MICHA.ELMUELLER

 

Cross-Site Request Forgery (CSRF)

 

The Institute of Distributed Systems at the University Ulm runs the course “Practical IT-Secutiry” this semester. To me this was especially interesting because of the examination modalities: one does not have to take an exam, instead each student has to prepare and hold a lecture and accompanying assignments on a certain topic. I decided to dive deeper into Web Security and chose for Cross-Site Request Forgery (CSRF) attacks.

The presentation can be found online here. The preparation document for students was distributed one week in advance to the two-hour assignments (pdf). Assignments were based on the Metasploitable framework, the Damn Vulnerable Web App and TWiki. Additionally, I wrote some intentionally vulnerable PHP scripts with increasing levels of security.

All of this material (*.tex, *.html, *.pdf, etc.) and solutions for the assignments can be found in my talks GitHub repository as well.

 
 

Keeping this world interesting

“Bespaßung dieser Welt.”

 
 
 

Exploring the ZEIT ONLINE API

The german weekly newspaper “DIE ZEIT” has an API available. This means it is easily possible for developers to use a lot of their data. Since they have made access to the data of nearly 400.000 articles since 1945 possible this is quite interesting (access to full texts is sadly missing, but a lot of other stuff is available). This post is about some of the interesting things I found whilst exploring the API.

My initial idea was to visualize how the ratio of articles with anglicisms evolved over time. At the moment this is too complex a project, due to the fact that getting the necessary data via the current API is difficult. However, I made some other interesting findings along the way.

The Wiktionary project provides a list of anglicisms (around 960 words) which I parsed out and used to search for articles concerning this words. This gave a list of how many matching articles on this word had been written each year since 1945. I also made an empty search to find out how many articles were created in total each year. These numbers could then be used to calculate the percentage of articles with anglicisms in each year.

Not all of the words provided interesting results but here is selection of some interesting ones. Please be aware that the statistics show a zoomed-in range. This is not a scale of 0-100%!

One should be very careful to interpret reasons for the peak just by looking at the visual representation. A potential reason might be the Gulf War in 1990–91 (the german translation is: “Golfkrieg”). Other causes worth investigating could be successes of german golf athletes or events around the VW Golf automobile.

Potential reasons for the peaks could be: in 1985 the Sinking of the Rainbow Warrior, in 1995 the Brent Spar protests and in 2010 the Deepwater Horizon.

The peak in 1987 could relate to the increased media coverage on aids. Also in 1987 the Institute for German Language (Gesellschaft für deutsche Sprache) chose “aids” has as the word of the year.

The peak in 1970 is most interesting to me, a potential cause could be the movement of 1968.

I have made the code used to gather the data and build the visualizations available under the MIT license via GitHub.

GTFS Visualizations

GTFS is an abbreviation for General Transit Feed Specification, a standard which “defines a common format for public transportation schedules and associated geographic information”. Basically this is a possibility for public transport agencies — like the Stadtwerke Ulm/Neu-Ulm (SWU) for example — to release their data to the public in a proper manner. Fortunately some agencies have done so (here’s a list). In Germany the agencies in Ulm and Berlin have released their schedule data under a free license as GTFS. In both cases this process was pushed forward by local Open Data enthusiasts who were involved in this process. Together with some friends from the UlmAPI group, I was involved within the efforts here in Ulm and it has since tempted me to create something from this data.

So basically I wrote a program which visualizes GTFS. The program draws the routes which transportation entities take and emphasizes the ones which are frequented more often by painting them thicker and in a stronger opacity. Since many agencies have released their schedule as GTFS it is easily possible to reuse the program as a mean to visualize different transportation systems in different cities.

So here are the renderings for some GTFS feeds! Just click on the thumbnails to get a larger image. The color coding is: red=busses, green=subway/metro, blue=tram.

