CRN Fast50 Awards are Back for 2019

Are you one of the fastest-growing companies in the Australian IT channel?

CRN celebrates those who sell, resell, recommend, design or implement IT products and/or services to business end-users… and do so particularly well, with growth being the measure of success.

Past winners include:

The CRN Fast50 is free to enter but the entry criteria are quite strict.

Winning the award, or even participating in the event, will boost your company’s reputation:

  • Receive recognition for your company that equates to more business
  • Prove to your clients the stability of your company
  • Receive attention from your industry’s largest channel
  • Raise your company’s profile among your industry’s hottest vendors

How to enter

For further information on the contest requirements and benefits visit the CRN Fast50 Awards website.

About CRN

CRN, established in 1998, is a leading source for news and business insight for IT resellers, systems integrators, managed service providers, and IT solutions companies. The news source offers a broad spectrum of IT information across an assortment of outlets including print, online, mobile media, roundtables, and webinars.

Australian Member of Parliament’s Websites: How Secure Are They?

The 2019 federal elections are just around the corner, so we thought it would be an interesting exercise to review the websites of our state MPs and see how they perform against a relatively simple security and best practices check.

Bear in mind that this wasn’t a comprehensive analysis but more of a general overview. If we repeat the same checks now results may well be different. Hopefully better.

As part of the process, we emailed MPs to let them know of our findings and gave them plenty of time to make changes. We put together a PDF covering best practices and included a checklist for them to share with their web developers.

View infographic on LinkedIn, Twitter or Facebook

Researching the websites of 582 MPs

In January 2019, we researched publicly available data from portals such as Parliament of Victoria and Queensland Parliament, making a note of email addresses and URLs of personal websites. If the latter were not listed we tried to find them via Google.

We got our first statistic of relevance at the end of this process: of the 582 MPs we researched, 237 of them had websites, so 41% of the total.

So, with our original list cut in half we checked the following:

  1. Hosting – what company was used and in what country their servers are located
  2. SSL Certificates – whether any were installed and if so, whether there were any errors
  3. Domain registration – checking the details for the Registrant Contact Name and Registrant Contact Email specifically
  4. Performance – using GT Metrix to check homepages size and page load times, taking the average of three checks for accuracy

We didn’t look at what applications were hosted nor the technical specs of the hosting providers.  We also didn’t conduct any vulnerability or penetration testing, as we’ve seen on many public-facing Government websites and applications.

Our findings

1. Hosting

Of the 237 websites, we looked at 49% (115) were hosted abroad. While many Australian businesses host their websites abroad – we don’t think MPs should be doing so:

  • They are hosting their data, and potentially data of Australian citizens, with companies that don’t have to comply with Australian legislation
  • Foreign companies or authorities may have full access to this data
  • There are web hosting providers here in Australia that, just like us, offer a great product, local support and comply with Australian laws

In regards to the above, the Australian Cyber Security Center recently published a Cloud Computing Security Considerations document covering this scenario specifically:

The ACSC recommends against outsourcing information technology services and functions outside of Australia, unless organisations are dealing with data that is all publicly available. The ACSC strongly encourages organisations to choose either a locally-owned vendor or a foreign-owned vendor that is located in Australia and stores, processes and manages sensitive data only within Australian borders. Note that foreign-owned vendors operating in Australia may be subject to foreign laws such as a foreign government’s lawful access to data held by the vendor.

2. Securing communication with SSL

SSL certificates encrypt data as it travels to and from a user’s browser. For example, login details, credit card information and enquiries passed via online forms.

While we didn’t see any form or website function capturing critical data such as credit card numbers we wouldn’t want anyone intercepting our personal information such as our name, phone number and email address.

13% of the websites we analysed either had no SSL certificate in place or it wasn’t installed correctly. That’s 31 out of 237 websites that are at risk of ‘leaking’ data as users interact with them.

There is no excuse for failing to install an SSL certificate considering you can get them for free from most web hosting providers. In fact, of those that do have SSL in place, 133 use a free version. Free SSL certificates are good enough for the type of functions you find on websites that are mostly informational, however, premium versions that come with installation support and warranties typically cost less than $50 a year.

