Summary of the new Companies Act 2006

A new companies act was introduced in 2006, that has been gradually phased in over the last 3 years, becoming fully operational on the 1st October 2009. The full act of parliament is over 700 pages long (in PDF form), so I’ve decided to try to highlight some of the key points / changes in this post for quick reference. NB: I’ve not read the full act (and don’t plan to!) so this is certainly not a comprehensive list.

General

  • Private limited companies no longer need to have a company secretary.
  • Private limited companies are no longer required to have an annual general meeting (AGM).
  • There are new standard company constitution documents (memorandum and model articles of association). The model articles replace Table A as the new default articles.
  • Companies are no longer be required to specify their objects on incorporation.

Company Directors

  • Director’s general duties have been formally codified in law.
  • Company Directors are no longer required to publish their residential address for all to see.  They may opt to provide an additional service address for correspondence, which can be the same as their company’s registered office address. A residential address must still be given to companies house, but this will only be shared with selected 3rd parties (certain public bodies, and credit reference agencies).
  • Company Directors must now be at least 16 years old.

Accounts and Reports

  • The statements that appear on a company’s accounts have changed.
  • The accounts filing deadline has been reduced from 10 months to 9 months for private companies, and 7 months to 6 months for PLCs.

Members / Shareholders

  • Companies are able to make better use of electronic communication to communicate with shareholders.
  • It’s no longer as easy for external parties to demand to see a company’s list of shareholders. Interested parties must declare their name, address, and the purpose of their request. It must be for a “proper” purpose – whatever that means! A company can apply to a court to reject the request.

Forms

  • Lots of the companies house forms have been redesigned / renamed with much more logical names. Rather than being named after the section of the companies house act that describes them, they are named after their purpose. For example, the Annual Return is now Form AR01 rather than Form 363. The relevant law sections are now referred to within the body of the form.
  • Companies must now complete a Statement of Capital when they are first registered, whenever share capital changes, and every year when they file their annual return. This is a snapshot of the companies share capital at a given point in time, and also gives details of voting and dividend rights for each share.

Companies House is holding a number of seminars to help businesses understand the implications of the new Companies Act. They will also give some demonstrations of how to use the web filing system to file forms online. You can book a place a the seminar online and, at the time of writing the next ones available are:

Basingstoke
Holiday Inn Basingstoke, Grove Road, Basingstoke. RG21 3EE
Thursday 11 February 2010 at 9.30am and 2.00pm

Norwich
Holiday Inn Norwich, Ipswich Road, Norwich. NR4 6EP
Thursday 11 March 2010 at 9.30am and 2.00pm

Working with Government APIs

It may have been a long time coming, but I have to say the UK Government has now made pretty good progress when it comes to making their services available online – and we have taken advantage of this with our online accounting system, Clear Books.

Clear Books integrates with a number of Government APIs, including:

  • Companies House WebCheck – Lets you purchase official documents (annual accounts, annual returns, director appointments, share allotments) that have been filed for most companies registered in England & Wales.
  • Online VAT Filing – Allows you to generate and file VAT returns online. Also allows you to pay by direct debit, so no need to send a cheque in the post.
  • Online CIS Filing (coming soon) – A feature specifically for the Construction Industry – this lets you file monthly CIS300 returns and verify sub-contractors from within Clear Books.

In the future we plan to add a number of other services, such as:

  • Online Filing with Companies House – File your annual return, annual accounts, and other forms electronically.
  • PAYE forms filing with HMRC  – File P14 , P35 , P45, P46 etc online.

We have also made a lot of our code available as open source under the php-govtalk project, so if you are interested in collaborating with us – we’d love to hear from you.

Running Askozia PBX on OSX with Sun’s VirtualBox

Here’s some instructions on how to get Askozia PBX running on a virtual machine with VirtualBox on OSX.

1)  If you haven’t already, download and install VirtualBox.

2) Download the Askozia disk image that you want to use. I’m using the latest Linux port release at the time of writing (r1161)

3) Uncompress the image, and then convert it to a Virtual Disk Image

gzcat askozia-pbx-generic-pc-x86-i486-uclibc-r1161.img > test.img
VBoxManage convertdd test.img test.vdi --variant Fixed

4) Load up VirtualBox and create a new virtual machine. Use whatever name you want, and select “Other” as the operating system. Allocate some memory (I used 256MB), and then choose the virtual hard disk that you created in the previous step as the boot hard disk (primary master). Click Finish.

5) Select your new virtual machine and go to Settings > Network. Specify Intel Pro/1000 MT Desktop, Bridged Adapter, and then en0: Ethernet in the three drop down boxes. Click OK to save. This will join the virtual machine to the same network as your host machine is on. We have DHCP configured on our network, so the virtual machine should pick up an IP address from that.

