Thursday, December 28, 2006

50 - Fifty Coolest Best Websites OF Year - 2006


A variety of amusements, from classic rock to famous photography, collage art to custom radio, plus our favorite video web logs


Yummy food, Hollywood fashion and helping hands for those do-it-yourself projects


The Web's best war correspondent, a snarky sports blog, the pioneers of "social news" more


A humming social network, community sing-along, instant-messaging hub, mobile-launched pub-crawls and numbers-crunching by committee


Juicy celebrity gossip, mindless computer games and other guilty pleasures


An airfare predictor and subway guide, restaurant reviews and car sharing


Ordering take-out, finding phone numbers and a slew of alternative search engines

Monday, December 25, 2006

Good Referential Ten 10 online operating systems

As we we’re waiting for Google to launch its own Google OS (if the rumours are true, of course), I’ve checked out 10 web operating systems and what they can do. Not many of them feel like finished and fully usable products, but there are some true gems among them.
Admit it: you didn’t think there were that many WebOSes around, did you?

Neither did I. You can find month or two old articles on the web which talk about a WebOS as a recently forged concept, yet to be realized. YouOS was practically the only one that had media coverage, so when I began the research for this article, I hoped to find five usable WebOS applications at best.

I was wrong. There are over 10 fully functional WebOS applications out there, and a couple more that are announced or in closed betas.

But what is a WebOS (not to be confused with another definition of the term, see here), or a Webtop , anyway ? Here’s a simple definition: WebOS is a virtual operating system that runs in your web browser . More precisely, it’s a set of applications running in a web browser that together mimic, replace or largely supplement a desktop OS environment. It’s a tough field to start in for a Web 2.0 entrepreneur, because to be successful you need to create several applications that are at least as good as other competitors, and you need to connect them all into a usable bundle. What’s also expected by most users is that all this looks decent, operates similarly to a “real” OS and behaves as a real “OS” would, and is relatively bug-free. Simply put, to gain real everyday users, your WebOS has to be damn good . We’ll see how these newcomers fare in the following months and when (and if) some big giant like Google decides to create their own WebOS.

So, without further ado, let’s see what the 10 WebOS services I’ve gathered here (in alphabetical order) today can offer to the user. Bear in mind that not many of these services are mature enough to receive a proper, thorough review; this is more of a ‘first look’ kind of thing than a full-featured review.

1. Craythur

craythur.jpgCraythur is a completely new WebOS that puts big emphasis on looks, and it does that part really well, with a well chosen desktop background and transparent window borders similar to those Vista’s Aero. However, the apps themselves are more alpha than beta. For one thing, they’re mostly not translated from Spanish. They work, but nothing more than that; none of them can hold their own against any decent comparative application, web-based or otherwise. Since this is obviously an application at its very early stages, let’s just leave it at good-looking and come back in a few months to see the progress.

2. Desktoptwo

desktoptwo.jpgIf there’s such things as “serious WebOS players”, Desktoptwo is one of them. It’s a Flash based fully featured WebOS which requires registration to try, immediately giving you your own mini-site and your own Desktoptwo email address to use. Desktoptwo is Flash-based, and while I’m not thrilled about Flash Web 2.0 applications, most of the OSes from this list work in Flash, and I must admit that some do it pretty well. Desktoptwo’s apps can be slow, and a certain amount of bugs are present (when i clicked on Message Board preferences, everything got garbled up), but not so much to ruin your experience with the service. One more thing: Desktoptwo opens in a popup, which is sure to annoy some users.

Feature-wise, Desktoptwo delivers and then some. You’ve got search, clock and sysinfo widget, a dock, MP3 player, RSS reader, Instant messenger, OpenOffice, HTML editor, notepad, and several others. Unfortunately, several of these open in popups, which somehow makes you remember you’re in Windows. Furthermore, if you close the Desktoptwo window and log in again, some of your settings are forgotten. However, your content, for example, the files you save to the desktop, or the RSS feeds you add in the very functional RSS reader are remembered over sessions, which is good. Overall, Desktoptwo does many things well, but it needs to iron out a few usability/UI issues to become a really usable WebOS.

3. EyeOS

eyeos.jpgTaking a bit of a different approach than other sites in this bunch, EyeOS offers you to download the EyeOS server files and install them on your on web server to use as you please. You can also try out a demo which is hosted on the free public server, which also provides free accounts of eyeOS to everyone who wants to use it without owning a private server. The public server is funded through donations, and there’s still quite a way to go, so if you like EyeOS, go ahead and help them.

EyeOS itself is functional, not too buggy, but a bit slow and a bit bland. You have your standard calendar, calculator, address book, RSS reader, simple word processor, file uploader and a few others, but they have pretty limited functionality, and they all look more like test apps than something you’d really use in day to day work. Furthermore, some of the options simply do not work, for example changing the wallpaper.

Although EyeOS seems to be an ambitious project, it doesn’t offer much more than, for example, Craythur. It looks nice, it works, but its apps aren’t interesting enough to actually use it for any serious work.

4. Glide

glide.jpgThis text was actually postponed because Glide registration was closed until 19th of December, and I wanted to squeeze it into this list. And lo and behold; they’ve gotten real serious after the relaunch. So serious that besides free registration, they offer things like family standard and family premium plans (for the last one the fee is $149.95 yearly). For registration. they also require verification via an SMS message. This got me interested, as it is the only WebOS around that thinks of itself highly enough to actually start charging for the service.

And, to some extent, Glide delivers. It’s Flash-based, and it’s not really trying to mimic Windows or any similar desktop environment, choosing a unique GUI of its own instead. It lets you upload and store up to 1 GB of files, read RSS feeds, manage bookmarks, appointments, chat, create documents, view picturess. It’s also designed pretty well - at least at first sight. However, it’s somewhat similar to DesktopTwo in some areas, sharing a number of negative traits with it. First of all, some apps open in a popup, for which I really can’t see a good reason. Furthermore, some of the applications don’t seem to be as polished graphically as the rest of the interface. Some of the apps are just plain buggy - the Calendar simply did not work, reporting an error as soon as I clicked it.

