After that, I wrote a simple utility script that will automatically do a full CSV export of Buxfer accounts data and email it. At the start of the script, there are couple of PHP variables that you can use to customize it – your buxfer id and password, from email address, to email address, email content etc. To automate it completely, use crontab to schedule its execution and rest in peace .

I have hosted the code at GitHub. Do check it out and let me know your feedback. Or better yet, fork it and add your bells and whistles.

You can access the GitHub repository here.

1. Get Firefox browser.
2. Get greasemonkey addon.
3. Grab my greasemonkey script here.
4. Login to www.meebo.com.

That’s about it. Fill up the textbox and hit send. The message will be sent to all your IM buddies.

If you are savvy enough, you can make some customizations to the script.

1. Right click on greasemonkey icon and click on “Manage User Scripts”.
2. Select “meebo all at once” and click “Edit” at the bottom of the window.
3. The script will be opened for editing in your favourite text editor.
4. Follow the instructions and make changes to the block marked in the source code.
5. Then reload www.meebo.com.

That’s pretty much it. I quickly hacked it up in couple of hours so there might be some loose ends. If so, please let me know and I will fix it at the earliest. If you wish to make improvements yourself, you can fork the script at the Github repository.

Summary

1. Link to the script.
2. Link to the repository.

If you are even more savvy, you might want to check the Meebo analysis below.

Analysis of Meebo

Meebo makes heavy use of the Comet programming paradigm. Once the user is logged on, the server returns a session key and a client ID. After that, it makes a series of “event” AJAX requests. Each of those requests receive a JSON response. E.g. {“rev”:3,”events”:[{“type”:”buddy::online”,”data”:{“user”:”aswinanand@meebo.org\/Meebo”, … The rev parameter that is sent with each request is incremented by one for every request from a given client ID. The list of buddies for a given provider – Yahoo! Messenger, Google Talk etc. – are received in parts over multiple long lived HTTP requests.

Once the list of buddies are received, it constructs a few javascript global objects based on the JSON response. Such objects include:

1. gBuddyList – instance of meebo.BuddyList
2. gNetworkMgr – instance of meebo.NetworkMgr. This is the core network manager that handles AJAX requests and their asynchronous responses.
3. gIMGateway – contains the client ID required to make the AJAX request

… and many more.

I found out these global objects by enumerating the properties of window javascript object. There’s a property called m_buddies in gBuddyList that contains the set of buddies and their related metadata such as whether the user is online or not, their status message, network (yahoo, gtalk etc.) and other such details. It also has a length property and a nice bunch of helper methods such as getByIndex, getBuddyById etc.

AJAX Requests

When a message is sent to a buddy, an AJAX request is fired to http://www.meebo.com/mcmd/send with a list of parameters that include: receiver, sender, protocol, clientID, sessionKey, mt, msg. In the usual scenarios, we need to reconstruct the AJAX request. But when we have gNetworkMgr global object, this stuff becames a breeze. Hence, a simple called to gNetworkMgr.doRequest(“send”, args) fired the request with the needed parameters. Here, args is a custom constructed javascript object that contains the request parameters. The first parameter “send” is used by gNetworkMgr to construct the actual URL at which the AJAX request has to be sent.

Currently, the script doesn’t monitor the AJAX response. But it could be done if required. Do try out the greasemonkey script and give feedback. Hope you enjoyed the lecture

Here’s a typical work flow for my trek photos:

Go on a trek –> Click nice pictures –> Transfer the photos to the computer –> Make minor modifications such as contrast, brightness, saturation, cropping etc. –> Remove duplicates –> Add signature, copyright notice –> Generate a low resolution version of the final photographs –> Upload them to Flickr/Picasa/Facebook to share them with the world.

With these powerful cameras, much of this can be done on the camera itself. For e.g. my camera already allows adding signatures to pictures through a text stamp feature. It also allows notes to be added to pictures. The pictures can be cropped and frame freezes can be obtained from HD videos shot with this camera. While cropping, a tiny popup containing contrast, saturation and brightness could be displayed. Pictures can be marked with a star so that they can be cycled through while viewing the clicks.

