Category: Articles

How SEO Works

How SEO WorksHow SEO WorksWeb-based businesses are being created everyday, but for them to succeed, they need to fully understand how SEO works. The SEO process is constantly changing, but there are several strategies and tools that aren’t going anywhere.

Continue reading

Intellectual Property Protection

Intellectual Property ProtectionIntellectual Property ProtectionHow does one go about protecting their source code in the era of cyber threats in order to mitigate that risk?

First let me disclose that I am not a lawyer. The legalities of Intellectual Property (IP) protection and enforcement are complex and expensive. Whenever a legal question arises in the course of our business I defer completely to our lawyers. It happens often and we spend a considerable amount to retain a top notch law firm to draft contracts, review agreements, to counsel us on what level of risk we’re exposing ourselves to in various situations, and to provide risk mitigation strategies.

Keep in mind, you can sue anyone for any reason. And vice versa. The case be without merit, but the parties will need to fund the legal battle. None of the below techniques, alone or in combination, will ensure 100% protection against IP infringement. But if applied together then your risk exposure to theft of intellectual property is greatly decreased.

There are many precautions you can take to protect the intellectual property of your digital products.

Non Disclosure Agreements (NDA)

When interviewing an agency to help with your software, or when exposing the inner workings of your software to an external party, always sign an NDA before getting too deep in the weeds. An NDA is not necessary for high level discussions about the software such as whether there’s a fit between you and the agency.. But once you determine there’s a fit, insist on the NDA. That’s your first level of basic protection where the party that receives confidential information assures that it will not disclose that confidential information to others. There are exceptions where disclosure is coerced on the receiving party, such as when parties are subpoenaed by law enforcement agencies are as part of lawsuits. Typical NDAs allow for that type of cooperation in legal issues. If they don’t, the law trumps your written documents anyway.

If the NDA is violated then it sets the terms of recourse by the disclosing party who has been damaged. And by “terms of recourse” I mean that the party violating the NDA is subject to financial penalties and legal action.

Work under a contract

My lawyer tells me all the time that a contract isn’t meant for when a project or client relationship is going great. During good times people pretty much forget that a contract exists. Rather, the contract is needed for when everything falls apart. When that happens the terms and conditions established in the contract could be enforced. Those terms including clauses like confidentiality restrictions, intellectual property assignments, penalties for non performance, and selection of venue (where a court case would be heard in person).

Always work under a contract. Your agency should have a standard contract they use. If they don’t then strongly question their organizational maturity and whether they are are fit for your project.

IP Assignment

Again, I’m not a lawyer, but from my research on this topic and my understanding as a person that runs a software agency, I’ve found the following for IP assignments apply.

The creator of the new work is automatically, and by default, assigned the intellectual property rights to that work. That means that the individual software developer who creates the code gets IP rights by default.

If the software developer is paid by someone to write the code then the person/entity paying automatically receives a lifetime license to use the creation. They do not, however, hold the IP assignment…just the right to use it. But that right extends into perpetuity. Only the creator has the right to leverage that IP as they desire (ex: sell it, extend it, protect it).

As a condition of employment at Array Digital, all software developers assign their IP to the company. As part of the company’s with clients, we automatically assign the IP to the client. You will want a similar assignment with whoever you contract with unless there is a business reason to do otherwise.

Copyright Notices

A copyright notice isn’t required in order to enforce the copyright that’s granted to the creator or assigned. But it’s a good deterrent and should be used liberally on works protected by IP.

We add copyright notices to the footer of the websites we create, and in various places in other software products we create. The copyright notice is in the format “@ [year] [legal entity name]”, ex: “@ 2017 Array Digital, LLC”. You can add an “All rights reserved” statement afterwards as well, but we don’t by default because the statement gets quite lengthy and stuffy.

Restrict access to the source code

Keep your source code in a private repository. “Repository” is the name for the place where the code is stored and the history of changes is recorded. Use either in an internal repository location on a company server, or more as more commonly done these days use a private repository online in a system such as GitHub. Keeping the code online provides efficiency for the team, but the tradeoff is that you must take measures to restrict access to the source code repository.

