> Any request that is denied by OpenDNS is then allowed by our DNS server, and any request allowed by OpenDNS is blocked by us.
The most interesting part of this to me is using multiple DNS providers to determine which category the site is in. It's both simple and effective.
If they actually go ahead with this plan in the UK and it's implemented similarly (eg. via DNS rather than IP blocking), somebody should make a list of what's blocked. Go through the top N sites and for each run a DNS lookup from both a filtering DNS server and also a couple non-filtered ones (ex: Google DNS[1]) then compare the results[2].
Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.
They can't and don't do it with just a DNS, it'll have to be DNS + HTTP URL. Otherwise porn hosted on one large shared hosting would block everything. (e.g. imagine if the Amazon EC2 DNS got blocked).
The current UK ISP filter (the one that already filtered Wikipedia), used DNS & HTTP. IP addresses that needed filtering were redirected to their HTTP server by sending back their IP address, and then a HTTP proxy was used to filter specific URLs. This allowed them to block certain URLs. It was initally detected because lots of wikipedians noticed a lot of edits (basically lots of the UK) coming from a small amount of IP addresses (the IP addresses of the proxies)
To connect to an HTTPS site without SNI, the IP can only host a single domain, so they can just block the whole (IP:443) combination without affecting any other site.
The Danish Internet filtering works by messing with the DNS at the ISP level. If you don't want to get filtered, just switch to a non-ISP DNS, or run your own. Sadly it was implemented with little or no public debate, very very few got upset and most of us just switch DNS. I think the UK is in a much better position because they at least have the debate public and loud.
Cleanfeed (the UKs child porn filter) is supposed to be IP blocking/NAT based, coupled with web proxies. Given the scope of the filtering this time around though, it may be done by DNS. Let's hope so.
> Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.
What you want is a website that answers: Does Country-C block Website-W? A user gives it a URL and it has VPNs surfacing in lots of different countries and it tries them all, and displays in which countries the URL is blocked.
The website also stores and records all blocked/unblocked websites, and allows this data to be downloaded.
Pretty comical video, one quick tip. If you typed a command on the terminal and you get the "Operation not permitted." You can run the last command prepending sudo like this:
You could also just replace the incorrect part of the previous command with ^old^new. I use that a lot when I want to doublecheck before taking a permanent action.
eg. Check what you're about to delete
$ ls *.backup
a.backup b.backup c.backup
$ ^ls^rm
rm *.backup
Something else that saves a lot of time is to incremental-search backwards through your command history using ctrl-r instead of arrow keys. eg. cycle through every "grep". Press ctrl-r, type grep, and it jumps to to most recent command that contains "grep". Each time you press ctrl-r it will jump further back in time. If it's something you expect to search for a lot, you can even tag commands with # comments then search for the comment. (There's a fine line there though... if you reuse a command really often you should probably alias or script it)
Command history uses the 'readline' library so all(?) the other editing-related emacs chords will work on it ctrl-a/ctrl-e to jump to the start/end of the line, ctrl-r/ctrl-s to search, alt-f/alt-b to jump words, etc. Oh, and an emacs kill-ring too, that's pretty useful.
Enjoy.
...
...
But there's one more thing.
This is a feature of GNU Readline, not a feature of bash. Other apps that use readline will also accept these chords.
Things like the ruby and python shells, mysql, etc.
You think you can do a lot in those tools now? Learning to leverage everything that readline gives you will take you to a whole new level.
Can configure the alt (option)-key behavior in your iTerm2 profile.
Left/Right Option Key Acts As
It is common to use a modifier to send so-called "meta keys". For most users, selecting "+Esc" here is the right choice. The "Meta" option sets the high bit of the input character, and is not compatible with modern systems.
You can also press Up arrow, Ctrl-A to go back to the beginning of the line, add "sudo " and enter. This type of thing also works in most REPLs (Python, irb, Node, etc.)
Awesome. Advanced assignment: build a search engine which for each jurisdiction only contains results blocked-in-Google-by-legal-threats in that jurisdiction.
The most interesting part of this to me is using multiple DNS providers to determine which category the site is in. It's both simple and effective.
If they actually go ahead with this plan in the UK and it's implemented similarly (eg. via DNS rather than IP blocking), somebody should make a list of what's blocked. Go through the top N sites and for each run a DNS lookup from both a filtering DNS server and also a couple non-filtered ones (ex: Google DNS[1]) then compare the results[2].
Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.
[1]: https://developers.google.com/speed/public-dns/
[2]: This would need to do more than a plain A == B as each address could resolve to multiple IP addresses.