Tag Archives: awesome

Loki: A Python Infrastructure Protocol Suite

It’s been a while since I last posted, so I’m going back in time to write briefly about an awesome talk I attended at Black Hat 2010 in Las Vegas (last year, duh).

The toolkit is (poorly) named Loki. There are so many packages out there named Loki already, but I get where they were going with it.

It was written by three brilliant German fellows: Daniel Mende, Rene Graf and Enno Rey of ERNW. The primary focus is manipulating and exploiting infrastructure (layer 2/3) protocols, but of course these are all based on the entire protocol stack, so they have laid a nice framework that is way easier to use than other packet manipulation modules out there like Scapy, albeit more specialized. As of right now it has support for BGP, OSPF, ARP, ISIS, RIP, HSRP (v1 and v2), VRRP (v2 and v3), BFD, LDP, and MPLS. And it can spoof all of them!

Loki itself is pure Python, although it does have some system level dependencies. It centers mostly around loki.py, which is a GUI application that is its bread and butter. This app is effectively a router emulator that allows you to establish peerings and execute brute force attacks. For example all you need is a single BGP packet from the wire and you can then perform your brute-force agains the authentication key offline.

In some cases for protocols with no authentication such as VRRP–which is commonly used for providing redundant default gateways for Internet egress–you can push out another peer as a default gateway and take over that role with mind-blowing ease.

If you poke around you’ll see that they’ve encapsulated each protocol into its own module making almost of all of it reusable outside of the GUI. Additionally if you go to the main page of their site and scroll down to Tools, you’ll see a few other packages they’ve released.

For a more technical read, check out a recent blog post by Mike Poor.

Friday Cutions

Words ending with -cution are surprisingly similar!

a formal speech giving advice or a warning.

the skill of clear and expressive speech, esp. of distinct pronunciation and articulation.

verb [ trans. ]
a formal “speech” giving “advice”, esp. of “distinct” lightning bolts.

I don’t think that last one means what I think it means.

Frozen: A Scary & Innovative Horror Flick

Go see this movie.

Watch the trailer for Frozen, and then check out the official site.

I had the pleasure of meeting the writer & director, Adam Green, this past weekend. My friend Robert and he are old buddies from college who just reconnected. Adam invited us to go to a screening in Santa Monica on Saturday after which there was a meet & greet with the cast & crew. After that we went out for drinks and I had a really good time. Ahhh, schmoozing, the second-oldest profession.

So, not only do I like the guy and want to see his movie succeed, but I genuinely thought the movie was a good time and I want to get more people out there to see it!

It’s an independently produced horror movie, which already stacks the odds against it. It is also an original production, not a remake, which further hardens the sell. It seems most horror fans out there cry for new original stories over remakes, but when it comes time to show their support, movies like Frozen get overlooked. This is sad.

I am a huge horror fan, and I am one of those people who is disappointed with the glut of remakes out there. So I am taking some of my time to get the word out there about Frozen because we need more movies like it!

It was an intense flick that had me gripping the edge of my seat for most of the movie. It grabbed me and didn’t let go, had me cringing and going “OHHHHHH” at some of the gory scenes. At a few moments I was so uncomfortable that I had to disengage by looking away or pretending I was in a happy place. To me, that is a sign of a good movie. It affected me. It wasn’t hum-drum, boring, or predictable. It still had a few of those campy, horror movie moments and I think that is where its charm is. If a horror movie can be charming, that is.

The acting was really good, and I think that Adam’s directing style had a lot to do with this. The entire movie was shot “practically” which means “on location”. There was no green-screen, no studio, no tricks. It was all filmed outdoors, on a ski slope, with the actors IN the gondola.

During the meet & greet they said that the actors had to be up on the gondola for six hours at a time. The filming was done on a ski resort in Utah and the lift was so long that to get off they had to ride all the way to the top of the mountain and all the way down, which took over an hour. So they had to limit the amount of interruptions in order to maximize filming time.

All the scenes in which it is snowing outside are real. When you can no longer see the actors’ breath, that’s because they are running out of body heat. That seems brutal to have endured that during filming for the actors, but I don’t feel too bad for them. THIS IS HORROR!

I felt like some of the scenarios were a little over-the-top, but I am ok with it. Isn’t that the point of a good horror film? Personally, I don’t want too much realism. I want fear, death, blood, and other delicious things that would probably never happen in real life. I definitely wouldn’t enjoy seeing people die in real life, I promise.

If you’re in for a good thrill, check your local movie listings and check out Frozen. I mean, come on, being that the majority of the Northeastern U.S. is under feet of snow & ice right now, how appropriate is this film?


Dynamically Determining the Variables for a Django Template

This is something that came up on StackOverflow, and I took the time to provide a very detailed answer. I haven’t posted in a while, and since I spent time on this answer, here it is verbatim. Enjoy!