We use GitHub exclusively and have for years, but there are many other similar systems (ex: Bitbucket, GitLab) that each provide similar protections. We keep a private organization with access restricted to only those on our team. Each project is further protected with permissions given to individual team members on a “need to know” basis.

We also require that each team member who has access to our repositories uses Two Factor Authentication (TFA). TFA requires that when a person logs into the system with a valid username and password, they must additionally verify a one-time code sent to the account’s mobile phone on record. There are other forms of TFA, but the technique is the same – to use another previously verified device to verify the current access request to the system. This greatly reduces the chances of unauthorized access to the IP contained in the repository.

Treat source code as a trade secret

The source code has an “economic value” not generally known or understood by the public. Thus you need to take the same measures to protect source code is as you would for another other trade secret such as a client list or company financials.

As an example: create written internal policies that state who in your company is approved to release source code to others, and document the approval process. Also, wherever possible proclaim your IP protection via copyright statements as previously discussed. These various steps are referred to as your trade secret protection policy.

Patent the code

I’ve only been somewhat involved in this process. But we have provided source code to our clients’ lawyers in the past for the purposes of potentially filing for a patent on the source code. The aspects that would be patentable are the business logic that is implemented. The modules, plugins, or frameworks that were imported as part of the project are not patentable by you because those come with their own copyright terms. That leads us to our next consideration.

Impact of leveraged code

Very rarely is software these days created from absolutely nothing. As software developers we import other developers’ open source or paid code as part of modules, frameworks, plugins, gems, etc. Different software platforms call leveraged (aka imported) code different terms, but the gist is the same. You don’t want to waste time and money to building “plumbing”; you want to spend your time and money building the skyscraper. You can leverage code made by other developers to get the plumbing that’s required. Nowadays there are many open source projects that provide that low level plumbing, and each comes with their own copyright. Most of open source copyrights allow for commercial use, whereas most paid software does not. Each copyright of leveraged code should be reviewed to ensure compliance with how you will be using the final product.

As an example, React is currently a popular module for modern websites. It’s a good technology, but there’s a legal consideration. It was created by Facebook and the copyright that Facebook placed on React allows anyone to use React unless the company is involved in litigation with Facebook. The moment that litigation with Facebook occurs, the other party’s rights to use React are withdrawn.

So, if you’re building software that could potentially be sold, and if a buyer could be in litigation with Facebook or a Facebook company (there are many now), then you could have a hard time selling your software. If litigation were to occur with Facebook then the software that uses React would be in immediately violation of the copyright. That means that the owner of the software is exposed to further litigation with Facebook – a giant with deep pockets – or that the company would have to scramble to rewrite their software with another framework.

Enforce your IP rights

Last, and least desired, is enforcing your IP rights. That means that you file a lawsuit against another person or company that you believe is infringing on your rights. This is an expensive option and you will pay your lawyers handsomely. It will also be a big distraction for you and your company, and will take away from the focus on normal operations.

I have been involved in a large lawsuit where my client brought the suit against a much bigger industry player. It took three years and hundreds of thousands of dollars to bring the suit which eventually ended with a settlement. My client had to partner with an investor in order to fund the lawsuit and protect his patent. But in the end it worked out in his favor.

Filing a lawsuit is typically a last resort and you need to make sure you have a solid foundation for the case. Again, it will become very expensive very quickly, so the return on that investment must be worthwhile.

Summary

There are many techniques you can use to protect your Intellectual Property rights. Most of these techniques involve a level of maturity as an organization, and a level of maturity in the agency you hire to work on your software. Start with paperwork – agreements, NDAs, confidentiality agreements – and be sure to restrict access to the source code and treat it as a trade secret. If warranted, file for additional protections such as patents and enforce your rights. As with most things in life, plan and protect what is worth protecting.

Strategies for immutable JavaScript

Immutable data is a concept that I had to deal with while writing my first reducer for ngrx/store. The idea behind immutable data is that it cannot be changed after creation. This simple shift in state management can make applications more simple to build and easier to debug. With a single source of truth you have a contract in hand that will free you of a whole class of problems that plague mutable applications.
I’ll share what I’ve learned so far. Keep in mind that these examples stem from my experiences using ngrx/store but are in no way directly tied it.