3. Domain registration

We recommend that our customers always use their own details when they sign up for services, including domain registration. If not, they risk losing access to those services, or even worse, someone taking over and using them maliciously.

36% of MPs domain names list third parties as the Registrant contact. In most cases, these are the web developers or agencies that have built their websites. This means any administrative or renewal emails related to the domain could be overlooked and not forwarded to the domain owner.

Premier Scott Morrison was lucky when a prankster registered his expired domain. He just wanted to have a little fun. Someone else could have pointed the domain to somewhere malicious or spoofed his site to capture personal data and send misleading information.

AuDA states “It is necessary for the WHOIS data to include a contact email address for the registrant, for the purpose of contacting the registrant in relation to their domain name. The registrant does not have to nominate their own personal email address, but they must nominate an email address at which they can be contacted.”

As a domain name is the cornerstone of a website, proper management of this digital asset is critical.  Assigning domain management to a third party or unmonitored email account could end in disaster.

4. Performance

Results were in line with the norm with page load speeds averaging 5.8 seconds and an average page size of 3.4MB.

If you’re running an eCommerce store or transactional-based website you will want to boost those figures though, as research shows that visitors tend to drop off in droves if you make them wait any longer than 2 seconds.

MPs publish mostly information about their policies and achievements, so it’s not hard to keep the interface light, page load times low and offer a better user experience. The load time averages are likely higher due to the number of websites hosted overseas on commodity hosting solutions.

Sharing our results with MPs

This proved to be much harder than expected. MPs and their teams must be busy these days and their email autoresponders often said the same thing:

That said, we approached them with some urgency and were able to share informative data relevant to their websites, as well as tips on how to best manage hosting, domains, and digital security.

The sequence was as follows:

22nd February 2019 – First email, sent to all MPs – with versions for those with a website and those without to raise awareness.

Bounced emails: 3.4% (20)
Opens: 25.2% (148)
Human Replies: 0.5% (3)

3rd March 2019 – Follow up sent to all MPs – minus the ones that bounced or indicated that they didn’t want to hear from us anymore.

Bounced emails: 1.3% (7)
Opens: 32.6% (182)
Human Replies: 0.7% (4)

What’s interesting here is that these stats are in line with what you would expect from your typical email newsletter. But looking at the open rates, shouldn’t they be closer to 100%? Surely MPs have staff that check every piece of communication they receive before deciding whether to reply or not?

Results by party

To determine this we flagged all MPs experiencing at least one of the three issues we looked at: hosting their website abroad, not having a properly configured SSL certificate in place or not owning the domain’s Registrant Name and Email details.

The results were…

Total MP Websites Websites with issues Percentage with issues
Labour 87 56 64.4%
Liberals 102 88 86.3%
Green 12 9 75.0%
Other 36 26 72.2%

Of the three main parties Labour performed best, but the with more than half of their websites ‘offending’ they have a lot of work to do too.

Many of the websites are published on the Nation Builder platform, which is owned by US-based 3dna, Corp. They host customers in US-based data centres, including content, files and customer data of Australian MPs using their service. 3dna, Corp. is based in California and therefore abiding by local rules and regulations governing access to their data, and our MPs are effectively disregarding ASCS’s recommendation to store sensitive data within our borders.

Digital best practices: another thing we can accuse our politicians to underdeliver on?

It goes without saying that MPs websites should be leading by example as far as security and user experience is concerned.

They (their staff, at least) should make more of an effort to use local tech and talent too. They should at least glance over all their emails and contract reputable web developers that can advise them on best practices.

Concluding thoughts: our MPs may be putting their websites and data at risk!

This simple exercise has shown us that 76% of MP’s websites we looked at didn’t pass our security and best practices check. If you suspect your local MP is not following best practices, point them to this article.

The Australian Cyber Security Centre is there to remind us too and help us keep safe. We share their mission to make Australia the safest place to connect online.

