Tuesday, July 7, 2009

Favicon Optimization - Some facts

Every time a page a requested, favicon is also downloaded if present at the server. Though favicon download doesn't affect you page response time directly, but it share the bandwidth. So better to keep favicon small (preferably less than 1 KB) & cacheable.
Favicon can be used in two ways:
  • Keeping the favicon.ico file in the server root directory
  • favicon.ico using link attribute in the header of the HTML
I consider second approach better for the following reasons
  • can be cached with the proper expiry header and can be served from CDN.
  • E.g. <link rel="shortcut icon" href="http://in.yahoo.com/favicon.ico" type="image/x-icon" />
Please note that, If favicon is changed, It name cann't be changed to clear the cache, so choose the expiry time wisely.

However there are something more to know about the second approach:
  • IE loads favicon before lazy-loaded components.
  • It increases the load on your application server.
  • Favicon loaded with a <link> are loaded early in the FF waterfall

Saturday, July 4, 2009


After using Evolution & Outlook, I move to Thunderbird. Definitely it is the best mail client I ever used. However, I tried some of it useful configurable options.

A. Modifying Thunderbird's Reply Header [1] : By default while replying, you may want to include the date (timestamp). Go to Edit / Tools => Preferences / Options => Advanced => Config Editor => search for "mailnews.reply_header_type" and set it 3.

[1] http://panicbook.blogspot.com/2006/10/modifying-thunderbirds-reply-header.html

B. Lightning at Thunderbird 3.0
1. Go to 'Tools -> Add-ons'
2. Click 'Get Add-ons' tab
3. Search for "Lightning" here or at https://addons.mozilla.org/en-US/thunderbird/
4. The results will show "Lightning Nightly Updater (Unofficial)"
5. Install it
6. Restart Thunderbird
7. Go to 'Help -> Check for Latest Lightning Nightly Builds...'
8. Pop-up will show the latest Nightly Build of Lightning which is available
9. Click on Install
10. Restart Thunderbird

Tuesday, March 3, 2009

Top 20 Security Assessment Tools

Home Page: http://www.nessus.org/
Description: The premier Open Source vulnerability assessment tool Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unix platforms. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks.

Home Page: http://www.ethereal.com/
Description: Sniffing the glue that holds the Internet together Ethereal is a free network protocol analyzer for Unix and Windows. You can interactively browse the capture data, viewing summary and detail information for each packet.

Home Page: http://netcat.sourceforge.net/
Description: The network swiss army knife. A simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts.

Home Page: http://sourceforge.net/projects/whisker/
Description: Rain.Forest.Puppy's CGI vulnerability scanner and libraryWhisker is a scanner which allows you to test HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Libwhisker is a perl library (used by Whisker) which allows for the creation of custom HTTP scanners.

John the Ripper
Home Page: http://www.openwall.com/john/
Description: An extraordinarily powerful, flexible, and fast multi-platform password hash cracker. John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords.

Sam Spade
Home Page: http://www.samspade.org/ssw/
Description: Freeware Windows network query tool. SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more.

Home Page: http://www.cirt.net/code/nikto.shtml
Description: Nikto is a web server scanner which looks for over 2000 potentially dangerous files/CGIs and problems on over 200 servers.

Home Page: http://www.kismetwireless.net/
Description: A powerful wireless sniffer. Kismet is an 802.11b network sniffer and network dissector. It is capable of sniffing using most wireless cards, automatic network IP block detection via UDP, ARP, and DHCP packets, Cisco equipment lists via Cisco Discovery Protocol, weak cryptographic packet logging, and Ethereal and tcpdump compatible packet dump files.

Home Page: http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan.htm
Description: Foundstone's Windows TCP port scanner. A connect-based TCP port scanner, pinger and hostname resolver. No source code is provided. It can handle ping scans and port scans using specified IP ranges.

L0phtCrack 4 (now called "LC4")
Download Location: http://www.net-security.org/software.php?id=17
Description: Windows password auditing and recovery application L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc).

Home Page: http://www.eeye.com/html/Products/Retina/index.html
Description: Commercial vulnerability assessment scanner by eEye. Like Nessus and ISS Internet Scanner mentioned previously, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found.

Home Page: http://www.insecure.org/
Description: Open source scanning tool for Windows and Linux.

Network Stumbler
Download Location: http://www.stumbler.net/
Description: Free Windows 802.11 Sniffer. Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such called Ministumbler. The tool is currently free but Windows-only and no source code is provided.

Home Page: http://www-arc.com/sara/
Description: Security Auditor's Research Assistant. SARA is a vulnerability assessment tool that was derived from the infamous SATAN scanner.

Home Page: http://www.nstalker.com/eng/products/nstealth/
Description: Web server scanner. N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but do take their web site with a grain of salt. The claims of "30,000 vulnerabilities and exploits" and "Dozens of vulnerability checks are added every day" are highly questionable.

Cain & Abel
Download Location: http://www.oxid.it/cain.html
Description: The poor man's L0phtcrack. Cain & Abel is a free password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Home Page: http://www.sys-security.com/index.php?page=xprobe
Description: Active OS fingerprinting tool. XProbe is a tool for determining the operating system of a remote host. They do this using some of the same techniques as Nmap as well as many different ideas.

