Terrible, this is Internet curfew. It's not uncommon to imagine they'd shutdown Internet across border during any war (like against Taiwan).
outworlder · 6h ago
> Terrible, this is Internet curfew.
If you think this is bad...
You can't even have a blog in China without authorization. It doesn't matter if you pay "AWS" for a machine. It won't open port 80 or 443 until you get an ICP recordal. Which you can only do if you are in China, and get the approval. It should also be displayed in the site, like a license plate. The reason "AWS" is in quotes is because it isn't AWS, they got kicked out. In Beijing, it is actually Sinnet, in Nginxia it's NWCD
You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).
In a nutshell, they not only can shutdown cross border traffic (and that can happen randomly if the Great Firewall gets annoyed at your packets, and it also gets overloaded during China business hours), but they can easily shutdown any website they want.
leroyrandolph · 2h ago
I laughed when I saw "Nginxia", thinking it was a portmanteau of, well, nginx and wuxia, a Chinese fiction genre. Reality is much less funny when I looked up NWCD, and you likely just made a typo of Ningxia.
kotri · 3h ago
Not all Western companies comply with Beijing, like Route53, a name I've never heard of; Cloudflare seems to be most popular in China.
But yeah, they can shutdown anything unless proxy server is widely used. as <Nearly 90% of Iranians now use a VPN to bypass internet censorship>.
darrenf · 3h ago
AFAIK Route53 is AWS’s managed DNS product, not a company.
kotri · 3h ago
OK, AWS again, I know it not only complies with Beijing but also Russia and many other dictatorships. Banned domain fronting and recently enforced S3 bucket-based subdomains for government to better inspect.
lazide · 8m ago
Their point is if you’re served within China (aka hosted off a chinese IP, or accessing anything from a Chinese IP) it doesn’t matter if the other company interacts or complies with China’s rules - the other half of the transaction will be blocked.
So using DNS hosted outside won’t matter, because the destination Chinese IP will get blocked. Or if using outside hosting, it won’t matter, because anyone in China trying to access it will get blocked.
The GFW is a pretty massive and actually impressively effective piece of technology.
UltraSane · 6h ago
AWS in China also doesn't have the Key Management Service, which leads to me to conclude it must be pretty secure.
I added an A record for subdomain and pointed it at Chinese IP addresses. I wonder if I will get that angry email?
bawolff · 5h ago
Or they just dont want to be put in the position of having to give out keys.
I think the real paranoid people use cloudHSM.
Faaak · 4h ago
Actually, they wouldn't really know unless this domain is used. I guess they check the `Host` header to get the domain that targeted this IP and then check where the MX are hosted.
wkat4242 · 7h ago
Could you bring something like a starlink mini for backup i wonder? Id imagine this would be very worrying being stuck there as a foreigner in such a situation.
mryall · 6h ago
Starlink connects you to the internet via a ground station in the country where you are registered, and the antenna will also only operate in an approved zone (depending on your country and account type). You cannot use it in China.
Tuna-Fish · 3h ago
> Starlink connects you to the internet via a ground station in the country where you are registered
Not true anymore.
> and the antenna will also only operate in an approved zone (depending on your country and account type). You cannot use it in China.
This is still correct.
patrakov · 2h ago
You can still bring a foreign SIM card. 100% effective (via data roaming) at bypassing the firewall, but expensive.
lazide · 7m ago
Oddly, many travel SIMs have started to route traffic through China. I used one in India that clearly routed through Hong Kong, and caused a lot of problems.
methou · 7h ago
A friend of mine tried, no signal.
NitpickLawyer · 7h ago
If war breaks out, it'll likely be enabled.
progbits · 6h ago
No it won't but if it did would take just few hours for china to shoot a bunch of them down and with how tightly packed their orbits are the debree would take care of the rest.
audunw · 6h ago
I’m not so sure debris would help take down other satellites in that orbit. The orbit is very low so much of the debris that ends up with a deviation in its orbit will fall down. Even if it doesn’t there’s still air resistance up there which may cause more of the debris to deorbit before jt has time to hit other satellites.