Original Question

I’d like to be able to instantiate a template from a file (presumably using the django.template.loader.get_template(filename) ), and then determine the set of variables that should be defined in whatever context it is passed.


I tried synack’s answer and found that (with the replacement of filterexpression.token by filterexpression.var, to get the actual name of the variable without tags and so on) it returned the variables that are defined locally in the template, but did not work for variables that are defined in the parent that it extends.

So for example, suppose I have templates in two files:


{%block base_results%}
Django is {{adjective}}
{%endblock base_results%}


{% extends "toyparent.html" %}

{%block base_results%}
I {{verb}} it.
{%endblock base_results %}

And I load the child template:

>>> toy=django.template.loader.get_template('toychild.html')

This renders properly:

>>> toy.render(django.template.Context(dict(adjective='cool',verb='heart')))
u'\n    \nDjango is cool\n\n    I heart it.\n\n'

But I can’t get the two variables from it:

>>> v=toy.nodelist.get_nodes_by_type(VariableNode)
>>> for k in v: print k.filter_expression.var

My Answer

You are able to visually inspect a template and observe the presence of any “Variable Node” objects in that template’s nodelist:

>>> from django.template import Template, Context
>>> t = Template("Django is {{ adjective }} and I {{ verb }} it.")
>>> t.nodelist
[<Text Node: 'Django is '>, <Variable Node: adjective>, <Text Node: ' and I '>, <Variable Node: verb>, <Text Node: ' it.'>]

These are of the type VariableNode, which is a class that can be directly imported for use in comparisons. Any Node instance has a get_nodes_by_type() method that can be called against a nodelist, which return all nodes of that type for the template. Example:

>>> from django.template import VariableNode
>>> varnodes = t.nodelist.get_nodes_by_type(VariableNode)
>>> varnodes
[<Variable Node: adjective>, <Variable Node: verb>]

So now you have a list of the variables for the template. This will need to be taken a step further to extract the actual name of each variable without peforming stupid string-slicing tricks on their repr names.

The variable name itself is stored in filter_expression.token for each VariableNode:

>>> varnodes[0].filter_expression.token

And so a simple list comprehension gets us all of the variable names for the template:

>>> template_vars = [x.filter_expression.token for x in varnodes]
>>> template_vars
[u'adjective', u'verb']

So, not the simplest solution, but if there is a better way I don’t know about it.

Bonus: A function!!

from django.template import VariableNode
def get_template_vars(t):
   varnodes = t.nodelist.get_nodes_by_type(VariableNode)
   return [x.filter_expression.token for x in varnodes]

Ok, it’s not so complex after all!

Follow-up Edit: Getting variables from parent templates

(This follow-up is using the information from the updated question).

This is where it does actually get complex because the nodelist of the toy template is a single ExtendsNode (in this case).

>>> toy.nodelist
[<ExtendsNode: extends "mysite/toyparent.html">]

I would imagine that in larger templates there could be multiple ExtendsNode objects. Anyhow, if you inspect the ExtendsNode, and extract the parent template from it, you are able to treat the parent the same as my original example:

>>> enode = toy.nodelist[0]
>>> enode.parent_name
>>> parent = enode.get_parent(enode.parent_name)
>>> parent
<django.template.Template object at 0x101c43790>
>>> parent.nodelist.get_nodes_by_type(VariableNode)
[<Variable Node: adjective>]

And there is your adjective variable extracted from the parent template. To perform a test against an ExtendsNode you can import the class from django.template.loader_tags:

>>> from django.template.loader_tags import ExtendsNode
>>> ext = toy.nodelist.get_nodes_by_type(ExtendsNode)
>>> ext
[<ExtendsNode: extends "mysite/toyparent.html">]

So, you could do some tests against templates for the presence of an ExtendsNode and walk backwards to the parent template and individually get those variable names. However, this is starting to seem like a can of worms.

For example, if you were to do this:

>>> toy.nodelist.get_nodes_by_type((ExtendsNode, VariableNode))
[<ExtendsNode: extends "mysite/toyparent.html">, <Variable Node: block.super>, <Variable Node: verb>]

Now you’ve got the ExtendsNode and VariableNode objects and it just starts to get confusing. What do we do then? Do we attempt to ignore any block variables returned from such tests? I don’t know!!

In any case, this is the information you wanted, but I don’t think that this is a practical solution. I insist that there is still probably a better way. It might be worth looking into what you are trying to solve and see if there is another approach you can take.

District 9 is the Best Sci-Fi Flick I’ve Ever Seen

See title.

