magpiebrain

Sam Newman's site, a Consultant at ThoughtWorks

Posts by samnewman

I always had this blog to write, not to run a blog. I’ve written less and less over the last couple of years and part of this is down to the overhead of maintaining wordpress. My plan is to switch to a clean, hosted solution – and Tumblr is looking like what I want. I plan to migrate everything over ASAP, but ASAP is proving to be not quite as soon as I’d like.

The migration plan is looking like this:

  1. Setup blog.magpiebrain.com to point to my Tumblr blog
  2. Start posting there, not here
  3. Write a script to export my posts from here to Tumblr.
  4. Write a script to export my comments from here to Disqus.
  5. Setup permanent redirects from the old posts to the new home at Tumblr.
May 17, 2009

I knocked this up to help testing on something I’ve been working on in my spare time. It would be a trivial exercise to extend this to build pages for specific URLs – this example returns the same markup for any example. The old codehaus site for Jetty contain lots of examples of how to configure an embedded server.

import org.eclipse.jetty.server.handler.AbstractHandler
import org.eclipse.jetty.server.Handler
import org.eclipse.jetty.server.Server
import org.eclipse.jetty.server.Request
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
import scala.xml.Elem

class HttpServer {

  val handler = new MutableHandler()

  def run(port: Int) = {
    val server = new Server(port)
    server.setHandler(handler)
    server.start()
  }

  def updateHtml(html: Elem) = {
    handler.html = html
  }
}

protected class MutableHandler extends AbstractHandler {
  var html = <h1>Hello</h1>

  override def handle(target: String, request: HttpServletRequest, response: HttpServletResponse) = {
    response.setContentType("text/html");
    response.setStatus(HttpServletResponse.SC_OK);
    response.getWriter().println(html.toString());
    (request.asInstanceOf[Request]).setHandled(true);
  }
}
May 16, 2009

It just threw up this playlist for me on the iPhone – it seems my own personal DJ has finally arrived:

  • Beast Of Burden – Rolling Stones
  • Idioteque – Radiohead (live)
  • Born Under A Bad Sign – Jimi Hendrix
  • I Got Mine – The Black Keys
  • It’s Hard To Be a Saint In the City – Bruce Springsteen & The E Street Band
  • The E Street Shuffle – Bruce Springsteen & The E Street Band
  • Who’s Gonna Save My Soul – Gnarls Barkley
  • Play With Fire – Rolling Stones
  • I Taught Myself How To Grow Old – Ryan Adams
  • House Of Cards – Radiohead
  • Delirious Love – Neil Diamond
  • Old Enough – The Raconteurs
  • You Don’t Know What Love Is – The White Stripes
  • Shake Appeal – The Stooges
  • Shattered – The Rolling Stones
  • Oh Yoko – John Lennon
  • True Love Way – Kings Of Leon
  • Hear My Train A Comin’ (Acoustic) – Jimi Hendrix
  • Tell Me Why – Neil Young
  • Sprit In The Night – Bruce Springsteen & The E Street Band
  • Psychotic Girl – The Black Keys
  • Suprise – Gnarls Barkley
  • New York Serenade – Bruce Springsteen & The E Street Band
  • All I Need – Radiohead
  • Rest My Chemistry – Interpol
October 25, 2008

I’ve been neglecting things here at Magpiebrain Towers since my move to San Francisco. Blame the sunshine, a demanding new client, or just a relapse of extreme apathy. Whatever the cause, it seems that my inattention has been rewarded.

Simon sent me an email the other day, wondering where the blog had gone. I brought up Firefox and checked – “No, the site is still there” I said. But it wasn’t as far as Google search was confirmed.

Redirection based on Referer

It turned out that via Google search, when you clicked on links for Magpiebrain then you were redirected to a suspected malware site called ‘your-needs.info’. I immediately blamed Google. Luckily, calmer heads prevailed, and someone far more knowledgeable than me pointed me at these interesting results:

$ curl -I http://magpiebrain.com
HTTP/1.1 200 OK
Date: Thu, 29 May 2008 18:00:52 GMT
Server: Apache
X-Pingback: http://www.magpiebrain.com/xmlrpc.php
Vary: Accept-Encoding
X-Powered-By: The blood, sweat and tears of the fine, fine TextDrive staff
Served-By: TextDrive
Content-Type: text/html; charset=UTF-8
$ curl -I -H "Referer: http://www.google.com/search?q=sam+newman"
http://magpiebrain.com
HTTP/1.1 302 Found
Date: Thu, 29 May 2008 18:00:57 GMT
Server: Apache
Location: http://your-needs.info/search/index.php?q=sam+newman
Vary: Accept-Encoding
X-Powered-By: The blood, sweat and tears of the fine, fine TextDrive staff
Served-By: TextDrive
Content-Type: text/html; charset=UTF-8

So, it seems that if google is the referer, then the browser is redirected to some shitty spam site.

Cunning barstweards.

Lax WordPress Upkeep to blame?

