Blog

Safeguard your email address by registering a domain

A primary email address tied to your email provider could set you up for a great deal of inconvenience if they shut down. Registering your own domain helps control your email regardless of which company you’re currently using.

On Thursday, 8th August 2013, a secure email service provider called Lavabit suddenly suspended operations. Its founder, Ladar Levison, wrote in an open letter on the company’s website that he would rather shut the company down than “become complicit in crimes against the American people.” Although Mr Levison took what he believed to be a principled stand, Lavabit customers were understandably angry at being blocked from accessing their emails. Without warning, long-time customers lost years worth of archived messages. Active users who relied on the company to host their primary email now face the inconvenience of updating their contacts and online accounts with a new address.

One may be tempted to think that a simple solution would be just to set up another email account elsewhere. After all, there are many free email providers offering reliable services. If you’re in this camp, ask yourself how your day-to-day life will be affected if you suddenly and unexpectedly lose access to your email account.

  • Do you conduct business over email? How much productivity will be lost re-establishing communication with clients?
  • Have you saved passwords, document attachments and important account information in your webmail folders? What happens if you can’t log in to the webmail account?
  • How much time will it take to inform all your relatives, friends and contacts of your new email address, especially if your address book was also hosted with the lost email service?
  • How easy is it to reset the passwords of your other online accounts (internet banking, Facebook, Skype, etc.) without that lost email address?

Keeping control of your email address

There are some important lessons we can learn from the Lavabit incident and two things can save you from similar trouble:

  1. Register your own domain and link it to your email provider. That way, you can switch providers while retaining the same email address.
  2. Do not rely on webmail as your only method of accessing your messages. Set-up an email client on your computer and regularly download copies of your email.

Exactly how you go about using your own domain and downloading emails depends on your existing set-up and requirements. I’ll give a quick overview in this post but please note that it only briefly touches on some steps which can be quite technical.

Step 1: Register your own domain

An email address under your own domain keeps it independent of the email host. Your current email provider may go out of business, get bought-out or become unreliable but having your own domain means that you can switch to another while retaining the same email address.

To get an email address under your own domain, you first need to register a name with a domain name registrar. (See this post for more information.)

You can register your domain with the following companies but a web search for “domain registration” will bring up a list of other providers:

  • Another Cup of Coffee Limited – we’ll handle the details of domain registration under your name for £9.99 GBP per year
  • 123-reg.co.uk – a popular UK-based registrar and hosting company
  • namecheap – a US-based registrar that seems to have a good reputation for customer service (I personally haven’t used them)
  • Network Solutions – one of the oldest and well-known registrars but quite expensive

Regardless of which domain registrar you choose, the whole process should only take a few minutes to complete. However, depending on their system, it could take a few hours to a day or more before it’s available for use.

Step 2: Link your domain to your email provider

Linking your domain to an email provider can be intimidating for non-technical people. To make matters more complicated, some end up with different combinations of registrar, free web-based email, business email hosting, and web hosting. Everything can be under one roof or you may have different companies handling each component. The exact steps needed will depend on your subscription packages so covering them in a short tutorial is not practical. (That’s why companies like us exist!)

In general, your registrar will give you an online control panel. This lets you specify settings to hand over control of the domain’s email to an external email provider. Alternatively, it may offer an email forwarding service that automatically redirects messages to another address, such as Gmail or Yahoo Mail.

Changing email providers then becomes a matter of adjusting the control panel to reflect the new company’s settings.

Here are some help pages for a few of the popular email providers:

Step 3: Download backups of your emails

For many people, their main method of checking and sending email is through their provider’s webmail interface. It’s very convenient because there are no programs to set up on your computer. All that’s needed is to open up a web browser and log in. The downside is that you do not retain any copies of your messages. As some of the Lavabit customers found, you will lose everything if the provider suddenly ceases operations.

The solution is to set up an email program (also known as an email client), like Mac Mail, Microsoft Outlook or Mozilla Thunderbird to download emails from your server. Even if you prefer webmail, periodically connecting from your email client ensures that you save the latest messages on your computer’s hard-drive.

