AWS – Change your Root Password

It is not a good idea to use the Root account to manage and work with your AWS account.   Ideally you have setup IAM user accounts with only the required permissions.

However occasionally you need to update your Root level account password.   This video quickly shows you how to do it

(if this video is low quality,  try opening it full screen and playing it again,  the video is short and may be done playing before YouTube can catch up with downloading a higher quality version)

AWS – Disable IAM User access to Billing Console

In an AWS Account, Root users can create IAM Users with Account Administrator Permissions

However those users do not have access to the Billing Reporting.

A Root user can enable this though – follow the steps in this video

(if this video is low quality,  try opening it full screen and playing it again,  the video is short and may be done playing before YouTube can catch up with downloading a higher quality version)

AWS – Enable IAM User access to Billing Console

In an AWS Account, Root users can create IAM Users with Account Administrator Permissions

However those users do not have access to the Billing Reporting.

A Root user can enable this though – follow the steps in this video

(if this video is low quality,  try opening it full screen and playing it again,  the video is short and may be done playing before YouTube can catch up with downloading a higher quality version)

Matraex Launches Custom App Partner Program for Agencies and Advisors

Matraex has long provided custom app services for Marketing Agencies, Business Advisors and IT Service Companies.

These partners are an important part of our business,  where we grow primarily through the referrals they bring us.

We have created a Partner Program to help formalize these relationships.

The partner program guarantees our Partners trust, a timely response, assistance identifying projects and revenue opportunities in their current client base as well as many other benefits.

To help our potential partners find out more,  we launched a partner site at https://partner.matraex.com

If you’d like to find out more about the program,  call Michael Blood at 208.344.1115 x 250 or email at michael@matraex.com

Moving PHP sites to php 7.2 – undefined constants used as a string

PHP7.2 and above will no longer allow Undefined Constants

According to the “Promote the error level of undefined constants” section of the PHP 7.2 Backwards Incompatible Changes Document

Unqualified references to undefined constants will now generate an E_WARNING (instead of an E_NOTICE). In the next major version of PHP, they will generate Error exceptions.

There have been many changes to PHP over its many versions – For Matraex’s use of PHP,   each version has been mostly compatible with the previous one with only minor changes, until a major decision affected one of the ways we deliberately used what we once called a “Feature” of PHP.  (For a full list of incompatible changes look at the Backwards Incompatible Changes sections in the PHP Appendices )

On March 5th, 2017, Rowan Collins proposed to deprecate bareword strings.  In PHP 7.2   the messages throw an E_WARNING message and in PHP 8.0 it will through an E_ERROR.

PHP has always been a loosely typed language which allows flexibility in many ways,   And we had used this flexibility in order write code in a ways that we belive made it more legible, maintainable and supportable within our coding style.   With this new change, hundreds of thousands of lines of code will need to be rewrittend before we can put it on a 7.2 or above server,  keys may be difficult to search, we will have inconsistencies in usage of keys depending on whether they are inside or out side of quotes.

Take this one example where lines 1, 3 and 4 below would work,   but line 2 would throw a warning in 7.2 and would through an error in 8.0.

  1. echo “Hello, $user[firstname],”;
  2. echo “Hello, “.$user[firstname].”,”;
  3. echo “Hello, “.$user[‘firstname’].”,”;
  4. echo “Hello, “.$user[“firstname”].”,”;

Matraex would have previously preferred to use methods 1 and then 2,  as they require fewer quotes and a search in our IDE of ‘user[first’ would have highlighted both uses.

Mr Collins did evaluate both sides of the decision and wrote a bit about it.  He described that “The value of keeping the current behaviour would be for programs written to deliberately take advantage of it”,   however he really dismisses that value and gave a stronger argument undefined constants can “mask serious bugs”.

I agree with each of the arguments and our 7.2 scripts will all comply with this new syntax requirement.  However, I disagree with the way the solution was indiscriminately executed.  A more considerate solution would have been to create a configuration option in PHP to control the requirement and allow developers and system administrators to continue to ‘deliberately’ use ‘undefined constants’.   This option would also allow existing stable programs to continue to take advantage of the other features of PHP >=7.2 without a significant refactor.    Perhaps the Impact section of the article could attempted to get more feedback from users that had deliberately made heavy investment in this feature.

To be more direct here is my request: PHP developers,  please create / allow a configuration option in PHP which will allow undefined constants to be used as strings. 

Changing existing code across the 10 + years of PHP projects will take thousands of hours to modify and test,  and that is just the projects that still exist. This is a barrier to upgrading to PHP 8.0.

Arguments for a configuration option

  • Millions of lines of code which deliberately use undefined constants as string (more likely billions or trillions – I probably have close to one million myself overtime)
  • My random belief: PHP should enforce “standards” on those that want or need them,  and allow experience users to explicitly choose to ignore them.
  • The configuration option would be disabled by default to address all of the problems mentioned in ‘the problem’ section of the article

Dealing with undefined constant warnings

Now we get to more technical area where I document some of the methods we have used to find code that needs to be updated for PHP 7.2 code.

