Overlooking Web Accessibility

October 15, 2019Web Application DevelopmentADA Compliance, Web AccessibilityAshakiran Mohanta

The Internet is an ever-increasing storehouse of knowledge. The web and the internet as a whole serve as an important resource in many aspects of our lives: education, employment, recreation, commerce and more. Web Accessibility simply means that the web is to be made accessible to everyone. And that includes people with special abilities too – an aspect generally overlooked in haste.

The concept of Web Accessibility has been around for a decade, but it is unfortunate that true meaning in its entirety has been lost on many of us, the web developers. It’s time that we built ramps to our sites so that it benefits not only people with disabilities but also enhances the experience of all types of users as a whole.

……………………………………………………………………………………………………

Let’s see some examples: When you are watching a video in a noisy environment and cannot perceive the audio correctly. Without being able to hear the audio, you have to guess what the whole video is about. It can be frustrating, right?

Let’s take another one: If you have broken your arm in an accident and can’t use the mouse to explore the web. You have to remain cut off from the internet until you recover. Or find ways to manage to access it with difficulty, mostly through pain, or be at the mercy of people who would spare some time to assist you.

There are people out there who face these challenges at every instance of their attempts to access the Web. The true essence of Web Accessibility lies in addressing such concerns and ensuring that the Web is accessible by all, without any discretion.

The World Wide Web Consortium(W3C) published a set of guidelines, Web Content Accessibility Guidelines or WCAG 1.0 in 1999, as an initiative to the Web Accessibility Initiative(WAI) project. The revised version, WCAG 2.0 was published in 2008, which is more technology-neutral, and therefore, is widely accepted by the developers to make their site more accessible.

It may seem like a huge task to accomplish at first, but in reality, it takes only small steps to make your website accessible to all. Steps that should be undertaken are

Using alternative texts, and descriptions for the images.
Adding subtitles and transcripts for videos.
Ensuring that your site is fully and equally accessible by the keyboard.
Making use of the Accessible Rich Internet Tags (ARIA) tags.
Having a good color contrast.

These are some tools which can help to make your website more accessible:

WAVE by WebAIM
Accessibility Developer Tools by Google Accessibility
Some plugins like: WP Accessibility and Accessibility by Userway

So, let’s look at the bigger picture and start taking the necessary steps towards building a platform that is more accessible and more usable, and fulfill our responsibilities as web developers. It’s high time we focused on the masses who might be unable to access the internet just like normal people can. The onus lies with us to take individual responsibility of the same and spread the awareness to others. The realization that mere oversight or negligence on our part can be the source of much trouble for others should guard us against it.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions.

Spread the love

Is Robotic Process Automation changing the Test Automation Game?

September 12, 2019Automation Testing Tools, IT Outsourcing, Software QA TestingRobotic Process AutomationNavneet Kaur Mahal

RPA has taken the IT world by storm. I won’t say that it is the newest thing in business because it has been there around for about 10 years now. But now is the time when it is spreading like wildfire. More and more companies want to adopt it.

To set the context, let’s look at how AI has broken all the barriers of our imagination. I bet that a few years ago when we used to see robots in movies, we would think that they are just part of our imagination or even if we considered them to become reality someday, we always thought that the day to be many years away. But what we never imagined was that technology will progress so much so soon. Today Artificial intelligence is making machines more and more human-like. They want machines to not only follow our instructions but to think, and possibly also to exhibit emotions. It is almost like humans want to assemble humans in labs. No wonder then that a robot named Sophia was very recently even given citizenship of Saudi Arabia.

Now going back to Robotic Process Automation. Going just by the words, it seems like Robots automating processes. The catch, however, is that that when we say Robot, we don’t mean an actual physical robot, but a virtual one – the automation program.

……………………………………………………………………………………………………

What’s the big deal about RPA in Software Test Automation?

Many could argue that in traditional Automation also we were creating automation programs. So what is all the hype about?

The key distinctions according to me are :

It is script less: Coming from a Manual testing background it was always a challenge for me to always keep learning the latest scripting languages but now I don’t need to learn any programming language to automate a test scenario. You just need to be good with your logics and should be able to think out of the box scenarios.

Focus is back to product quality: I am not saying that in Traditional automation the product quality was getting hampered, But in my own experience I feel that when I was working on Automation via scripts, most of my time was getting consumed in writing code and at the end of the day, only very few scenarios were automated, and I was not able to cover as much scenario and I didn’t have the time to dive into variety of scenario. So I feel that out of two 1 thing was always getting compromised either the Coverage or the deadline. But with RPA tool this problem of mine has been resolved to a great extent.

……………………………………………………………………………………………………

How things work when Automating Test cases with RPA

There are many RPA tools available in the market like UI Path, Automation Anywhere, Blue Prism and many more. You can use any (FYI: I am not promoting any specific tool).

There are few basic criteria on which all the RPA tools are based on:

Already defined user actions: Most of the user actions that one can think of while automating a test case like the click of a button, mouse hover, opening browser, typing into a text box and many more, they are already defined and the user doesn’t have to code.
Built-in decision logics and looping statements: The best part about using RPA tool for creating scripts was, I didn’t have to worry about the syntax of my decision logic and adding loops, for example, do-while, for, etc. They are built-in and I just needed to use them.
Configuring of user events through Parameters: Every user action or event that we use can be easily configured using its parameters. Almost every property of a user event is made available so as it can be customized as much and as easily as possible.
Easy to create variables: RPA tools make it very easy to create a variable without stressing upon the syntax.
Error handling: If there is an error that occurs while configuring the user events or in the full flow, RPA tools have very good error handling mechanism. It helps the user to narrow down the area of error and also gives very clear and specific error messages making it very convenient for the user to correct the error.

