Ask Ti Jean

Data safety on the Road

(A humble manifesto for better hackathons)

Journalists, freelancers, designers, everyday citizens - Demand more security in our digital life! Doubly so for people who are involved in critical investigation: all those, whose digital rights and identities may for various reasons be threatened.

Opportunities to quickly or inexpensively receive a security checkup from a professional may still be rare: look for an organization in your area that has a strong policy and support options. Ask them to host a community meeting, workshop or hackathon.

Diving into the world of cybersecurity for the first time can be overwhelming or intimidating if you do not get clear, direct, actionable advice from a trusted source. A network lets you get help from people for a reasonable price - or for other clearly stipulated motivations, like a volunteering certificate. But how does one find, and connect, to such a network?

~ THEREFORE ~

We propose ASK TI JEAN, is an Information Security (infosec) check-up and knowledge exchange that every community event should have as part of its deployment kit.

Specifically, we suggest:

1. An informative poster designed to convey a practical and attractive Way to Infosec-up;
2. Hand out pamphlets or booklets from reliable and current sources of user support;
3. Link to online tutorials and Q&A forums where further help is available;
4. Involve cyber-stretching in your routine, with simple exercises like changing passwords and checking firewall logs;
5. Provision an ad-hoc network security tool for a background vulnerability assessment, explaining to your audience how it works.

Since having a dedicated on-site expert can be difficult or expensive to organize, at least have someone take some time to obtain and read up on material and prepare some tools. In the following sections, we are gathering some starting points.

Please 🙏 contribute to this hackpad using the open access comments, or edit after logging in.

Literature

What do we need to read and understand to develop this idea further?

• Ratgeber von Digiges/WOZ/CCCCH
• Wikipedia - Cyber Self-Defence
• GIJN Cybersecurity Assessment (Info)
• Hacking book by Dominik Landwehr (2014)
• OKFN - eGovernment und Sicherheit: eine schwierige Beziehung (2016)
• AWK - Cyber-Resilienz im öffentlichen Verwaltung (2020)
• Heise - Bund will im IT niemandem mehr vertrauen (2022)

Learning & Sharing

Good starting points, tools and services to offer and build on. Examples of projects that recommend security-related tools and practices.

• Kali Linux
• ProtonVPN
• Key signing parties
• Journalist Toolbox
• SpyPi - Students for data security
• Ransomware Prevention Kit
• E-Sec 3D learning courses
• Infosec AG - eLearning Courses

Communities

Where could you reach out to find people to contribute to such a toolkit

• Starship Factory (Basel)
• CoSin (Biel/Bienne)
• Eastermundigen (Bern)
• Bitwäscherei (Zürich)
• Moar Hackerspaces ..!
• CH Open / Open Education Days
• Chaos Computer Club Schweiz
• Linux User Group Schweiz
• SwissDevJobs
• FreelancerMap

Random

• Construction site safety poster vs. School of Data toolbox and poster
• Infosec posters (DuckDuckGo)
• Cybersecurity illustrations (heartbeat.ua on Dribble)

Contribute

This text was created by lo & lo during Rethink Journalism hackathon in Basel on November 26, 2022. We started an open pad, in which we suggest developing a toolkit: so that, even with minimal preparation, the infosec resilience of your community can be slightly improved - one hackathon at a time. The idea was further developed at the DINAcon HACKnight and other community meetings.

We originally called the project "Ask Jack", but out of respect for Jack Schofield, the Guardian’s former computer editor and long-running author of the Ask Jack advice column, we have renamed it ASK TI JEAN. Why? Ti Jean (little Jean) was a childhood nickname of Jack Kerouak - a great American novelist of French-Canadian ancestry, who was born 100 years ago and had aspirations to be a journalist. One of his most famous works is On the Road, which happens to share acronyms with Off the Record (OTR), a cryptographic protocol worth knowing.

🖇️ Was Jack Kerouac really a hack? (2012)

Jack Kerouac with a cat, 1965 - Photography by Jerry Bauer

License

Licensed Creative Commons CC0 - Public Domain

Crab Fit

Align your schedules to find the perfect time that works for everyone. Licensed under the GNU GPLv3.

