New Face Opt-In security feature breaks plugin

Facebook have recently announced a new security feature to Facebook to “help you keep your account and information secure.” Unfortunately it can cause the Facebook plugin to stop working. So what’s happening about it?

At the moment, I’m rewriting the plugin to use the new XMPP protocol that Facebook have provided. (You can already start using it yourself if you like but you’ll miss out on features such as larger buddy icons, status messages, notifications, group/friend list management). I’ve been trying to work on it for a while, but due to my fiancรฉe being in hospital for many weeks there’s been a bit of a personal delay ๐Ÿ™‚

The other thing you, the user can do, is to tweak the hidden settings of the plugin to work around the new security feature. If you close down Pidgin, edit your .purple/accounts.xml file, find your browser’s user-agent, and paste it into your accounts.xml in the line
<setting name=’user-agent’ type=’string’>YourUserAgentHere</setting>
then Facebook will think that your browser is the one you normally use and should let you pass.
The other alternative of course is to disable (or not opt-in to) this new opt-in feature, but that one’s up to you.


Pidgin Summer of Code Ideas

Summer of Code is approaching, and there’s been a lot of comments from people on the Pidgin developer mailing list. Most of peoples submissions are from the list at but I’ve been thinking about a few ideas of my own that I’d love to see in Pidgin.

  1. Better Windows 7 integration.
    Windows 7 has new jumplists and preview panes and that file-transfer progress thing. Skype uses them all on Win7 and it looks pretty nifty. Would love to see that in there
  2. SIP protocol plugin
    With the new voice/video API in Pidgin, there’s been a few requests to have SIP (rather than SIMPLE, which is already in Pidgin). There’s a Sophia-SIP prpl at which would be a great starting point
  3. An over-the-net remote control for Pidgin/Finch
    I started working on this one myself with a friend, starting with a web interface for Pidgin to use it with the iPhone, and working on a prpl that would let you remotely sign into, say, your home Pidgin and use it from work, while logging the conversations at home and without signing out of your home accounts. (I should really put the source code for that online sometime)
  4. A plugins site a la or
    Some kind of plugin that can update other plugins would be handy too. I have a lot of users of various plugins of mine that are using old versions, just because they didn’t know a newer one existed. If there was an autoupdate as well as a single place with all the plugins, that would be super-duper

Anyway, that’s my ideas. Anyone have any others?


Its Finally Here! XMPP for Facebook

There’s just been a blog post by the Facebook developers to say that they’re finally allowing XMPP on Facebook. Here’s the details:

  1. Create a new XMPP account in your favourite XMPP client, eg Adium or Pidgin
  2. Use your Facebook username in the ‘username’ field. If you don’t have a username get one at
  3. Use ‘’ (without the quotes) in the ‘domain’ field
  4. Enter in your password
  5. Uncheck the Require SSL/TLS settings
  6. Check the ‘Allow plaintext auth over unencrypted streams’

You should be good to go ๐Ÿ™‚


XMPP Facebook Chat

I get a lot of complaints from people who say that the Facebook Chat plugin for Pidgin is “flakey” and disconnects a lot. I’d just like to say, “Its not my fault!” ๐Ÿ™‚
I was talking on the phone to someone at Facebook and asked them if they used my plugin. They said “no, I don’t use the public one its really buggy but I am beta testing our new interface internally which is a lot better.” Once he found out that I actually wrote the plugin, he did a bit of a turnaround and went on to explain that the server software isn’t really the greatest, that it puts a heavy load on their servers and that it was actually all their fault that my plugin was so bad ๐Ÿ™‚

So, after a bit of snooping around, I discovered the details of the XMPP servers. You can even (almost) connect to them. For now, it looks like you have to be authorized in their beta programme (or probably just be working at Facebook) to be able to use it.

The XMPP server is running at and it uses DIGEST-MD5 for authentication as well as something called “X-FACEBOOK-PLATFORM” for SASL. In Pidgin you can set up the account by using your username, with the domain, disabling the “Require SSL/TLS” option in the advanced tab. Doesn’t look like its working with s2s yet, but hard to tell without being able to log in.

So give it a go, maybe your account slips through the cracks and you can log in. Will been keen to hear from anyone about their successes/failures with this.


Taming the GAM beast

One of the things I have to do in my day-job is manage our Google Ad Manager system, which we call GAM. One of the downsides of using GAM (actually a lot of different ad management systems) is their use of the javascript function document.write(), as well as their requirement to load in a big whomping load of javascript in the <head> of the page. One of the keys of website optimisation is to load all javascript at the end of your HTML page, so that the webpage renders as quickly as possible.

The way we can deal with this is overload the document.write() function to bend to our own wicked ways. Normally, you load the GAM code at the top of the page, but we’ll put it at the bottom and use a neat little function I wrote.

function insertAds(AdSlotName, width, height)
var slot = document.getElementById('my_ads_'+AdSlotName);
if (!slot)
var oldwrite = document.write;
document.write = function(text){slot.innerHTML+=text};
GA_googleFillSlotWithSize("ca-pub-yournumhere", AdSlotName, width, height);
document.write = oldwrite;

Now we just slap in a <div> with our ad slots name, so we’ll replace
<script type="text/javascript">GA_googleFillSlotWithSize("ca-pub-yournumhere", "AdSlotName-760x120", 760, 120);</script>
<div id="my_ads_AdSlotName-760x120">&nbsp;</div>
(which will render faster)
Then load in the ad at the bottom of the page:
<script type='text/javascript'><!--
insertAds("AdSlotName-760x120", 760, 120);
// --></script>

And there you have it. You can take out some more javascript from your <head> and speed things up a bit. My own speed tests showed between one-and-a-half to two seconds decrease in start-rendering time. Would be interested to hear your own findings.