……………………………………………………………………………………………………

What RPA has changed in my Automation Testing approach?

So as I said above, for me RPA has put the focus back to thinking about logic, covering some out of the box test scenarios, rather than spending hours just automating the basic functionality.
RPA has improved my testing coverage also, as I am able to cover number and different types of scenarios.
Thanks to RPA, I am able to automate the test scenarios faster as I don’t have to write every single line of code on my own.
Another advantage of using an RPA tool is, I face less number of errors while automating a test case. As in RPA tool, they have built-in codes for most of the logics and I just have to make sure that I use them in correct flow.
With RPA tool, I was able to manage my scripts much easily as most of the times it just making tweaking into the properties of the built-in user actions.
Also when I create my scripts using RPA tool, they are more easily readable and I am able to explain them to another person in a better way
Being from a manual testing background, it was always a big challenge for me to always keep on learning the latest scripting languages but now I don’t have to invest my time learning the coding languages.
I can invest my mind in more decision making tasks rather than some boring and repetitive tasks that can be done by machines also.

Now, when I extract the essence of all the benefits, the bigger picture that I get is RPA helps to increase Test Automation Coverage, reduces the time required, hence reducing in the process the cost of Testing and in turn increasing the Company’s profit.

……………………………………………………………………………………………………

Having said that, I did face some challenges while automating test scripts with RPA tool

1) I was not able to automate everything
Having worked with different scripting automation tools, I feel that there are some scenarios which I can’t achieve using RPA tools like I am not able to automate scenario which deals with complex Database entries, multiple formats of input or unstructured input data.

2) It executes at a slower pace
When I execute a script created via any RPA tool it executes at a UI speed but when I run a script created using scripting languages, it is much faster. So I feel that RPA is comparatively slower than the processes automated using traditional automation.

3) Not much available on Web, so need to explore yourself
Test Automation using RPA is relatively new. So there are many built-in user actions and functionalities of different tools that you have to explore on your own and not much help is available on the web. So that was also one of the challenges that I faced.

4) It can increase a company’s Test Automation cost
When I started automation using RPA, most of the RPA tools that I came across were paid and just 1 or 2 had free versions available and that too had not much-advanced features contrary to the open-source scripting tools available in the market. So I feel that this can also prove to be a disadvantage as it will increase the cost of Automation for a company.

But I feel that the pros somewhere outnumber the cons and the proof of this is that more and more companies are investing in Test Automation using RPA. So in my opinion, if you are the one who wants to adopt RPA in Test Automation, then the time to act is now.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions.

Spread the love

Getting started with AWS Lambda

August 19, 2019Web Application Developmentsambits

AWS Lambda is an ingredient in amazon serverless computing. Lambda allows us to run server-side code without thinking about the server. It abstracts all of the other components i.e. servers, platforms, virtual machines, etc. that are needed to run server-side code. So we can just focus on the code and not the server. That way the time to production or deployment becomes very less. We can write a lambda function, configure it and run it in minutes.

Another great benefit of lambda is that we just pay for the compute time we consume. That means it will charge only for the time that our code is actually executed. Also, the first one million requests are free. We have to pay for request thereafter. This a very cost-effective way to run the server-side code. To get started first we need an AWS account. After creating the account we need to go to the AWS management console.

……………………………………………………………………………………………………

Create a Lambda function with Node.js

Let’s create a lambda function that picks a random number between 2 given number. First of all, login into the AWS console and then click the “Lambda” button under the compute section. Then you can come to the “Select blueprint” section. Then, under the select runtime combo box, select the latest node.js version. Amazon gives you some basic blueprints there. We will just select the simple hello world function to start with.

We will skip to the configure function section to create a new function. We will name our function random-number-generator. Then specify the description. Then the run time that is node 4.3. Our function is a small function so we will select to Edit code inline. The blueprint of amazon gives a very basic function.

We will change this default code to generate our random number between two given numbers.

In the beginning, just add console.log(‘Loading function’). This will help in debugging the code.’ In the default amazon function, there are some event values that are logged and in the end, it returns the first value in the callback function. Then we will add a handler function to the exports variable. And this function receives 3 variables. I.e. event, context, and callback.

exports.handler = (event, context, callback) => {
            console.log(‘value 1 =’ , event.key1);
            console.log(‘value 2 =’ , event.key2);
            console.log(‘value 3 =’ , event.key3);
            callback(null, event.key1)
}

The callback is something we will call when our result is ready and we want to send some result back to the user. It takes 2 parameters. 1st one is the error and the second one is the success message. The variables could be string or JSON object.

We will delete all these default codes and write our own code. So, first of all, we will define and set the minimum and maximum number.

exports.handler = (event, context, callback) => {
let min = 0;
let max = 10;
}

Now we will define another variable for the random number.

exports.handler = (event, context, callback) => {
let min = 0;
let max = 10;
let generatedNumber = Math.floor(Math.random() * max) + min;
}

Mmath.random() generates a random number between 0 and 1. And it’s a floating-point number, so we multiplying it by max and the round it and add the minimum. That gives us a random number between the minimum and maximum number.

