Normally they have to fight VPN issues anyway, but having a sovereign state inject your packets is certainly a fun new one.
It’s good to know the boss.
But there absolutely is also a non-negligible number of Chinese and Indian nationals, who have some type of visa status in the US (especially a green card) who spend many months in their original countries making $200,000 or more per year while living like royalty in their home countries :)
So much has happened since then...
If you get a green card and leave the us for any amount of time, on return the border agent makes a determination on the spot if you intended to live abroad.
Less than six months is simply less suspicious than more.
Now, the people I work with know that I'm not really located in the same time zone, but I know people who don't bother to mention it. I rarely get phone calls, but I have a roaming connection active for banking/OTP/etc. Plenty of cheap cafes with great WiFi (500mbps+ almost everywhere), and several times cheaper too.
Not really. People like it in China, regardless of whether they're Chinese.
I took an English teaching certification course in Shanghai. The teachers for that course were used to rotating around the world as the company held courses in various random locations.
One day the teachers asked what was apparently a standard question for them, "are you planning to stay here after you get the certification?"
And they were flabbergasted when everyone answered yes. Apparently in most of the locations that offer CELTA courses, the majority of people come for the course and get out as soon as they can.
Because they have some of the most beautiful scenery and buildings I've seen and I've been to dozens of countries.
Personally I wouldn't go there for remote work, because the internet interference is a pain but a holiday definitely.
The nature spans salt lakes and rainbow mountains akin to South America, to the Northern Lights in Mohe down to karst formations of Guilin shared with Vietnam's Halong Bay.
The cuisine is diverse and dishes popular in places like Xi'an reveal lasting influences dating back to the Silk Road.
If you can't find "somewhere really nice" amongst the myriad people and locations you haven't tried.
If it wasn't literally 10x cheaper to live abroad than it is to live in Seattle/San Jose, it wouldn't be as prevalent. And not to mention, the quality of life is often better at the 10x cheaper price as well.
I can give you as much proof as you would like!
Example: https://www.justice.gov/opa/pr/justice-department-announces-...
That Cloudflare had an outage. Not America.
You probably mean the USA? After all, it was China and not Asia which was responsible for the incident ;)
And no, "America" may have referred to the US when I was a kid and here in Central Europe we had Back to the Future type of shoes with the American flag, yeah, and I would not say unambiguously so.
If someone says "America" to refer to a place, they really ought to specify if they want you to understand them.
in this case, the connection works fine, some extra RST+ACK packets were delivered to your network on purpose
But GFW certainly had the capability to block all ports. So no one really knew.
If I understand right, a good next step would would be with eBPF or some type of proxy ignore the forged RST+ACK at the beginning.
Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.
See <Ignoring the Great Firewall of China> in 2006. That won't work if RST/ACK was injected to both sides.
> Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.
This is an interesting approach already being utilized, namely TCB desync. But currently most people tend to buy VPN/proxy services rather than studying this.
Lists a single AS45090.
> multiple sources
From a Telegram group, reports from people from the same AS.
I think these people are overthinking. Probably a misconfigured firewall rate limiting some bots or crawler from the network.
But yeah go on, China bad.
So what's blocked differs by region
Unknown. I haven't seen any injected fake DNS or reset packets so far to domestic hosts. But there are rumors that Google's servers in Beijing (AS24424) was once black holed.
> Is GFW a central hub for all traffic between all hosts?
It's supposed to has centralized management system, but not a single hub.
> Or between residential ASNs and commercial ones only?
Yes, the injecting devices are deployed in IXPs, the AS borders. See <Internet censorship in China: Where does the filtering occur?>.
> In the UK and Iran a lot of censorship was implemented by leaning on ISPs at IP level (eg BT Cleanfeed) and with DNS blocks but I haven’t kept up to date with how networks might handle residential hosting.
I believe Iran has more centralized system like China controlled by Tehran.
> Maybe internal traffic is just all banned?
