“Two days ago the police came to me and wanted me to stop working on this”
https://github.com/shadowsocks/shadowsocks-iOS/issues/124#issuecomment-133630294
realfuncode · 10 years ago
52 comments
https://github.com/shadowsocks/shadowsocks-iOS/issues/124#issuecomment-133630294
realfuncode · 10 years ago
52 comments
realfuncode · 10 years ago
“Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from GitHub. I have no choice but to obey.
I hope one day I'll live in a country where I have freedom to write any code I like without fearing.
I believe you guys will make great stuff with Network Extensions.
Cheers!”
teej · 10 years ago
Not being facetious here - what country do you live in that you think the government can't/won't interfere with your code?
copperx · 10 years ago
Mexico.
brobinson · 10 years ago
Maybe China? There's a bit of Chinese in the author's other repos: https://github.com/clowwindy?tab=repositories
userbinator · 10 years ago
From the fact that there's lots of other stuff related to networking/tunneling, and the username has some "Chinese characteristics" to it, I also think it's China.
alexchen · 10 years ago
Yes it's china, because chinese government fears that the citizens who lived in china know about the truth of government's corruption.
ommunist · 10 years ago
Dear Alex, although this may sound like a revelation, but governments do not fear. They are fictitious entities. Non-humans. One may think about them as a software.
alexchen · 10 years ago
Dear ommunist, I think you are right, governments like "Matrix" which control every childprocess.
ommunist · 10 years ago
No, dear. They are just putting childprocesses into existence. If there is no state, there are no citizens.
Qantourisc · 10 years ago
Knowing about corruption, and being able to get away with it are 2 separate things I think. If you don't abuse people human rights) and give them a good life; you can get away with a lot of corruption I presume.
escape_goat · 10 years ago
Perhaps I am misunderstanding your use of English, because it is difficult to see how this is not a facetious question.
There are relatively few countries in which the government both could and would interfere with someone's publication of code, and I think only in China is there both widespread computer use and internet access, on the one hand, and state security actors (the civil police, actually) who have the sophistication and funding to intervene with specific projects such as this one.
Did you mean to ask what country he was in?
TrevorJ · 10 years ago
I think there are more than a few countries where this sort of thing could easily happen. Tech talks get canceled at the behest of the powers that be with some regularity, I don't think requests to take down source code would be out of the question.
https://www.washingtonpost.com/blogs/the-switch/wp/2014/07/2...
http://www.csoonline.com/article/2947377/network-security/pr...
escape_goat · 10 years ago
You think that, but your links are to two cancelled presentations at conferences, neither of which has any clear connection with the 'powers that be', unless you consider the SEI and Carnegie Mellon University to be the 'powers that be'.
Both those conferences occur in a single country, one which was not even able, under its own laws, to effectively suppress the distribution of cryptographic code when it was legally considered to be militarizable as a weapon.
Nemcue · 10 years ago
Do you think you're allowed to talk about the government suppressing you?
And the point isn't that they weren't able to suppress crypto code; it's that they tried.
dalke · 10 years ago
The US does "interfere" with the publication of some code. I'm thinking of cryptography code. Quoting from https://en.wikipedia.org/wiki/Export_of_cryptography_from_th... .
> Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment. ...
> As of 2009, non-military cryptography exports from the U.S. are controlled by the Department of Commerce's Bureau of Industry and Security. Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorist organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license
> ... Other countries, notably those participating in the Wassenaar Arrangement, have similar restrictions.
floatboth · 10 years ago
But in the US, you can sue the government: https://en.wikipedia.org/wiki/Bernstein_v._United_States
dalke · 10 years ago
I think you mean "at least", rather than "but"? You'll notice the WP quote I gave includes restrictions post-Bernstein (and links to that case). Even these restrictions count as 'interfer[ing] with someone's publication of code', no?
sillygeese · 10 years ago
> There are relatively few countries in which the government both could and would interfere with someone's publication of code
It's not about interfering with someone's publication of code. It's about neutralizing threats to rulers' rule.
China's rulers shut this guy down because his tool might enable too much free speech among the masses, which, in turn, would pose a threat to the government's rule.
As for the idea that "it couldn't happen here!", see how the US government "interfered" with someone's publication of articles: https://www.youtube.com/watch?v=dUYMPZ4nEOY
westicle · 10 years ago
I'd add the USA to that list - plenty of evidence that National Security Letters have been used to stifle/gain access to/alter coding projects in the interests of US GOV.
It's probably even more insidious, because simply confirming the existence of an NSL can be a crime punishable by significant custodial sentences. In the USA, posting "The police asked me to delete this code" could land in you federal pound you in the ass prison for 10+ years.
tajen · 10 years ago
I find this is a very gentle warning compared to what we hear about secret law enforcement in general and China in particular. Isn't the practice to stage a suicide after deleting his repositories?
brobinson · 10 years ago
Main site for the software: https://shadowvpn.org
Were the repos mirrored anywhere, or would that present a risk to the original author?
escape_goat · 10 years ago
It's hard to see how that would present a risk to the original author, given the current circumstances as we know them.
What is described was a visit from the police in which they asked him to take down his own Github distribution. He clearly hasn't been arrested, and although he may be being fined, he doesn't mention it. You will notice that his message encourages others to continue work and is generally unhappy and defiant.
If this was a matter of any seriousness with regards to state security, it seems more likely to me that the repositories would be simply shut down without explanation.
My expectation based on my own few encounters with the regular civil police[1] is that those who specialize in computer matters are unlikely to be idiots; I assume they will know how version control systems work. It would probably be overly cheeky of him to actually contribute to someone's fork, or work on similar software, but there shouldn't be any negative consequences based on what we've heard.
My experience in China is limited, and someone else might offer contradictory insights, but that's what my expectation would be based on that experience so far.
[1] an edit to clarify: "In China."
MarkPNeyer · 10 years ago
what was this?
hglman · 10 years ago
Shadowsocks for iOS Notice: This version is deprecated. Please wait for iOS 9's new VPN API
Features
Shadowsocks is a cross-platform tunnel proxy which can help you get through firewalls.
This iOS version is for non-jailbroken devices. It has two features.
A web browser with all the traffic going through a Shadowsocks proxy A background global proxy, with some restrictions Install
Available on the App Store
Please visit the App Store.
As a web browser
Shadowsocks works as a multi-tab web browser. It's really easy to use.
Tap the + button to open menu. Tap Settings to configure Shadowsocks proxy settings. Tap New Tab to open a new Tab. Tap URL field on the top to input URL. Swipe a tab to scroll the tabs. Hold and press a tab to swap tabs. If you've changed Proxy Mode, a restart is needed to take effect. (Kill the app, then open the app again). As a global proxy
Shadowsocks works as a background global PAC proxy, with some restrictions.
Only works with Wi-Fi network. But we are working on the cellular network. Only works for a few minutes. Due to iOS restrictions, Shadowsocks can't keep running in the background. It's killed after you leave it for a while. To keep it running for an extended period of time, you have to come back to the Shadowsocks app every few minutes. So it's a little tricky to use global proxy.
Set up proxy settings in shadowsocks. Copy this link http://127.0.0.1:8090/proxy.pac Open iOS Settings -> Wi-Fi -> i icon on the right of your connected Wi-Fi -> HTTP Proxy. Choose Auto, paste the link in the URL field. Tap back. Other apps now go through the proxy. If they don't, kill and restart them. Come back every few minutes to keep Shadowsocks running in the background.
xiaq · 10 years ago
Shadowsocks is the most popular solution for circumventing China's GFW these days. It has the advantage of obfuscating the traffic, thus making it hard for GFW to detect it, unlike say SSH or OpenVPN traffic, which are easy to detect.
smaili · 10 years ago
While I understand what the gov is trying to do, who's to say somebody else that doesn't live in China maintains the project and puts it on GitHub for all the world to see?
xiaq · 10 years ago
Maybe they are going to block or attack GitHub again until GitHub takes down all clones of it.
mikeokner · 10 years ago
The Chinese government just has to take control of the repo and make a new commit that contains the word "retard" and GitHub will make sure it never sees the light of day again for them.
eli · 10 years ago
Wouldn't be the first time https://en.wikipedia.org/wiki/Censorship_of_GitHub#China
wogong · 10 years ago
They will, one day. anyway Gmail was gone, which I think is the most impossible site to be blocked.
PS: nice to see you here. :)
rsy96 · 10 years ago
I was shocked to see Gmail blocked, given how many business users were dependent on it. Previously they didn't censor websites critical to business and economy, but now they seem to be prioritizing control of speech over economic development.
Laforet · 10 years ago
Because it is a lot of hard work without much in the way of rewards or recognition. Hundreds of thousands people use clowwindy's code, some of them even make money by building services using his code, yet very few people are willing let alone be able to contribute. Until a few days ago he was complaining that the user community is now full of leechers and he is pondering when to quit. The police visit was probably the final straw.
vladmiller · 10 years ago
And there are more than 500 forks. I'd say good luck deleting that :D
Rangi42 · 10 years ago
I downloaded the source code on principle. It's good to know there are plenty of online copies.
vladmiller · 10 years ago
same did I. Seems like it's pretty good written piece of software, so might be good exercise to hack it a little bit and maybe learn something
FredericJ · 10 years ago
In this specific case, DMCA doesn't apply. But it's interesting to read GitHub's policy about taking down forks.
> GitHub will not automatically disable forks when disabling a parent repository. This is because forks belong to different users, may have been altered in significant ways, and may be licensed or used in a different way that is protected by the fair-use doctrine. GitHub does not conduct any independent investigation into forks. We expect copyright owners to conduct that investigation and, if they believe that the forks are also infringing, expressly include forks in their takedown notice.
Rangi42 · 10 years ago
This wasn't a thorough deletion. The shadowsocks-iOS project has been switched to the 'rm' branch, but the 'master' branch still contains all the source code: https://github.com/shadowsocks/shadowsocks-iOS/tree/master There's also a downloadable 2.6.3 release with a built .dmg and source code: https://github.com/shadowsocks/shadowsocks-iOS/releases
Even if it does get completely removed, a duplicate exists on GitLab: https://gitlab.com/mba811/shadowsocks-iOS (No guarantee that it has all the commits prior to deletion, or that it hasn't been modified from the original in some way.)
I can only hope the police in clowwindy's country don't know how to switch GitHub branches.
mullingitover · 10 years ago
I don't know what you're talking about. That repo is totally empty. Nothing to see here, move along.
;)
meric · 10 years ago
What are you taking about? Does not work. Cannot access the code.
4684499 · 10 years ago
Years ago, news said China "banned" bitcoin, years later miners in China live just fine. I guess this is not going to be so different.
somerandomone · 10 years ago
This is different. China(ese government) has a much, much stronger incentive and political resolution to reinforce their Internet speech control than crackdown a couple of bitcoin miners.
4684499 · 10 years ago
> Implying bitcoin has nothing to do with free speech.
I'm saying that the result is not going to be so different, as in people will still use shadowsocks to circumvent the firewall and won't get "disappeared" or whatsoever.
Edit: letters
noselasd · 10 years ago
The only thing that's "banned" regarding bitcoins in china is that financial institutions arn't allowed to trade them. You can mine them, you can set up companies that mine them, you can trade them if you're not a financial institution.
4684499 · 10 years ago
Yes, it's more like regulation that poorly implemented. But less people knew it at the time according to what the news and bitcoin users in China said. As a result, news related to China still can impact the price greatly sometimes, which leads people ask has China really banned bitcoin or not? You could find many discussions in term of this at the time. Of course people by now understand the "ban" itself is limited.
njloof · 10 years ago
And as an aside they're the easiest way to exchange money when overseas. It's like a bank where the bank meets you at your hotel and gives you cash, and you never have to worry that your PIN won't work or your home bank will decide not to honor your transaction for fraud protection.
kordless · 10 years ago
That duplicate will get flushed after they run the 'git pruned' on the 2AM cronjob. Nothing to worry about.
riobard · 10 years ago
That mostly a side effect of GitHub's caching mechanism. It's all gone now.
teraflop · 10 years ago
All of the links in the post you're replying to still work fine for me.
zero_iq · 10 years ago
No, it's not there. You must just be seeing something in your browser cache. It's all gone forever. cough wink cough
floatboth · 10 years ago
The last commit on the GitLab mirror is cf485148bd9f4d4520d13e2169997cd72464f3c0. On GitHub, it's not the last one, but it's on the first page (not that much commits since).
Because it's the same SHA, and because of the way git works, we know that all the history before it is exactly the same on GitHub and GitLab.
i336_ · 10 years ago
Someone in this subthread mentioned something about a commit hash. This is important.
smilekzs · 10 years ago
From Wikipedia:
> The Streisand effect is the phenomenon whereby an attempt to hide, remove, or censor a piece of information has the unintended consequence of publicizing the information more widely, usually facilitated by the Internet.
xiaq · 10 years ago
If you control virtually every aspect of media in a country, I don't see how Streisand effect works...
orph4nus · 10 years ago
Because hackers will always find a way.
veracruz · 10 years ago
Tell that to the RIAA and MPAA, and every politician wanting more surveillance and censorship. The reality is that law, and money, and force currently, and always will, trump a geek at a keyboard.
