Farewell 2014, hello 2015

https://www.flickr.com/photos/pyroeffect/14824514364/in/photostream/

2014 was a year with only one blog post, 2014 was a year with under a hundred wiki edits, 2014 was also a year of change. I passed both my PRINCE2 Foundation and ITILv3 Foundation exam, I passed my RHCSA exam and now wrapping up my RHCE and Professional Scrum Master exam.

2014 was also the year I gave my first Scrum-course and the next course is planned. 2014 was also the year I gave a presentation with Martin Simons from Webhuis about CFEngine at the small conference organized by Cohesion.

2014 was also the year I switched from Debian to Fedora on my desktop due to a hard disk failure, but backups saved the day. 2014 was also the year I switched back to self-hosted services and deleted or cleaned out accounts with oversea services. Hopefully more services for me will follow in 2015, but we will see.

For now it is reducing my todo-list and automating certain tasks so I don’t have to spend time on them anymore. Hopefully this will lead to posts about CFEngine, Nagios, LDAP and PHPUnit, but again we will see how things go. So let make this a productive and relaxed 2015 for all.

Blocking the piratebay

In a previous post it became clear that censorship in The Netherlands has started. Due to the nature of the Internet and how it has been implemented in most lands, it means there is no central point of control to stop all to an IP-address. This means every network owner needs to take action, but how do they do it?

In the case of thepiratebay.org it looks like it has been done by manipulating DNS-answers. The first attempt is just using the DNS-resolver from the internet access provider and the second is an attempt using Google public resolvers.

$ dig thepiratebay.org
 
; < <>> DiG 9.8.1 < <>> thepiratebay.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6811
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; QUESTION SECTION:
;thepiratebay.org.		IN	A
 
;; ANSWER SECTION:
thepiratebay.org.	10	IN	A	194.109.6.92
 
;; ADDITIONAL SECTION:
thepiratebay.org.	10	IN	TXT	"Forged by XS4ALL for Stichting B.R.E.I.N."
 
;; Query time: 19 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Sat Feb  4 08:15:35 2012
;; MSG SIZE  rcvd: 104
 
$ dig thepiratebay.org @8.8.8.8
 
; <<>> DiG 9.8.1 < <>> thepiratebay.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 4847
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;thepiratebay.org.		IN	A
 
;; ANSWER SECTION:
thepiratebay.org.	2596	IN	A	194.71.107.50
 
;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb  4 08:16:16 2012
;; MSG SIZE  rcvd: 50

By just changing DNS resolvers on the client or internet router the censorship can be bypassed for now. The question remaining is how long this is going to stand when the first article is published by a big computer magazine on how to bypass it. Or when sites also get an .onion to bypass DNS completely.