Housing associations: this post could help protect your rental income

With the inevitable challenge of Universal Credit, housing associations must find new and more reliable ways to protect their rental income. A “good” website is often cited as one way of doing this – but what makes a housing association website truly effective in helping protect rental income?

Originally posted on the Reason Digital blog

I’ve been working on some research for housing associations on how effective they are digitally. Almost all housing associations do have websites. But when it comes to those websites playing an active role in helping protect rental income, many housing associations still lag behind: online payments are non-existent, or difficult to achieve, the sites don’t work on a smartphone and some even have outdated payment details.

When considering what makes an effective website, there’s definitely a lead that we can take from the consumer sector. Websites like Amazon, Tesco and Just Eat are designed to help their users buy products quickly and with as few barriers as possible between the demand being identified and the payment being taken. Amazon even invented the ‘one-click’ method of buying something online and they’ve recently extended this concept to a physical object with the Amazon Dash Button.

And in the age of cuts and Universal Credit, when social housing tenants must make active choices about how to use their money, housing association websites must adopt the same tactics to persuade their tenants to pay their rent online instead of ringing their call centre or visiting a service desk.

Let’s take a step back. Why is this important? After all, tenants in social housing often have special requirements or in some particular need. Do they even use smartphones or shop online?

Around 46% of social renters already have access to a smartphone.

The answer is a resounding yes: ASRA, a housing association focusing on London and the south east has found that almost half of their website traffic (47%) comes from smartphones and around three-quarters of this traffic are repeat visitors. As long ago as 2014 other social housing associations were reporting that up to 35% of their web traffic was from smartphones.

As the take-up of smartphones continues to increase in the UK, perhaps those traffic trends aren’t particularly surprising. Around 46% of social renters already have access to a smartphone, and this is likely to rise access to the internet becomes more essential and prices come down.

Tenants of social housing are just like anyone else when they buy goods or services online. The key difference is that they may be more reliant on mobile internet use. Their expectations are (or increasingly will be) the same when accessing housing services.

And even though most websites not designed for smartphones will still be viewable on a small screen, 61% of users said they were unlikely to return to a site if they had trouble viewing it on a phone (Nielsen, 2013).

So why do so many housing associations have such ineffective websites when that could lead directly to increased costs and even the loss of rental income?

From speaking to many of my clients, I know that getting a new website sorted out can feel like a headache: coming up with sensible requirements, the pain of tendering and then the eye-watering cost which leaves you with a site that’s never updated.

All this means that a ‘new website’ gets relegated to the back of your mind, becoming a nagging feeling that you just don’t want to address.

But the truth is stark: having a website that works well on a smartphone will help cut costs and protect your rental income.

And if there’s a way of making rent easy to pay online, is there a way of buying a website online that’s as simple as clicking a button?

Whilst “one click” websites aren’t quite on the horizons, the good news is that we do have a way to dramatically reduce the pain of commissioning a new website, whilst getting your digital presence sorted – and turning it into a channel for protecting your rental income.

We have produced successful websites for housing associations like Riverside, Halton Housing and Keniston; and what we’ve learned is that you don’t need to reinvent the web to have an effective website.

In fact, we think that it should be as easy as signing up to watch TV or listen to music online.

These days, you don’t pay tons up front to do those things: you buy a subscription. And when you don’t need that service anymore, you simply stop paying. Why should buying a website be any different?

If you’re interested, we’d love to chat. Two of our charity sector clients, Core and Lattitude have already seen the benefits and now, we want to bring the learnings from easy online donations to the social housing sector.

Ultimately, housing associations must treat customers like Amazon do. Persuading tenants to pay their rent online isn’t done by shutting down traditional services: it’s got to be an active choice by making it the easiest way to pay.

Let’s learn from ‘buy it now’ and start building websites that help tenants ‘pay it now’!

What I learned at Thinking Digital Manchester 2015

I spent a few days earlier this month at my first ‘pure’ training conference for a while. Thinking Digital “brings together people curious about how technology is shaping our future”. That means it’s a day of great talks by interesting people about tech, arts and the future. Having run successfully for eight years in Gateshead, the organisers decided to hold an offshoot event in Manchester and I went along for the first time on Tuesday.

Some of the things I learned included:

There are many videos from previous talks already available.

The previous day, I took part in an afternoon workshop about vlogging — producing short video, primarily on mobile. According to the workshop trainer, the human brain processes visual information 60,000 times faster than text! Clearly, useful & engaging visual content is something that could be massively useful to our community & I’d like to find ways of using it effectively.

