Hacker News new | comments | show | ask | jobs | submit login
“Two days ago the police came to me and wanted me to stop working on this” (github.com)
1543 points by realfuncode 613 days ago | hide | past | web | 526 comments | favorite

I was visiting China recently (my first time there). I thought bypassing The Great Firewall was going to be as simple as an "ssh -D" SOCKS setup, or a "ssh -w" tunnel. Oh boy, I was wrong. If you try this, or even a basic OpenVPN setup, you will quickly find out your VPN works fine for about 5 minutes, but then latency increases to 5sec, 10sec, 30sec(!), and then everything times out. After some research I read online the government does deep packet analysis and uses machine learning to find heuristics to guess which TCP connection or UDP stream is likely being used as a VPN. When they think there is a high probability a VPN is detected, they simply start dropping all the packets.

Encryption is not enough. You need to disguise your VPN traffic to make it look like standard HTTPS sessions (since they don't block HTTPS). For example in a traditional HTTPS session, if the client browser downloads, say, a 500kB image over HTTPS, it will send periodical empty TCP ACK packets as it receives the data. But when using a VPN that encrypts data at the IP layer, these empty ACK packets will be encrypted, so The Great Firewall will see the client sending small ~80-120 bytes encrypted packets, and will count this as one more sign that this might be a VPN.

That's why people in China have to use VPN tools that most westerners have never heard of: obfsproxy, ShadowVPN, SoftEther, gohop, etc. All these tools try to obfuscate and hide VPNs. I have a lot of respect for all these Chinese hackers like clowwindy who try to escape censorship, as it takes more technical prowess than you think to design a VPN that works in China.

I am in Iran , you cannot believe it , same here , They use deep packet inspection too, they will shut every package down. every open vpn , cisco vpn , etc connection will lose connection every 2-3 min . Connection to outside web is almost impossible.

I have noticed they have multiple situation, for example when everything's quiet internet is not so bad (despite the fact bandwidth is extremely low for huge amount of people), but when some news came out about government corruption, guess what ? some vpn does not work . In 2009 green movement they closed every https connection.(maybe that was red alert situation)

p.s : https://en.wikipedia.org/wiki/Deep_packet_inspection

p.s. : I use vps from netherlands for bypassing firewall. but It takes huge amount of time and a little money.but the point is 99.999% people don't have this option (I use shadowsocks, sometimes another tunnels) so they use internet the way is or some software like freegate and other but with extremely low speed unbearable lag.

p.s. : pptp, l2ps and others are closed right now. even president rohani couldn't manage the situation . I have heard he did want to do something but supreme leader and his people stopped him.

A few years ago I had a friend visiting Iran who wanted unrestricted access to sites. I didn't have any personal Linux servers on the internet at the time, but I did have a Windows one with Remote Desktop licenses.

It turned out that RDP actually worked pretty well. I did hesitate to post this in case it's seen by the wrong people(!), though given it's a while since it was necessary to use, it may be blocked by now anyway.

I wonder if it was available because it was relatively little known and, if so, what other little known protocols might be available.

sadly with RDP you cannot have same experience.it is not about 1 or 2 site , for example for me , my vpn connection is always on because there is not internet without it.but with RDP loging into another machine , with all lag you see , is almost impossible at least for power user like me which most of the time have 50+ tab open in chrome in site's like youtube , android dev doc's, etc.

You can RDP into a machine and use the browser there.

But you have to send a packet every time the remote screen changes. It is much more demanding on network resources than a VPN and thus will be more difficult to use on a daily basis.

Why nos havig a local cache like wwwoffle (someone has to reimplement such a thing) or squid? that way you won't need a connection just to browse a bunch of (mostly static?) html pages... just sayin'.

You can get arrested for hosting illegal web content. All public facing servers in China must be registered at the government, or they can get raided.

I'm not sure but I suspect that they got the technology (hardware and software) from China too.

As a Chinese netizen I don't know if I should be proud that we have world-class advanced technology or be ashamed. Possibly ashamed.

Allegedly it's mostly or at least originally Cisco's technology: https://insidersurveillance.com/cisco-huawei-and-semptian-a-... .

At first China also used Cisco's stuff, but soon they could't keep up with the requirements of the Chinese govt. After that a man usually criticized to be "the father of GFW", FANG Binxing, came up and built more powerful censorship hardware and software for the govt at Beihang U. It is said that they now use supercomputers to parse, analyse and block (and even inject, remember GitHub?) all packages going through the Chinese network boundary.

Oh I just gave away so much secret. I'm so doomed. Everything above are just made up stories. Don't believe me. Don't track me down. Please.

There's one mistake on your statements. It's at Beiyou U that Fang Binxing get all those things dones.

It is not a secret at all....

And let's not forget BlueCoat.

These are our colleagues designing and implementing these tools of oppression. We should ask them why they exercise their talents in this way.

"Of the ten conflicts in human history with the highest death tolls, five were civil wars in China.

Chief among these was the Three Kingdoms War when up to 40 million are reckoned to have perished in military operations and from the destructive consequences of warfare. This is an enormous number, considering that the global population at that time is unlikely to have exceeded 400 million. More recently, the Taiping Rebellion claimed more than 20 million lives while the civil war that brought the Communist Party to power resulted in 7.5 million deaths, over and above the 20 million estimated to have been killed in the roughly contemporary Japanese invasion.