These are mostly minor errors, but they add up. For me, an additional problem was the interface itself which is pretty confusing. It took time figuring out how to do simple tasks like reading RSS feeds, and once I closed certain areas of the Webtop, it was pretty hard to find them again. Like many other services in this list, you can definitely see that a lot of effort has been put into Glide, and some of its parts are done well, however it still has a long way to go (especially if you pay for it).

5. Goowy

goowy.jpgGoowy is also Flash-based, but I don’t feel any of the usual negative traits that Flash can bring. It has lots of well-written and usable applications, it’s not lightning fast but it’s not too slow either, and it all works within the same window with the standard desktop-OS-like toolbar. The apps…well, the apps are great. They open in windows you can move around your webtop using a pretty precise grid, which makes organization really easy. You’ve got your standard file-uploader, mail application, RSS reader, instant messenger, bookmarks, calendar and contacts. All of these apps are very well made; for example, the RSS reading functionality is almost as good as in my online reader of choice - Netvibes. I wouldn’t exchange Netvibes for it just yet, but if weren’t able to use Netvibes anymore, Goowy would do just fine. Same goes for other applications, which makes Goowy by far the most usable WebOS in this list.

As far as settings go, you’ve got a lot to choose from. Actually, Goowy is so advanced that I almost feel bad giving it a short rundown instead of a full-featured review it deserves, and I will probably make up for it sometime. Let’s just mention it has a spell checker and a spam filter, which shows the devotion to detail in this product.

Although this text is not a contest, if I had to pick just one WebOS to use, Goowy would be it - and by a big margin. The learning curve is very short; it looks sexy, it has a solid number of well-written applications, and it’s all pretty-much bug free. Great job.

6. Orca

orca.jpgWebOS is a pretty complex application and there’s no two ways about it. So when I see things like “Muly” as one choice for the month of birth or when the “create account” button is missing altogether, I think “sloppy”. And that’s exactly how Orca turned out to be in the end.

I will utter three little words and 70% of readers will skip to the next item in the list: no Firefox support. And they’re right: you simply cannot create an application meant primarily for tech-aware users and not have support for the tech-savvy browser of choice. But even in IE, Orca is simply an unfinished, early alpha, hey-i-can-now-invite-a-few-friends-to-test-this product. Best of luck to the developers, but at this stage Orca is not worth your time.

7. Purefect

purefect.jpgPurefect is also at an early stage of development, but it’s at least showing some promise. It tries to mimic the Windows environment completely, down to the icons, which is in my opinion the wrong path to choose. There are just a few apps, like file explorer, memory game and calculator, and as far as settings go you can set the display preferences. It’s functional, but pretty buggy (you can access other users’ files in the file explorer), and there simply isn’t much to do. Like Craythur, it might be interesting to check it out again in a couple of months to see if there’s any progress, but for now it’s just not usable.


ssoe.jpgSSOE seems to be a project that’s looking far ahead. The author is the first to admit that the kernel of the OS is perhaps 10% written at this point and it gives you a choice of a relatively stable and a newer, unstable version to choose from.

And it’s all true. SSOE looks is more a technology demo than something you would even consider to use, regardless of which version you choose. But even at this early stage of development, I will feel free to give the author a pointer: those huge icons, and badly done brushed metal windows, are ugly. Noone is going to use them if they look like that. Other than that I can’t say much about SSOE because 80% of stuff I’ve tried to click on did not work. Best of luck in the future, next please.

9. XinDESK

xindesk.jpgXinDESK is the only one out of the 10 WebOS apps listed here that I didn’t actually try out, because they don’t have a demo or an alpha version yet. However, browsing through the author’s blog one can find some interesting facts about the service. Here’s a couple of quotes:

“The core of Xindesk is a WebOS featuring application that opens and saves the standard office formats. Xindesk is the first web operating system that works easily, even for people without deep computer knowledge. The WebOS is an open platform, just like Windows and Mac OS. This enables anyone to develop new applications.”

“Every Xindesk application you develop can also be installed on all versions of windows.”

All in all, it doesn’t sound too shoddy, and I look forward to checking out this service again when it’s available to the public. You can check out a couple of screenshots over at XinDESK blog.

10. YouOS

youos.jpgBefore I’ve started writing this piece, the only OS I’ve heard something about in the news was YouOS. And you can see that a fair amount of serious development went into the product, as there are quite a number of useful applications here, including a very good chat client, IM software, file browser, RSS reader and a couple of others. The applications can be moved accross the desktop, look pretty much like standard desktop apps and respond well with some minor issues (for example, the resizing of the RSS reader window did not go too smoothly). You can browse through your open applications using a toolbar similar to the Windows taskbar, which also works as intended.

Unfortunately, YouOS is a bit lacking in the design department. It’s windows and applications are usable, but they’re certainly not beautiful. It does not impede the functionality, but it does somewhat diminish the overall experience.

As far as the general usability applications go, I’d say YouOS takes a second place to Goowy. Its apps are fully functional, but lack a few details, be it in the design or functionality department, that would keep me from using YouOS on a daily basis. However, YouOS is definitely a very serious contender in the WebOS field, and it might turn into a force to be reckoned with.


So, there we go - a short scan of 10 web operating systems shows us that this neck of the woods is promising, but still young and suffering from many a beginner’s disease. I’d say that YouOS, Goowy and DesktopTwo are the names you should watch now and in the near future, while the others *might* turn into promising products, but we’ll have to wait a month or two for that to happen. Also, keep in mind that while it’s relatively easy to judge who has the best functionality, it’s much harder to see who has the best code, or the most solid framework to build upon, so it’s safe to say that we can expect a few surprises to happen here.

