Banditry: The idle musings of John B

The news from the horrible (and immensely stupid: who the fuck would allow a chemical plant to be built literally next door to a school) West fire in Texas today, with its “70 injured, no I mean 70 dead, no I mean 5 dead” just reminded me of this brilliant commentary on newspaper reports of tragedies.

(from Dirk Gently; if you’ve not seen the BBC adaptation, do. And if you’ve not read the books, stop reading now and don’t come back til you have):

They started at forty-seven dead, eighty-nine seriously injured, went up to sixty-three dead, a hundred and thirty injured, and rose as high as one hundred and seventeen dead before the figures started to be revised downwards once more. The final figures revealed that once all the people who could be accounted for had been accounted for, in fact no one had been killed at all.

A related thought in my brain, which was very much shaped by the 1980s British rationalist writer community, in the light of Mr Dawkins being a dick on Twitter as usual. We’d like to imagine that if Douglas were alive today, he’d be in the camp of the Iains and Terrys, but there’s at least a possibility he would have ended up with the Martins and the Richards.

Fuck.

I was Googling for an old Banditry post yesterday, as part of a discussion about that new ‘people lie about their drinking’ study. Eventually I found it, only to discover that I’d linked to a (London) Times article, and that therefore the paywall had ruined the whole thing (curiously, even though the Times now shows unregistered users the headline, lede and first sentence for new articles, it completely screws up on old ones). So I more or less gave up on the post [*].

While Googling, I was rather surprised to discover the amount of content that I’d apparently written about the availability, acquisition and applications of various medicinal substances (link will hopefully die in a few weeks as Google updates itself). I briefly considered the possibility that in a fit of poverty and/or drunkenness I’d decided to set up my own online pharmacy, then remembered that I’m based in the country with some of the tightest controls on prescription drugs in the world so that would be rather silly. Rather, I’d been hacked.

I’ve been blogging for more than a decade now, so this isn’t the first pharmaceutical spam I’ve experienced: but it is the most insidious.

Creepy crawling

The hacked pages are tainted only to Google’s crawler – if you or I or anyone in the world who isn’t Google’s crawler click through to them, then they appear as originally intended, both in the browser and in the source code. So the spam-merchant gets to benefit from my PageRank without doing suspicious things to my traffic stats or making suspicious links appear on my actual site, which has been the giveaway for previous hacks. They also, cleverly, didn’t go  for an out-and-out hack of all pages, so if you google for “johnband.org” or search the site for a specific term that isn’t drug-related, then you’ll get the correct result, with no indication that some of the pages (mostly tag pages, category pages, and monthly archives) exist to Google only as pharmaceutical billboards.

Conveniently, Google has a funky-cool Fetch As Google tool, described here by their engineer Matt Cutts, which allows you to see exactly what the Googlebot sees when it crawls any page on your site. Sticking the affected pages into the tool confirmed that Google was still seeing them as pharmaceutically compromised. And that they’d been this way since last July-August.

So, I junked my evening plans and settled in for a night of Fun With WordPress, PHP, MySQL, Unix Permissions And Google. Which is my favourite sort of fun, obviously.

Hope, cruelly dashed

The top Google hit on the pharma hack, from blogger Chris Pearson, was an extremely well-written summary which described an identical problem to mine. “Result!”, I thought. So I followed Chris’s steps, only to discover that absolutely none of them worked. The trouble is, the pharma spammers are cleverer bastards than I’d thought: once the tricks of your trade are readily visible with a quick Google, you’re at a disadvantage. And Chris’s post dates from April 2010. Three years of malware evolution later, although his macro-level points are still worth a read, the actual techniques described were way obsolete.

Bugger.

So I Googled a bit more, mostly finding sites that repeated Chris’s solution, but eventually happening upon a couple of write-ups that were closer to my problem – at least, in the sense that they also found none of the things Chris describes, nor any of the obvious hacks I’ve experienced before like a doctored .htaccess file or dodgy-sounding access permissions, nor any changes to the main WordPress database… at least, none of the changes that anyone has noted online.

The most comprehensive, although perhaps the least comprehensible unless you’re ultra-techie, was a post from Shaun Green from February 2012. Short version: the current version of the hack creates php files with names that sound like they should be real WordPress files, and distributes them throughout your WordPress install but especially in the wp-includes folder so that they’re almost impossible to find and tell apart from real WordPress files without doing extremely nerdy things.