This is not the history we were taught at school but Chinese leaders are well aware of these facts.

When disorder breaks out in China, things turn very nasty indeed.

It is best, therefore, to avoid disorder at almost any cost."

That is why.

Or would you prefer to have China descend into the chaos of Rwanda or Sudan ?

Wait, I may be misunderstanding your comment, but are you saying you support censorship by the Chinese government on the basis of some paternalistic "those dang Chinese can't handle themselves and start a-killin' if they get to know too much, so it's better to keep them in the dark"?

Also, when quoting large blocks of text it is usually helpful to source that quote.

Oppression causes civil wars.

If they are using oppression to avoid disorder, they better have long term plan. Otherwise they are digging their own grave.

Not many people fear of chaos in the USA and not because they have the best firewall.

Historically, I believe it would be much more accurate to say that opportunity creates civil wars. People start wars because they think they can win.

Incidentally, in most of those Chinese conflicts (4 out of 5 I believe), they were right. Many other wars were similar : starts with "immigration", numbers increasing, conflict, open conflict (and mass death), repression (of the losing side). Extermination is often tried but rarely succeeds. Well it succeeds in causing mass death, but it doesn't succeed in the sense that extermination is the result.

Millions of doomsday preppers may disagree.

> Millions

There are not millions of doomsday preppers in the US. And their obsession is not representative of public will or sentiment.

The comment you're replying to said: >Not many people fear of chaos in the USA and not because they have the best firewall

So you seem to be saying that if the US had a Great Firewall the nutjobs who spend half their salary on underground bunkers and armament wouldn't. That's a pretty silly argument.

Well, thousands anyway.

Good statement so far. But wait... do you assume that censorship could cause another civil war or could avoid another civil war? And where is your reasoning or evidence?

It doesn't take much to motivate someone to do it. A paycheck is enough 99.99% of the time.

They probably appreciate having their family alive...or something. It'd be better if our colleagues who don't have their hands and relatives tied to create and proliferate liberating software.

Are you saying that Blue Coat (based in Sunnyvale, California) develops censorship tools in order to keep their family alive? Who is threatening them?

I propose proud of the technologists, ashamed of the political system :)

be sure soon the dev will be cordially invited to write the deep inspector for that vpn if it ever leaves the ground.

and i wonder if filling the apple form helped them finding him or it was just bad timing

I heard rumors that that before Halal Internet was launched the censorship of Iran was relegated to Huawei, the same company that builds and maintains the Great Firewall...

Yes , I have heard it too . halal internet not going to launch , because Rohani is not believe in it and tries to postpone it every year(maybe they have technical issues too , I don't have information) . all military site's have ethernet and connect to each other with it.

wish you all the best. I pay 5$ for a digitalocean droplet to provide my family in Iran with an OpenVPN connection. This works quite well, we do not have any issues so far.

I have a friend in Iran and I let him use one of my servers as a proxy using the ssh -D flag. This has been working well so far as I know.

In my experience ... spending a lot of time working in China ... most people use Astrill or ExpressVPN. I'm surprised no one has mentioned them here yet. They own the VPN market in China. Almost every senior developer I've met here subscribes to one or the other -- with Astrill being far ahead in terms of user base. They both champion their "stealth" options and other than the odd day you don't really notice the GFW.

Pretty much all the ISPs sell "international lines" as well. But only as part of their business packages. Usually it will run for about US$1k/mo - US$3k/mo with minimum 1-2 year contract for their "starter" package. Most tech companies in my area have them; they work very well. Essentially they are a hardline to Hong Kong and they ration out to subscribers.

They key thing to understand about the GFW is that it's not about general censorship of the population. Frankly the government doesn't care if someone who is middle class, i.e., invested in the status quo, gets around the GFW. They are more concerned about conservatives in lower classes trying to organize to stop the move towards capitalism. And it's mostly about protecting the market now so local companies can get access to these lower classes as their position improves and they join the middle class.

I don't understand, who can afford US$1000 per month? I'm assuming only medium-large businesses, so do they divide up these "international lines" among their employees or something? Can these employees also use these lines at home, or only in the office?

It's for business of course, mainly international companies I guess. Local companies don't need to cross the firewall. Employees can only use these lines in the office. Actually most Chinese are not aware of the existence of the Great Firewall (GFW), really bad.

In the tech field, everyone is very very aware. I can't speak about other fields though. In my experience, pretty much anyone who is middle class or above knows about it. Granted middle class and above is only about 300 million of the almost 1.4 billion people -- so very much a minority. Granted China is huge and I mainly move in tech circles so YMMV.

It's not just international companies. Chinese companies are all about going overseas now. China is now a next exporter of investment. Plus it seems every company with an app that has a moderate amount of success wants to reach Chinese outside of the China -- they have more money -- and so need to integrate with blocked services like FB. And exporting Chinese online games to other developing nations is really taking off.