As proof of what I learned, I produced the video at the start of this post from the main conference day which took “only” 2-3 hours of editing on unfamiliar software. Hopefully that will become a lot quicker as I develop ability – and style!

Unsurprisingly, I also met all sorts of interesting people at Thinking Digital — from technologists, to creative makers and those who were simply curious about the future.

Do go along to Thinking Digital the next time it’s near you — even if it doesn’t seem directly relevant to your work, it’ll be an inspiring day with plenty to take away and consider in your day to day life.

Reduce the risk of email rejection by making WordPress send emails via SMTP if DKIM is configured

Originally published on the Bytemark forum

I recently migrated yet another WordPress site from a Turnkey Linux install to join my others on Bytemark Symbiosis. As I’ve briefly mentioned elsewhere, this went without major problems.

I also decided to configure SPF and DKIM as part of my plan to finish migrating mail services over. However, I didn’t consider the fact that this has an impact on the deliverability of emails sent from WordPress and presumably other similar PHP-based web applications.

I’ve been using a catch-all forwarding rule and spotted a rejected email from Yahoo! Mail. The rejected email was a blog post that was shared by email using WordPress JetPack sharing. The rejection notice quoted 554 5.7.9: Message not accepted for policy reasons. The explanatory URL clarifies:

Your email failed one or more of the following industry-wide authentication checks that Yahoo uses to verify emails are truly sent from the domains they claim to originate from.

It goes on to briefly explain DKIM, SPF and DMARC (not currently implemented in Symbiosis).

Thankfully, this is a solvable problem – in fact, it’s not even really a problem, as Yahoo! Mail is just doing its job by checking for correct DKIM headers.

However, WordPress doesn’t make solving it obvious. Chad Butler has done a ton of investigation into WordPress’s email woes, pointing the finger at the wp_mail function – a “wrapper” for phpmailer. The solution is to force WordPress to use SMTP via phpmailer. Here are two suggested approaches:

  1. Edit your theme’s functions.php to include an extra code snippet that configures WordPress to use SMTP to send email.
  2. Use an extra plugin to bring this functionality to all themes and WordPress email functions. Chad recommends WP Mail SMTP which I’ve just deployed and tested briefly with WordPress 4.0.1 (this may useful for multi-site setups too).

With both approaches, there are some Symbiosis-specific things you should be aware of (I’ll use the standard Symbiosis examples here):

  • You need to create a mailbox first, if that isn’t obvious, e.g. blog.
  • The SMTP host is mail.my-brilliant-site.com (on default port 25).
  • The username must follow the example blog@my-brilliant-site.com. Obvious, perhaps, but I always forget this.
  • SMTP requires authentication.
  • I used TLS encryption successfully.

If you’ve tweaked your Symbiosis install to be non-standard, then you’ll have to reflect that here but otherwise it’s pretty much the same as setting up a mail client to send mail.

If you’re using the WP Mail SMTP plugin, then you can send a test email. I recommend trying to send it to a Gmail or Yahoo! Mail address. The result you’re looking for is bool(true) – in addition to the test email of course, which you can examine to ensure it includes the right DKIM-Signature header.

I hope this helps with any head-scratching you might have also been doing!

How to: set up your own email server in 5 steps

Originally published on Bytemark’s forum

There are a load of guides to setting up email on a server, but many of them don’t cover the extra useful features that make hosting your own email a viable experience.

If you’re going to wean yourself off Gmail, then you need usable webmail, (push) IMAP, spam filtering, virus protection and all the extras like DKIM signing on outgoing messages.

Using Symbiosis + bigv.io, you can set up a mail server with all the above features in just five steps.

Symbiosis is free software that already powers thousands of mailboxes across Bytemark’s network. It’s easy to use for developers and seasoned sysadmins, being well documented and doesn’t need you to be using Bytemark or BigV at all – it’s free software.

There are five steps, but I’ve assumed two pre-requisites (which avoid having to configure DNS):

  • that you’ve registered your domain and pointed it at Bytemark’s name servers: [a-c].ns.bytemark.co.uk and
  • that you have an account on bigv.io. If you want to try before you buy, bigv.io is currently offering free credit to run a basic server for a month.

1. Create a server using Bytemark Symbiosis through the bigv.io client.

$ bigv vm new

Make sure you pick symbiosis as your distribution.

For the more visually inclined, try the beta BigV web manager: https://panel-beta.bytemark.co.uk/

You don’t need anything special – the basic configuration of 1 GiB RAM, 1 core and 25 GB of sata space will sort you out (sata:25).

At the end of the imaging process, you’ll get the root password and IP address. Take note of both!