What I want now

Each camera should have a nice file system API, network API and GUI API. Using these APIs, third party applications would be able to fetch photos from the memory card and do the required modifications. More detailed descriptions would be added to the photos and they would be preserved as part of the picture’s EXIF data.

The memory card should be formatted in a special way so that it can hold third party applications in a separate shell. This shell would be accessible through an iTunes like desktop software from which third party applications for the camera can be installed or removed. Once an application is installed, it should be displayed in an Application settings screen on the camera, from where the application can be activated or deactivated.

Once the necessary modifications are done, using the network APIs and WiFi, the application should upload the “starred” photos to flickr, picasa, facebook or any other service the application supports. All these and other services support HTTP APIs. Instead of the camera themselves supporting various services, it could just provide nice APIs and let the developers do the magic. While uploading each picture, a very high resolution picture should be scaled down for the web dynamically.

Geo Tagging

Oh wait! I want to geo-tag the photos as well. So, while clicking each photo, they should be geo-tagged in the background so that the actual speed of clicking a photo isn’t affected. Manually geo-tagging photos are a huge pain in the wrong places.

So, there you go! Click pictures –> Geo tag them in background –> crop them & make other minor modifications –> add text stamp for copyright notice –> Generate low resolution versions dynamically (cache them if required) and upload them!

Since most of the work is done by software in digital cameras, I think the stuff mentioned above is very much feasible. At least geo-tagging should be brought in as a feature.

By now, everyone must have been aware of the recent Facebook announcement of the universal Like button. As probably talked about all over the web, this one button is like giving too much of power to one company. By now the Like button should have appeared on thousands of websites already. Famous press blogs running wordpress should have had the Like button along their standard ‘share this’ toolbar. Facebook’s 400 million+ user base is a huge audience to showcase your content to & everyone wants a piece of the pie!

However, this like button reopens an old problem in a new way… User Privacy. Few years ago, when doubleclick.net installed tracking cookies for sending customized advertisements, it created a huge uproar. Similar stuff happened when Google History came about. But now, Facebook uses a clever way to track users that, you cannot even opt out if you don’t like the process. It makes of full use of the way how the web and ultimately, HTTP(S) works.

I’m not even talking about the case where you are logged in to Facebook and click on a ‘Like’ button on a website. That’s voluntary. You like a piece of content and you spread it to your friends and fans on Facebook. I’m talking about the case where you just visit a certain website containing the Like button and that data will be harvested by Facebook.

Like this on Facebook to understand how it works:

How it works

Let us take it step by step:

1. Clear cookies on your browser. If you are using Firefox or Chrome, press Ctrl+Shift+Del.
2. Visit www.facebook.com
3. Login to Facebook.
4. Visit other websites to be tracked. So simple isn’t it?

When you first visit Facebook.com, it sets a cookie called “datr”, whose expiry is two years from now. So, if you visit Facebook.com today and never clear your browser’s cookies, you will be tracked for the first two years with “datr”. When that period expires, it will be replaced with a new cookie and you will continue to be tracked. After you login to Facebook, it sets some more cookies on your browser along with a cookie called “xs” which is the session cookie for your Facebook session. If you remove this cookie, you will be redirected to Facebook’s login page. After login, “datr” and “xs” cookies will be refreshed.

When you embed the Like button on your website, it loads in an iframe in the Facebook.com domain. When a request is sent to any website by clicking on a link or by typing it on the browser’s address bar, the browser sends all the active (non-expired) cookies to the domain. So, when the Like button loads on a website, it makes a request to http://www.facebook.com/plugins/like.php. Along with this request, it will send the “datr” and “xs” cookies. It will also set the HTTP ‘Referer’ header to the originating website. For example, if you click on a Facebook.com link from my website, the Referer header will be set as ‘www.aswinanand.com’. This is used by other websites to determine where the user is coming from.

