In our office, some mysterious happening involving email started about two months ago. When I send or forward emails, occasionally they do not arrive. The problems are infrequent, but enough for me to no longer depend on my email reaching its final destination. Of course, there is no error message received that it did not reach the recipient.

To diagnose this strange behaviour, I started to compile a list of emails that I sent and were not received. I suspected something was filtering these messages in transit, and perhaps they had some special ActiveX, Javascript, spam-like qualities, etc. No pattern emerged. Sometimes emails would be delayed - 30 minutes, 5 hours, 2 days - and they finally reached their destination.

Today I looked deeper. The goal: to determine whether our ISP - TELUS in British Columbia - was the cause of this problem. If I am to call a technical support line, I always need at least a little theory why it is happening, backed up by evidence. It's not as though I can just say, "Some of my emails aren't being received, can you do something?" (and then I'd hear stifled laughing on the other end of the line).

So in minute detail, I poured over the email headers of one of my emails. Plain to see is where it was routed:

... by priv-edtnaa12.telusplanet.net (BorderWare Security Platform)

Ah ha. So the presentation I attended a couple weeks ago by TELUS speaking on the subject of deep packet inspection is certainly true. Not that they're using for nefarious purposes in this case, but it is causing me a big headache.

In a little Google search I found an article on InfoWorld that supports my observations ( http://www.infoworld.com/article/08/04/09/15TC-mail-security-borderware_1.html ).

"The BorderWare Security Platform ... had the worst false positive performance of any product tested, and by a large margin."

That's very reassuring to know TELUS is using bottom rung filtering technology. Now I'm no expert in Internet networking and routers and filtering devices. All I know is from a practical user's point of view, this error rate is not acceptable. Seemingly, sending the email while connected to the TELUS network is not enough to prove it's a valid email. I'm a second-rate Internet citizen even to the company I pay to provide the service.

Years ago, TELUS brought in an Internet Security add-on package, which I always turned off or opted out of (it's really useless for savvy computer users). I haven't called to see if I can opt out of this filtering, and I'm not convinced the time spent calling them would yield any results. Instead, I'm spending my time writing this blog post.

My Solution? I'm now sending all my outgoing mail through another ISP. If you experience the same problems, perhaps this story will help you confirm BorderWare Security is the cause. If anyone reading this knows one can opt out of BorderWare Security on TELUS, send me a message or leave a comment.

It's not just me who's enjoying the Snowstorm installed on my blog. By popular demand, and to give credit where it is due, I will reveal the source.

A short story first: We had a few snowfalls recently. By chance while surfing the web I discovered a web site with snow! I cannot remember which site it was exactly. Immediately I knew I must also have snow. For those who aren't aware of many JavaScript particulars, a savvy user can almost always find and read the JavaScript on every web site. So the first step in Firefox was to right-click -> View Page Source. I found the code that provided the snow storm, and in the credits was the author's address http://www.schillmania.com

Thanks Scott Shiller, for making it possible for my blog and The Art of Consumption to be a snowy holiday funfest.

For those who may like to install a Snowstorm, you can find the project page at http://www.schillmania.com/projects/snowstorm/. It's relatively simple, but there's no one-click WordPress plug-in install. For JS newbs, if you really want it roll up your sleeves, download and follow the installation instructions. Once you have it running, you can play with the customization options.

I bet there are still developers out there who write software where the security, and even the business logic, is dependent on the user having JavaScript enabled in the users' browser. One may as well just leave home in the morning, give your keys to the first person you see, and hope they don't enter and steal your furniture. I don't personally know any of these developers of course (or maybe I wouldn't admit to knowing them), for if I did know them I'd berate them until they stop doing it.

What I do know all too well is the software they write, and I have to fix it. Perhaps you feel as I do; fixing other people's errors as a result of their poor judgment is one of the great torments of human existence. "You mean, someone else screwed up, and now it's my problem?".

We'll be finding and fixing software made in the past for many years to come. Unfortunately, our dependence on JavaScript is not going to stop. In fact, we're probably setting ourselves up with even greater potential for error with fancy jQuery and Prototype libraries in the hands of the ignorant. I emplore you, developer, to use anything you like to enhance the user interface, but do not rely on JavaScript provide important business logic. Web sites may not function correctly in the future without JavaScript, but ensure the data is protected when it is disabled.

FTP client programs invariably have the option to save username and passwords for accounts you enter into them. For many years I used WS_FTP for my file transfer needs. Now I use FileZilla, and it's an excellent program.

Once and a while, you need to give someone the password for an account. Your FileZilla installation knows how to connect, but you don't know the original password. Either an XML file, or the registry, is where FileZilla stores all those passwords. But they are stored encrypted. Well, very weakly encrypted. It is very easy to decrypt the passwords because each FileZilla program uses the same key.