Gary Vaynerchuk to Keynote Magento’s Imagine 2019 Event

The CEO of VaynerMedia will present at the event on May 13-15 in Las Vegas along with other industry heavyweights such as Gillian Campbell, Head of Omni-Channel Strategy & Operations at HP and Jason Woosley, Magento’s VP of Commerce Product & Platform.

Gary Vaynerchuk has made a name for himself as “hustler” in the social media marketing space, heading VaynerX, a media, and communications company, and VaynerMedia, a full-service advertising agency. He is also an angel investor with investments in Twitter, Tumblr, and Uber.

Before this he was successful in the eCommerce space, helping build his father’s local liquor store, “Shoppers Discount Liquors,” into one of the first eCommerce wine sites generating millions in revenue within a few years.

With his early experience and successes in eCommerce, expertise in marketing and ability to inspire his followers, those attending his Keynote will no doubt feel energised and motivated to market their Magento-powered eCommerce stores more.

Register for Imagine 2019

Find more information about the event on Magento | Imagine 2019 website, including the agenda and speaker profiles.

Tickets start at USD $1,595 and can be registered here.

More about Magento

 

Google Launches Open Source Education Site Called Opensource.dev

The importance of open source software cannot be understated. It is behind well-known applications people use every day, such as Linux, Firefox, Android, WordPress, and other companies who offer open source cms software. With that point in mind, the search engine giant Google launched a new site in January 2019 called opensource.dev as an educational resource with a focus on open source software and licensing.

With open source applications like Chrome, Android, and others, it’s clear that Google values open source development not only for the tools it builds for its developers, but also for the software it makes available to the general public. And with over 2,000 projects created in the last 10 years, the company plans to keep on building new open source software.

Google Summer of Code

The search for new open source software is the main reason Google started the Google Summer of Code (GOSC). Google wanted to reel-in current college students studying in technology disciplines to work in a mentor program and write code. The hope is that some of those students might, one day, become developers and even might work with Google.

The GOSC program is now in its 15th year and annually pulls-in students from all over the world to participate in the three-month program. In 2018 alone, 1,300 students paired with over 200 mentor organizations. One of the major tenets of the GOSC program is to allow more open source code to be written and released for everyone to use.

In order to support its views about the necessity of open source, Google’s opensource.dev site acknowledges the Open Source Initiative (OSI), which concentrates on making open source software an important and necessary part of the developer community. Secondly, opensource.dev and Google both believe in the Open Source Definition (OSD), the authority on global open source licensing. At the bottom of the one-page site, opensource.dev lists supporting organizations and groups that are at the foundation for open source software to illustrate that this type of software is not going away anytime soon.

Visit Opensource.dev

To view and learn more about open source software and licensing, visit Google’s new opensource.dev site. If you’d like to learn more about the Google Summer of Code for 2019 and how to participate as a student or volunteer as a mentor organization, click here for general information and here for more detailed information. But you need to act fast because the deadline for mentoring organizations is February 6th, 2019. The organizations chosen will be announced on February 26th.

Dot One Single Day Event with CraftCMS

On February 5, 2019, CraftCMS Australia will host a one-day event at the Melbourne Museum Treetop Room from 9:00 am to 4:30 pm called Dot One Australia.

This will be the company’s first event of this kind and will feature a presentation by Brandon Kelly, Craft’s founder, and CEO, plus talks from Luke Holder, Lead Developer of Craft Commerce, Josh Crawford, Lead Web Developer at S group, and James Noble, Chief Design Officer at Carter Digital.

Additionally, this event will host a forum of lightning talks from members of the Australia/ New Zealand Craft Community, including the opportunity for other speakers to talk about their Craft CMS projects or anything relevant about the CMS experience.

Built behind the scenes by Bend, Oregon based Pixel & Tonic in 2011, another Brandon Kelly founded company, CraftCMS launched in 2013. The goal with Craft CMS was to “improve development and authoring experiences: Element Types, Live Preview, Matrix, and a practically limitless plugin architecture.”

