回复 - solids
solids Ñøñë
回复文章: Lisa大神能不能帮忙解释下这两个问题?

@霏艺Faye #2290348 代码那部分只是定义Accesser如何修改发出的SNI。验证的部分是给OpenSSL处理。

我刚才测试了 badssl.com 上的一些示例域名,测试之前将其SNI加入 config.json 以指示 Accesser 不去除 SNI。对于有问题的TLS证书处理不同。

https://expired.badssl.com/ (过期)

终止连接

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)

https://wrong.host.badssl.com/ (host不匹配)

没有终止连接

https://self-signed.badssl.com/(自签)

终止连接

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)

https://untrusted-root.badssl.com/ (CA不可信)

终止连接

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)

后面的 revoked 和 punning-test 是有问题的,但是我的浏览器也没有警告,所以不再测试。


由此可见GFW要完成MITM只能获取有效的其他网站的证书和私钥。并非自签就可以。

( 由 作者 于 8月17日 编辑 )
回复文章: 国内首个职场反性骚扰的开源工具包

感谢您的分享。

回复文章: 【纽约书评】许章润新文:Xi’s China, the Handiwork of an Autocratic Roué(待翻译)

Geremie R. Barmé 呀,第一篇提 GFW 的文章 The Great Firewall of China 作者就是他。

https://www.wired.com/1997/06/china-3/

回复文章: 沈逸和自媒体是如何从郑爽一路批斗到CloudFlare的

火速屏蔽上述网站。

回复文章: 推荐一个很好的媒体项目:AG⓪RA

突然想到之前 Be4 做的网站和这个很像。

回复文章: 精神发布会“河南抗洪抢险精神”

学习众人划桨开大船的同舟共济精神。只有团结才能迸发出强大的战斗力。从抗日战争到解放战争的胜利,从九八年抗洪到零八年抗震,再到今年的河南暴雨洪灾,每一次与灾难抗战取得的胜利都是一首首用众志成城谱写的进行曲,军民团结、干群同心。团结的力量,小到二人同心,其利断金;也可大到人心齐,泰山移。

回复文章: 精神发布会“河南抗洪抢险精神”

洪水如猛兽,来势汹汹,扰乱了江河,侵占了家园,惊扰了美梦。然灾难的突袭,上演的不是各奔东西,而是党员干部、人民子弟兵、八方群众的迅速集结上阵,并用血肉之躯筑起一道道人肉堤坝,与洪水抗争,全力守护美好家园。这一切的背后,彰显了团结的力量、大爱的精神、钢铁般的意志、大无畏的勇气。和平年代,我们不提倡多难兴邦,但多难背后的精神却值得我们倡导与发扬。

回复文章: Xmader可能会被驱逐

@Truth #149280

I don't see any unacceptable things

  • 雇员 Daniel Ray 先生以人身安全威胁其删除仓库(并所有 fork)。
  • Muse Group 要求 Audacity 贡献者签所谓 Contributor License Agreement,条款 违反 GPL。

The CLA also allows us to use the code in other products that may not be open source

  • 增加追踪器和分析, turn free software into proprietary spyware.

https://github.com/audacity/audacity/discussions/1225

还用说更多吗?

回复文章: Xmader可能会被驱逐

全 文 背 诵

https://archive.vn/d2NZm (原文已被 Daniel Ray 删除)

I think he was just trying to be nice. He wouldn't have suggested an in-person chat or gone along with one if he knew you wouldn't be comfortable with it. Yes, some of the company's actions have been questionable, but their employees are still human and there is no need to hound them down for suggesting an in-person meetup. Please don't dehumanise these employees, they seem like nice reasonable people, especially making time to speak with a freelance journalist.

Thanks for injecting a more human element to this discussion. There is actually quite a bit more to this story here than most people realize.

I'll try to explain.

Wenzheng Tang (@Xmader) is actually violating the law with both repositories related to MuseScore, one of them a rather severe violation.

This repository violates 17 U.S. Code § 1201 - Circumvention of copyright protection systems.

Another repository of his, musescore-dataset, has far more serious implications as it may be considered willful infringement with criminal intent (see: 17 U.S. Code § 506 - Criminal offenses). That repository is actually illegally distributing copyrighted works licensed to MuseScore by major music publishers. That such distribution is considered copyright infringement on a massive scale (hundreds of thousands of works) is unambiguous. This purpose does not meet the four necessary requirements for fair use claim according to Section 107 of the U.S. Copyright Act.