Let’s start with some state: This state will consist of an object with an array of ids and an entities object that will store one key/value for each id in the ids array.

let states = [];
const initialState = {
ids: [],
entities: {}
}
states = [...states, initialState]

Adding some data to our empty state:

// add john
const john = {id: 1, name: 'John Lennon'};
const solo = {  
ids: [...initialState.ids, john.id],
entities: Object.assign({}, initialState.entities, {[john.id]: john})
}
states = [...states, solo];

There’s a lot going on here. We’ll look at one thing at a time. john is the new object that we want to add to the state.

const john = {id: 1, name: 'John Lennon'};

From the object john we’ll extract the id property to add to the ids array and copy the id and name properties into the entities object.

const solo = {
ids: [] //add new ids,
entities: {} //add new entities
}

Adding new ids: The spread operator is used to expand any existing ids in place, followed by the new object’s id. The solo.ids array will have no references to the initialState.ids.

ids: [...initialState.ids, john.id]

Adding new entities: The Object.assign method is used to create a new entities object. The first argument is a newly created object followed initialState.entities. The key/values from initialState.entities will be shallow copied into the new empty object. Lastly, the object {[john.id]: john} will be merged with the newly created object.

entities: Object.assign({}, initialState.entities, {[john.id]: john})

In the end the state solo will look like this.

{
ids: [1],
entities: {
1: {id: 1, name: 'John Lennon'}
}
}

Adding more data: The others array contains new objects to be added to the state. We’ll need to extract the ids from array and reduce the objects in it to one single object.

// add paul, george and ringo
const others = [
{id: 2, name: 'Paul McCartney'},
{id: 3, name: 'George Harrison'},
{id: 4, name: 'Ringo Starr'}
]; 
let newIds = others.map(x => x.id);
let newEntities = others.reduce((acc, member) => {
return Object.assign(acc, {[member.id]: member});
},{})
const fabFour = {  
ids: [...solo.ids, ...newIds],
entities: Object.assign({}, solo.entities, newEntities)
};
states = [...states, fabFour];

First the ids: newIds = others.map(x => x.id) creates a new array named newIds that has no reference to the others array. Next combine newIds with solo.ids by using the spread operator like this. ids: […solo.ids, …others.map(x => x.id)].

The entities will take a little more work: reduce and Object.assign are used together to shallow copy all the members of the others array into a single new object called newEntities. As before, there are no references to the old data. The new data has been copied. No mutations have occurred.

let newEntities = others.reduce((acc, member) => {
return Object.assign(acc, {[member.id]: member});
},{})

Assembling the state: It’s as simple as copying the existing data and the new data into a new object. The spread operator is used to expand the existing solo.ids and the newIds , which are combined together into the fabFour.ids array. Object.assign is used to merge the existing key/value pairs of solo.entities and newEntities into the new empty object {}.

const fabFour = {  
ids: [...solo.ids, ...newIds],
entities: Object.assign({}, solo.entities, newEntities)
};

Adding more data: With some data in the state, let’s take another look at adding a new object. This should look very familiar. This is the same process used to add john to the earlier state.

//add billy
const billy = {id: 5, name: 'Billy Preston'};
const fabFourV1 = {
ids: [...fabFour.ids, billy.id],
entities: Object.assign({}, fabFour.entities, {[billy.id]: billy})
}

Removing and replacing data: Let’s remove billy and replace it with eric . The strategies are the same as we’ve used so far. First, filter the ids to newIds. newIds will no longer contain billy.id. Next, reduce newIds down to the newEntities object looking up each item from the newIds array in the fabFourV1.entities object. In the end newEntities will no longer contain the billy object. Finally, merge eric.id with the filtered newIds and merge eric with the filtered newEntities.