I’m not really a deep-level coder, so following all of Shaun’s steps sounded rather painful. And my install didn’t contain the specific filenames he lists (https.php and class-sftp.php), so I would have had to literally retrace his steps rather than just following his conclusions.

Instead, I went for a slightly lower-tech option. Everything in the wp-includes folder is a standard WordPress file, which shouldn’t have changed since installation. The same is true for everything in the wp-admin folder, and for everything in the WordPress root folder except for wp-config.php (which I’d already checked to make sure it wasn’t compromised). So I downloaded a vanilla version of WordPress 3.5.1, deleted everything from my install except for the wp-content folder (where themes, plugins and pictures are stored) and wp-config.php, and then copied the untainted files across.

One quick check on Fetch As Google later and – hurrah! – the pharmaceuticals had all disappeared. Now all I need to do is wait for Google to update its cache, and everything should be back to normal.

Gone forever?

While the problem was solved in the short term, it clearly wasn’t solved in the long term: I’d started with an uncorrupted WP installation, and someone had managed to corrupt it. So – after doing the basic password changing things, obviously – I installed Wordfence and Better WP Security. If you host your own WordPress blog (anything that isn’t on wordpress.com), then so should you. Wordfence is the equivalent of an antivirus program for your WordPress install; Better WP Security automates a whole bunch of handy lockdown and obfuscation tricks. Wordfence threw up a few vaguely suspicious files associated with some of the themes that were installed, so I deleted them; everything was then fine.

I’ve also set up Google Alerts that notify me if any new content appears on johnband.org containing various spammy keywords (the usual suspects), which obviously won’t be much use until the current spam-buggered content is removed, but will then allow me to kill any future infections before they’ve completely ruined my search results. I’ll update this post in the event that anything else occurs. If I remember, I’ll update it in a couple of months if nothing else has occurred, since zero is sometimes a helpful data point.

TL/DR: Was quite painful, could have been much worse. If this happens to you I definitely recommend the “for every folder which shouldn’t have changed since WP was installed, delete the folder and reinstall” approach, although do check the database and fix any issues there first. And set up the security things even if this hasn’t happened to you yet, because it probably will.

[*] Short version of post I was going to write: epidemological studies into alcohol-related harm are also based on self-reported consumption, so while it’s likely that everyone drinks more than they say, it’s also likely that alcohol is correspondingly less bad for you than those studies have shown, by about the same margin – unless we can come up with valid reasons why people would underestimate in one sort of study but not the other. Also, News Corporation are still unimaginably bad at digital strategy.

As someone who works in social media marketing, my definition of ‘spam’ isn’t aligned with the definition among techie purists. This is mostly because I think “talk to someone unless they tell you to go away” is a completely legitimate way to behave, in life as in work, whereas techie purists tend to think “don’t talk to anyone, ever, unless they beg you to talk to them” is the way the world should be. Yes, stereotypesLOL.

I can certainly make common ground with techie purists on the concept of how fucking annoying it is when you do tell people at nominally legitimate companies (not talking “send your money to Nigeria for Viagara” crap here, all of my email addresses are on the web and I’ve not received that kind of spam for years. FILTERS: THEY WORK) to go away and they don’t.

However, given the utterly pisspoor state of lists at nearly all companies of all kinds, and the utterly urchin-child-intern nature of the poor sods who generally end up processing lists at PR firms, it seems unreasonable to get angry at the individual on the end of the email (*). So I don’t.

My recentest response to such an email is here, partly for public edification, and partly so I can Google it next time.

Dear [xxx]s as an organisation, please remove me from all of your press lists of all kinds and add me to your (DPA-mandated, so you must have one, right?) list of people who have requested that you never contact them again – obviously, apart from the email to confirm that this has been done.

Dear [yyy]l, I’ve asked your predecessors to take me off their lists before but apparently my address has still been passed on to you. Apologies for sending you a grumpy message due to wider organisational problems that aren’t your fault, please don’t take it personally.

Sorted.

(*) far more unreasonable than, say, a comedian getting angry at a heckler who’s deliberately choosing to be part of the comedy act, rather than some poor sod who’s getting paid and doesn’t want any trouble. People who get personally lairy at customer service operatives are the lowest of the low.

In the wake of a punch to the face from phone-hacking-Leveson-scandalous-British-naughtiness, and a kick to the balls from shrinking print revenues, News Corporation is contemplating splitting its TV assets from its print ones.

The plan would be to remove the newspaper drag from the share price, and hopefully bypass some of the regulatory fallout from News International’s behaviour. In Australia, that’d mean the Foxtel, FoxSports and Sky stakes going into ‘Good News’, and the papers, magazines and book publishing (HarperCollins) going into ‘Bad News’.

An obvious problem here is that Bad News would be, well, bad news.

The analysts at Nomura have worked out what the historic and forecast income statements would be for both demerged companies. They’re projecting that, despite the newspaper division halving in profit (EBIT) in 2012, future profit declines will only be in the region of 5% a year – and that global newspaper division (including digital) revenues will show slight overall growth. Nomura values the print company worldwide at around US$3-4 billion.

To me, that sounds optimistic. 2012 is going to be particularly awful for the newspaper division because it’s the financial year after the cash cow of the News of the World was killed, sure. Nonetheless, looking at Fairfax’s position, the Guardian’s position, News Limited’s announced cuts in Australia, the Times and Australian’s massive losses, and the ongoing march of often free, often superior (albeit seldom both) online news sources, growing sales even at the rate of inflation seems like a pipedream.

Supposedly, the WSJ’s finances are in a better state than most of the other titles, because people actually pay for business information online. The four remaining sensational big city tabloids in the group – the UK Sun, New York Post, Sydney Daily Telegraph and Melbourne Herald Sun – likely still make money, since they were never reliant on classified advertising. But the Times and the Australian are reported to lose vast sums annually, despite the imposition on both of draconian paywalls which very few people have taken up, and which mean that they form no part of the online conversation.

(the Times recently started a Tumblr for some of its opinion content, in a desperate attempt to maintain some kind of relevance to the outside world…)

Now, Rupert Murdoch is 81, and his children show absolutely no interest in taking over the print business. And Bad News would be a publicly traded company with shareholder obligations.

When you’re a vehicle for an oligarch to promote his corporate interests to politicians, in the way Mr Murdoch has used his papers for the last 50 years, bunging tens of millions of dollars a year into a respectable-opinion-leading project like the Australian or the Times can get you results far in excess of your investment: tax reliefs, exemptions from competition laws, broadcasting licenses, etc.

But once you break the link with the corporation that benefits from the regulatory corruption, lose the oligarch to retirement/senility/Old Father Time, and lose the ability to shape national conversation by excluding your pieces from most modern forms of sharing and discussion, then really, what’s the point?

So the only way for the Times and the Oz to survive is to be sold to some kind of oligarch who’d benefit from their advocacy. In London, you can barely throw a stick and not hit some overseas billionaire or other, so that should be easy enough.

In Australia – now, who might be interested in buying a voice in the national conversation? Who easily has the money to continue publishing the Australian, tearing down the paywall, making it into perhaps (if Fairfax’s desperate plans are followed through) the only free source of premium news and commentary in the country? Who has a conveniently close ideological position to the one the Australian is already pushing? And who’s just been rebuffed in her attempt to gain control of a couple of newspapers whose readers and editorial staff are completely opposed to her ideological position?

Gina for the Oz. You read it here first!

My riot policing piece yesterday attracted 600 unique visitors in 24 hours. That isn’t exactly Perez Hilton, but is about six times my current normal run rate (I think the biggest this blog has ever been is about 1000 daily visitors, for some of the global financial crisis articles).

The fact that the piece had quite a few visitors isn’t too surprising, I suppose – it was a take on a newsworthy and important topic that dissented somewhat from the conventional wisdom, based on hours and hours of discussion with people who were on the scene across different English cities and/or who really understand counterinsurgency strategy. And it was pleasing to see strategy/COIN experts talking about it favourably.

The odd thing, though, is that whenever I’ve written a piece in the past that has gained masses of attention, it’s been through links from bigger blogs, news sources, or occasionally forums. This time, as far as I can see from my logs, there haven’t been *any* blog links to the piece. All the traffic is coming from retweets and reshares on Twitter and Facebook.