Most email providers offer you a choice of ‘POP’ or ‘IMAP’ as mechanisms for retrieving your email. POP will simply download all the messages and if set in your email client, delete the messages after they’re read. IMAP synchronizes your email client with the server so it copies the same structure of read, unread, sent messages and saved folders. (This Rackspace article gives more detail on the difference between the two.) I find IMAP to be the most convenient option. If you mostly use webmail, you should also use IMAP if it’s available.

Too much trouble?

These steps might seem daunting but you don’t need to be a computer expert to get everything set-up. Business users usually have more complex configurations that may need an IT administrator to get everything working properly. However, for personal users and micro-businesses with simple needs, a little bit or research and background reading should allow you to get the job done without any help.

Of course, if you’d rather not go to the trouble of doing this yourself, we’ll be very happy provide you with a quotation. This is not a big budget job as the whole process is fairly quick for those familiar with what’s required.

Some background on the Lavabit incident

I’ll make a slight digression from technical matters as the Lavabit incident may have wider implications for anyone using US-based internet services.

Lavabit offered encrypted email services and was reported in the press to have been used by the NSA whistleblower Edward Snowden. Unlike most email systems, the company’s technology meant that there was no way for them to directly read user emails. While we may never know the truth, it seems likely they were ordered to participate in ongoing surveillance in a form that the founder believed to be against the United States Constitution. Levison was issued with a ‘gag order’ preventing him from giving details on the matter. Shortly after the Lavabit news broke, Silent Circle, another secure email provider, pre-emptively shut down its own service in order to protect its customers.

There is increasing industry speculation that the US government’s surveillance is jeopardizing the country’s businesses since they can no longer be trusted to protect their users’ privacy.

It’s clear that no matter which country you’re in, if your email is hosted with a US provider, you need to assume that the US government will want (or already has) backdoor access to them. Whether or not this is acceptable is a discussion outside the scope of this post. Regardless of where you stand, it’s important to realize that the industry landscape is changing and we can no longer be complacent about safeguarding our data.

Now accepting Bitcoin for payments

I’d installed a Bitcoin wallet back in 2010 but at the time there wasn’t much of a market for Bitcoins. With all the publicity the technology has been getting lately, now seems like a good time to do some more experimentation. Part of that includes seeing if it’s practical to accept them as a form of payment.

The exchange rate is quite volatile right now so I’ll start off slowly and open this up to selected projects only. If you’re interested in paying for your project in Bitcoins, please drop me a note and we’ll work out the details.

For those who are interested in Bitcoin and would like to know more, here’s where to start:

(1) Get an overview at

(2) Install a BitCoin wallet. I went with Bitcoin-Qt.

(3) After installation, wait for your wallet to sync with the network. Warning: this could take days!

Drupal to WordPress utility now public

I’m releasing my in-house tool for Drupal to WordPress migration. You can go directly to the download page for the latest version of the utility.

If you’d rather let someone else do the work, you can find more information at my dedicated migration service page.

When I started Another Cup of Coffee, we specialized in setting up Drupal since it was—and still is—a very versatile content management system suitable for anything from simple ‘brochureware’ sites to online shops and social networking. One of my working assumptions was that website owners would appreciate a platform that offers more flexibility as their needs expanded. However, over the past few years, I’ve received quite a few requests from new and existing clients to migrate sites from Drupal to WordPress. At first it seemed a little odd that it was almost always in this direction and rarely the other way around.

Some investigation quickly brought out an obvious answer: there is a Drupal module called wordpress_migrate that supports migrating WordPress blog exports into Drupal, but no simple mechanism to convert Drupal nodes into WordPress posts and pages.

