WEB-INF/view/module/{modulename}
Our development workflow is smoothened out since any changes to Java classes & JSPs are automatically applied & reflected in the standalone app.
Additional Tips and Tricks
  1. Tomcat – Change the following init params in web.xml:
    • modificationTestInterval from 4 to 0, so that JSPs are automatically recompiled
    • development is true (this is the default)
  2. Intellij – the Java classes are not automatically recompiled on saving changes so there is need to run mvn package -DskipTests
  3. Follow the OpenMRS conventions as much as possible by cloning openmrs-core to see how the design of the interfaces, service layers is done. This will help get access to lots of the magic that happens behind the scenes.
  4. Java 8 will give you trouble, stick to 1. 7 as we did not try 1.6 anywhere.

Bringing Security to the heart of Uganda Consumer Applications 

A very welcome addition to Uganda technology scene are the multiple consumer facing apps, from banks, to telecommunication companies to support mobile money services, to parastatals getting closer to their customers. The newest apps that I am aware of include (in no particular order):
  1. Airtel Money
  2. My MTN
  3. NWSC Mobile
  4. NSSF Go
  5. Stanbic Bank Mobile Banking
  6. DFCU Mobile Banking
  7. Bank of Africa Mobile Wallet (BMW)
  8. Ask URA
On one hand, this is a very welcome addition to address the increasing sophistication of the Ugandan urban consumer who demands more from the corporations. However a worrying trend which needs to be addressed is the security of these applications, in collecting and managing user information. I have taken to social media to ask for more information on the security setup for these apps, but have never gotten a response.
This is hoping to the regulators, Bank of Uganda, Uganda Communications Commission and NITAU (at the moment) to provide a united front to ensure that the following areas are addressed:
  1. Excess permissions, one app wanted to access my contacts, SMS messages, WIFI, phone identity yet was not a banking app
  2. Encryption of data stored on the phone to ensure that if the phone is separated from the owner the data is safe
  3. Secure connections for communication with external servers – via HTTPS and SSL
  4. Security audits of back end infrastructure following ISO and COBIT standards (http://www.isaca.org/Journal/archives/2002/Volume-6/Pages/A-Survey-of-Application-Security-in-Current-International-Standards.aspx)
  5. Penetration, stress and load testing to ensure that aside from
  6. Software development practices that include OWASP top 10 Proactive Controls for software developers https://www.owasp.org/index.php/OWASP_Proactive_Controls
What else do you see being done to improve the security of our consumer facing applications
%d bloggers like this: