Dont Worry Government, I Got This Porn Filter Sorted (opens in new tab)

(sicksad.com)

290 pointspetemcc12y ago43 comments

43 comments

> Any request that is denied by OpenDNS is then allowed by our DNS server, and any request allowed by OpenDNS is blocked by us.

The most interesting part of this to me is using multiple DNS providers to determine which category the site is in. It's both simple and effective.

If they actually go ahead with this plan in the UK and it's implemented similarly (eg. via DNS rather than IP blocking), somebody should make a list of what's blocked. Go through the top N sites and for each run a DNS lookup from both a filtering DNS server and also a couple non-filtered ones (ex: Google DNS[1]) then compare the results[2].

Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.

[1]: https://developers.google.com/speed/public-dns/

[2]: This would need to do more than a plain A == B as each address could resolve to multiple IP addresses.

rmc12y ago

They can't and don't do it with just a DNS, it'll have to be DNS + HTTP URL. Otherwise porn hosted on one large shared hosting would block everything. (e.g. imagine if the Amazon EC2 DNS got blocked).

The current UK ISP filter (the one that already filtered Wikipedia), used DNS & HTTP. IP addresses that needed filtering were redirected to their HTTP server by sending back their IP address, and then a HTTP proxy was used to filter specific URLs. This allowed them to block certain URLs. It was initally detected because lots of wikipedians noticed a lot of edits (basically lots of the UK) coming from a small amount of IP addresses (the IP addresses of the proxies)

cmircea12y ago

They CANNOT use HTTP filtering as that would break on HTTPS.

2 more replies

bigiain12y ago

Yeah, and he government would never make that mistake…

http://www.smh.com.au/technology/technology-news/how-asics-a...

mrweasel12y ago

The Danish Internet filtering works by messing with the DNS at the ISP level. If you don't want to get filtered, just switch to a non-ISP DNS, or run your own. Sadly it was implemented with little or no public debate, very very few got upset and most of us just switch DNS. I think the UK is in a much better position because they at least have the debate public and loud.

Tehnix12y ago

I was actually also admiring the simplicity of his solution, to take advantage of services that are already in place doing the exact opposite of his.

Tip of the hat to the author...

nly12y ago

Cleanfeed (the UKs child porn filter) is supposed to be IP blocking/NAT based, coupled with web proxies. Given the scope of the filtering this time around though, it may be done by DNS. Let's hope so.

mike-cardwell12y ago

I remember when they used this system to block an image on Wikipedia. Much hilarity ensued: http://wiki.openrightsgroup.org/wiki/Cleanfeed#Wikipedia_.2F...

cabalamat12y ago

> Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.

What you want is a website that answers: Does Country-C block Website-W? A user gives it a URL and it has VPNs surfacing in lots of different countries and it tries them all, and displays in which countries the URL is blocked.

The website also stores and records all blocked/unblocked websites, and allows this data to be downloaded.

Genmutant12y ago

There is something like that for the great wall of china: http://www.greatfirewallofchina.org/

1 more reply

joeblau12y ago

Pretty comical video, one quick tip. If you typed a command on the terminal and you get the "Operation not permitted." You can run the last command prepending sudo like this:

  sudo !!

Sukotto12y ago

You could also just replace the incorrect part of the previous command with ^old^new. I use that a lot when I want to doublecheck before taking a permanent action.

eg. Check what you're about to delete

  $ ls *.backup
  a.backup    b.backup    c.backup
  
  $ ^ls^rm
  rm *.backup

Something else that saves a lot of time is to incremental-search backwards through your command history using ctrl-r instead of arrow keys. eg. cycle through every "grep". Press ctrl-r, type grep, and it jumps to to most recent command that contains "grep". Each time you press ctrl-r it will jump further back in time. If it's something you expect to search for a lot, you can even tag commands with # comments then search for the comment. (There's a fine line there though... if you reuse a command really often you should probably alias or script it)

Command history uses the 'readline' library so all(?) the other editing-related emacs chords will work on it ctrl-a/ctrl-e to jump to the start/end of the line, ctrl-r/ctrl-s to search, alt-f/alt-b to jump words, etc. Oh, and an emacs kill-ring too, that's pretty useful.

Enjoy.

...

But there's one more thing.

This is a feature of GNU Readline, not a feature of bash. Other apps that use readline will also accept these chords.

Things like the ruby and python shells, mysql, etc.

You think you can do a lot in those tools now? Learning to leverage everything that readline gives you will take you to a whole new level.

Have fun exploring :)

gjulianm12y ago

Another neat expansion: !$ is the last argument of the last command you entered. Useful when you mistype the command name.

AndreasFrom12y ago

Alt+. does the same and (at least in Zsh) allows you to cycle backwards.

1 more reply

vacri12y ago

Another HN user mentioned being frustrated enough that they aliased 'fucking' to 'sudo', so when you use your trick, you get a bit of catharsis:

fucking !!

dclowd990112y ago

You just gave me 2 more years back.

joeblau12y ago

Heh, no problem here are 2 more bang tricks. !<charachters> runs the last command you ran that starts with the characters you type.

  !gre      # will run the last command starting with gre (so probably grep)

If you type history, then !<number to the left of the history command>, the shell will execute that command.