Now, when the ‘Like’ button loads on a website inside Facebook’s iframe, the Referer header will be set to your website’s page, “datr” cookie will be sent and if you have already logged in to Facebook, “xs” cookie will also be sent. So, just by loading Facebook’s Like button, Facebook will know what websites you had visited. Since the expiry for “datr” is set to two years, it will associate your Facebook logins to this cookie… which means, even if you logout of Facebook, it will know who the user is. Moreover, when you are logged in and move from one place to another, Facebook will know during what times of the day you are active and during what times you are inactive. When you are active, it will know from where your web browsing occurs and by being able to find location from IP address, they will know where exactly you are moving. Don’t worry, all this data will also be combined with your Facebook mobile usage and a final stat will be arrived at! That’s scary because it could reveal so much about a user & all privacy is gone with the wind.

Targeted Advertisements

This kind of tracking is something the user cannot opt out because sending cookies and setting HTTP Referer headers are part of the protocol. That means, you are tracked by default. Without your knowledge, your online behaviour and all the websites you visit (assuming they have added the Like button) after logging into Facebook are tracked by Facebook. This is useful for a lot of cases. Say you visit IMDB after logging in to Facebook. Each of the movie pages will have the like button. So Facebook will know which movies you are visiting. When you click on the ‘Like’ button for a certain movie, it gets to know your tastes and offer more movies along similar lines when you visit IMDB next. This same technique could also be used by spammers to trick you in to ‘liking’ some random link of their choice.

Like this, through the iframe based ‘Like’ button, Facebook funnels all required data to create a customized and scary experience.

Why not Google?

Ideally speaking, this was something that Google should have done a year or two ago. Most people I know are logged in to Google all their day and web browsing happens simultaneously. Just think of what would would happen if Google had done this. With their already powerful search tracking user behaviour and statistics, adsense would use this data to send specific advertisements to users. Google analytics is already deployed on tons and tons of websites all over the web. This one ‘GLike’ button could also be used to track statistics so easily. Now all of that happens on Facebook. Facebook is luring developers and users alike with its huge user base . Combining a utility like ‘Like’ button with Google’s powerful anti-spam, anti-phishing and other anti-* mechanisms, it would indeed become a formidable force on the web.

What if you don’t want to be tracked?

If you don’t want to be tracked without your explicit approval, I would suggest browsing Facebook in Incognito browsing mode in Chrome, multiple profiles in Firefox or InPrivate browsing mode in Internet Explorer. All these modes will clear cookies and other history data when you close the browser window. So you might not be tracked as efficiently as possible.

I hope Facebook addresses this privacy concern. Facebook, please don’t be evil with our data. I wouldn’t be surprised if Facebook launches a general purpose search engine in the next couple of years!

I had been using both browsers side by side for a few months now & came to feel that Opera Mini is a lot better for daily use and Skyfire is better for those one off toughie websites that must work with javascript and other stuff enabled.

Here’s an example: Recently, I started accessing my twitter account through Dabr from Opera Mini. The mobile UI rocks and zoom in and zoom out is instant. It happens in the client side. Opera Mini has an intelligent mix of client side and server side operations, whereas, all operations from Skyfire require an active internet connection. At best, internet access from mobiles through GPRS still remains patchy & hence, Skyfire should have that intelligent mix of operations and where possible, operations should be done at the client rather than server.

Opera desktop’s goodness of Speed Dial has arrived on Opera Mini 5. It’s awesome and saves you tons of clickety-clicks, which are irritating on a mobile. The whole menu system has been completely revamped. UI is smooth and fast (which is a downside with Skyfire)!

The best feature of Opera Mini of all is tabbed browsing. That blows away any other mobile browser on the planet. Being fast and loading heavy pages on separate tabs is a pretty awesome thing. By long pressing on a link, you can open them in new tabs inside Opera Mini. Hence, the Dabr + Opera Mini seems to beat any other twitter competition. Saved pages are really saved pages. They can be accessed even when there’s no connectivity.