Now we are done and want to return the random number. So we will call the callback function.

callback(null, generatedNumber);

Here there is no error handler implemented so we will just return null in place of the error parameter. And the generatedNumber.

That’s it, the code part is done.

Now scroll down. And let’s define our handler. The default is index.handler. Index refers to the filename and handler is the name of the variable that is attached to the exports. We will leave this by default.

Now, we will create a new Role and give the role name as ‘basic-lambda-execute-role’. Then under the policy template, we will select ‘Simple Microservice Permissions’.

Next is the advanced settings.

Each lambda function will run in a container & that container will have some memory allocated to it. So here we can pick how much memory should be allocated to our function. Our function is a basic function. So will select 128MB. That is more than enough for our function.

This does not only defines the memory allocated to the function but also the amount of processing power amazon uses to execute our function. If we have a more resource-intensive function then we can increase the memory usage and we will get a faster performing function. Then for the timeout, we will leave it to 3 secs that is enough. If our function does not finish within this timeout then Amazon will return an error message. We will leave the VPC to no VPS and move next. In the next page, amazon lets us review our configuration for our function. And then click the create function. There we will get the msg that our function is created. And we can see the dashboard for our function.

On the dashboard we can see our code, configuration, triggers, and also we can monitor our function as well

Let’s test it by clicking the Test button there. If we scroll down we can find that the function has executed successfully and also we can see the result random number.

So that’s it. We have our random number generator lambda function is running now.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions.

Spread the love

What is a HABIT?

July 9, 2019ThoughtsLifehacksPankaj Chanana

The easy definition would be something that you do daily without being forced or pushed. For e.g. as simple as brushing your teeth. But do you remember how tough it was when you were a small kid and learning to develop this habit, am sure that is not even a matter of thinking today.

Another good and simple example of a HABIT is cycling. Remember when you started cycling/biking the first day! That feeling of imbalance, falling off or getting hit with no hand-eye coordination and then slowly and steadily you become the cyclist in your neighborhood doing all kinds of stunts.

There are many such examples that happen in our daily lives where the beginning looked as difficult as climbing the Everest may be, but as you start taking those steps forward, it becomes simpler and later a maybe even a “cake-walk” to perform those.

……………………………………………………………………………………………………

Why I am talking about HABIT? Because as we grow older and get into our daily chores, we forget to adapt to new habits or develop new changes or even attempt to do something new, simply because we feel that we do not have the time, there’s always too much work in the plate, professional or personal. Whenever you think of doing something new, you always push it to a later date convincing ourselves that we will do it when we have the time for it.

My friend where is that time?…the fact of the matter is NOW is the time.

Remember, everyone has 24hrs in a day and utilizing the same, some became people like the Tendulkars, the Steve Jobs and the Bill Gates to name a few, and many are still searching for that time to begin.

Here I present the new definition of H.A.B.I.T – “[H]aving [A]bility [B]uild [I]ntense [T]ricks” – obviously this is not mine, taken up from the internet, but it very well fits our bill here.

What does it take to build a habit? Answer is “decision” and then taking “action” in the form of small steps daily at the same time every day for the next 21 days (an idea introduced by Dr. Maxwell Maltz ), but I will suggest, if you can do that for 1-Day and then repeat the same for the next 30 days, trust me you will be rolling. But the trick is it has to be continuous, if you break for 1-Day then the cycle has to begin again from Day 1 🙂 that is why its Intense Tricks ;).

So, go out and pick up that Guitar which is hanging in your bedroom and staring at you or start reading that new Tech Area or Buzz Word on which you always wanted to get your hands on and just do it for 1-Day and then repeat the same cycle for next 30-Days.

The exception is, there are still no guarantees of success. It all depends from person to person and on his or her burning desire to make something work. But it is much better than not having tried at all, isn’t it? Roger Bannister was the first man to run a mile in less than 4 minutes. It was his persistence and practice that enabled him to cross what had otherwise seemed like a barrier meant to stay forever until then.

Do put your comments, if you really got into a habit 🙂

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions.

Spread the love

How Bitcoin Solves the Double-Spending Problem?

June 10, 2019Fintech, ThoughtsBitcoin, BlockChain, Double Spending, UTXOB.Vinoth Raj

Many of us probably already have heard of Bitcoin. We know what innovation it has brought into this world – the blockchain technology. As of this writing, it has been almost a decade since its inception and it has long thrived without any central control over the network.

Bitcoin, a peer-to-peer electronic cash system, has inspired many other projects and can be seen as a pioneer of the underpinning blockchain technology. That said, it would be worth exploring how Bitcoin solves the double-spending problem. Instead of delving into theoretical exposition we will experience a transaction process in this pioneering innovation. We will be making a transaction on a real network and analyzing what a Bitcoin transaction looks like. A transaction in the Bitcoin network is a bit complex than a conventional digital transaction.

……………………………………………………………………………………………………

Comparison with Fiat Currency Transaction

In a transaction that involves currency notes, we can easily envisage two parties exchanging some goods or services in exchange for the money. One party receives the goods/services and the party pays in currency notes. Let us say the transaction was costing $50 and the payer has $100 currency note. The payer would pay $100 and would receive in change $50 (as shown below). Both the currency notes are legal tender that is supplied by a central bank. A Bitcoin transaction also involves paying and may too involve receiving back change and in this respect is quite similar to our day-to-day transaction.

