Archive for July, 2008

GPS serendipity: Florence Avenue, Sebastopol

Monday, July 14th, 2008

img_0601.jpgI drove from Oakland up to the O’Reilly Foo camp last Friday. The O’Reilly offices are just outside Sebastopol, CA. I stopped at an ATM and my GPS unit got totally confused. So I took a few turns at random and wound up on Florence Avenue. I drove a couple of hundred meters and started seeing big colorful structures out the front of many houses. They were so good I stopped, got out my camera, and took a whole bunch of pictures.

I talked to a man washing his car in his driveway. He told me that “Patrick” had created all the figures, and installed them on the front lawns. I got the impression that it was all free. Soon after I found the house that was unmistakably Patrick’s and seeing a man loading things into a pickup truck I went up and asked if he was Patrick. It was him and we had a friendly talk (mainly me telling him he was amazing). He gave me a calendar of his work.

Click on the thumbnails below to see bigger versions. There’s even a FC Barcelona structure. As I found out later, lots of people (of course) have seen these sculptures. When I got to Foo, there was one (image above) outside the O’Reilly office. Google for Patrick Amiot or Florence Avenue, Sebastopol and you’ll find much more. And Patrick has his own web site.

img_0556.jpgimg_0558.jpgimg_0560.jpgimg_0561.jpgimg_0567.jpgimg_0568.jpgimg_0569.jpgimg_0570.jpgimg_0572.jpgimg_0573.jpgimg_0579.jpgimg_0581.jpgimg_0582.jpgimg_0585.jpgimg_0586.jpgimg_0589.jpgimg_0592.jpgimg_0595.jpgimg_0599.jpgimg_0575.jpgimg_0577.jpgimg_0564.jpgimg_0566.jpg

Minor mischief: create redirect loops from predictable short URLs

Tuesday, July 1st, 2008

redirect loopI was checking out the new bit.ly URL shortening service from Betaworks.

I started wondering how random the URLs from these URL-shortening services could be. I wrote a tiny script the other day to turn URLs given on the command line into short URLs via is.gd:

import urllib, sys
for arg in sys.argv[1:]:
    print urllib.urlopen(
        ‘http://is.gd/api.php?longurl=’ + arg).read()

I ran it a couple of times to see what URLs it generated. Note that you have to use a new URL each time, as it’s smart enough not to give out a new short URL for one it has seen before. I got the sequence http://is.gd/JzB, http://is.gd/JzC, http://is.gd/JzD, http://is.gd/JzE,…

That’s an invitation to some minor mischief, because you can guess the next URL in the is.gd sequence before it’s actually assigned to redirect somewhere.

We can ask bit.ly for a short URL that redirects to our predicted next is.gd URL. Then we ask is.gd for a short URL that redirects to the URL that bit.ly gives us. If we do this fast enough, is.gd will not yet have assigned the predicted next URL and we’ll get it. So the bit.ly URL will end up redirecting to the is.gd URL and vice versa. In ugly Python (and with a bug/shortcoming in the nextIsgd function):

import urllib, random

def bitly(url):
    return urllib.urlopen(
        ‘http://bit.ly/api?url=’ + url).read()

def isgd(url):
    return urllib.urlopen(
        ‘http://is.gd/api.php?longurl=’ + url).read()

def nextIsgd(url):
    last = url[-1]
    if last == ‘z’:
        next = ‘A’
    else:
        next = chr(ord(last) + 1)
    return url[:-1] + next

def randomURI():
    return ‘http://www.a%s.com’ % \
           .join(map(str, random.sample(xrange(100000), 3)))

isgdURL = isgd(randomURI())
print ‘Last is.gd URL:’, isgdURL

nextIsgdURL = nextIsgd(isgdURL)
print ‘Next is.gd URL will be:’, nextIsgdURL

# Ask bit.ly for a URL that redirects to nextIsgdURL
bitlyURL = bitly(nextIsgdURL)
print ‘Step 1: bit.ly now redirects %s to %s’ % (
    bitlyURL, nextIsgdURL)

# Ask is.gd for a URL that redirects to that bit.ly url
isgdURL2 = isgd(bitlyURL)
print ‘Step 2: is.gd now redirects %s to %s’ % (
    isgdURL2, bitlyURL)

if nextIsgdURL == isgdURL2:
    print ‘Success’
else:
    print ‘Epic FAIL’

This worked first time, giving:

Step 1: bit.ly now redirects http://bit.ly/fkuL8 to http://is.gd/JA9
Step 2: is.gd now redirects http://is.gd/JA9 to http://bit.ly/fkuL8

In general it’s not a good idea to use predictable numbers like this, which hardly bears saying as just about every responsible programmer knows that already.

is.gd wont shorten a tinyurl.com link, as tinyurl is on their blacklist. So they obviously know what they’re doing. The bit.ly service is brand new and presumably not on the is.gd radar yet.

And finally, what happens when you visit one of the deadly looping redirect URLs in your browser? You’d hope that after all these years the browser would detect the redirect loop and break it at some point. And that’s what happened with Firefox 3, producing the image above.

If you want to give it a try, http://bit.ly/fkuL8 and http://is.gd/JA9 point to each other. Do I need to add that I’m not responsible if your browser explodes in your face?