Thanks for your info. As a graduate student major in civil engineering in China, people around me come across the firewall when they need Google Scholar, which is rare also. Sometimes they come to me for help to get access to sites like Google Scholar. But, believe me, they don't care about what is GFW or anything about the censorship. yes, the big brother is watching and they want to be good netizens. Traditional industries like CE don't depend on internet much, so GFW does not have much influences on them. Even to programmers in internet companies, I doubt the proportion of people accessible to the free internet. Above is based on personal experiences and may not be that precise. Things are complicated in China anyway.

As an undergraduate student majoring in software engineering in China, I'm interning for a foreign company and we have access to free internet through proxies. And in my experience, most programmers regard free network as a necessity. And for people in large cities, it is true that they don't actually care about GFW, but I think many of them are at least aware of the existence of it, and sometimes break through it out of curiosity.

Yes, Astrill and Express VPN has been popular in China. But probably because they are too well-known, their services are not totally reliable. Instead, some smaller VPN providers now offer better services. Check out this test result: http://www.vpndada.com/best-vpns-for-china/

I visited your page expecting to see details of a testing methodology, along with results for a number of providers. However, the information you provide is no better than that provided by friends' anecdotes.

"Reason for Recommending: Reliable connection, fast speed. Fast customer support."

What do you mean by 'reliable'? What do you mean by 'fast'? Are you talking about latency or throughput?

"Reason for not recommending: sometimes hard to connect"

How many times out of ten? Using which VPN protocol(s)? Was this using PPTP, or OpenVPN over stunnel?

I run my own VPN servers (for myself and friends) but of course there is some ongoing maintenance effort to add new servers to replace those for which latency and/or throughput have declined. If there were a site with specific data about different companies' performance (over time), that would help me to decide whether it's still worth the effort.

I've had almost the opposite experience. VPN sort of worked, but I could not open a single HTTPS connection. The VPN problems I had I could trace to a bad WiFi connection (I had to lower my MTU and it worked fine).

Now, on previous trips I experienced what you mentioned. It seemed really like there was some machine learning going on, and after using a VPN for a while the connection would get bad. But I guess it might not be machine learning, there might just be a huge number of humans watching your traffic - which would explain why it is so inconsistent.

The thing that worked best for me is just using ssh -D (on most days). Our workplace uses ssh a lot for secure communication with outside china, so that couldn't possibly be blocked without hindering our work (and I believe 'they' have no interest in that). So whenever I had to access something for work that was sillily blocked (argh gmail), I just used the ssh connection that was open anyway.

Actually this is classic daily life of a chinese netizen: you are never quite sure what the cause of your network woes is (not without spending time digging into it). Is it due to ISP QoS, or is it reset by GFW, or is it just mere network failure?

And what most ppl do when facing this? They choose a local service instead of Twitter, Facebook, Youtube, Google. See, censorship is only a part (though a vital part) of the grand scheme.

This is a great talk about some of the methods China and other governments use to block the Tor network: https://www.youtube.com/watch?v=GwMr8Xl7JMQ

It's a pretty sophisticated arms race that's lead to some cool stuff, notably pluggable transports (like the obfsproxy you mentioned): https://www.torproject.org/docs/pluggable-transports.html.en

Unfortunately the companies that enable this deep packet inspection are often American companies working overseas. My friend who used to work at Cisco said they had internal slide decks about the improvements they could make to the Chinese firewall. Then there's Bluecoat in Sunnyvale (https://www.bluecoat.com/) building the censorship systems for the middle east.

Why do American companies sell this kind of stuff to China and non-democracies in the middle east? They must rationalize it in someway, but I think it's wrong.

> Why do American companies sell this kind of stuff to China and non-democracies in the middle east? They must rationalize it in someway, but I think it's wrong.

Pursuit of the almighty Free Market without regard for scruples or morality. Basically, public corporations base success only on money. If you as an executive refuse to bow down before Mammon[1,2] then you are replaced by someone who will. Seealso Charles Stross' excellent Invaders From Mars[3]. The Chinese government and other regimes pay big money for these tools.

[1] https://en.wikipedia.org/wiki/Mammon [2] https://en.wikipedia.org/wiki/Mammon_%28Dungeons_%26_Dragons... [3] http://www.antipope.org/charlie/blog-static/2010/12/invaders...

Note: that video is from 2011, and in my experience China's VPN blocking has changed significantly over that time. In 2011, I could use OpenVPN over UDP reliably, as long as I didn't use the same port for every connection. That is no longer the case, and I'm grateful for Shadowsocks as it's easy to set up (both server-side and Android client) than OpenVPN over stunnel.

Very interesting... I was just in China recently and was sshing into a box I had in the states for an impromptu SOCKS proxy. I did notice that things would work fine for up to an hour or so before things started bogging down. I would start seeing "channel x: open failed..." errors. However, closing the session and reconnecting would fix the problem... until it started lagging out again.

I thought it was just a consequence of being on spotty < 5mbps(ADSL?) connections. The internet situation was barely tolerable for a few weeks stay; I can't imagine what living in these conditions 24/7/365 is like.

I'm always brought up short when someone says/writes "24/7/365" because it really doesn't make sense.

"24/7" means 24 hours a day, seven days a week.

"24/365" means 24 hours a day, 365 days a year.

