All posts by John B

Because you’re all desperate for JB’s views on Maggie

Wasn’t going to blog on the demise of the most important British political figure since Winston, but since everyone else has and this blog is being archived by the British Library (I know, right – nobody tell them I’m Strine now), I thought I’d stick this originally-an-FB-comment line up there.

I grew up in the South of England with a very leftie Welsh mum and a centrist Northern but financial-services-working-dad. So from a very young age my take on Mrs T was always that she was ruining where everyone was from – good for the family bottom line, but that we should be kinda ashamed of that and it wasn’t a way to run a railroad. Or country.

Among people who are just full-on middle-class southeners, when it comes to Thatcher, there’s a tendency to adopt a “something must be done, this is something, therefore this must be done” approach. The UK economy did need structural reform in 1979, like other developed economies. But it didn’t have to be carried out in such a cruel and downright wasteful fashion.

Callaghan’s government was bringing in labour market and regulatory reforms – they were the main cause of the whole Winter of Discontent thing. Had they won in 79 you could reasonably have expected something like Australia or Canada today, with necessary reforms made but labour rights protected and no outright destruction of communities and generations of people. 

It’s a terrible shame the implementation was left to a bunch of outright class war fanatics instead, who decided the best use of the immense windfall from North Sea oil was to pay dole and sick benefits for millions of people they had written off as members of society. 

(then of course a generation later, her heirs say “why are we paying these toerags dole and sick” while pretending not to know the answer is “because that was our policy all along”…)

She also helped invent Mr Whippy ice cream, which absolves a lot of sins. Also Falklands, obviously.

PR leaders and their downfalls

Tony Blair was selected to win elections for the Labour party, by giving good PR face and convincing people that Labour wasn’t terrifyingly left-wing any more, despite being way to the right of most activists and MPs.

David Cameron was selected to win elections for the Tory party, by giving good PR face and convincing people that the Tories weren’t terrifyingly right-wing any more, despite being way to the left of most activists and MPs.

Tony Blair led the UK into a deranged war based on his messianic belief that it was The Right Thing, Dammit, going way to the right of almost everyone who was in any way involved with or a supporter of his party. And he was thrown out as leader only many years later, once he was actively unpopular with the public-at-large by an even greater margin than his party.

David Cameron has implemented a right-wing agenda, certainly no leftier than John Major’s government, despite being in a coalition with the Lib Dems. He has had to fight tooth and nail to get his party to do anything which has even the slightest smack of centrism, and so mostly hasn’t. Yet, despite all the above, and despite being vastly more popular (“less unpopular” might be fairer) with the public than his party is, they appear to be seriously considering turfing him as leader already.

I’m not quite sure what this proves, although “Labourites are Stockholm victims and Tories are a terrifying angry mob who nobody in their right mind would seek to lead” is probably up there.

Pharma hackers gonna pharma hack, 2013 edition

I was Googling for an old Banditry post yesterday, as part of a discussion about that new ‘people lie about their drinking’ study. Eventually I found it, only to discover that I’d linked to a (London) Times article, and that therefore the paywall had ruined the whole thing (curiously, even though the Times now shows unregistered users the headline, lede and first sentence for new articles, it completely screws up on old ones). So I more or less gave up on the post [*].

While Googling, I was rather surprised to discover the amount of content that I’d apparently written about the availability, acquisition and applications of various medicinal substances (link will hopefully die in a few weeks as Google updates itself). I briefly considered the possibility that in a fit of poverty and/or drunkenness I’d decided to set up my own online pharmacy, then remembered that I’m based in the country with some of the tightest controls on prescription drugs in the world so that would be rather silly. Rather, I’d been hacked.

I’ve been blogging for more than a decade now, so this isn’t the first pharmaceutical spam I’ve experienced: but it is the most insidious.

