Web development is not as much fun as it’s cracked up to be

Today so far has been a comedy of errors with some web programming I wanted to do. A confederacy of dunce issues, one after the other.

URL Shortener

It started with some work I’d been doing yesterday with the URL shortener code I use for my jmbk.nl links. The web hosting I have for the domain on GoDaddy is a couple of months from its renewal date, but, to be honest, what I’m paying for it (about $7 a month) is not worth it. I’ll move it to Azure, I thought to myself. Let’s see what amount of work it would take. The code is dead simple: a web service on top of SQL Server, so no sweat there. Let’s take a look at the SQL database: should be simple since there’s only one table. I fired up SSMS and did a few queries … but what’s that? A row in the ShortUrl table showing well over 100,000 hits (that is, that particular short URL has been followed that many times), whereas all the others were less than a thousand. Wut?

Even worse is that the real URL wasn’t a URL at all. It was just the string “undefined”. Mmm: reeks of JavaScript.

Main blog

There are two ways a jmbk.nl short URL gets created: there’s a (hidden) web page on the site and there’s some fancy schmany JavaScript on my blog. Since I’ve certainly never created a short URL for “undefined”, it’s time to look at that JavaScript code.

I’ve set up my blog engine templates such that they operate in two modes: a normal reader mode for someone visiting from the internet, and logged-in user mode (aka, god mode). In the latter mode there’s a few extra elements and content that gets displayed alongside blog posts and some other JavaScript that gets loaded. One of those is a chart that shows how many people are reading the post over time and the other is the fancy JavaScript code that does a callback to jmbk.nl to get a short URL for the blog post. (I then use this short URL in Twitter and Facebook to talk about said blog post.)

var linkElement = $("#shortLink");
var realUrl = encodeURIComponent(linkElement.attr("href"));
$.getJSON(...);

Lo and behold, this code was getting run for everybody, but the HTML element only existed for me in god mode. In other words, linkElement was being set to an empty jQuery object, the call to attr() was therefore succeeding but the return value was undefined. And that was being converted by encodeURIComponent() to “undefined”. Yessss!

I changed the code completely so that it’s only loaded in god mode and also – just in case – to check that linkElement actually existed before making the callback. Brilliant! I updated the site, tested it in Firefox (my usual browser) and also for fun in Microsoft Edge.

Personal website

I’ve set up all my browsers to have my personal website as the home page in each. So, as soon as I started Edge, it displayed my personal home page … with a malware warning.

Edge malware warning for jmbucknall.com

Harmful website?

WTF? The site is completely static, only four files get downloaded: the HTML, the CSS, and two font files. There is no JavaScript or anything like that. I verified that the files on the site were the correct ones – no changes anywhere – and then I clicked the “Report as Safe” button .

So if my site and contents are fine, why is it being reported as a “harmful'” website? Time for more investigation.

The IP address

I nipped over to MX Toolbox because it has an option to check if a site has been blacklisted. (Aside: I can’t remember why or how I found this site in the first place, it was several years ago. But it’s dead handy.)

Blacklist for jmbucknall.com

Wut? Blacklisted?

Ah ha! It’s not my site that’s been blacklisted, it’s the IP address of the hosting. And that is an Azure hosting IP address: there must be hundreds if not thousands of domains hosted there.

I clicked on the first item (CBL), and that site told me that “IP Address 23.99.0.12 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.” It also reported the domain name of the site where the malware was detected: a PHP-based site. I tell ya: PHP is a great language for writing server software (WordPress is written in it), but you have to be really on top of security updates and make sure you are fully up to date. (One of the features of god mode on my blog is a display of the links people are accessing the site with that cause a 404 “not found” error, and it’s 95%+ script-kiddie probes for various PHP pages or WordPress admin links. I personally wouldn’t touch PHP with a bargepole.)

Azure support

OK, so all in all it’s a problem for the Azure guys: there’s absolutely bugger all I can do about removing my site from this blacklist. But where to report it? I certainly wasn’t about to invoke a paid Azure support ticket. After a bit I decided to tweet about the issue and included @AzureSupport in the tweet. A few minutes later, someone there sent me a tweet with the proper issue-reporting link, so I reported it there. Let’s see what happens.

Now … where was I?