Further, please consider that you don't have to kill a thing to control it. Even when something is technically possible, and arguably inevitable, it can still be neutered and effectively subdued. It's all fine and well to say things that suggest the human spirit will always triumph - that's optimism - but the human body can still be held in chains. A technical solution that is only accessible to a tiny set of people, under the right theoretical conditions, does not make freedom a solved problem.
natch · 10 years ago
It works in your theoretical scenario unless you also take away word of mouth, international communication, and international travel. I don't see China banning any of those any time soon.
babuskov · 10 years ago
I find this comment amazing:
https://github.com/shadowsocks/shadowsocks-iOS/issues/124#is...
Even with root account, you are not in full control of your Mac - you are sandboxed by Apple.
conradev · 10 years ago
This is the result of a recent change in OS X 10.11, called System Integrity Protection.
It's a big step in the wrong direction [opinion], especially because it does nothing to verify "integrity". It prevents changes to the System directory by conventional means (and injection into system processes).
If malware were to figure out a way to disable SIP from userland, it could install itself in such a way that nothing short of disabling SIP could uninstall it.
userbinator · 10 years ago
Does booting an alternate OS still work to get around it, or have Apple thought of that route and somehow blocked it too?
(I have limited experience with OS X - only briefly played around with driver development and bootloaders in the 10.4 era with osx86 - and I did have to boot from the DVD a few times when I made the system unbootable.)
This raises the question, what good is root if it's not really root anymore?
comex · 10 years ago
There is a supported option to disable SIP from recovery mode, so there's no need to get around it per se. (Recovery mode because it would be hard to impossible to verify the user's intent when malware that already has root privileges is running...)
__david__ · 10 years ago
> Does booting an alternate OS still work to get around it, or have Apple thought of that route and somehow blocked it too?
It's easier than that. It's just a kernel argument to disable it. Simply add "rootless=0" to your boot-args and you have control of your machine back.
I'm running the 10.11 beta and I've already had to disable rootless because I like to have /usr/local as a symlink to somewhere else and by default the rootless configuration prevents writes to /usr. :-/
brobinson · 10 years ago
Does this break homebrew? Or does it only block writes to entries in /usr and not subdirectories like /usr/local ?
__david__ · 10 years ago
You are allowed to write to /usr/local. But making /usr/local itself into a symlink requires writing to /usr which is prohibited. So I was screwed but for the normal case it should work fine.
bdash · 10 years ago
Apple has stated that the "rootless=0" boot argument to disable System Integrity Protection is temporary and will be gone in the GM version of El Capitan. Allowing this route to disable the feature would defeat the entire purpose of it.
mrpippy · 10 years ago
Source? They said in the WWDC session (http://asciiwwdc.com/2015/sessions/706) that the process to disable rootless may change during the beta, but didn't say that it won't be possible in the GM.
They know that rootless will break some applications/drivers, plus some types of development may need it disabled.
bdash · 10 years ago
The supported mechanism for disabling System Integrity Protection is via the recovery partition.
arthurfm · 10 years ago
Apple have recently made a few changes to how you enable/disable System Integrity Protection...
https://www.reddit.com/r/osx/comments/3hv3kk/update_on_rootl...
pdkl95 · 10 years ago
This has been the plan for several years. I remember seeing block diagrams for GlobalPlatform's Trusted Execution Environment[1] that were based on the idea of the "Rich OS" (OSX, Linux, etc) being able to run more or less normally, with something that isn't really a hypervisor providing the "secure"/"trusted" environment.
The idea is that a combination of a SecureBoot-style trusted boot sequence and technologies like Intel's SGX instructions to create an area that is protected from everything else, root included.
Ever since (heavily controlled) iOS was accepted by the tech crowd as a replacement for a proper General Purpose Computer, we've been slowly loosing more and more control. At least there seems to be workarounds for this particular OSX "feature". It is incredibly important to stop this trend now; it will be a lot harder to work around these restrictions when it gets hardware support.
comex · 10 years ago
If you have some malware that actually needs to modify system files, that still significantly ups the ante. Sure, if you have a kernel exploit, you can do it, but currently malware does not need any exploits to take over a system if it can convince a user to download and type in their password to install - Gatekeeper is one mechanism to prevent this, but I've personally been served multiple ads offering malware with a valid Developer ID signature, so it's tricky... (though I don't know how aggressively Apple is working to revoke their certificates). The difference in skill required between just writing an installer disguised as legitimate software on one hand, and continuously coming up with working exploits on the other, is pretty huge. And in any case, the easiest-to-exploit OS X privilege escalation vulnerabilities are things like rootpipe that don't compromise the kernel.
However, this argument falls down a little if malware doesn't actually need to modify system files, which it doesn't for most typical evil stuff I can think of.
x0 · 10 years ago
what if some os x malware finds a way past the limitations on editing system files? the malware would become undeletable
gilgoomesh · 10 years ago
It wouldn't be undeletable, it would just involve booting into a recovery volume (either the automatic Apple recovery partition or a user supplied volume).
Since all System locations will now be signed (as part of the move to SIP), it means that the basic Apple recovery partition will be able to purge any such malware by a simple signature verification.
comex · 10 years ago
Does it actually do that? I haven't heard of it... But just reinstalling the OS accomplishes the same, slightly less quickly. Of course, if the malware is nasty enough, it might modify user settings to make a program run automatically, e.g., by adding it as a startup item, which, unless that OS reinstall included a patch, could then exploit the bug again and reinstall itself to the system locations. Not much Apple can do about that.
nailer · 10 years ago
How do SIP and dtrace interact?
gilgoomesh · 10 years ago
From https://developer.apple.com/videos/wwdc/2015/?id=706
"all dtrace probes that target a system restricted process will not be matched" (i.e. will fail unless SIP is disabled).
beedogs · 10 years ago
Not really surprising, though: Apple has been making OS X a little worse with every iteration.
speeder · 10 years ago
I am doing my best to NOT update my OSX, every time I update it, the thing get slower, it is really annoying.
Synaesthesia · 10 years ago
El-Cap is the fastest version yet in my experience and seems to be getting important security fixes too.
krylon · 10 years ago
Tell me about it. I recently bit the bullet and upgraded to 10.10 after waiting for quite a while. Man... Firefox has been crashing regularly since then, the Mail.app will also crash every now and then, and to top it off, the system itself has crashed twice on me over the past... two weeks. Sigh
suprfnk · 10 years ago
Try installing a fresh copy, or do some HDD/RAM checks. I have been running 10.10 since it came out (+Firefox) without any problems.
eridius · 10 years ago
But that's the thing, you can't disable SIP from userland. It can only be disabled when booted into recovery mode. So yes, it absolutely does verify integrity, because it makes it so malware cannot embed itself into the system. Your last sentence there is 100% pure grade A FUD. You may as well just say "every security measure is bullshit, because if malware were to figure a way around it, then it wouldn't work". It's a meaningless statement.
conradev · 10 years ago
It's a boot argument to the kernel, stored in NVRAM. These arguments are normally mutable. Apple had to write code to prevent modifying said arguments. Said code can have flaws.
But lets say you don't find a vulnerability in SIP userland detection, and instead find a kernel exploit to get around the protection:
If malware were to figure a way around it, then even antivirus software can't uninstall it. Only Apple can. It's not FUD.
gilgoomesh · 10 years ago
It is FUD since it is not impossible to make these changes, it's just (intentionally) more difficult than casually supplying a sudo password. Anyone can detect signature changes in a system directory and anyone can boot to a recovery volume (either the default Apple one or one provided by an anti-virus company, if desired) to make whatever corrective change they want.
eridius · 10 years ago
This is absolutely FUD. Even if you're correct and malware finds a way around it, then it obviously doesn't work, which means antivirus software could use the same mechanism to kick out the malware.
Qwertious · 10 years ago
Unless the malware uses the backdoor/exploit then patches it out once it's inside. It has complete system control, after all.
MagerValp · 10 years ago
Don't be alarmist, worst case a cleaning tool would have to be run from recovery mode, but nuke and pave is usually the recommended cause of action if you get a infected with a rootkit.
SIP holes will be found, and Apple will patch them just like other security flaws.
archimedespi · 10 years ago
> Apple will patch them just like other security flaws
With the condition that you have to upgrade to the very latest system :)
MagerValp · 10 years ago
There are a few exceptions but generally you can stay one or two versions behind. While Apple annoyingly don't state how long they support OS releases, they currently ship security patches for 10.8 and 10.9. The last patch for Lion was just before the 10.10 release.
superuser2 · 10 years ago
>nothing short of disabling SIP could uninstall it
At the very least, the OS needs to be reinstalled from an off-disk source, and that's assuming you haven't been hit by something sophisticated enough to put itself in firmware. We're fast approaching an era where you need to trash the hardware. You should never trust an OS install that was ever compromised, and making it more difficult to do so is a good thing in my book.
elcct · 10 years ago
Windows 10, now OS X... and meanwhile I have installed Linux on all my workstations. Looks like big corporations are shooting themselves in the foot.
rsync · 10 years ago
Wow. OSX ... it was nice knowing you.
eridius · 10 years ago
This is an iOS app, not a Mac app.
geofft · 10 years ago
Yes, but from the same commenter earlier: "I want to try this api on MAC OS 10.11. I understand the reason why I need to ask apple for some permission to publish the app with this api to app store, but I can't believe that I have to ask them for permission to run this api on my development machine."
eridius · 10 years ago
It's possible that commenter is misguided. The documentation on NETunnelProviderManager[1] says it needs the extension and that you should send an email to get it, but there's no indication as to whether there's anything stopping you from granting yourself this entitlement on a development machine (obviously Apple needs to approve it for an app on the MAS; I don't know what limitations there are for non-MAS apps in this regard).
[1] https://developer.apple.com/library/prerelease/mac/documenta...
eridius · 10 years ago
Where by "extension" I of course meant to say "entitlement".
MagerValp · 10 years ago
I think you have that backwards. You, as the person with physical access, is in full control as SIP can be controlled from recovery mode. Processes running as root are no longer trusted to have full access to the system. This is definitely a step in the right direction.
hipaulshi · 10 years ago
For people who are not aware of this: Shadowsocks is a popular and very simple tool to circumvent Great Fire Wall in China. It is written to reduce characteristics in network traffic so that GFW cannot easily block it by deep traffic analysis. clowwindy is the original author.
verroq · 10 years ago
Who is the target audience of this software and how does it work? Do non technical users set this up on a VPS provider and then connect to it? I'd imagine most developers in China would just SSH tunnel their way out.
hipaulshi · 10 years ago
SSH dynamic port forwarding is no longer working for years. It is so easily picked up by GFW and minutes later it is gone together with the whole SSH connection. So does PPTP and L2TP VPN. GFW has been upgraded so many times for the past few years. The target audience is developers. The install is super simple via one line of `pip install`, the start code for daemon is also one line with the configuration inline or through <10 lines of json. On the client side the author and other contributors developed native clients that allow connection by supplying just 1 password and 1 server address. Super simple and highly reliable to this day.
hipaulshi · 10 years ago
@olalonde GFW is known to tighten the control on national holidays or any event they see fit. The day after Tianjin explosion, IKEV2 stopped working for 1 day on my network (I was in Beijing). PPTP from time to time suffer the same issue though I couldn't say when. Also check your ip location, I found out one provider was having reliable PPTP connection about a week ago, and it turned out they were just relaying traffic in a data center in China. Those traffic are not blocked by GFW as long as it is domestic and I could only imagine that data center simply forwarded the traffic onward using other means.
verroq · 10 years ago
So looking at the code for the Go implementation, it appears to be just a stream cipher encrypted version of SOCKS5 [1,2].
1. https://github.com/shadowsocks/shadowsocks-go/blob/master/sh...
2. https://github.com/shadowsocks/shadowsocks-go/blob/master/cm...
(Not the best code, a couple of race conditions in there)
hurin · 10 years ago
Why not just wrap all your SSH packets as HTTPS?
verroq · 10 years ago
This I wonder as well. stunnel + openvpn used to work. Not sure if it still does.
PeterisP · 10 years ago
I believe that the traffic patterns (up/down request amount and timing) will still look sufficiently different from a 'normal' https connection to be detected and cut off within an hour.
jjgod · 10 years ago
SSH tunnel is just too easy for the GFW to detect, it's so unstable that you cannot even browse the web with it.
Yes, setting up a VPS provider would be the most common way. There are Shadowsocks implementations that supports multiple users so that more than one person can use it simultaneously. There are also commercial solutions for Shadowsocks that you can just purchase an account instead of setting up your own server.
bitinn · 10 years ago
SSH still work, but it's not designed to give a high throughput, so ideally one would not want to watch a youtube clip over SSH. And DPI can identify and kill SSH session when there are too much traffic happening over it (ie. no obfuscation is taking place to hide SSH traffic)
JonnyGreenwood · 10 years ago
There are many import/export companies in China, they are also the target audience of this software. Gmail is important for them.
bitinn · 10 years ago
And to add more context: Shadowsocks isn't just a tool nowadays, it's a group of applications that target both developers and common folks.
