Category Archives: URL

Chrome and popup policy

Google Chrome has different policy to detect and block popup window.

Generally, a browser blocks popup if it’s automated, i.e. with some JavaScript call on page load or so. Moreover the way state of popup can be known by browsers using JavaScript only.

Chrome is bit smarter in this.

window.open(); is expected to return reference to opened popup window, or null / undefined if popup is blocked.

But, chrome holds reference of so called popup as non null value and still blocks popup.

Below snippet is perfect example to test:

<script language="JavaScript">
<!--
function showpopup()
{
	setTimeout ( "showpopupAfterTime();", 1000 );
}

function showpopupAfterTime()
{
 var popwin = window.open("http://harit.kotharee.com/", "popupwindow",
   "width=400,height=300,resizable,status,menubar,scrollbars");
 popwin.focus();
}
//-->
</script>

<a href="javascript:showpopup()">Click for a pop-up window!</a>

Chrome allows popup only if opened directly, i.e. without any kind of delay through JavaScript or any other means of delay.

So, in the above example, it will work only if showpopupAfterTime(); is called on hyperlink!

Flash Player Cache and loading issues

By programming its not possible to clear out flash player and browser cache at a point of time, that too without user’s knowledge.
This, at times creates problem when a third party component, say SWF is loaded. Generally the URL from where SWF is to be loaded remains constant. So Flash Player often caches for browser’s easy experience.

However, if the third party – remote component if again in turn does some activity over network, it gives randomly wrong results  Generally this happens because the loaded component actually resides in cache, at times.

To overcome this, there is a way, not to clear cache, but to make browser and flash player feel as if you are always loading some new component (say SWF) from new location.
This simple trick is achieved by doing something like….
http://haritkothari.wordpress.com/myNewComp.swf?[firstparam=123&secondparam=456]&randomcount=Math.random()*Math.random()

The randomcount query param has no more significance other than make FP feel its another URL request, which is not cached! The stronger you implement dummy param, the less is probable for FP to cache.

This can be easily be used with loader to load remote component, however only care need to take is the dummy parameter should not be such that is interpreted by remote component, otherwise result may go to any extent!!!

This is also not Flash Player or actionscript specific trick, even banking and few other sites implement this in stronger ways to avoid caching, apart from session id!

Gondal – a model town

Last weekend, I visited Gondal, a famous town of Saurashtra, Gujarat. The town is located appx. 100 kilometers away from Rajkot.

Although, Gondal is having a status of town with few statistical parameters like population, infrastructure, etc. following are remarks about the town.

  • Town planning has been good since the time of Bhagawadsinhji. The roads have more than required – good enough margins and well maintained footh paths in almost every street.
  • The town is peaceful.
  • Town is rich with good institutes in variety of subjects
  • The very well famous, encyclopedia of Gujarati language – Bhagwadgomandal, had been developed by King Bhagwadsinhji. That was not a small project in any sense – collection, quality, authenticity. It is a de facto standard encyclopedia of present time, without any modification
  • The Gondal kings were fond of cars, the followers have also preserved cars in well manner. [See my photos of this visit]

Here are the photos of the visit. The photos include antic car collection too!

* Bhagwadgomandal digital downloadable edition has also been launched on 1st May, 2009.

AXIS Bank website & services – reviews & suggestions

www.axisbank.com is official website of AXIS (formerly UTI Bank). The bank brands their Internet enabled services as iConnect. I eventually came through and accessed the website some time back.

Here is what I felt…

  • The website is simple, and belongs to the professional look. However according to the footnote, it’s friendly with IE only. Where did firefox & safari go?

    Home Page

    Home Page

  • The login window does not have virtual keyboard which is very important shield to fraud cases, when user keystrokes are being recorded. ICICI Bank and Bank of India provides this.

    Virtual Keyboard

    Virtual Keyboard

  • In any case, the script should be written so that browser cannot store username and / or password even if user forces. Again, ICICI Bank takes care of this. Disabling ctrl + C & ctrl + V is added advantage, that can be provided!