2. Login to your newly created server using SSH.

$ ssh admin@example.default.group.uk0.bigv.io

Use admin as the user, rather than root. The password is the same by default. You’ll land in the home directory for admin, which is /srv. You can also connect to the IP address.

3. Create a domain and mailbox user in Symbiosis by creating subdirectories.

$ mkdir -p /srv/my-brilliant-site.com/mailboxes/bob

Symbiosis works by using subdirectories and files to configure domains, mailboxes and users. There’s no web interface, scripts to run or interpret. Just plain directories and files.

The Symbiosis documentation recommends use of SFTP through FileZilla. Personally I’m fine with SSH at the command-line, but pick whatever you like. Just remember to use the admin account rather than root.

4. Set a password for the user.

$ echo Passw0rd123 | symbiosis-encrypt-password > my-brilliant-site.com/mailboxes/bob/password

Passw0rd123 can be any text string. Essentially, this stores a hash of the password in the right place.

5. Test the email setup.

Open webmail (SquirrelMail) by visiting the following address in your web browser:


Login with the username you set at the full domain, e.g. bob@my-brilliant-site.com. Use the password you created above.

Webmail can be accessed over https which by default is secured with a self-signed certificate. You can also add your new mail account to your favourite mail client using IMAP or POP3. Symbiosis supports TLS for both protocols.

That’s it! In just 5 steps, you’ve setup a fully working email implementation, reasonably secured and in a well understood way.

You can easily extend your email setup by using SpamAssassin for spam filtering and ClamAV for antivirus. Have a read through the Symbiosis documentation for more. All the software is documented and open source.


If nothing comes up when you visit the webmail URL, try waiting up to an hour, especially if your domain hasn’t previously been registered on Bytemark’s DNS servers. Your domain will be automatically configured to serve email (including SMTP) and webmail if it’s hosted within Bytemark’s network.

If it’s hosted elsewhere, you can check out the sample records to set up your DNS config.

Did you find this useful? Do you have any suggestions for improving this documentation? Please drop me a comment below.

Developers: stop re-AOLizing the web!

No AOLI recently succumbed to the hype and downloaded Mailbox, a mobile email client that tries to help you manage your overflowing email inbox and achieve the mythical “inbox zero”.

Mailbox does this by encouraging you to immediately archive, trash or schedule the email for a re-read or response using a swipe interface. It’s pretty good, actually, and I’ve found myself with fewer new emails just sitting in my inbox waiting for me to do something with them. My older email archive is another matter.

There’s one major flaw however.

By using Mailbox, I’m effectively helping to re-AOLize the web. You see, Mailbox only supports two email providers: Gmail and Apple iCloud.

I find it incredible that an app developer working on an open, well-documented and well-understood platform like email has effectively closed down access to their product to users who are on just a couple of providers.

Don’t get me wrong: I know the problems are difficult, especially as open platforms beget a multitude of implementations.

But by choosing to lock yourself into the Google API, when there is another, really open way to do things, feels like a mistake to me. If Mailbox supported any standardised IMAP provider, they’d no doubt have access to a much wider user base who would use their app across multiple providers.

And they might even be able to charge for the app and make an income – rather than selling themselves to Dropbox to survive.

It doesn’t help that locking me even more to the Google ecosystem and all the threats to my privacy and freedom that brings with it. Dropbox is another cloud company with a questionable approach to customer’s privacy and freedom.

Google (and to a lesser extent) Apple, Facebook and Twitter, have little interest in allowing their products to inter-operate in a meaningful way. Let’s remember that this is exactly how much of the consumer internet worked in the late 80s and 90s: CompuServe only reluctantly added email to its internal messaging and AoL generally preferred to lock down users to its own walled-garden of content rather than having them access the web. Both these networks, once seen as pioneers are now effectively defunct.

When developers choose to lock-in to an ecosystem like Google, they also lock in users. And that’s when innovation dies: users’ choice is restricted, so they demand less (and alternatives don’t get developed). By using it myself, I’m helping depress demand for a good email client that works with multiple providers. That’s not a good thing because it means I’ll have less choice.

Despite email being an inherently tedious form of communication, it’s essential and here to stay. If developers want to play their part in improving email, then it’s not going to be by re-AOLizing the web and locking down to a single provider: it’s going to be by supporting open email platforms that enable a wide range of people to use your product.

As it stands, Mailbox has been a useful so far. But I know my own time with it is limited, as I continue to transition away from closed source, anti-privacy services like Gmail to self-hosted, free and open source alternatives.

And that will be a loss for the Mailbox developers.

What does a ‘network attack’ look like?

Today, the popular content delivery network Akamai is reporting that ‘network attacks’ are 95%+ above ‘normal’.