I wouldn’t go quite as far as to say that blogs are dead as a medium: the existence of a self-publishing platform with a fairly powerful off-the-shelf CMS, and that isn’t restricted to a particular social network, remains useful.

But it’s looking like the sense in which we’ve traditionally understand blogs – roughly, a community of people who link to each other’s posts, comment on them, and write pieces that track back to them – no longer really applies. Facebook and Twitter have killed it, in favour of something flatter and much less based on the blogger’s personal brand.

As if to add ammo to the fervent Marxists who’ve been criticising me for my slavish adherence to neoliberal economics lately [*], I’m going to admit that I’m a fan of The Economist on Facebook.

Not because it’s my favourite paper – I subscribe to the New Yorker, Private Eye and Crikey, and would subscribe to the Grauniad if it went PPV – but because it’s interesting, shapes debate, has a good Facebook presence, and the Facebook comments mechanism gives a better view of “what people think” than the “solely for ubergeeks and psychopaths” den of web comments.

One of the things that I’m looking at right now, both academically and professionally, is the challenge presented by dealing with things that have historically been marketed and customised territory-by-territory in a social media environment that’s global. The Economist provides an excellent example, since every week, it lists its covers on the Web.

Now, if you don’t commute far too often between the US and Other Places, you’re probably not aware that the Economist has covers in the plural: both in the US and outside the US, it purports to be a global newspaper (and, compared to US newspapers, it has a fair point). But it isn’t: there’s a US edition with specifically US-focused content, ads and cover, whereas the global edition only has a US cover if the most exciting thing occurring is actually in the US.

If the Economist admitted to its US readers “yes, actually, we do realise you’re a bunch of insular tits just as much as the rest of your countrymen; stop pretending you’re some kind of cosmopolitan international relations knowall just because you read a paper written by slightly-right-wing people in London instead of raging-right-wing fanatics at home; and we all know we only bother printing international news at all in the US version because otherwise we’d lose our USP; we know perfectly well – and it’s clear from our ad placings – that none of you lot read it”, then it might just about risk losing some of its mystique as an international oracle. Which would kill its whole point

So for the Economist’s Facebook presence, where discriminating between visitors from different countries is hard, it definitely wouldn’t want to show a separate “US Edition” and “World Edition”. That would break the spell.

The way it has dealt with this is ABSOLUTELY FUCKING BRILLIANT. Every week, it adds a “Worldwide Excluding the UK, Europe & Asia Edition” and a “UK, Europe & Asia Edition“. That way, Americans – who are sufficiently geographically disendowed to realise that the world, in any meaningful sense, consists of North America, Europe and Asia – can keep the illusion that they’re reading the World Edition, unlike those silly Europeans and Asians who’ve got a customised edition to suit their own parochial concerns. And we (Asia edition is sold in Aus and NZ, obviously) can work out the conceit and laugh at the Americans.

Overall, this is a great win. Except for the poor sods in Canada, South America and Africa, who presumably have to make do with the lobotomised edition containing news that’s irrelevant. Although I suppose for the South Americans it might help them understand when they’ll next be invaded by CIA-backed guerrillas.

[*] my slavish adherence consisted of making the claim that “pretending that basic economics and tax are hard, if you’re someone who purports to understand postmodernist literacy criticism, is embarrassing”. This isn’t because I rate one over the other, but simply because both neoclassical and Keynesian economics are Very Easy To Follow, whilst Derrida and Deleuze are The Opposite.

The BBC has been in the news yet again for perceived offensiveness, with the Mexican ambassador slating Top Gear for calling his countrymen backward and lazy, and the Japanese ambassador slating QI for, erm, let’s get back to that one. But although lazy commentators on both sides (especially the ‘PC HAS GORN MAD’ side) have been keen to link the two examples, they’re very different.

Here’s the transcript of the Offensive Top Gear Mexico Routine.