    Storing private data

    Storing private data

  • Once user successfully logs in, welcome page has menu bar on left. But, again, a usability suggestion When user selects anything from drop right menu (menu to be displayed after selecting main menu item) item, it should be closed. It gets hidden only when user mouse focus is lost! So few user might not feel, whether he / she has clicked to menu item or not.

    Drop Right Menu

    Drop Right Menu

  • Account bifurcation is simply good.

  • The eMail section is not so good. The email text is given less importance in user interface design. The eMail body text is shown in 8 or 9 lines only, user need the help of scrollbars. Better UI design is required.

    eMail Section

    eMail Section

  • Mobile banking service can only be enabled, there is no option to either disable or change number! The Input Area to mention mobile number is non editable! Also, the bank is charging for this services a sum of amount which is higher compared to its accuracy and conditions for SMS alerts etc.

    Mobile Banking - no second chance

    Mobile Banking - no second chance

  • Session management seems handled with respect to time & browser activities such as back and forward button clicks, which is good way to prevent misuse. However, if you click multiple menu items before the respective page being actually loaded, the last clicked item will load, and session will not be lost – this seems unusual!

These points are just to save the bank from future online fraud and legal procedures. Banks have always been soft target of attackers.

This bank belongs India’s one of the well reputed and old established and recently converted to private bank. Of course, banking services are poorer than an Indian nationalise (so called Government!!! :P) bank, charges are like normal private bank!

Few highlights of the banks’ unprofessional approach!

  • Irregular & sometimes irrelevant response.

  • Rare response to queries / request via authentic emails.

  • SMS server is less dependable in terms of timely delivery or acknowledgment to request SMSes. No error message for wrong SMS / inappropriate SMS sent to the bank!

  • Response from bank via email lacks proper formation of text. Just ctrl+C and ctrl+V.

By the time I am posting this, I received one simple screenshot of a duplicate website of ICIC Bank via alert email.

This is not ICICI Bank's official website - beware before you log in!

This is not ICICI Bank's official website - beware before you log in!

Security tips – mostly generic for all banks.

  • Never give your PIN, Card No., Internet banking username, passwords (login and transaction), etc. to anybody.
  • Changing login & transaction password regularly is good practise.
  • Never keep login and transaction password similar.
  • Keep an eye over URL of bank’s login page. It must be the bank’s original one. Someone may easily prank you by similar name. (as shown in ICICI Bank’s duplicate site – above)
  • No bank asks for whole 16 digit debit card number especially for any online purchase. It might ask very few randomly selected numbers for authentication, which is acceptable. ICICI Bank has introduced GRID Card which is really unique and addition to its security features.
  • In most cases, user ID will be required to log in, no account number or card number will help.
  • Avoid accessing net banking like services from public / shared computer.
  • Use virtual keyboard, on screen keyboard etc. utilities to enter username / password or any confidential information, especially if accessing website from someone else’s computer. In short avoide keystrokes, use mouse clicks!!
  • Last but not least, clear all URL, access history, form details from Browser Settings when you are done.
  • Close browser. All instances / tabs of the browser, if multiple are running.
  • And yet many more…. that you can contribute by comments. 🙂 Thanks in advance.

Back to IP era

When Internet emerged as a way to share information and documentation worldwide, another need to manage / remember different servers arose.

Solution was simple – DNS, in simple terms a map that will locate a server (or a website in today) by domain name, a human readable, understandable and remember able way.

People use to type and enter URL (combination od domain name and further path to locate perticular resource) to visit a website / document.

But now, time changed – requirement changed.

This is twitter era!!!

People want to share resources, blogs, pictures, news and almost anything, but in short way. The remember able domain name is less important, why? Just because everything is a click away.

TinyURL, bit.ly and many more are there just to shorten a URL with custom or random id, that directly locates to specific URL.

Also, you can create short URLs for your won website, for your server with Shorty.

Now many people don’t even remember website names (typically domains), thanks to Google and many!!!!! 🙂

It’s like back to pavilion like situation, don’t remember domains/URLs!!

%d bloggers like this: