Taking screenshots of desktop from a web application - screenshot

I am trying to convert one of my earlier written time tracking apps to a web browser based app.
Some options of technology include java, flash, ... My goal here is letting a user track time for our organization while having ideally no extra installation on desktop, or least minimal, like flashplayer or jvm, etc, but the product itself should be in browser.
I have done some research and so far i can't find a way any technology, of the ones i have known, could take a screenshot of whole desktop while running inside web browser even if, say, browser is out of focus.
The best i could do was take a screenshot of the page on which that app will run. Any ideas? Possible? leads?

Related

Why is this website so slow on mobile [shopify]

I'm trying to help a client with their slow-ish website https://www.dp-tools.de. If I use Google page speed for mobile I can see that it takes 7 seconds to be interactive but nothing in the found problems really tells me why it is actually that slow. I also tried chrome lighthouse and couldn't really see all that much.
Is there another way of checking or maybe anyone here sees why it is so slow?
Open up the client's Shopify Admin, and examine the theme. Does it have any strange slow code in it? Examine the Apps installed that directly affect theme. Are any of them crap, old, broken junk?
The best way to debug a slow theme is to just start hacking out any junk the client may have added to their theme. A lot of themes are so bad, for example, they load jQuery 3 times. Likely you have one bad apple in there, a call that is blocking and takes way to long to timeout or respond. Developer tools can point these out to in your console. Mobile versions have to come with a developer console you can inspect too right?

Anchor.click using executeJs function not working in real iPhone safari browser

I have a question regarding executeJs function.
page.executeJs("$0.click();", downloadAnchor.getElement());
This line of code is not working in real iPhone Safari browser, though it works in mobile responsive mode from desktop safari. Appreciate your help on this
Browsers will be "suspicious" of anything starting a download that isn't a direct reaction to interaction by the user. This is done as a security precaution since starting to download files without the user's explicit consent can be dangerous in specific cases. Different browsers and configurations have different policies for exactly where to draw the line.
In your case, the download isn't started as a direct consequence of user interaction but instead as direct consequence of receiving a message from the server. This kind of pattern will simply not work reliably no matter what you do.
Instead, you need to design the interaction so that the download is directly triggered by the user. The easiest way of doing that is by having the user directly click on the actual download link. If you want to have some indirection, then you still need to make the action work directly in the browser without going through the server.

Desktop application accessible by multiple users

I have a desktop application [Data Analysis and Report Generation] built in VB. I would like to make this application accessible to all the users in our corporation, from their web browsers. What is the best possible way to achieve this?
One way which I have thought is to write a simple web form that would take the input from the user and apply logic on the server and generate results. Again, the limitation would be at the output screen as it is the real time output being generated.
Any leads would be highly appreciated.
Desktop App is way different from web app. To allow multiple users, a web app is suitable. For this you will have to use several technologies.
The UI has to be build using html, css and javascript (like jQuery).
The back end, can be VB if you are doing working with asp.net or php etc.
For real time output, you'll have to use ajax to allow communication between a browser and sever without page refreshes
An ideal choice for the front end logic, would be to use a frontend framework such as AngularJs by google.
However, all this does have a high learning curve and is difficult to build something using all this on the first day or even week unless you already know most of this.

