#jython IRC Log


IRC Log for 2015-07-05

Timestamps are in GMT/BST.

[0:19] <pcfreak30> agronholm: you there?
[0:19] <agronholm> yes
[0:20] <pcfreak30> java.io.FileNotFoundException: /media/derrick/c7487330-8b24-4452-ace7-50f66856ba7d1/Projects/[project]/target/jython-standalone-2.7.0.jar (No such file or directory)
[0:20] <pcfreak30> using appletviewer works
[0:20] <pcfreak30> but in firefox it doesnt?
[0:20] <agronholm> I don't know what I'm supposed to do about that
[0:21] <agronholm> did you properly escape the URL?
[0:21] <agronholm> there are some dubious characters in there
[0:21] <agronholm> like []
[0:21] <pcfreak30> im saying
[0:22] <pcfreak30> just by using jython as a dep and shading it in
[0:22] <pcfreak30> then calling the interpreter i get that
[0:22] <pcfreak30> cant find any of the python libs or jars when trying to load it
[0:23] <agronholm> is this related to that error you showed me?
[0:23] <agronholm> how can you call the interpreter if it can't find its jar?
[0:24] <agronholm> does "shading it in" mean putting everything in the same jar?
[0:24] <pcfreak30> yes
[0:24] <pcfreak30> and idk im reading the console output
[0:25] <agronholm> it's near impossible for me to debug your setup
[0:25] <agronholm> and I have zero experience with applet development
[0:25] <agronholm> can I ask: why an applet?
[0:25] <agronholm> most people don't make applets anymore
[0:26] <agronholm> in fact at least one browser (chromium?) has permanently disabled any possibility of using java in the browser
[0:26] <pcfreak30> https://gist.github.com/pcfreak30/f158184d9971338139bf
[0:26] <pcfreak30> Its the only way to do what I want to do
[0:26] <pcfreak30> I aware of all of the above
[0:26] <agronholm> out of curiosity, what do you want to do then?
[0:27] <pcfreak30> But all other technologies put to much security control, and I need t be able to do authorized network requests. I am rewriting a older version but using a completely new way of doing all the code
[0:27] <agronholm> authorized network requests?
[0:28] <pcfreak30> Flash requires a policy on each target
[0:28] <pcfreak30> Ad I cant use a chrome extension as its too limiting
[0:28] <pcfreak30> But it has to be web bound
[0:29] <agronholm> what do authorized network requests mean?
[0:29] <pcfreak30> Basically im fetching things on behalf of the user as its a convience tool for basic end users
[0:29] <pcfreak30> Has to be web so they dont need to install anything. And due to certain limitations it has to be client side
[0:29] <agronholm> what sort of things? http requests? or something else?
[0:29] <pcfreak30> yes
[0:30] <pcfreak30> http/https
[0:30] <agronholm> the obvious question: why not ecmascript?
[0:30] <pcfreak30> Because this time I am taking advantage of a python library for heavy lifting and making this a web ui to it
[0:31] <pcfreak30> And ajax forces XMLHTTP headers which I cant have
[0:31] <agronholm> you could use the new fetch api
[0:31] <pcfreak30> The point right now is
[0:31] <pcfreak30> I am making use of a library/program in python
[0:32] <agronholm> I don't think I can help you with applet classloader problems
[0:32] <pcfreak30> i WAS going to download a platform version and shell execute
[0:32] <pcfreak30> but native is better
[0:33] <agronholm> native?
[0:33] <pcfreak30> jython
[0:33] <pcfreak30> have java do the processing over running another process off the applet
[0:33] <agronholm> I don't think you could spawn any processes from applets anyway
[0:33] <pcfreak30> im borderlining what malware would do, but my app has no malicious intent
[0:34] <pcfreak30> i think you can if you use a custom policy file
[0:34] <agronholm> modifying the JRE?
[0:34] <pcfreak30> and/or elavated call blocl
[0:35] <pcfreak30> no was thinking loading a policy file in the jar, but found it has to be set from the start, so a provileged action is the only way