Escher angels and demons

Album cover for Back in the High LifeNow playing:
Winwood, Steve - Back in the High Life Again
(from Back in the High Life)



Thinking functionally in JavaScript (part two)

Last time I took a quick look at why JavaScript can be used in a functional manner, primarily though the use of higher-order functions. Another way of putting this is that functions are objects in JavaScript, in the sense that they can be passed to and returned from other functions. And once you say “objects” as a programmer, you start thinking about things like composition, state, inheritance, and so on. Enter the well-known SOLID principles for object-oriented programming, but how are they applicable...

READ MORE

New option in JSLint for multiple var declarations

Yesterday evening as I was putting to bed a few changes to this blog’s JavaScript (that would provide fodder for my continuing series on functional JavaScript), I decided to update the version of JSLint I was using in Sublime Text. When I had done so, suddenly my JavaScript file produce a huge slew of warnings that had not been there before. Whaaaat? OK, first things first. If you are using the Sublime-JSLint package in Sublime Text, it’s a good idea to update it on a regular basis. There’s only...

READ MORE

Thinking functionally in JavaScript (part one)

Over the Christmas break, when traditionally things are a little quieter at work, I do a bit of research into topics that interest me and that might have some bearing on our future products. This year was no exception and I decided to investigate React , Facebook’s library (framework?) for building user interfaces for the web. It’s a fascinating library to be sure (and I’ll talk more on it in another post), but there was one paradigm it uses which I haven’t really talked about before: immutability...

READ MORE

Game on: jQuery each() vs. Array.prototype.forEach()

OK, so this afternoon I got bitten by an issue that has bitten a gazillion web developers (and will probably continue to bite more in the future). I’m talking about the syntax for the callback function that’s used for jQuery.each() versus that for JavaScript’s Array.prototype.forEach() . They are, dear reader, not the same . Let’s quickly show the difference. The callback for the jQuery.each() function should have calling syntax that looks like this:  function (index, element) whereas the one...

READ MORE

Developers and adblockers don’t mix

OK, call me dense. I had a problem: the new theme I have for this blog has cute little buttons for the social networks I belong to and use; they’re at the bottom of every page. Internally they use Font Awesome to deliver the individual icons. On my desktop browsers: no issue, they look great. On my iPhone? What. The. Heck. Although you can pretty easily scroll to the bottom of the page to look at them, here’s what they are supposed to look like, this from a desktop browser: Social buttons So, four...

READ MORE

My Volvo 1800S is on My Classic Car

As I’ve reported on the blog for my Volvo 1800S (aka 64SAINT), it’s being featured in episode 5 of season 20 of My Classic Car with Dennis Gage. The preview has just gone up on YouTube Even the video still features 64SAINT… The full episode will be available on YouTube after it’s aired on various car-related TV channels. So, later in February, I’m guessing. Now playing: The The - Perfect (from Soul Mining )...

READ MORE

New year? Check. New theme? Check.

Over the New Year break, I decided it was time for a change here on the Algorithms for the Masses blog. Not necessarily a full-blown New Year Resolution, more a general feeling that the current theme was old in the tooth, had accumulated a whole bunch of cruft (and how!), and it was time to chuck it in the bin of history. Time for something clean, and, horror, responsive. Having made the decision, it was time to go check out the themes on offer out there in the big wide world. ThemeForest is great...

READ MORE

Revisiting Heap’s Algorithm in JavaScript

Back in March last year I presented an implementation of Heap’s Algorithm – an algorithm devised to generate all permutations of a set of items – in JavaScript. The article was interesting to write because in doing so I had found a bug in the pseudo-code on the Wikipedia page for the algorithm , which led to a discussion with the main editor for the page on how to make it better. Fast forward to yesterday. That morning I listened to a presentation on programming in a functional style in C# . The...

READ MORE

JSLint and recursive functions in JavaScript

The one issue that’s weird about JavaScript that I’ve found is that it has no compiler: the first time you find a bug is when you run your code, not when you compile it. So, since I’m adamant about writing “good” JavaScript code as I write it, I’ve installed a couple of JSLint plug-ins, one for Visual Studio and one for Sublime Text . JSLint is Douglas Crockford’s linter for JavaScript and, although utterly (perhaps barmily?) strict in certain areas, is the one I’ve settled on for checking/validating...

READ MORE