Thursday, December 21, 2006

Word Web 2.0 :

1. Is Web2.0 something new and different or just something that grows from Web1.0?

I know about Web 1.0 from O'Reilly article "What Is Web 2.0", I think that Web 1.0 was born with Web 2.0. If we type the phrase "Web 1.0" in a google search box , the first result will be "O'Reilly What Is Web 2.0". Now we do a search in wikipedia, when we type "Web 1.0", will see "Web2.0" and "(Redirected from Web 1.0)"

Which came first, the chicken or the egg? And the answer is: both came in the same time...i.e.both names appears in the same time

And the answer for the main question is:
It's like a child (Web 1.0) became a teenager (Web 2.0).

2. What exactly is Web 2.0? What is definition of Web 2.0?

Web 2.0 is a next step in creating web based services. Dynamic information provided and managed by the web services and created by the users and other services...
(the web as a platform)

Examples: blogging, Google (search results, services, adsense), wikipedia, flickr,, etc..

The web is a platform (operating system), and the web services are applications ...

3. What more should I know about Web 2.0, if I want to dig deeper in this subject?

Folksonomy, Tag clouds, Social bookmarking, Rss, Syndication, Blogroll, Permanent Link, PageRank, Perpetual Beta, AdSense, Ajax, XML, RDF, Wiki, CSS, XHTML, Creative Commons, Web 3.0, Semantic web, Social networking, and so on... Lots of slogans, labels, names...

4. Where should I look for Web 2.0 based websites?

Anywhere where people making and sharing their works, thoughts, opinions, knowledge especially these websites where content has been changing dynamically and where you can create new content. (ex. blogs, social bookmarking services, online photo albums, etc).

5. What isn't Web 2.0 ?

Maybe these websites, where people can't do more than reading, watching or browsing through content aren't conform the new concept of Web 2.0, however this is very general definition. I think, we can not tell that something is hundred percent Web 2.0 or hundred percent Web1.0. If something isn't widely open for people and don't have social resources isn't Web 2.0 ready...

Wednesday, December 20, 2006

Preventing Cached AJAX Requests

As a developer, you’re probably well aware of all the issues that commonly occur due to cached data. AJAX is not unique when it comes to these issues; in fact, this problem is fairly common. Luckily, there are workarounds, one of which involves JavaScript’s Date object. If you haven’t used this approach for other caching issues, you’ll be pleasantly surprised at how easy it is to implement.

When making a standard HTTP request, the browser caches the web pages that we visit. Query strings are one way to work around this behavior. Therefore, we could easily use a query to our advantage by adding a simple query at the end of an AJAX request. But this will solve only half of the problem—if the query is the same each time, the data can still be cached. Therefore, we need to create a unique query each time a request is made. There are many ways to handle this need, but the one that makes the most sense in this situation is to use time to our advantage—because time is always changing.

The example in Listing 1 takes a uri parameter that will be used to make the request. Once we create the appropriate request object, we then create an instance of the Date object that will be used to create the next variable, called uniqueURI. The uniqueURI starts with the uri parameter; then we use a condition that checks for the index of a question mark, which would symbolize an existing query string. If the query string exists, we simply append an ampersand to the query; otherwise, we append the question mark. For either condition, the uri is followed by a key/value pair of "timestamp=" plus the current time from the Date object. Once we have the uniqueURI, we’re ready to finish making the request.

Creating a Unique URI

function xmlLoader(uri)
var request;
request = new XMLHttpRequest();
else if(window.ActiveXObject)
request = new ActiveXObject("MSXML2.XMLHTTP");
var timestamp = new Date();
var uniqueURI = uri+ (uri.indexOf("?") > 0 ? "&" : "?")+ "timestamp="+ timestamp.getTime();
request.onreadystatechange = callbackMethod;"GET", uniqueURI, true);

The uniqueURI variable is all it takes to avoid cached requests with AJAX.

Friday, December 15, 2006

INDEX Page at

Sunday, December 03, 2006

AJAX (In)security

AJAX (Asynchronous JavaScript + XML) is a combination of web browser technologies that allows web page content to be updated “on-the-fly” without the user moving from page to page. In the background of an AJAX-enabled web page, data (typically formatted in XML, but also HTML, JavaScript, etc.) is transferred to and from the web server. In the case of Gmail, new email messages are displayed as they arrive automatically. In Google Maps, a user may mouse-drag through street maps without visiting additional pages. The mechanism for performing asynchronous data transfers is a software library embedded in all modern web browsers called XMLHTTPRequest (XHR) . XHR is the key to a website earning the “AJAX” moniker. Otherwise, it’s just fancy JavaScript.

If you’re thinking that none of this sounds security related, you’re right. AJAX technology makes website interactivity smoother and more responsive. That’s it. Nothing changes on the web server, where security is supposed to reside. If that’s the case, then what is everyone talking about? Word on the cyber-street is that AJAX is the harbinger of larger attack surfaces, increased complexity, fake requests, denial of service, deadly cross-site scripting (XSS) , reliance on client-side security, and more. In reality, these issues existed well before AJAX. And, the recommended security best practices remain unchanged. If you’re like me, you want to know what’s really important, so let’s take a closer look.

Does AJAX cause a larger “Attack Surface”? No.

The term “Attack Surface” applies to a concept used to measure security by analyzing the points in a system that are open to attack. For software, these points are areas of data input and output that can be manipulated by a third-party. Obviously the smaller attack surface an application has, the easier it is to secure. What’s also obvious is that web applications, or any application, only have as much functionality (attack surface) as has been programmed in. It doesn’t matter if the user interface uses AJAX, Flash, ASCII art, or anything else. Again, AJAX is a web browser (client-side) technology. It does not execute on the server. While the coolness factor of AJAX drives developers to publicly expose more functionality - which may introduce new “server-side” vulnerabilities - this can hardly be blamed on AJAX. New code has always meant an increased risk of vulnerabilities.