I did a search for a method to decrypt the passwords. Usually I can find an online method to decrypt, such as an MD5 hash cracking tool, etc. I found two things: The first, a shareware desktop program (which I did not try). Installing a piece of software is really not convenient in comparison to an online form.

The second thing I found, an article about the security vulnerability of weak password encryption (found here: http://www.securiteam.com/windowsntfocus/5IP0A2KGVW.html, with information provided by Adrian Pastor).The code snippet from the open source application is conveniently included on that page.

Anyone with some basic programming skills and a bit of time could figure out how the password decryption works. Even I can do it, and with PHP no less. In less than 20 lines of code, I wrote the password decryptor. I added some web form fields to make it easy to use.

You can try it below. Just open the XML file on your computer (typically at C:\Program Files\FileZilla\FileZilla.xml) and copy the "Pass" value for one of your saved accounts (it's all numeric). For example, the encrypted password of '046044063056' decrypts as 'test'.

Has this skipped a human editor? Or, perhaps this formatting was intentional....

I'm ready to learn JavaScript again.

The last time I seriously developed anything using it was 1997, creating drag-and-drop games. It was a time when very little was standardized across browsers or HTML implementations. Anyone reading this who attempted to develop drag-and-drop in the web browser 11 years ago can empathize with the intense effort to debug and make the functions cross browser compatible.

Some years later, as web browser software progressed, the games no longer functioned; optimizing to use Netscape 4 is not advantageous when Netscape 4 becomes obsolete. As JavaScript progressed, I turned a blind eye and concentrated on server side technologies that were more stable and controllable.

Today, in 2008, nothing would work if you turned off your JavaScript. Users are not put off by a web site that requires JavaScript to function. Many developers don't care if JavaScript is turned off either because, well, they keep JavaScript enabled while they build. There will undoubtedly be a growing wave of software vulnerabilities and inconsistencies because web based software was dependent on its JavaScript client-side environment. That's a whole 'nother topic.

Why should I learn JavaScript now? Browser compatibility and tools now available to developers is impressive. In comparison to the old days, JavaScript not breaking and actually working is enough to impress me. AJAX is the "killer app" for JavaScript, and is the basis for the web browser becoming the new de facto software platform. But I also like the visual effects that can be achieved without using Flash and ActiveX. Provided JavaScript does not disrupt the stability, security and accessibility of a web page, it is worth the effort to enhance the experience of using web applications.

Sometimes the biggest step is just to get started. If you have trouble getting something started, try to do the absolute smallest step that gets you in the right direction. Lao-tzu was right, "A journey of a thousand miles begins with a single step". In taking the first step, it makes the second easier than if you had not begun.

The thought of opening Microsoft Word gives me feelings of trepidation, no doubt a result of countless battles with text styles, tab indents, and under a tight deadline. In fact, I'm not yet comfortable with the WordPress blog interface for starting a blog post; the draft of this post was typed in TextPad.

Everything can begin with a text file. It is counterproductive to the formation and notation of a new idea than to be annoyed everytime to type a new paragraph, the font type changes, or the software decides that typing a hyphen is a reason to insert a bulleted list automatically. Write first, format later.

Many successful software programs rely on simple text files for their settings and configuration, including all the components used in LAMP architecture. Sometimes, the complexity you require will not exceed a simple text file.

dirification (noun) or to dirify (verb).

A relatively new and generally unknown word (there's really no definition I can find), but credit goes to the developer community of the Movable Type blog software for bringing it to my attention. In its original use, it describes the conversion of space characters to either hyphens or underscores. It could have a more general meaning.

I suspect the creator of this word has either forgotten the words "derivation" (noun), "to derive" (verb), or perhaps found them inadequate to describe the process of character conversions. Add this to the list of words representing and erosion or evolution of the english language. How long will it be before the Oxford dictionary, or wikitionary, legitimizes its use?

The irony is not lost on me: it is not free to read the article about paying for free downloads.

Most of the processes in software development, in this specific case for a web application, happen in logical steps. Step one comes first, then step two, etc. - many situations are commonly so predictable. The end result is this logic is expressed in a programming language. More important for the developer, who must plan or write that code, is to decide what steps should occur and what decisions should be made to choose the correct steps.

Take the following example. A web interface depends on a database row existing for each day. If you didn't create new rows for every day into eternity (arguably a less elegant solution), when the clock strikes midnight your flow cart looks like this:

If you think in flowcharts, and anticipate this gap in your earlier logic, you may imagine a flowchart like this:

I'd be surprised of an ORM will do all this thinking for you automatically. It's the developer's job to think of these situations to make more stable software. Personally, I don't actually see a picture of a flow chart in my mind such as the above, but some synapses in my brain connect in some analytical way to just "know" this flowchart.

One caveat: Rarely you may be using threads in which your flowchart may be a little more complex - where step two might be attempted before step one - but a flowchart could probably solve that situation as well.