After many years of experience with running Drupal sites, I can understand why a certain type of website owner would prefer WordPress. It’s just much more suited to the non-technical user who just wants a simple site with fairly standard functionality. (Incidentally, this describes our target market.) Since I’d first started using WordPress in 2004, it has evolved from simple blogging software into a fully-fledged content management system. Further, it’s more user-friendly out-of-the-box than Drupal’s default utilitarian interace and has a simpler update system. From my own experience, Drupal maintenance can be quite demanding with its frequent core and module updates. WordPress, on the other hand, is refreshingly easy to maintain.

Releasing our in-house utility

Unfortunately for us, manually moving a client’s site from Drupal to WordPress was quite tricky and time consuming, especially when lots of content types and entries are involved. We obviously needed some sort of automated tool but to my surprise, all that I could find online were either articles about people experimenting with SQL scripts, or paid-for services like GoWordPress and cms2cms. Our margins are pretty tight and paying for the service just wasn’t an option so I decided to hack together some scripts to build our own in-house tool. A blog post by Scott Anderson at Underdog of Perfection provided the best steps to get me started.

After using our tool to migrate a fair number of sites, I realised that it was time to give back to the community. After all, my code built upon the efforts of others who freely shared their work. I’m therefore releasing our Drupal to WordPress Migration Tool for public use under the MIT License.

Screenshot of our Drupal to WordPress migration tool

Where to download the Drupal to WordPress Migration Tool

I’ve set up a dedicated page for downloading our Drupal to WordPress Migration Tool which will have the most up-to-date version. More feature-rich versions can be found there as feedback comes in and bugs are reported. The first version should definitely be considered a ‘beta’ and only used by people who know what they’re doing when it comes to setting up and configuring content management systems. Currently it supports only Drupal 6 and WordPress 3.5. Eventually I aim for it to be a ‘wizard’ style utility that can be used by less technical people, like web creatives who’ve been tasked with migrating their clients’ sites from various releases of Drupal into the latest version of WordPress.

If you’re unsure of how to proceed or would simply like someone else to do the work, please drop us a note and we’ll be happy to provide a quotation.

Go to the download page. IMPORTANT: I’m offering this tool with no warranty or support implied.

About the EU Cookie Law and our cookie policy

The EU Cookie Law

In May 2011, EU countries adopted the ‘EU Cookie Law’ (officially, the EU e-Privacy Directive). Essentially, it put in place legislation to force website owners to be transparent about their use of cookies and to ask visitors for consent. The legislation applies to all sites in European Union Member States, as well as foreign website who target audiences in Member States. The fine for non-compliance can be as much as £500,000.

The UK’s Information Commissioner’s Office (ICO) gave British websites a 12 month grace period to update their sites and published guidelines for compliance. This grace period ended on 26th May 2012.

What are cookies?

A cookie is a small file which is sent to your computer by a website. Many sites use them for things like storing site preferences, analysing web traffic, keeping you logged in and remembering shopping-basket items. Web browsers tend to automatically accept cookies but there are settings that allow you to customize how you deal with them. You can find more information about cookies, as well as find help on how to disable or delete them at aboutcookies.org.

How we use cookies

On this website, we use cookies for anonymous traffic statistics and to improve user experience. Technically, this site can also use cookies to keep track of logged in users and for post commenters. However, this functionality only applies to a limited set of website content editors. These cookies are not set for public visitors. For a list of cookies used on this site, please see the table below.

More information about the data we may collect can be found on our Privacy Policy page.

Your implied consent and how to opt-out

According to the ICO, “Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.” By continuing to use this website, we’ll assume you understand that your actions will result in cookies being set and have given your implied consent.

If you prefer not to have these cookies set, you may opt-out by configuring your browser to reject the cookies. Information on how to do this can be found at aboutcookies.org. Google provides a Browser Add-on for Chrome that enables you to opt out of all Google analytics.

Cookies on our clients’ sites

The kind of cookies we use for sites that we build depend on our clients’ requirements. Our general policy is to only use cookies that are needed for the operation of the site. Since we mostly install Drupal and WordPress content management systems, these include cookies that allow users to log in and post comments. When requested by the client, we also install traffic analysis code, such as Google Analytics, which also sets cookies to measure visitor statistics.