And I doubt China would want to make LEO impossible to move through anyway. It’d affect China badly as well
baq · 3h ago
space is huge and the orbit is low. I'm not so sure debris would be as effective as on higher orbits.
senectus1 · 6h ago
potentially very dangerous for everyone if they did that. could make it impossible for even them to make a launch. Kessler Syndrome is nothing to toy with.
Helmut10001 · 6h ago
Starlink are very low orbit. Easy to bring down.
perihelions · 6h ago
Very expensive to take down 10-100k at once. No one today has that many antisat-capable missiles stockpiled.
Relevant, Chinese domestic media reporting on China's own perspective:
> "Researchers call for development of anti-satellite capabilities including ability to track, monitor and disable each craft / The Starlink platform with its thousands of satellites is believed to be indestructible"
"Easy to bring down" vs. "believed to be indestructible"—some tension there!
ceejayoz · 5h ago
EMP?
lazide · 6m ago
At the point anyone is using nukes in LEO, things have gotten really out of control already.
perihelions · 4h ago
If you're talking about nuclear weapons, their major effect on satellites (Starfish Prime as the reference point) isn't EMP effects, but ionizing radiation—creating a persistent radiation belt of MeV electrons. (A physical process that took months to disable some satellites). Beyond that I don't know much.
Every major power has polluted near Earth space as a show of power.
cyberax · 6h ago
One missile for one satellite? This gets expensive really fast.
therein · 6h ago
They follow well defined orbits and propellant limited. You could easily cover their trajectory with some shrapnel and attack it one lane at a time.
perihelions · 5h ago
Not feasible. That would entail putting shrapnel into orbit (unlike extant anti-sat weapons which are short-range suborbital), which would mean a full orbital launch for every satellite target orbit. There's hundreds[0] of Starlink orbital groups already, so that'd require hundreds of independent orbital launches in a short timescale—far beyond China's launch capabilities today.
(On general principles, you could argue you'd need 1:1 launch vehicle parity (number, not payload) to defeat a satellite constellation this way. For each satellite launch, you'd need one corresponding anti-satellite launch into that same, newly-defined orbit).
kortilla · 5h ago
Tiny propellant burns turn into thousands of kilometer changes quickly.
maxglute · 2h ago
Depends on if Elon wants to be sanctioned by PRC or not.
esseph · 2h ago
Very easy to jam.
Also, fairly easy to find from the air.
andrewinardeer · 6h ago
Entirely speculation.
NitpickLawyer · 6h ago
Of course it is entirely speculation. But there are previous datapoints you can look at (i.e. iran).
stevage · 6h ago
Depends a lot whether Starlink decides to let you.
spwa4 · 5h ago
No it does not. Against a huge state adversary like China it does not matter. They have satellites looking down so they can quickly locate any starlink users. And then ...
The only thing that could bypass is GPS + laser links (meaning physically aiming a laser both on the ground AND on a satellite). You cannot detect that without being in the direct path of the laser (though of course you can still see the equipment aiming the laser, so it doesn't just need to work it needs to be properly disguised). That requires coherent beams (not easy, but well studied), aimed to within 2 wavelengths of distance at 160km (so your direction needs to be accurate to 2 billionths of a degree, obviously you'll need stabilization), at a moving target, using camouflaged equipment.
This is not truly beyond current technology, but you can be pretty confident even the military doesn't have this yet.
mnw21cam · 3h ago
The aim doesn't need to be that accurate. Laser beams diverge due to diffraction. You can't break the laws of physics - a non-divergent laser beam would need to be infinitely wide. A 1cm wide laser beam of 700nm light will have a divergence width of approximately asin(0.0000007/0.01) which is 0.004 degrees, which is 14 arcseconds, which is very easily aimable using off-the-shelf components. People get a tracking accuracy around 1 arcsecond using standard hobbyist telescope mounts.