//remove billy and replace him with eric
const eric = {id: 6, name: 'Eric Clapton'};
newIds = fabFourV1.ids.filter(x => x != billy.id)
newEntities = newIds.map(id => fabFourV1.entities[id]).reduce((acc, member) => {
return Object.assign(acc, {[member.id]: member});
},{});
fabFourV2 = {
ids: [...newIds, eric.id],
entities: Object.assign({}, newEntities, {[eric.id]: eric})
}

There have been 5 states created in this exercise; initialState, solo, fabFour, fabFourV1, fabFourV2. Each state was created with immutable methods. There are no references shared between them.

for (var i = 0, len = states.length; i < len; i++) {
console.log(states[i].ids.map(id => states[i].entities[id].name));
}

This output shows that each state is a separate object.

[]
["John Lennon"]
["John Lennon", "Paul McCartney", "George Harrison", "Ringo Starr"]
["John Lennon", "Paul McCartney", "George Harrison", "Ringo Starr", "Billy Preston"]
["John Lennon", "Paul McCartney", "George Harrison", "Ringo Starr", "Eric Clapton"]

No states were mutated during the creation of this article. The full source can be found here.


WordPress Security Vulnerabilities

WordPress Security VulnerabilitiesWordPress Security VulnerabilitiesThere are over 1 billion websites on the internet today and 28 percent of them are powered by WordPress. That’s over 280,000,000 WordPress websites and counting. You may be asking yourself, “How fast is the WordPress market share increasing?”. A whopping 50,000 new WordPress websites are launching each day and over 22 billion pageviews a month are served by WordPress sites.

WordPress is by far the most popular content management system (CMS) in use today. When only looking at websites that are powered by a CMS platform, WordPress holds 60% of the market. Joomla is the second most used CMS with a meager 6.3%, followed by Drupal with 4.8%, Magento with 2.7%, and Blogger with 2.5%. It’s safe to say that WordPress is dominating the CMS market and is forecasted to remain the reigning champion.

What does this all mean?

With WordPress’s massive numbers, it’s a HUGE target for hackers. WordPress, just like any other software, needs to be updated. The number one thing anyone can do to safeguard their website is to keep the WordPress platform and plugins up to date. Sounds simple right? It is, but many people often neglect this process for one reason or another. An outdated WordPress site is extremely vulnerable.  

Why would anyone hack me?

Often, people have the mindset of “I don’t need to worry about hackers because I have a tiny website and why would anyone want to harm me?”. Most hackers are not usually singling out one specific website to compromise. They are casting a wide net and taking down as many websites as they can, in one fell swoop. Hackers don’t care how small a website is or how much traffic it receives, they will go after the largest target and focus their time and energy into the biggest payout. Once a vulnerability is discovered, the hackers go to work compromising, defacing, or completely deleting websites. If your WordPress site is out of date, then you need to take action to ensure your website is updated and secure.

Case and point

In February of this year, hackers found a content-injection vulnerability within the WordPress core files and thousands of websites were hacked before anyone knew there was a problem. WordPress quickly patched the vulnerability with version 4.7.2. Since updating the WordPress Core files is often neglected, many websites were left out of date. Hackers rushed to compromise the remaining websites that were without the security patch. Many outdated websites have been repeatedly hacked and defaced by mutable hackers. These websites will continue to be hacked over and over again until the sites are updated.  To date, over 1.5 million websites have been hacked due to this single content-injection vulnerability.

What can you do?

Only around 40% of WordPress sites are up to date, which means 60% of WordPress installations are vulnerable to hacker attacks. If you have a wordpress website, it is very likely that it’s out of date and at risk. You have two options to keep your site safe and un compromised. The first option is to log into your WordPress website and apply the updates yourself (and do it often). The second option is to hire a reputable company that will provide this service. For under $20 a month, you can find a company who will keep your website updated and protected and send you monthly reports on the work completed.

In addition to keeping your WordPress platform and plugins up to date, here are four additional steps you can take to further secure your website:

1. Backup. Backup your WordPress site and database often by downloading the backup files and storing them offsite. A backup on your server is useless if a hacker wipes out the entire server space.

Pro tip : Install the WordPress plugin Duplicator. It’s a great free tool for backing up your website files and MySQL database.  Use Dropbox to store all of your backup files. Your backups will be safe and secure on their cloud servers. Also, your hard drive will thank you.

