I've turned my brain to mush reading about all these social networking and twitter opinion pieces and the readers' comments that accompany them. It's all too easy to reach information overload just reading about them, and not actually reading from them. Regardless, I've learned some things along the way, and strengthened some opinions I already had forming.

My personal opinion is, unless you have extremely topical / insightful / thought-provoking / funny / or you're posting first-hand breaking news in your tweets, they're of little value to me or anyone else.  I'm not going to read them. I'm far too busy and there are better things to do with my time. This also goes for Facebook status updates. I'm not just a hater; Facebook is good for some things, especially if it promotes turning off the computer and doing things in the real world.

Blog posts are a different kind of animal. Most people spend a fair amount of time composing them, polishing them, and have enough room to support an opinion they may be expressing. Some - like this post - are intended to be thought provoking for the reader.

Do you have your own blog? If not, imagine you do. Would it contain up-to-the-minute local news and events, essays, specialist information on one topic? How is it different than a printed magazine, or a printed newspaper? Do you update it every day, week, or month?

I probably have more questions than I have answers. To find these answers I would first look to traditional historical forms of communication. Think about what books, newspapers, magazines, radio, television, telephone, snail mail, the local pub and others have done well, and adapt it to the new digital medium. The biggest changes made possible by technology is the low cost, far reach, and immediacy of self-publishing.

This blog is still in its infancy, and many of the above questions are still to be answered. The more input I get from readers, the better focussed my content can get. So comments and questions are appreciated. And my goal for now is to post again in less than a month to get some momentum happening.

Comments Off

In our office, some mysterious happening involving email started about two months ago. When I send or forward emails, occasionally they do not arrive. The problems are infrequent, but enough for me to no longer depend on my email reaching its final destination. Of course, there is no error message received that it did not reach the recipient.

To diagnose this strange behaviour, I started to compile a list of emails that I sent and were not received. I suspected something was filtering these messages in transit, and perhaps they had some special ActiveX, Javascript, spam-like qualities, etc. No pattern emerged. Sometimes emails would be delayed - 30 minutes, 5 hours, 2 days - and they finally reached their destination.

Today I looked deeper. The goal: to determine whether our ISP - TELUS in British Columbia - was the cause of this problem. If I am to call a technical support line, I always need at least a little theory why it is happening, backed up by evidence. It's not as though I can just say, "Some of my emails aren't being received, can you do something?" (and then I'd hear stifled laughing on the other end of the line).

So in minute detail, I poured over the email headers of one of my emails. Plain to see is where it was routed:

... by (BorderWare Security Platform)

Ah ha. So the presentation I attended a couple weeks ago by TELUS speaking on the subject of deep packet inspection is certainly true. Not that they're using for nefarious purposes in this case, but it is causing me a big headache.

In a little Google search I found an article on InfoWorld that supports my observations ( ).

"The BorderWare Security Platform ... had the worst false positive performance of any product tested, and by a large margin."

That's very reassuring to know TELUS is using bottom rung filtering technology. Now I'm no expert in Internet networking and routers and filtering devices. All I know is from a practical user's point of view, this error rate is not acceptable. Seemingly, sending the email while connected to the TELUS network is not enough to prove it's a valid email. I'm a second-rate Internet citizen even to the company I pay to provide the service.

Years ago, TELUS brought in an Internet Security add-on package, which I always turned off or opted out of (it's really useless for savvy computer users). I haven't called to see if I can opt out of this filtering, and I'm not convinced the time spent calling them would yield any results. Instead, I'm spending my time writing this blog post.

My Solution? I'm now sending all my outgoing mail through another ISP. If you experience the same problems, perhaps this story will help you confirm BorderWare Security is the cause. If anyone reading this knows one can opt out of BorderWare Security on TELUS, send me a message or leave a comment.

Comments Off

It's not just me who's enjoying the Snowstorm installed on my blog. By popular demand, and to give credit where it is due, I will reveal the source.

A short story first: We had a few snowfalls recently. By chance while surfing the web I discovered a web site with snow! I cannot remember which site it was exactly. Immediately I knew I must also have snow. For those who aren't aware of many JavaScript particulars, a savvy user can almost always find and read the JavaScript on every web site. So the first step in Firefox was to right-click -> View Page Source. I found the code that provided the snow storm, and in the credits was the author's address

Thanks Scott Shiller, for making it possible for my blog and The Art of Consumption to be a snowy holiday funfest.

For those who may like to install a Snowstorm, you can find the project page at It's relatively simple, but there's no one-click WordPress plug-in install. For JS newbs, if you really want it roll up your sleeves, download and follow the installation instructions. Once you have it running, you can play with the customization options.

Comments Off

I bet there are still developers out there who write software where the security, and even the business logic, is dependent on the user having JavaScript enabled in the users' browser. One may as well just leave home in the morning, give your keys to the first person you see, and hope they don't enter and steal your furniture. I don't personally know any of these developers of course (or maybe I wouldn't admit to knowing them), for if I did know them I'd berate them until they stop doing it.