Recently we had to book tickets to watch a movie at Mayajaal and Skyfire displayed the website amazingly well. Opera Mini suffered there. Similarly, Opera Mini rocks in opening popup windows (when clicked explicitly), whereas Skyfire fails. All in all, if you are going on a long journey with conservative power, Opera Mini is the way to go. Or if you want near desktop experience on your mobile for all websites, then Skyfire is the way to go.

Skyfire Gripes:

1. No tabbed browsing.
2. No landscape view of web pages and videos.
3. Phone heats up after about 15 minutes of usage. Doesn’t ever happen with Opera Mini.
4. Compared to Opera Mini, it is very heavy on battery.
5. No option to logout from your Skyfire account. You have to manually delete the “Preferences” file to logout.
6. The assumption that an active internet connection is always available.
7. Proxy server support and proxy authentication i.e. HTTP code 407. I have been asking this for so long that I’m beginning to feel that this feature won’t come at all.

Opera Mini Gripes:

1. No flash support.
2. Javascript should be supported better.
3. Zoom in to images is dismal. I hope this issue will be corrected when Opera Mini 5 comes out beta.
4. This browser also doesn’t have support for proxy servers and proxy authentication.

What are your opinions on these two browsers? What browser are you using on your mobile phone?

Like all other reviews about this browser until now, its safe to tell that it is able to play flash videos pretty well inside the small screen. Here are some notable differences between the earlier betas and this 1.0 version:

1. While watching any videos on youtube, my Nokia E51‘s rear would just heat up quickly & few minutes down, it would be difficult to hold the phone. This problem has been nearly solved in 1.0. That’s possibly due to power optimization techniques.
2. When you scroll very quickly on long web pages, Skyfire usually shows a checkered screen with gray squares (screenshot below), which disappear as and when content appears. Pre 1.0, this checkered screen would take a long time to disappear. With 1.0, this problem has been solved. Same problem used to occur during zoom in/out. Now zoom happens at blazing speed. Neat!
3. 
4. Its able to handle basic javascript very well. For e.g. its able to display the hover menus that are present on top of my blog. Its also able to show alert boxes.
5. Video quality is maintained even during zoom in and zoom out. This was a major drawback in pre 1.0 versions.
6. The initial loading and shutdown of the browser would take a long time in pre 1.0 releases. Not so in this current release. This has been drastically improved.
7. File downloads happens excellently. Kudos for this. This is a major drawback with the E51′s native browser.

Testing Skyfire with Zoho Writer

However, of all the above, the one feature that Skyfire prides itself in is the use of full blown AJAX apps. Zoho Writer is an AJAX heavy web application, typically used for word processing on the browser. Since I wanted to test out how well Skyfire performs with respect to Zoho Writer, I fired up http://writer.zoho.com/. The initial login page came pretty quickly.

Login was quick and Zoho Writer’s interface loaded up beautifully – as seen in the desktop version. That was a pleasant surprise!

I quickly scrolled down and clicked on “Shared Docs” on the left panel. It slid into view by moving towards the top. Then I clicked on “My Docs” again & the shared docs panel scrolled down and away from view. That was another surprise!

Along each document in “My Docs”, clicking on the “*” icon brought up the context menu for that document as in the desktop version. Since the context menu was overlapping on the editor, editor took preference to get focus rather than the menu. Then I clicked on the editor & in a second, it sprung into action, giving me an editable text area where I can input the document’s contents. I finished typing some stuff and clicked on the “save” icon. Here’s another surprise. Writer’s modal save dialog showed up. I clicked on save and immediately the “My Docs” panel also got refreshed as on the desktop. Neat!