District 9 is the first sci-fi movie I’ve seen in recent memory that wasn’t a (multi-)hundred-million dollar money shot.  I’m looking at you Transformers 2!  Strangely if you didn’t know that the film was produced on a meager $30M USD budget, you wouldn’t know.  It’s that good.  From start to finish the polish never wears off, but that’s just the thing:  It’s not really polished at all.   I mean the effects look superb but the gritty, realistic style remains consistent throughout the duration of the film.

First of all, the relationship between the humans and the prawns (what they call the aliens) really draws you in.  The pain and sympathy I felt for the prawns was tangible.  I really felt bad for them.  There was an obvious commentary about Apartheid equating the prawns to the native Africans that really is very thinly veiled.  Set in the slums of Johannesburg where the prawns have been isolated, it doesn’t take much effort to imagine how many millions of native African people are actually living like that today.

One of the biggest pieces of imagery on that tip was at the gates to District 9 itself.  At base the gates are two large statues of a human and a prawn holding hands with their arms raised in an arch over the entrance.  Across the bottom of the gates is a motto that says “District 9:  Paving the Way to Unity”.   Oh the irony!  Get it?  Because the aliens are being oppressed?  Oh nevermind…

If you are close enough to see this, you are fucked.

If you are close enough to see this, you are fucked.

And then there was the ALIEN WEAPONRY.  Holy shit, y’all.  I think the best weapon was probably the arc gun which basically shot a lightning bolt which upon hitting the target made the target explode like a hot dog in a microwave.  There were missiles and machine-gun style weapons, some sort of sonic blast gun and I think even some lasers (pew pew), but it was all about the arc gun, dude.  Seriously.  I giggled like a school girl whenever someone on-screen was vaporized into pink mist or a burst of guts.  It was just so awesome.

The aliens are being oppressed so that we can get at their weapons.  The catch being that the weapons are bio-activated by their DNA, so we humans can’t use them.  It gets interesting when the main character (Wikus) encounters some black goo (there’s more to it, but I don’t want to ruin it) that slowly starts turning him into a prawn.  This allows him to use the alien weapons and thereby makes him the target of the powers that be and also our unsuspecting human/alien hybrid hero.  See the twist developing there?

If you haven’t seen the movie, stop reading… NOW.  I have some questions and observations that you might consider to be spoilers:

  • WTF is the black fluid?  It’s clearly used as a fuel, but it also happens to modify your DNA to turn you into a prawn?  I’m sure glad gasoline doesn’t have that side effect.
  • Does it affect all DNA or just so happens to affect humans in this way?
  • Those questions, and the fact that the prawn hero, Christopher, insists on returning in three years to “fix” Wikus in the scene where he is returning to the mothership are clearly setting us up for a sequel.
  • The movie closes with Wikus having fulling transmuted into a prawn.  Will we see him again?  Will he regain his humanity as promised by Christopher?  Will there be more exploding guts?  I fuckin’ hope so, bitches!
All in all, what an awesome flick!  I have been gushing about it for days now.  It was non-stop excitement, awe, disgust, horror, sorrow, and mostly fun.  Sadly, no sideboob, but that’s ok.

Based on the fact that the movie made over $37M USD in its opening weekend, I have a strong feeling we’ll be paying a visit to District 10 sooner than later.

Alive in Joburg? Welcome to District 9!

Maybe you’ve heard about District 9?  You know, the documentary-style sci-fi flick about aliens who have come to earth as refugees that is being produced by Peter Jackson and is coming out on August 14th?  Yeah, that one.

Just so we’re clear, a few days ago I said I popped no less than 17 boners during the 7-minute trailer at Comic-Con.

Ok so now that we’re clear, what you probably didn’t know is that the director, Neill Blomkamp, was a virtual unknown whose only notable work was a 6-minute short called Alive in Joburg. During the District-9 panel at Comic-Con, when he was describing the motivation behind the project, Peter Jackson said that he had seen this film on YouTube and knew that Blomkamp would be the one to direct his next film.

So, check it out:

Pretty fuckin’ awesome, right? Obviously it has umm… EVERYTHING to do with District 9 and is the direct influence for it. Considering that the budget for D-9 is only $30M USD, I think it’s 117% awesome how the concept of the original short has been expanded and improved upon.  The short is shot in the same grainy, documentary style and doesn’t make use of absurd effects to get the point across, but it’s not done in a way that looks cheap.  The emphasis on the tangible drama of aliens living in South Africa as refugees, vs. focusing on douchebags with laser rifles is a stray from the norm these days, and I am all about it.

Don’t get me wrong, there WILL be douchebags with laser rifles in District 9, but it’s not at all like anything you’ve seen before.  Not to mention that it’s being backed by Peter “Motherfuckin'” Jackson.

I will now leave you to your boners (or their female analog, whatever that may be).

p.s. There are a lot of secrets in District 9.