However, this solution is going to stop working when a cloud drifts past.
threeducks · 3h ago
What makes it so that this kind of precision is required? I have little knowledge of the physics behind it, but a few decades ago, a local university had an open day where they bounced lasers off of a retro reflector on the moon to measure the distance: https://en.wikipedia.org/wiki/Lunar_Laser_Ranging_experiment...
The moon is 700 times farther away than the starlink satellites (or twice that, if you consider the bounce), so I find it hard to imagine that it would be impossible to communicate with much closer satellites over laser when both sides can have an active transmitter.
The infrastructure for that kind of control clearly already exists. What's unclear is how coordinated or deliberate these events are versus being side effects of testing or internal changes
eastbound · 7h ago
In fact, it’s a common tactic to do something unusual, in a recurrent way, so people aren’t alerted when it happens for real. (When the Mossad stole 7 boats from a French port (that they had fully paid), they prepared a few months in advance by having the pilots start the engines every night at 23:00, pretending they needed it against the cold temperatures. When they day came, they started the engines and left, no-one saw it coming).
vintermann · 7h ago
It could also be a test to look for surprising things that break, in case they want to do this permanently at some later point.
woooooo · 6h ago
Hanlon's and Occam's razors point to it being a mistake by the GFW operators, imo.
If it's on purpose, I think you have the most likely motivation.
account42 · 1h ago
You shouldn't use razors haphazardly or you might cut yourself.
A mistake that also weirdly increments some TCP fields for the three subsequent RST packets when that's not how the existing GFW devices behave would need some explanation before you could conclude it to be the most likely explanation.
woooooo · 10m ago
A new hardware/software rollout is one of the more common breakage situations, though. It definitely could have been on purpose but my gamble is still on a fuckup with a new system rollout.
mschuster91 · 3h ago
It was five boats [1], an good story nonetheless. Think whatever you want about Mossad, it can not be denied that these guys have balls.
That's what's so great about LoRA. Decentralized txt msgs, ultra cheap radios people run at home or wherever. $10-35USD ON AMAZON. Least txts get through.
phantomathkg · 7h ago
It won't get you from where you are to China though.
wkat4242 · 7h ago
No but something like WSPR or FT8 would. Needs a license though.
cedws · 7h ago
Can you recommend a guide? I’m interested in trying it out.
Gigachad · 6h ago
Look up Meshtastic. It’s kinda fun. Can chat with random people around you. But I don’t think it’s really that useful unless you have a really good spot like an antenna on your roof with no trees or buildings in the way.
Eddy_Viscosity2 · 59m ago
The most depressing is that what happens in China, will eventually happen in the west too. I'm sure certain US, UK, and EU bureaucrats are already crafting campaigns about how this ability will 'save the children' and that it should be implemented immediately (politicians and certain other selected people will be exempt of course).
pas · 28m ago
There's nothing inevitable about this. Civil society needs to organize, coordinate, and spend money on PR about this.
Right now liberal people mostly sit back and wait for things to get better, it's not enough. (Also going and walking up and down is not really effective.)
Eddy_Viscosity2 · 11s ago
It is inevitable, because the means by which civil society can organize, coordinate, and spend money on PR about this, are all firmly in the control of a very few people. These same people are generally on the side of more centralized control, because they are the ones who will wield it.
gorgoiler · 4h ago
How is traffic controlled inside PRC? Is GFW a central hub for all traffic between all hosts? Or between residential ASNs and commercial ones only? In the UK and Iran a lot of censorship was implemented by leaning on ISPs at IP level (eg BT Cleanfeed) and with DNS blocks but I haven’t kept up to date with how networks might handle residential hosting. Maybe internal traffic is just all banned?
kotri · 3h ago
> How is traffic controlled inside PRC?
Unknown. I haven't seen any injected fake DNS or reset packets so far to domestic hosts. But there are rumors that Google's servers in Beijing (AS24424) was once black holed.
> Is GFW a central hub for all traffic between all hosts?
It's supposed to has centralized management system, but not a single hub.