Those factors are:

  • the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
  • the nature of the copyrighted work;
  • the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
  • the effect of the use upon the potential market for or value of the copyrighted work.

Further explanation of the four factors can be found in this article - The Fair Use Exception.


To provide further context, it is important to understands that 100% of all rights to transcription or arrangement of a copyrighted work belong to the rights holder, regardless of who performed the transcription or arrangement. This is a point of great confusion for many. Further explanation of this topic can be found in the following article - No, You Don’t Own Your Arrangement of That Hit Song.


So, if it is such a clear violation, it should be quite easy to get this taken down, right? Why hasn't this repo been taken down yet? Simply put, the actual process of requesting the take down and proving violation would have severe implication on Wenzheng Tang, so I have hesitated in the hopes he would simply choose to take it down himself.

I'll explain why...

Upon further investigation, it became clear that Wenzheng Tang is a Chinese national, but not resident in China. As a guest in his current country, his residency status is predicated on a number of conditions, one of which is not violating the law.

If found in violation of laws, residency may be revoked and he may be deported to his home country.

This becomes even further complicated given another repo of his - Fuck 学习强国, which is highly critical of the Chinese government. Were he deported to China, who knows how he may be received.

While under normal circumstances, he could apply for asylum in order not to be deported, but this option is extremely limited when found in violation of the laws of the country you are a guest in.

And though the laws cited above are in reference to US law and he is neither a resident or national of the US, this is simply the starting point as the initial distribution is through Github, which is a us company and the copyrights in question are US copyrights. There are treaties between countries that would allow this to then be extended to his country of residence in accordance with their own laws (I do not mention which country out of courtesy or any other details such as the basis of residency out of respect for personal privacy). So, both repositories remain up, for now, not because we are powerless to take it down... it is that the process of exercising this power could very literally ruin the actual life of another person.

At the same time, the company is legally obligated to enforce violation of copyrighted works licensed to them. There will soon come a time where hesitation is no longer possible. But do keep in mind that enforcement may also come from any one of the rights holders of the hundreds of thousands of copyrighted works illegally distributed at any time. It is unlikely that any others will be as empathetic. As you can see, there is far more to this story than what may be assumed by the external observer.

So, Wenzheng Tang (@Xmader), I'm writing this entire post here not as a representative of any company or entity, but just human-to-human to strongly encourage you to remove both repositories and move on with your life.

The LibreScore project is fully within your right as MuseScore is GPL, and is even encouraged, but I would suggest you remove any reference to registered trademarks.

What I have described in this post is not at all a threat, but an informed assessment of your own personal legal risk.

You are young, clearly bright, but very naive. Do you really want to risk ruining your entire life so a kid can download your illegal bootleg of the "Pirates of the Caribbean" theme for oboe?


alter: https://rentry.co/workedintheory

( 由 作者 于 7月22日 编辑 )
回复文章: 好聪明的中国人,好优美的中国话

没有防火墙,就没有中国今天繁荣的互联网

https://www.bilibili.com/video/BV1Lb4y1976L

回复文章: 好聪明的中国人,好优美的中国话

这件事也给我们广大站长提个醒,千万要管好自己网站的内容,非法违规发现一定要及时处理,否则迟早会中招,特别是涉及政治的,一定要删!

https://www.zhujib.com/pudncom.html

回复文章: 净网协会差不多得了

超级黑客

回复文章: 净网协会差不多得了

@刘慈欣 #146214 和学历无关,对GFW稍有了解的即使是小学生也能搞懂DNS污染。

回复文章: 净网协会差不多得了

引用 /t/13375

今年5月是“反独清网2021”,品葱和CDT都在攻击列表中:https://archive.is/VK1Pu


thphd 引用这张图的时候没看出有何问题。

但是稍有常识的人都可以看出,净网协会的技术人员连DNS污染都搞不清楚。收到GFW回复的随机IP地址就以为找到源站IP了,实在让人笑掉大牙,,,

10
7月5日
回复文章: 00后小红帽“净网志愿者协会”与两广网警联合办案,通过社工手段找到“编程随想”真实身份

这张图真是,哈哈哈哈哈笑死我了。

差不多得了,这群脚本小子 DNS 污染都看不清楚。还能起底编程随想。

GFW 污染IP一览:https://fars.ee/zGgf.json

( 由 作者 于 7月5日 编辑 )
12
7月5日
回复文章: 新的source聲稱編程隨想疑似被抓

走家人10年甚至9年没搞清楚的东西给你5个月调查完了

😅😅😅

回复文章: 新的source聲稱編程隨想疑似被抓

原文存档: 编程随想”被捕:IHIS为期5个月的地下工作正式告终

那条推文和品葱的帖子都不发原文,就一张截图看图写话呢?