Then I clicked on the “New” icon on left top corner. It opened a new document tab as in the desktop version

Apart from all this AJAXified beauty, there were some problems too:

1. I couldn’t switch between documents.
2. I couldn’t switch between the menus on the toolbar nor could I see the drop down.
3. Deleting documents didn’t happen as expected. I had to go to desktop browser to delete the selected documents.

All in all, if you are on the move and if you are using Skyfire, you can use Zoho Writer to create simple documents. You could also use Zoho Mobile to create text documents. But using a full fledged desktop browser version blows you away. I wonder how collaboration works. May be in upcoming versions of Skyfire, you would be able to live collaborate with your colleagues from the mobile phone on the move (when they are on the desktop version). I think this possibility is not far off.

Testing Skyfire with Sathyam Cinemas

Few months ago, Sathyam Cinemas moved their website from flash to an AJAXified version. Then the world rejoiced because despite Skyfire’s claim of running flash on the browser, you still couldn’t give text inputs that were present inside the flash movies. But now that the site is fully HTML/CSS/JS, it loaded perfectly as in the desktop version.

I was able to flawlessly select the movie I wanted, selected a date on the right side, picked a show and then clicked on “Book Now”. I then gave my username/password and then followed the usual routine of picking up seat, snacks and then clicked on “Pay” button. It took me to Citibank’s payment gateway and I roared away to bliss. This is pretty cool I should say. I didn’t face any problem with this website on Skyfire & all stuff just rolled along. Skyfire is here to stay.

Check out the screenshots. Thanks to the awesome S60 screenshot software by Antony Pranata!

User Agent

An interesting thing with Skyfire is that it uses Mozilla Firefox 2.0′s user agent when a request is sent. This is to prevent web servers from identifying Skyfire as a mobile browser so that they will send full content instead of mobile content. I think Skyfire runs chromeless firefox browser instances on its servers, which send requests on user’s behalf. Moreover once a website sends its HTML response, the to-be-rendered UI is compressed as a bitmap and sent to the client. Along this way, the compressed UI’s coordinates would be mapped to the uncompressed one on the server, with remapping performed during every zoom in or zoom out. So, if any action is performed on the client, the same operation would be performed on skyfire’s servers (on chromeless firefox processes) along the mapped coordinates. Then may be a new bitmap is again generated and sent to the client again after the server finishes processing javascript and AJAX if any.This is probably one of the ways in which the stuff is done. Guess its time Skyfire moved on to FF3.

I wonder how HTTPS connections are handled. That’s because I haven’t seen any dialog popup when accessing websites in HTTPS mode. Not sure what exactly happens. Makes me to be doubly safe with credit cards and email logins.

Battery Usage

Though there had been substantial power optimizations, Skyfire still drinks battery like water; a little less slowly though when compared to earlier versions. When you are done browsing for about 30-40 minutes, the power charge would have gone down by a point or two. I think this has to be improved drastically. Opera Mini is pretty awesome on battery.

Some Gripes

No software is perfect & any software for that matter evolves over a period of time. So, here are my share of gripes. Hope they are addressed in upcoming versions:

1. Proxy authentication support. Firefox has it, IE has it & so does any self respecting desktop browser. Its high time mobile browsers started offering proxy support with authentication.
2. Speed optimization on GPRS/Edge. GPRS and Edge speeds are pathetic. Even on such speeds, Opera Mini functions very well. But Skyfire doesn’t.
3. Skyfire should have more keyboard shortcuts. Opera mini has an awesome bunch of keyboard shortcuts.
4. Power consumption. This may take some time to address. But I believe it carries lot of importance.
5. No landscape mode. This should be there too. Landscape mode makes watching videos a pleasure.
6. Save and open web pages from the phone.

For me proxy authentication support is a must have thing in any modern web browser. Hope it is brought on soon!

How was your experience with Skyfire 1.0? Do share your experience in the comments. Thanks for making it this far

Say, you have an awesome page where you want to disable right click and also disable Ctrl+C (copy), Ctrl+S (save page). The process is simple. Just register an event for right click and when the event fires, just return false. Since false is being returned, the browser will cancel the event.