> Or between residential ASNs and commercial ones only?
Yes, the injecting devices are deployed in IXPs, the AS borders. See <Internet censorship in China: Where does the filtering occur?>.
> In the UK and Iran a lot of censorship was implemented by leaning on ISPs at IP level (eg BT Cleanfeed) and with DNS blocks but I haven’t kept up to date with how networks might handle residential hosting.
I believe Iran has more centralized system like China controlled by Tehran.
> Maybe internal traffic is just all banned?
No, internal HTTPS traffic is not banned in that hour.
inemesitaffia · 3h ago
It's in operators but managed by the regional government.
So what's blocked differs by region
ch3nyang · 5h ago
Not only individuals, but also major companies were locked down. If this was a dry run for "certain measures" in the future, I can't believe how much of a blow it would cause to the economy. Therefore, I think this was more of a human error.
account42 · 46m ago
Determining the scope of the impact would also be part of such a dry run. And if it is meant to be used along some kind of military action then it's going to throw the economy into chaos anyway.
technics256 · 6h ago
How would one get around this if they found themselves in such a situation?
est · 6h ago
In this exact scenario, just use ports other than :443
But GFW certainly had the capability to block all ports. So no one really knew.
No comments yet
molticrystal · 5h ago
Well for starters recreate the situation and test out different approaches. Thanks to the detailed analysis that can be attempted.
If I understand right, a good next step would would be with eBPF or some type of proxy ignore the forged RST+ACK at the beginning.
Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.
kotri · 2h ago
> ignore the forged RST+ACK
See <Ignoring the Great Firewall of China> in 2006. That won't work if RST/ACK was injected to both sides.
> Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.
This is an interesting approach already being utilized, namely TCB desync. But currently most people tend to buy VPN/proxy services rather than studying this.
chickenzzzzu · 7h ago
Think of how many people who have remote jobs with American companies couldn't connect to their meetings while they "work from home" while secretly being in China!
Normally they have to fight VPN issues anyway, but having a sovereign state inject your packets is certainly a fun new one.
Shank · 3h ago
Anyone operating in/around China who needs a real VPN has a service they pay for and use that isn't mainstream that isn't blocked (using V2ray or similar). There's a reason why Shadowrocket is the number 1 app on the app store. I'm sure there are a lot of cases of people using e.g., off-the-shelf VPN apps and have trouble, but power users in China are always running a VPN, usually to Japan, that doesn't have this problem.
veunes · 6h ago
How many people suddenly "lost internet" mid-meeting and had to blame it on their router...
ChrisMarshallNY · 7h ago
I suspect those connections worked fine.
It’s good to know the boss.
chickenzzzzu · 7h ago
I definitely appreciate that a percentage of so called "employees" are actually just full fledged Chinese nationals, living permanently in China, paid a salary to pretend to be an American who had their identity stolen.
But there absolutely is also a non-negligible number of Chinese and Indian nationals, who have some type of visa status in the US (especially a green card) who spend many months in their original countries making $200,000 or more per year while living like royalty in their home countries :)
bapak · 7h ago
The green card isn't citizenship, you lose it if you don't live in the US. It's not like they don't know when you enter or exit the country.
chickenzzzzu · 7h ago
6 months is a very long time.
johnisgood · 5h ago
Not with my amount of doctor visits it is not.
Wolfbeta · 6h ago
2019 feels like 6 months ago.
esseph · 6h ago
Feels more like 20 years ago.
So much has happened since then...
buckle8017 · 6h ago
There is no magic amount of time.
If you get a green card and leave the us for any amount of time, on return the border agent makes a determination on the spot if you intended to live abroad.
Less than six months is simply less suspicious than more.
tietjens · 7h ago
How common can this really be? And what kind of companies? I’m finding it really hard to imagine this to be widespread.
Ayesh · 7h ago
I live in a popular Digital Nomad friendly country, and myself included, work with Europe/American companies roughly matching their time zones.