1)  Use grep to find all uses of the code

This code finds ALL uses of lower case strings without quotes – because our standards do require constants to be in upper case

grep -Rne ‘\$[A-Z\_a-z]*\[[A-Za-Z\_]\{1,\}\]’ *.php

2)  Suppress E_WARNING messages

This is a bad idea,   while it will certainly make it so that your code continues to work in 7.2,   it will not fix it going into 8.0,   and this WILL mask other issues that you do need to know about.

If you want to learn mroe about this,   take a look at this discussion about it on Stack Overflow. Definitely read the comments about hiding warnings to get a better feel for it.

3) Create PHP configuration options to make provisions for undefined constants

These options would require the good work of a C developer that works on the PHP source. Some of these ideas may just work as described,  they really are just a good start (or continuation) of a discussion for features which could be implemented.   I don’t have a ‘bounty’ system but if you are interested in creating any of these options,  or would like to group together to coordinate it, please contact me.

  1. undefined_constants_string_level – Have a PHP directive which declares what E_ level all undefined constant warnings should – default in 8.0 can be E_ERROR
  2. undefined_constants_string_lowercase – Allow users to configure options which would allow only lowercase (or mixed case) constants as strings – which would allow / reserve upper case for use as constants.
  3. undefined_constants_string_superglobal – Allow undefined constants to be used when attempting to reference any key to a super global array (such as $_POST[mykey] or S_SERVER[HTTP_HOST]);

Matraex Releases FrameTurn SaaS

Matraex Announces the Launch of FrameTurn Application to Improve Optical Frame Sales – for BridgePoint Optics

Boise, Idaho (28 July 2018) — Matraex, Inc. (https://www.matraex.com) announces the launch of FrameTurn (https://frameturn.com) a custom application designed to help independent optometry practices use data driven techniques to enhance their business. The app was designed for Bridgepoint Optics (http://www.bridgepointoptics.com), an optical industry sales and business consultancy for independent eye care practices throughout the U.S.

Adding an on-line application provides a Software as a Service (SaaS) that extends their ability to help the optical industry, giving Bridgepoint an additional, marketable service it can provide to its own clients.

Matraex has developed a powerful on-line tool for Bridgepoint Optics that provides their clients with information that can help them make purchasing decisions in a timely and profitable manner.

“Offering a Software as a Solution (SaaS) product to its clients provides BridgePoint with additional business opportunities,” says Michael Blood, president of Matraex, Inc. “Developing a tool of this type for businesses is what drives us. We are excited to see FrameTurn go live over the next few weeks.”

From Bridgepoint’s perspective, the FrameTurn application provides an additional tool in their existing tool box of services that they can offer. It also gives them a significant edge in marketing to the vision care industry. Most importantly, however, it provides a powerful analytical tool designed to increase their clients’ bottom line at a very affordable price.

“Independents have traditionally relied on their instincts, or even guess work, rather than data to make purchasing decisions about frames for their optical shops. We’re excited to end all that! With FrameTurn, these eye care practices will have the ability to record and automatically analyze past and existing sales in various ways to determine trends that can increase their profitability,” says Dr. Rook Torres, co-founder of BridgePoint Optics and FrameTurn.

About Matraex, Inc.

Matraex, Inc. (https://www.matraex.com)  is a Boise-based software and application development company. The company has served many local and national organizations for more than 15 years, including the Better Business Bureau, Hewlett Packard, Madison Square Garden, Penn State University and the Idaho Hospital Association. The services include custom designed mobile applications (iOS, Android, etc.), as well as website development and management.

About BridgePoint Optics

BridgePoint Optics (http://www.bridgepointoptics.com) is an optical industry sales and business consultancy. For more than 25-years, they have specialized in the growth and development of independent eye care practices throughout the U.S.

PDF Version

 

 

 

New Group Sales Application for Bogus Basin

Boise-based MATRAEX to Develop New Group Sales Application for Bogus Basin

12 June 2018 (Boise, Id.) — Matraex, Inc. (https://www.matraex.com), a Boise-based software and application development company, announced its most recent project with Bogus Basin Recreational Association, Inc. (https://www.bogusbasin.org) to develop a custom website application for Bogus Basin’s Life Sports and School Night programs. The website application will help Bogus Basin coordinate and manage school group functions. The project is expected to be completed in September 2018 in anticipation of the 2018-19 ski season.

“We are thrilled Bogus Basin selected us to help streamline their processes as they move forward in their quest to be one of Boise’s premier winter and summer group destinations,” said Michael Blood, President of Matraex, Inc.

According to Molly Myers, Group Sales and Event Coordinator at Bogus Basin, the website and application will replace a legacy application they have used for more than 15-years. The new site will update and streamline the booking process by providing a single repository for group information and eliminating multiple communication channels where mistakes can occur. In addition, it will ensure that information flows to the correct departments for accurate fulfillment of each group’s needs.

“Having a streamlined system that’s uniquely tailored to our needs is very appealing,” said Myers. “Anything that supports a fun and efficient visit to Bogus Basin in the long run aids in our goal of making lifelong skiers and snowboarders.”