Cross-Browser Gradient Backgrounds

Recently, one of the websites I work on was given a makeover and I was asked to implement the design. One of the features it called for was rounded-cornered gradient backgrounds. Rather than turning the design down, I took up the challenge to try to implement it.

Looking around on the internet, there’s a little bit about how to go about that in a cross-browser way, but I thought I’d document it here.

The basic idea I took is to use an SVG as the background. Unfortunately, IE doesn’t support SVG’s and most of the browsers that do support them didn’t support them as backgrounds at time of writing. Fortunately, we can mess with CSS and HTML to display the SVG as an image behind the content, while at the same time providing a fallback for IE.

The basic idea, is to show the SVG after the content, then push it up behind the content with some absolute/relative positioning, so we write code similar to:

<div id="svg_outside">
    <div id="svg_content"></div>
    <div id="svg_background"></div>

Give the outside div a “position:relative” and the background div “position:absolute” and you’re all set. Put whatever you want for a background in the background div and your content in the content div (funnily enough).

While this doesn’t look nearly as clean as having just a single div with the background set to the svg, it does allow us a lot of flexibility to deal with IE. Since IE can’t natively handle SVG’s (yet), we can use a gradient filter on the background div. Alternatively, we could use some VML. You could even use a video as a background if you so felt like it ๐Ÿ™‚

Check out for an example.

There can be issues with the Adobe SVG plugin taking over sometimes.

Can’t be bothered writing about this any more, so I’m just gonna post it. Its been sitting in my drafts folder for long enough ๐Ÿ™‚

No Comments

Facebook Usernames

Facebook have recently posted on their blog that it is now possible to log into Facebook using your Facebook username.

I’ve just had a check and it’s possible to do the same with the Pidgin/Adium Facebook plugin. Not much of an issue if you’ve already got your account set up in Pidgin/Adium already, but hey, might save you a few keypresses next time you do set up an account ๐Ÿ™‚

No Comments

Pidgin with Video on Windows

I’ve been helping out Maiku (who’s the Google summer of code student who was tasked with getting voice/video working in Pidgin) to get pidgin-vv working on Windows. We’ve done lots of playing around for the last wee while, but we’ve finally managed to get it working on Windows. Just so you all believe me, here’s a teaser screencast video of me giving Maiku a call.

Cool huh! So far only XMPP (and Skype, kinda) are working but Maiku is hard at work to get all the other protocols working too. Yay! ๐Ÿ™‚


Multiple logins with Skype 4.0

Over the last few hours, I’ve had a couple of people ask me about the new /secondary command-line flag that Skype 4.0 for Windows has now.

To be honest, I’d never heard of the flag, but it looks like it’s now possible to run more than one copy of Skype on Windows. Fantastic! A little more digging around and I found [ this bug report] which also talks about /username and /password command-line options too. Neat!

So the question is this: “can I run more than one copy of Skype with the skype4pidgin plugin”. The answer up until now was “only on Linux”, and it would only really work if you ran both the dbus and X11 versions of the plugin. The answer now is “not yet”, since it’s going need a rewrite of things to be able to handle more than one Skype account through the plugin, as well as figuring out a way to target more than one copy of Skype running on Windows.

So I guess it’s just a big “watch this space” ๐Ÿ™‚
Thanks for reading!


Groups in the Facebook plugin

For those people who upgraded to v1.60 of the pidgin-facebookchat plugin, you’ll probably notice that the Facebook groups have made their way into your Pidgin buddylist.

Oddly enough, this has spawned a looong thread of people who aren’t so happy with the new change. I thought it would be best to blog about why and what happened to get us to this stage and what we’re doing about it.

What happened is that we got reports of a major crash appearing whenever 32-bit (and Windows) users opened a conversation window or received a chat from someone. This was because our kludgy way of dealing with a limitation of timestamps from json-glib ended up overflowing. At the same time, we had been sitting on fixes for profile pictures/buddy icons, as well as status messages needing a new way to update.

The other issue was that I’ve been looking after my unwell fiancรฉe all week, after several doctors trips, after-hours doctors trips and even a visit to the swine flu processing centre in Christchurch. So when I started getting email notifications of bug reports about the crashes, it was the final straw for me, and I hastily pushed out a new version…. completely forgetting that we had the new group/friend list’s code in there.

That said, we hadn’t had much feedback about the new groups stuff until now so we weren’t to know that everyone would hate it as much as they do.

So where to from here? Well, we want to come up with a solution that leaves everyone happy, while still allowing for using the new groups/friends list code. My idea is to have a toggle for the setting. Casey Ho, the other developer, says that I’m not allowed to offer that solution to people, as we’ll end up with an unstable situation. Instead, he’s adding support for hiding/showing different groups as well as the online/offline per-group setting that Facebook has. This should end up with the same result, just a different way of getting there.

So blame lies with me, I’m afraid, for all the groups mess. My apologies, but rest assured, we are working on ways to ‘fix the problem’ for you all ๐Ÿ™‚

(Also, if you feel like making a donation to help pay for my fiancรฉe’s medication so that we don’t have to keep going back to the doctors so that messes like this don’t happen in the future, I’m always grateful)

No Comments