Reliably detecting PhantomJS-based spam bots

Is there any way to consistently detect PhantomJS/CasperJS? I've been dealing with a spat of malicious spambots built with it and have been able to mostly block them based on certain behaviours, but I'm curious if there's a rock-solid way to know if CasperJS is in use, as dealing with constant adaptations gets slightly annoying.
I don't believe in using Captchas. They are a negative user experience and ReCaptcha has never worked to block spam on my MediaWiki installations. As our site has no user registrations (anonymous discussion board), we'd need to have a Captcha entry for every post. We get several thousand legitimate posts a day and a Captcha would see that number divebomb.
I very much share your take on CAPTCHA. I'll list what I have been able to detect so far, for my own detection script, with similar goals. It's only partial, as they are many more headless browsers.
Fairly safe to use exposed window properties to detect/assume those particular headless browser:
window._phantom (or window.callPhantom) //phantomjs
window.__phantomas //PhantomJS-based web perf metrics + monitoring tool
window.Buffer //nodejs
window.emit //couchjs
window.spawn //rhino
The above is gathered from jslint doc and testing with phantom js.
Browser automation drivers (used by BrowserStack or other web capture services for snapshot):
window.webdriver //selenium
window.domAutomation (or window.domAutomationController) //chromium based automation driver
The properties are not always exposed and I am looking into other more robust ways to detect such bots, which I'll probably release as full blown script when done. But that mainly answers your question.
Here is another fairly sound method to detect JS capable headless browsers more broadly:
if (window.outerWidth === 0 && window.outerHeight === 0){ //headless browser }
This should work well because the properties are 0 by default even if a virtual viewport size is set by headless browsers, and by default it can't report a size of a browser window that doesn't exist. In particular, Phantom JS doesn't support outerWith or outerHeight.
ADDENDUM: There is however a Chrome/Blink bug with outer/innerDimensions. Chromium does not report those dimensions when a page loads in a hidden tab, such as when restored from previous session. Safari doesn't seem to have that issue..
Update: Turns out iOS Safari 8+ has a bug with outerWidth & outerHeight at 0, and a Sailfish webview can too. So while it's a signal, it can't be used alone without being mindful of these bugs. Hence, warning: Please don't use this raw snippet unless you really know what you are doing.
PS: If you know of other headless browser properties not listed here, please share in comments.
There is no rock-solid way: PhantomJS, and Selenium, are just software being used to control browser software, instead of a user controlling it.
With PhantomJS 1.x, in particular, I believe there is some JavaScript you can use to crash the browser that exploits a bug in the version of WebKit being used (it is equivalent to Chrome 13, so very few genuine users should be affected). (I remember this being mentioned on the Phantom mailing list a few months back, but I don't know if the exact JS to use was described.) More generally you could use a combination of user-agent matching up with feature detection. E.g. if a browser claims to be "Chrome 23" but does not have a feature that Chrome 23 has (and that Chrome 13 did not have), then get suspicious.
As a user, I hate CAPTCHAs too. But they are quite effective in that they increase the cost for the spammer: he has to write more software or hire humans to read them. (That is why I think easy CAPTCHAs are good enough: the ones that annoy users are those where you have no idea what it says and have to keep pressing reload to get something you recognize.)
One approach (which I believe Google uses) is to show the CAPTCHA conditionally. E.g. users who are logged-in never get shown it. Users who have already done one post this session are not shown it again. Users from IP addresses in a whitelist (which could be built from previous legitimate posts) are not shown them. Or conversely just show them to users from a blacklist of IP ranges.
I know none of those approaches are perfect, sorry.
You could detect phantom on the client-side by checking window.callPhantom property. The minimal script is on the client side is:
var isPhantom = !!window.callPhantom;
Here is a gist with proof of concept that this works.
A spammer could try to delete this property with page.evaluate and then it depends on who is faster. After you tried the detection you do a reload with the post form and a CAPTCHA or not depending on your detection result.
The problem is that you incur a redirect that might annoy your users. This will be necessary with every detection technique on the client. Which can be subverted and changed with onResourceRequested.
Generally, I don't think that this is possible, because you can only detect on the client and send the result to the server. Adding the CAPTCHA combined with the detection step with only one page load does not really add anything as it could be removed just as easily with phantomjs/casperjs. Defense based on user agent also doesn't make sense since it can be easily changed in phantomjs/casperjs.

Google Analytics for Mac OSx application

Is it possible to use Google Analytics API's to track Mac OSX applications?
If not could any one suggest me an alternative for Google Analytics.
Google Analytics is designed to work with web applications not for desktop apps. Although it might be possible to collect info about your application and send it to your Google Analytic account but the amount of work required to retrofit might be better spent, building your own Analytic solution.
A good starting point would be to create a simple web service, which collects information regarding clicks. Then rewrite your application to call that web service on every click within your application.
You would ideally want to store this information locally and submit it to the web service in batches. You would also want to design the application, so that if you ever shut down the web service, the application would still be able to operate.
UPDATE: As pointed out in the comments by Václav Slavík, they have added apps analytics for iOS/Android.
I made a simple set of classes for doing this:
https://github.com/stephenlind/SimpleCocoaGoogleAnalytics
Google Analytics is not only for web applications, but also for mobile. It's available on the platform like android, iOS, etc. If you want to track your MAC OS X application, you can choose DeskAppTrack or DeskMetrics. DeskAppTrack is only available on MAC. It provide a professional data statistical analysis and it's free. While DeskMetrics is available on MAC and Windows. Either one is ok.
This really depends on how detailed you want to get. If you are are truly looking for analytics with detail and control flow data, you are better suited to created your own web service, as mentioned.
However, if you simply want to know a small number of operations, that occur at a small volume, i.e. when the app is launched (a quick and dirty solution): then in theory you could create a landing page on your site that contains a minimal head section, and a blank body, and then load the URL with an NSURL when you want to trigger the action.
Of course, you would have to include the google analytics tracking codes in the header, and you may need to load an off-screen webview to get the javascript to run. Like I said, quick and dirty.
In either case, you want to make sure the application will continue to perform properly, even if the web service / page is not present.