Comment by kotri
4 days ago
Terrible, this is Internet curfew. It's not uncommon to imagine they'd shutdown Internet across border during any war (like against Taiwan).
4 days ago
Terrible, this is Internet curfew. It's not uncommon to imagine they'd shutdown Internet across border during any war (like against Taiwan).
> Terrible, this is Internet curfew.
If you think this is bad...
You can't even have a blog in China without authorization. It doesn't matter if you pay "AWS" for a machine. It won't open port 80 or 443 until you get an ICP recordal. Which you can only do if you are in China, and get the approval. It should also be displayed in the site, like a license plate. The reason "AWS" is in quotes is because it isn't AWS, they got kicked out. In Beijing, it is actually Sinnet, in Nginxia it's NWCD
You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).
In a nutshell, they not only can shutdown cross border traffic (and that can happen randomly if the Great Firewall gets annoyed at your packets, and it also gets overloaded during China business hours), but they can easily shutdown any website they want.
I laughed when I saw "Nginxia", thinking it was a portmanteau of, well, nginx and wuxia, a Chinese fiction genre. Reality is much less funny when I looked up NWCD, and you likely just made a typo of Ningxia.
"Xia" would map to a single character (code point) in Chinese. For instance, in simplified Chinese, it could be 下 (xia, meaning down), 侠 (martial arts - like the xia in wuxia), or any number of other homophones. Since the characters are already combinatorial, I'm not sure a Chinese speaker would think of this as a portmanteau.
AWS in China also doesn't have the Key Management Service, which leads to me to conclude it must be pretty secure.
I added an A record for subdomain and pointed it at Chinese IP addresses. I wonder if I will get that angry email?
Or they just dont want to be put in the position of having to give out keys.
I think the real paranoid people use cloudHSM.
4 replies →
Actually, they wouldn't really know unless this domain is used. I guess they check the `Host` header to get the domain that targeted this IP and then check where the MX are hosted.
> You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).
Wait what? So I can DoS any Web site in China by creating a rogue DNS record that points to its IP address, even under a completely unrelated domain? How would they even find those records?
I guess they would find it the moment someone in China using a Chinese resolver tries to resolve your rogue record, since that would recurse to one of the root mirrors in China, which presumably feeds this mechanism.
Seems like a very minor speed bump in your plan, though: presumably something like https://www.chinafirewalltest.com would achieve that, or send a few emails for folks to click.
1 reply →
I wonder if this is actually tied to Chinese domains and Chinese run registrars? That way it would be easy to flag the usage of foreign nameservers and there's no DoS risk.
What about other protocols, could you run eg Gopher or NNTP? I guess IMAP could work as well.
> It should also be displayed in the site, like a license plate.
https://de.wikipedia.org/wiki/Impressumspflicht (Mandatory real name & address, not only for business, but private persons with web presence, too.
Same for Domain/DNS(which applies to everything in the European Union))
Not all Western companies comply with Beijing, like Route53, a name I've never heard of; Cloudflare seems to be most popular in China.
But yeah, they can shutdown anything unless proxy server is widely used. as <Nearly 90% of Iranians now use a VPN to bypass internet censorship>.
AFAIK Route53 is AWS’s managed DNS product, not a company.
8 replies →
In fact, it’s a common tactic to do something unusual, in a recurrent way, so people aren’t alerted when it happens for real. (When the Mossad stole 7 boats from a French port (that they had fully paid), they prepared a few months in advance by having the pilots start the engines every night at 23:00, pretending they needed it against the cold temperatures. When they day came, they started the engines and left, no-one saw it coming).
It could also be a test to look for surprising things that break, in case they want to do this permanently at some later point.
Hanlon's and Occam's razors point to it being a mistake by the GFW operators, imo.
If it's on purpose, I think you have the most likely motivation.
2 replies →
It was five boats [1], an good story nonetheless. Think whatever you want about Mossad, it can not be denied that these guys have balls.
[1] https://en.wikipedia.org/wiki/Cherbourg_Project
One might even say they have chutzpah.
[dead]
Could you bring something like a starlink mini for backup i wonder? Id imagine this would be very worrying being stuck there as a foreigner in such a situation.
Starlink connects you to the internet via a ground station in the country where you are registered, and the antenna will also only operate in an approved zone (depending on your country and account type). You cannot use it in China.
> Starlink connects you to the internet via a ground station in the country where you are registered
Not true anymore.
> and the antenna will also only operate in an approved zone (depending on your country and account type). You cannot use it in China.
This is still correct.
4 replies →
You can still bring a foreign SIM card. 100% effective (via data roaming) at bypassing the firewall, but expensive.
Oddly, many travel SIMs have started to route traffic through China. I used one in India that clearly routed through Hong Kong, and caused a lot of problems.
A friend of mine tried, no signal.
If war breaks out, it'll likely be enabled.
26 replies →
https://www.theverge.com/2022/10/10/23397301/elon-musk-starl...
Depends a lot whether Starlink decides to let you.
No it does not. Against a huge state adversary like China it does not matter. They have satellites looking down so they can quickly locate any starlink users. And then ...
The only thing that could bypass is GPS + laser links (meaning physically aiming a laser both on the ground AND on a satellite). You cannot detect that without being in the direct path of the laser (though of course you can still see the equipment aiming the laser, so it doesn't just need to work it needs to be properly disguised). That requires coherent beams (not easy, but well studied), aimed to within 2 wavelengths of distance at 160km (so your direction needs to be accurate to 2 billionths of a degree, obviously you'll need stabilization), at a moving target, using camouflaged equipment.
This is not truly beyond current technology, but you can be pretty confident even the military doesn't have this yet.
5 replies →
The infrastructure for that kind of control clearly already exists. What's unclear is how coordinated or deliberate these events are versus being side effects of testing or internal changes
That's what's so great about LoRA. Decentralized txt msgs, ultra cheap radios people run at home or wherever. $10-35USD ON AMAZON. Least txts get through.
It won't get you from where you are to China though.
No but something like WSPR or FT8 would. Needs a license though.
2 replies →
At a whole 3kbps and line of sight!
Local police already equipped with signal jammer cars. Usually only used in college entrance exam period. They also appeared in recent protest in Jiangyou city.
Can you recommend a guide? I’m interested in trying it out.
Look up Meshtastic. It’s kinda fun. Can chat with random people around you. But I don’t think it’s really that useful unless you have a really good spot like an antenna on your roof with no trees or buildings in the way.
2 replies →
That would be LoRa. LoRA is a different thing.
[dead]