When I found out that it was my site that was to blame, I immediately started poking around. I checked my .htaccess file – thankfully this was clear. Next, I disabled all the plugins in WordPress, but still the redirect worked. Finally, I moved index.php out of the way – thereby stopping wordpress from being invoked – and surely enough the redirection stopped. So WordPress was to blame.

However, my inaction in writing posts for the site has also extended to not actually keeping WordPress up to date. So my first course of action was to upgrade from 2.3.3. to 2.5.1. The upgrade process was seemless as always, but the referer hack remained.

Fix

A recent thread over at wordpress.org helped me find the solution. By poking around in wp_options and removing a row with an option_name of rss_f541b3abd05e7962fcab37737f40fad8 the problem went away. Right now it isn’t clear which exploit was used, or how many sites were affected, but the thread I found was pretty recent which implies this may be a new issue.

Insidious Hack

This really is quite a good use of what appears to be a WordPress exploit. The only way in which this hack becomes apparent is if you check your analytics frequently (which I don’t – my ego is already big enough without stoking it by looking at hits) or if so perform a google search for your own content, which happens rarely. What is in it for the hackers is harder to see, other than driving traffic to a bogus search engine that pushes prescription drugs.

June 1, 2008

Hairball example I’ve been working on a tool called Hairball to track setter and constructor injection, and use of singletons in Java code. Right now, the tool is capable of creating dot diagrams (for use with GraphViz) and graphml diagrams (for display in yEd).

My initial motivation for hairball was as a tool to help me understand potential problems in my code bases – spot god classes, code that is hard to test, odd dependencies. The tool purposely doesn’t make any judgments about code bases – it just gives you the diagrams. What you do with them is up to you.

The first version doesn’t contain support for tracking of singleton dependencies, and the setter and constructor injection should very much be considered a first stab – so I could do with some beta testers. I’m looking to track down false positives and negatives, as well as get some general feedback. Is Hairball it easy to use? Does it misdetect dependencies? Can you read the diagrams? Does it blow up when trying to run on your mammoth code base (I’ve done nothing to tune performance)?

Future Features

I have a few more features I’d like to add, including:

  • Singleton detection
  • Displaying inheritance
  • Support spotting attribute injection from frameworks like Picocontainer or Guice
  • Overlaying other metrics (e.g. colour based on Emma output, make nodes taller based on number of instructions in the class)

The feedback I get will very much determine what gets added next.

Hairball is available now for download.

July 8, 2007

Update: There is a workaround for this problem, which allows you to sign-up for a prepaid account with AT&T which sidesteps the need for a Social Security Number. The Unofficial Apple Weblog has the full details.

I’m working in the US at the moment, and decided to pick up an iPhone. I’m here long enough to justify it (well, justifying a $600 phone is pretty damn hard). No problems in getting one – the SF Apple Store had plenty.

The problem is that as part of the signup for AT&T, I need not only a credit card with US billing address, but also social security number. I have neither. The shop assistant knew I was from the UK but mentioned nothing about this.

So now I had an iPhone that is a very pretty brick. I guess it’ll be going back in the morning…

July 1, 2007

I upgraded to the latest and greatest version of WordPress at the weekend, but forgot to reconstitute my .htaccess file, so everything apart from the index page was 404ing. Normal service should now be resumed, but please let me know if you spot anything odd.

April 13, 2007

It’s that time again – after the success of March, what better than an April meet-up?

No fixed topic (as usual) so just a general chat about Web 2.0 technologies in the relaxed atmosphere of a Pub in central London next door to where Sweeny Todd used to butcher people.

Demos are welcome – so bring along your latest gadget/tool/service or whatever, although don’t expect any Wifi!

As usual, signup on Upcoming, and stay tuned to the calendar or this blog for updates.

March 22, 2007

I’ll be presenting on database refactoring and specifically dbdeploy at this year’s XTech conference. XTech 2007 runs from the 15th to the 18th of May in Paris, and my presentation will be first thing on the morning of the 17th.

See you there…

February 25, 2007

Update 1: OK, sorry for the change – but I’ve had to reschedule to Thursday 15th of March. Venue still tbc

Update 2: The venue is now confirmed as the Old Bank Of England

OK – I thought getting filmed by someone from Microsoft last year was as surreal an experience as I could expect from London 2.0, but I think a plug on Wired News which I came across in Gmail takes the biscuit:

Londoners’ calendars are once again full of networking events, parties and meetups.

The setting is traditionally a London pub and, in the case of events like Beers & Innovations, appropriate liquid lubrication is on tap.

No damn plug for the blog though – or me! I suppose at least one Sam (Sam Sethi) gets a sound bite – even if he does have nothing to do with the event 🙂

Anyway, after a not so brief hiatus, the next event will be on Wednesday March the 14th Thursday 15th of March. Details up as usual on the calendar, Upcoming and the official website. Venue tbc The venue will be at the Old Bank Of England, but please comment or update upcoming if you’re attending. QCon will be in town at the same time, so we may have a few gatecrashers…

February 21, 2007