 

Madrid
GTFS data: Empresa Municipal de Transportes.
Download: PNG (1.4 MB) | PDF (0.4 MB)

Miami
GTFS data: Miami Dade Transit.
Download: PNG (0.3 MB) | PDF (0.8 MB)
 

San Diego
GTFS data: San Diego Metropolitan Transit System.
Download: PNG (0.5 MB) | PDF (0.6 MB)

Ulm
GTFS data: Stadtwerke Ulm/Neu-Ulm.
Download: PNG (0.4 MB) | PDF (0.12 MB)
 

Washington DC
GTFS data: DC Circulator & MET.
Download: PNG (1.2 MB)

Los Angeles
GTFS data: Metro Los Angeles.
Download: PNG (0.9 MB)
 

San Francisco
GTFS data: San Francisco Municipal Transportation Agency.
Download: PNG (1 MB) | PDF (1.1 MB)
 

I am very satisfied with the resulting images, which in my opinion look really beautiful. I have rendered some of the cities as PDFs as well. With the momentary program, this is a very time consuming process and for some cities — due to performance or memory issues — not even possible on my (quite sophisticated) pc. This is due to the enormous transportation schedule (> 300 MB, ASCII) of some cities. But my program can surely be heavily optimized.

Please note: These visualizations would not exist without Open Data. This project was only possible because of transport agencies releasing their data under a free license. One should not forget that the existence of projects like this is a major benefit of Open Data.

Also one should not forget that standardized formats in the Open Data scene have proven to be a major benefit. Existing applications can easily be re-deployed like in the case of Mapnificent, OpenSpending or, well, in mine.

The best thing to do with your data will be thought of by someone else.

License & Code
The images are licensed under a Creative Commons Attribution 4.0 International license (CC-BY 4.0). Feel free to print, remix and use them! The source code is available via GitHub under the MIT license. Please note that it definitely has to be properly refactored since it wasn’t designed, but rather grew. That’s also the reason for using two different technologies (node.js and processing) within the project. I had a different thing in mind when I started coding.

Preventing misunderstandings
To prevent misunderstandings: The visualizations show only the data released by the according agencies! So in the case of e.g. Madrid there exists a metro line which is not shown in the visualization above. This is due to a different agency — who has not yet released their data as GTFS — operating the metro line. I hope that more agencies start to make their data freely available after seeing which unexpected and beautiful results they might get.

Another misunderstanding which I want to directly address: The exact GTFS feed is visualized. This means that when looking closely at the resulting PDF you may find some lines which are very close to another and might even overlap in part. This is no bug, but the way the shapes are defined in the feed.

Printing
If you want to print the visualizations: I have created two posters (DIN A0). The graphics within them are properly generated PDFs in CMYK. So be aware that the colors will look different on your screen than when printed.


(click on image to enlarge)

Madrid (PDF, 11 MB)


(click on image to enlarge)

Madrid, Ulm, Washington, San Diego (PDF, 81 MB)

 

Comic Strip – Why you shouldn’t mail *.doc files

This is another project I started about two and a half years ago, but never got around to properly finish. The idea came about when encountering some of the annoying things which some people on the internet do: forwarding chain-mails or mailing *.doc files, for example.

It is oftentimes not that well taken when answering such mails with an — even friendly meant — explanation why such a behavior is annoying. So the idea of drawing a comic which explains the issue in a brief and funny way came about. Everybody likes comic strips, right?

So instead of replying such *.doc mails with a textual explanation it would be more practical (and probably the sender would take it better) to link a comic strip.

At the time I talked to Kate and she made some sketches for such a strip which I then proceeded to scan. I never got around to digitize them properly and build an illustration from them. But I have done so now:

MS Word Comic

(click on image or here to enlarge)

The illustration has been created in DIN A1, click here to get the large (114 MB) PDF. The raw photoshop file is available here (58 MB) as well. If you want to mail the link to someone you could use this one:

http://micha.elmueller.net/doc-comic/comic.png (1280x904px, 515 KB)

All files are licensed under a Creative Commons Attribution 4.0 International license (CC-BY 4.0).

There are a lot of very well written texts explaining in detail why sending Microsoft Word *.doc files is not good practice. I like these two the best:

The original idea included creating a series from the comic. I’ll see if I get around to do that. If you have any ideas for fitting topics in such a series, please feel free to comment this post or mail me.