Sometimes a client wishes to display content from third-parties, such as advertising, games or ‘widgets’. These often also set cookies but we’d need to perform an audit to find out how they affect their site’s compliance.

Is your site compliant?

Please contact us if you’re not sure what kind of cookies are used on your own site. We will perform a cookie audit so that you can update your privacy policy in order to comply with the law.

More information

The table below describes the cookies we set on this site for public visitors.

[cookie_audit]

You might find these articles helpful.

Using Basecamp’s To Do feature

We use a web-based project management system called Basecamp which you can used to communicate with us. It allows you to send messages which are logged chronologically for your records. It also lets you assign tasks to us in the form of To-Do lists. This helps us keep track of outstanding tasks more efficiently.

This document gives a primer on how to use Basecamp’s To-Do system.

1. Log in to the Basecamp project management site

Log in to Basecamp using the details provided to you by our development team. If you don’t know your login details, you’ve probably been interacting with us via email only. See the section below for more information about Basecamp and how to set up your account.

2. Go to the To-Do section

Once logged in, you’ll see the Overview screen below. This shows the recent activity on your project. Click the To-Dos tab.

Image of Basecamp's To Do page

3. Add new To-Do item

The To-Do section should look a little like the screenshot below.

Image of Basecamp's add new to-do item screen

The main area shows the list of pending content updates. Below it is a section where you can enter new content updates in the form of a to-do item. The greyed-out portion below is a listing of recently completed content updates.

Setting up your Basecamp account

Basecamp is a third-party project management system that we use to organise projects. It helps keep you in the loop about the progress and gives you a way to interact with our development team. This tool can be more useful than communicating by email because you’ll find all related discussions, files and to-do items in one place. Other project members can also add their input by attaching comments.

Note that anything you add will be visible to team members listed in the ‘People’ section. Therefore, please contact me directly by email or phone if you’d like to discuss anything confidential, such as financial and billing details, or restricted intellectual property information.

At the start of our work together, you should have received an email that helps you set up your account on Basecamp. I would have looked like this:

Image of Basecamp's invitation email

If you can’t find the email and it’s not in your spam folder, let me know and I’ll get the email resent.

After you click on the link in the email, you should see a page that lets you enter your name, email address and password. Your account is created once this is done.

Image of Basecamp's setup screen

Q: Is there a standard list of things to test on my site?

There really isn’t a standard list because each site tends to have slightly different features. Generally, though, there are three main areas that should be tested:

(A) Technical (do the features work correctly?)
(B) Usability (is the site easy to use?)
(C) Accessibility (can visitors access the site’s content without too much trouble?)

Here’s a common list of technical things to check that would apply to most of our clients’ site:

  1. Does the site display on different browsers and operating systems? (Which browsers depend on your target market but usually they’d be Internet Explorer 7, 8 & 9, Firefox 11 & 12, Safari 5, Chrome 18. Operating systems for the general market would be Windows and Mac. We don’t usually consider mobile access unless it’s a feature that clients specifically request.)
  2. Are there any broken links?
  3. Are all the pages formatted so that all content is visible?
  4. Does the search facility turn up the correct results?
  5. Can you click through to the content images and do they expand and close to return you to the article?

As you can see, this is all pretty basic stuff because most of our site’s features aren’t too complex.

Because of this, I suggest that your user testing should mostly be focusing on non-technical aspects like (B) and (C). However, because the bulk of these areas are subjective, it’s difficult to come up with an actual list. Therefore, I would suggest having free form comment boxes for people to leave their feedback.

Another thing to note is that the UK and EU have legislation covering web accessibility. You can find out more about this via the following links:

  • http://www.web-accessibility.co.uk/legal.asp
  • http://www.w3.org/WAI/Policy/#UK
  • http://www.w3.org/WAI/Policy/#EU

Unfortunately, this topic is quite a complex and time consuming area and most companies and web developers know little about the subject. There are also doubts about how these laws can actually be enforced. Furthermore, there are no specific definitions on what exact standards must be met within the UK. Thus it is my experience that many web owners and developers simply ignore the issue.

