You can't even have a blog in China without authorization. It doesn't matter if you pay "AWS" for a machine. It won't open port 80 or 443 until you get an ICP recordal. Which you can only do if you are in China, and get the approval. It should also be displayed in the site, like a license plate. The reason "AWS" is in quotes is because it isn't AWS, they got kicked out. In Beijing, it is actually Sinnet, in Nginxia it's NWCD
You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).
In a nutshell, they not only can shutdown cross border traffic (and that can happen randomly if the Great Firewall gets annoyed at your packets, and it also gets overloaded during China business hours), but they can easily shutdown any website they want.
I laughed when I saw "Nginxia", thinking it was a portmanteau of, well, nginx and wuxia, a Chinese fiction genre. Reality is much less funny when I looked up NWCD, and you likely just made a typo of Ningxia.
"Xia" would map to a single character (code point) in Chinese. For instance, in simplified Chinese, it could be 下 (xia, meaning down), 侠 (martial arts - like the xia in wuxia), or any number of other homophones. Since the characters are already combinatorial, I'm not sure a Chinese speaker would think of this as a portmanteau.
Both KMS and CloudHSM are FIPS 140-2 Level 3 and AWS claims they cannot read private keys from KMS. The main difference is KMS uses IAM and the AWS REST API while CloudHMS uses PKCS #11/JCE and a separate permissions system.
My understanding is that AWS KMS uses AWS designed HSMs and are tightly integrated with all AWS services while while CloudHSM uses LiquidSecurity 2 Cloud HSM adapters and use more conventional APIs
Actually, they wouldn't really know unless this domain is used. I guess they check the `Host` header to get the domain that targeted this IP and then check where the MX are hosted.
> You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).
Wait what? So I can DoS any Web site in China by creating a rogue DNS record that points to its IP address, even under a completely unrelated domain? How would they even find those records?
I guess they would find it the moment someone in China using a Chinese resolver tries to resolve your rogue record, since that would recurse to one of the root mirrors in China, which presumably feeds this mechanism.
Seems like a very minor speed bump in your plan, though: presumably something like https://www.chinafirewalltest.com would achieve that, or send a few emails for folks to click.
I wonder if this is actually tied to Chinese domains and Chinese run registrars? That way it would be easy to flag the usage of foreign nameservers and there's no DoS risk.
OK, AWS again, I know it not only complies with Beijing but also Russia and many other dictatorships. Banned domain fronting and recently enforced S3 bucket-based subdomains for government to better inspect.
Their point is if you’re served within China (aka hosted off a chinese IP, or accessing anything from a Chinese IP) it doesn’t matter if the other company interacts or complies with China’s rules - the other half of the transaction will be blocked.
So using DNS hosted outside won’t matter, because the destination Chinese IP will get blocked. Or if using outside hosting, it won’t matter, because anyone in China trying to access it will get blocked. Or anyone trying to publish anything to it the CCP doesn’t like. Presumably also with some follow up in-person ‘check-ins’.
The GFW is a pretty massive and actually impressively effective piece of technology, even if we don’t agree with it’s purpose.
In fact, it’s a common tactic to do something unusual, in a recurrent way, so people aren’t alerted when it happens for real. (When the Mossad stole 7 boats from a French port (that they had fully paid), they prepared a few months in advance by having the pilots start the engines every night at 23:00, pretending they needed it against the cold temperatures. When they day came, they started the engines and left, no-one saw it coming).
You shouldn't use razors haphazardly or you might cut yourself.
A mistake that also weirdly increments some TCP fields for the three subsequent RST packets when that's not how the existing GFW devices behave would need some explanation before you could conclude it to be the most likely explanation.
A new hardware/software rollout is one of the more common breakage situations, though. It definitely could have been on purpose but my gamble is still on a fuckup with a new system rollout.
Could you bring something like a starlink mini for backup i wonder? Id imagine this would be very worrying being stuck there as a foreigner in such a situation.
Starlink connects you to the internet via a ground station in the country where you are registered, and the antenna will also only operate in an approved zone (depending on your country and account type). You cannot use it in China.