People have built successful VPN services using Shadowsocks, and they are available on many platforms, like routers and embedded systems.
And the iOS version is more or less the author's recent efforts to build a VPN client that can run on non-jailbroken iPhone, much like Cisco AnyConnect.
I think shadowsocks' popularity as a whole concerns the chinese government, so they do their usual rooting out the leader thing: now that shadowsocks org is headless in the literal sense (no owner, no main repo), they hope its development will die out.
Coding_Cat · 10 years ago
What is to stop any non-chinese person from rehosting the old code? I mean, they obviously wouldn't like it and if I was said person I'd never visit China's sphere of influence again...
DanBC · 10 years ago
I guess nothing.
There are plenty of people on HN who are i) wealthy ii) interested in beating censorship.
It'd be nice to see some effort going into creating software to beat censorship; having excellent translations of the documentation into a variety of languages; etc.
phlyingpenguin · 10 years ago
There are tons of forks of it on GitHub, naturally. I had to go to one to figure out what the project was.
njloof · 10 years ago
Is this the same? http://liguangming.com/shadowrocket
nialv7 · 10 years ago
I believe GFW doesn't do traffic analysis just yet. Otherwise shadowsocks won't stand a chance either.
somerandomone · 10 years ago
> I hope one day I'll live in a country where I have freedom to write any code I like without fearing.
Can the author reach the US by whatever mean and apply for political asylum? That 'fear that they will suffer persecution due to: ... Political opinion'[0] seems legit.
[0] http://www.uscis.gov/humanitarian/refugees-asylum/asylum
hkmurakami · 10 years ago
> I hope one day I'll live in a country where I have freedom to write any code I like without fearing.
Frankly I don't know if we are that country. :(
brillenfux · 10 years ago
In the context of a Chinese hacker fearing prison this is awfully cynical hyperbole.
DanBC · 10 years ago
It's obviously far worse in china, but still.
hkmurakami · 10 years ago
Agreed. And even in the small world of my college, this happened for a student writing some filesharing code.
http://dailyprincetonian.com/news/2003/05/peng-riaa-settle-i...
59nadir · 10 years ago
Yes, he should move to the US, where he'll be forced to use NSA approved (read: cracked) or no encryption.
mozumder · 10 years ago
??
US citizens can use any encryption they wish.
Kim_Bruning · 10 years ago
Seeing the position of the US and UK governments on encryption is coming in-line with china, I would be careful of traveling to those countries.
mrb · 10 years ago
I was visiting China recently (my first time there). I thought bypassing The Great Firewall was going to be as simple as an "ssh -D" SOCKS setup, or a "ssh -w" tunnel. Oh boy, I was wrong. If you try this, or even a basic OpenVPN setup, you will quickly find out your VPN works fine for about 5 minutes, but then latency increases to 5sec, 10sec, 30sec(!), and then everything times out. After some research I read online the government does deep packet analysis and uses machine learning to find heuristics to guess which TCP connection or UDP stream is likely being used as a VPN. When they think there is a high probability a VPN is detected, they simply start dropping all the packets.
Encryption is not enough. You need to disguise your VPN traffic to make it look like standard HTTPS sessions (since they don't block HTTPS). For example in a traditional HTTPS session, if the client browser downloads, say, a 500kB image over HTTPS, it will send periodical empty TCP ACK packets as it receives the data. But when using a VPN that encrypts data at the IP layer, these empty ACK packets will be encrypted, so The Great Firewall will see the client sending small ~80-120 bytes encrypted packets, and will count this as one more sign that this might be a VPN.
That's why people in China have to use VPN tools that most westerners have never heard of: obfsproxy, ShadowVPN, SoftEther, gohop, etc. All these tools try to obfuscate and hide VPNs. I have a lot of respect for all these Chinese hackers like clowwindy who try to escape censorship, as it takes more technical prowess than you think to design a VPN that works in China.
usaar333 · 10 years ago
How do multinational companies' china offices get through the firewall? For example if my company uses Google apps, how do I ensure that my china office has access?
hipaulshi · 10 years ago
As far as Microsoft office in Beijing, I think they VPN to their Tokyo office first. Their traffic is ensured by negotiating directly with the big telecom company. Disclaimer: I do not work for them.
nialv7 · 10 years ago
This is correct
Source: worked there for a while
chobo · 10 years ago
This is interesting, I'd love to read/hear more about it. Is the negotiation an above-board thing? What are the conditions and costs to getting this kind of exception ensured?
gozo · 10 years ago
From what I've heard, it's something like 100 000 USD a year for a 100 Mbit connection.
motoboi · 10 years ago
Funny thing is: this is the same price payed in Brazil for a 100mbps MPLS link.
bitinn · 10 years ago
Not all VPN services are censored, and not all VPN protocol triggers the reset. But you can bet whatever you get for free (thus likely popular), will get banned soon enough.
OpenVPN is like a prime suspect of a police procedural novel, it gets hunt down no matter what.
Personally experience: I did work for Microsoft Shanghai and VPN works just fine. You need to have the right set of tools, and better, have a good channel of negotiation with the government.
mcbridematt · 10 years ago
Pay one of the telcos (i.e China Unicom) for an MPLS circuit out of the country.
Also, international performance in general can be quite bad at peak times (i.e 30% packet loss), I suspect due to Comcast-style management of international transit. But if you buy a transit circuit from Unicom, no problem!
Edit: to add to the grand parent, I've actually found ssh -D/-w0 (for a TUN device) quite reliable from China. What I really want to do is run multiple connections from different end points with a routing protocol to do fast-failover.
badpenny · 10 years ago
> Pay one of the telcos (i.e China Unicom) for an MPLS circuit out of the country.
Don't suppose you could explain to us network plebs how that would bypass the Great Firewall?
eitally · 10 years ago
It's a private network/route with traffic containing nothing but corporate data. Most multinationals facing this situation route out through HK, with a secondary failover usually in Taiwan or Singapore. Works a treat, but is costly and latency can be subpar.
It also doesn't solve the problem of mobile access to Google Apps for Chinese workers (Google Play Store & apps are not bundled by many (any?) Chinese OEM handset makers or carriers. You can root & sideload, or you can purchase phones outside the country and ship them to your employees, but even if you do this, there is still no guarantee they'll be able to access Google's apps while on cellular networks.
gozo · 10 years ago
Google Apps will drain your battery when they can't access Google's servers. Roaming with a China Unicom Hong Kong sim card, like the cross border king, will give you gfw free access.
kuschku · 10 years ago
> Google Apps will drain your battery
Google Apps will also drain your battery if you are in a region where Google has no network-location data yet, because then Google will turn on your GPS, and send to their servers the pair of GPS-coords and strength of networks.
If you live in a suburb in Germany where almost no networks are known to Google, this means if you enable location services your GPS will try to get a fix 24/7, eating your battery in about 2 hours.
This is probably going to be an issue in China, too, considering that Google doesn’t have location data there.
rahimnathwani · 10 years ago
I think you can turn this off. My phone has a setting called 'Scanning always available', which says "Let Google's location service and other apps scan for networks, even when Wi-Fi is off.". If I turn off this setting, and turn off wi-fi, then the problem you point out should be avoided, right?
kuschku · 10 years ago
Yes.
But if you turn on WiFi and Location at the same time (which is not uncommon), then it will suck your battery dry in seconds. Turn any of those two off, and it works.
rahimnathwani · 10 years ago
Oh. My phone has three options for 'Location mode':
- High accuracy (GPS, wi-fi, mobile)
- Battery saving (Wi-fi, mobile)
- Device only (GPS)
From what you say, it sounds like 'Device only' would save more battery than 'Battery saving'?
nxb · 10 years ago
How do you setup a routing protocol to do fast failover? Is it easy?
hhw · 10 years ago
For fast failover, you'd generally use BFD (bi-directional forwarding detection) in conjunction with a standard routing protocol like BGP, OSPF, or IS-IS. It's sufficiently complex to do on a proper networking platform, and even more difficult to do in a general purpose operating system. You can also just use aggressive timeout values with your routing protocol, but failover won't be quite as graceful.
mirimir · 10 years ago
I've heard that commercial DCs and high-end hotels are less censored.
a-saleh · 10 years ago
We have colleagues in china and generally speaking, you find an alternative, and host it on premise.
I believe this is the reason why they use Atlassian[1] products, where rest of us would use trello, e.t.c.
[1] company that created jira
tajen · 10 years ago
Aren't there a dozen of bugtrackers, intranet collaboration software, CI tools and git hostings that they could download and install? What's so special with the Atlassian products?
LoSboccacc · 10 years ago
those sucks a little less than, say, bugtraq, offer enterprise support on premises which you'd never use but you need to do the purchasing when you go for a big company and kind of have a big recognized name for their customization support even if their whole stack sucks.
a-saleh · 10 years ago
I think the "enterprise support on premisses" is the main deal, along with the fact that we have already used it for some of our big projects.
chefkoch · 10 years ago
Register your VPN with the authorities. We are atm doing this for a office in Beijing.
rahimnathwani · 10 years ago
Is the primary purpose of your VPN to bypass GFW, or to provide access to your corporate network? I guess the latter would be considered a good reason.
chefkoch · 10 years ago
yes, mainly to access the corp network.
liquidcool · 10 years ago
I'm curious, what is the risk of getting caught, and what is the penalty?
imaginenore · 10 years ago
Spending on what you do, detainment, torture, death.
thaumasiotes · 10 years ago
I have a good amount of recent experience with this. I found that it wasn't just a matter of your connection getting blocked; if you leave it up you'll experience some unreliable good periods (so, say, a torrent would download through the VPN overnight without a problem, but if I wanted to use the internet at any particular time, my connection was unlikely to be working). But yeah, I ended up signing up with Astrill.
loser777 · 10 years ago
Very interesting... I was just in China recently and was sshing into a box I had in the states for an impromptu SOCKS proxy. I did notice that things would work fine for up to an hour or so before things started bogging down. I would start seeing "channel x: open failed..." errors. However, closing the session and reconnecting would fix the problem... until it started lagging out again.
I thought it was just a consequence of being on spotty < 5mbps(ADSL?) connections. The internet situation was barely tolerable for a few weeks stay; I can't imagine what living in these conditions 24/7/365 is like.
halfelf · 10 years ago
Working in such network 24/7/365 means I have to spend about $90 per year on my vpn service, and keep vpn connection all the time when working. (otherwise google and SO will not come to save me from problems.)
auganov · 10 years ago
Yea, in my most desperate I wrote a script that opened ~10 connections and kept restarting them and used HAproxy as a frontend. It was maybe helping, but honestly, I couldn't tell. Luckily I discovered shadowsocks soon after that.
ColinWright · 10 years ago
I'm always brought up short when someone says/writes "24/7/365" because it really doesn't make sense.
"24/7" means 24 hours a day, seven days a week.
"24/365" means 24 hours a day, 365 days a year.
"24/7/365" means 24 hours a day, 7 days a week, 365 weeks a year?
I know, I know, it's become an idiom, and it's like "I could care less", and you can't try to understand it except as an atom that caries a meaning, but it just looks wrong to me.
Sorry - I'll now return you to your regular programming.
nesyt · 10 years ago
24/7/365 is dead. Long live 24/7/52!
sbarre · 10 years ago
24/7/365
7 *days* per *week*
24 *hours* per *day*
365 *days* per... *year*
Why you'd read that as 365 weeks per year I'm not sure, because there's no pre-established convention that would lead you to interpret it that way (both 24 and 7 would have to be "per week"), and most people know there are 365 days in a year.Just trying to help. ;-)
ColinWright · 10 years ago
But it doesn't make sense to say:
24 hours a day, 7 days a week, 365 days a year.
That just really doesn't make sense at all. I know that the numbers means, and are for, but if someone is saying every hour in the year, to say 24/7/365 is just nonsense.Of course, this is a losing battle. People just don't care if what they say makes sense, they just say stuff and assume that people will understand. This is one of the things that makes language bizarre, miraculous, infuriating, and impossible to analyse. I note examples like this because they are caltrops on the road for NLP.
chillingeffect · 10 years ago
>what they say makes sense
I would argue that no single statement can make sense. Sense is made when multiple statements are combined.
It's really all just about appropriate cognitive load. Every statement must be processed and it's great to be as accurate as possible and as accurate as the consensus agrees to.
Anything higher quality than that falls under the category of "great writing," which only a handful of people cherish.
nickysielicki · 10 years ago
Hey, FWIW, you've completely convinced me to never use this phrase again.
strathmeyer · 10 years ago
They are all relative timeframes by which a store my be closed; certain hours during the day, certain days during the week, and certain days during the year. Your inability to make sense of it doesn't affect the rest of us. It's like a creationist saying evolution doesn't make sense to them: at some point it is the result of a willful ignorance that you are bragging about. It doesn't make for very interesting trolling.
ColinWright · 10 years ago
> They are all relative timeframes by which
> a store my be closed; certain hours during
> the day, certain days during the week, and
> certain days during the year.