回复文章: 好聪明的中国人,好优美的中国话

刚刚补了那么多图都没有了,如果有决定要发去外网的姐妹可以私戳我一下吗,也许你看了west人的评论就不会这么做了。

我不希望弟弟热度上来之后被老秃驴们(you know who)利用,这样他们会收到更多的资金,再策划一些恶心的行动,某些媒体再抹黑我们一把。

小朋友可以先去搜索一下(315-1)的算数结果,我对那几年发生在包括昆明和迪丽热巴家乡的事情真的印象深刻。 更何况,某些事件发生后,对当地人民的生活也会有很大的影响。

我都写成这样了阿北不会还继续删我的帖子吧😢


我知道很多姐妹初衷都是好的,立场也是好的,可是外面的舆论环境和导向真的不是你想的这样。我也曾经觉得摆事实讲道理就,可是我自己出“门”之后所遇到的人和看到的东西真的改变了我,我们的身份有些时候就是原罪。

真的不要发外网!会被西方国家利用打压我国的!!!

最好不要去外网宣传,不要被外国势力利用了,丁真的民族问题比较敏感,不希望i珍珠们被别有用心的坏人利用,对丁真不利,对国家不利

https://www.douban.com/group/topic/201160626/

( 由 作者 于 7月3日 编辑 )
回复文章: 推荐一个很好的媒体项目:AG⓪RA

赫鲁晓夫的笑话挺有意思的,哈哈哈哈哈

回答问题: 苹果日报创造香港的报业奇迹的原因是什么?为什么苹果日报会影响香港乃至中国的报纸生态?

派克笔讨厌派克笔的原因是什么?为什么派克笔会影响派克笔乃至钢笔的行业生态?

回复文章: 一些不太好的事情

@NullPointer #143941 咨询服务用的是 https://www.msn.cn/zh-cn/

所以在中国打开“msn资讯”会显示下架。

没有吧

第二条 在中华人民共和国境内提供互联网新闻信息服务,适用本规定。本规定所称新闻信息,包括有关政治、经济、军事、外交等社会公共事务的报道、评论,以及有关社会突发事件的报道、评论。

http://www.cac.gov.cn/2017-05/02/c_1120902760.htm

msn.cn 的垃圾资讯里哪有这些。

顺便一提,右下的新闻资讯很容易关闭

( 由 作者 于 6月22日 编辑 )
回复文章: Add Onion-Location

@thphd #144402 Works fine. It'd be perfect if appending PATH accordingly.

回复文章: 【讨论】是否有必要做些什么让墙外的社交平台上的中共官方媒体停运?

@消极 #144349

他管制的言论,都是那些赶客的言论。容易引起观众不适的言论会被管制。

哈哈哈哈,为人民服务。

回复文章: 如何评价 Tor Browser 稳定版即将推出的新网桥 Snowflake?

snowflake.freehaven.net:443 看起来下线了。

已经恢复。

( 由 作者 于 6月21日 编辑 )
回复文章: 【讨论】是否有必要做些什么让墙外的社交平台上的中共官方媒体停运?

大致就是当互相言论自由开放时则互相言论自由开放;当一方开始言论管制时另一方则收缩对方在自己范围内的言论自由并给予时间死线以纠正这种不对等;当彼方选择完全的言论管制时,此方则可做出对彼的完全言论管制措施以求对等。

YouTube 有社区准则(Community Guideline),也是言论管制。

YouTube 不保障言论自由,然后才有 BitChute。

( 由 作者 于 6月21日 编辑 )
回复文章: 【翻译】PGP发布三十周年

The most dramatic PGP stories came from outside the US. PGP helped enable the safe evacuation of 8000 civilians from mortal danger during the Kosovo conflict.

这是什么事情?

