Re: Python on a public library computer

On 14 May 2005 04:21:04 -0700, rumours say that
"anton.vredegoor@xxxxxxxxx" <anton.vredegoor@xxxxxxxxx> might have
written:

>I'm typing this in a public library on a computer with OS windows 2000
>server. I can run Internet explorer, word, excel and powerpoint, that's
>it. Maybe java, but it seems to be flaky.
>
>I want to run python scripts from this computer.

<snip>

I am not sure I will help you (uncertainty based on the part I snipped),
but the part so far can be easilly solved if you install Python for
single user inside the "Documents and settings\<username>" folder (or
whatever it is called). I did in a similar case.


End of reply here; and now for some completely minor python success
story.


Some months ago, I happened to be for full workdays at a client's site,
with strict security rules enforced (no domain login == no access even
to web proxy) but I needed to access my company's internal mail server
from my laptop (which I do by ssh forwarding usually). I could plug in
my laptop to their network, get an address, but that was all (local
network access only).

So I asked permission from an employee there (working on a computer
logged on to the domain) if I could run a putty session with forwarding
enabled. He said he'd ask their BOFH; now, the BOFH was strictly a
windows person (I somehow connect "strictly-<industry-standard-OS/app>
persons" with lack of resourcefulness, as if these people have 7 bits
per byte :), and he thought that my case was hopeless, since the
employee's account had only access to a web proxy, and CONNECT requests
were only allowed to port 443, but he said ok anyway (in his place, I
wouldn't; but then again, what do I know? ;).

After a call to a colleague in order to redirect connections to port 443
(from the client's network) of an underused computer at my site to port
22, I set up putty to connect through their web proxy, but that didn't
work (since no authentication was given as requested).

Then it was that I downloaded python, installed it in the employee's
documents folder, and created a 'sniffer' between the web browser and
web proxy to find out the authentication headers. After testing them by
hand, I wrote a script to pretend it's the web browser requesting a
CONNECT from the web proxy, and putty would connect to my script which
would just pass data back and forth. It didn't work.

I quickly found out that their web proxy did NOT let anything come and
go, unless its client had sent at least 4 octets (and that was also a
security measure they had taken which I was not told about-- they wanted
only protocols where the client talks first, ie (pun intended) typically
HTTP). So putty was waiting for the ssh server to announce its version
before announcing itself, but the announcement of the server would not
come through until putty sent something.

So I changed the middle-server [midsrv]: as soon as putty connected to
the listening port of midsrv, it opened the connection to the web proxy,
and instantly sent the putty announcement to the ssh server, consuming
it when putty sent it normally, and happily moving octets around for the
rest of the connection. From my laptop, I could get my emails with
plain POP3.

That was in 34 minutes time (debugging time included).

When the network guy dropped by a couple of hours later to ask me if I
needed any help, I just thanked him for letting me connect. He
scratched his head, tried to understand what happened (didn't realise
that the python app was important even though he absent-mindedly passed
over it checking running tasks), so I let him think over it for several
minutes before explaining to him what I did. He was most impressed with
the python program when I showed it to him, gave a warning to the
employee: "ok, run his program, but don't let him touch your computer
again!", and then came to the following conclusion (much similar to a
Python motto):

"If Python can do this, it {Python} should be forbidden..."


PS Unfortunately, I could not charge "security consulting" fees.
--
TZOTZIOY, I speak England very best.
"Be strict when sending and tolerant when receiving." (from RFC1958)
I really should keep that in mind when talking with people, actually...
.

Relevant Pages

  • Re: xmlrpclib hangs execution
    ... the Python command line 'hangs' until I kill the server. ... 'str': 'Connection accepted. ... At this point, Python 'hangs' until I kill the server, and then these last packages are send: ...
    (comp.lang.python)
  • xmlrpclib hangs execution
    ... import xmlrpclib ... the Python command line 'hangs' until I kill the server. ... At this point, Python 'hangs' until I kill the server, and then these last packages are send: ...
    (comp.lang.python)
  • YASS (Yet Another Success Story)
    ... Started a project year ago with hard goals in mind: Developing a game ... the server to another OS, this will be a matter of time, if possible ... the final is between Java and Python. ... Here is the requirements for the profiler: ...
    (comp.lang.python)
  • Re: ISA Problem or Firewall Client issue?
    ... "disabling the web proxy in IE" means unchecking the setting ... in IE to use a proxy server (all thre options". ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Is there an obvious way to do this in python?
    ... |> I want to write a small system that is transaction based. ... Yes - if you do the whole job on the server - ... |it) and HTML (but there are some python packages that knows how to build ... again - centric thinking - I really would like to change the bits on the client, ...
    (comp.lang.python)