Huh. That's a way of interpreting it I'd never seen. Thank you. > Your inability to make sense of it doesn't
> affect the rest of us.
No, except that it may help people see that what they think is obvious isn't always obvious to others. > ... it is the result of a willful ignorance
> that you are bragging about.
Well, that's obviously your interpretation, but if others see it that way then it explains the hitherto mysterious yoyoing of points on my comments. > It doesn't make for very interesting trolling.
I find it disappointing that you think I'd troll.pluma · 10 years ago
So you read 24/7/365 as 7/24/365? That only makes sense to Americans, I guess.
chrisoverzero · 10 years ago
As an expression of time, its origin is a relation to business hours. 24 hours is "we don't close overnight." 7 days is "we don't close on weekends." 365 days is "we don't close on holidays." Those are the standard periods of unavailability.
If the sole holiday were a single Golden Week sometime in the year, the idiom may indeed have been "24/7/52", but holidays are simply scattershot like that.
dredmorbius · 10 years ago
The slashes aren't maths operators, they're language/grammar/shorthand. The lexeme as a whole is merely a mnemonic for the linger phrase: "24 hours per day, 7 days per week, 365 days per year."
It's not that the individual segments relate to each other. Rather they answer three sets of questions:
What are your daily hours? All of them. 24 hours / day.
What weekdays are you open? Again, all of them. 7 days/week.
What holidays do you observe per year? None, we're open 365 days/year.
Since there's rarely a monthly cycle to business closings and there aren't a standard number of days per month, that's elided.
It also helps to realize that human timekeeping is really based on three independent phenomena which are utterly unrelated. There are day-based units: seconds, minutes, and hours are all subdivisions of the period of rotation of Earth about its axis.
The month is based on the Moons orbit about Earth. That it is roughly 30 days is a notional convenience, similarly its rough divisibility by 4 into 7 day periods. The week is entirely synthetic (though profoundly persistent).
And the year on Earth's orbit about the Sun. Again, relationship to days and months are entirely arbitrary.
That's why it often seems time units are arbitrary. They are.
There's a brief book which Kay's this ought and traces the calendar through time, The Seven Day Cycle.
mainguy · 10 years ago
24/7/52 does seem more logical...
hodwik · 10 years ago
365 means they don't close for holidays. I don't know what 52 would mean.
hhandoko · 10 years ago
There's 52 weeks in a year.
24 hours in a day, 7 days in a week, 52 weeks in a year.
hodwik · 10 years ago
What business closes for a week out of a year? Are there businesses which are 24/7/50?
rawTruthHurts · 10 years ago
Well, where I work at is 24/7/51.
hodwik · 10 years ago
Interesting, are you in Europe?
rawTruthHurts · 10 years ago
UK. Last week of the year (Christmas celebrations and so, you know) this joint shuts down.
hodwik · 10 years ago
Gotcha, here in the US most people will take off that week, but no business would ever shut down entirely for a week. You'd piss off all of your customers and associates. (Which is why American workers hate dealing with ones in the EU, they're always on vacation!)
Whoever doesn't stay home during the Christmas period in the US gets accolades from management, so there's incentive to work if you're career-focused.
kbutler · 10 years ago
I agree with the understanding that each segment of 24/7/365 addresses a different possible shutdown condition.
And I'll add that "I could care less" derives from the earlier "I couldn't care less", which makes a lot more sense. See http://blog.dictionary.com/could-care-less/
sdm · 10 years ago
> I thought it was just a consequence of being on spotty < 5mbps(ADSL?) connections.... I can't imagine what living in these conditions 24/7/365 is like.
In my experience splitting my time between North America and China, the difference is not terribly noticeable once you invest in a solid VPN -- which everyone does.
The network speeds here are generally far better than NA -- in tier 1 and tier 2 cities at least. If you're accessing site in China, i.e., not going through the GFW, the average is far better than you'd find in the US. However the GFW slows everything down. However, there are a handful of VPN providers that specialize in getting through the GFW: notably Astrill and ExpressVPN. This those on my phone, tablet, and laptop it's easy, you'd never know you were in China -- expect the odd day when you have to hunt for a different server. Most experienced developers here subscribe to one of them.
Also, a lot of tech companies subscribe to "international lines". Pretty much all the ISPs offer them to business customers. They are expensive but they work very well. Usually about US$1k/mo to US$3k/mo on contract. The international lines are just hard lines to Hong Kong.
rahimnathwani · 10 years ago
Were your DNS queries going over SOCKS?
captainmuon · 10 years ago
I've had almost the opposite experience. VPN sort of worked, but I could not open a single HTTPS connection. The VPN problems I had I could trace to a bad WiFi connection (I had to lower my MTU and it worked fine).
Now, on previous trips I experienced what you mentioned. It seemed really like there was some machine learning going on, and after using a VPN for a while the connection would get bad. But I guess it might not be machine learning, there might just be a huge number of humans watching your traffic - which would explain why it is so inconsistent.
The thing that worked best for me is just using ssh -D (on most days). Our workplace uses ssh a lot for secure communication with outside china, so that couldn't possibly be blocked without hindering our work (and I believe 'they' have no interest in that). So whenever I had to access something for work that was sillily blocked (argh gmail), I just used the ssh connection that was open anyway.
bitinn · 10 years ago
Actually this is classic daily life of a chinese netizen: you are never quite sure what the cause of your network woes is (not without spending time digging into it). Is it due to ISP QoS, or is it reset by GFW, or is it just mere network failure?
And what most ppl do when facing this? They choose a local service instead of Twitter, Facebook, Youtube, Google. See, censorship is only a part (though a vital part) of the grand scheme.
berkut · 10 years ago
Back in 2006/2007 when I was doing web development, I knew a few people at F5 and Zeus Technology (developers of application firewalls at the time), and they said The Great Firewall was using loads of F5 tech with deep packet inspection for all data.
I assume 9 years later (don't know what the modern tech for web stuff is these day, but I assume encryption plays a key part) they're doing just as intrusive inspection and filtering of data.
Laforet · 10 years ago
This might sound a bit counter intuitive but they really hate OpenVPN and SSH tunnels - not to mention they are trivial to detect and the process is highly automated.
Traditional VPNs such as PPTP/IPsec as well as various forms of obfuscated proxies are generally not interfered with unless something major happens. A lot of the alleged "censorship" are actually symptoms of high latency and packet loss on home connections.
kijin · 10 years ago
I suppose that means OpenVPN and SSH are too secure for the Chinese government to eavesdrop on. PPTP, on the other hand, has been known to be insecure for ages.
So... could you avoid detection by passing an SSH tunnel through a PPTP VPN? Add enough layers, and the censors might not bother to unwrap all of them.
Laforet · 10 years ago
Yes you can. Shadowsocks was intended for the similar purpose of tunnelling traffic and it is a bit more flexible than GRE-based VPNs
rsy96 · 10 years ago
Given that most US websites are now over HTTPS, breaking PPTP won't actually give Chinese government much information to eavesdrop on. They may know that someone is accessing Google or Twitter, but they cannot know the actual keywords or tweets they are reading.
Note that Chinese government does not have backdoor access to those US websites, nor do they control a significant fraction of Internet infrastructure.
giodamelio · 10 years ago
What about Chinese signed root certs?
rsy96 · 10 years ago
That is why it is recommended to untrust every Chinese CA from your system. It won't affect daily browsing even for most Chinese users. The super majority of Chinese websites, even state owned ones, buy certificates from US companies.
chefkoch · 10 years ago
IPsec is blocked now.
Laforet · 10 years ago
Blocked for a few established VPN providers e.g.Astrill. The protocol itself is not blocked per se.
chefkoch · 10 years ago
You won't get a stable site2site ipsec tunnel for long. That's why you have to Register your vpn vor go mpls.
rahimnathwani · 10 years ago
I currently use a mixture of PPTP and Shadowsocks. Shadowsocks (even to the same servers) seems to successfully connect a little more often, and drop a little less often. Otherwise, performance seems similar, and goes up and down.
edwinyzh · 10 years ago
"Thanks" to the Great FireWall by one of the evilest governments, I might have to finally give up Gmail after many years struggling using it with the help of a wide variety of GFW-fighting tools. My deepest respect to all the authors.
aosmith · 10 years ago
Spoofing GGP tends to work very well in these situations.
Aoyagi · 10 years ago
What is this supposed to mean?
https://github.com/clowwindy/ShadowVPN
"Removed according to regulations."
fredoliveira · 10 years ago
Did you miss the original link?
https://github.com/shadowsocks/shadowsocks-iOS/issues/124#is...
Aoyagi · 10 years ago
As a matter of fact I did, thank you.
Let me just find the nearest cliff to jump off.
olalonde · 10 years ago
> Encryption is not enough.
I use an unencrypted PPTP VPN and the connection is really fast and stable here (Shenzhen, China Telecom). I have tried OpenVPN and ssh but both were much slower. FWIW, I don't believe using a VPN is illegal in China (though operating a VPN service without a license most likely is) and pretty much every single foreigner I know uses one.
oliwarner · 10 years ago
Per the other comment, MS-CHAP2 is crackable. The PRC govt is probably happy to encourage people to think they're secure using it.
olalonde · 10 years ago
Yes, that was my point. They are happy to let people circumvent the firewall as long as they're still able to read the traffic.
Bromlife · 10 years ago
PPTP is not secure. You need to open another, more secure, tunnel within your PPTP session.
caiych · 10 years ago
According to a recent file. Using a VPN isn't illegal. But hosting an unregistered VPN service in China is illegal. And the right of using an unregistered VPN service is not guaranteed.
0xFFC · 10 years ago
I am in Iran , you cannot believe it , same here , They use deep packet inspection too, they will shut every package down. every open vpn , cisco vpn , etc connection will lose connection every 2-3 min . Connection to outside web is almost impossible.
I have noticed they have multiple situation, for example when everything's quiet internet is not so bad (despite the fact bandwidth is extremely low for huge amount of people), but when some news came out about government corruption, guess what ? some vpn does not work . In 2009 green movement they closed every https connection.(maybe that was red alert situation)
p.s : https://en.wikipedia.org/wiki/Deep_packet_inspection
p.s. : I use vps from netherlands for bypassing firewall. but It takes huge amount of time and a little money.but the point is 99.999% people don't have this option (I use shadowsocks, sometimes another tunnels) so they use internet the way is or some software like freegate and other but with extremely low speed unbearable lag.
p.s. : pptp, l2ps and others are closed right now. even president rohani couldn't manage the situation . I have heard he did want to do something but supreme leader and his people stopped him.
yyhhsj0521 · 10 years ago
I heard rumors that that before Halal Internet was launched the censorship of Iran was relegated to Huawei, the same company that builds and maintains the Great Firewall...
0xFFC · 10 years ago
Yes , I have heard it too . halal internet not going to launch , because Rohani is not believe in it and tries to postpone it every year(maybe they have technical issues too , I don't have information) . all military site's have ethernet and connect to each other with it.
geff82 · 10 years ago
wish you all the best. I pay 5$ for a digitalocean droplet to provide my family in Iran with an OpenVPN connection. This works quite well, we do not have any issues so far.
dujiulun2006 · 10 years ago
I'm not sure but I suspect that they got the technology (hardware and software) from China too.
As a Chinese netizen I don't know if I should be proud that we have world-class advanced technology or be ashamed. Possibly ashamed.
danmaz74 · 10 years ago
I propose proud of the technologists, ashamed of the political system :)
leoc · 10 years ago
Allegedly it's mostly or at least originally Cisco's technology: https://insidersurveillance.com/cisco-huawei-and-semptian-a-... .
njloof · 10 years ago
And let's not forget BlueCoat.
These are our colleagues designing and implementing these tools of oppression. We should ask them why they exercise their talents in this way.
peterhadlaw · 10 years ago
They probably appreciate having their family alive...or something. It'd be better if our colleagues who don't have their hands and relatives tied to create and proliferate liberating software.
pekk · 10 years ago
Are you saying that Blue Coat (based in Sunnyvale, California) develops censorship tools in order to keep their family alive? Who is threatening them?
fastandfurryous · 10 years ago
It doesn't take much to motivate someone to do it. A paycheck is enough 99.99% of the time.
seesomesense · 10 years ago
"Of the ten conflicts in human history with the highest death tolls, five were civil wars in China.
Chief among these was the Three Kingdoms War when up to 40 million are reckoned to have perished in military operations and from the destructive consequences of warfare. This is an enormous number, considering that the global population at that time is unlikely to have exceeded 400 million. More recently, the Taiping Rebellion claimed more than 20 million lives while the civil war that brought the Communist Party to power resulted in 7.5 million deaths, over and above the 20 million estimated to have been killed in the roughly contemporary Japanese invasion.
This is not the history we were taught at school but Chinese leaders are well aware of these facts.
When disorder breaks out in China, things turn very nasty indeed.
It is best, therefore, to avoid disorder at almost any cost."
That is why.
Or would you prefer to have China descend into the chaos of Rwanda or Sudan ?
guard-of-terra · 10 years ago
Oppression causes civil wars.