No, internal HTTPS traffic is not banned in that hour.
kotri•5h ago
hackernewsdhsu•5h ago
phantomathkg•4h ago
wkat4242•4h ago
cedws•4h ago
Gigachad•3h ago
eastbound•4h ago
vintermann•4h ago
woooooo•4h ago
If it's on purpose, I think you have the most likely motivation.
mschuster91•57m ago
[1] https://en.wikipedia.org/wiki/Cherbourg_Project
wkat4242•4h ago
methou•4h ago
NitpickLawyer•4h ago
andrewinardeer•4h ago
NitpickLawyer•4h ago
Helmut10001•4h ago
Zacharias030•3h ago
4gotunameagain•3h ago
Every major power has polluted near Earth space as a show of power.
cyberax•3h ago
therein•3h ago
perihelions•3h ago
[0] https://planet4589.org/space/con/star/planes.html
(On general principles, you could argue you'd need 1:1 launch vehicle parity (number, not payload) to defeat a satellite constellation this way. For each satellite launch, you'd need one corresponding anti-satellite launch into that same, newly-defined orbit).
kortilla•2h ago
perihelions•3h ago
Relevant, Chinese domestic media reporting on China's own perspective:
https://www.scmp.com/news/china/science/article/3178939/chin... ("China military must be able to destroy Elon Musk’s Starlink satellites if they threaten national security: scientists" (2022))
> "Researchers call for development of anti-satellite capabilities including ability to track, monitor and disable each craft / The Starlink platform with its thousands of satellites is believed to be indestructible"
"Easy to bring down" vs. "believed to be indestructible"—some tension there!
ceejayoz•2h ago
perihelions•1h ago
progbits•3h ago
senectus1•3h ago
audunw•3h ago
And I doubt China would want to make LEO impossible to move through anyway. It’d affect China badly as well
baq•1h ago
stevage•4h ago
spwa4•2h ago
The only thing that could bypass is GPS + laser links (meaning physically aiming a laser both on the ground AND on a satellite). You cannot detect that without being in the direct path of the laser (though of course you can still see the equipment aiming the laser, so it doesn't just need to work it needs to be properly disguised). That requires coherent beams (not easy, but well studied), aimed to within 2 wavelengths of distance at 160km (so your direction needs to be accurate to 2 billionths of a degree, obviously you'll need stabilization), at a moving target, using camouflaged equipment.
This is not truly beyond current technology, but you can be pretty confident even the military doesn't have this yet.
threeducks•47m ago
The moon is 700 times farther away than the starlink satellites (or twice that, if you consider the bounce), so I find it hard to imagine that it would be impossible to communicate with much closer satellites over laser when both sides can have an active transmitter.
mnw21cam•46m ago
However, this solution is going to stop working when a cloud drifts past.
mryall•3h ago
Tuna-Fish•1h ago
Not true anymore.
> and the antenna will also only operate in an approved zone (depending on your country and account type). You cannot use it in China.
This is still correct.
preisschild•3h ago
veunes•3h ago
outworlder•3h ago
If you think this is bad...
You can't even have a blog in China without authorization. It doesn't matter if you pay "AWS" for a machine. It won't open port 80 or 443 until you get an ICP recordal. Which you can only do if you are in China, and get the approval. It should also be displayed in the site, like a license plate. The reason "AWS" is in quotes is because it isn't AWS, they got kicked out. In Beijing, it is actually Sinnet, in Nginxia it's NWCD
You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).
In a nutshell, they not only can shutdown cross border traffic (and that can happen randomly if the Great Firewall gets annoyed at your packets, and it also gets overloaded during China business hours), but they can easily shutdown any website they want.
UltraSane•3h ago
I added an A record for subdomain and pointed it at Chinese IP addresses. I wonder if I will get that angry email?
bawolff•2h ago
I think the real paranoid people use cloudHSM.
Faaak•2h ago
kotri•34m ago
But yeah, they can shutdown anything unless proxy server is widely used. as <Nearly 90% of Iranians now use a VPN to bypass internet censorship>.
darrenf•23m ago
kotri•18m ago