I've been using the terrific anti-spam plug-in Spambayes for years now in Outlook. It takes a very short time to install and configure. What I like is how I tell it how to "train" itself, pointing it to my good email folders - the "ham" - and keeping my "spam" in a separate folder. After the initial training, I just have to help it make some decisions about junk email suspects, by making the final "ham" versus "spam" decision. In the process, my Spambayes gets even smarter.

Only today did I try the option "Show spam clues for the current message"

The results really show me what Spambayes is using behind the scenes to score my messages, based on my personal "ham" and "spam" folders. Not so surprisingly, not one legitimate email I've received has included the term "Acai", and 506 junk email messages have included it. A little surprising to me, 4222 junk emails have been sent using Microsoft Outlook Express 6.00.2900.2180 (or at least identifying themselves as using that software), but only 6 legitimate emails I've received come from that software.

As a follow-up to my earlier post, recover a FileZilla password online, it only applies to version 2 of FileZilla. FileZilla 3 now does not obsfucate the passwords you save in the software, and relies on the operating system security to protect the plain text passwords (there's a scary thought).

At the time, I didn't quickly find an online form that decrypted a password nice and quickly, though since then I found at least one online form implemented in JavaScript. I have also found other versions of the decryptor function ported to PHP, so I'm adding mine below. It's a complete rewrite of the function in FileZilla. I think it's more staightforward than other solutions, but maybe that's just because I'm familiar with it because... I wrote it. I'll let you, the reader, be the judge of how readable it is. If you get a reason to use it somewhere, let me know.

function filezillaDecrypt ($password) {
  $key = "FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  $keyArray = str_split($key, 1);
  $clearText = '';

  // Remove everything but digits from the password
  $password = preg_replace('/\D/', '', $password);
  // Only continue if a password was supplied
  if($password != '')
  {
    // Split the password into groups of three characters
    $passwordArray = str_split($password, 3);
    $passwordLength = count($passwordArray);
    $keyLength =  count($keyArray);

    $i = 0;
    // The fun decryption happens below, using bitwise operator
    foreach($passwordArray as $char)
    {
      $keyIndex = ($passwordLength+$i)%$keyLength;
      $clearText .= chr($char ^ ord($keyArray[$keyIndex]));
      $i++;
    }
  }
  return $clearText;
}

Last week I attended the MySQL Conference & Expo in Santa Clara. I came away with attaining my Certified MySQL 5.0 Developer designation, a relief once the testing was over. I was MySQL Core certified years ago, and now I'm upgraded.

Overall, the sessions got me thinking outside of the little box I work in - the office - to explore all the great things people are doing that I don't get to see everyday. Some things I really enjoyed hearing about:

• Memcached
• Gearman
• The giving of the "MySQL Acquirer of the Year" award to Oracle, from the previous year's recipient Sun
• Drizzle
• RightScale presentation about automation of load balancing in Amazon EC2, to pay an "average" use rate, and not get out of bed to launch new servers
• Michael "Monty" Widenius' presentation of MariaDB, including opinionated barbs about the new Sun acquision and release announcement of MySQL 5.4 (very entertaining)

Aside from technology, I was in the right place at the right time later in the week in Berkeley to see a documentary film: Anvil! The Story of Anvil (trailer). I was blown away by how good it was, and the trailer does not do it justice. I, and the other thirty or forty viewers in the small theatre, was fortunate the director Sacha Gervasi answered questions after the "sneak preview". He conveyed some stories about his history with Anvil, about the filming, and Dustin Hoffman at the Los Angeles premiere, etc. The trailer portrays it like a real-life Spinal Tap (a good way to get people in the door), but it is funny and serious. I think anyone would enjoy it, so go and see it if you can (i.e. you do not need to be a big heavy metal music fan).

What was so inspiring was to see how Steve 'Lips' Kudlow and Robb Reiner had not given up after so many decades. I wish I was in the Bay area this weekend, because on Sunday (May 3rd), the showing at the Bridge Theatre in San Francisco will conclude with a live Anvil performance! The film is now opening on more screens now, you can check out the web site to find where to see it if you don't live in the select theatres.

Working as a professional software developer, you will end up with some "legacy" projects. One could call them inherited software; another developer created it, they've moved on, and now you've inherited it.