School groups that participate in Bogus Basin’s Life Sports or School Night must provide a lot of information about the students when booking, including:

  • Group size
  • Age, height, weight and shoe size of each participant to ensure sufficient, well-fitting rental equipment
  • Ski ability levels for each group member so that appropriate ski instructors are available
  • Special needs or requests

The website application will have additional benefits for Bogus Basin, including the ability to track, process and report financial information for internal use.

Matraex’s work with Bogus Basin will also incorporate other group offerings, such as bookings for the new “Glade Runner Mountain Coaster” attraction and other “Fun Zone” activities.

The Matraex website app is projected to go “live” in September 2018, just in time for schools and other groups to book their group ski trips for the 2018-19 ski season.

About Matraex, Inc.

Matraex, Inc. is a Boise-based software and application development company. The company has served a number of local and national organizations, including the Better Business Bureau, Hewlett Packard, Madison Square Garden, Penn State University and the Idaho Hospital Association. Their services include custom designed mobile applications (iOS, Android, etc.), as well as website development and management.

About Bogus Basin Recreational Association

Bogus Basin Recreational Association, Inc. is a 501(C)(3) non-profit organization dedicated to accessible, affordable and fun year-round mountain recreation and education for the Treasure Valley Community.

For more information, please visit https://www.matraex.com or call Michael Blood at (208) 344-1115.

Matraex – GDPR Data Processing Addendum

Earlier Today Matraex announced an updated Privacy Policy.

Now, we announce that our GDPR Matraex – Data Processing Addendum.pdf template is available to our clients and customers.  This means all of our US based clients that work with Personal Information of European Economic Area (EEA) citizens, can fill out the agreement and submit it to Matraex and keep our Service Agreements compliant with the GDPR.

The DPA also includes EU Model Clauses, which were approved by the European Union (EU) data protection authorities, known as the Article 29 Working Party. This means that Matraex customers wishing to transfer personal data from the EEA to other countries can do so with the knowledge that when Matraex processes the subject personal data it will be given the same high level of protection it receives in the EEA.

  • This announcement is important to our previous customers,  we are able to provide followup work on their existing software which interacts with EEA personal data.
  • This announcement is VERY important to our existing customers, it provides assurances that Matraex can continue working with their applications and services which process EEA personal data.

Each Matraex customer using processing EEA personal data will need to have a data processing agreement to comply with GDPR.  Previous, existing and new customers are asked to download and read the agreement and fill out the requested information. While the entire agreement is important to read and understand,  certain areas require input:

  • Enter your company information on Page 2
  • Have a company authority execute the agreement on Page 5
  • Enter the Member State your business is established in on Pages 10 and 11
  • Enter the “Categories of Data” which will processed on Page 12

Please contact us directly to assist in filling out the information,   when ready, email it to legal@matraex.com so we may review it,  and counter sign it.

Matraex executes a Data Processing Addendum with each of our clients that process Personal Data in the European Economic Area,  this allows us to be in compliance with GDPR and other privacy laws,  as well as with our own Privacy Policy

Privacy Policy Updated

If you have an email account,  there is a good chance that it has been filling up with Terms of Service and Privacy Policy updates over the last two weeks.

I am sure you have read them all and you understand that the EEA’s GDPR goes into effect today – May 25, 2018.

Matraex is similar to many of these companies and we have updated our Privacy Policy to comply with GDPR.

  • Our policy is easy to read with a Summary at the top and the Full policy beneath
  • Our policy is a single document rather than a maze of links
  • Our policy applies to all personal data

Matraex is also Very Different than most of the companies you have seen emails from.

  • Matraex builds the software for the companies subject to GDPR
  • Matraex maintains and enhances the software for companies subject to GDPR
  • Matraex is subject to GDPR as a Data Importer and Data Processor on behalf of our clients,  (others are Data Controllers and Data Processors)

As a third party Data Importer and Data Processor GDPR requires that our policies must also govern our data responsibility between our parties by entering into a Data Protection Addendum (request an addendum here)

In the process of putting GDPR together the EEA has defined quite a bit of vocabulary to help define responsibility in handling Personal Information Data – check out this glossary of GDPR terms to help define some of the terms I used above

To discuss any privacy, GDPR or custom services please contact us.

1.4 billion email accounts compromised

The list of websites that have been hacked is growing, and it is VERY likely that every one of us has been affected.

Hackers have always compiled, sold and distributed a list of breached accounts, but in December 2017 researchers saw an unprecedented list show up on the Dark Web.

A hacker assembled 1.4 billion compromised email address and credentials into a very organized list. The hackers provided tools to quickly search, sort and add to the list.

The compromised accounts were from many recent hacks including LinkedIn, Equifax and Uber. To see an updated list of hacks, refer to the Wikipedia article.   https://en.wikipedia.org/wiki/List_of_data_breaches

The 42 GB list is currently shared on many Peer to Peer networks and it can be found by anyone that truly wants to.

Matraex researched this list and developed a Hack Check app at hackcheck.email to allow users to check whether they are on the list.

If you are a business with multiple domains and you need assistance researching how they were affected,  contact Michael Blood at 208.344.1115 x 250