Meetups/Infra/2024-08-12
We took much of the meeting to discuss circumvention of the GFW in China in practice, learning about the history and evolution of blocking and specific techniques for circumvention. We also learned about a guest's personal self-hosted services.
What's new[edit | edit source]
Plan9. Unix history , everything is/as a file.
Redox. Rust OS, inspriations Linux, Plan 9, seL4, etc. System76 employee. System76 -- advertising Cosmic DE, like KDE or Gnome.
Greg - Compiling Cosmic. Possibly running out of RAM. On nix builds in the past.
Circumvention. VPNs,
what can be found passively.
Introductions[edit | edit source]
- [name] - [background]. [goals for meetup, or interests to explore]
- Loren -
- Jake - used to work in games, backend, games on the side. Inter
- Yihan - born & raising in china, came here 3 years ago, U Minn, sweden. Master type theory, math & PL.
- Bryan - datacenter tech, host movies, open to other things to pack on my RPi
- Greg - soon to be unemployed rust developer. Home lab, rust & nix os topics.
- Sam - unwitting devops engineer, at startup. Self hosting home lab for 10 years. Networking computer hardware.
Lesson or Demo[edit | edit source]
- https://github.com/owncast/owncast - self-hosting live streaming platform.
- Hosting -
- Firewall in china -- first it was a simple internet scan. In days before TLS. When people searched certain phrases, they would get a TCP RST.
This could be circumvented with gzip, or using TLS. 2012 and before 2014 people started to use TLS more often. Firewall started to pollute internet records. If your DNS server was set, explicitly to Chinese dns server, polluted, public e.g. 8.8.8.8 would be ok. 2016 abouts, would tamper with DNS responses, if unencrypted, even if 8.8.8.8 public dns. Started to block IP addreses. 2016/17 -- started to look at SNI in TLS connection setup. https://en.wikipedia.org/wiki/Server_Name_Indication (SNI) China not willing to block all of Cloudflare, but could filter on SNI. Rumor, around 2018, govt started building advanced detection that tracked other datums. Packet frequency, length, insecure block cipher -- revelaing patterns. Started to change IP blocks more often Around 2019, RFC brought eSNI, immediately banned.
This is the intentional firewall. There's also unintentional results of blocking. Tried hard to pick a good route, pick a good provider with better routes to b Chineses ISPs, do service quality control, in a bizarre way. Prefer to drop UDP packets, violently. Some UDP proxies, proxied UDP.
- Nix Home manager
- Question about wikis
- Obsidian -- note sync
- Logseq -- note sync
- Joplin -- apple notes without the apple
- https://www-users.tebibyte.io/~yihanwu1024/2024/research-on-information/
- https://hash.ai/blog/self-building-database
- Read aloud: clarify for meetup. We are taking notes in a riseup pad (or I am--help appreciated, and links). We have meeting notes posted to the wiki. noisebridge.net, search Infra, or Meetups/Infra. (the Infrastructure page has a disambiguation link.)
- Shell, web services, self-hosting, networking!
Questions, Discussion, or Coworking[edit | edit source]
- [Issue]
For next time[edit | edit source]
Questions[edit | edit source]
Readings & Exercises[edit | edit source]
- Readings
- Exercises
Join online[edit | edit source]
- Try it yourself!
- Join libera.chat #nb-meetup-infra