Now, the people I work with know that I'm not really located in the same time zone, but I know people who don't bother to mention it. I rarely get phone calls, but I have a roaming connection active for banking/OTP/etc. Plenty of cheap cafes with great WiFi (500mbps+ almost everywhere), and several times cheaper too.
esseph · 6h ago
Lookup the North Korean version of this with the laptop farms
Sadly much more common than it should be. The durations vary widely, but with the price of airline tickets and the nature of corporate software engineering jobs, it's extremely easy to self-justify a month abroad. The US government allows 6 months officially for green card holders.
If it wasn't literally 10x cheaper to live abroad than it is to live in Seattle/San Jose, it wouldn't be as prevalent. And not to mention, the quality of life is often better at the 10x cheaper price as well.
I can give you as much proof as you would like!
wkat4242 · 7h ago
Yeah if I'd sneak off to work from another place I'd pick somewhere really nice. Not China.
djtango · 6h ago
China spans 9.6M km. It has some of the biggest and most modern megacities (Beijing, Shanghai, Chongqing, Shenzhen to name a few) and features ancient historical wonders like the Great Wall, Forbidden City and Terracotta Warriors.
The nature spans salt lakes and rainbow mountains akin to South America, to the Northern Lights in Mohe down to karst formations of Guilin shared with Vietnam's Halong Bay.
The cuisine is diverse and dishes popular in places like Xi'an reveal lasting influences dating back to the Silk Road.
If you can't find "somewhere really nice" amongst the myriad people and locations you haven't tried.
donkeybeer · 3h ago
None of that matters when it's not a safe place to be.
dbetteridge · 7h ago
Have you ever been to China?
Because they have some of the most beautiful scenery and buildings I've seen and I've been to dozens of countries.
Personally I wouldn't go there for remote work, because the internet interference is a pain but a holiday definitely.
chickenzzzzu · 7h ago
You say that because you don't hold a Chinese or Indian passport. Now think of those who do, who have family obligations, food preferences, local bank accounts.
thaumasiotes · 4h ago
> You say that because you don't hold a Chinese or Indian passport.
Not really. People like it in China, regardless of whether they're Chinese.
I took an English teaching certification course in Shanghai. The teachers for that course were used to rotating around the world as the company held courses in various random locations.
One day the teachers asked what was apparently a standard question for them, "are you planning to stay here after you get the certification?"
And they were flabbergasted when everyone answered yes. Apparently in most of the locations that offer CELTA courses, the majority of people come for the course and get out as soon as they can.
jart · 7h ago
It's kind of disingenuous to call that blocking. Imagine what people would say about Cloudflare if they had an hour long outage.
JumpCrisscross · 6h ago
> Imagine what people would say about Cloudflare if they had an hour long outage
That Cloudflare had an outage. Not America.
flohofwoe · 6h ago
> That Cloudflare had an outage. Not America.
You probably mean the USA? After all, it was China and not Asia which was responsible for the incident ;)
spauldo · 4h ago
In English, there is no continent named "America." It's unambiguously used to refer to the United States.
johnisgood · 3h ago
I would not say "unambiguously" when it comes to natural languages.
And no, "America" may have referred to the US when I was a kid and here in Central Europe we had Back to the Future type of shoes with the American flag, yeah, and I would not say unambiguously so.
If someone says "America" to refer to a place, they really ought to specify if they want you to understand them.
Even the phrase Americentrism undermines your point. This is like reading about a Dacian complaining about the Romans using the term Mare Nostrum. Nobody really pays any mind to the client states of an empire.
est · 6h ago
outage would mean a connection timeout
in this case, the connection works fine, some extra RST+ACK packets were delivered to your network on purpose
jart · 5h ago
Which could easily be explained by a buggy rollout to their great firewall. What does China gain from intentionally blocking SSL for one hour?
est · 4h ago
Hanlon's razor
preisschild · 6h ago
I mean... it got blocked by their censorship infrastructure, does it really matter if it only got misconfigured?
neuroelectron · 6h ago
They probably had a good reason to do it if they resorted to such extreme measures.
outworlder · 6h ago
There's no good reason to do that.
veunes · 6h ago
But "good reason" depends a lot on your perspective
rfoo · 6h ago
Pretty sure it's an incident.
preisschild · 6h ago
Yeah, dont want their citizens to voice anti-CCP thoughts
vachina · 5h ago
> from a vantage point(s)
Lists a single AS45090.