These concepts are geared toward the web developer who desires to have complete control over his site build instead of clicking a few buttons to instantly make a website, which has made CraftCMS an award-winning CMS with accolades like “Best CMS for SMB, Best CMS for Developers, and Best WordPress Alternative.”

After a day of talks and discussion, there will be a happy hour/ networking social event with members of the Pixel & Tonic team and the Australia/ New Zealand Craft Community from 5:00 pm to 7:00 pm.

Register for the event

Tickets for the event are $99.00 AUD and includes lunch. 

ExpressionEngine Relicensed to Free and Open Source

The world of the CMS platform is definitely one that is constantly evolving. Not to mention the fact the sheer number of companies that offer a free and open source CMS platform is staggering, although it’s hard to say which companies other than WordPress or Drupal are successful.  However, there are still those companies who have resisted this approach, probably much to their detriment.

The ExpressionEngine CMS, originally released in 2002, is one of them. But at the end of last month, Rick Ellis, the founder of EllisLabs and creator of ExpressionEngine, wrote a post on the ExpressionEngine blog where he declared it time for EllisLab’s CMS to be free and open source. Here’s why.

Importance of Open Source

When ExpressionEngine launched, Ellis states that he had no idea how important an open source CMS would become.  In fact, he says “over 90% of the CMS market is open source [and it has become] the de-facto license model for all-things web.” Not only that, but he also mentions that revenue in the market is projected to triple and over the “next five to ten years, 70% of businesses worldwide [will] rely on open-source software.”

Reasons for Waiting

So, with emphasis on having a free, open-source CMS platform, why did ExpressionEngine wait 16 years to make this licensing change? The answer, according to Ellis, is simple: it was a matter of timing.  He wanted to wait until he felt ExpressionEngine contained technology that “might define the future of the web.”

With literally 100s of CMS platforms offering similar features, the above statement seems bold. There may be more real-world reasons, however, for why ExpressionEngine will now be free and open source that stem from how the company conducted business.

Market Share Damaged

In addition to the restrictions mentioned above, users could also not share their developer libraries. EllisLabs also enforced the idea that commercial licenses were paid for before usage of its CMS even occurred. These restrictions only damaged ExpressionEngine’s ability to capture available market share. As a result, only 0.3% of websites currently use ExpressionEngine as their CMS. The company has also lost a lot of its community and developers. It’s good, therefore, EllisLabs made this decision about licensing now instead of waiting until their existing user base completely evaporated.

New Plans

In his post, Rick Ellis remains hopeful for the future of ExpressionEngine. While he realizes a more “successful services model” needs to be developed, there are other new plans in the works.  However, he isn’t specific about what those plans are. He does say the CMS will bring features that will “put [ExpressionEngine] in a league of its own.” Right now, the CMS offers features like spam prevention, easy updates, beefed-up security, GDPR/ Privacy compliance, etc., nothing most other CMS platforms aren’t also offering.  But Ellis says there is more coming, so it remains to be seen if the company’s new licensing model will be enough to draw users and developers back to the company.

Download ExpressionEngine

Head over to ExpressionEngine’s website for more information about the change of license and to download a copy of the software for free.

Big Update for Layout Builder Coming in Drupal 8.7

Although CMS companies attempt to make the website building experience straightforward and intuitive, in most cases it is not. That means digital marketers are left restricted to certain templates or a clunky design experience. 

The focus in website development, however, is changing.  Instead of relying on third-party software, CMS site/ page builder companies are developing their own drag and drop, WYSIWYG tools. That’s the case with Drupal and its Layout Builder, originally released in beta form with Drupal 8.5 in November 2017, which makes Drupal one of the first CMS companies to take on this task.  

Dries Buytaert, the founder of Drupal, states that Drupal 8.7 along with the new Layout Builder will not only be able to manipulate different types of content but also will have other unique, trend setting features. One of those features will be for layouts for templated and customized content. This is an important point when it comes to working with websites that have large amounts of content that should be visually consistent. This will be possible, according to Buytaert, because Layout Builder enhances Drupal’s ability to handle “structured content.”  