Furthermore, in my experience, AJAX-enabled web applications are no more functionally complex than standard web applications. Google Maps is actually a less sophisticated application than the seemingly simple craigslist. Gmail is less complex than Outlook Web Access. Also, web applications (re)-designed using AJAX stand a better chance of being developed on more up-to-date platforms (.NET, J2EE, etc). These platforms are inherently more secure and less prone to vulnerabilities such as SQL Injection, Credential Session Prediction, Directory Traversal, and a dozen other common threats than previous generations.

Does AJAX make the “Attack Surface” harder to find? Yes and No.
A corporate security program is incomplete without measurable results. The most common way to measure the security of a website is by simulating attacks--thousands of them (i.e. a vulnerability assessment). A vulnerability assessment can be performed either manually, or with an automated scanning tool, or preferably with a combination of the two. One of the first steps in the process is to locate input points in the web application, or the “attack surface.” Therefore, a complete vulnerability assessment requires finding them all.

Automatically crawling the entire website and mapping the links is standard practice. This method works fine on some websites, others not at all, and the rest fall in-between. The challenge is that new websites often utilize heavy JavaScript, Flash, ActiveX, Applets, and AJAX, where links are either buried or dynamically generated within complex client-side code. Parsing out these links is often hard and sometimes impossible. Therefore automated scanning becomes increasingly less reliable as a method for validating the security of an AJAX enhanced website.

Humans on the other hand have an easier time sifting through code and inferring relationships. Many times the JavaScript source documents all the areas of input into the website, almost like an XML web service, which is useful not only for the good guys, but for the bad guys as well.

In a normal website, there would be no such resource and an assessor must rely on link crawling. The conclusion is that AJAX doesn’t make websites less secure, but it can make them more challenging to assess.

Can AJAX cause “Denial of Service”? Not really.
It has been claimed that AJAX-enabled websites utilize an application design in which a larger volume of smaller HTTP requests are used as opposed to fewer, larger requests. For instance, Google Suggest may fire off a tiny HTTP request for each user keystroke in an attempt to perform automatic word completion. The assumption is that if there are 1,000 users on the system, moving to the AJAX rapid-fire model will exponentially increase the number of requests to the system. This could potentially result in a denial of service (DoS) scenario. I suppose this is possible, but whose fault is this really?

In my view, this problem is not caused by AJAX or even a bad software design strategy, but instead by a lack of proper implementation and performance testing. The solution is to tune the configuration or add more web servers. And to be realistic, if someone wanted to DoS a network, they could flood the network with HTTP traffic whether AJAX was used or not.

Does AJAX rely on client-side security? No.
OK, let’s return to web application security 101. Web applications must NEVER trust the client (web browser). This is gospel whether the web page interfaces use JavaScript, Flash, ActiveX, Applets, AJAX or any other protocol or language. Every developer should be aware that basic HTTP proxies may alter anything about the HTTP request, even those generated by XHR. Great care should be taken to ensure that all security checks are performed on the server--no exceptions.

Does this mean that security professionals should not use client-side security checks? No, quite the opposite. I actually recommend using client-side security in forms and other business process flows because it benefits the user experience by being more responsive. There’s no need for a round trip to the server to inform the user that he’s typed a letter into the phone number field. This also lessens server load by pushing some processing time onto the client.

Does AJAX lead to poor security decisions? Sort of.
The new Web 2.0 websites often include data from one or more third-party websites, creating something known as a “mash-up.” AJAX developers would prefer the user to pull in the data directly from the third-party, thereby reducing bandwidth; but, this is not possible with XHR technology. XHR has security protections built-in, preventing a user’s browser on Website A from making connections to Website B. This helps protect users from malicious websites, where JavaScript Malware on the page could force a user to download all your bank account information. Web developers, not wanting to stifle innovation, created a work around to enable access to third-party sites.

What developers often do is create a local HTTP proxy on the host web server. To have the client pull in data from a third-party website, they’ll direct an XHR request through the local proxy pointing to the intended destination. Consider the following example request generated by the web browser:


Website A takes the incoming request. The “proxy” web application then sends a request to Website B designated by the “URL” parameter value. With the proxy, developers can use XHR to make off-domain requests. And since XHR won’t send the user’s authentication cookies to Website B, because Website A did not connect to it directly, it is safe for them as well. The security issue is that Website A is hosting an unrestricted HTTP proxy.

Attackers love finding open proxies because they can initiate attacks that cannot be traced to their origin. The capabilities of the proxy should be carefully controlled and restricted with regard to which websites it will connect to and how. In my opinion, the problem lies with developers circumventing security controls without adding appropriate safeguards, not AJAX.

Does AJAX make Cross-Site Scripting (XSS) attacks worse? I hope not.
Can it get worse? During my presentation entitled “Hacking Intranet Websites from the Outside” at BlackHat 2006, I demonstrated how JavaScript Malware is able to acquire internal NAT’ed IP addresses, port scan, blind web server fingerprint, steal browser history, and exploit web-based interfaces on an intranet. The Washington Post called it “disturbing.” All proof-of-concept code was achieved without AJAX, just plain old JavaScript.

XHR can initiate just about any desired HTTP request - provided the request remains on-domain - and view the response. Plain JavaScript can make the same requests, without the on-domain limitation, but can’t typically view the response. This means if a user is on Website A, XHR cannot force user connections and read data from Website B. However, plain JavaScript could. If you look at it that way, XHR (AJAX) is more secure!

AJAX has fired up interest in JavaScript. Research in JavaScript has led to new malware discoveries whose potential severity is amplified by ubiquitous XSS vulnerabilities. To be fair, the Samy Worm that hit MySpace and JS-Yamaner on Yahoo exploited XHR for propagation. However, the attack could have just as easily been perpetrated using plain JavaScript. AJAX is irrelevant in this scenario. What matters is finding and fixing XSS vulnerabilities in web applications. The WhiteHat Security white paper “Cross-Site Scripting Worms and Viruses” is an additional information resource.

Does AJAX change security best practices? No.
If a web application has vulnerabilities, it will be insecure no matter what techniques are used to develop it. If a web application is well designed, no amount of “insecure AJAX” will reduce its security posture.