  $ history # shows command history
  $ !200    # executes command 200

1 more reply

graue12y ago

You can also press Up arrow, Ctrl-A to go back to the beginning of the line, add "sudo " and enter. This type of thing also works in most REPLs (Python, irb, Node, etc.)

mkenyon12y ago

Bash/csh have a wonderful history expansion feature[0]. I can never remember all of the modifiers, but I am learning them slowly.

[0]: https://www.gnu.org/software/bash/manual/bashref.html#Event-...

calpaterson12y ago

The section with William Hague (UK Foreign Secretary) at the end of the video is priceless.

vukmir12y ago

... ask not what your country can do for you — ask what you can do for your country ... JFK would be proud.

gautamsomani12y ago

hehehe. Good one.

gojomo12y ago

Awesome. Advanced assignment: build a search engine which for each jurisdiction only contains results blocked-in-Google-by-legal-threats in that jurisdiction.

kordless12y ago

No comments? I guess Hacker News gets blocked when you install it. :)

pvnick12y ago

Step 1: Put your dic (delete)

pns.py

I was cracking up. Brilliant!

milesokeefe12y ago

He should have made the server run on port 69.

Hello7112y ago

  sudo ss -lpu 'sport = 53'

allinzen12y ago

Brilliant! Now only if there was a cat filter that only showed cats and cat related material.

nickik12y ago

I thought that filter was called a web browser.

harrytuttle12y ago

Absolutely wonderful. Well done!

laurent12345612y ago

Slightly NSFW, could someone add the tag to the title?

lewq12y ago

+1 for using Twisted

j / k navigate · click thread line to collapse

43 comments

sehrope12y ago

> Any request that is denied by OpenDNS is then allowed by our DNS server, and any request allowed by OpenDNS is blocked by us.

The most interesting part of this to me is using multiple DNS providers to determine which category the site is in. It's both simple and effective.

Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.

[1]: https://developers.google.com/speed/public-dns/

[2]: This would need to do more than a plain A == B as each address could resolve to multiple IP addresses.

rmc12y ago

cmircea12y ago

They CANNOT use HTTP filtering as that would break on HTTPS.

2 more replies

bigiain12y ago

Yeah, and he government would never make that mistake…

http://www.smh.com.au/technology/technology-news/how-asics-a...

mrweasel12y ago

Tehnix12y ago

I was actually also admiring the simplicity of his solution, to take advantage of services that are already in place doing the exact opposite of his.

Tip of the hat to the author...

nly12y ago

mike-cardwell12y ago

I remember when they used this system to block an image on Wikipedia. Much hilarity ensued: http://wiki.openrightsgroup.org/wiki/Cleanfeed#Wikipedia_.2F...

cabalamat12y ago

> Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.

The website also stores and records all blocked/unblocked websites, and allows this data to be downloaded.

Genmutant12y ago

There is something like that for the great wall of china: http://www.greatfirewallofchina.org/

1 more reply

joeblau12y ago

Pretty comical video, one quick tip. If you typed a command on the terminal and you get the "Operation not permitted." You can run the last command prepending sudo like this:

  sudo !!

Sukotto12y ago

You could also just replace the incorrect part of the previous command with ^old^new. I use that a lot when I want to doublecheck before taking a permanent action.

eg. Check what you're about to delete

  $ ls *.backup
  a.backup    b.backup    c.backup
  
  $ ^ls^rm
  rm *.backup

Enjoy.

...

But there's one more thing.

This is a feature of GNU Readline, not a feature of bash. Other apps that use readline will also accept these chords.

Things like the ruby and python shells, mysql, etc.

You think you can do a lot in those tools now? Learning to leverage everything that readline gives you will take you to a whole new level.

Have fun exploring :)

gjulianm12y ago

Another neat expansion: !$ is the last argument of the last command you entered. Useful when you mistype the command name.

AndreasFrom12y ago

Alt+. does the same and (at least in Zsh) allows you to cycle backwards.

1 more reply

vacri12y ago

Another HN user mentioned being frustrated enough that they aliased 'fucking' to 'sudo', so when you use your trick, you get a bit of catharsis:

fucking !!

dclowd990112y ago

You just gave me 2 more years back.

joeblau12y ago

Heh, no problem here are 2 more bang tricks. !<charachters> runs the last command you ran that starts with the characters you type.

  !gre      # will run the last command starting with gre (so probably grep)

If you type history, then !<number to the left of the history command>, the shell will execute that command.

  $ history # shows command history
  $ !200    # executes command 200

1 more reply

graue12y ago

You can also press Up arrow, Ctrl-A to go back to the beginning of the line, add "sudo " and enter. This type of thing also works in most REPLs (Python, irb, Node, etc.)

mkenyon12y ago

Bash/csh have a wonderful history expansion feature[0]. I can never remember all of the modifiers, but I am learning them slowly.

[0]: https://www.gnu.org/software/bash/manual/bashref.html#Event-...

calpaterson12y ago

The section with William Hague (UK Foreign Secretary) at the end of the video is priceless.

vukmir12y ago

... ask not what your country can do for you — ask what you can do for your country ... JFK would be proud.

gautamsomani12y ago

hehehe. Good one.

gojomo12y ago

Awesome. Advanced assignment: build a search engine which for each jurisdiction only contains results blocked-in-Google-by-legal-threats in that jurisdiction.

kordless12y ago

No comments? I guess Hacker News gets blocked when you install it. :)

pvnick12y ago

Step 1: Put your dic (delete)

pns.py

I was cracking up. Brilliant!

milesokeefe12y ago

He should have made the server run on port 69.

Hello7112y ago