Richard Hammond: Cars reflect national characteristics, don’t they, so German cars are very well built and ruthlessly efficient, Italian cars are a bit flamboyant and quick, a Mexican car’s just going to be lazy, feckless, flatulent, overweight… leaning against a fence asleep, looking at a cactus, with a blanket with a hole in the middle as a coat.
James May: It is interesting, isn’t it, because they can’t do food, the Mexicans, can they? Because it’s all like sick with cheese on it, I mean…
Hammond: Refried sick!
May: Yeah, refried sick.
Hammond: I’m sorry, but just imagine waking up and remembering you’re Mexican: ‘awww, no’.
Clarkson: No, it’d be brilliant… because you could just go straight back to sleep again. That’s why we won’t get any complaints about this, because at the Mexican embassy the ambassador’s going to be sitting there with a remote control like this *mimes being asleep*

Hammond’s initial comment is a reference to a fairly stupid but well-known stereotype. The comic phrasing and timing is decent – and the concept of a car leaning against a fence asleep, looking at a cactus and wearing a poncho is entertainingly surreal. If followed up by “but this Mexican car is actually rather good”, it wouldn’t be particularly offensive – it’d be clear that the speaker was citing an old stereotype and then pointing out that it didn’t apply.

May’s follow-up is entirely witless, pointless and offensive. Hammond sycophantically tries to come up with something slightly funny based on May’s routine, which May then repeats to claim The Witty Thing for himself. Then Hammond goes somewhere very bad indeed (switch “Mexican” for “black” in the “Imagine waking up…” line). This is the appalling bit, and it seems to come out of Hammond’s attempts to amuse May.

Clarkson’s involvement is more interesting: rather than running with the invective Hammond and May have started, he shuts it down with a meta-joke about the whole routine. Unlike Hammond’s comments, and very unlike May’s comments, he’s got a good line followed up by a great line – and it moves the main attack from ordinary people to lazy, pompous bureaucrats. Which is another stereotype, of course, but hardly one that’s worth puncturing.

Anyway. Steve Coogan’s article on the debacle is worth a read – but to me, the dynamics of that routine highlight the truth of Stewart Lee’s Top Gear routine from five years ago. Clarkson is witty but lazy, Hammond is a desperate sycophantic tosser, and May is a thug.

Overall, it was absolutely right for the BBC to apologise for Hammond’s comments about Mexico, and it’s a pity that Jeremy Clarkson isn’t surrounded by smarter and more interesting people.

Meanwhile, from the entertaining-if-smug QI (I’ll note in passing that when Clarkson appears on QI he’s much better than he is on Top Gear, probably because he’s surrounded by smarter and more interesting people. But he wasn’t on this one. I can digress if I like; it’s my blog):

Stephen Fry: Now what is so lucky about the unluckiest man in the world?
Rich Hall: He got killed by a horseshoe?
Fry: Well, this man is either the unluckiest or the luckiest depending on which way you look at it.
Alan Davies: Something like he’s had more accidents and operations than any other man in the world and he’s still alive?
Fry: Bear in mind we’re after places beginning with H, and if I tell you his name this may help – his name was Tsutomu Yamaguchi, and he died in January 2010 aged 93. He lived a long time, so he wasn’t *that* unlucky…
…
Davies: Hiroshima?
Fry: Hiroshima.
Davies: Bomb landed on him and bounced off?
Fry: He was in business in Hiroshima when the bomb went off. He was badly burned, spent a night there.
Davies: …and he went to hospital in Nagasaki?
Fry: The next day, he got on a train, bizarrely, which shows you that even though the atom bomb fell, the trains were working. So he got on a train to Nagasaki and a bomb fell again. He became a sort-of hero, but only got the recognition in his 90s.
…
Fry: He’s either the luckiest because he survived an atom bomb twice, or the unluckiest because…
Bill Bailey: Well, he lived to 93, so his life was not curtailed.
Rob Brydon: Is the glass half empty, is it half full? Either way it’s radioactive. So don’t drink it.
Davies: He never got the train again, I tell you.
Fry: The astonishing thing to me is, you drop an atom bomb on Hiroshima and the train service is working the next day. In our country…
Davies: “Keep Calm And Carry On”
Bailey: …a couple of leaves and that’s it.
Fry: Yes, for the rest of the winter.
Bailey: “The wrong kind of bomb”. *station announcer voice* “Sorry, the wrong kind of bomb”.
Fry: Well, it was clearly the right kind of bomb. “It’s fine everyone, don’t worry, this was the right kind of bomb”.
Bailey: *station announcer voice* “The right kind of bomb has landed on the 4:30 from Potters Bar. Please proceed to the nuclear area. The sandwiches have not been affected”*.