Comparison with Conventional Digital Transaction

A conventional digital transaction, say the online transfer of money, involves two parties and a mediator (the bank). So, there is a “From address” (A/C No.), a “To address” (A/C No.) and the amount (value transfer). There is no concept of change in a conventional digital transaction. If you want to transfer $1050 then you can transfer the exact amount and this is a mere process of debiting from sender’s account and crediting to the receiver’s account with the help of the mediator who validates the transaction. However, a Bitcoin transaction may involve multiple From addresses and multiple To addresses without any mediator. We will explore how this is possible.

As it is with any traditional transaction, ours will have the following attributes: a “From entity”, a “To entity” and the value to transfer. Let us send an amount of 0.1 BTC to a Bitcoin user as follows:

From: n2FSwa6DsMsbJgNknB64ThR3pHPUQ79bxL
To: msqdPeF7KeEqcWUNAFMm8JQijVB3cnLi4N

Amount: 0.1 BTC

The transaction has been done and the transaction details can be seen here

Now, what looks legitimate is the From address (left) and the one of the To addresses with 0.1 BTC sent. However, two things look contradictory. Firstly, we sent 0.1 BTC but it says 1.0 BTC being transferred. Secondly, there is one more To address to which some amount has been sent.

Is something wrong with this transaction? Not really! You can check the above transaction in block explorer and verify yourself that it is indeed the same transaction. But this is the way Bitcoin works. Let us explore.

What is a Bitcoin Transaction made up of?

A transaction in Bitcoin consists of inputs and outputs. The input is like a “From address” which is in Bitcoin terms an unspent transaction output. When you want to make a transaction you will always spend an unspent transaction output as a whole. That said, you end up paying the entire amount. However, you receive the remaining amount in a different address called change address. This change address is your own address where you collect the change, which in turn is an unspent transaction output. This is quite common in Bitcoin transactions. For instance, someone sent you 1.0 BTC. Now you want to send 0.5 BTC to your friend. You cannot break the 1.0 BTC but you will spend the entire 1.0 BTC in a transaction and get the change in your change address.

Transaction Fee

Back to our transaction. Now, let us verify that the amount in input and outputs are balanced. So, 1 BTC – (0.1 BTC + 0.89432145 BTC) should be 0. But it turns out to be 0.00567855. So, where did this amount go?

Well, this is the transaction fee that is paid to the miner who helped you in validating the transaction, adding it into a block, mining the block, and broadcasting to the network. The miner is given this amount as a mining fee for the work he has done.

The mining fee is charged in satoshi per byte. Our transaction has a size of 225 bytes and we were charged 2523.8 satoshi per byte. So, 2523.8 x 225 = 0.00567855 BTC.

The Concept of UTXO

Note that the two outputs here are mentioned as “unspent”. This is how bitcoin keeps track of balances. The sum of all unspent transaction outputs is what constitutes your balance. Bitcoin network does not have any database or global state of balance amount rather it uses the concept of UTXO.

So, how is a UTXO represented in the bitcoin protocol? Perhaps in the bitcoin protocol, there is no concept of “From address”. Yes, there is no concept of From address in Bitcoin. The Bitcoin addresses are used to receive payments. A transaction in Bitcoin never encodes a From address but only has a reference to a previous unspent transaction output. That said, the input of a Bitcoin address is actually a previous unspent output. Bitcoin refers to a previous unspent transaction output using a combination of transaction ID (or transaction hash) and an index. Once an unspent transaction is spent you cannot spend it again and thus prevent the double spending.

A Transaction with Multiple Inputs

So, how will a Bitcoin user transact an amount for which he has no unspent transaction output equal to or above that value? Say, a user wants to transfer 5 bitcoins but none of his unspent transaction output has that much amount although the user has multiple unspent transactions that add up to a value greater than 5. Bitcoin allows you to combine unspent transaction outputs. A transaction with multiple inputs would sound new to a person doing a conventional digital transaction. This is because a conventional digital transaction always has only one sender (or From address). Let us analyze a bitcoin transaction with multiple inputs. In this case, the Bitcoin user wants to send 1.02 bitcoins but he has no unspent transaction outputs of that value. So, the user combines two inputs and then transacts (see below).

The above transaction (ac194c19201a20cdd26bbb8d696588370c06261148fd20a96b3330b0bcb03207 ) has two inputs and two outputs and it is absolutely a valid transaction in Bitcoin. The total amount of BTC of these two inputs, which is 1.04997424 BTC, is sufficient to send a transaction of 1.02 BTC. And the remaining value has been collected in a change address with 0.02997013 BTC.

……………………………………………………………………………………………………

How are transactions validated in Bitcoin?

Let us take an example of a transaction that involves one input and one output (as below). Here, the input is a reference to a previous unspent transaction at index 0. The previous transaction is referred by a transaction hash: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6
The output sends 50 bitcoins to a bitcoin address. When the recipient wants to spend this 50 bitcoin he will reference output 0 of this transaction as an input of his own transaction.

Input:

Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6
Index: 0
scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d10

90db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6b241501

Output:

Value: 5000000000

scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d

OP_EQUALVERIFY OP_CHECKSIG

Bitcoin uses a scripting system to verify a transaction. There are two script components that can be seen in the above transaction: scriptPubKey and scriptSig. So, the scriptSig refers to the sender’s signature and the public key. The scriptPubKey is the script that will be evaluated using bitcoin protocol and if the execution of the script returns true then the transaction is valid.

scriptSig: <sig> <pubKey>
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

Let us see how this script is executed on the stack:

Step 1: Combine scriptSig and scriptPubKey in that order
Step 2: Push <sig> and <pubKey> to stack
Step 3: Execute the operation OP_DUP which will duplicate top item, which is <pubKey>
Step 4: Execute the operation OP_HASH160 which will create hash of the <pubKey> and this hash will be pushed to the stack.
Step 5: Execute the operation OP_EQUALVERIFY to ensure the hash generated matches with the <pubKeyHash>
Step 6: Execute the operation OP_CHECKSIG for the two hashes on the stack.