"24/7/365" means 24 hours a day, 7 days a week, 365 weeks a year?

I know, I know, it's become an idiom, and it's like "I could care less", and you can't try to understand it except as an atom that caries a meaning, but it just looks wrong to me.

Sorry - I'll now return you to your regular programming.

As an expression of time, its origin is a relation to business hours. 24 hours is "we don't close overnight." 7 days is "we don't close on weekends." 365 days is "we don't close on holidays." Those are the standard periods of unavailability.

If the sole holiday were a single Golden Week sometime in the year, the idiom may indeed have been "24/7/52", but holidays are simply scattershot like that.

The slashes aren't maths operators, they're language/grammar/shorthand. The lexeme as a whole is merely a mnemonic for the linger phrase: "24 hours per day, 7 days per week, 365 days per year."

It's not that the individual segments relate to each other. Rather they answer three sets of questions:

What are your daily hours? All of them. 24 hours / day.

What weekdays are you open? Again, all of them. 7 days/week.

What holidays do you observe per year? None, we're open 365 days/year.

Since there's rarely a monthly cycle to business closings and there aren't a standard number of days per month, that's elided.

It also helps to realize that human timekeeping is really based on three independent phenomena which are utterly unrelated. There are day-based units: seconds, minutes, and hours are all subdivisions of the period of rotation of Earth about its axis.

The month is based on the Moons orbit about Earth. That it is roughly 30 days is a notional convenience, similarly its rough divisibility by 4 into 7 day periods. The week is entirely synthetic (though profoundly persistent).

And the year on Earth's orbit about the Sun. Again, relationship to days and months are entirely arbitrary.

That's why it often seems time units are arbitrary. They are.

There's a brief book which Kay's this ought and traces the calendar through time, The Seven Day Cycle.


  7 *days* per *week*
  24 *hours* per *day*
  365 *days* per... *year*
Why you'd read that as 365 weeks per year I'm not sure, because there's no pre-established convention that would lead you to interpret it that way (both 24 and 7 would have to be "per week"), and most people know there are 365 days in a year.

Just trying to help. ;-)

But it doesn't make sense to say:

  24 hours a day, 7 days a week, 365 days a year.
That just really doesn't make sense at all. I know that the numbers means, and are for, but if someone is saying every hour in the year, to say 24/7/365 is just nonsense.

Of course, this is a losing battle. People just don't care if what they say makes sense, they just say stuff and assume that people will understand. This is one of the things that makes language bizarre, miraculous, infuriating, and impossible to analyse. I note examples like this because they are caltrops on the road for NLP.

They are all relative timeframes by which a store my be closed; certain hours during the day, certain days during the week, and certain days during the year. Your inability to make sense of it doesn't affect the rest of us. It's like a creationist saying evolution doesn't make sense to them: at some point it is the result of a willful ignorance that you are bragging about. It doesn't make for very interesting trolling.

  > They are all relative timeframes by which
  > a store my be closed; certain hours during
  > the day, certain days during the week, and
  > certain days during the year.
Huh. That's a way of interpreting it I'd never seen. Thank you.

  > Your inability to make sense of it doesn't
  > affect the rest of us.
No, except that it may help people see that what they think is obvious isn't always obvious to others.

  > ... it is the result of a willful ignorance
  > that you are bragging about.
Well, that's obviously your interpretation, but if others see it that way then it explains the hitherto mysterious yoyoing of points on my comments.

  > It doesn't make for very interesting trolling.
I find it disappointing that you think I'd troll.

>what they say makes sense

I would argue that no single statement can make sense. Sense is made when multiple statements are combined.

It's really all just about appropriate cognitive load. Every statement must be processed and it's great to be as accurate as possible and as accurate as the consensus agrees to.

Anything higher quality than that falls under the category of "great writing," which only a handful of people cherish.

Hey, FWIW, you've completely convinced me to never use this phrase again.

So you read 24/7/365 as 7/24/365? That only makes sense to Americans, I guess.

24/7/365 is dead. Long live 24/7/52!

I agree with the understanding that each segment of 24/7/365 addresses a different possible shutdown condition.

And I'll add that "I could care less" derives from the earlier "I couldn't care less", which makes a lot more sense. See http://blog.dictionary.com/could-care-less/

24/7/52 does seem more logical...

365 means they don't close for holidays. I don't know what 52 would mean.

There's 52 weeks in a year.

24 hours in a day, 7 days in a week, 52 weeks in a year.

What business closes for a week out of a year? Are there businesses which are 24/7/50?

Well, where I work at is 24/7/51.

Interesting, are you in Europe?

UK. Last week of the year (Christmas celebrations and so, you know) this joint shuts down.

Gotcha, here in the US most people will take off that week, but no business would ever shut down entirely for a week. You'd piss off all of your customers and associates. (Which is why American workers hate dealing with ones in the EU, they're always on vacation!)

Whoever doesn't stay home during the Christmas period in the US gets accolades from management, so there's incentive to work if you're career-focused.

> I thought it was just a consequence of being on spotty < 5mbps(ADSL?) connections.... I can't imagine what living in these conditions 24/7/365 is like.

In my experience splitting my time between North America and China, the difference is not terribly noticeable once you invest in a solid VPN -- which everyone does.