Contributing

⭐️ Bugs or feature requests

If you find any bugs or have a feature request, please create an issue by clicking here.

🌐 Translations

If you speak a language other than English and you want to help translate Crab Fit, fill out this form: https://forms.gle/azz1yGqhpLUka45S9

Setup

1. Clone the repo.
2. Run yarn in both backend and frontend folders.
3. Run yarn dev in the backend folder to start the API. Note: you will need a google cloud app set up with datastore enabled and set your GOOGLE_APPLICATION_CREDENTIALS environment variable to your service key path.
4. Run yarn dev in the frontend folder to start the frontend.

🔌 Browser extension

The browser extension in crabfit-browser-extension can be tested by first running the frontend, and changing the iframe url in the extension's popup.html to match the local Crab Fit. Then it can be loaded as an unpacked extension in Chrome to test.

Deploy

Deployments are managed with GitHub Workflows.

To deploy cron jobs (i.e. monthly cleanup of old events), run gcloud app deploy cron.yaml.

🔌 Browser extension

Compress everything inside the crabfit-browser-extension folder and use that zip to deploy using Chrome web store and Mozilla Add-on store.

Data as a (tiny) Service

This is a template repository, which lets you create a quick API around your Frictionless Data Package. This could be useful in several ways: as a microservice for your SPA frontend, for integration with Web-based workflows, for more paginated access to larger datasets, for setting up a cheap and simple Data as a service offering.

The open source code is based on Python and Pandas, and can be easily extended to fit the needs of your data science project.

Getting started

Place a datapackage.json file and data folder with your own data to start setting up an API.

If you have not used Data Packages before, an easy way to get started is to convert your dataset to a CSV file (or a set of CSV files), in UTF-8 format - which you can create with any spreadsheet program. Then, use the Data Package CLI or Create Frictionless Data tool to generate a Data Package by clicking the "Load" button and then adding and defining the columns and metadata. "Download" and place the resulting files here. Visit frictionlessdata.io for more advice on this.

Installation

This repository contains a minimalist backend service API based on the Falcon framework and Pandas DataPackage Reader. To run:

cd api
virtualenv env
. env/bin/activate
pip install -Ur requirements.txt
python server.py

(Alternatively: use Pipenv and run pipenv install && pipenv run python server.py)

At this point you should see the message "Serving on port..."

Soon there will be a webpage where you can test the API. Until then ...

Test the API using a REST client such as RESTer with queries such as:

http://localhost:8000/[my resource name]?[column]=[query]

For instance, if you had a Resource in your Data Package with the name "tree", which has a "quartier" column, you can search for "Oerlikon" in it using:

http://localhost:8000/tree?quartier=Oerlikon

You can adjust the amount of output with a page and per_page parameter in your query.

License

This project is licensed by its maintainers under the MIT License.

If you intended to use these data in a public or commercial product, please check the data sources themselves for any specific restrictions.

Electronic building permit application for Swiss cantons.

Table of Contents

• Overview
  • Folder structure
  • Modules
• Requirements
• Development
  • Basic setup
  • Predefined credentials
  • Debugging
  • Working locally with ember
    • Yarn workspace
  • Django profiling
  • Visual Studio Code
  • GWR API
  • Customize API
  • Sending email
• License

Overview

This repository contains the source code for the web applications used to handle electronic building permits and comparable processes in the Swiss cantons of Berne, Schwyz and Uri.

The following image shows a high-level overview of the architecture:

• The application is composed of various Docker containers, which are shown in light blue in the architecture overview.
• The frontend consists of two Ember.js apps, one for applicants submitting building permit applications ("portal"), and another used by members of the public authorities ("internal area"). The two apps can share code through the Ember Addon ember-ebau-core.
• The backend is based on Python/Django and exposes a GraphQL API for forms and workflows based on Caluma and set of domain-specific REST endpoints (Django REST Framework).
• PostgreSQL is used as database.