Screengrab from Akamai’s ‘real-time web monitor’

It’s hard to get a feel for what data Akamai are using here or what the baseline is, but it caught my attention because of some attacks against our own network that we saw over the weekend.

It also got me thinking: ‘what does a network attack actually look like?’ for a hosting company.

To answer that, I suppose I need to explain what I mean by a ‘network attack’.

A network attack can come in many forms, but the most common type that we experience is a DDoS – a distributed denial-of-service attack. This type of attack is intended to disable access to a server or network by overloading it with network requests. Almost any network or server is vulnerable to such attacks because its job is to respond to network requests, e.g. to display a web page or access other content be it public or private. Depending how powerful they are, servers (and multiple groups of servers in clusters) can handle hundreds, thousands or even millions of simultaneous requests. A DDoS attack harnesses hundreds or even thousands of compromised computers or servers connected to the Internet to overwhelm the target servers by sending thousands or millions of requests (hence the term ‘distributed’). The sheer weight of requests will often rapidly overwhelm a server’s ability to respond as it runs out of resources. Hence, servers and websites ‘go down’. (The Wikipedia article on DDoS attacks has more background).

It’s important to note that however properly a server is configured, it can still be vulnerable to DDoS attacks. A DDoS attack exploits the very basic function of a server – to answer network requests and serve up content. An attack also often happens with little warning. And because it passes through network hardware that is at the edge of our network (thus usually shared by some other customers), it can have a wider impact.

Bytemark NOC – not really

But let’s make one thing very clear. A network attack happens in real time. Unlike the popular media image of an ISP, we don’t have a NORAD style mission control centre to monitor attacks through the paradigm of global warfare. There are no progress bars, or red lines curving over a map to warn us of what’s about to happen.

What does happen is that the target server is no longer able to serve the content that it would normally be expected to serve. If the network attack is large enough, it can also begin to affect other sites on our network. This is clearly an unacceptable situation.

So what we need is a system that monitors client servers, detects when they’re not serving content normally and then alerts the right people in the most effective way to take action. That action being to “null route” all the traffic directed at the target server, i.e. configure our network infrastructure to redirect it to nowhere, meaning it’s dropped and ignored. We also need to contact the client and explain what’s happening, as well as let everyone else know through our forum.

Summing up, responding to network attacks (like a DDoS) is an important part of what we do as a responsible hosting provider. What they ‘look like’ isn’t particularly sexy (though I do now wish we had a WarGames style command centre). However, our visibility of network attacks is optimised for rapid and efficient response be it night or day.

In the light of recent attacks across the Internet, I hope this has shed some light on how we handle these challenging events.

Google Chrome’s “Warn Before Quitting” preference doesn’t automatically sync

I recently set up my new work Mac and one of my first tasks was to download Google Chrome. Yes, Google is ‘evil’ and gives away my data to the NSA, but you can’t beat the convenience of having a synchronised browser experience across multiple computers.

Signing-in to Chrome with my Google account lets automatically install my preferred extensions, synchronises bookmarks and history (if I choose) and other browsing preferences.

Warn Before Quitting in Chrome

However, the most useful preference that I have enabled does not get sync’d. That’s “Warn Before Quitting” – an incredibly helpful feature for those with fat fingers like me, or if you’re just someone that types very fast. Tapping Command-Q on a Mac is the standard keyboard shortcut to close an app, but unfortunately it’s right next to Command-W – the command to just close a window or, say, a Chrome tab.

The Warn Before Quitting feature requires you to hold down Command-Q for more than a keystroke to quit Chrome. In fact, you have to hold it down for a few seconds while a visual prompt confirms you really do want to quit. And given how many tabs I usually have open at once, this is quite rare.

So while this is a great feature, the second-greatest feature – syncing – doesn’t actually enable it on other browsers! I suppose this is partly down to the cross-platform nature of Chrome – the equivalent key combination on Windows, Alt+F4 poses fewer issues.

Nonetheless, a pretty key preference for Chrome Mac users is not sync’d across devices. And I’ve been losing tabs for days!

The Jubilee Time Capsule: 80,000 memories

Originally published over at Melbourne.co.uk

Memories are precious. You can’t replace them. “Memories are what warm you up from the inside”, wrote Haruki Murakami.

And throughout the 60 years of her reign, the Queen will undoubtedly have inspired countless memories in her capacity as Head of State and Head of the Commonwealth.