What I do know all too well is the software they write, and I have to fix it. Perhaps you feel as I do; fixing other people's errors as a result of their poor judgment is one of the great torments of human existence. "You mean, someone else screwed up, and now it's my problem?".

We'll be finding and fixing software made in the past for many years to come. Unfortunately, our dependence on JavaScript is not going to stop. In fact, we're probably setting ourselves up with even greater potential for error with fancy jQuery and Prototype libraries in the hands of the ignorant. I emplore you, developer, to use anything you like to enhance the user interface, but do not rely on JavaScript provide important business logic. Web sites may not function correctly in the future without JavaScript, but ensure the data is protected when it is disabled.

Comments Off

FTP client programs invariably have the option to save username and passwords for accounts you enter into them. For many years I used WS_FTP for my file transfer needs. Now I use FileZilla, and it's an excellent program.

Once and a while, you need to give someone the password for an account. Your FileZilla installation knows how to connect, but you don't know the original password. Either an XML file, or the registry, is where FileZilla stores all those passwords. But they are stored encrypted. Well, very weakly encrypted. It is very easy to decrypt the passwords because each FileZilla program uses the same key.

I did a search for a method to decrypt the passwords. Usually I can find an online method to decrypt, such as an MD5 hash cracking tool, etc. I found two things: The first, a shareware desktop program (which I did not try). Installing a piece of software is really not convenient in comparison to an online form.

The second thing I found, an article about the security vulnerability of weak password encryption (found here:, with information provided by Adrian Pastor).The code snippet from the open source application is conveniently included on that page.

Anyone with some basic programming skills and a bit of time could figure out how the password decryption works. Even I can do it, and with PHP no less. In less than 20 lines of code, I wrote the password decryptor. I added some web form fields to make it easy to use.

You can try it below. Just open the XML file on your computer (typically at C:\Program Files\FileZilla\FileZilla.xml) and copy the "Pass" value for one of your saved accounts (it's all numeric). For example, the encrypted password of '046044063056' decrypts as 'test'.


Documentation gibberish

Has this skipped a human editor? Or, perhaps this formatting was intentional....


I'm ready to learn JavaScript again.

The last time I seriously developed anything using it was 1997, creating drag-and-drop games. It was a time when very little was standardized across browsers or HTML implementations. Anyone reading this who attempted to develop drag-and-drop in the web browser 11 years ago can empathize with the intense effort to debug and make the functions cross browser compatible.

Some years later, as web browser software progressed, the games no longer functioned; optimizing to use Netscape 4 is not advantageous when Netscape 4 becomes obsolete. As JavaScript progressed, I turned a blind eye and concentrated on server side technologies that were more stable and controllable.

Today, in 2008, nothing would work if you turned off your JavaScript. Users are not put off by a web site that requires JavaScript to function. Many developers don't care if JavaScript is turned off either because, well, they keep JavaScript enabled while they build. There will undoubtedly be a growing wave of software vulnerabilities and inconsistencies because web based software was dependent on its JavaScript client-side environment. That's a whole 'nother topic.

Why should I learn JavaScript now? Browser compatibility and tools now available to developers is impressive. In comparison to the old days, JavaScript not breaking and actually working is enough to impress me. AJAX is the "killer app" for JavaScript, and is the basis for the web browser becoming the new de facto software platform. But I also like the visual effects that can be achieved without using Flash and ActiveX. Provided JavaScript does not disrupt the stability, security and accessibility of a web page, it is worth the effort to enhance the experience of using web applications.

Comments Off

Sometimes the biggest step is just to get started. If you have trouble getting something started, try to do the absolute smallest step that gets you in the right direction. Lao-tzu was right, "A journey of a thousand miles begins with a single step". In taking the first step, it makes the second easier than if you had not begun.

The thought of opening Microsoft Word gives me feelings of trepidation, no doubt a result of countless battles with text styles, tab indents, and under a tight deadline. In fact, I'm not yet comfortable with the WordPress blog interface for starting a blog post; the draft of this post was typed in TextPad.

Everything can begin with a text file. It is counterproductive to the formation and notation of a new idea than to be annoyed everytime to type a new paragraph, the font type changes, or the software decides that typing a hyphen is a reason to insert a bulleted list automatically. Write first, format later.

Many successful software programs rely on simple text files for their settings and configuration, including all the components used in LAMP architecture. Sometimes, the complexity you require will not exceed a simple text file.

Comments Off

Word of the day: dirification

Posted In: Misc by graham


dirification (noun) or to dirify (verb).

A relatively new and generally unknown word (there's really no definition I can find), but credit goes to the developer community of the Movable Type blog software for bringing it to my attention. In its original use, it describes the conversion of space characters to either hyphens or underscores. It could have a more general meaning.

I suspect the creator of this word has either forgotten the words "derivation" (noun), "to derive" (verb), or perhaps found them inadequate to describe the process of character conversions. Add this to the list of words representing and erosion or evolution of the english language. How long will it be before the Oxford dictionary, or wikitionary, legitimizes its use?

Comments Off

Life not imitating art

Posted In: Misc by graham

The irony is not lost on me: it is not free to read the article about paying for free downloads.

Paying to read about paying for a free download

Comments Off