The network speeds here are generally far better than NA -- in tier 1 and tier 2 cities at least. If you're accessing site in China, i.e., not going through the GFW, the average is far better than you'd find in the US. However the GFW slows everything down. However, there are a handful of VPN providers that specialize in getting through the GFW: notably Astrill and ExpressVPN. This those on my phone, tablet, and laptop it's easy, you'd never know you were in China -- expect the odd day when you have to hunt for a different server. Most experienced developers here subscribe to one of them.

Also, a lot of tech companies subscribe to "international lines". Pretty much all the ISPs offer them to business customers. They are expensive but they work very well. Usually about US$1k/mo to US$3k/mo on contract. The international lines are just hard lines to Hong Kong.

Yea, in my most desperate I wrote a script that opened ~10 connections and kept restarting them and used HAproxy as a frontend. It was maybe helping, but honestly, I couldn't tell. Luckily I discovered shadowsocks soon after that.

Working in such network 24/7/365 means I have to spend about $90 per year on my vpn service, and keep vpn connection all the time when working. (otherwise google and SO will not come to save me from problems.)

Were your DNS queries going over SOCKS?

Back in 2006/2007 when I was doing web development, I knew a few people at F5 and Zeus Technology (developers of application firewalls at the time), and they said The Great Firewall was using loads of F5 tech with deep packet inspection for all data.

I assume 9 years later (don't know what the modern tech for web stuff is these day, but I assume encryption plays a key part) they're doing just as intrusive inspection and filtering of data.

Encryption is not enough. You need to disguise your VPN traffic to make it look like standard HTTPS sessions (since they don't block HTTPS).

In other words, steganography.

How do multinational companies' china offices get through the firewall? For example if my company uses Google apps, how do I ensure that my china office has access?

Pay one of the telcos (i.e China Unicom) for an MPLS circuit out of the country.

Also, international performance in general can be quite bad at peak times (i.e 30% packet loss), I suspect due to Comcast-style management of international transit. But if you buy a transit circuit from Unicom, no problem!

Edit: to add to the grand parent, I've actually found ssh -D/-w0 (for a TUN device) quite reliable from China. What I really want to do is run multiple connections from different end points with a routing protocol to do fast-failover.

> Pay one of the telcos (i.e China Unicom) for an MPLS circuit out of the country.

Don't suppose you could explain to us network plebs how that would bypass the Great Firewall?

It's a private network/route with traffic containing nothing but corporate data. Most multinationals facing this situation route out through HK, with a secondary failover usually in Taiwan or Singapore. Works a treat, but is costly and latency can be subpar.

It also doesn't solve the problem of mobile access to Google Apps for Chinese workers (Google Play Store & apps are not bundled by many (any?) Chinese OEM handset makers or carriers. You can root & sideload, or you can purchase phones outside the country and ship them to your employees, but even if you do this, there is still no guarantee they'll be able to access Google's apps while on cellular networks.

Google Apps will drain your battery when they can't access Google's servers. Roaming with a China Unicom Hong Kong sim card, like the cross border king, will give you gfw free access.

> Google Apps will drain your battery

Google Apps will also drain your battery if you are in a region where Google has no network-location data yet, because then Google will turn on your GPS, and send to their servers the pair of GPS-coords and strength of networks.

If you live in a suburb in Germany where almost no networks are known to Google, this means if you enable location services your GPS will try to get a fix 24/7, eating your battery in about 2 hours.

This is probably going to be an issue in China, too, considering that Google doesn’t have location data there.

I think you can turn this off. My phone has a setting called 'Scanning always available', which says "Let Google's location service and other apps scan for networks, even when Wi-Fi is off.". If I turn off this setting, and turn off wi-fi, then the problem you point out should be avoided, right?


But if you turn on WiFi and Location at the same time (which is not uncommon), then it will suck your battery dry in seconds. Turn any of those two off, and it works.

Oh. My phone has three options for 'Location mode':

- High accuracy (GPS, wi-fi, mobile)

- Battery saving (Wi-fi, mobile)

- Device only (GPS)

From what you say, it sounds like 'Device only' would save more battery than 'Battery saving'?

How do you setup a routing protocol to do fast failover? Is it easy?

For fast failover, you'd generally use BFD (bi-directional forwarding detection) in conjunction with a standard routing protocol like BGP, OSPF, or IS-IS. It's sufficiently complex to do on a proper networking platform, and even more difficult to do in a general purpose operating system. You can also just use aggressive timeout values with your routing protocol, but failover won't be quite as graceful.

As far as Microsoft office in Beijing, I think they VPN to their Tokyo office first. Their traffic is ensured by negotiating directly with the big telecom company. Disclaimer: I do not work for them.

This is correct

Source: worked there for a while

This is interesting, I'd love to read/hear more about it. Is the negotiation an above-board thing? What are the conditions and costs to getting this kind of exception ensured?

From what I've heard, it's something like 100 000 USD a year for a 100 Mbit connection.

Funny thing is: this is the same price payed in Brazil for a 100mbps MPLS link.

We have colleagues in china and generally speaking, you find an alternative, and host it on premise.