> multiple sources
From a Telegram group, reports from people from the same AS.
I think these people are overthinking. Probably a misconfigured firewall rate limiting some bots or crawler from the network.
If you think this is bad...
You can't even have a blog in China without authorization. It doesn't matter if you pay "AWS" for a machine. It won't open port 80 or 443 until you get an ICP recordal. Which you can only do if you are in China, and get the approval. It should also be displayed in the site, like a license plate. The reason "AWS" is in quotes is because it isn't AWS, they got kicked out. In Beijing, it is actually Sinnet, in Nginxia it's NWCD
You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).
In a nutshell, they not only can shutdown cross border traffic (and that can happen randomly if the Great Firewall gets annoyed at your packets, and it also gets overloaded during China business hours), but they can easily shutdown any website they want.
But yeah, they can shutdown anything unless proxy server is widely used. as <Nearly 90% of Iranians now use a VPN to bypass internet censorship>.
So using DNS hosted outside won’t matter, because the destination Chinese IP will get blocked. Or if using outside hosting, it won’t matter, because anyone in China trying to access it will get blocked.
The GFW is a pretty massive and actually impressively effective piece of technology.
I added an A record for subdomain and pointed it at Chinese IP addresses. I wonder if I will get that angry email?
I think the real paranoid people use cloudHSM.
Not true anymore.
> and the antenna will also only operate in an approved zone (depending on your country and account type). You cannot use it in China.
This is still correct.
And I doubt China would want to make LEO impossible to move through anyway. It’d affect China badly as well
Relevant, Chinese domestic media reporting on China's own perspective:
https://www.scmp.com/news/china/science/article/3178939/chin... ("China military must be able to destroy Elon Musk’s Starlink satellites if they threaten national security: scientists" (2022))
> "Researchers call for development of anti-satellite capabilities including ability to track, monitor and disable each craft / The Starlink platform with its thousands of satellites is believed to be indestructible"
"Easy to bring down" vs. "believed to be indestructible"—some tension there!
Every major power has polluted near Earth space as a show of power.
[0] https://planet4589.org/space/con/star/planes.html
(On general principles, you could argue you'd need 1:1 launch vehicle parity (number, not payload) to defeat a satellite constellation this way. For each satellite launch, you'd need one corresponding anti-satellite launch into that same, newly-defined orbit).
Also, fairly easy to find from the air.
The only thing that could bypass is GPS + laser links (meaning physically aiming a laser both on the ground AND on a satellite). You cannot detect that without being in the direct path of the laser (though of course you can still see the equipment aiming the laser, so it doesn't just need to work it needs to be properly disguised). That requires coherent beams (not easy, but well studied), aimed to within 2 wavelengths of distance at 160km (so your direction needs to be accurate to 2 billionths of a degree, obviously you'll need stabilization), at a moving target, using camouflaged equipment.
This is not truly beyond current technology, but you can be pretty confident even the military doesn't have this yet.
However, this solution is going to stop working when a cloud drifts past.
The moon is 700 times farther away than the starlink satellites (or twice that, if you consider the bounce), so I find it hard to imagine that it would be impossible to communicate with much closer satellites over laser when both sides can have an active transmitter.
If it's on purpose, I think you have the most likely motivation.
A mistake that also weirdly increments some TCP fields for the three subsequent RST packets when that's not how the existing GFW devices behave would need some explanation before you could conclude it to be the most likely explanation.
[1] https://en.wikipedia.org/wiki/Cherbourg_Project
Right now liberal people mostly sit back and wait for things to get better, it's not enough. (Also going and walking up and down is not really effective.)