In summary, a Bitcoin transaction involves one or more inputs and one or more outputs, has no concept of From addresses in its protocol, uses a concept of unspent transaction output, and verifies the transaction using a scripting architecture.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions.

Spread the love

Integrating Multiple Accounting Tools for Information Exchange

May 20, 2019Web Application DevelopmentAccounting Tools Integration, Fintech SolutionsShrikant Dhar Dwivedi

This article will be helpful for those developers who are trying to integrate multiple accounting tools with a custom web or desktop application; with the accounting tool database exposed either using ODBC/JDBC or APIs.

The solution was explored when I worked in a project where there was a need to automate the data transmission (bi-directional) between different accounting tools (like Adagio, QB Desktop and Online version, etc.) interfacing with a central database. And make it possible for devices (like iPhone) to transmit data to the central database and subsequently to the accounting tools. In a nutshell, the main application, devices and multiple accounting tools needed to be in sync all the time/whenever required.

……………………………………………………………………………………………………

The Solution

The major features that were provided/implemented:

Connector: it acts as a bridge between web API and desktop/online accounting tool.
Data transmission between different entities using customized XML
Logging request and response on each event with a different status
The parser in the background (it basically parses the data from XML and maps it with the database)
Common database structure to handle request and response for different tools

Following diagram shows the flow and integrations process-:

Here, the user has the freedom to use different custom applications based on need. For e.g. in some cases where the API is exposed to the outside world for web accounting tools, we can merge the request-and-response processes in one place along with the parsing of data.

#1 Window Service

It is being used for parsing data coming internally from accounting tool in a specified format. Here, the approach can change as per need because sometimes the customer doesn’t want to put extra load on the server; then we can do it at the same level (i.e. in the request-and-response process).

#2 Web Service/Web API

It is used for running the connector. Actually, the connector will act as a bridge between the accounting tools and the central database.

#3 Main web or window application-

Here we need to have one page which will facilitate the user to generate requests in specified formats (XML or JSON) for required entities (like retrieving customer data or adding a new customer in the Accounting tool).

#4 Accounting tool

Accounting tool which exposes database/API to the outside world. Nowadays most of the applications have shared API or database to the outside world for integration with other applications.

The diagram below describes the data flow between different applications in a stepwise manner:

……………………………………………………………………………………………………

Error handling and Logs

Since accounting tools are being used here, it means there are bound to be information pertaining to the flow of money involving different vendors and stakeholders. This section thus holds a lot of relevance. The provision for logging is done either in the database or somewhere else on the disk. Since there different levels and sublevels like web service/API for connector has 4 important sublevels (Authenticate(), SendRequest(), ReceivedResponse() and CloseConnection() ), it is highly relevant to know at every step exactly what data got processed. Also, the availability of results opens up the provision for performing analyses later, whenever needed. Logging makes it possible to handle internal errors as well.

Security Handling

The whole solution should follow the security rules as per the industry norms like SSL implementations for all web-based calls, Cryptographic methodology (wherever required), AntiForgery checks once session established, etc.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions.

Spread the love

The Trick of Designing User Interfaces that Slay!

May 1, 2019User Centric DesignDesign Thinking, Design User Interface, HCI, UI/UX, User ExperienceNitin Chary

Very often at work, I used to get bombarded with user-interface related questions. Some of those would be ones I would be hunting tangible answers for myself. Typical ones would be:

“Does this website look good?”
“Which interface looks better?”
“Should I place the button to the left or to the right?”
“Do I keep the logo Green or Red?”

Now, the problem every time was the expectation to offer perfect answers, along with supporting reasons. Although my intuition helped me get through on a few, the part I would struggle most was in offering convincing reasons to support my answers. I felt my supposed intuition had some underlying logic and concepts but I needed to reify those. I needed to have constructs that I could use to easily judge any Design, be it a web page, mobile application UI or even a poster.

What followed was a lot of google search, expert advice seeking and directionless research. Finally, I came across a course based on Design Thinking which paved the way to a whole new perspective of looking at any design.

I now use a personal knowledge kit, heuristics of sorts, that I have been able to develop, courtesy this course, which helps me analyze any User Interface. If you are facing similar problems, this blog should be of help. So here are the points:

……………………………………………………………………………………………………

1. Evaluate your Work

Before making an Interface public, make an evaluation yourself by asking these questions:

How easily can someone

Determine the function of the system and possibilities?
Determine the mapping from the intention of the user to actual operation?
Perform the action?
Tell the state of the system? Tell if the desired action has been completed or not?
Determine the mapping from the state in which the system is into what the user understands?

If all the questions have already been addressed in your design, then you’re good to go. If not, then you need to enhance one or some of the aspects listed below to make the User Interface better i.e. providing

Visibility and Feedback
Consistency
Non-destructive operations (undo)
Discoverability (menus)
Reliability
And events should not happen randomly

All these points sum up to nothing but an implementation of the following statement
“Immediate feedback on actions AND Continuous representations of objects” – This is what lies at the core of the best designs that are made.