If they are using oppression to avoid disorder, they better have long term plan. Otherwise they are digging their own grave.
Not many people fear of chaos in the USA and not because they have the best firewall.
hussong · 10 years ago
Millions of doomsday preppers may disagree.
CrabClaw · 10 years ago
Well, thousands anyway.
sciguy77 · 10 years ago
> Millions
There are not millions of doomsday preppers in the US. And their obsession is not representative of public will or sentiment.
The comment you're replying to said: >Not many people fear of chaos in the USA and not because they have the best firewall
So you seem to be saying that if the US had a Great Firewall the nutjobs who spend half their salary on underground bunkers and armament wouldn't. That's a pretty silly argument.
iofj · 10 years ago
Historically, I believe it would be much more accurate to say that opportunity creates civil wars. People start wars because they think they can win.
Incidentally, in most of those Chinese conflicts (4 out of 5 I believe), they were right. Many other wars were similar : starts with "immigration", numbers increasing, conflict, open conflict (and mass death), repression (of the losing side). Extermination is often tried but rarely succeeds. Well it succeeds in causing mass death, but it doesn't succeed in the sense that extermination is the result.
mejari · 10 years ago
Wait, I may be misunderstanding your comment, but are you saying you support censorship by the Chinese government on the basis of some paternalistic "those dang Chinese can't handle themselves and start a-killin' if they get to know too much, so it's better to keep them in the dark"?
Also, when quoting large blocks of text it is usually helpful to source that quote.
behermit · 10 years ago
Good statement so far. But wait... do you assume that censorship could cause another civil war or could avoid another civil war? And where is your reasoning or evidence?
fxckgfw · 10 years ago
At first China also used Cisco's stuff, but soon they could't keep up with the requirements of the Chinese govt. After that a man usually criticized to be "the father of GFW", FANG Binxing, came up and built more powerful censorship hardware and software for the govt at Beihang U. It is said that they now use supercomputers to parse, analyse and block (and even inject, remember GitHub?) all packages going through the Chinese network boundary.
Oh I just gave away so much secret. I'm so doomed. Everything above are just made up stories. Don't believe me. Don't track me down. Please.
fisheuler · 10 years ago
There's one mistake on your statements. It's at Beiyou U that Fang Binxing get all those things dones.
behermit · 10 years ago
It is not a secret at all....
gcb0 · 10 years ago
be sure soon the dev will be cordially invited to write the deep inspector for that vpn if it ever leaves the ground.
and i wonder if filling the apple form helped them finding him or it was just bad timing
aidanhs · 10 years ago
A few years ago I had a friend visiting Iran who wanted unrestricted access to sites. I didn't have any personal Linux servers on the internet at the time, but I did have a Windows one with Remote Desktop licenses.
It turned out that RDP actually worked pretty well. I did hesitate to post this in case it's seen by the wrong people(!), though given it's a while since it was necessary to use, it may be blocked by now anyway.
I wonder if it was available because it was relatively little known and, if so, what other little known protocols might be available.
0xFFC · 10 years ago
sadly with RDP you cannot have same experience.it is not about 1 or 2 site , for example for me , my vpn connection is always on because there is not internet without it.but with RDP loging into another machine , with all lag you see , is almost impossible at least for power user like me which most of the time have 50+ tab open in chrome in site's like youtube , android dev doc's, etc.
SeeDave · 10 years ago
You can RDP into a machine and use the browser there.
Falkirks · 10 years ago
But you have to send a packet every time the remote screen changes. It is much more demanding on network resources than a VPN and thus will be more difficult to use on a daily basis.
MarcosDione · 10 years ago
Why nos havig a local cache like wwwoffle (someone has to reimplement such a thing) or squid? that way you won't need a connection just to browse a bunch of (mostly static?) html pages... just sayin'.
fridsun · 10 years ago
You can get arrested for hosting illegal web content. All public facing servers in China must be registered at the government, or they can get raided.
tokenizerrr · 10 years ago
I have a friend in Iran and I let him use one of my servers as a proxy using the ssh -D flag. This has been working well so far as I know.
fyolnish · 10 years ago
When I was in China last year I had no problems using OpenVPN on my Holland based server.
njloof · 10 years ago
Hotel WiFi may not be as restricted as the average citizen's connection. Local 3G/4G service may be more restricted than your home provider's roaming service. It's a bit of a crapshoot, but the GFW is definitely targeted more towards locals than visitors.
nly · 10 years ago
Sounds like an overseas vendor needs to drop a blanket of satellite internet coverage over mainland China.
melling · 10 years ago
Sounds like you live in a world where you didn't notice that China became the second most powerful economy, and which will become the most powerful economy within a decade or so. Of course they're going to have the military to go with that:
https://en.m.wikipedia.org/wiki/2007_Chinese_anti-satellite_...
nly · 10 years ago
The great firewall is a cowardly, non-confrontational technical infrastructure. I don't see China using a multi-billion$ missile system to shoot down a harmless foreign communications satellite that also served people outside of China. They're smarter than that.
melling · 10 years ago
You have no idea what you're talking about:
http://www.history.com/this-day-in-history/chinese-counterat...
http://nationalinterest.org/feature/deadly-lessons-the-last-...
ColinWright · 10 years ago
... usage of which would be detected, and the users arrested and hauled off for "questioning" about spying and/or being a terrorist.
nly · 10 years ago
And using a VPN doesn't have these risks?
ColinWright · 10 years ago
Of course it does, but they have a less expensive and more effective means of enforcement, which is just to shut it down. That's effective because the actions they take at a single location apply to a large number of infringements.
But if they can't shut it down via technology, they'll most likely shift to individual enforcement and harassment. In that case they have to chase people one at a time, so to get widespread effectiveness they have to make sure that each individual case frightens as many people as possible. That means that the individuals targeted will be punished more severely.
Enforcement 101.
nly · 10 years ago
Escalating the issue could be a good thing, even if people suffer. The problem with technological oppression like censoring or pervasively surveilling the Internet is that it's invisible and there's very little organised outcry. Just look at Snowden revelations. Nothing has changed, and most people simply don't care. Effectively once the requirements for bypassing the GFW become harder to deploy than a few clicks, from an easy to follow guide, the majority of the population will just accept this oppression.
ColinWright · 10 years ago
My point was not whether this would be a good thing or bad, but to point out a likely consequence.
nly · 10 years ago
More likely they'd just buy up all the satco's and run the thing out of business.
jeremyis · 10 years ago
Weird, was just there a month ago for two weeks and used https://www.expressvpn.com/ with no issue. I mostly cruised reddit / the internet so maybe there wasn't enough volume.
fridsun · 10 years ago
It depends. I am a bit surprised that reddit is not blocked. Neither is hackernews. Apart from classic Google, Facebook, Twitter, AWS is targeted intensely for its role in "affiliated freedom", to the point releases on github are blocked, others not as much.
MrBra · 10 years ago
Why go through Internet access providers in first place? Just get a radio transmitter and start broadcasting on short waves with encrypted digital modes... at least for short, critical transmissions.
thaumaturgy · 10 years ago
At 1.2kbps?
MrBra · 10 years ago
Q: "Would you like a free, uncensored system to talk to anyone in the world? On top of that you could also send data at 1.2 kpbs, again free and uncensored. You just need to swich frequencies quite often and randomly, in order to avoid that the bad guys will track you down..."
A: "No, 1.2kpbs is not enough, thanks but I prefer censorship."
Is that what you're saying?
thaumaturgy · 10 years ago
Sorry, I've already had my fill of stupid arguments on the internet for the next couple days. Maybe some other time we can get together and do our best to misunderstand eachother.
MrBra · 10 years ago
Haha. Ok. And sorry.
sdm · 10 years ago
In my experience ... spending a lot of time working in China ... most people use Astrill or ExpressVPN. I'm surprised no one has mentioned them here yet. They own the VPN market in China. Almost every senior developer I've met here subscribes to one or the other -- with Astrill being far ahead in terms of user base. They both champion their "stealth" options and other than the odd day you don't really notice the GFW.
Pretty much all the ISPs sell "international lines" as well. But only as part of their business packages. Usually it will run for about US$1k/mo - US$3k/mo with minimum 1-2 year contract for their "starter" package. Most tech companies in my area have them; they work very well. Essentially they are a hardline to Hong Kong and they ration out to subscribers.
They key thing to understand about the GFW is that it's not about general censorship of the population. Frankly the government doesn't care if someone who is middle class, i.e., invested in the status quo, gets around the GFW. They are more concerned about conservatives in lower classes trying to organize to stop the move towards capitalism. And it's mostly about protecting the market now so local companies can get access to these lower classes as their position improves and they join the middle class.
tripzilch · 10 years ago
I don't understand, who can afford US$1000 per month? I'm assuming only medium-large businesses, so do they divide up these "international lines" among their employees or something? Can these employees also use these lines at home, or only in the office?
wogong · 10 years ago
It's for business of course, mainly international companies I guess. Local companies don't need to cross the firewall. Employees can only use these lines in the office. Actually most Chinese are not aware of the existence of the Great Firewall (GFW), really bad.
sdm · 10 years ago
In the tech field, everyone is very very aware. I can't speak about other fields though. In my experience, pretty much anyone who is middle class or above knows about it. Granted middle class and above is only about 300 million of the almost 1.4 billion people -- so very much a minority. Granted China is huge and I mainly move in tech circles so YMMV.
It's not just international companies. Chinese companies are all about going overseas now. China is now a next exporter of investment. Plus it seems every company with an app that has a moderate amount of success wants to reach Chinese outside of the China -- they have more money -- and so need to integrate with blocked services like FB. And exporting Chinese online games to other developing nations is really taking off.
wogong · 10 years ago
Thanks for your info. As a graduate student major in civil engineering in China, people around me come across the firewall when they need Google Scholar, which is rare also. Sometimes they come to me for help to get access to sites like Google Scholar. But, believe me, they don't care about what is GFW or anything about the censorship. yes, the big brother is watching and they want to be good netizens. Traditional industries like CE don't depend on internet much, so GFW does not have much influences on them. Even to programmers in internet companies, I doubt the proportion of people accessible to the free internet. Above is based on personal experiences and may not be that precise. Things are complicated in China anyway.
qsz13 · 10 years ago
As an undergraduate student majoring in software engineering in China, I'm interning for a foreign company and we have access to free internet through proxies. And in my experience, most programmers regard free network as a necessity. And for people in large cities, it is true that they don't actually care about GFW, but I think many of them are at least aware of the existence of it, and sometimes break through it out of curiosity.
vpndada · 10 years ago
Yes, Astrill and Express VPN has been popular in China. But probably because they are too well-known, their services are not totally reliable. Instead, some smaller VPN providers now offer better services. Check out this test result: http://www.vpndada.com/best-vpns-for-china/
rahimnathwani · 10 years ago
I visited your page expecting to see details of a testing methodology, along with results for a number of providers. However, the information you provide is no better than that provided by friends' anecdotes.
"Reason for Recommending: Reliable connection, fast speed. Fast customer support."
What do you mean by 'reliable'? What do you mean by 'fast'? Are you talking about latency or throughput?
"Reason for not recommending: sometimes hard to connect"
How many times out of ten? Using which VPN protocol(s)? Was this using PPTP, or OpenVPN over stunnel?
I run my own VPN servers (for myself and friends) but of course there is some ongoing maintenance effort to add new servers to replace those for which latency and/or throughput have declined. If there were a site with specific data about different companies' performance (over time), that would help me to decide whether it's still worth the effort.
userbinator · 10 years ago
Encryption is not enough. You need to disguise your VPN traffic to make it look like standard HTTPS sessions (since they don't block HTTPS).
In other words, steganography.
marme · 10 years ago
using ssh tunnel works just fine in china but they detect it and start blocking the ips. You can usually get a few weeks before they block the ip address. It works better if the server is from a legitimate source like an edu.
Most of the detection is focused on blocking vpns and they are very good and disrupting vpn traffic
ausjke · 10 years ago
This was exactly what I experienced in summer at China this year, no openvpn(not even commercial one or Linode self-hosted one), no ssh-tunnel, no other used-to-work vpn solutions.
For ssh it sometimes work for a few days then the whole IP/host is blocked.
I did not have to time try obfsproxy, shadowsock or whatever, but it really really sucked, to make things worse, my Nexus phone could not get any updates etc either, as Google is also _fully_ blocked, I felt I was back to Stone age there.
gonehome · 10 years ago
This is a great talk about some of the methods China and other governments use to block the Tor network: https://www.youtube.com/watch?v=GwMr8Xl7JMQ
It's a pretty sophisticated arms race that's lead to some cool stuff, notably pluggable transports (like the obfsproxy you mentioned): https://www.torproject.org/docs/pluggable-transports.html.en
Unfortunately the companies that enable this deep packet inspection are often American companies working overseas. My friend who used to work at Cisco said they had internal slide decks about the improvements they could make to the Chinese firewall. Then there's Bluecoat in Sunnyvale (https://www.bluecoat.com/) building the censorship systems for the middle east.