Following are five tips for securing Web applications:

1) Secure by design. Start secure and stay secure by including security as a component in each stage of the software development lifecycle.
2) Rock-solid input validation. Never trust the client, ever.
3) Use reliable software libraries. From encryption to session management, it’s best to use components that are tried and thoroughly tested. No need to reinvent the wheel and repeat the mistakes of others.
4) Secure configuration. Every component of the website should be configured with separation of duties, least privilege, unused features disabled, and error message suppressed.
5) Find and fix vulnerabilities. Continuous vulnerability assessments are the best way to prevent attackers from accessing corporate and customer data. You can’t control what you can’t measure.

Following these best practices is the first step. Validation is the second. No company can be expected to write flawless code, or have staff available around-the-clock to address all its Web application vulnerability issues. That’s why WhiteHat created WhiteHat Sentinel, a continuous vulnerability assessment and management service for web applications. WhiteHat Sentinel is available 24/7, enabling companies to identify, prioritize and ultimately remediate the vulnerabilities that leave web applications open to attack.

Remember the fundamentals, use defense-in-depth, and your online business will be safer.

Microsoft has announced free downloadable program and seven online services for accounting

Help with the accounts

Microsoft has announced Office Accounting Express 2007 for small businesses and others still struggling to do their accounts using paper and pencil.

There are a free downloadable program and seven online services. As well as offerings from eBay and PayPal, the range include more specialised services from Equifax for credit ratings and ADP for payroll, which are priced separately.

For large businesses, Microsoft offers Office Accounting Professional 2007, available next year for $149.

Intel is also trying to jump on the Web 2.0 bandwagon

Web 2.0 suite

Intel is also trying to jump on the Web 2.0 bandwagon. It plans to promote a suite of web-based applications, called SuiteTwo, to small businesses. The suite comprises a variety of third-party tools for blogging, wikis and social networking. Intel's contribution seems to be providing a single sign-on capability so you do not have to visit the sites separately.

Thursday, November 30, 2006

Best Places To Use Ajax

  1. Form driven interaction.

    Forms are slow. Very slow. Editing a tag (the old way) on a bookmark? Click on the edit link to load the edit bookmark form page, then edit the field and hit submit to wait for the submission to go through, then return to the previous page and scroll down to find the bookmark to see if the tags look right. Ajax? Click on the edit link to instantly start changing tags, click on the submit button to asynchronously send off changes to the tags and quickly see in place what changed, no reloading the entire page.

    1. Form driven interaction- Subset:Linked Select Menus.

      Imagine a T-Shirt with 3 options; Size, Color, and Style. When tracking inventory for your product, you know you have Large, Red, Polo shirts in stock, but you’re out of Small, Blue, T-Shirts… It is frustrating to the user to pick this combination and then receive an error on the checkout page stateing that you are out of stock… and then have to go back to the selection process and reconfigure the item… Using AJAX, you can check the stock of the options as the user picks them and only return or show the items which are in stock.

    2. Form driven interaction- Subset: Autosave.

      Think of someone writing in Word. Which button do they use the most? Save.

      With javascript you can do one better. Not only can you have a save & continue that works just like the forms – you can autosave! Remember to tell the user this, as simply knowing this relaxes quite a lot of people. Properly explained count-down clocks are prefered, for obvious reasons.

  2. Deep hierarchical tree navigation.

    First of all, applications with deep hierarchical tree navigation are generally a nightmare. Simple flat topologies and search/tagging works very well in most circumstances. But if an application really calls for it, use Javascript to manage the topology ui, and Ajax to lessen the burden on the server by lazy loading deep hierarchy data. For example: it’s way too time consuming to read discussion threads by clicking through and loading completely new pages to see a one line response.

  3. Rapid user-to-user communication.

    In a message posting application that creates immediate discussions between people, what really sucks is forcing the user to refresh the page over and over to see a reply. Replies should be instant, users shouldn’t have to obsessively refresh. Even Gmail, which improves on the old hotmail/yahoo mail ‘refresh inbox, refresh inbox’ symptom, doesn’t really push Ajax far enough yet in terms of notifying new mail instantly.

  4. Voting, Yes/No boxes, Ratings submissions.

    It’s really too bad there are no consistent UI cues for Ajax submission, because submitting a vote or a yes/no response is so much less painful when the submission is handled through Ajax. By reducing the time and impact of clicking on things, Ajax applications become a lot more interactive – if it takes a 40 seconds to register a vote, most people would probably pass unless they really care. If it takes 1 second to vote, a much larger percentage of people are likely to vote.

  5. Filtering and involved data manipulation.

    Applying a filter, sorting by date, sorting by date and name, toggling on and off filters, etc. Any highly interactive data manipulation should really be done in Javascript instead of through a series of server requests. Finding and manipulating a lot of data is hard enough without waiting 30 seconds between each change in views, Ajax can really speed this up.

  6. Commonly entered text hints/autocompletion.

    Entering the same text phrases or predictable text phrases is something software/javascript can be good at helping out with. It’s very useful in and GMail, for quickly adding tags/email addresses.

  7. Interactive Errors

    If someone is entering complicated data, it doesn’t make sense to tell them they have failed only after a lengthy submission process. Ajax can speed up this workflow by quickly letting the user know of an error condition before they try to submit. Example: a username chooser, instead of making the user submit the entire form, try a new name and repeat, or keep trying a ‘is this name chosen’ form, the username chooser can simply indicate to the user whether the username is unique or not, while the user is still typing it.

  8. Long Running Queries/Remote Calls

    If a query or a call to a remote webservice is going to take a long time that cannot be avoided, Ajax works well to manage the time a user waits for the call to return. For example, SWiK uses Ajax to fill in results from webservices detailing new projects: a user doesn’t have to wait for Google webservice to return before starting to edit a new project

  9. Computationally Expensive Operations

    Unfortunately, Javascript has a tendency to be quite slow. Complex math or number crunching just isn’t Javascript’s forte. Additionally, heavy Javascript computation can slow the basic user interface to a crawl. An XMLHTTPRequest call can be helpful here, pushing expensive computations to beefier remote servers.

