Technical Specifications

Back-End Technologies

In 2003, One Hat looked around at many open-source content management systems (cms) and decided we could build a better one—so we did, and have been updating and improving it ever since. Our cms is intuitive and modular, making it easy to learn, use, and customize. The code base and all custom modules are built using object-oriented php5 code. We use the mdb2 database abstraction layer for code portability, although we usually set up our databases in mysql5. We prefer the Apache web server, however, we have made sure our cms works flawlessly with Microsoft iis (although this setup requires an inexpensive third-party plugin for iis). We develop our sites on Mac os x and typically deploy them on Linux or Windows machines. We apply design patterns when appropriate and use an mvc architecture. Our code is easy to read, and heavily documented in-line.

Front-End Technologies

Over the past few years, the web industry has placed much emphasis on front-end performance—and rightly so—as that is where the bulk of the bottleneck is for quick and smooth user experiences. At One Hat Design Studio, llc, we have stayed on top of these advances and utilize them in all of our sites. A few examples of these advances are in the use of image sprites, Ajax operations, css/js placement and formatting, and compression.

Our Javascript code is namespaced, unobtrusive, and follows the progressive-enhancement philosophy. When appropriate, we make use of the yui and/or extjs open-source libraries, and we routinely implement Ajax functionality. Our cms incorporates the open source FCKeditor for in-browser wysiwyg editing of html. Our html validates as xhtml 1.0 Transitional or Strict, uses css for layout and not tables, and uses semantic markup—even using Microformats where applicable. When developing for Flash, we manually write code in Actionscript 3.0.

Handicapped accessibility is important to many of our clients, and we make sure that when needed, our websites conform to Section 508 guidelines and the w3c’s accessibility guidelines.

Our sites use clean urls and optionally allow for ssl secure logins. We ensure that our sites are search engine friendly by performing extensive search engine optimization (seo).

One Hat follows the graded system of browser support outlined by Yahoo! web developer Nate Koechley in this article. Briefly, this system means that browsers are split into different categories of levels of support. Those browsers which support a given technology will take advantage of that technology. Those browsers which don’t recognize it degrade gracefully. We do not guarantee identical appearance or functionality between browsers or platforms. We do, however, strive for acceptable appearance and functionality.

We are also able to build custom desktop applications using Adobe AIR!

Testing

Our user-interface testing methodology is a rather informal one, but it produces good results. We test our sites by having multiple people (other than the original designer) browse the site. We listen to their feedback and try to make adjustments or accommodations whenever possible.

Feature and function testing takes place by repeatedly hammering the site with unique data. For website/browser compatibility, we currently (as of May 3, 2009) test in the following browsers and platforms (keeping in mind our graded browser support policy mentioned earlier):
Windows: Internet Explorer 6, 7, 8 / Firefox 2, 3 / Opera 9
Mac: Safari 3 / Firefox 2, 3

Quality Assurance

All software has bugs or unexpected outcomes from interaction with users. One Hat Design Studio, llc attempts to keep these to a minimum. We do extensive internal testing before turning our software over to customers. However, bugs do occur from time to time.

When a customer encounters a bug in our software, a determination is made by One Hat Design Studio, llc as to whether it is mission-critical, important, or peripheral. Mission-critical bugs are fixed immediately, and at no charge to the customer. Production halts on our other projects while these fixes are being made. Bug fixes are deemed important when an element’s functionality is reduced or broken, but the site remains intact. Important bugs are not given as immediate a time-priority as mission-critical ones, but they are still fixed as time and scheduling permits, and at no charge to the customer. Peripheral bugs are those not considered harmful or which do not interfere with core functionality. They are fixed as time and scheduling allow, if at all. Those customers who have regular maintenance contracts with us usually see peripheral bugs fixed as part of their maintenance contract over a period of time. Alternatively, peripheral bugs may be fixed as a special update, charged at our hourly rate.

Security

No software or hardware is entirely secure. Security, thus, becomes a matter of risk-management. At One Hat Design Studio, llc, we do our best to ensure that our software is as secure as is feasible, and that the risk to the client is minimal. For example, one of the tactics we employ in web security is to validate and sanitize all user-supplied input using a white-list of regular expressions and database-specific sanitizing functions (such as mysql_real_escape_string). This generally protects against the three most common website vulnerabilities: cross-site scripting attacks, sql injections, and email injections. Our session ids are automatically regenerated after a set period of time to minimize exposure to session-fixation attacks, and session data is never transmitted to the client. Additionally, our cms is protected by a login system that can be set to accept users only from a predefined set of ip addresses, and may optionally use ssl for logins. Finally, we do our best to stay on top of current industry news of exploitations and defenses against them.