Ulm Underground

From my impression the Geocaching scene in Ulm is quite active and there are a lot of caches. These are some photos which I took on two expeditions with friends, whilst searching for some of the underground caches. One cache is e.g. hidden in an old air-raid shelter (“Luftschutzraum”) which can only be accessed through a hole in the wall (the Warmduscher-Cache). The photos have been taken about one and a half years ago, but I didn’t get around to upload them.

 
 

Interactive Installation: “Kunst oder Kitsch?”

 

Valerie is currently presenting on the ongoing exhibition “Kunst oder Kitsch?” in Bad Schussenried (13. April – 22. June 2014). The idea was to let different artists (eighteen in total) explore where the separation between art and kitsch lies. What is still art and what is kitsch? Where does the line lie?

I liked the exhibition a lot! The topic is really interesting and made me curious immediately. Some artists made artworks which run really hard on the borderline between art and kitsch and it is a lot of fun walking through the exhibition and discussing about specific creations and their classifications.

Some artists had the idea to complete the exhibition with a — not that seriously meant — interactive installation where visitors have the possibility to rate the exhibition: does it rather present kitsch or art? They asked me if I would like to build such a thingy. I started with the software and after a while Leo joined and developed the electronic hardware part: two large footswitches need to be pressed in order to vote. Valerie also greatly helped in building the funfair-like wooden base for the “Kitschometer”.

It basically works like this: you press one of the buttons to vote if the exhibition rather presents art or kitsch in your opinion. A random, fancy song will then be played and a tachometer will hit out on either art or kitsch, depending on how the previous voters have rated. The exhibition runs for three months and I think it’s a nice gimmick.

The code and technical documentation is up on GitHub. The installation could surely have been build technically more elegant, but in this case a pragmatic approach was taken due to time constraints. The footswitches are borrowed from the workshop at the University Ulm. This is exactly how a university should be! It should enable people to just do stuff and not constrain them in realizing ideas!

I would definitely like to create more installations.

 
 

The Principles of Datalove — Audiomashup

Some years ago the Telecomix crew came up with the term datalove and wrote an according manifesto (see here for more details):

Love data
Data is essential
Data must flow
Data must be used
Data is neither good nor bad
There is no illegal data
Data is free
Data can not be owned
No man, machine or system shall interrupt the flow of data
Locking data is a crime against datanity
Love data

I use the term datalove quite often when referring to the free culture or open data movement. About two years ago I had the idea to create a voice mashup from the text and recorded various female friends reading the text. In order to give the mashup an electronic, digital feeling I alienated the voices a bit over an ambient electronic track (2012 by pielkor, CC-BY 3.0).

soundcloud direct link

At the time, two years ago, the result was not like I imagined and I wasn’t satisfied. So I didn’t release it online. Yesterday I listened to the track again and was quite surprised. It was by far not as bad as I recalled it. This angers me somehow. I have a lot of stuff, video interviews, photos, software, visualizations, which I haven’t released because I was unsatisfied with the quality, got aware of technical shortcomings whilst working on the project or realized how it could have been done better. In part, I am also trying to avoid giving other people a possibility to attack my own work. Today I think it was stupid not to release projects like this and I regret it. It was a nice project and I should let other people decide if they can use it or not.

I have to thank Saron, Zenib, Sonja, Kate, Amrei, Natty, Jenny, Elizabeth and Lisa without whom this mashup would not have been possible. The track is licensed under a Creative Commons 4.0 International Attribution license (CC-BY 4.0).

The student group I participate in is called datalove as well, ulmAPI is an open data project by the datalove group.

datalove

About Me

I am a 26 year old techno-creative enthusiast and computer science student at the university of Ulm in Germany.

I care about exploring ideas and developing new things. I like creating great stuff that I am passionate about.

Mobile photos

License

All content is licensed under CC-BY 4.0 International (if not explicitly noted otherwise).
 
I would be happy to hear if my work gets used! Just drop me a mail.
 
The CC license above applies to all content on this site created by me. It does not apply to linked and sourced material.
 
http://www.mymailproject.de