Unknown. I haven't seen any injected fake DNS or reset packets so far to domestic hosts. But there are rumors that Google's servers in Beijing (AS24424) was once black holed.
> Is GFW a central hub for all traffic between all hosts?
It's supposed to has centralized management system, but not a single hub.
> Or between residential ASNs and commercial ones only?
Yes, the injecting devices are deployed in IXPs, the AS borders. See <Internet censorship in China: Where does the filtering occur?>.
> In the UK and Iran a lot of censorship was implemented by leaning on ISPs at IP level (eg BT Cleanfeed) and with DNS blocks but I haven’t kept up to date with how networks might handle residential hosting.
I believe Iran has more centralized system like China controlled by Tehran.
> Maybe internal traffic is just all banned?
No, internal HTTPS traffic is not banned in that hour.
So what's blocked differs by region
But GFW certainly had the capability to block all ports. So no one really knew.
No comments yet
If I understand right, a good next step would would be with eBPF or some type of proxy ignore the forged RST+ACK at the beginning.
Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.
See <Ignoring the Great Firewall of China> in 2006. That won't work if RST/ACK was injected to both sides.
> Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.
This is an interesting approach already being utilized, namely TCB desync. But currently most people tend to buy VPN/proxy services rather than studying this.
Normally they have to fight VPN issues anyway, but having a sovereign state inject your packets is certainly a fun new one.
It’s good to know the boss.
But there absolutely is also a non-negligible number of Chinese and Indian nationals, who have some type of visa status in the US (especially a green card) who spend many months in their original countries making $200,000 or more per year while living like royalty in their home countries :)
So much has happened since then...
If you get a green card and leave the us for any amount of time, on return the border agent makes a determination on the spot if you intended to live abroad.
Less than six months is simply less suspicious than more.
Now, the people I work with know that I'm not really located in the same time zone, but I know people who don't bother to mention it. I rarely get phone calls, but I have a roaming connection active for banking/OTP/etc. Plenty of cheap cafes with great WiFi (500mbps+ almost everywhere), and several times cheaper too.
Example: https://www.justice.gov/opa/pr/justice-department-announces-...
If it wasn't literally 10x cheaper to live abroad than it is to live in Seattle/San Jose, it wouldn't be as prevalent. And not to mention, the quality of life is often better at the 10x cheaper price as well.
I can give you as much proof as you would like!
The nature spans salt lakes and rainbow mountains akin to South America, to the Northern Lights in Mohe down to karst formations of Guilin shared with Vietnam's Halong Bay.
The cuisine is diverse and dishes popular in places like Xi'an reveal lasting influences dating back to the Silk Road.
If you can't find "somewhere really nice" amongst the myriad people and locations you haven't tried.
Because they have some of the most beautiful scenery and buildings I've seen and I've been to dozens of countries.
Personally I wouldn't go there for remote work, because the internet interference is a pain but a holiday definitely.
Not really. People like it in China, regardless of whether they're Chinese.
I took an English teaching certification course in Shanghai. The teachers for that course were used to rotating around the world as the company held courses in various random locations.
One day the teachers asked what was apparently a standard question for them, "are you planning to stay here after you get the certification?"
And they were flabbergasted when everyone answered yes. Apparently in most of the locations that offer CELTA courses, the majority of people come for the course and get out as soon as they can.
That Cloudflare had an outage. Not America.
You probably mean the USA? After all, it was China and not Asia which was responsible for the incident ;)
And no, "America" may have referred to the US when I was a kid and here in Central Europe we had Back to the Future type of shoes with the American flag, yeah, and I would not say unambiguously so.
If someone says "America" to refer to a place, they really ought to specify if they want you to understand them.
https://en.wikipedia.org/wiki/Americentrism
in this case, the connection works fine, some extra RST+ACK packets were delivered to your network on purpose
Lists a single AS45090.
> multiple sources
From a Telegram group, reports from people from the same AS.
I think these people are overthinking. Probably a misconfigured firewall rate limiting some bots or crawler from the network.
But yeah go on, China bad.