2. Understanding Mental Models

Even before a user starts performing an action, a mental image is formed in the user’s mind which depicts the user’s understanding of the Interface, which is called the Mental model. Very often a user thinks something and the system does something else, which leads to this gap between the mental model of the user and the designer.

This can be overcome by experimenting with multiple beta users and analyzing how your interface performs. Additionally, through our Interface, we can provide a good idea of how each object works and how to control it leading to the Interface itself disclosing how it is used.

3. Representation Matters

This lays emphasis on just one thing – What to show and What not to.
Representation plays a significant role in simplifying or complicating matters, and so, a Good Representation shows all of the relevant information, and nothing else.

Use pictures where words seem monotonous. As the saying goes, ‘A picture is worth a 1000 words’, the same principle can be used to build great interfaces. It takes time for the user to read and make a mental image and then process the information. This time can be cut out be using images directly and where ever they can be in the UI. Icons facilitate visual recognition and come handy when you know what something looks like but not what it’s called.

Some other factors that are often ignored are Whitespaces and Contrasts. Important information can be delineated by smart use of spaces and contrasts.

4. Typography

Typography is defined as “The art and technique of arranging type to make written language legible, readable, and appealing when displayed”

Something to be aware of when working with text-based applications is the Serif Hypothesis, which states that “Serif is easier to read as the letters contain anchors and tails which provide comfort to human eyes while reading texts for extended duration of time”

So, if you have a lot of written content on your webpage, you now know which text format to consider.

5. Layout

Every UI is designed with Grids in Mind. For example, have a look at the pictures below :

Paytm Home Page

Yahoo Home Page

Things to be kept in mind are :

Alignment guides the eye and so we should avoid glitches there.
We automatically and unconsciously notice patterns/deviations that fall out of place.
That is why it is very important that we stick to mathematically accurate patterns.
In case we decide to deviate from a pattern, it has to be strategical.
Use visual proximity and scale to convey semantic information

6. Color

Effective use of colors can enhance the user experience to a great level. Colors can be used to highlight essential elements on the screen or to direct user attention.

Now, each color is associated with a certain meaning that has been proven over the years in various studies. The emotions that various colors invoke are as follows:

Red — Symbolizes lust, power, excitement or love
Yellow – Competence and happiness
Green – Good taste, envy
Blue – Masculine, high competence, high quality corporate
Pink – Sophistication, sincerity, feminine
Purple – Royalty, authority, sophistication, power
Brown – Ruggedness, earthiness, toughness
Black – Grief, sophistication, expensive, fear, evil
White – Happiness, sincerity, purity

These are widely agreed notions that will not change anytime soon.

7. Positioning

Users automatically pay attention to certain elements basing on their position on the webpage. More often than not, they seem to define a trend in which a webpage is viewed.

Neilsen Norman Group came out with a heatmap after conducting research on human eye tracking on webpages.

The highly colored area shows the highest density of the user eye views. That is where most users looked at most of the time. This just means one thing to us: put the more important content in that high-density area.

Now let’s look at the simplified pattern for a web page: This image shows the optimum positioning of information on a webpage based on the level of importance.

Important stuff needs to be in Priority 1 blocks followed by others.
Credit: Poynter Institute www.poynter.org/extra/eyetrack2004

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions.

Spread the love

What is WordPress Malware Infection? How do you deal with it?

April 11, 2019Security, ThoughtsPrevent Malware in WordPress, Remove Malware from WordPress, Software Security, WordPress Development, WordPress Malware RemovalLakin Mohapatra

WordPress is the most popular content management system on the web. Besides the popularity, it has many advantages. But unfortunately, it comes with certain downsides as well. if you go by statistics, more than 70% of WordPress installations are vulnerable to hacker attacks.

In WordPress websites, we generally install third-party plugins/themes for integrating additional features. But most of the time, we are not aware of the inherent security vulnerabilities of these plugins/themes which act as critical loopholes that are targeted by hackers/malware botnets, etc. Some plugins provide regular updates for patching those issues. But if we fail to do them, it leads to the exploitation of the vulnerabilities and severe malware infection.

……………………………………………………………………………………………………

Why secure WordPress websites before enabling SEO?

We know that bots crawl websites. But nowadays, bots make more visits to websites than human traffic. Malware Bots attack by trying a set of tentative URLs on websites. If a website has a vulnerability, and it gets figured out by the malware through this approach, the website becomes a candidate for exploitation. So, before enabling SEO on a website, we need to make sure that the website is secure; otherwise, you are at the mercy of bad bots which will take advantage of it. In some cases, malware can damage a site’s relationship with leading search engines by injecting malicious contents.

Effects of Malware Infection:

WP-admin will not be accessible due to unwanted 302 redirects to third-party malicious websites.
.htaccess file content will be changed even though it has proper file permission.
Files with extension .php.suspected will be created along with many duplicates of stylewpp.php.
Random posts will be created in WP DB.
Unknown admin users may have been created.