Sometimes it may be stable and built on sound principles. More often than you'd like, they are buggy and poorly designed, and your challenge as the inheritor is to just keep it running. Starting over from scratch isn't possible, so manage with what you've been given.

This morning, a recent inherited software project finally showed signs of improving. How did it communicate this to me? Instead of generating an average of ten errors overnight during a batch upload, it generated 106 errors. Some people may think more errors is a bad thing, but I do not see it that way. It is a sign that through the small changes I've made to the software - precision pokes and prods - has finally dusted the cobwebs.

It's a little like a house that looks presentable at first, but when you look more closely you find the floor looks clean because the dirt was swept under the rugs, rooms look tidy because all the junk is crammed into the closets, and the paint on the walls hide the mouldering structure. Until you see the flood of error messages, you haven't scratched the surface of the reconstruction.

Though Scott Hanselman, in IE6 Warning - Stop Living In The Past - Get off of IE6, and others would like to see users upgrade to a newer version of Internet Explorer, it may take a long time to happen with some users.

This Government agency - to remain nameless - offers no incentive to upgrade according to this pop-up warning in which requires at least Internet Explorer version 4.0:

How they continue to keep their application compatible with a 12 year old browser I do not know, but they must be geniuses!

The elegance of code is still important, for those of us who read and write code. If you use WYSIWYG editors or a code generating IDE then your code will never be elegant, but I digress.

The problem I wanted to solve today was to change the case of strings. For example, to change 'HELLO WORLD' to 'Hello World'. My challenge is to see whether I can do it with MySQL and just the built-in string functions. If it's not possible, it's no matter. I can fall back on a simple PHP script to do this one-time conversion very easily. This is because I've already written code in PHP to do this in the application for all new records that are created, and I just want to change the existing data stored in the table.

Googling a possible MySQL solution, I came across an article on Experts Exchange for the exact same problem, and they also agreed PHP is a better option than using just SQL. What surprised me on reading it was how inelegant the suggested solution was. Let me illustrate:

Their solution:

$field = strtolower($field);
$array=explode(" ",$field);
for ($i=0;$i<count($array);$i++)
{
  substr($array[$i],0,1) = strtoupper(substr($array[$i],0,1));
}
$field = implode(" ",$array);

My solution:

$field = ucwords(strtolower($field));

Which would you rather write? And more importantly, which would you rather read if you had to read someone else's code? Now my solution does have one important difference: I reviewed the PHP manual to see if there was a built-in function that capitalizes the first letter of each word. In simple terms it satisfies the DRY principle, code reuse and using as little code as possible. Sometimes all it takes is a little time and thought to create something so much more beautiful, elegant and readable - time well spent.

I've turned my brain to mush reading about all these social networking and twitter opinion pieces and the readers' comments that accompany them. It's all too easy to reach information overload just reading about them, and not actually reading from them. Regardless, I've learned some things along the way, and strengthened some opinions I already had forming.

My personal opinion is, unless you have extremely topical / insightful / thought-provoking / funny / or you're posting first-hand breaking news in your tweets, they're of little value to me or anyone else.  I'm not going to read them. I'm far too busy and there are better things to do with my time. This also goes for Facebook status updates. I'm not just a hater; Facebook is good for some things, especially if it promotes turning off the computer and doing things in the real world.

Blog posts are a different kind of animal. Most people spend a fair amount of time composing them, polishing them, and have enough room to support an opinion they may be expressing. Some - like this post - are intended to be thought provoking for the reader.

Do you have your own blog? If not, imagine you do. Would it contain up-to-the-minute local news and events, essays, specialist information on one topic? How is it different than a printed magazine, or a printed newspaper? Do you update it every day, week, or month?

I probably have more questions than I have answers. To find these answers I would first look to traditional historical forms of communication. Think about what books, newspapers, magazines, radio, television, telephone, snail mail, the local pub and others have done well, and adapt it to the new digital medium. The biggest changes made possible by technology is the low cost, far reach, and immediacy of self-publishing.

This blog is still in its infancy, and many of the above questions are still to be answered. The more input I get from readers, the better focussed my content can get. So comments and questions are appreciated. And my goal for now is to post again in less than a month to get some momentum happening.

