URL Parameters for the Bing Maps website

The Bing Maps AJAX v7 API lets you create and embed a custom Bing Map in your own webpage containing Pushpins, LineStrings, and Polygons, custom overlays and specified map styles etc.

However, on many occasions you might not want, or need, to embed a map in your own site – you might be quite happy for your application to direct users to the webpage at www.bing.com/maps instead. In such cases, you generally want to load the www.bing.com/maps site to be centred on a particular location, with one or more locations highlighted on the map, or with a particular route highlighted.

Fortunately, all these can all be achieved by supplying parameters after the URL.

Unfortunately, the parameters that can be specified don’t seem to be documented anywhere. (Update: they are documented at http://onlinehelp.microsoft.com/en-us/bing/ff808440.aspx, but it seems pretty hard to find that page)

There are several old forum posts that refer to a page at http://help.live.com/Help.aspx?market=en-US&project=WL_Local&querytype=topic&query=WL_LOCAL_PROC_BuildURL.htm which apparently provided this information, but that page no longer seems to be available and I can’t find where, if at all, the information it used to contain is now published.

So, from my own memory, here’s a list of some useful parameters you can try passing to the page at http://www.bing.com/maps/default.aspx:

Parameter	Example	Description
cp	cp=52.62~1.2	Centres the map on the specified latitude/longitude. Format for coordinates is lat~long
where1	where1=10 Downing Street, London, United Kingdom	Centres the map on the specified address, and adds a default pushpin and infobox at that location.
sty	sty=a	Sets the map style. Valid values are: r (road), a (aerial), h (hybrid = aerial with labels), b (birdseye), s (Ordnance Survey), c (London Street Map)
lvl	lvl=6	Sets the zoom level of the map (from 1, most zoomed out to 20 most zoomed in)
rtp	rtp=pos.50_2~pos.48_5~pos.45_10~pos.52_14rtp=adr.Norwich,Norfolk~adr.Oxford,%20Oxon	Sets the list of waypoints for a route to be displayed on the map. Each waypoint can either be specified as a latitude/longitude coordinate using the syntax pos.latitude_longitude, or an address using the syntax adr.street address.Individual waypoints are separated from each other with ~.

 

and here’s some examples:

Highlighting the address at 10 Downing Street, London on a London Street Map

http://www.bing.com/maps/default.aspx?where1=10 Downing Street, London&sty=c

Displaying the route from Norwich to Edinburgh via Oxford

http://www.bing.com/maps/default.aspx?rtp=adr.Norwich,Norfolk~adr.Oxford,%20Oxon~adr.Edinburgh,%20Scotland

 

Calculating a route between a set of lat/long coordinates and displaying that route on an aerial map

(route starts at (50,2), then goes through (48,5) and (45, 10) before ending at (52,14))

http://www.bing.com/maps/default.aspx?rtp=pos.50_2~pos.48_5~pos.45_10~pos.52_14&sty=a

 

Hope that helps someone!

Monitoring your MP’s activity… on Google Maps?!

A few days ago I went on a tour of the Houses of Parliament (a present from my wife – I didn’t realise that you couldn’t just walk in off the street – you need to approach your MP to sponsor you!). One point that particularly interested me was when our tour guide mentioned several ways in which the activity of parliament has become more transparent through the use of technology, including live televised debates, streamed webcasts, and online public voting records etc.

Here in the UK, the TheyWorkForYou website has been massively influential in publishing a wide range of easily-accessible statistics on the parliamentary activities of all UK MPs, Lords, and Northern Ireland MLAs. You can browse the site to see which debates a member of parliament has turned up to, how they voted, the transcript of any speeches they made, and much more.

Here’s an extract of the voting record for my local MP, Simon Wright, for example:

As a keen supporter of active democracy, I’m all for holding MPs accountable (and, if you’re reading this in the UK, I strongly recommend you visit www.theyworkforyou.com and check up on whether your MP is really representing your views). However, even I was a little surprised to see some of the detailed monitoring that now appears to be in place: not satisfied with merely overseeing their political activities, it appears that MPs Tessa Jowell, James Gray, Simon Hughes, and Andrew Miller have been fitted with GPS-tracking devices so you can actually monitor their exact movements. At least, that’s what Google Maps seems to suggest when you zoom in on the Palace of Westminster

I suggest Google might want to do a little cleansing of their POI data there… someone’s even submitted a “review” for Tessa Jowell!

Cryptography, Secure Passwords, and why I’m no longer on LinkedIn

So you might have read about the recent leak of 6.5million LinkedIn passwords onto the internet. This comes at a fitting time for me since, having just completed the Udacity CS387 Applied Cryptography course, I’ve developed a new love for all-things cryptographic (in fact, I have some interesting ideas for a crypto-spatial library – encoding secret messages in the coordinate values of geographic instances – but that’s for a separate post).

Rather than just rely on the newspaper reports of the leak, I thought I’d practice some of my newly-acquired cryptography knowledge by examining the set of leaked passwords first-hand. It didn’t take long to acquire the 118Mb combo_not.zip source file – I’m not going to post a direct link here but I’m assuming you know how to search the internet, right? The file contains the leaked LinkedIn passwords not in plaintext, but hashed using the SHA-1 algorithm. This means that, while you can’t browse the list of passwords directly, it’s very easy to search whether a particular password is on the list, by just generating the SHA-1 hash of that password yourself, and testing whether the associated hash is on the list.

There’s one other thing to note, which is that the first five digits of many (if not most) of the hashed passwords in the combo_not.zip file have been overwritten with five zeroes: ‘00000’. So, although the SHA1 hash of the password “password” is not listed:

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

The following hash is on the list:

000001e4c9b93f3f0682250b6cf8331b7ee68fd8

Anecdotal evidence suggests that “00000” is a marker to indicate that this password has already been cracked by the hackers (which, if you set your password as “password”, it probably deserves to be!).

So, first things first, I wrote a small Python program to check whether the hash of any given plaintext password was included in the datafile, either in its original hash form or in the overwritten form:

def check(filename, pass_to_search):
    """Test for occurrence of password hash within the file."""
    with open(filename) as datafile:
        return any((pass_to_search in line or '0'*5 + pass_to_search[5:] in line) for line in datafile)

import hashlib
# Create the hash of the password to check
hashed = hashlib.sha1("secretpassword").hexdigest()

# Look for the hash in the LinkedIn datafile
if check('combo_not.txt', hashed):
    print "password hash found!"
else:
    print "password hash not found."

Running this script reveals that, indeed, at least one LinkedIn user has chosen “secretpassword” as their password. To test other passwords just replace the string in the line hashed = hashlib.sha1("secretpassword").hexdigest(). Other secure passwords chosen by LinkedIn users that you can find in the file include “abc123”, “mylinkedinpassword”, “opensesame”, “startrek” and “bigcock”.

Google recently ran the ad campaign shown below to encourage users to pick better passwords. Probably best not to copy Google’s suggestion on this issue either – 2bon2btitq appears on the list of leaked passwords too:

Concerningly for me, my own password (which is semi-random, alphanumeric, and over 10 characters in length) also features on the list, and appears to be one of those that has been cracked. I briefly contemplated the advice to reset my LinkedIn password but decided it would be more effective to simply cancel my LinkedIn account altogether. Any organisation that can’t take even basic steps to protect my information such as salting hashes isn’t worth dealing with. Perhaps they should subscribe to the next Udacity cryptography course to find out more…