Steps to prevent Malware Infection :

Take a regular backup of codebase and database.
Restore content of .htaccess file and set proper file permission.
Check crontab for any suspicious entries.
Kill suspicious processes on the server.
Check the access log and find suspicious HTTP calls.
Block suspicious IPs which are making malicious attacks.
Most core WordPress files should never be modified. You need to check for file integrity issues in the wp-admin, wp-includes, and root folders. Remove unknown files & folder with cascade delete [Suspected from access log]
Analyze malicious PHP code which is injected into WP folders. It would be great if you can analyze malicious PHP script and decode their intention which will help you to remove infection easily.
Prevent random article creation. We found “content-main.php” file to be executed by malware botnet from access log. It was injected in path “/wp-content/content-main.php”.
Remove suspicious admin users
Update WordPress to the latest version
Change all credentials of cpanel , FTP and DB.
Stop the brute force attack. Even if you will remove all files, folders, kill all malware processes & change passwords, malware will never sit idle. Because it has already entered your site domain name, IP & malware file locations in its database. So it will try to make continuous HTTP calls to malicious PHP script locations which will return 404 error which is fine. You also cannot block all IPs of malware botnet because it keeps on changing IPs.
It tries the bruteforce login page with breached admin user names against a global database of pawned passwords.
Block xmlrpc
Prevent bad bots
Modify the robots.txt file to prevent crawling core directories along with themes/plugin directories. Also, identify bad bots and prevent them from crawling website pages.
Use SFTP instead of FTP
Change default wp-login, wp-admin, wp-content urls. Below are some of the WP plugins which you can use for changing url of wp-login, wp-admin, wp-content, plugin urls.
WPS Hide Login
Protect Admin
Install any of blow WP security plugins.
Securi
Quttera Web Malware Scanner
Wordfence
Add proper file & folder permissions.
Check for known vulnerabilities in existing installed plugins.
https://wpvulndb.com/

……………………………………………………………………………………………………

Conclusion

Nowadays, malwares are getting injected by botnets instead of humans. They crawl for vulnerable urls and exploit them one by one.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. Lakin enjoys sharing his thoughts on computing and technology in his personal blog.
To know more about our company, please click on Mindfire Solutions.

Spread the love

Adding a Universal link to iOS Apps- Challenges & Solution

March 28, 2019Mobile App DevelopmentDeep Link URLs, Enabling Universal Links, Implementing Universal Links, iOS Deep Link, Mobile Deep Linking, Universal Links for iOS, Universal Links for Mobile AppsRoohul Khan

In this blog, I am going to explain how to, without considerable effort, add Universal link and Deep linking capabilities to an iOS app

We are going to cover this in 3 sections

Understanding deep link, URL scheme, and Universal link
The issues with a universal link and the difficulty in incorporating it
A nice workaround to get rid of the complexity of universal links.

If you are aware of the universal link and the challenges in having it up and running, feel free to jump to the 3rd section straight away.

Understanding deep link, URL scheme, and Universal link

– As opposed to a common belief, a URL scheme is not the same as a deep link.

Then what exactly is a deep link?

Well, the term “deep link” is the route to a specific spot on a website or a native app. So, for a mobile app, “deep link” is a link that contains all the information required to navigate the user deep into a section of the app instead of just launching the app.

What is a URL scheme and how it works?

A URL scheme can be treated as a specially designed URL just to open a particular app.
For instance, any iOS app can open WhatsApp with “WhatsApp://” URI using the URL scheme. This is possible because WhatsApp has registered itself with the app store with “WhatsApp” as a URL scheme.

However, to send a “Hello” to a particular number in Whatsapp, the URI needs to be like “WhatsApp://send?phone=(actual phone number)&text=Hello”. This, in turn, will open chat for the given number with the supplied text pre-filled. This is an example of a deep link in action.

So, what exactly is a Universal link? and why at all so we need it?

The URL scheme works just fine as long as the app is installed on the user’s phone. In the above example for instance, if WhatsApp is not available, then “whatsapp://” URI will just not work and so as the deep link to send a message to a user.

In this case, a nice solution would have been to

Send the user to the website on the mobile browser, then, either redirect to the app, if available or show a prompt to download it from the app store if not.
A more elegant way is to directly open the app, if available on phone, without redirecting through the website or in case the app is not installed, open the website with a prompt to get it downloaded from the store. This is exactly how the universal link works.

The same universal link can be used to open the Android app as well.

……………………………………………………………………………………………………

The issues with Universal link and the difficulty in incorporating it.

Is Universal link difficult to incorporate?

The elegance and ease that universal link provides to your users come at the cost of having to deal with the complexity of implementing it.

Implementation of a universal link requires a guided approach. If you want to learn about the process in details, click here.

Unfortunately, there are a whole bunch of issues and bugs you will encounter after implementing it. As it deals with iOS, Android and the Web, there needs to be a great deal of coordination and support between them all.

Even for iOS itself, there are multiple ways and factors which are likely to affect how a user interacts with the link. Measures have to be taken to address them. To name a few, you are going to need to support previous versions of iOS, it should be possible for the link to open in SafariViewController for some apps like Skype and Facebook, the user may get redirected to the link instead of reaching there by clicking it, there may be a tracking need on the link. Given the default behavior of the universal link, which is to either open the app, if available or the web if not, it is going to break at some point for one of the above cases.

Unless you are hell-bent on having the universal link with all its properties and willing to put all the resources and time it needs to address the accompanying issues, you should consider the alternate, and the more basic solution available, to get the task done.

……………………………………………………………………………………………………

So, what is the hidden solution that can be used as a workaround?

The idea here is that the web URL, the actual HTTP link of the website, will work as a universal link.

But, how?

For Android, it’s easier to connect an HTTP link to the app, with the assumption that the user will be taken to your app on tapping the link if it’s available or fallback to the website if not. At most, you will need to verify the domain ownership. More on this is available here.