2. Monitor your files: When a WordPress core file changes unexpectedly, you need to take action. This is a tell-tale sign that your site was compromised. Knowing when a file change happened is very hard to keep track of manually.

Pro tip: Wordfence is a great free plugin that will scan and alert you when a change happens. Many issues can be fixed within the plugin with a few clicks of your mouse.

3. Implement a lockdown feature: Brute force attacks are a huge WordPress security vulnerability. When enabled, you will get notified whenever there is a brute force hacking attempt. The site will lock down and the hackers attempt will be terminated.

Pro tip: Use iThemes Security for brute force/lockdown to ban an attacker’s IP address after a certain number of failed login attempts. iThemes Security is also packed with many great features that will keep your website secure.

4. Change your Login/Password. Avoid using the default WordPress login “admin”, hackers know this and use it to their advantage. Using an email address as the username is a superior option. When creating a password you obviously, don’t want to make it “password.” A strong password should contain 12 to 14 characters, including lowercase and uppercase alphabetic characters, numbers, and symbols. For example: “oi2#($.1-Dvmfk” is a very strong password. It would take an extremely long time for a hacker to crack that password using brute force methods.  

Pro tip: Use a third party password manager like LastPass to securely store and use your complex passwords. Never write down your password.

Why Your Website Needs a Continual Support Plan

Why Your Website Needs a Continual Support PlanWhy Your Website Needs a Continual Support PlanYou’ve created a shiny new website and you’re proud of it. It’s the result of countless hours coming up with content, graphics, and finding ways to showcase all the great things your company has to offer. You’ve invested much of your time and money to make sure it’s just right, and finally your vision is on the web for the whole world to see.

Continue reading

How to Tell a Story Through Your Design

From daily conversations to entire Sundays spent in front of your new Netflix obsession, stories are a natural part of our lives. Stories are our way of communicating experiences through language, visuals and actions. Just like any good story, a well-crafted design must be compelling and have a sequence of events that flows naturally. As a designer, we’re told repeatedly that a successful design is the product of great storytelling, but it seems that everyone has a slightly different take on the idea… so here are three simple guidelines to ensure that your design tells a great story:

Continue reading

Assessing Requirements: The Real M.V.P.

In the world of software development, we help clients get from their current situation to their ideal situation. Clients bring a plethora of big ideas to the table without always truly understanding the cause of their pain point. We figure out what is causing the symptoms instead of throwing a bandage over the open wound to make it easier to look at. The easiest way to get to the root of the issues is to determine a Minimal Viable Product (M.V.P.). A Minimal Viable Product is a product that purely addresses the issues and saves future features until users get a chance to use the product and provide feedback.

Continue reading

Quality Web Content Strengthens SEO Efforts

You have heard it before – when it comes to maximizing your Search Engine Optimization (SEO) results, content is king. But what does this really mean? For the best SEO results, content must go beyond words on a page and truly serve as an extension of your business’ overall marketing plan.

Continue reading

Community Driven Content Management

As a self-taught software developer, I have found that the best way to learn a new technology stack is to jump right in and build a project using that technology. By immersing myself in a project, I am able to gain a solid understanding of the technology and establish knowledge for future projects.

Continue reading

State of SEO

Whether you are a young entrepreneur, a seasoned business owner, or you have just been hired as a marketing professional straight out of college, the truth is that you may be approaching Search Engine Optimization (SEO) the wrong way. If your goal is to do the least amount of work for the greatest immediate return, you won’t see the results you are hoping for. Instead, it’s important to understand that SEO is a long-term investment of time, effort, and money. If you invest big, you will benefit from large returns for years to come.

Continue reading

  • 1
  • 2
  • 4

Get Started Now

Give Us A Call: (888) 338-8252

Join Our Newsletter

About once a month we'll send information about trends in the digital products industry and other tidbits on what you need to know to keep up to date with software, websites, and digital marketing. Nothing spammy. Unsubscribe at any time.

© 2017 Array Digital, LLC
Get A Quote