  10. Server Savings
  11. Sometimes, a process users do over and over on a site requires only a small amount of new data to be sent over the wire, but loading entire new pages can be a strain on the servers in bandwidth and resources. Ajax can be used to load pages more efficiently, as seen in various tests. Of course the ease of making new or multiple requests from the server using Ajax also means that it’s easy to overtax server resources as well.

  12. Interactive Panning And Moving Over Data
  13. Moving and scanning over large data sets makes it impracticable to pre-load all of the data. Loading the data just ahead an just behind the user gives the appearance of the entire data set being accessible, and helps eliminate loading times. A great example of this is Google Maps’ scrolling tiles system that gives the effect of moving over a map by picking up tiles behind and placing them ahead of the user, filling them with new data requested via Ajax.

Best Top Ten Open Source,Ajax/DHTML Librearies For Web Developer

Hi, Frnds...I made a list of the top 10 libraries that I have come across or that I personally use. Libraries can be best for a web developers friend. They are great resources to learn from and can save hours and hours of time. These libraries include JavaScript, Ajax, Colors, PHP, and CSS. These should be in any web developers bookmarks, so go ahead and look through these libraries and bookmark your favorite ones. The list is in no particular order.

1) Moo.fx - A superlightweight, ultratiny, megasmall javascript effects library, written with prototype.js. It’s easy to use, fast, cross-browser, standards compliant, provides controls to modify Height, Width, and Opacity with builtin checks that won’t let a user break the effect with multiple crazy clicks. It’s also optimized to make you write the lesser code possible.

2) Rico - An open source JavaScript library for creating rich internet applications. Provides full Ajax support, drag and drop management, and a cinematic effects library.

3) Swat - Developed by silverorange, Swat is an open source web application toolkit built with PHP.

4) ColorCombos - Who would’ve thought a color library would end up mixed in with a bunch of JavaScript and PHP libraries? Well they do have a pretty sweet little color library for finding color combinations, all you do is select the color and they show you some nice combos that work with that color.

5) - Provides you with easy-to-use, compatible and, ultimately, totally cool JavaScript libraries to make your web sites and web applications fly, Web 2.0 style. I’m sure I’m not alone when I say this library is my favorite.

6) Mochikit - A kick-ass lightweight JavaScript library that will help you get shit done fast.

7) Dynamic Drive CSS Library - Here you’ll find original, practical CSS codes and examples such as CSS menus to give your site a visual boast.

8) PEAR - A framework and distribution system for reusable PHP components. PEAR provides the above mentioned PHP components in the form of so called “Packages”.

9) DHTML Goodies - A good sized library of DHTML and AJAX scripts.

10) dojo - Open source JavaScript toolkit that makes professional web development better, easier, and faster.

Honorable Mentions

11) Cross Browser | Toys - Huge JavaScript library.

12) Yahoo UI Library - The Yahoo! User Interface (YUI) Library is a set of utilities and controls, written in JavaScript, for building richly interactive web applications using techniques such as DOM scripting, DHTML and AJAX. The YUI Library also includes several core CSS resources.

Big thanks to all of those who have help in anyway to put one of these libraries together.

I hope you find this list helpful. Keep in mind there’s hundred of libraries available online, I don’t know all of them and I’m sure I missed a few good ones, feel free to add your favorites in the comments below.

Friday, November 24, 2006

Want to Learn that How to Make Money By Blogging !!!!!

There are two major types of business models that entrepreneurs use to make money blogging. The first and most common way to turn a blog into a profit making machine is to sell advertising to different companies and brands who want to reach that blog’s readers. The second kind of money making blog is one that helps a single brand improve its image by creating positive associations between the blog and the product in the mind of consumers. Both kinds of blogs can make a lot of money, especially if the creator has a keen mind for marketing.

If you are blogging with the goal of selling advertising, there are two basic ways that you can go about recruiting sponsors who want to put ads on your site; you can let someone else do all of the legwork, or you can do the work yourself and keep all of the revenue.
Within the first group, many people make money blogging by selling space through Google’s AdSense program. The advantages of this program are numerous, as it requires very little effort on the part of the blogger or webmaster to begin raking in profits. However, most people discover that they make less money through this method than they had hoped that their blog would earn.

Selling advertising directly to companies who want to put banner ads or sponsored links on your blog can take quite a bit of time, but it is often fairly lucrative. If you have a lot of contacts in industries that are related to the topic of your blog, you may want to try to go this route. People who have a strong background in sales and are experienced at pitching proposals can make quite a bit of money by renting blog space to interested companies.
The most serious problem with this model is that you often have to build quite a sizable readership before you can attract advertisers, which can mean that you have to do several months of work before you start to make money blogging.

As blogging becomes a more and more lucrative business, a lot of established companies are considering how they can get into the action. One way that companies are capitalizing on the blog movement is by having blogs that provide a kind of friendly face for their corporation. Often, a company will employ an established blogger to create a weblog designed specifically to appeal to that company’s customers and to create positive associations with the brand in consumers’ minds. More than one writer who never
even dreamed that he or she could make money blogging has been approached by a company and offered quite a pretty penny for this kind of gig.

Income Streams for Bloggers

Advertising Programs - Perhaps the most obvious changes in the past few months have been with the addition of a variety of viable advertising options for bloggers. No longer are bloggers only presented with the Adsense and/or BlogAds choice - instead they now have a massive array to choose from. Getting the most publicity recently have been Chitika’s eMiniMalls of course but there are just so many other options now that also include:

Adgenta, CrispAds, Text Link Ads, Intelli Txt, Peak Click, DoubleClickTribal Fusion, Adbrite, Clicksor, Industry Brains, AdHearUs, Kanoodle, AVN, Pheedo, Adknowledge, YesAdvertising, RevenuePilotTextAds, SearchFeed, Target Point, Bidvertiser, Fastclick Value Click and OneMonkey (to name just some of the options - I’m sure I’ve forgotten some) and there is a smorgasbord of options. Of course there is more to come with MSN Adcenter and YPN both in beta testing and with a variety of other advertising system currently in development (so I hear).