Why do American companies sell this kind of stuff to China and non-democracies in the middle east? They must rationalize it in someway, but I think it's wrong.
jefurii · 10 years ago
> Why do American companies sell this kind of stuff to China and non-democracies in the middle east? They must rationalize it in someway, but I think it's wrong.
Pursuit of the almighty Free Market without regard for scruples or morality. Basically, public corporations base success only on money. If you as an executive refuse to bow down before Mammon[1,2] then you are replaced by someone who will. Seealso Charles Stross' excellent Invaders From Mars[3]. The Chinese government and other regimes pay big money for these tools.
[1] https://en.wikipedia.org/wiki/Mammon [2] https://en.wikipedia.org/wiki/Mammon_%28Dungeons_%26_Dragons... [3] http://www.antipope.org/charlie/blog-static/2010/12/invaders...
rahimnathwani · 10 years ago
Note: that video is from 2011, and in my experience China's VPN blocking has changed significantly over that time. In 2011, I could use OpenVPN over UDP reliably, as long as I didn't use the same port for every connection. That is no longer the case, and I'm grateful for Shadowsocks as it's easy to set up (both server-side and Android client) than OpenVPN over stunnel.
gcb0 · 10 years ago
which leads me to two questions:
1. if you need custom vpn, why even have apple devices?!
2. why focus on vpn over their network instead of mesh?
lewisl9029 · 10 years ago
Some of my friends have had success with VPNGate.
It's based on SoftEther VPN, which happens to be open-source and cross platform.
I'm using it for most of my VPN setups and I've generally found it to be superior to OpenVPN in every aspect (performance, usability, protocol support, obfuscation, etc).
eloy · 10 years ago
The Chinese authorities neither understand how FOSS works nor the Streisand Effect.
task_queue · 10 years ago
Not having to worry about != not understanding
inguinalhernia · 10 years ago
"you will quickly find out your VPN works fine for about 5 minutes, but then latency increases to 5sec, 10sec, 30sec(!), and then everything times out"
I recall the same thing occurring in Shanghai with many of the popular webmail services, they'd work briefly, usually just long enough to log in and get a glimpse at an inbox, then it would time out endlessly and that'd be it.
vpndada · 10 years ago
Based on my experience, if you set up a VPN server (such as OpenVPN) by yourself and use it in China, you will see strange behaviours and the VPN server might stop working after some time. As a result, I've given up using my VPN but been using third party VPN service, which works better. Here's a list of VPNs that currently works in China: http://www.vpndada.com/best-vpns-for-china/
superuser2 · 10 years ago
How do foreign organizations with email and internal applications inside the firewall do business in China? Do they simply have to make an exception to their security policies for employees based in China? Put them on Baidu email accounts instead? Or are IT departments of big lumbering fortune-500s also dependent on these tools?
zhte415 · 10 years ago
No. Big foreign corporations, like in all countries, VPN back to their home country. The same all over the world.
Internal policy dictates this, all over the world.
Email is usually on self-hosted Exchange.
Corporate firewall blocks stuff like Youtube and Facebook - also the same over the world, but some users with the business need can access whatever the business need dictates.
Some large companies just bypass the national firewall for speed reasons - this is negotiated with the government on an individual basis - pragmatically this makes sense, as the traffic is 100% encrypted back between fixed sources and destinations, and inspecting it just wastes resources for all parties. Some corporations may also have their websites for the public access bypass any filtering, also for speed reasons (for example, internet banking).
superuser2 · 10 years ago
So exemptions from the VPN detection/shutdown mechanism can simply be negotiated by those with the political clout to do so?
zhte415 · 10 years ago
Absolutely.
joshYarnspinner · 10 years ago
Indeed. The point of the GFW is to prevent political unrest. MNC's workers are unlikely to be fermenting dissent at work. Deploying the GFW on their connections doesn't really aid the government as a whole in terms of staying in power, but it does mean that MNCs will get pissed off and may reduce their presence in China.
medecau · 10 years ago
https://github.com/Long-live-shadowsocks/shadowsocks
The original repositories have been/are being reset. (Some branches were not removed.)
Non-obvious ways to search for forks as the network graph is unavailable for larger projects.
https://github.com/search?utf8=&q=shadowsocks+language%3APyt...
empyrical · 10 years ago
You may not be able to see a list of the forks via the web interface, but you can (albeit less conveniently) see them with the JSON API:
https://api.github.com/repos/shadowsocks/shadowsocks-iOS/for...
And you can paginate like this:
https://api.github.com/repos/shadowsocks/shadowsocks-iOS/for...
misnome · 10 years ago
Can't? https://github.com/shadowsocks/shadowsocks-iOS/network seems to work just fine. It even attributes the code to the original author, despite them not having a copy of it.
kinosang · 10 years ago
I don't think it's suitable to distribute the backups until shadowsocks is fade from the gov's memory.
foxwoods · 10 years ago
Tags are still in the original repo
personjerry · 10 years ago
Oh dear, I hope the clones of this repo on Github don't cause the GFW to block Github altogether.
aianus · 10 years ago
On the other hand, the more they fall behind the more money and power for us in the west :)
yyhhsj0521 · 10 years ago
It was blocked months before.
rxvincent · 10 years ago
Government used to block Github in past few years. Then lots of programmer strongly disagreed with it.
however,browse github has been harder in 2015.
I love my motherland but i really hate what the government has done.
sorry for my poor english
aianus · 10 years ago
How did/does this tool compare with obfsproxy?
mobutu · 10 years ago
On this note, we've been trying to upload gigabytes of data via rsync from Europe to China (we are software company who are trying to deliver tools to our Chinese customers..). Connection used to be fast when it was night time in China, but lately the connection has been really slow or unusable. Is there any alternative way to get lots of packages from Western countries to China?
gnur · 10 years ago
Ship it on an usb drive. (use encryption)
JonnyGreenwood · 10 years ago
And get confiscated by China customs..
M2Ys4U · 10 years ago
The latency with that method is going to suck, though.
halfelf · 10 years ago
If this happens day to day, you may consider opening a subsidiary in China, with applying for special network. Foreign company in China can have network without GFW.
est · 10 years ago
There's no "special network", it's just plan old VPN.
hipaulshi · 10 years ago
setup a server with aliyun. the cloud service provider from alibaba. And relay the traffic from there.
mobutu · 10 years ago
Funny you mention it, we are actually uploading to the server in Aliyun cloud services. Completely unusable :(
hipaulshi · 10 years ago
lol.. I would have thought they have the fastest data center.
mobutu · 10 years ago
It probably is _inside_ China. :)
xiaq · 10 years ago
Somewhat anecdotal, but try IPv6.
finalink · 10 years ago
Copy it to an AWS EC2 Japan server, and copy it to China from Japan. I have transferred 1T data from Europe to China with this method.
mobutu · 10 years ago
Why Japan (as a location) is special? GFW does not affect traffic from Japan that much?
qhwa · 10 years ago
It's also effected by GFW. Some Japanese IDCs connect China through CN2 cable which is not so busy right now.
kinosang · 10 years ago
Use Chinese CDN (such as Upyun, Baidu CDN, Qiniu and Aliyun) for http file downloading (with a subdomain provided by the CDN or you'll need to apply permissions at MIIT as ICP) instead of rsync or ssh tunnel. Or rsync your data to Japanese Servers (Linode, GMO, etc) and ask your customers to download through http or https.
mobutu · 10 years ago
The problem is to upload data to China, we are not downloading anything from there.
"Or rsync your data to Japanese Servers (Linode, GMO, etc) and ask your customers to download through http or https."
We've used Amazon CDN before even for Chinese customers and they have closest node in Hong Kong - they still(Chinese) have difficulties to download our packages. I doubt using Japanese server would solve our problem. Thanks anyway.
mrredbit · 10 years ago
Due to political reason, I think Chinese gov seriously and actively censor package from Hong Kong
kinosang · 10 years ago
CloudFront, the CDN from Amazon, have already been blocked by the GFW. But you can use CloudFlare or Baidu's CDN, etc.
qhwa · 10 years ago
The recent congestion is caused by the price reducing of ISPs demanded by the government. A lot of customers upgraded their bandwidth without paying additional money. This makes the already busy cables out of bandwidth.
Back to your question, the answer is YES, use a proxy, which is less expensive, or buy a dedicated private virtual line from a Chinese ISP, which is more stable.
You can setup a fast proxy by carefully selecting the routing path. Nowadays, the CN2 cable (http://www.ctamericas.com/content.asp?pl=627&sl=637&contenti...) is a good choice.
jglauche · 10 years ago
So, isn't the real question how to get you into a more liberal country so you can continue your work?
halfelf · 10 years ago
That's true. But immigration for Chinese is much more harder than you think. Even in China, it is not completely free to move from one province to another.
jglauche · 10 years ago
I can imagine that this is not easy. I'd like to hear some ideas to that though, as I lack all the details on what's going on there (just been there once on a business trip - and I know they treat foreigners with money much different)
Ankaios · 10 years ago
In this case, it seems like there's a reasonable argument for asylum.
djyde · 10 years ago
As a Chinese developer, I got more and more disappointed to my country.
I'd read a book written by LinYutang, called My Country and My People. All my understandings of my country after reading this book are not same as nowaday China.
What's wrong? I don't know. I just wanna have freedom for Googleing. I just wanna the people in this country be happy not only because they get enough to eat.
aikah · 10 years ago
Don't worry, western leaders have figured out one doesn't need democracy or free speech for capitalism to function, China set an example. So with all the spying , ban of encryption , limits on freedom of the press with laws such as "the right to be forgotten" or making illegal to criticize cops or politicians in Spain , we have already entered in a post democratic era . And people in Europe take their freedom for granted forgetting they had to fight to death to win their freedom at first place.
rndn · 10 years ago
The right to be forgotten is actually a powerful mechanism to protect individuals. Though, the law should possibly revised such that it only applies to individuals that are not a public figure, who can prove to have little or no range of responsibilities.
task_queue · 10 years ago
The right to be forgotten flies in the face of capitalism. You cannot assume you act in perfect self-interest without total and perfect information. The first can be easy to acquire, the second harder.
The right to be forgotten impedes on total information awareness and the desire to make the perfect rational decision with your money.
This is a good thing. Total information is not perfect information because of bias and context. Someone seeking such information will process it through a biased lens and never attain perfection. In that case, the individual under the lens will lose out.
antman · 10 years ago
In what way has that book changed your way of thinking?
mjklin · 10 years ago
+1 for Lin Yutang, he is an amazing writer who sparked my interest in China. I lived there two years and met my wife. Xie xie Lin Xiansheng!
ambrop7 · 10 years ago
As the author of tun2socks (which is currently used under the hood in shadowsocks-android and Psiphon3 for system-wide proxying), I wasn't even aware this effort was in progress. Very sad to see it stop.
acd · 10 years ago
But censorship when the citizens can travel in and out of the country carrying USB,SSD and hard drives will not work.
hmage · 10 years ago
Do you honestly think you can carry USB and SSD to China without border officers confiscating it?
gemexe · 10 years ago
Maybe I'm lucky but I've done that many times and so far the customs never bothered
grondilu · 10 years ago
> I have no choice but to obey.
Did he ask a lawyer? Because it looks to me there are two possibilities. One, he was not doing anything illegal in which case the police had no authority to stop his activities. Two, he was indeed doing something illegal in which case he can be glad he got out of it with what appears to be only a warning.
0xFFC · 10 years ago
I didn't get where he/she is from.If I were him and I was in US I would fight back with legal system, but if I were in china and Iran I would run away (sadly because there is no reliable legal system in these countries)
yyhhsj0521 · 10 years ago
It's of no use. If he's lucky, he would "receive" a fabricated charge; if he's not, he would simply disappear.
rsy96 · 10 years ago
China is not ruled by law.
blackgear · 10 years ago
This is the end of a century. People in China had used 4 kinds of tools to skip the GFW: freegate, openvpn, goagnet, shadowsocks.
freegate is a traditional http proxy or socks proxy built by Falun Gong (https://en.wikipedia.org/wiki/Falun_Gong). They built lots of software with the same technology: freegate gpass freeu dynapass... People share this kind of banned software sending to each others just like teenagers share adult videos. After update of GFW, it become un-available and un-usable.
openvpn turns break GFW as a business, people sells openvpn account at $1.66 a month regularly. They sell this kind of services package including pptp l2tp ssh openvpn to those who need a free network.
goagent is a free software written by Phus Lu. It use Google's application engine as server so you can use it without paying money.So it replaced openvpn since it cost $0. After China banned Google, this way become more and more hard.
shadowsock is a protocol designed by clowwindy. It become a environment. People use python, C, nodejs, golang, rust, obj-c, java to write their own client and server. Some organization share their server for free, some people sell account and provide high speed. shadowvpn works as a VPN while shadowsocks works as a socks5 proxy, but share the same technology.
This is the end of shadowsocks. I means recently more and more evidence shows that GFW has finally find a way to recognize shadowsocks's packets. Then they stopped the development of shadowsocks.
That's all. The winter of China's network comes.
xiaq · 10 years ago
> That's all. The winter of China's network comes.