6) Start your virtual machine.

Once the virtual machine has loaded it should tell you what IP address it has been assigned at the terminal. You can then access the control panel from a web browser by going to that IP address using admin/askozia as the login details.

Has your WordPress been hacked?

There have been a number of vulnerabilities discovered in WordPress since it started, including one earlier this month. They all have pretty much the same objective: to try to get access to your blog in order to post links to their own sites.

In this post I am going to look at ways you can tell if your blog has been hacked, suggest some ways to fix it, and then discuss techniques to prevent being hacked again.

Before we start, the most important thing you can do to prevent being hacked in the future is to regularly update your blog software. The easiest way is to use subversion. I’ve written how to upgrade your blog with subversion in an earlier post.

Symptoms

So firstly, you’ll probably want to find out if your blog has been compromised. There are a few things to look out for:

Unauthorised Admin Users

Disable JavaScript in your web browser, then navigate to the Users page in the WordPress admin panel. If you see some additional administrator users there that you didn’t expect, you have probably been hacked. They sometimes use an e-mail address like [email protected]

Strange Files in the Uploads Folder

Strange files may also appear in your WordPress uploads folder, including ones that have hidden PHP code inside them (try grepping for “events or a cale” or php).

grep -R -l "php" wp-content/uploads/

The files might have random names like:

faceboutique-spot-less-150×150.bak.php
mandseyeshadowpalette.bak
cliniqueblusher_old.jpeg
.wp-cache.cache.php

The uploads folder is writeable by apache, so hackers use this area to save malicious code to your server. They may then include such code as a plugin.

Strange Records in the Database

Check for suspicious data in wp_options by running the following queries:

SELECT *
FROM  `wp_options`
WHERE  `option_name` LIKE 'active_plugins';

Hackers use the plugin system to include their rogue scripts. You may see some strange files being listed as a plugin. You can delete this row and manually re-activate any plugins via the admin.

SELECT *
FROM  `wp_options`
WHERE  `option_name` LIKE  'permalink_structure';

This will show you the permalink structure – the most recent vulnerability modified this so look out for anything abnormal.

SELECT *
FROM  `wp_options`
WHERE  `option_name` LIKE  '_transient_rewrite_rules';

You can delete this row if it exists (it should be rebuilt dynamically)…. it may contain cached

SELECT *
FROM wp_posts
WHERE post_content LIKE  '%iframe%' OR post_content LIKE  '%noscript%' OR post_content LIKE  '%display:%';

This will look for posts that contain iframes, or hidden links.

Fixing a hacked WordPress Installation

The cleanest way is to re-install WordPress, re-import your posts and comments via the import tool and then to copy in any files that you know are safe…

  • Back up your database and site code.
  • Export your posts, comments, tags and categories in a WordPress WXR File (Tools – Export).
  • Set up a new mysql database, username and password. Ensure the user only has access to the WordPress db.
  • Install a fresh copy of the latest version of WordPress (with the correct permissions), and configure it to point at the new db.
  • Delete any files that include PHP from the uploads folder.
  • Import your posts, comments etc from the WordPress WXR XML file. There is an option to get WordPress to fetch image uploads, but I haven’t had that much luck with this. To get it to work, you will need to install your new blog in a parallel location so that it can access the old blog. When I tried, it seemed to grab the files, but not update the location urls in posts, thus requiring a script to update the urls in the db. Instead, you might find it easier to just copy your uploads folder across – but they won’t then show in the media gallery. Neither route seems ideal!
  • Re-install your themes and plugins.
  • Move the old blog to a location outside your web root as a backup, or delete it all together.
  • Set up new WordPress users with secure passwords.

It’s not a fun job!

Securing WordPress

  • Ensure you have the right permissions set on your WordPress scripts. Only the uploads folder should be writeable by the web server.
  • Use a separate database, db username and db password for WordPress.
  • Add an additional layer of authentication above the WordPress admin area, e.g. http authentication in Apache. NB: When I did this, it seemed to stop uploads from working with the flash uploader (gave a HTTP ERROR), so I had resort to using the basic browser uploader.
  • Some people also recommend removing the default “admin” user, and setting up an administrator with a new name – to make it harder to brute force crack your passwords.

Further Information

Here’s some of the pages I read while researching this article….

A WordPress YouTube Plugin – The FuTube Player

Recently we were looking for a Flash video player to use on our websites. Youtube’s default player was a little bloated, so one of our developers at Fubra built an alternative youtube flv player, which looks a bit like this:

[futube video=”gE1KGHUb9zw” author=”by Fubra Limited” color=”#336699″ hd=”true” height=”300″ title=”FuTube Player” width=”400″]

We’ve also released this as a wordpress plugin. You can install it via subversion if you prefer using the instructions below.