I believe this is the reason why they use Atlassian[1] products, where rest of us would use trello, e.t.c.

[1] company that created jira

Aren't there a dozen of bugtrackers, intranet collaboration software, CI tools and git hostings that they could download and install? What's so special with the Atlassian products?

those sucks a little less than, say, bugtraq, offer enterprise support on premises which you'd never use but you need to do the purchasing when you go for a big company and kind of have a big recognized name for their customization support even if their whole stack sucks.

I think the "enterprise support on premisses" is the main deal, along with the fact that we have already used it for some of our big projects.

I've heard that commercial DCs and high-end hotels are less censored.

I'm in the Sheraton in Qingdao atm, and it's definitely less censored, I can access YouTube and Google Apps just fine; where as earlier today from a business down the road these websites were all blocked.

Register your VPN with the authorities. We are atm doing this for a office in Beijing.

Is the primary purpose of your VPN to bypass GFW, or to provide access to your corporate network? I guess the latter would be considered a good reason.

yes, mainly to access the corp network.

Not all VPN services are censored, and not all VPN protocol triggers the reset. But you can bet whatever you get for free (thus likely popular), will get banned soon enough.

OpenVPN is like a prime suspect of a police procedural novel, it gets hunt down no matter what.

Personally experience: I did work for Microsoft Shanghai and VPN works just fine. You need to have the right set of tools, and better, have a good channel of negotiation with the government.

"Thanks" to the Great FireWall by one of the evilest governments, I might have to finally give up Gmail after many years struggling using it with the help of a wide variety of GFW-fighting tools. My deepest respect to all the authors.

This might sound a bit counter intuitive but they really hate OpenVPN and SSH tunnels - not to mention they are trivial to detect and the process is highly automated.

Traditional VPNs such as PPTP/IPsec as well as various forms of obfuscated proxies are generally not interfered with unless something major happens. A lot of the alleged "censorship" are actually symptoms of high latency and packet loss on home connections.

I suppose that means OpenVPN and SSH are too secure for the Chinese government to eavesdrop on. PPTP, on the other hand, has been known to be insecure for ages.

So... could you avoid detection by passing an SSH tunnel through a PPTP VPN? Add enough layers, and the censors might not bother to unwrap all of them.

Given that most US websites are now over HTTPS, breaking PPTP won't actually give Chinese government much information to eavesdrop on. They may know that someone is accessing Google or Twitter, but they cannot know the actual keywords or tweets they are reading.

Note that Chinese government does not have backdoor access to those US websites, nor do they control a significant fraction of Internet infrastructure.

What about Chinese signed root certs?

That is why it is recommended to untrust every Chinese CA from your system. It won't affect daily browsing even for most Chinese users. The super majority of Chinese websites, even state owned ones, buy certificates from US companies.

Yes you can. Shadowsocks was intended for the similar purpose of tunnelling traffic and it is a bit more flexible than GRE-based VPNs

IPsec is blocked now.

Blocked for a few established VPN providers e.g.Astrill. The protocol itself is not blocked per se.

You won't get a stable site2site ipsec tunnel for long. That's why you have to Register your vpn vor go mpls.

I currently use a mixture of PPTP and Shadowsocks. Shadowsocks (even to the same servers) seems to successfully connect a little more often, and drop a little less often. Otherwise, performance seems similar, and goes up and down.

Some of my friends have had success with VPNGate.


It's based on SoftEther VPN, which happens to be open-source and cross platform.


I'm using it for most of my VPN setups and I've generally found it to be superior to OpenVPN in every aspect (performance, usability, protocol support, obfuscation, etc).

This was exactly what I experienced in summer at China this year, no openvpn(not even commercial one or Linode self-hosted one), no ssh-tunnel, no other used-to-work vpn solutions.

For ssh it sometimes work for a few days then the whole IP/host is blocked.

I did not have to time try obfsproxy, shadowsock or whatever, but it really really sucked, to make things worse, my Nexus phone could not get any updates etc either, as Google is also _fully_ blocked, I felt I was back to Stone age there.

I have a good amount of recent experience with this. I found that it wasn't just a matter of your connection getting blocked; if you leave it up you'll experience some unreliable good periods (so, say, a torrent would download through the VPN overnight without a problem, but if I wanted to use the internet at any particular time, my connection was unlikely to be working). But yeah, I ended up signing up with Astrill.

When I was in China last year I had no problems using OpenVPN on my Holland based server.

Hotel WiFi may not be as restricted as the average citizen's connection. Local 3G/4G service may be more restricted than your home provider's roaming service. It's a bit of a crapshoot, but the GFW is definitely targeted more towards locals than visitors.

The Chinese authorities neither understand how FOSS works nor the Streisand Effect.

Not having to worry about != not understanding

I'm curious, what is the risk of getting caught, and what is the penalty?

Spending on what you do, detainment, torture, death.

Based on my experience, if you set up a VPN server (such as OpenVPN) by yourself and use it in China, you will see strange behaviours and the VPN server might stop working after some time. As a result, I've given up using my VPN but been using third party VPN service, which works better. Here's a list of VPNs that currently works in China: http://www.vpndada.com/best-vpns-for-china/

"you will quickly find out your VPN works fine for about 5 minutes, but then latency increases to 5sec, 10sec, 30sec(!), and then everything times out"

I recall the same thing occurring in Shanghai with many of the popular webmail services, they'd work briefly, usually just long enough to log in and get a glimpse at an inbox, then it would time out endlessly and that'd be it.