Is there technical reason to believe that shadowsocks or similar technology is the last stand against automated censorship?
I would just say this is just yet another stage in the censorship/anti-censorship cycle.
spanishgum · 10 years ago
I think that is what he meant. Winter is seasonal after all.
feelix · 10 years ago
I think maybe he meant it as a Russian winter
sillygeese · 10 years ago
You may not be seeing the big picture here. Censorship is about rulers cementing their rule, and may well ultimately lead to complete tyranny.
There's no guarantee that "the censorship arms race" will continue, even in your specific nation-state.
For example, I bet there's not much anti-censorship software being developed in North-Korea, because people don't want themselves and their entire families tortured to death.
The real problem here is not that we might be lagging behind governments with our anti-censorship tools. The real problem is the existence of governments to begin with, because as long as they do, they will want to control their subjects as closely as possible.
Policitians and the real rulers behind the scenes are all psychopaths.
They see us as human livestock, and any one of them would be perfectly happy with a global North-Korea, as long as they personally would be in the tiny ruling elite, with all the riches and power a psycho could ever dream of.
woodchuck64 · 10 years ago
> I means recently more and more evidence shows that GFW has finally find a way to recognize shadowsocks's packets.
Hmm... okay, so they defeat shadowsocks by recognizing the packets.
> Then they stopped the development of shadowsocks.
But if they already had shadowsocks beat, why do they make a public show of shutting it down?
Sounds more like they recognize that they don't have the GFW technology to defeat shadowsocks on-going development over time. Which suggests all you need is a new developer.
fluidcruft · 10 years ago
I don't know if this is the case, but I think it's entirely possible to know that shadowsocks is being used widely without being able to do anything about it at the network level. I think that's plausibly how shadowsocks is designed to avoid the GFW in the first place.
For example, if their capabilities to identify shadowsocks traffic is not particularly specific, filtering would result in undesirable impact on other traffic. They can also have other out-of-band estimates for the extent of shadowsocks use (presence of the software on seized or searched equiment, observed chatter, informants, etc).
Ankaios · 10 years ago
There's no such thing as overkill.
cyphunk · 10 years ago
actually doing both makes a lot of sense.
a: build a method of detection and prevention and
b: find and coerce developer to stop improving software,
#b is required assuming the developer(s) is considered to be an above average adversary. When there is no silver bullet solution a cat+mouse game is inevitable. That further increases the value of this action.
#a being done at same time as #b has an effect on the collective behavior of the adversary. I'm sure various members for the RIAA and MPAA are wondering how they could have dealt with "filesharing" in a similar manner during the Napster days. But in the end it only buys you time in a cat+mouse games. meh, im sure there is some sun tzu art of war blah blah somewhere saying the same. more poetically of course.
adamfisk · 10 years ago
Everyone can just use Lantern (https://www.getlantern.org). They already are, but in greater numbers since the Shadowsocks announcement (https://github.com/trending).
sneakOwl · 10 years ago
A lot of people set up shadowsocks on their VPS and then spread it to their circles. It's the growing community and that more people are communicating with each other via means the party can not control that upsets the party. This will not stop, it's our fight for freedom.
diegolo · 10 years ago
I happily bypassed the great firewall using https://github.com/apenwarr/sshuttle
catinred · 10 years ago
I've been using this anti-censorship software for about 2 or 3 years. It's the most stable one of all anti-censorship softwares I've ever used. For those who's not in China mainland, you can not imagine how many breaking-wall softwares we've ever used.From ssh -D,pptp,L2tp/ipsec,to OpenVpn. In order to access twitter,someone even create twitter api proxy such as Twip,btw,the creator was ever forced to "drink tea" with the police ,too. The Chinese gov just blocks any sites they want and frighten anyone who is "troublemaker". Best wishes for the gov,and for the heroes who is creative and brave to develop all these anti-censorship softwares.
lifeisstillgood · 10 years ago
Is this then a sign that the network architecture of back hauling everything to SF in order to send it back to Beijing so one can update ones neighbours wall, that architecture is flawed and needs to fall back to a peer to peer approach - one that truly can route around censorship
seanhandley · 10 years ago
687 forks. Good luck to the authorities!
geff82 · 10 years ago
as a sidenote I encourage all people with talent to leave countries with suppressive regimes. I think they should be erased from their position. One way to do that is to encourage everyone to leave their country. One can argue that staying in a bad country may one day help to build it up again, but on the other hand, nothing hurts bad people in power more than complete brain drain.
0xFFC · 10 years ago
I have plan to leave, I am looking for os research lab to apply in next year or after and I am working on my langauge. quick question , your family does not have any issue with openvpn ? the place where I am we cannot use openvpn.they shut connection down every 2 3 min.
eric_bullington · 10 years ago
Are you using a commercial OpenVPN provider, or bootstrapping your own OpenVPN proxy like the grandparent poster? That may make a significant difference.
0xFFC · 10 years ago
both . in either case scenario was same , and most of my friends (which most of them are in CS industry ) have same experience .
I used to use commercial openvpn provider , and after a while I config my own openvpn server in my own vps . they both lose connection after 2 3 min. right now I am using shadowsocks and I have other options in case of something goes wrong.
njloof · 10 years ago
To answer your question, OpenVPN is no problem at most ISPs in Canada or the United States. The only ones I have heard of that restrict VPN use from home just want to charge you more money for their "business" service instead of "home".
e12e · 10 years ago
> nothing hurts bad people in power more than complete brain drain.
Well, yes. A noose, for example. I completly sympathise with those the flee - but change in any country csn really only come from within. Often with help from outside - but without a force of change within - a real force - there will be no real change.
geff82 · 10 years ago
Yes, the micro and macro levels are contradicting. On the micro level, it is everyones personal best to leave and try to make a good life outside. On the macro level, it is best to stay and work on changing things for the better.
lucagold · 10 years ago
you have to realize that sometimes it is not that easy for people to just leave. it's not like they just quickly buy a plane ticket and fly off to some safe country and the happy ending is complete.
you'll have to to be wealthy enough to afford finding a way out. you'll have to be willing to leave your family/friends. you'll have to be willing to leave the place you might be very attached to. you'll have to be willing to put up with all the bullshit and xenophobia you'll be faced with, once you arrive in your "safe" destination.
jedisct1 · 10 years ago
Most importantly, you need a visa, which is not necessarily easy to get, especially if you are a Chinese citizen.
It's not just about being attached to your friends or to a place. A lot of people would love to leave their country, but aren't allowed to.
robbiep · 10 years ago
And nothing hurts a whole country more than a massive brain drain
TazeTSchnitzel · 10 years ago
> as a sidenote I encourage all people with talent to leave countries with suppressive regimes.
All countries have oppressive regimes. Some are just moreso than others, and some target different people than others.
This is utterly destructive thinking, anyway. If the only hope, the only spark for change, flees, then there can never be improvement.
jlebar · 10 years ago
> All countries have oppressive regimes.
kinofcain · 10 years ago
China is ~20% of the world's population (1.36 billion of 7 billion).
If everyone in China left China, and assuming the rest of the world is living as a family of four (play along), then every home in the world outside of China would have to take in one Chinese refugee.
"Leave" is not a viable strategy at scale.
ctdonath · 10 years ago
You don't need everyone to leave, just a relentlessly growing percentage. At some point the system starts to crack, and either they relent or it breaks.
In the USA, there is the fundamental notion of "consent of the governed" - if enough people won't submit, the government cannot function.
dreamfactory2 · 10 years ago
That's true anywhere, and it's what governments of all stripes worry about and steer. Western ones do it with a bit more finesse, but there's little fundamental difference. It's why Chomsky talks about 'manufacturing consent', and why marketing is an important field for Western governments, as covered in some detail by Adam Curtis. The UK government even have a unit dedicated to 'nudge theory'.
wyager · 10 years ago
The US government makes it very hard to leave, no finesse involved. To renounce your U.S. citizenship, you have to pay a fee of over $2000, pay huge "exit taxes", and provide six years of tax compliance proof to the IRS. http://money.cnn.com/2014/12/10/pf/taxes/expat-passport-citi...
tankenmate · 10 years ago
When it comes to capital China is actively preventing people with money from leaving; and even putting pressure on family members of people who have left in order bring them and, more importantly, their money back.
gbog · 10 years ago
Well, in the cases I have heard of the money was stolen from the Chinese people so it seems understandable that they want it back.
Also, Chinese are not prevented from leaving the country, que the opposite. Enormous efforts have been spent in sending a lot of student abroad and bringing foreign teachers in (I have been one of them). The thing is for most people here not being able to Facebook is of minor importance compared to access to cheap and good food, secure cities and an environment where they don't feel people look down on them. So, many Chinese students come back to China after abroad studies, despite all the problems in China, and amongst them GFW is the last important.
mirimir · 10 years ago
I've read that it's the wealthy who are leaving China. Or buying second homes, anyway.
dang · 10 years ago
We detached this subthread from https://news.ycombinator.com/item?id=10101653 and marked it off-topic, since it was a generic tangent that led, as so often happens, to a flamewar.
It happened elsewhere in this thread as well: https://news.ycombinator.com/item?id=10103364. The end state of that one was Hitler, the end state of this one was jingoism. There aren't many end states.
This subthread turned so pathetic that I wonder if we should create overflow pages for these. The bottom of a regular thread seems too good for them.
FooBarWidget · 10 years ago
Any knows a good shadowsocks tutorial for OS X? I'm going to China next week but I need to keep working while I'm there. I need to access Gmail, Github, AWS, etc. I can't get it to work with the few tutorials I found: the connection appears to freeze, and only certain browsers respect the OS X socks settings (no command line tools).
__kaichen · 10 years ago
Hey, you could use a GUI client named GoAgentX on github. You could find the download link at this address.
fexy · 10 years ago
I am living in Iran and shadowsocks was by far the best tunneling software I have ever used, and believe me I've used almost ANYTHING!
I appreciate the efforts of clowwindy and it's talented developers and hope the development keep going.
That might be nice if some independent organization take ownership of the project so other individuals feel safer contributing to it.
WalterSear · 10 years ago
It's not like the source code isn't still there, in the initial 'deleted' repo, not to mention several hundred forks.
UserRights · 10 years ago
What an awful government, simply horrible!
Now imagine, one manager coming to you with an idea:
"Hey, here is a great way to make big money: we fire all our expensive US workers and move the whole production chain to China, people are much cheaper there and governement will keep it that way!"
Would you adore such a greedy $$$hole and make him manager of the century?
Just another crazy idea: Imagine we would produce all our hardware for all our communication devices in a country with such an authoritarian neandertal-government! Oh, wait...
auganov · 10 years ago
Anyone able to verify clowwindy is okay and the encounter with police ended at that? Their twitter seems to be accept-only now.
mclee · 10 years ago
clowwindy showed up on twitter saying he's ok but has to drop maintenance. I guess he's physically alright.
jdenning · 10 years ago
I know there are plenty of copies out there, but in case anyone needs a link, here's my (unmodified, except for the rm branch/removal message) fork:
cLeEOGPw · 10 years ago
Any technology can be used for both good and bad. There's nothing inherently wrong with technology.
chronial · 10 years ago
No, that is not true. Look at the atomic bomb for example. The technology here is not just nuclear fission – the bomb itself has a lot of unique technology.
There can be a lot inherently wrong with technology, and there quite often is.
kjs3 · 10 years ago
Name one technology used in a fission device that doesn't have other, non-weapon application.
chronial · 10 years ago
Weapons-grade uranium.
kjs3 · 10 years ago
Stop enriching before it gets to weapons grade purity and it's fuel for a reactor. Fail.
chronial · 10 years ago
I'm no expert on the topic, but I think you need essentially different tools and technology to reach the purity necessary for weapons. So using these way more expensive tools to create fuel would be just stupid.
kjs3 · 10 years ago
They use exactly the same process and technology (these days either gas diffusion or gas centrifuge). These are iterative processes; you keep running them until you get the level of enrichment you want (<20% for fuel, >80% for weapons). Quit speculating on how you can get the answer you want and try the facts.
idlewords · 10 years ago
You can make a campfire out of plastic explosives, too. You got an answer to your question and then moved the goalposts. Move on.
kjs3 · 10 years ago
I asked what technology in a fission bomb did have non-military applications. He answered with a product (not a technology) for which the technology to produce has other, obvious, non-military applications. He is wrong, your point about plastic explosives is irrelevant sophistry, and no goalposts have been moved.
hobs · 10 years ago
What about all the Peaceful Nuclear Explosions (PNE)? The nuke is extremely destructive and extremely dangerous, but its not inherently wrong, they have been used to close gas wells by the Russians, and I am pretty sure the US had the plowshares program.