RSS Advertising - The past 12 months have seen some advances in RSS Advertising also. I’m yet to hear of any bloggers making big dollars through it to this point - but as improvements are made to the ad programs exploring this I’m sure we’ll start to see examples of it being profitable.

Sponsorship - In addition to the array of advertising programs that are available to join there is a growing awareness in the business of the value and opportunity that exists for them to advertise directly on blogs. I’m hearing more and more examples of this and have been fortunately to have a couple of ad campaigns of my own in the past month - one with Adobe a couple of weeks ago and another just completed with Ricoh for a new digicam over at my Digital Camera Blog. These are not isolated cases - as I say I know of many blogs exploring sponsorship with advertisers at present and suspect we’ll see more of it in the year ahead. Sponsorship is also happening on a post by post basis with some bloggers being paid to write on certain topics by companies - either in one off or a regular fashion.

Affiliate Programs - There are larger affiliate programs like Amazon, Linkshare, Clickbank and Commission Junction but also literally thousands of others from the large to the very small.

Blog Network Opportunities - with the rise in popularity of Blog Networks - bloggers are also being presented with more places to earn an income from their blogging - by writing for and with others. While it might be difficult to get a writing gig with one of the bigger networks - there are plenty who are always asking for new bloggers to join and who are willing to pay bloggers using a variety of payment models. While there are distinct advantages of blogging for yourself - blogging for an established network who will handle a lot of the set up/promotion/admin/SEO etc has it’s advantages also. More and more bloggers are combining writing for themselves on their own blogs with taking on blog network blogs as additional income streams.

Business Blog Writing Opportunities - as blogging has risen in it’s profile as a medium more and more businesses are starting blogs. Many of these companies have internal staff take on blogging duties - but an increasing number of them are hiring specialist bloggers to come on and run their blogs. I know of a number of bloggers who in the past month or two have been approached for such paid work. Check out Bloggers for Hire if you’re looking for this type of work.

Non Blogging Writing Opportunities - Also becoming more common are bloggers being hired to write in non blogging mediums. Manolo’s recent coup of a column in the Washington Post is just one example of this as bloggers are increasingly being approached to write for newspapers, magazines and other non blog websites. Along side this is the rise of bloggers as published book authors - this is to the extent that one blogger I spoke with this week complained to me that they were one of the few bloggers than they knew who didn’t have a book deal!

Donations - Tip Jars and donation buttons have been a part of blogging for years now but this last year saw a number of bloggers go full time after fundraising drives. Perhaps the most high profile of these was Jason Kottke of who through the generosity of his readership was able to quit his job and become a full time blogger.

Flipping Blogs - Also more common in 2005 was the practice of ‘Blog Flipping’ - or selling of blogs. This has happened both on an individual blog level (I can think of about 20 blogs that sold this year) but also on a network level (the most obvious of these being the 8 figure sale of Weblogs Inc to AOL).

Merchandising - My recent attempt to sell T-shirts wasn’t a raging success, but it is an example of how an increasing number of bloggers are attempting to make a few extra dollars from their blogs by selling branded products through programs like Cafepress (although I have to say they’ve lost one of my own orders and are being quite unresponsive to my requests to follow it up at present). While I didn’t have a lot of success with merchandising - quite a few larger blogs are seeing significant sales - especially blogs with a cult following. I’m not at liberty to discuss details - but I know of one largish blog which will see sales over $20,000 in merchandise for the calendar year of 2005.

Consulting and Speaking - While it has been popular for established consultants to add blogs to their businesses we’re also starting to see bloggers with no consulting background earning money by charging readers for their time in consulting scenarios BECAUSE of the profile that their blogs have built them. Blogging has the ability to establish people as experts on niche topics and we all know the value of being perceived as an expert. I spoke to one blogger last month who charges himself out at over $200 an hour for speaking and consulting work - his area of expertise was something that he knew little about 18 months ago - but through his blog he’s become a leader in his field and a minor celebrity in his industry.

As time rolls on there are more and more blog earning opportunities opening up. Feel free to suggest your own ideas in comments below.

Thursday, November 23, 2006

Open source databases is "SIXTY%" cheaper !!!!!

You know .....that Open source databases can save enterprises up to 60 per cent over proprietary products, according to data collected by
recent searches.

A senior analyst at famous database management systems, estimated that average savings on the total cost of ownership are about 50 per cent. The data is based on surveys and customer interviews.

Open source databases such as Enterprise DB, Ingres and MySQL do not carry licence fees, and management tools. Soit is less expensive than for proprietary databases from Oracle, Microsoft and IBM.

Open source offers especially their proprietary competitors in low-end applications with databases of less than 200GB in size outshininigly .

The one fact os this research is that "Eighty per cent of the applications typically use only 30 per cent of the features found in commercial databases," and "The open source databases deliver those features today."

But the hitch is that open source databases generally lack the features for mission critical applications, trailing behind their proprietary peers in security, uptime, performance and features such as XML support.

Enterprise applications from Oracle and SAP also do not support open source databases today, but right now condition expects that to change "within a couple of years".

Open source database vendors typically do not position their products as low-cost alternatives.

But customers still consider price as the primary benefit of open source, ya this is fact.

"The number one reason why any customer would choose an open source database is cost. That still holds true today" .

But the low price is also enabling companies to set up new projects that would previously have been too expensive, such as data mining of log files and setting up data repositories.

In an attempt to the competition from low-cost open source databases, Oracle launched a free database last year that is essentially a scaled down version of its enterprise grade Oracle Database 10g.

The application targets test deployments for developers and students rather than enterprises.