> Encryption is not enough.

I use an unencrypted PPTP VPN and the connection is really fast and stable here (Shenzhen, China Telecom). I have tried OpenVPN and ssh but both were much slower. FWIW, I don't believe using a VPN is illegal in China (though operating a VPN service without a license most likely is) and pretty much every single foreigner I know uses one.

PPTP is not secure. You need to open another, more secure, tunnel within your PPTP session.

According to a recent file. Using a VPN isn't illegal. But hosting an unregistered VPN service in China is illegal. And the right of using an unregistered VPN service is not guaranteed.

Per the other comment, MS-CHAP2 is crackable. The PRC govt is probably happy to encourage people to think they're secure using it.

Yes, that was my point. They are happy to let people circumvent the firewall as long as they're still able to read the traffic.

How do foreign organizations with email and internal applications inside the firewall do business in China? Do they simply have to make an exception to their security policies for employees based in China? Put them on Baidu email accounts instead? Or are IT departments of big lumbering fortune-500s also dependent on these tools?

No. Big foreign corporations, like in all countries, VPN back to their home country. The same all over the world.

Internal policy dictates this, all over the world.

Email is usually on self-hosted Exchange.

Corporate firewall blocks stuff like Youtube and Facebook - also the same over the world, but some users with the business need can access whatever the business need dictates.

Some large companies just bypass the national firewall for speed reasons - this is negotiated with the government on an individual basis - pragmatically this makes sense, as the traffic is 100% encrypted back between fixed sources and destinations, and inspecting it just wastes resources for all parties. Some corporations may also have their websites for the public access bypass any filtering, also for speed reasons (for example, internet banking).

So exemptions from the VPN detection/shutdown mechanism can simply be negotiated by those with the political clout to do so?

Indeed. The point of the GFW is to prevent political unrest. MNC's workers are unlikely to be fermenting dissent at work. Deploying the GFW on their connections doesn't really aid the government as a whole in terms of staying in power, but it does mean that MNCs will get pissed off and may reduce their presence in China.


Weird, was just there a month ago for two weeks and used https://www.expressvpn.com/ with no issue. I mostly cruised reddit / the internet so maybe there wasn't enough volume.

It depends. I am a bit surprised that reddit is not blocked. Neither is hackernews. Apart from classic Google, Facebook, Twitter, AWS is targeted intensely for its role in "affiliated freedom", to the point releases on github are blocked, others not as much.

Why go through Internet access providers in first place? Just get a radio transmitter and start broadcasting on short waves with encrypted digital modes... at least for short, critical transmissions.

At 1.2kbps?

Q: "Would you like a free, uncensored system to talk to anyone in the world? On top of that you could also send data at 1.2 kpbs, again free and uncensored. You just need to swich frequencies quite often and randomly, in order to avoid that the bad guys will track you down..."

A: "No, 1.2kpbs is not enough, thanks but I prefer censorship."

Is that what you're saying?

Sorry, I've already had my fill of stupid arguments on the internet for the next couple days. Maybe some other time we can get together and do our best to misunderstand eachother.

Haha. Ok. And sorry.

using ssh tunnel works just fine in china but they detect it and start blocking the ips. You can usually get a few weeks before they block the ip address. It works better if the server is from a legitimate source like an edu.

Most of the detection is focused on blocking vpns and they are very good and disrupting vpn traffic

Sounds like an overseas vendor needs to drop a blanket of satellite internet coverage over mainland China.

Sounds like you live in a world where you didn't notice that China became the second most powerful economy, and which will become the most powerful economy within a decade or so. Of course they're going to have the military to go with that:


The great firewall is a cowardly, non-confrontational technical infrastructure. I don't see China using a multi-billion$ missile system to shoot down a harmless foreign communications satellite that also served people outside of China. They're smarter than that.

... usage of which would be detected, and the users arrested and hauled off for "questioning" about spying and/or being a terrorist.

And using a VPN doesn't have these risks?

Of course it does, but they have a less expensive and more effective means of enforcement, which is just to shut it down. That's effective because the actions they take at a single location apply to a large number of infringements.

But if they can't shut it down via technology, they'll most likely shift to individual enforcement and harassment. In that case they have to chase people one at a time, so to get widespread effectiveness they have to make sure that each individual case frightens as many people as possible. That means that the individuals targeted will be punished more severely.

Enforcement 101.

Escalating the issue could be a good thing, even if people suffer. The problem with technological oppression like censoring or pervasively surveilling the Internet is that it's invisible and there's very little organised outcry. Just look at Snowden revelations. Nothing has changed, and most people simply don't care. Effectively once the requirements for bypassing the GFW become harder to deploy than a few clicks, from an easy to follow guide, the majority of the population will just accept this oppression.

My point was not whether this would be a good thing or bad, but to point out a likely consequence.

More likely they'd just buy up all the satco's and run the thing out of business.