[0:36] <agronholm> that'd be pretty insecure if you could elevate the applet's privileges just by including a new policy file :/
[0:37] <pcfreak30> well im eventually going to sign this after i get enough revenue. but java seems to be the only option right now
[0:38] <pcfreak30> flash even refused shell execute abilities down to a certain folder
[0:38] <pcfreak30> reduced
[0:38] <agronholm> are you sure this is even possible through an applet?
[0:39] <agronholm> just so you won't do all this hard work only to found out it won't work?
[0:40] <pcfreak30> im looking right now
[0:40] <pcfreak30> and i only spent under a day on this. this project is very old, but if i get it its easy revenue based on adsense
[0:42] <pcfreak30> agronholm: http://stackoverflow.com/questions/1240575/can-trusted-1-5-applets-execute-system-commands
[0:42] <pcfreak30> not sure how it applies to java 8/7
[0:43] <agronholm> that answer was given 6 years ago
[0:44] <agronholm> a LOT has changed since then
[0:44] <pcfreak30> meh only info i could find
[0:45] <agronholm> you should do a feasibility test first
[0:46] <agronholm> before you go any further
[0:46] * fwierzbicki (~Adium@99-106-169-5.lightspeed.sntcca.sbcglobal.net) has joined #jython
[0:49] * fwierzbicki (~Adium@99-106-169-5.lightspeed.sntcca.sbcglobal.net) Quit (Client Quit)
[1:18] <pcfreak30> agronholm: it does work
[1:18] <pcfreak30> I used ls
[1:18] <agronholm> good for you :)
[1:18] <pcfreak30> And got a dir listing in firefox
[1:19] <pcfreak30> So java still have secutity holes allowing anything signed to run
[1:19] <pcfreak30> But I have to exploit that.
[1:19] <pcfreak30> :/
[1:21] <pcfreak30> agronholm: Would like your opinion. Do you think it would be better to bundle files inside a jar and copy to the HDD
[1:21] <pcfreak30> Or do a web request to a server for them
[1:21] <agronholm> copy to the hdd? I don't understand
[1:22] <agronholm> how would the browser launch something from the hdd?
[1:22] <pcfreak30> Using shell execute that I tested
[1:22] <agronholm> but where would they come from then
[1:24] <pcfreak30> As I said, inside the jar
[1:24] <pcfreak30> or off a server hosted by me
[1:24] <pcfreak30> Not sure which to go with
[1:25] <agronholm> bundle them inside a jar unless there's a good reason not to
[1:25] <pcfreak30> As I can update the versions on the server and not need to recompile the jar, but would require a http lib
[1:26] <pcfreak30> lol
[1:26] <pcfreak30> I just executed a php script to verify it worked for a non bash command
[3:54] * eatkin (~eatkin@ Quit (Ping timeout: 246 seconds)
[3:56] * eatkin (~eatkin@ has joined #jython
[4:03] * eatkin (~eatkin@ Quit (Ping timeout: 256 seconds)
[4:04] * eatkin (~eatkin@ has joined #jython
[5:21] * BillSussman (~sussman@ has joined #jython
[5:22] * AndyBotwin (~sussman@unaffiliated/andybotwin) Quit (Ping timeout: 276 seconds)
[12:19] * Tycale_ is now known as Tycale
[13:48] * m01_ (~quassel@2a02:2658:1011:1::2:4044) Quit (Quit: No Ping reply in 180 seconds.)
[13:49] * m01_ (~quassel@2a02:2658:1011:1::2:4044) has joined #jython
[16:03] * mbooth (~mbooth@redhat/mbooth) Quit (Remote host closed the connection)
[16:05] * mbooth (~mbooth@cpc11-shef10-2-0-cust659.barn.cable.virginm.net) has joined #jython
[16:05] * mbooth (~mbooth@cpc11-shef10-2-0-cust659.barn.cable.virginm.net) Quit (Changing host)
[16:05] * mbooth (~mbooth@redhat/mbooth) has joined #jython
[16:37] * BillSussman (~sussman@ Quit (Quit: Leaving)
[22:40] * Arfrever (~Arfrever@apache/committer/Arfrever) has joined #jython
[22:40] * ChanServ sets mode +o Arfrever
[22:54] * mbooth (~mbooth@redhat/mbooth) Quit (Ping timeout: 246 seconds)
[23:15] * [Arfreve1] (~Arfrever@minotaur.apache.org) Quit (Quit: leaving)
[23:18] * [Arfrever] (~Arfrever@apache/committer/Arfrever) has joined #jython
[23:18] * ChanServ sets mode +o [Arfrever]


These logs were automatically created by JythonLogBot on irc.freenode.net using a slightly modified version of the Java IRC LogBot.