
Publishers blocking IPs for alleged sci-hub use - jboynyc
https://twitter.com/HPS_Vanessa/status/1149648473819500544
======
dublinben
Mirrors:

[https://archive.is/20190712170650/https://twitter.com/HPS_Va...](https://archive.is/20190712170650/https://twitter.com/HPS_Vanessa/status/1149648473819500544)

[https://web.archive.org/web/20190712170652/https:/twitter.co...](https://web.archive.org/web/20190712170652/https:/twitter.com/HPS_Vanessa/status/1149648473819500544)

------
lolc
I don't think this is about using Sci-Hub. It looks like the journal is trying
to prevent mass-exfiltration of its articles to Sci-Hub.

Why would they do that based on IP-addresses and not based on accounts? Maybe
they're actually combining those. So when an account used the same IP-Address
like a "ripper" account, it will get associated with it. And the blocking
message shows the old address. This can easily happen at a university where a
lot of accounts access the journal through the same IP-Address.

Well... Sci-Hub doesn't have these blocks. So just use that service if you
want to get work done.

Also, WHOIS says the IP-Address 86.168.188.188 is used by British Telecom:
AS2856 BT Public Internet

~~~
eli
Aren’t most accounts site licenses? I assume it’s like a raspberry pi running
on a university library network somewhere

~~~
lolc
You mean you don't have to login to use the journal? That authentication is
done by IP-Address? Possible, I don't know how they implement access-controls.

Sounds like a fun way to piss of universities who pay for access: Block their
gateway!

~~~
matwood
> You mean you don't have to login to use the journal? That authentication is
> done by IP-Address?

Depends on the journal/resource. Many resources purchased by universities are
authenticated by IP. It's less friction for students when trying to access
something, and provides psuedo-anonymity.

There is some push to move to something like OpenAthens for all
authentication/authorization, but universities do not want to lose the privacy
aspect for their students.

~~~
cybert00th
> _There is some push to move to something like OpenAthens for all
> authentication /authorization_

Or shibboleth - we treat shib as a gateway to our auth service at this here
journal publishing salt mine.

Seems to work well enough - at least, the roof doesn't fall in on us when an
IDP entity (federation of universities, et al) goes offline denying their
collective users access.

A "have you switched it off and on again" message to the federations IT bods
usually works.

~~~
Spivak
Ugh Shibboleth, the greatest SSO system if anyone, including the original
developer who wrote it, could figure out how to configure it properly.

I've always wondered how it ended up catching on in seemingly exclusively
academia.

~~~
QIjwnVohaNycJ2
> including the original developer who wrote it, could figure out how to
> configure it properly

Oh, Scott knows how to configure it, the problem is he's the only one. I'm a
developer at the university works/created it at, and anything that needs to
use shibb goes through him. Fortunately, he manages all the configuration (I'm
assuming because no one else here knows how), requesting shibb for a new site
or whatever is dreaded. It's almost a rite of passage for devs to get a
scathing email back from him (almost always in less that 5 minutes) because
your request wasn't filled out correctly, the worst part is he will only tell
you what you screwed up and not give much help (or any) as to how fix it, and
then indirectly (or I've heard directly too) to not waste his time.

As a user, shibb isn't really that bad. As a developer, I hate it so much.
Scott, from what I can tell, is a strictly Java developer. So that means we're
stuck with Apache and a shitload of XML, there exists a module on GitHub to
integrate shibb with Nginx which I think literally every dev here I've talked
to would love to be using rather than Apache, but that's probably not going to
happen here unfortunately. And Apache with all the XML crap wouldn't be all
that terrible if the documentation wasn't extremely vague or just plain
missing.

I wanted to get some extra information about the user on signin that,
according to the docs, would be available but wasn't clear enough that I felt
I could just go in to even our staging servers and monkey around with. So, I
figured I throw together some docker containers tinker with before I did it on
anything real. It took me an entire week, to get a working shibb setup in
docker since the docs literally only got me as far as getting things installed
before they stopped being helpful. But, I'm now the only one in my department
(at least) that knows how to get shibb up from scratch -- but I wouldn't trust
it outside development.

Apologies for the rant, but shibb is probably my least favorite thing I have
to deal with here -- when you hear the guy that made it works here, you'd at
least think we'd get some good/helpful information about it from the source,
but he seems quite happy being the only one that knows anything about it.

------
enriquto
I hope scihub engages in a full-scale campaign for university professors
setting their computers as scihub proxies. Only a professor in each major
university would suffice to block all universities from the extortionist
journals! That would certainly be a boost to scihub!

~~~
ryanlol
Scihub is probably just buying hacked edu proxy/vpn creds for 1-2 dollars
each. There are widespread phishing campaigns targeting .edu mails, and lots
of sites selling the credentials.

~~~
calcifer
That would be extremely counterintuitive given how pristine Scihub's image is
among academia. It is much more likely people are "donating" access from
within university networks.

~~~
Mathnerd314
When every talk, study, etc. discussing it (e.g.
[https://greenelab.github.io/scihub-
manuscript/](https://greenelab.github.io/scihub-manuscript/)) includes a
statement like "Users of Sci-Hub do so at their own risk. This study is not an
endorsement of using Sci-Hub.", I don't think it can be called pristine.

And from articles like [https://scholarlykitchen.sspnet.org/2018/09/18/guest-
post-th...](https://scholarlykitchen.sspnet.org/2018/09/18/guest-post-think-
sci-hub-is-just-downloading-pdfs-think-again/) there seems to be some
connection between Sci-Hub and the cyber underworld, although perhaps it's
just the cyber thieves sending Sci-Hub papers and Sci-Hub isn't an active
participant.

~~~
calcifer
> "Users of Sci-Hub do so at their own risk. This study is not an endorsement
> of using Sci-Hub.", I don't think it can be called pristine.

People being forced to cover their asses due to a broken copyright system does
absolutely nothing to tarnish Sci-Hub's image.

> articles like [...]

Well, you'll have to excuse me if I don't take the allegations of a publishing
industry mouthpiece like SSP seriously.

~~~
ryanlol
>Well, you'll have to excuse me if I don't take the allegations of a
publishing industry mouthpiece like SSP seriously.

Just read some ezproxy mailing list posts then, there’s a plenty of edu
sysadmins who have discussed this and don’t work for the publishing industry.

------
hedora
Honest question: I want to download all papers I am an author of (I have joint
copyright, and limited redistribution rights for all of these), but I don’t
have logins for the publisher sites for all of them, and finding the long tail
of papers in my backups is a PITA.

I haven’t used scihub, but it sounds like the best tool for this purpose. Any
hints on how to proceed? Has someone written a script to do this or something?

~~~
this_was_posted
[http://gen.lib.rus.ec/scimag/](http://gen.lib.rus.ec/scimag/) I would use
this

~~~
mpfundstein
Ah genesis lib. My saviour :-)

------
judge2020
Archive.org:
[https://web.archive.org/web/20190712120132/https://twitter.c...](https://web.archive.org/web/20190712120132/https://twitter.com/HPS_Vanessa/status/1149648473819500544)

------
jsilence
Still wondering why SciHub is not yet on IPFS or dat://.

------
eli
Surprised it took so long