For iOS, unfortunately, you can’t use an HTTP link i.e. link to a real website to open the app without using Universal link.

Smart Banners in iOS is the workaround we have been looking for.

Safari has a “Smart App Banner” feature to promote app from the website. Your website can include a meta tag containing the app id of the app, and the Safari mobile browser will show a smart banner. On being tapped, it will open the app if it’s installed or take the user to the app store if the app is not there in the phone.

Here is how smart banner looks for the LinkedIn website.

When the app is not installed on the phone.

When the app is installed

The meta tag format is :
<meta name=”apple-itunes-app” content=”app-id=myAppStoreID, affiliate-data=myAffiliateData, app-argument=myURL”>

Both “affiliate-data” and “app-argument” are optional.

For more information on adding a smart banner to your app, click here.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author.
To know more about our company, please click on Mindfire Solutions.

Spread the love

Why does ISO-8583 Score Over Other Standards

March 4, 2019ThoughtsFinancial Transaction Message, Financial Transaction Standard, ISO 8583 standardWatan Agarwal

Of course, it is one of the many financial transaction standards describing how to pack certain data fields such that it could reliably be unpacked as well. However, the distinguishing factors that the standard possesses are :

It uses web sockets for communication which is very efficient.
This standard helps the electronic system which reads the card number, the transaction amount and other relevant data fields to pack it all up so that it could be transmitted electronically to a transaction processing system where it could then be unpacked back into individual data components and then processed.

……………………………………………………………………………………………………

Where do the Others Lack?

There exist numerous methods for packing and unpacking data. It could be as simple as comma separated fields. Eg: I could choose to send the transaction information as simple comma separated values as:

“1234123412341234,1000, INR,987” (Card Number, Amount, Currency, Merchant ID).

The issue with such a simplistic model of data packing is that it lacks meta information i.e. the message itself does not contain any information on what exactly is being packed in it. Not that it could not have been overcome even with a comma-separated version- just that it could get cumbersome

……………………………………………………………………………………………………

Principles that drive this Standard

The ISO 8583 message is based on the principles that:

– In a transaction message, you only get to pick the number of fields from a predefined set of fields. So, if you need a field called ‘My girlfriend’s phone number’, sorry, ain’t possible.

– The meta information of which fields are present in the message is also a part of the message payload in a data structure called the ‘bitmap’.

Structure

– Most implementations contain a few bytes dedicated to a fixed header (eg: ^A^TISO016000010) after which the actual ISO 8583 message starts.

– In one of our projects, the header we used was of 14 bytes

MTI – The Message Type Indicator.

The first 4 bytes describe the message type.

Eg: 02 00, which tells that the message is actually a financial transaction request. (The response to this request would also be in ISO 8583 and would carry an MTI: 02 10). Various MTIs exist and can be found on the web.

Bitmap

It is almost a visual representation of which fields are actually present in this message and which fields are not.

Eg: F2 38 80 01 08 E0 80 0F

11110010 00111000 10000000 00000001 00001000 11100000 10000000 00001111
(all the bit positions that are 1 implies the corresponding fields are present)

Hex Binary (Positions that have 1)
F2= 11110010 -> (1,2,3,4,7)
38= 00111000 -> (11,12,13)
80= 10000000 -> (17)
01= 00000001 -> (32)
08= 00001000 -> (37)
E0= 11100000 -> (41,42,43)
80= 10000000 -> (49)
0F= 00001111 -> (61,62,63,64)

We’ve just read the map! Therefore the fields that will be present in this message are field numbers: (1,2,3,4,7,11,12,13,17,32,37,41,42,43,49,61,62,63,64)

Note the first bit. Field 1 is a special field which indicates the presence of an extended bitmap. Since this sample message contains 1 on the 1st position, it means that this message contains another bitmap with another 64 bits.

Extended bitmap, Binary 64 bits

80 00 00 00 00 00 00 00
(=hex .extended bitmap field)
(80)10000000 -> (position 64+1=65)
This extended bitmap shows that field number 65 is also present in this message.

Data Elements

Immediately after the bitmap, the data elements start serially. From the bitmap, we know that fields 2,3,4,7 are present one after the other. All that we need to do is to read them one by one. Each field number has a predefined type in the ISO 8583 definition and has a predefined length. Some fields have a variable length in which case the first N bytes provide the length of the field.

Example:

Data Element 2. Length 16. Value : 0000011319353459 = Primary account number
Data Element 3. Length 6. Value : 011000 =Processing code. 011000 = cash withdrawal
Data Element 4. Length 12. Value : 000000020000 =Amount 200.00
Data Element 7. Length 10. Value : 0804030013 =DateTime DDMMhhmmss
Data Element 11. Length 6. Value : 051028 =Systems Trace number
Data Element 12. Length 6. Value : 083013 =Time, hhmmss
Data Element 13. Length 4. Value : 0804 =Date, MMDD
Data Element 17. Length 4. Value : 0804 =CaptureDate, MMDD
Data Element 32. Length 6. Value : 123456 =Acquiring institution ID code 123456
Data Element 37. Length 12. Value : 192165102801 =Retrieval Ref. No.

……………………………………………………………………………………………………

Isn’t ISO 20022 the new standard?

ISO 8583 will be a difficult one to get rid of anytime soon and hence one way or the other, in the financial industry ISO-8583 is here to stay.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author.
To know more about our company, please click on Mindfire Solutions.

Spread the love