Dont Worry Government, I Got This Porn Filter Sorted
sicksad.com> Any request that is denied by OpenDNS is then allowed by our DNS server, and any request allowed by OpenDNS is blocked by us.
The most interesting part of this to me is using multiple DNS providers to determine which category the site is in. It's both simple and effective.
If they actually go ahead with this plan in the UK and it's implemented similarly (eg. via DNS rather than IP blocking), somebody should make a list of what's blocked. Go through the top N sites and for each run a DNS lookup from both a filtering DNS server and also a couple non-filtered ones (ex: Google DNS[1]) then compare the results[2].
Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.
[1]: https://developers.google.com/speed/public-dns/
[2]: This would need to do more than a plain A == B as each address could resolve to multiple IP addresses.
They can't and don't do it with just a DNS, it'll have to be DNS + HTTP URL. Otherwise porn hosted on one large shared hosting would block everything. (e.g. imagine if the Amazon EC2 DNS got blocked).
The current UK ISP filter (the one that already filtered Wikipedia), used DNS & HTTP. IP addresses that needed filtering were redirected to their HTTP server by sending back their IP address, and then a HTTP proxy was used to filter specific URLs. This allowed them to block certain URLs. It was initally detected because lots of wikipedians noticed a lot of edits (basically lots of the UK) coming from a small amount of IP addresses (the IP addresses of the proxies)
They CANNOT use HTTP filtering as that would break on HTTPS.
Nope, the domain is always visible on HTTPS, due to SNI. They can just block it.
Older Win XP machines doesn't support SNI, so you could get around it with an older machine. Of cause that's a problem that will go away over time.
To connect to an HTTPS site without SNI, the IP can only host a single domain, so they can just block the whole (IP:443) combination without affecting any other site.
What if the IP is dynamic? Say an Azure Cloud Service.
I think the problem is that you'd need a different X.509 certificate for TLS, for each and every single IP.
The certificate is issued for the domain, not the IP.
I think Cleanfeed didn't block HTTPS. When have you ever heard of a public, governmental programme that didn't have a stupid flaw? :P
Yeah, and he government would never make that mistake…
http://www.smh.com.au/technology/technology-news/how-asics-a...
The Danish Internet filtering works by messing with the DNS at the ISP level. If you don't want to get filtered, just switch to a non-ISP DNS, or run your own. Sadly it was implemented with little or no public debate, very very few got upset and most of us just switch DNS. I think the UK is in a much better position because they at least have the debate public and loud.
I was actually also admiring the simplicity of his solution, to take advantage of services that are already in place doing the exact opposite of his.
Tip of the hat to the author...
Cleanfeed (the UKs child porn filter) is supposed to be IP blocking/NAT based, coupled with web proxies. Given the scope of the filtering this time around though, it may be done by DNS. Let's hope so.
I remember when they used this system to block an image on Wikipedia. Much hilarity ensued: http://wiki.openrightsgroup.org/wiki/Cleanfeed#Wikipedia_.2F...
> Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.
What you want is a website that answers: Does Country-C block Website-W? A user gives it a URL and it has VPNs surfacing in lots of different countries and it tries them all, and displays in which countries the URL is blocked.
The website also stores and records all blocked/unblocked websites, and allows this data to be downloaded.
There is something like that for the great wall of china: http://www.greatfirewallofchina.org/
Yes. Although that site keeps no history, doesn't allow you to download a list of blocked sites, and only works for China.
And it bizarrely replaces its headers with Flash.
Pretty comical video, one quick tip. If you typed a command on the terminal and you get the "Operation not permitted." You can run the last command prepending sudo like this:
sudo !!You could also just replace the incorrect part of the previous command with ^old^new. I use that a lot when I want to doublecheck before taking a permanent action.
eg. Check what you're about to delete
Something else that saves a lot of time is to incremental-search backwards through your command history using ctrl-r instead of arrow keys. eg. cycle through every "grep". Press ctrl-r, type grep, and it jumps to to most recent command that contains "grep". Each time you press ctrl-r it will jump further back in time. If it's something you expect to search for a lot, you can even tag commands with # comments then search for the comment. (There's a fine line there though... if you reuse a command really often you should probably alias or script it)$ ls *.backup a.backup b.backup c.backup $ ^ls^rm rm *.backupCommand history uses the 'readline' library so all(?) the other editing-related emacs chords will work on it ctrl-a/ctrl-e to jump to the start/end of the line, ctrl-r/ctrl-s to search, alt-f/alt-b to jump words, etc. Oh, and an emacs kill-ring too, that's pretty useful.
Enjoy.
...
...
But there's one more thing.
This is a feature of GNU Readline, not a feature of bash. Other apps that use readline will also accept these chords.
Things like the ruby and python shells, mysql, etc.
You think you can do a lot in those tools now? Learning to leverage everything that readline gives you will take you to a whole new level.
Have fun exploring :)
Another neat expansion: !$ is the last argument of the last command you entered. Useful when you mistype the command name.
Alt+. does the same and (at least in Zsh) allows you to cycle backwards.
More like Meta Up/Down, I tried for ten minutes on iTerm2 before remembering to use my Escape key.
Can configure the alt (option)-key behavior in your iTerm2 profile.
Left/Right Option Key Acts As
It is common to use a modifier to send so-called "meta keys". For most users, selecting "+Esc" here is the right choice. The "Meta" option sets the high bit of the input character, and is not compatible with modern systems.
Another HN user mentioned being frustrated enough that they aliased 'fucking' to 'sudo', so when you use your trick, you get a bit of catharsis:
fucking !!
You just gave me 2 more years back.
Heh, no problem here are 2 more bang tricks. !<charachters> runs the last command you ran that starts with the characters you type.
If you type history, then !<number to the left of the history command>, the shell will execute that command.!gre # will run the last command starting with gre (so probably grep)$ history # shows command history $ !200 # executes command 200Keep them coming, imagine the manyears you're recovering!
You can also press Up arrow, Ctrl-A to go back to the beginning of the line, add "sudo " and enter. This type of thing also works in most REPLs (Python, irb, Node, etc.)
Bash/csh have a wonderful history expansion feature[0]. I can never remember all of the modifiers, but I am learning them slowly.
[0]: https://www.gnu.org/software/bash/manual/bashref.html#Event-...
The section with William Hague (UK Foreign Secretary) at the end of the video is priceless.
... ask not what your country can do for you — ask what you can do for your country ... JFK would be proud.
hehehe. Good one.
Awesome. Advanced assignment: build a search engine which for each jurisdiction only contains results blocked-in-Google-by-legal-threats in that jurisdiction.
No comments? I guess Hacker News gets blocked when you install it. :)
Step 1: Put your dic (delete)
pns.py
I was cracking up. Brilliant!
He should have made the server run on port 69.
sudo ss -lpu 'sport = 53'Brilliant! Now only if there was a cat filter that only showed cats and cat related material.
I thought that filter was called a web browser.
Absolutely wonderful. Well done!
Slightly NSFW, could someone add the tag to the title?
+1 for using Twisted