Structured content is content which is divided into distinct and predictable parts. It can be labeled as “fields” or “chunks” depending on the content type (a blog post, for instance). In the past, this choice may not have been possible without the assistance of a developer. Buytaert notes that Drupal’s competitors only allow for individual design of a page. Another key point is Layout Builder will allow customization of “structured content” on an as-needed basis. This could be anything, basically, from tacking on a video or a picture to even a testimonial, if the site is eCommerce driven.  

Then there is, of course, the instance when a content creator needs to insert “unstructured content,” such as with a company’s “About Us” or “Home” page, which are strictly informational. With Layout Builder, a content creator can open a blank page, pick a layout, then add blocks that can contain maps, video, text, even custom widgets. Each piece that is added can be individually configured. The ability to create this type of content is especially useful for smaller websites without links to several other pages.  

Buytaert states that while the version of Layout Builder in Drupal 8.7 is fairly stable, it is still in beta form with 25 issues to resolve by release time in March 2019. Until then, Layout Builder won’t be considered ready for production until it meets Drupal’s own accessibility gate. Lastly, Drupal’s founder says modules (plug-ins) that were contributed to the first version of Layout Builder, such as Panels, Panelizer, and the Paragraphs module for creating custom landing pages are being considered for migration into the new version. Ideally, he thinks the new version of Layout Builder might just include these tools instead of relying on modules.   

Overall, when used with Drupal’s other built-in features like revisioning, content moderation, and translations, Layout Builder will be even more powerful. Buytaert, of course, is attempting to persuade content creators and digital marketers that competing CMS site/ page builders like WordPress, SquareSpace, or Joomla are less powerful because of Drupal’s 8.7 features and additional add-ons like the Gutenberg Editor. Watch the video below to see a demo of the new Layout Builder. 

Kentico 12 Released

MVC Widget-Based Visual Page Builder Improves Marketing and Development Experience

When it comes to building fast, responsive websites, two major elements come into play: firstly, the speed of how fast it loads, and secondly, how fast data is fed back to a user. In the past, a developer or engineer had to figure these things out. But today, with the emphasis on content and the CMS, marketers are making their influence known.

This area has been the focus of Kentico, a software company for digital marketing, since 2004.

In its prior releases, the company concentrated on development tools and helped to pioneer the CMS. Kentico 12 continues that mission but improves it by giving marketers and developers a better tool to create a rich, overall web experience and all built on the backbone of an MVC.

What Is Kentico 12 (Code Name “Raptor”)

The main function of this widget or plug-in is that it splits the task of web development between developers and digital marketers. In essence, Kentico 12 gives marketers an intuitive tool for editing content without the need for specialized training about how to use the software for front-end development.  The end result is the widget can make digital marketers more productive.

Key Features of Kentico 12

The powerful tools in Kentico 12 allow digital marketers to make changes or experiment with it in order to provide the best user experience. And on each page of a website, an administrator can configure the widget so it is safe in any development environment so as to not break the functionality of a website. Other features are as follows:

  • Features a drag and drop interface.
  • Visual consistency.
  • It reuses design components.
  • It comes with the ability for sections and widget zones, allowing for the use of multiple widgets.
  • It includes tools for specific functions, specifically personalization and inline editing.
  • Smart Forms – the ability to design, build, publish online forms to gather customer data in order to understand certain user behavior despite the GDPR.
  • Use of full-blown developer MVC support at the server level.

What is MVC

MVC is an abbreviation for Model-View-Controller. Used for creating GUIs, it divides an application into three related parts. It is considered an architectural pattern, which is a solution that can be reused to solve a reoccurring problem, especially when applied to writing software. The MVC process interprets information and presents it to a user who then accepts it. For the developer, this means he can use his code and components in one application then reuse them in another. The data, however, will be different as well as the View given to a user.

MVC and Kentico 12

What all this means for MVC’s use with Kentico 12 is that it is possible to design and develop MVC widgets that are reusable. Developers have the freedom to build software without the limitations of technology, and marketers can control the design flow of a web page.