Creepy crawling

The hacked pages are tainted only to Google’s crawler – if you or I or anyone in the world who isn’t Google’s crawler click through to them, then they appear as originally intended, both in the browser and in the source code. So the spam-merchant gets to benefit from my PageRank without doing suspicious things to my traffic stats or making suspicious links appear on my actual site, which has been the giveaway for previous hacks. They also, cleverly, didn’t go  for an out-and-out hack of all pages, so if you google for “johnband.org” or search the site for a specific term that isn’t drug-related, then you’ll get the correct result, with no indication that some of the pages (mostly tag pages, category pages, and monthly archives) exist to Google only as pharmaceutical billboards.

Conveniently, Google has a funky-cool Fetch As Google tool, described here by their engineer Matt Cutts, which allows you to see exactly what the Googlebot sees when it crawls any page on your site. Sticking the affected pages into the tool confirmed that Google was still seeing them as pharmaceutically compromised. And that they’d been this way since last July-August.

So, I junked my evening plans and settled in for a night of Fun With WordPress, PHP, MySQL, Unix Permissions And Google. Which is my favourite sort of fun, obviously.

Hope, cruelly dashed

The top Google hit on the pharma hack, from blogger Chris Pearson, was an extremely well-written summary which described an identical problem to mine. “Result!”, I thought. So I followed Chris’s steps, only to discover that absolutely none of them worked. The trouble is, the pharma spammers are cleverer bastards than I’d thought: once the tricks of your trade are readily visible with a quick Google, you’re at a disadvantage. And Chris’s post dates from April 2010. Three years of malware evolution later, although his macro-level points are still worth a read, the actual techniques described were way obsolete.

Bugger.

So I Googled a bit more, mostly finding sites that repeated Chris’s solution, but eventually happening upon a couple of write-ups that were closer to my problem – at least, in the sense that they also found none of the things Chris describes, nor any of the obvious hacks I’ve experienced before like a doctored .htaccess file or dodgy-sounding access permissions, nor any changes to the main WordPress database… at least, none of the changes that anyone has noted online.

The most comprehensive, although perhaps the least comprehensible unless you’re ultra-techie, was a post from Shaun Green from February 2012. Short version: the current version of the hack creates php files with names that sound like they should be real WordPress files, and distributes them throughout your WordPress install but especially in the wp-includes folder so that they’re almost impossible to find and tell apart from real WordPress files without doing extremely nerdy things.

I’m not really a deep-level coder, so following all of Shaun’s steps sounded rather painful. And my install didn’t contain the specific filenames he lists (https.php and class-sftp.php), so I would have had to literally retrace his steps rather than just following his conclusions.

Instead, I went for a slightly lower-tech option. Everything in the wp-includes folder is a standard WordPress file, which shouldn’t have changed since installation. The same is true for everything in the wp-admin folder, and for everything in the WordPress root folder except for wp-config.php (which I’d already checked to make sure it wasn’t compromised). So I downloaded a vanilla version of WordPress 3.5.1, deleted everything from my install except for the wp-content folder (where themes, plugins and pictures are stored) and wp-config.php, and then copied the untainted files across.

One quick check on Fetch As Google later and – hurrah! – the pharmaceuticals had all disappeared. Now all I need to do is wait for Google to update its cache, and everything should be back to normal.

Gone forever?

While the problem was solved in the short term, it clearly wasn’t solved in the long term: I’d started with an uncorrupted WP installation, and someone had managed to corrupt it. So – after doing the basic password changing things, obviously – I installed Wordfence and Better WP Security. If you host your own WordPress blog (anything that isn’t on wordpress.com), then so should you. Wordfence is the equivalent of an antivirus program for your WordPress install; Better WP Security automates a whole bunch of handy lockdown and obfuscation tricks. Wordfence threw up a few vaguely suspicious files associated with some of the themes that were installed, so I deleted them; everything was then fine.

I’ve also set up Google Alerts that notify me if any new content appears on johnband.org containing various spammy keywords (the usual suspects), which obviously won’t be much use until the current spam-buggered content is removed, but will then allow me to kill any future infections before they’ve completely ruined my search results. I’ll update this post in the event that anything else occurs. If I remember, I’ll update it in a couple of months if nothing else has occurred, since zero is sometimes a helpful data point.