In our office, some mysterious happening involving email started about two months ago. When I send or forward emails, occasionally they do not arrive. The problems are infrequent, but enough for me to no longer depend on my email reaching its final destination. Of course, there is no error message received that it did not reach the recipient.

To diagnose this strange behaviour, I started to compile a list of emails that I sent and were not received. I suspected something was filtering these messages in transit, and perhaps they had some special ActiveX, Javascript, spam-like qualities, etc. No pattern emerged. Sometimes emails would be delayed - 30 minutes, 5 hours, 2 days - and they finally reached their destination.

Today I looked deeper. The goal: to determine whether our ISP - TELUS in British Columbia - was the cause of this problem. If I am to call a technical support line, I always need at least a little theory why it is happening, backed up by evidence. It's not as though I can just say, "Some of my emails aren't being received, can you do something?" (and then I'd hear stifled laughing on the other end of the line).

So in minute detail, I poured over the email headers of one of my emails. Plain to see is where it was routed:

... by priv-edtnaa12.telusplanet.net (BorderWare Security Platform)

Ah ha. So the presentation I attended a couple weeks ago by TELUS speaking on the subject of deep packet inspection is certainly true. Not that they're using for nefarious purposes in this case, but it is causing me a big headache.

In a little Google search I found an article on InfoWorld that supports my observations ( http://www.infoworld.com/article/08/04/09/15TC-mail-security-borderware_1.html ).

"The BorderWare Security Platform ... had the worst false positive performance of any product tested, and by a large margin."

That's very reassuring to know TELUS is using bottom rung filtering technology. Now I'm no expert in Internet networking and routers and filtering devices. All I know is from a practical user's point of view, this error rate is not acceptable. Seemingly, sending the email while connected to the TELUS network is not enough to prove it's a valid email. I'm a second-rate Internet citizen even to the company I pay to provide the service.

Years ago, TELUS brought in an Internet Security add-on package, which I always turned off or opted out of (it's really useless for savvy computer users). I haven't called to see if I can opt out of this filtering, and I'm not convinced the time spent calling them would yield any results. Instead, I'm spending my time writing this blog post.

My Solution? I'm now sending all my outgoing mail through another ISP. If you experience the same problems, perhaps this story will help you confirm BorderWare Security is the cause. If anyone reading this knows one can opt out of BorderWare Security on TELUS, send me a message or leave a comment.

It's not just me who's enjoying the Snowstorm installed on my blog. By popular demand, and to give credit where it is due, I will reveal the source.

A short story first: We had a few snowfalls recently. By chance while surfing the web I discovered a web site with snow! I cannot remember which site it was exactly. Immediately I knew I must also have snow. For those who aren't aware of many JavaScript particulars, a savvy user can almost always find and read the JavaScript on every web site. So the first step in Firefox was to right-click -> View Page Source. I found the code that provided the snow storm, and in the credits was the author's address http://www.schillmania.com

Thanks Scott Shiller, for making it possible for my blog and The Art of Consumption to be a snowy holiday funfest.

For those who may like to install a Snowstorm, you can find the project page at http://www.schillmania.com/projects/snowstorm/. It's relatively simple, but there's no one-click Wordpress plug-in install. For JS newbs, if you really want it roll up your sleeves, download and follow the installation instructions. Once you have it running, you can play with the customization options.

I bet there are still developers out there who write software where the security, and even the business logic, is dependent on the user having JavaScript enabled in the users' browser. One may as well just leave home in the morning, give your keys to the first person you see, and hope they don't enter and steal your furniture. I don't personally know any of these developers of course (or maybe I wouldn't admit to knowing them), for if I did know them I'd berate them until they stop doing it.

What I do know all too well is the software they write, and I have to fix it. Perhaps you feel as I do; fixing other people's errors as a result of their poor judgment is one of the great torments of human existence. "You mean, someone else screwed up, and now it's my problem?".

We'll be finding and fixing software made in the past for many years to come. Unfortunately, our dependence on JavaScript is not going to stop. In fact, we're probably setting ourselves up with even greater potential for error with fancy jQuery and Prototype libraries in the hands of the ignorant. I emplore you, developer, to use anything you like to enhance the user interface, but do not rely on JavaScript provide important business logic. Web sites may not function correctly in the future without JavaScript, but ensure the data is protected when it is disabled.