Folder structure

├── compose                # docker-compose files
├── db                     # database Dockerfile and utils
├── django                 # backend code, containing both API and Caluma
├── document-merge-service # document generation templates and config
├── ember-caluma-portal    # Caluma-based portal
├── ember-camac-ng         # Ember.js app optimized for embedding in other applications
├── ember-ebau             # Ember.js based application for internal area
├── ember-ebau-core        # Ember.js addon for code sharing between multiple Ember.js apps
├── keycloak               # Keycloak configuration for local development
├── proxy                  # Nginx configuration for local development
└── tools                  # miscellaneous utilities

Modules

Due to ongoing modernization work, some Frontend modules are not yet integrated in ember-ebau, but instead are still part of ember-camac-ng. Few Frontend modules are not part of this repository yet at all. The following table lists the most important modules in the "internal" part of the application and their respective completeness / integration state (in the demo configuration).

Requirements

The preferred development environment is based on Docker.

• Docker >= 20.04
• Docker-Compose

For local development:

Python:

• python 3.8
• pyenv/virtualenv

Ember:

• current LTS of Node.js
• yarn

Development

Basic setup

Docker can be used to get eBau up and running quickly. The following script guides you through the setup process. We recommend using the demo config for now, since it features the highest number of modules in the ember-ebau app.

make start-dev-env

In case you want to manually modify /etc/hosts following domains need to point to 127.0.0.1 (localhost):

ebau-portal.local ebau.local ebau-keycloak.local ember-ebau.local ebau-rest-portal.local

For automatic checks during commit (formatting, linting) you can setup a git hook with the following commands:

pip install pre-commit
pre-commit install

After, you should be able to use to the following services:

• ember-ebau.local - new main application used for "internal" users
• ebau-portal.local - public-facing portal (Caluma-based, default choice for new projects, used in Kt. BE, UR)
• ebau.local/django/admin/ - Django admin interface
• ebau-keycloak.local/auth - IAM solution

Predefined credentials

The following administrator accounts are present in Keycloak or the DB, respectively:

Debugging

For debugging inside container shell, use this:

make debug-django

Working locally with ember

docker-compose up -d --build db django
cd {ember|ember-camac-ng|ember-caluma-portal|ember-ebau} # Enter ember from the top level of the repo
yarn # Install dependencies
yarn test # Run tests
yarn start-proxy # Run dev server with proxy to django api

Yarn workspace

Note however that those two apps ember-caluma-portal and ember-camac-ng share the same node modules tree through a yarn workspace.

The common yarn workspace allows us to share code (e.g. addons) between the apps which are part of this repo (instead of following the typical approach of publishing releases on npm). This also means that

• (+) we save some disk space because of the avoided duplication in the node_modules directory
• (-) the docker build processes of the two frontend containers have to run in the context of the root of the repo, in order to access the shared dependencies during build time
• (-) the ember versions ember-caluma-portal and ember-camac-ng need to be kept in sync

Django profiling

To enable django-silk for profiling, simply add DJANGO_ENABLE_SILK=True to your django/.env file. Then restart the django container and browse to http://ebau.local/api/silk/.

Visual Studio Code

The remote debugger settings for VS Code are committed to the repository.

• The configuration file is located at .vscode/launch.json.
• The keyboard shortcut to launch the debugger is F5.
• Information on VS Code debugging

To enable debugging in the django container the ptvsd server must be started. Since this debug server collides with other setups (PyCharm, PyDev) it will only be started if the env var ENABLE_PTVSD_DEBUGGER is set to True in django/.env.

GWR API

The GWR module is developed in two separate repositories:

• Frontend: inosca/ember-ebau-gwr
• Backend: inosca/ebau-gwr

If you use the GWR module, you need to generate a Fernet key according to the documentation of the gwr backend.

You need to set this key in each environment/server in your env file. Generate a separate key for each environment, since this is used to store / read the gwr user passwords.

Customize API

The API should be designed in a way, that allows it to be used by any eBau project. For needed customization, the following rules apply:

• each permission may be mapped to a specific role in the specific project. In case a role may have different set of permissions than already available, introduce a new one and adjust the different views accordingly.
• for features which may not be covered by permissions, introduce feature flags.