I think that’s why I’ve been so personally excited by the Jubilee Time Capsule project, that we are an important part of. It’s more than just a bunch of servers humming away in a datacentre: it’s a unique collection of memories. Over 80,000 of them, in fact, submitted by people from across the world, creating a crowdsourced archive of the Queen’s 60 years on the throne. Photos, videos, text: all part of a digital timeline unlike any other in history. And we’re proud and honoured to be chosen to host this unique time capsule for the 21st century.

In September, the Jubilee Time Capsule was closed for entries and “sealed”. So today, my colleague Steven and I have headed to that London for a very special event. Following the sealing of the capsule, the best 60 entries have been collated by an impressive panel of judges. This Diamond (re)Collection will then be presented to Her Majesty the Queen on a Samsung tablet.

It’s hard to believe that something we’ve been working on over the last year will now be presented to the Queen. It’s a huge honour, of course, but for us it also represents something that’s one of our core values: trust. Trust is something that’s earned, and we’re humbled really, that, as a team of young-ish, northern(-ish) geeks we’ve been trusted with delivering the hosting for a project on behalf of one the oldest institutions in the world.

Thanks must go to the guys at Capsool.com who developed the technology and to our friends at Attido Mobile who designed the iPhone and iPad apps to help people upload memories to the capsule. And, of course, a huge thanks to our support team at Melbourne, who helped design and provision the servers that host the Jubilee Time Capsule. While it was treated with the same love and care as all our customers get, it’s great to demonstrate that the platform has experienced 100% uptime – which is exactly what we aim to offer to all customers.

So as I write, we’re about to set off to the Commonwealth Club now. We’ll be uploading our own snaps and videos from the day on Twitter so keep an eye out over @MelbourneHost.

Live your life in the cloud with 4G

I’m barely coherent without a coffee in the mornings. So it was fortunate that I nipped over to Teacup on Thomas Street before work for a cup of coffee and a spot of BBC Breakfast with Rory Cellan Jones to talk about today’s 4G launch.

For the uninitiated, 4G (or LTE as it’s sometimes called) is the latest generation of mobile phone technology, allowing significantly faster mobile Internet connectivity. In fact, Rory’s tests this morning showed 19 Mbps and 15 MBps up, which is even better than the UK average broadband speed of 9 Mbps!

Given that more and more of our personal data is being hosted and processed in the cloud, and our increasing reliance on mobile data apps, the advent of 4G cannot come quickly enough. Fast, reliable mobile data will only increase the use of cloud technologies to store and share content. More and more of us will live our lives in the cloud.

However, as with any brand new technology, there is a cost. Users have to invest in a whole new infrastructure, with only a limited number of handsets currently supporting 4G in the UK and the small, current data tariffs don’t reflect the potential of storing your life in the cloud.

Nonetheless, this is just the start. Like 3G, ten years ago, the technology will mature and consumer choice will expand. For cloud providers like us, it’s an exciting time to step-up to the plate and continue to deliver reliable, secure infrastructure for future 4G-based uses.


Macclesfield – on the leading edge of digital

Until recently, my only knowledge of Macclesfield was of an unfortunately named supplies shop. And, of course, I’d heard the rumours about a Bond-villain style mansion owned by a certain global mega-agency.

But in fact, I’ve learned that Macclesfield is a burgeoning digital and creative hub.

Set amongst the leafy lanes of Cheshire, the town of Macclesfield has attracted some high-profile names such as Matmi and become an attractive choice for growing businesses like Abstraktion. It’s less than half an hour from Manchester and on the fast line to London too.

So last Wednesday, the cosy surrounds of Inca Cafe Bar played host to some of the leading digital and creative businesses in the area. My occasional cycling buddy Martin invited me and Chris Marsh down to his event Digital Edge, to meet some of the leading digital businesses and give our perspective on the future of the cloud.

Digital Edge is a fun event. About 30 of us packed out the venue, where Claire the owner was serving up local beer, cider, tasty toasties and stew. Good honest grub. And that, for me, really set the tone. Martin had asked us to serve on a ‘panel’, but essentially it was a two-way conversation throughout; an inquisitive, intelligent audience really testing our knowledge about cloud computing and debating our opinions about the future.

We were pretty conscious of turning up to an event like this and not knowing anyone, but there were friendly faces and, of course, Martin kept everything running smoothly – including plying me with some 6% cider from Somerset. And with a crowd that size, it’s actually a chance to talk to everyone that turns up, rather than whipping round quickly collecting business cards.

So is Macclesfield the new Silicon Roundabout? Well apart from the sheer fatuousness of that statement, there is something going on in the cobbled streets of this market town that’s making an impact around the world. We’ll be going back whenever we can to learn more.

Sign-up to Digital Edge on meetup.com and follow them on Twitter: @digitaledgemacc.