Tuesday, November 21, 2006

Web 2.0 and the AJAX

Web 2.0 is a strange thing in that it doesn't really exist. You can't buy Web 2.0; you can't buy a Web 2.0 programming language, and you can't buy Web 2.0 hardware. In many ways, the phrase "Web 2.0" is a marketing phrase like "paradigm shift" or "the big picture". The reason for this vagueness is that Web 2.0 doesn't have a tightly defined definition. What the phrase Web 2.0 tries to express is, that modern websites are so much better than early websites that they'd better be given a different name. So it is down to marketing.

Web developers need to demonstrate that they may use the same Internet, the same web browsers and the same web servers as their competitors, yet their websites are in fact an order of magnitude better. “Our competitors only do websites. We do Web 2.0 websites!"

The client is, of course, hugely impressed that his new website will be a Web 2.0 website. But what should he expect to see for his money? What is the client's view of what Web 2.0 should offer? Is it all smelling of roses or are there some thorny issues too?

I propose that there are in fact three facets to a Web 2.0 website:


2. Social Networking (Building Communities)

3. Broadband

AJAX is technical and can only be performed by a technically skilled developer, social networking is vague, woolly and is based more on marketing models than web skills, and broadband has been popular for a long time. Even stranger is the fact that AJAX has been available to developers for at least 5 years, and social networking has been around even longer. It is simply the re-branding of these things that is causing the rise in the popularity of these old but current "buzzword" technologies.

AJAX is a mash up of technologies. We've had asynchronous JavaScript and XML for many years, but until somebody said "I name this mash up - AJAX" it remained out of the mainstream. The same goes with social networking. Forums, blogs, and community-based websites have been around for many years, but giving it a title like "social networking" combined with the success of websites such as and makes it mainstream and popular. And to cap it all, the new names invented to re-brand existing technologies are combined into the all encompassing name of Web 2.0. Web 2.0 is simply rebranding the rebranded.

In summary, we've had the ability to create Web 2.0 websites for years. It is not new technology; it is simply the renaming and repackaging of something we already have and enjoy. Marketing has made buzzwords of what we already knew and the public and developers are lapping it up.

The third facet of Web 2.0 was broadband, or as I prefer to call it, broadband abuse. Many developers believe that Web 2.0 is defined by how long it takes to download a website or the size of the broadband connection required to view the site comfortably. They believe that the bigger the connection required or the longer the website takes to download, the more Web 2.0ish the website must be. In my opinion, however, adding vast images, video footage, badly implemented rounded corners and streaming music does not make a Web 2.0 website. It simply makes a regular website that is bloated and annoying.

Presuming that you understand what makes a Web 2.0 website and you are keen to build one, there is an important area that you should consider before you start. And that is the area of Search Engine Optimisation.

So what about search engines? Do Web 2.0 websites perform well on search engines? Do search engines need to change to keep pace with development? If we ignore the broadband abusers and look at the two key facets of Web 2.0, AJAX, and social networking we get two very different answers.

Working somewhat in reverse here, the conclusion is that AJAX is a search engine killer. Adding AJAX functionality to your website is like pulling the plug on your search engine strategy. Social networking sites on the other hand typically perform exceptionally well on search engines due to their vast amount of visitor provided content.

The reason AJAX is a search engine killer is pretty obvious once you know how the technology works, and at the risk of offending all the people who know this already, I'll recap in a brief paragraph.

Simply put, AJAX removes the need to refresh a page in a browser. Say for example, you are on the product-finding page of a website, you can type in a search phrase for the product you want to find and press the submit button. Without refreshing the page, the asynchronous JavaScript runs off, grabs the results of the search, and inserts the details of the found products into the very same page as you sit and look at it.

For the website user this addition of AJAX to the website feels fantastic. No page reloads, no browser flicker, no click noise, but sheer joy. And so the rush for AJAX websites begins, because the visitors will love it.

But what about the search engines, what will they make of web pages that use AJAX to find content? Importantly, search engines don't run JavaScript. Oh no, not ever, no way José. So the search engine will never run your AJAX. To the search engine, huge areas of your website content are now hidden, never to be spidered, indexed, or found. This really limits the usefulness of AJAX in many applications.

An ideal application of AJAX is Google Maps, where as you drag the map around the browser window, the newly exposed areas of the map are retrieved and shown on the page without a page refresh—smooth, seamless, and very impressive. Does Google care if the single map page gets found by searching? Certainly not!

A very poor application of AJAX is the product portfolio where you can find and view product details for hundreds of products without ever refreshing the page. Nice to use? Yes. Navigation friendly? No—try hitting the back button when the browser ignores your last 20 clicks because you have remained on the same page! Search engine friendly? Forget it. You are invisible.

So what is the solution to the AJAX invisibility cloak that Master Harry Potter himself would be proud of? There are 5 options:

  1. Build two websites, one using AJAX that is lovely for visitors and another using more traditional techniques for search engine spiders to find. If you can find a client to finance both, you have found a client with too much money!
  2. Drop AJAX. Let the visitors suffer the page refresh.
  3. Run with AJAX anyway and just put up with the fact that your perfectly formed website will receive no search engine visitors.
  4. Lobby the major search engines to rebuild their spidering algorithms to take into account AJAX pages and to run JavaScript on the pages they index. This option might take some time :-)
  5. Increase your Google Ad words payments and ramp up traditional advertising to counteract the missing website traffic from the search engines.

And so, a bleak picture of AJAX is painted and by implication of Web 2.0 as well. The good applications of AJAX and Web 2.0 are few and far between, but when you do find them they are fantastic. Do you remember that feeling when you fist used Google Maps? Do you find that all other mapping websites now feel old fashioned? I would go as far as to say that it was Google Maps that single-handedly bought the technology of AJAX to the masses.

The second most impressive application of AJAX is another Google idea, where when typing in the search field on the Google website, AJAX is used to find results even as you type the words—incredibly quick to use, fantastic for the website visitor, and really demonstrating the technology in a great light.

Isn't it hugely ironic then that the one website that demonstrates so well the very technology that, if used on our own websites, will force us to spend more on Google Ad words, is in fact Google.