So, there’s absolutely no trashing of national stereotypes, nothing at all racist, and nothing that even personally attacks Mr Yamaguchi. The only national characteristic or trait mentioned is the fact that Japan’s trains are better than the UK’s. The whole thing is good-natured whimsy, based simply on the fact that for some poor bastard to get caught up in both the Hiroshima and Nagasaki bombings – and to survive for 65 years afterwards – is a funny coincidence.

And yet the Japanese embassy still complained.

The text of the embassy’s letter isn’t available. But the BBC’s apology is available – and it’s completely and utterly inappropriate.

The difference between the QI piece and the Top Gear piece is obvious to anyone with more than half a brain: one is saying insulting things about individuals based on their ethnicity; the latter is pointing out the humour in a tragic situation, while also engaging in light self-mockery over the UK’s ineptitude at public services. The former, although it can be justified on occasion, often ends up as bullying and perpetuating racism. The latter doesn’t. It’s just what comedy is.

The BBC shouldn’t be making shows that insult brown people for being brown (sure, it can make shows that include racist lines or stereotypes, but only if there’s actually a point behind them – which wasn’t the case in Top Gear). But if the BBC isn’t allowed to gently and non-scornfully mock tragic events that occurred more than 60 years ago, then it might as well close its comedy department for good, and focus solely on pleasing mad arseholes who wouldn’t understand a joke if it bit them on their, erm, mad arsehole.

Rupert Murdoch to the FTC:

Technology makes it cheap and easy to distribute news for anyone with Internet access, but producing journalism is expensive.

True. Phones don’t just illegally tap themselves, and making police investigations magically disappear is also an expensive business…

However, his implied public service argument falls down on an obvious point: none of the expensive reporting the soon-to-be-paywalled News of the World does is of any benefit whatsoever to anyone. So a footballer’s dad is willing to buy some Bolivian marching powder, or a vicar shagged a tart; see my rock of indifference the size of the Ritz.

On the other hand, the reporting that the non-paywalled New York Times did into the NotW’s crooked ways, and super-dodgy relationship with the Metropolitan Police, is well worth anyone’s money. Funny the way that tends to work…

There are, obviously, strong historical connections between Australia and the UK. These have created cultural similarities – probably more and closer than most Australians would be willing to admit. The two countries are diverging as time passes, but Australia’s still culturally closer to the UK than anywhere else I’ve visited outside of the British Isles.

However, it still strikes me as very strange, bordering on lunacy, for a US reviewer to take an Australian book by an Australian writer set in Australia about Australian suburban life, and use it to hang the conclusion:

The Slap’s the work of the moment for a nation that I met more at the pubs and picnic tables of England than in any other book I’ve read. It’s the book of the great muttering resistance of England, a dark-witted, vote-nay group who could rival the American Tea Party for influence if they could only agree on a bar at which to meet.

Read the whole thing, if you’re also in the market for bemused American reflections on how Cheryl Cole sounds like Dick Van Dyke (this may explain his difficulty in telling Brits and Aussies apart), and how Londoners are violent, Friends-obsessed drunks who sound like Liam Gallagher making a cameo in Trainspotting. Alternatively, don’t.

Yes, I know MGM (or, more accurately, the latest in a long bunch of shysters to own the rights to the MGM name and to make James Bond movies) are in serious financial trouble.

But if I was in serious financial trouble, and I owned a money tree, but I couldn’t afford to harvest the money tree due to my serious financial trouble, then I’d sell someone the rights to the next harvest of my money tree. Then, I might be able to do the following money tree harvest myself. At a worst case, the money tree’s money crop hasn’t just rotted on the branches.

So I’m genuinely perplexed about the weird machinations that mean we’re not going to get another Bond movie until forever. What incentive have MGM’s management got to not sell the rights to make a new Bond (which will make copious quantities of money, unequivocally) to someone with dollars, rather than sitting around making nothing until they go painfully bust?

I suspect it’s an accounting / US law / principal-agent problem, but would appreciate guidance from anyone who either knows, or can come up with a vaguely sensible reason for MGM’s management to do what they’re currently doing…