Installing the WordPress Plugin via Subversion

From the command line, navigate to your WordPress plugins folder and then edit the svn externals for the folder.

cd wp-content/plugins/
svn propedit svn:externals .

This should open the file in your favourite text editor (I use vim). You should add a line like:

futube http://svn.wp-plugins.org/futube-video-player/trunk/

Save and exit, then run:

svn update

UK Gov launches Clean Energy Cash Back scheme

Last month, the government launched a new “feed-in tariff” subsidy scheme for renewable energy installations that will see them pay up to 36.5p per KWh of energy produced.

At current prices, an installed 2 KW PV system costs around £12,000 (£6 per installed watt), and it’s estimated you would save / earn around £830 a year with the new subsidy (15 year pay back, 6.9% return). There is also currently a £2,500 grant available (expiring April 2010) which would bring the overall cost down to £9,500 (12 year pay back, 8.7% return).

This estimates are based on electricity costs of 13.95p / KWh (which is also roughly what I am currently paying with EON on their online saver tariff once you’ve averaged out the various rates and daily fees).

It’s very likely that over time electricity prices will rise, especially in the UK where we have not built enough capacity to replace our Nuclear plants as they shut down. As prices rise, the effective ROI will increase, but for this to become really popular I think we need to see returns of closer to 20%.

The government is also considering green mortgages, where you would be lent up to £10,000 to make energy efficiency improvements to your house (such as double glazing, energy efficient white goods, insulation), and then this would be paid back via your electricity bills – the cost of which should be covered by the savings you make. The charge would be against the property rather than the owner, and so would be transferrable if you move house in the future.

PHP GovTalk Class

As part of our commitment to open source, we have begun work on PHP class to make it easier to for developers to work with the UK’s government gateway. The project is hosted on Google Code, and is called php govtalk.

GovTalk is a set of standards for interacting electronically with government services.

In the future we will extend the class to work with individual government API’s such as Companies House, and HMRC. This will then be used on a number of projects, including our online accounting product, Clear Books.

We welcome contributions from other developers in the community, so if you want to help please contact any of the project admins.

A new way to find furniture

In February of this year we invested in a startup called Furnish.co.uk, and I’m pleased to say that as of yesterday they have now gone live with their sleek new website.

furnish screenshot

Furnish.co.uk, as it’s name suggests, is a new way to find and buy luxury home furniture online. The site acts as a shop window for a variety of boutique stores and exclusive designers, allowing you to compare a huge range of options in one place. So if you were decorating a new bedroom, and wanted to find the perfect bedside lamp, Furnish.co.uk would let you drill down to the exact style you wanted – you can filter by price, colour, material, and size.

Furnish is aimed at the mid to high end of the furniture market and includes products you won’t typically find in the major high street retailers. They are adding more products every day, and hope to include over 100 stores over the course of the next few months, so keep checking back!

Shared Calendars on the Mac & iPhone with Google Sync

Today I have been attempting to set up Google Calendar so that it automatically synchronises with an iPhone and also iCal on a Mac computers. It was a bit trickier than I expected, so here are some of my observations. Hopefully they will help someone else!

Google Sync 

Here are some of the main things you need to remember to do:

  1. Make sure you have enabled Google sync for mobiles in your Google Apps account. From your Google Apps Dashboard, click the Mobile link. Then tick the Enable Google Sync box on the next page and press save.
  2. Set up Google Sync on your iPhone to sync calendars and contacts from Google. Basically you just add a Microsoft Exchange account with your google apps login details, and then select calendars and contacts in the syncing options.
  3. You must also choose which calendars you want to sync to your iPhone via the Google Mobile website. Visit http://m.google.com in Safari on your iPhone.

iCal

You can set up iCal to subscribe to your Google Calendars via a caldav url. First you add a new account under preferences, and then under the delegation tab you select the calendars you wish to subscribe to.

Sharing Google Calendars 

You can share a calendar with other users in your google apps domain, or external users on other domains. There are various ways to do this such as sending a link to the ical url or sending an invite within the calendar sharing pages on the Google Calendar website.

How to upgrade iphone 3.0 beta to full official release

If you are an iPhone developer and have been running one of the beta versions of the 3.0 firmware then you might find that iTunes will not update you to the latest official 3.0 release, as it already thinks you are using the most recent version.

It’s taken me a while, but I’ve finally found out how to do it!

NB: Before you do anything, make sure you have backed up your phone in case something goes wrong!

  1. Download the latest firmware directly from Apple’s Content Delivery Network:
  2. The file may have a .zip extension, if so remove this by renaming the file so that it ends with .ipsw
  3. Open up iTunes, and Option-Click the restore button. You should then select the ipsw file you downloaded.
  4. Follow the on-screen instructions as it upgrades your firmware.

Warning – do this at your own risk. It may break your phone.