It’s still true because in order to be operating in a country Starlink has to get approval from the Gov and if the Gov requires Starlink to have to connect through a ground station then they’ll either comply or not operate in that country
They have a minor capability to do intra-constellation routing now but if they want to operate in China the authorities are going to demand all data be downlinked through Chinese downlink stations so they can do their monitoring.
I wasn't aware that China does this. I know India does too though, for this reason only Inmarsat is allowed there because they cooperate with the authorities (and I believe even that is subject to local licensing).
Though India doesn't have a great firewall so it's much less of an issue for foreigners visiting there.
I don't know specifically that they do but it makes sense they would and Musk has a lot of points where China can squeeze him if he tries to not comply and China takes their internet monitoring seriously so I can't see them not demanding it.
Oddly, many travel SIMs have started to route traffic through China. I used one in India that clearly routed through Hong Kong, and caused a lot of problems.
No it won't but if it did would take just few hours for china to shoot a bunch of them down and with how tightly packed their orbits are the debree would take care of the rest.
I’m not so sure debris would help take down other satellites in that orbit. The orbit is very low so much of the debris that ends up with a deviation in its orbit will fall down. Even if it doesn’t there’s still air resistance up there which may cause more of the debris to deorbit before jt has time to hit other satellites.
And I doubt China would want to make LEO impossible to move through anyway. It’d affect China badly as well
potentially very dangerous for everyone if they did that. could make it impossible for even them to make a launch. Kessler Syndrome is nothing to toy with.
> "Researchers call for development of anti-satellite capabilities including ability to track, monitor and disable each craft / The Starlink platform with its thousands of satellites is believed to be indestructible"
"Easy to bring down" vs. "believed to be indestructible"—some tension there!
No it does not. Against a huge state adversary like China it does not matter. They have satellites looking down so they can quickly locate any starlink users. And then ...
The only thing that could bypass is GPS + laser links (meaning physically aiming a laser both on the ground AND on a satellite). You cannot detect that without being in the direct path of the laser (though of course you can still see the equipment aiming the laser, so it doesn't just need to work it needs to be properly disguised). That requires coherent beams (not easy, but well studied), aimed to within 2 wavelengths of distance at 160km (so your direction needs to be accurate to 2 billionths of a degree, obviously you'll need stabilization), at a moving target, using camouflaged equipment.
This is not truly beyond current technology, but you can be pretty confident even the military doesn't have this yet.
The aim doesn't need to be that accurate. Laser beams diverge due to diffraction. You can't break the laws of physics - a non-divergent laser beam would need to be infinitely wide. A 1cm wide laser beam of 700nm light will have a divergence width of approximately asin(0.0000007/0.01) which is 0.004 degrees, which is 14 arcseconds, which is very easily aimable using off-the-shelf components. People get a tracking accuracy around 1 arcsecond using standard hobbyist telescope mounts.
However, this solution is going to stop working when a cloud drifts past.
> However, this solution is going to stop working when a cloud drifts past.
Not really, because you'd be using a frequency that passes through clouds. A snow storm or hail is impenetrable, and there are weather events that cause a 1-2 second blackout, as well as cause refraction (which is mostly a challenge in reaiming the beam fast enough to compensate), but anything in the air is fine. Clouds, mist, ... But is aiming at a 1 arcsecond target moving across the sky at at least 1 degree per second from a normal (ie. moving) building really doable with "standard hobbyist telescope mounts" ?
I know 5 years ago we were still doing this with lasers on rockets toward planes, because planes can just keep their angle to a rocket essentially constant. I know there's experiments doing direct laser to satellite, no idea how well that works.
You are correct in that most "hobbyist telescope mounts" are good for tracking stars at ~1 arcsecond, only where those stars don't move across the sky very quickly (up to 15 arcseconds/second). However, it is quite within the realm of "hobbyist" telescope mounts, albeit towards the upper end, to track orbital objects. I have seen an example of a telescope mount tracking the international space station to get good images, and the tracking was pretty solid. It is assisted by a secondary telescope on the mount that helps the mount maintain good tracking, not just pre-knowledge of where the object will be.