Same goes with keyboard. ‘onkeypress’ event is fired whenever a key is pressed. To reject any key, just capture that event and return false. If you want to do anything special, just do it before returning false. Ctrl+S is interesting. In most web browsers (notably google chrome), it brings up the default Save Dialog. Most web apps have keyboard shortcuts these days & oh! 99% of them don’t return false, only to find the user experience irritating when the save dialog pops up; when something else should occur. Hence, if you wish to customize the functionality of the default browser specific keyboard shortcuts, do the following:

1. Create an event handler and capture the event.
2. Do something.
3. “return false;”

That’s all. Have fun!

1. Open the Run dialog. In linux, press Alt+F2. On Windows, press WinKey+R.
2. In the dialog box, type “firefox -p -no-remote”. This will bring up firefox’s profiles dialog box.
3. Click on “Create Profile” and follow the wizard. Lets assume you named the profile as “gmail2“.
4. Now close the dialogs and return to desktop.

Now, open the Run dialog again. In the dialog box, type “firefox -p gmail2 -no-remote“.

“-no-remote” option is very important because it creates an isolated session that is different from the currently open firefox windows of other profiles. If -no-remote option is not given, then a new window of the currently running profile or the default profile is opened, where session sharing happens (which we don’t want).

Now, since sessions aren’t shared between different profiles, you can open two accounts and happily have them.

Suggested Improvement for Firefox:

Internet Explorer 8 has this amazing option in the File menu where you can open a completely new session of IE. Sessions are completly isolated and gives lot of relief. Its available at File->New Session. Hope this feature is brought into Firefox as well. Or if this feature is already available as a plugin, please let me know in the comments. Actually speaking, this feature was available in IE since IE 6 (AFAIK). In IE6/7, you can open a completely new session by clicking the IE icon on the desktop.

This plugin will be very useful when you are migrating to your own wordpress blog, hosted on your domain. The default wordpress functionality is that, you can assign new categories to posts only by editing each post and changing the category assigned to it. So, if you have a large number of posts, then it will be a nightmare.

Enter this plugin.

With this plugin, assigning multiple categories to one or more posts is a breeze. Pop the plugin’s PHP file to your wordpress plugin directory, activate it and click on “Assign Categories” under the Manage menu. The page will show the list of available categories, followed by the available blog posts. You can select the categories, select the required posts and then click on “Assign Categories” at the bottom of the page. Now, all your posts will be assigned the new categories. 

Currently, the plugin is in “beta”. The beta will go off in a few days and will contain search functionality also. The plugin has been updated with search functionality. Please download the plugin again.

The plugin is licensed under GPL v2 (the same as wordpress).

Download the plugin, take it for a test drive and let me know.

Therefore, in this scenario, I shouldn’t have been able to download the app to my mobile device. The website of ICICI fails in not enforcing this by providing the following ways:

1. Existing users who have already installed the app are given an option to ‘Upgrade’ from within the mobile app itself. This opens up a webpage in the phone’s native browser, whose URL is http://mobile.icicibank.com/upgrade?version=null.
2. The actual iMobile website has some stupid javascript validation, which is very easy to bypass using modern browsers. Heck, just by browsing the HTML source code of the page, you will be able to easily find the URL for the application JAR files. Put 2 and 2 together and you will be able to download the app.

Which brings me to explain Step 2 in detail:

What filename do you have to give and How?

That’s where our displayOption function is very useful. That function contains a set of simple If-Else conditional statements, which have the respective filenames. For e.g. if you want to download “M20P1520ALL1.jar”, then just append it to the URL & access it using the address bar. Therefore, the URL becomes https://infinity.icicibank.co.in/web/apps/M20P1520ALL1.jar Being a JAR file, most browsers will display a “Save As” dialog box. Now, just download the file and transfer it to your mobile. The application is fairly straight forward.

Where ICICI Bank failed?