There are definitely some arguments that we could have used conventional explosives for those purposes, but my point is that a nuke is just a tool, its the people who decide to use it admirably or despicably.
maxerickson · 10 years ago
Operation Plowshare didn't have much practical application:
kjs3 · 10 years ago
Actually, Plowshare succeeded in it's practical applications. They wanted to dig big holes fast, and by god they did. That was when the indirect costs of applying the technology (namely, poisoning the world) became apparent and it was prudently abandoned.
maxerickson · 10 years ago
I would use effective to describe what you are talking about. If it were practical, the utility would exceed the indirect costs.
kjs3 · 10 years ago
That's a fair statement.
mnem · 10 years ago
Isn't radioactive fallout a direct cost of the technology?
kjs3 · 10 years ago
As maxerickson pointed out, that's true, and I acknowledge the defect in my argument.
chronial · 10 years ago
We might just fundamentally disagree an the whole tool ideology.
Imagine this device: It only has button, pressing it will torture every human beeing in earth for 100 years and then wipe out what's left. Trying to disassemble or analyze it will do the same.
Would this still classify as "just a tool"? (peaceful uses: explaining the importance of restraint etc.)
This is not supposed to be an analogy, but a serious question, because I don't believe that guns dont't kill people. And if we disagree on such a fundamental question, I don't think an internet debate could have a sensible outcome .
pablovidal85 · 10 years ago
Guns alone don't kill people (at least if they're not programmed to do so automatically), but as humans sometimes act irrationally, one could say if the population had less guns then there will be less deaths by gun shot.
Datsundere · 10 years ago
The sole purpose of a gun is the kill/destroy more efficiently because knives and forks were not.
pablovidal85 · 10 years ago
Nothing really has just one purpose. I admit that the person who built the weapon may have done so with the idea of killing in mind, but nobody can stop me using the gun to crack a nut or scare animals using a blank cartridge. Ultimately is a person (or a machine built as an extension of somebody's will) who points to something and pulls the trigger.
hobs · 10 years ago
In your hyperbolic example, the tool has no potential positive purpose, so obviously it is only a tool for destruction. I don't think nukes come close to fitting this description, and I don't really understand the purpose of the question, but if it is earnestly asked I will answer it.
I don't deny that nuclear technology has contributed to some of the worst calamities to befall humanity, I simply disagree that they have ONLY done negative things.
saalweachter · 10 years ago
I might quibble on the definition of "technology".
For instance, yes, a gun is a tool designed to kill a thing. Some guns are specifically designed to kill people.
But the technology of gunpowder propelled projectiles has peaceful applications. For instance, one of the early uses was to propel a rope to distressed boats and ships so that passengers could be rescued.
Likewise with the hypothetical device you have described. Sure, sounds terrible. But what are the underlying technologies it is built upon? Unless you've tapped into some sort of fundamental evil force of the universe, there are probably some pretty awesome technologies involved, that would have peaceful, useful applications in another device that wasn't so awful.
andrepd · 10 years ago
But nukes are the reason there haven't been any direct wars between major powers since WWII. Isn't that a good thing?
briandear · 10 years ago
Without the Atomic bomb, millions of more people would have died. Thus the Atomic bomb saved lives as well as created a disincentive for Communist expansion during the Cold War. Western Europe would have been a war zone in 1960 if it weren't for the nuclear threat.
Just a caveman assessment of "atom bomb bad, flower good" is intellectually weak. The atomic bomb created a balance of power, the destruction of which would have resulted in countless wars and deaths.
kjs3 · 10 years ago
Just a caveman assessment of "atom bomb bad, flower good" is intellectually weak.
A wannabe cold warrior fantasy of "without the nuke, the godless Commies would have put the boot to the civilized world" is just as intellectually weak. I thought this furious jerking off over Regan-era revisionist talking points was passé in the current century.
elektromekatron · 10 years ago
Design can embed intent into an object. Software can embed it very well.
dang · 10 years ago
This subthread detached from https://news.ycombinator.com/item?id=10102113 and marked off-topic, since it seems to be the root of the flamewar.
We've noticed over and over how generic tangents are the gateway to flamewars. Tangents about something specific ("off-topic, but I once worked with that group...") are often interesting, but generic tangents dilute discussion and not infrequently eventuate in Hitler.
kodisha · 10 years ago
Right about now in China, GFW HQ:
- Hey guys, we are on front page of HN again!
- Yaay, lets upvote!!!
daurnimator · 10 years ago
Holy shit, clowindy was asking me questions related to this issue just last week.
This is a scary wake up.
kinosang · 10 years ago
Long live the shadowsocks.
People who do not yield to the GFW already made backups of all the repos under github.com/shadowsocks. And new tools to bypass the GFW is under development.
baozi1989 · 10 years ago
In China, People give their country another name --- West Korea.
sidcool · 10 years ago
Knowing as much as I know about China, I somehow feel it was considerate of them not to arrest the person or hack into his computer. They sent some guys to make him stop. May be I have a very bad impression of the Chinese government.
sidcool · 10 years ago
I seldom wonder; what is that the Chinese government aims to gain from all this oppression? What any government hopes to gain? North Korea, Cuba, Venezuela, China, Russia (?) etc....What exactly do they want?
tired_man · 10 years ago
They want to remain in control and never be displaced.
You can tell when a country is either totalitarian or when it's heading that way when they begin seeking increased control over the media, when your communications are subject to routine governmental monitoring, when you can become criminally suspect for having cash, when they're afraid of you being able to encrypt anything because it might be Terror/ChildPorn (read as "forming plots against them"), etc.
Most of all, they don't want to end up dead like Saddam and Qaddafi.
They have valid fears of that becoming reality. Just like other politicians....
switch007 · 10 years ago
UK is heading this way..
tired_man · 10 years ago
US, UK, AU....
The only hope is for oil to just run out.
Intermernet · 10 years ago
Like most governments around the world, they tend to think that "change = defeat". The US, UK, Canadian, and Australian governments are not really any better in this respect. They don't really understand the internet, and are therefore (sometimes justifiably) frightened by it.
Governments, by definition, are meant to "Govern". Most see that the the rules of governance that they, as experts, have defined, should be "The Only Rules". They have a vested (if only intellectual, but rarely is this the case) interest in seeing people follow these rules. Any discussion, or debate, regarding alternative rules, is obviously being pushed by people who don't know what they're talking about.
It's oppression based on consensus and bureaucracy. Sometimes it's nefariously directed, but often it's just pigheadedness and arrogance that lead to decisions like this being made.
Although, sometimes it's just downright manipulative pricks holding the reigns. Hopefully this is less frequent than it actually appears to be. I'm giving these governments the benefit of the doubt, though they haven't done much in recent years to deserve it.
sidcool · 10 years ago
Spot on! Governments are shit scared of the internet, probably even more than terrorists, probably because internet is a tool for the mind. A free mind has boundless optimism and spirit, and an oppressor cannot reign over such a mind.
jacquesm · 10 years ago
To remain in power a little longer.
nadams · 10 years ago
This feels rather suspicious to me. Either the police are complete idiots (because people have forked his code and you can still get it from the forks) or there is more to the story.
It would make more sense to just send a DMCA takedown for that plus all forks to ensure that the streisand effect doesn't come into play. Because now I gotta grab a fork and squirrel it away - even though I'm in the US I feel like this is important stuff to keep.
seba_dos1 · 10 years ago
And how would DMCA apply in this case?
nadams · 10 years ago
You should sign up for notifications for the github repo where they post DMCA takedowns. People who release open source sending DMCA takedowns to people who create repos with that code.
I'm not saying it's right. I think there needs to be a stipulation in the DMCA to allow service providers to actually be able to research and think about the take down request. As it stands right now - you can send a DMCA takedown for any github repo and github MUST ASAP disable that repo - no questions asked. Of course - asking to take down a repo filled with material that isn't copyright to you could get you into legal trouble. However, I doubt people in China care about US laws - especially if they are the government themselves. Would you sue the Chinese government for wrongful DMCA takedown of your github repo?
Intermernet · 10 years ago
If you were a US developer hit by something similar, you may have been sent an NSL, and would therefore be unable to discuss it at all. The DMCA would only apply if you had been accused of copying, or creating a derivative work.
I find it interesting that the Chinese police have told him to shut it down, but have not put any restrictions on telling people he's been told to shut it down.
Who has the greater freedom in this respect?
nadams · 10 years ago
> The DMCA would only apply if you had been accused of copying, or creating a derivative work.
See my reply here [1].
> I find it interesting that the Chinese police have told him to shut it down, but have not put any restrictions on telling people he's been told to shut it down.
Don't you think that signals there is more to the story? I doubt some friendly people knocked on his door and asked him nicely to remove the code. Then after he did it - they told him to have a nice day and left him with some tea and biscuits.
My gut feeling is there is more to the story than what is in the one line comment in the issue tracker.
Tobu · 10 years ago
The code is still easy to find, but they threatened the main developer so he won't work on it anymore. I think they won this round.
jondubois · 10 years ago
I don't see the Great Wall of China as inherently evil. I don't think Chinese people would benefit if we (the west) had free reign to impose all our extreme capitalist beliefs on them. Maybe they are not ready for it.
It's arrogant for us to believe that we are on the 'free' side of the firewall. I don't see how one side is more free than the other - Both sides are subjected to constant brainwashing by various media - Be it at the hands of a suppressive government or those of greedy corporations.
alleycat · 10 years ago
Capitalist beliefs? They're just as capitalist as us, even more so these days (especially in Western Europe).
jondubois · 10 years ago
I am aware of this effect (my wife is Russian) but I would still argue that they are not capitalist in the same way that we are (though they do come across as hyper-capitalist on a superficial level - As in; they are big consumers and they like to show off their social status).
One thing that really surprised me about Russian and Chinese people though is how well they take care of their friends and family (for example, they are often very willing to share their money to help each other) and how genuine they are compared to westerners. I know it's a big generalization but it's something I noticed.
Qualman · 10 years ago
The difference is, we in The West have the right to choose what to consume, or be "brainwashed" by, and China's government chooses for them. Which would you prefer?
rndmind · 10 years ago
This is a very unique and insightful way to look at it. Absolutely the GFW of china is a huge way to block outside cultural influence ( manipulation and many other unwanted foreign influences )
With that said, I'm of the radical belief that no internet communication should be blocked, inspected, or analyzed etc... but thanks for such a piquant response.
geggam · 10 years ago
Have we all forgotten corkscrew ?
SwimAway · 10 years ago
Cancerous governments desperate for control. Swim away.
OJFord · 10 years ago
I'm not American, but still catches the eye that this currently stands at "911 points"!
skynetv2 · 10 years ago
I am confused .. did the Chinese police come and ask him to stop working on it? Which country is he in?
syntheticcdo · 10 years ago
China
hachiya · 10 years ago
So how did the Chinese police find clowwindy?
His contact information doesn't look readily available online.
Did Chinese authorities contact Github, which readily complied with information that led to him being located?
sandyvid · 10 years ago
It's really not that hard for the cops to track down someone in China. Besides, clowwindy didn't take any precautions before. I believe clowwindy once revealed the company he worked for.
hachiya · 10 years ago
Do you have a reference for clowwindy revealing his employer? I didn't see anything about that.
Cops can do a lot of things, but they don't pull information from thin air. Github would be one source of information.
It's odd that this entire, and very popular, discussion on HN doesn't delve into how this individual was found.
It's also interesting that your reply is from a new account with only this comment.
fridsun · 10 years ago
All ISPs in China are government-owned. It is believed that the government can locate any IP. Then it's only a problem of finding his IP by monitoring.
hachiya · 10 years ago
That may be possible, but no source had made that claim as far as I know, in this case or any other. Also, Github uses SSL. It would be interesting how they distinguish one user's Github connection from all the others originating in China.
Again, how the Github user was actually located by Chinese police was not disclosed or even discussed here. It's interesting that mentioning this has resulted in two comments by new accounts, solely to blame Chinese authorities as discovering the user on their own, with no evidence for it.
adamfisk · 10 years ago
At Lantern (https://www.getlantern.org) we make censorship circumvention software that shares some similarities with Shadowsocks but that also uses p2p. Since the @clowwindy announcement we're the #3 trending repository on GitHub basically because a ton of Chinese coders have been starring it - https://github.com/trending
wolfgke · 10 years ago
Quote: "Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from GitHub. I have no choice but to obey.
I hope one day I'll live in a country where I have freedom to write any code I like without fearing."
I claim that the west is hardly better: Just say "copyright law".
aflying · 10 years ago
oh,this seems to be a controversial question.The point is how to regard GFW in China.To be honest,every countries has its censorship.However,the point is GFW in china is opaque,which is not accepted.A man has rights to know what he want to know,and for gov,managing should be public.As for the author of shadowsocks,it is very sorrowful that she is asked to stop his work,which helps many Chinese people.For developers,this is what their work needs;for users,this is chances to see the real Internet.Remember everyone does not want to oppose gov,they just want to see something useful for their jobs,which also includes some politic news against Chinese gov.
Nanshan · 10 years ago
IPv6 is the powerful tools over the GFW
anabis · 10 years ago
Tangential, but the icon is from 星空のメモリア, a Japanese game. It has not been turned into anime, so can he read Japanese decently, or just using random pics?
Joona · 10 years ago
Might be translated in to Chinese.
bakabaka9 · 10 years ago
This saddens me personally, as I once worked with this guy; he is very productive and talented developer. Imagine how god-awful he feels now, threatened by police and forced to stop committing to his very own projects.