For different feature flags and permissions, see APPLICATIONS in settings.py.

Sending email

In development mode, the application is configured to send all email to a Mailhog instance, so unless you specify something else, no email will be sent out from the development environment.

You can access the Mailhog via http://ebau.local/mailhog . Any email sent out will be instantly visible there.

License

This project is licensed under the EUPL-1.2-or-later. See LICENSE for details.

OAPI - POC

Proof of concept (POC) to ingest geospatial datasets from MeteoSwiss into a SpatioTemporal Asset Catalog (STAC) and expose as OGC API Features.

Terms of Service

1. This service is experimental and thus not for operational use.
2. This service is limited in time, from 1.8.2022 to 19.12.2022 .
3. The service has limited availability and limited operating hours: It is frequently rebooted.
4. During the limited service period, data can be accessed for testing purposes only. You must provide the source (author, title and link to the dataset).
5. Further, when using this service, the disclaimer of the Federal Administration and the respective terms of use must be complied with in every case. You should therefore read the disclaimer carefully: disclaimer.admin.ch.

Documentation

OGC API and STAC are designed to be explorable through links and a good starting point is the Landing Page (aka Root Catalog) which links to capabilities, descriptions and fundamental resources of the services.

The OpenAPI definition can be consumed through the SwaggerUI. Select the appropriate server and authorization (for endpoints except GET) to try it out.

Be aware that the api definition is not in sync with the service implementation. There are addinonally transactional endpints for Collection and Feature/Item resources and the schemas/definitions might diverge from the actual implementation.

Usage

For now the basic use case is uploading a STAC Asset through the load-asset process. The input schema describes the json body of the post request passed to it's ./execute endpoint. It requires the file as base64 encoded string, some asset properties, the collection id and the item id or an item object to create.

Example python scripts for loading an asset to an existing collection as well as extracting & creating a collection resource from a geocat.ch entry are in the scripts folder.

Catalog Trees

Catalog trees can be created by adding collection resources with the property type set to Catalog and links with the relations parent, child and/or item. Naturally these relations should be reflected on the linked ressources as well.

Consumption

The created resources can for example be consoumed with the STAC Browser. The assets contents accessible through the href reside on a S3 bucket.

Tutorial

A TUTORIAL is provided to integrate

• Complete dataset browsing and donwload
• Feature data download via API with examples
• Integration in web and fat client applications

Feedback / Survey

If you are interested in MeteoSwiss data or OGC API Features services, please answer our questions about the Proof of Concept.

Fill in our SURVEY (DE) or SURVEY (EN) which only takes about 10 min. Thank You!

Questions?

Please drop us an e-mail to customerservice@meteoswiss.ch with the subject POC OGD24.

Tusky

Tusky is a beautiful Android client for Mastodon. Mastodon is an ActivityPub federated social network. That means no single entity controls the whole network, rather, like e-mail, volunteers and organisations operate their own independent servers, users from which can all interact with each other seamlessly.

Features

• Material Design
• Most Mastodon APIs implemented
• Multi-Account support
• Dark, light and black themes with the possibility to auto-switch based on the time of day
• Drafts - compose posts and save them for later
• Choose between different emoji styles
• Optimized for all screen sizes
• Completely open-source - no non-free dependencies like Google services

Testing

The nightly build from master is available on Google Play.

Support

Check out our FAQs, your question may already be answered. If you have any bug reports, feature requests or questions please open an issue or send us a message at Tusky@mastodon.social!

For translating Tusky into your language, visit https://weblate.tusky.app/

Head of development

This app was developed by Vavassor@mastodon.social. The current maintainer is ConnyDuck@chaos.social.

Development chatroom

https://riot.im/app/#/room/#Tusky:matrix.org

wLw-Partner-Map

Automating updates to wLw's partner map.

Contributed as part of DINAcon HACKnights 2022.

Run locally

make setup
make run-exporter
make run-map

Run with docker/podman

make setup
make images
make run-exporter-container
make run-map-container
# open http://localhost:8080