Furthermore, developers can approach a software solution without compromise that is both faster and cheaper. Not to mention that MVC built sites perform better, an all-important factor when it comes to Google page rankings. That’s why companies like Microsoft, GoDaddy, DELL, Ancestry.com, and others are already using MVC at the backend of their sites.

How to Get Kentico 12

If you are interested in taking Kentico 12 for a spin, you can go here and choose a 7-day web-based trial.   Additionally, Kentico offers 45-minute webinars to illustrate the features of its CMS and EMS.

If you’ve already installed Kentico 12 and your site is not running optimally at server level, schedule a free Kentico hosting consultation if a solution can be found to get it running smoothly again.

CMS Critic Announces 2018 CMS Award Winners

Although primarily used by bloggers in Enterprise environments, CMS systems are used by many types of other businesses and individuals to create content. WordPress, Joomla, and Drupal are the household names in the industry, and they have been used to build a vast majority of websites.

However, with the 2018 CMS Critic Award, which was started in 2008 by Mike Johnston, and allows members of this community to vote for the best products, the goal for this year was to bring more attention other CMS companies.

There Is No Best CMS

Even though Joomla was awarded the “Best Free CMS” for 2018, Johnston doesn’t see it, WordPress, Drupal, or any CMS as the best system out there. He points out that people recommend them without understanding why or what needs a CMS might address, than users pick a system and, in the end, get hacked.

WordPress popularized an easy way to build a website. Joomla and Drupal just expanded on that idea. But Johnston states that all three systems rely too heavily on plug-ins, which impact overall site performance. Additionally, he also mentions that these plug-ins aren’t tested by developers and are usually out of date. That means a CMS admin is constantly making these updates whether they are really needed or not. And while Drupal may handle how it uses its modules (another term for plug-ins) a lot better, it is extremely difficult to use, which defeats the purpose of a CMS.

The 2018 CMS Critic Award Winners

While Johnston thinks the idea of a perfect CMS doesn’t exist, he still has hopes the newer faces in the CMS industry are trying to improve upon the existing, more mainstream models that WordPress, Drupal, and even Joomla developed. With seven categories to rate these systems, then voted on by the CMS Critic community, here are the 2018 winners:

  • Joomla for the Best Free CMS.
  • October for the Best Flat File CMS, a system that stores data in folders.
  • Umbraco for Best Open Source Enterprise CMS.
  • Quintype for Best CMS for Publishers.
  • Netlify for Best Headless CMS, a system that allows for cutting-edge user experience, wide developer flexibility, and fluent design implementation.
  • Shopify for Best eCommerce Solution.
  • SquareSpace for Best Website Builder.

Of the seven companies that won, only Shopify, which has been around since 2006, continues to consistently build its CMS user base, perhaps because its focus is so specific in the internet retail space. With 600,000 businesses using it, over 1 million active users, and 82 billion sold on its associated sites, Shopify is what a true CMS should be, a portal for users to do the things they need to do without other worries.

Conclusion

Meanwhile, CMS systems like WordPress didn’t even get the nod this year in the CMS Critic Awards. Truth is, it and the others mentioned above probably won’t until the issues Johnston points out are rectified. Maybe this is a wake-up call for them to make improvements or changes in order to remain competitive in an expanding CMS marketplace.

IBM buys Red Hat

The Linux vendor doesn’t come cheap either, with IBM confirming a US$34 billion cash deal.

The two companies have been working closely for the past two decades and the intention is to focus on the hybrid multi-cloud market, with Red Hat claiming that ‘four out five business workloads have yet to make it to the cloud’.

IBM was prompt to point out that it will remain committed to Red Hat’s role as an open source contributor:

“With this acquisition, IBM will remain committed to Red Hat’s open governance, open source contributions, participation in the open source community and development model.”

Red Hat will join IBM’s Hybrid Cloud team and no changes to its management structure.

Ginni Rometty, IBM chairman and chief executive described IBM’s largest ever acquisition as a “game-changer”, with IBM becoming the world’s largest hybrid cloud provider.

Read more: Why IBM’s acquisition of Red Hat is a game-changer for the cloud industry