SolarWinds Toolsets
Download Location: http://www.solarwinds.net/
Description: A plethora of network discovery/monitoring/attack tools. SolarWinds has created and sells dozens of special-purpose tools targetted at systems administrators. Security related tools include many network discovery scanners and an SNMP brute-force cracker.

Download Location: http://www.hoobie.net/brutus/
Description: A network brute-force authentication cracker. This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available.

Paketto Keiretsu
Home Page: http://www.doxpara.com/read.php/code/paketto.html
Description: Extreme TCP/IP. The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for.

Sunday, March 1, 2009

onError: Handling "Image Not Found" in JavaScript

HTTP requests are expensive, so making an HTTP request and getting a useless response (ie. 404 Not Found) is totally unnecessary and will slow down the user experience without any benefit. Even worse is when the link to an external JavaScript is wrong and the result is a 404. First, this download will block parallel downloads. Next the browser may try to parse the 404 response body as if it were JavaScript code, trying to find something usable in it.

Although, we cann't reduce the http requests if image is not found, but error can be handled resulting in showing some other appropriate image to the user.
We can use "try... catch" statement to catch the error in a web page. Alternatively, we can use the onerror event as well for the same purpose.
The onerror event is fired whenever there is a script error in the page.

Example use:
To use the onerror event, you must create a function to handle the errors. Then you call the function with the onerror event handler. The event handler is called with three arguments: msg (error message), url (the url of the page that caused the error) and line (the line where the error occurred).

onerror = handleErr

function handleErr(msg,url,l) {
//Handle the error here
return true or false

An another example for handling it, another image can we shown if image is not found
eg. <img src="http://www.yahoo.com/badimage.gif" alt="Bad Image" onError="this.src='http://l.yimg.com/a/i/ww/beta/y3.gif';" />

Sunday, February 15, 2009

Xoopit with Gmail for facebook status update

Xoopit, a social networking email enhancement that allows users to locate files, images and videos in their inbox, has launched a new feature that lets Gmail users immediately see and set Facebook status messages and view profile photos of their Facebook friends while reading emails off a Gmail account.

Users can also quickly see other information such as birthdays and mobile phone numbers. After downloading the feature, a user can easily update their own status directly from a Gmail account using Facebook Connect. Xoopit’s new feature is pretty neat and gives users the ability to bounce between Facebook and Gmail accounts seamlessly. And Facebook’s status message feature is one that most users check most frequently, so its particularly useful to the average Facebook user.

The marriage of social networking and email is not a new concept. Yahoo and Google are both pretty open to incorporating social networking into their email applications, with Yahoo even potentially creating a social network around its email product (Yahoo mail has around 254 million users worldwide, Gmail has around 80 million users).

It doesn’t appear that the Xoopit-Facebook feature is available to Yahoo Mail users but the Yahoo and Xoopit may not be far away from developing a Gmail-like relationship with Yahoo, as we wrote about late last year.

The plug-in was a bit buggy when I downloaded it but I think its a nifty tool as a whole. It certainly saves me the time in switching back to Facebook to check status updates or update my own status. Now if only we could stream the news feed feature into Gmail.


Friday, January 2, 2009

Image Optimization

Images may be the culprit in making web page slower as images contribute the good amount to page weight. So I dedicated my little time researching about it, and found few things noticeable, which hit the web performance directly if not being followed. Ok. So question is what to do to avoid that?
Wow! You combined the images into sprites. But Is your task over?
Answer is No. The basic Idea is, how are you making the simple images and how are you combining them into one sprite.
I've few basic suggestions which should be there in our mind, while making images or sprites :
1. Avoid white spaces
2. Avoid diagonal gradients
3. Avoid Alpha transparency
4. Avoid filters eg. AlphaImageLoader
5. Limit colors
6. Horizontal is better than vertical
7. First optimize individual images, then sprite
8. Change gradient color every 2-3 pixels
9. Combine like colors
10. Reduce anti-aliased pixels - via size and alignment

The next level optimization, can be done with the help of different tools & by following some best practices.

1. SmushIt images. Do remember that this tool don't remove the meta information (author, date etc.) from the images as of now. and second point that sometimes it suggests the .png image output for some .gif image. Other So beware about the alpha color transparency in your images.
2. Use PNG (Portable Network Graphics) images are better then gifs in size. PNG8 are smaller in size, but it losses the quality of the image. so I prefer png over png8 where quality matters. Otherwise use progressively enhanced PNG8
3. PNGCrush is an open source command line optimizer for PNG files. It reduces the size of the PNG IDAT data stream by trying various compression levels an PNG filter methods
4. Avoid filters as I) Blocks rendering, freezes the browser, II) Increased memory consumption, III) per element, not per image.

These are the basics, but there are many more optimization practices.

Thursday, January 1, 2009

An appeal from Wikipedia founder

"Imagine a world in which every single person on the planet is given free access to the sum of all human knowledge."
— Jimmy Wales, Founder of Wikipedia
Wikipedia is very useful source of free information over the net which is being read / added / updated by hundreds of million people like us. I personally feel that If we will doing something like donating ourselves or even inspiring others who are capable & willing, that will be great help for all including me.
Find the link here for info & for donation:


Related Posts with Thumbnails