回复文章: 只要避开DNS污染,不翻墙也能访问2047

注意: 这个帖子中的方法不再工作。

回复文章: 不小心发现了IMDb(互联网电影资料库)的错误打开方式

@solids #129302 中国移动现在也无法访问 www.imdb.com 。 没有 DNS 污染,监测到 *.imdb.com 时有TCP重置攻击。

回复文章: 如何评价 Tor Browser 稳定版即将推出的新网桥 Snowflake?

看了一下扩展运行时会连接到 snowflake-broker.freehaven.net:443snowflake.freehaven.net:443,这些域名看起来没有任何屏蔽。

https://blocky.greatfire.org/detail/494144/https://snowflake.freehaven.net

https://blocky.greatfire.org/detail/494151/https://snowflake-broker.freehaven.net

中国用户也可能充当 snowflake 网桥。

( 由 作者 于 6月21日 编辑 )
回复文章: Tor 从 5 月初开始 meek-azure 网桥间歇性失效,用户有可能暴露

@Surge #143972

理论上墙内不可能直接连通Tor网络,因为Tor的目录服务器,节点都在GFW的屏蔽名单中。

有遗漏啊,我就遇到过。

一个可能的解释:GFW完全有能力识别网桥,只在某些区域故意放开封锁。

根据 https://github.com/v2ray/v2ray-core/files/4822446/parrot.pdf,对于网桥有工作人员手动去网站和邮件获取,然后屏蔽,,,

meek-azure 现在没有屏蔽。

( 由 作者 于 6月18日 编辑 )
回复文章: Tor 从 5 月初开始 meek-azure 网桥间歇性失效,用户有可能暴露

@NullPointer #143957 根据 https://docs.microsoft.com/en-us/aspnet/ajax/cdn/overview,使用 Microsoft Ajax CDN 的第三方站点的 script src 之一是 https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.js

只需要观察连接到 ajax.aspnetcdn.com 的连接请求,谁握手之后是立马断开的,就可以了。

如果 GFW 保存所有 SNI 为 ajax.aspnetcdn.com 的 TCP packet 并分析有可能做到这一点。

gfw 还可以比对服务器回复包的长度等特征

既然如此有可能看到这种回复就在下一次屏蔽,像之前根据服务端证书屏蔽一样。现在看 GFW 还没有这么做。

回复文章: Tor 从 5 月初开始 meek-azure 网桥间歇性失效,用户有可能暴露

@NullPointer #143953 确实。但是看起来很快恢复了。

但因为 sni 与 host 不符,在握手之后立即断开。 如果 gfw 有意观察这种反应,

这个如何做到? GFW 只能看到ajax.aspnetcdn.com ,这个在很多其他网站有使用。

回复文章: Tor 从 5 月初开始 meek-azure 网桥间歇性失效,用户有可能暴露

感谢您写了这么多分析。

请注意: meek-azure 使用的域名是 ajax.aspnetcdn.com,这个域名长期被分配的 IP 是 117.18.232.200 [澳大利亚 美国 MCI 通信服务有限公司 (韦里孙商业 Verizon Business) EdgeCast 亚太网络 CDN 节点] 很容易被屏蔽,并非 Azure 关闭了域前置服务。

要测试,请执行

curl -v https://ajax.aspnetcdn.com -H "Host: meek.azureedge.net"

您应该收到回复 I’m just a happy little web server.

回复文章: 門羅幣Monero XMR已被美國國土安全局監控

对 Tor 的流量分析和建立蜜罐节点很早就有了

回复文章: 【投票】你支持中国废除死刑吗?

死刑是封建时代的非常野蛮的行为,和酷刑和绞刑架一样应该被废除。

回复文章: 一些不太好的事情

关于 NCR:用 Redirctor(Firefox版) 扩展给每一个 URL 加 gws_rd=cr 参数可以解决。

右键另存并导入 Redirector: https://fars.ee/TWSr.json

(我还给 google.cn 也加了这个,可以让它不再只是一张图片,不过没什么用罢了)

reference: https://old.reddit.com/r/google/comments/3xltai/google_ncr_no_longer_working/

In the future, the internet of one country is very different from the internet in another country. Google will comply with the laws which impose political borders on the Internet.

( 由 作者 于 6月16日 编辑 )
回复文章: 一个关于华为平板的故事

不信

回复文章: 净网协会差不多得了
标记为删除
回复文章: 江峰认证编程随想被抓
标记为删除
example notif text