The clouds are however much more of a problem than you're suggesting. One promising infrared band is around 10 microns, but a thick cloud will still scatter that. You'd need a 20cm wide laser beam at that wavelength for it to diverge to a beam width of around 10 arcseconds. Which is basically a reasonably-sized telescope, working in reverse.
Alternatively, you could go for millimeter waves, which would pass through the clouds reasonably well, but then you're well outside the realms of "laser" and into the standard directional dish antenna. And it'd have to be a very large dish to give you a narrow beam. For instance, a rather unsubtle 2 metre wide dish with a 1mm wavelength will give a beam that diverges by 100 arcseconds. And there will probably be omnidirectional leakage which the dastardly authorities are likely to be able to detect. At least visible and infra-red leakage can be easily blocked and concealed, but radio is much harder.
What makes it so that this kind of precision is required? I have little knowledge of the physics behind it, but a few decades ago, a local university had an open day where they bounced lasers off of a retro reflector on the moon to measure the distance: https://en.wikipedia.org/wiki/Lunar_Laser_Ranging_experiment...
The moon is 700 times farther away than the starlink satellites (or twice that, if you consider the bounce), so I find it hard to imagine that it would be impossible to communicate with much closer satellites over laser when both sides can have an active transmitter.
The infrastructure for that kind of control clearly already exists. What's unclear is how coordinated or deliberate these events are versus being side effects of testing or internal changes
That's what's so great about LoRA. Decentralized txt msgs, ultra cheap radios people run at home or wherever. $10-35USD ON AMAZON. Least txts get through.
FT8 has such a small payload that you couldn't fit an emoji, much less an average English sentence.
There's no authentication so anyone can pretend to be you. Traditional methods of verifying the sender (HMAC) would take so many hours to transmit that the physical propagation paths you're communicating through will probably collapse before you deliver the smallest verified message.
If you need to communicate information, FT-8 is not for you.
Agreed but if you're trapped in a war zone, time is one thing you have. And equipment for FT8 is simple to build yourself. It's also very difficult to trace. And you can take up some fields used for other stuff and convert them to data (like the sender). This would be illegal on amateur bands since it's required to identify oneself but again in a war situation this is less relevant since any covert communication will probably be forbidden anyway.
You do need a time source though. GPS is generally used for that but it doesn't need to be extremely accurate with FT-8 like with some other protocols.
I would imagine using it for a regular "I'm ok" message for the home front in such a situation using pre-arranged contents.
Local police already equipped with signal jammer cars. Usually only used in college entrance exam period. They also appeared in recent protest in Jiangyou city.
Look up Meshtastic. It’s kinda fun. Can chat with random people around you. But I don’t think it’s really that useful unless you have a really good spot like an antenna on your roof with no trees or buildings in the way.
It's not that finicky in practice. I live in a heavily wooded area and I can still see plenty of nodes, some pretty far away. Trees are actually somewhat helpful there because you can easily rig up a node up high by throwing a line over a branch.
I live in the suburbs, not really any high rises around be but some townhouses, I can “see” 180 nodes, but I can’t reliably message my friend 1km away. I get a lot of messages on the public chat but if I send one it’s a 50/50 if it will be acknowledged by any nodes.
I tried it while staying in a high rise hotel and the experience was great. Instant acknowledgement and super reliable communication
If you think this is bad...
You can't even have a blog in China without authorization. It doesn't matter if you pay "AWS" for a machine. It won't open port 80 or 443 until you get an ICP recordal. Which you can only do if you are in China, and get the approval. It should also be displayed in the site, like a license plate. The reason "AWS" is in quotes is because it isn't AWS, they got kicked out. In Beijing, it is actually Sinnet, in Nginxia it's NWCD
You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).
In a nutshell, they not only can shutdown cross border traffic (and that can happen randomly if the Great Firewall gets annoyed at your packets, and it also gets overloaded during China business hours), but they can easily shutdown any website they want.