My policy is that we use web-standards compliant technologies where possible. This resolves most accessibility issues within reason for the amount invested in development. However, if a client wants to meet specific standards compliance, we do this under our standard hourly rate as an added service.

Ultimately, this is a business decision to be made on the client end whether this should be a focus.

Q: Do you have sample terms and conditions we can use?

Generally, my clients tend use template-based terms and conditions when starting up. (They tend to take on paid legal advice later on, for example, after their venture has stabilized.)

Usually they ask about:

  1. Website usage terms
  2. Privacy policy (especially when they’re collecting data through online forms)

For those who are UK-based, I point them towards the Business Link website.

Edit 22 April 2013: It seems that the businesslink.gov.uk website has now been replaced by gov.uk and the above links no longer work. However, the sample privacy policy does still seem to be online for the time being at this link. (Microsoft .doc download, 28KB)

Q: What should we expect after signing-off a project with you?

Projects tend to vary for each client but the process goes as follows:

  1. I’ll send you an invoice for a 50% down-payment to cover for the start-up costs.
  2. You’ll receive log-in details to our project collaboration site. This will show some initial project time-scales and check-lists of what needs to be done.
  3. We’ll schedule your work as soon as we receive your down-payment remittance.

Timescales

From experience with many other projects, I now generally do not specify timescales for the stages in the initial work agreement or invoice. There are several reasons for this:

  1. For the majority of projects, the original timescales end up changing part way into the work. The reasons vary, such as a change of focus, new ideas for features and as is often the case with start-ups, an evolution in the business priorities.
  2. The stages themselves are not fixed and sometimes we end up running them concurrently, starting early or delaying them.

Instead, we work towards some broad milestones that are set by our clients. The milestones are set on our project collaboration site and are adjusted depending on how the project evolves.

Testing

Testing is another area where we differ slightly from some other web companies.

In my opinion, the best people to test the site are the clients themselves; you know better than anyone else how you expect things to work. We’re then guided by your observations.

This process helps keep our fee low because I don’t need to hire dedicated testers or get expensive programmers to do the job. It also skips the time intensive (and expensive) test specification documentation what would be necessary if we were to perform the tests thoroughly.

Testing is therefore more of a collaborative process with you.

For us, testing starts very early on in the project. The usual procedure many web companies follow is to give access to the site towards the end of the development process, only when things are ‘ready’ for the client to view.

I believe that it helps to let you loose on it early on because it gives you a realistic expectation of how things are going all the way through our work together. It also gives you a chance to ask questions and steer things in the right direction while we develop the site.

Testing period

Because of the above, I find that specifying a testing period in the contract usually isn’t very flexible.

It’s also quite difficult to stick to the period specified. For many clients, the website, while important, isn’t the only thing they must deal with in their business. In my experience, things nearly always come up that prevents them from dealing with the task during the allocated time.

For example, let’s take a client’s suggestion of a testing period of two days after delivery. I find  what happens in practical terms is that if I deliver, say, on Monday, the client would have a meeting on the Tuesday, then a series of calls for Wednesday and so on. Thus the testing period expired but the client was still unable to even look at the site.

Again, this is another reason why we actually start the testing process near the beginning of the project.

Of course, if you prefer to have the period specified in the contract, we can do our best to meet it but with the caveat that things might not turn out that way.

Customising the length of post summaries (or ‘teasers’) on your Drupal site

Many Drupal-based sites create summaries when you upload a post. These are often shown in listing pages that show the first paragraph or so of the post. These post summaries called ‘teasers’ in Drupal and are extracted automatically from the main text. The software makes its best guess about how much of the text to show but it doesn’t always look right.

You can manually tell Drupal where the teaser should end by inserting a special tag in the main editing box. To do just follow the steps below:

  1. Go to the edit screen of the page you’d like to edit.
  2. Click the ‘Disable rich-text’ link just below the ‘Description’ text input box.
  3. Enter the tag <!--break--> at the point you want the summary to end and click save.