TL/DR: Was quite painful, could have been much worse. If this happens to you I definitely recommend the “for every folder which shouldn’t have changed since WP was installed, delete the folder and reinstall” approach, although do check the database and fix any issues there first. And set up the security things even if this hasn’t happened to you yet, because it probably will.

[*] Short version of post I was going to write: epidemological studies into alcohol-related harm are also based on self-reported consumption, so while it’s likely that everyone drinks more than they say, it’s also likely that alcohol is correspondingly less bad for you than those studies have shown, by about the same margin – unless we can come up with valid reasons why people would underestimate in one sort of study but not the other. Also, News Corporation are still unimaginably bad at digital strategy.

What I did on my holiday

Answer: I went to India and spent a great deal of time buggering about with smartphones. And then used that as background material for writing a guide to mobile phone travel in India. The guide isn’t quite finished yet, but I’ve written an article about some of the more bureaucratic bits for Smart Phone Travel.

I also went to an amazing wedding, and enjoyed the coldest temperatures the northern hill city of Dehradun has seen since Independence. Which was, well, cold. Had great familial fun in Mumbai, and great touristy fun in Pondicherry and Chennai. Indian Railways’ day train from Pondicherry to Chennai was surprisingly good (and had a power socket for my mobile phone, amazingly and relevantly to the context of the post).

An open letter to Roy Wood

Dear Mr Wood –

For your information, in all known dialects of English, the phrase ‘snowman’ refers to a figure of a man which is made from snow (something like a statue, sculpture or perhaps golem), rather than a man who delivers snow.

I understand there is room for confusion here, when considering examples such as ‘milkman’, ‘postman’ and pizza boy’. However, ‘snowman’ is very much in the style of ‘wicker man’ (which is not a term for a gentleman who delivers baskets) or ‘iron man’ (which is not a term for either a gentleman who delivers ferrous metals, or a gentleman who works in a laundry).

Before seeking to write a song that seeks to summarise the Anglophone world’s Christmas traditions, one might have thought you would have done the most basic research into what these traditions actually were. I can promise you that none of them involve a snow delivery gentleman “bringing the snow”.

I look forward to this error being corrected in future releases of your popular chart hit.

Yours sincerely,
John B

PS Happy Christmas!

Artificial John B Impersonator

The text below is the output of my phone’s AI autocomplete app (SwiftKey), based on its knowledge of the things I say and do. My only interaction was to choose between the three suggestions it offered.

I have been made to the park. I am not going anywhere, and I will not receive the item is faulty, but the most important things. The only way I could have a good idea. The problem isn’t with the loan companies, who is a good film, but the subway. I am a real Zeus, and I am not sure what to expect.

The problem is that it is not a good idea. The only thing I have been a bit of fun. I have been a while, but I can confirm that you can get round to the zoo tomorrow, zoo tomorrow. And I know that analgesics, and I am not sure what to expect. I have a glass of wine. I have a glass of wine. The only way I could have a great day and the Machine, but it is. It has an appointment. The quality is the most of my own.

We have to do it. I have a glass of wine.. I don’t vividly the best. If I identified and then I will have the same. Federalism the best. The only problem is the first place to find a job, but the best way of organizing emails into the address below and click the Help section for the next few days ago.

It was a bit of a fine example of the most important thing. But it was a very long time to get the latest version, and the Democrats are total pansies who are not responsible for any reason. I have a glass of wine.

The quality of life and I am not sure what to expect. I don’t think it’s a good time to do it. It is a bit of a new member. I don’t vividly recall his own words. The problem isn’t a problem with your friends, but I guess the queen plays by her own rules.

K is technically right here at the moment. The quality is not a good day and night and then the next day or night. The only way to get a quote from you soon as possible to make a decision on the phone and the other side of things to come and see if you are looking for a few weeks, but it doesn’t matter how much I love you so that.

I have a glass of wine.

Slightly worried that in the reasonably near future, my phone will replace me.