Tag Archives: technical

Python List Comprehension for Dummies

So I code a lot. I code in Python a lot. You might say I love Python. I might say you’re right.

One of the most powerful things about Python is its ability to iterate over ANYTHING as if it were a list. Lists, tuples, dictionaries, and even strings can all be iterated quickly and elegantly. Python also introduces a concept known as list comprehension which allows you to do rather complex filtering of list contents within a single statement.

To illustrate how awesome and powerful list comprehension is, let’s start with a basic example that is NOT using it:

>>> mylist = [1,2,3,4,5]
>>> for item in mylist:
...     if item % 2 == 0: print item, 'is an even number.'
...
2 is an even number.
4 is an even number.
So, let’s assume that we want to identify all even numbers inside of mylist, and put them into a new list called evens the old-fashoned way:
>>> mylist = [1,2,3,4,5]
>>> evens = []
>>> for item in mylist:
...     if item % 2 == 0: evens.append(item)
...
>>> evens
[2, 4]
Why the old-fashioned way sucks First things first, the empty list called evens had to be declared ahead of time. This is because when we looped thru the list called mylist using the for statement, when the if test is performed on each item we have to reference evens by name to append() the even numbers to it.

Why list comprehension rocks With list comprehension, the logic that isolates the even numbers and the declaration of the list that will capture this output are compressed into a single statement:

>>> mylist = [1,2,3,4,5]
>>> evens = [i for i in mylist if i % 2 == 0 ]
>>> evens
[2, 4]
The logic is encapsulated in [square brackets] indicating that the output will be a list. The list comprehension itself is the logic between the brackets that determines what will be in the list that it spits out.

So list comprehensions at their most basic level allow for compression of code and streamlining of logical statements. Advanced usage of list comprehension can get pretty silly, but then so can nested loop statements.  It supports nesting as many statements as you can throw at it so longs as they are syntactically correct.

If you find yourself coding shit like this:

>>> losers = ['Joe','Jim','Jon','Jen']
>>> for u in losers:
...     if u.startswith('J'):
...             if u.endswith('n'):
...                     if u != 'Jon':
...                             print u
...
Jen
Then maybe list comprehension is for you:
>>> [u for u in losers if u.startswith('J') and u.endswith('n') and u != 'Jon']
['Jen']
No offense to anyone named Joe, Jim, or Jon.

Proxying SSH with SOCKS (HTTP was so 2007)

By writing this I am assuming you know what SOCKS is, and you know what SSH is. If you don’t, here is a picture of a monkey fucking a coconut to make this visit worth your while:

Could be a melon, but looks like a co-co-nut.

Could be a melon, but looks like a co-co-nut.

So, there comes a time in a man’s life when people at work on the inside network need to access things on the internet.  This is called “proxying”.  Yes, yes, I know; very fascinating.  These secure machines on the inside network don’t have access to the internet by design (See RFC 1918).  It’s the most basic layer of obfuscation (a 25 cent word we use a lot in the security world) and protection from bad internet traffic, not including firewalls and all that other exciting stuff.

Ok so we want to let our secure hosts on the inside proxy SSH to the internet via our SOCKS server.

Assumptions:

  • A Unix/Linux machine with the latest version of netcat installed (assumed to be found at /usr/bin/nc).  All modern operating systems have this.  Stop whining.
  • A SOCKS proxy listening on TCP port 1080.
  • A remote internet server listening for SSH connections on TCP port 22.
  • You know what ~ means.  (Hint:  It’s shorthand for your home directory.)
Do the damn thing:

Create an entry in ~/.ssh/config. If this file doesn’t exist, create it. If it does, add this shit to the bottom:

Host proxythatshit
    ProxyCommand /usr/bin/nc -X 5 -x proxy.whatever.com:1080 internet.com 22
Write, quit, and then test that shit! I am hoping that you gathered “proxythatshit” is the nickname we’re assigning this proxied connection to internet.com. By putting this stuff in the config file, it makes it easy to reuse.
% ssh proxythatshit
jathan@proxythatshit's password:
[jathan@internet.com]~%
Did you see that? It worked!! OMGZ!!JLk

A little breakdown:

ProxyCommand /usr/bin/nc -X 5 -x proxy.whatever.com:1080 internet.com 22

  • ProxyCommand: An OpenSSH directive that tells SSH how to proxy the connection
  • /usr/bin/nc: The path to the netcat binary and the ProxyCommand in question here.  Proxying is one of the many things netcat does.
  • -X 5: Tells netcat to use SOCKS version 5
  • -x proxy.whatever.com:1080: Tells netcat to proxy the connection using proxy.whatever.com on port 1080
  • internet.com 22: The name and port of the destination we’re trying to get to by way of the proxy
Why SOCKS?

You may be asking yourself, “Why not just use an HTTP proxy?”  Because HTTP proxies tend to be very picky about allowing you to proxy non-HTTP connections to destination ports other than the one you connected to.  In other words, if the proxy is listening on port 8080, good luck proxying a connection that isn’t HTTP (such as this SSH proxy thing) on anything other than port 80, 443, or 8080 it probably won’t work. If you’re using mod_proxy, it absolutely will not work.  Don’t ask me why.  It just doesn’t.  Squid might work, but it is a pain in the ass to setup.

There you have it.  Don’t blame me if you get fired because you were looking at a picture of a monkey fucking a coconut for the 52 seconds it took to read this.

Creating read-only user accounts on ScreenOS

Need to create a read-only account on a NetScreen (ScreenOS 6.x or lower) firewall?

It’s simple:

netscreen(M)-> set admin user nocadmin password abc123 privilege read-only
And there you have it. Now let’s test it:
% ssh nocadmin@netscreen
nocadmin@netscreen's password:
For Authorized Use Only, Violators Will Be Prosecuted.
netscreen(M)->
It works! Notice the limited command set available:
netscreen(M)-> ?
exit                 exit command console
get                  get system information
mtrace               multicast traceroute from source to destination
ping                 ping other host
trace-route          trace route
netscreen(M)->
Now hop to it!