Spoofing GGP tends to work very well in these situations.

which leads me to two questions:

1. if you need custom vpn, why even have apple devices?!

2. why focus on vpn over their network instead of mesh?

What is this supposed to mean?


"Removed according to regulations."

As a matter of fact I did, thank you.

Let me just find the nearest cliff to jump off.

For people who are not aware of this: Shadowsocks is a popular and very simple tool to circumvent Great Fire Wall in China. It is written to reduce characteristics in network traffic so that GFW cannot easily block it by deep traffic analysis. clowwindy is the original author.

And to add more context: Shadowsocks isn't just a tool nowadays, it's a group of applications that target both developers and common folks.

People have built successful VPN services using Shadowsocks, and they are available on many platforms, like routers and embedded systems.

And the iOS version is more or less the author's recent efforts to build a VPN client that can run on non-jailbroken iPhone, much like Cisco AnyConnect.

I think shadowsocks' popularity as a whole concerns the chinese government, so they do their usual rooting out the leader thing: now that shadowsocks org is headless in the literal sense (no owner, no main repo), they hope its development will die out.

What is to stop any non-chinese person from rehosting the old code? I mean, they obviously wouldn't like it and if I was said person I'd never visit China's sphere of influence again...

I guess nothing.

There are plenty of people on HN who are i) wealthy ii) interested in beating censorship.

It'd be nice to see some effort going into creating software to beat censorship; having excellent translations of the documentation into a variety of languages; etc.

There are tons of forks of it on GitHub, naturally. I had to go to one to figure out what the project was.


Who is the target audience of this software and how does it work? Do non technical users set this up on a VPS provider and then connect to it? I'd imagine most developers in China would just SSH tunnel their way out.

SSH dynamic port forwarding is no longer working for years. It is so easily picked up by GFW and minutes later it is gone together with the whole SSH connection. So does PPTP and L2TP VPN. GFW has been upgraded so many times for the past few years. The target audience is developers. The install is super simple via one line of `pip install`, the start code for daemon is also one line with the configuration inline or through <10 lines of json. On the client side the author and other contributors developed native clients that allow connection by supplying just 1 password and 1 server address. Super simple and highly reliable to this day.

So looking at the code for the Go implementation, it appears to be just a stream cipher encrypted version of SOCKS5 [1,2].

1. https://github.com/shadowsocks/shadowsocks-go/blob/master/sh...

2. https://github.com/shadowsocks/shadowsocks-go/blob/master/cm...

(Not the best code, a couple of race conditions in there)

@olalonde GFW is known to tighten the control on national holidays or any event they see fit. The day after Tianjin explosion, IKEV2 stopped working for 1 day on my network (I was in Beijing). PPTP from time to time suffer the same issue though I couldn't say when. Also check your ip location, I found out one provider was having reliable PPTP connection about a week ago, and it turned out they were just relaying traffic in a data center in China. Those traffic are not blocked by GFW as long as it is domestic and I could only imagine that data center simply forwarded the traffic onward using other means.

Why not just wrap all your SSH packets as HTTPS?

I believe that the traffic patterns (up/down request amount and timing) will still look sufficiently different from a 'normal' https connection to be detected and cut off within an hour.

This I wonder as well. stunnel + openvpn used to work. Not sure if it still does.

SSH tunnel is just too easy for the GFW to detect, it's so unstable that you cannot even browse the web with it.

Yes, setting up a VPS provider would be the most common way. There are Shadowsocks implementations that supports multiple users so that more than one person can use it simultaneously. There are also commercial solutions for Shadowsocks that you can just purchase an account instead of setting up your own server.

There are many import/export companies in China, they are also the target audience of this software. Gmail is important for them.

SSH still work, but it's not designed to give a high throughput, so ideally one would not want to watch a youtube clip over SSH. And DPI can identify and kill SSH session when there are too much traffic happening over it (ie. no obfuscation is taking place to hide SSH traffic)

I believe GFW doesn't do traffic analysis just yet. Otherwise shadowsocks won't stand a chance either.

This is the end of a century. People in China had used 4 kinds of tools to skip the GFW: freegate, openvpn, goagnet, shadowsocks.

freegate is a traditional http proxy or socks proxy built by Falun Gong (https://en.wikipedia.org/wiki/Falun_Gong). They built lots of software with the same technology: freegate gpass freeu dynapass... People share this kind of banned software sending to each others just like teenagers share adult videos. After update of GFW, it become un-available and un-usable.

openvpn turns break GFW as a business, people sells openvpn account at $1.66 a month regularly. They sell this kind of services package including pptp l2tp ssh openvpn to those who need a free network.

goagent is a free software written by Phus Lu. It use Google's application engine as server so you can use it without paying money.So it replaced openvpn since it cost $0. After China banned Google, this way become more and more hard.

shadowsock is a protocol designed by clowwindy. It become a environment. People use python, C, nodejs, golang, rust, obj-c, java to write their own client and server. Some organization share their server for free, some people sell account and provide high speed. shadowvpn works as a VPN while shadowsocks works as a socks5 proxy, but share the same technology.

This is the end of shadowsocks. I means recently more and more evidence shows that GFW has finally find a way to recognize shadowsocks's packets. Then they stopped the development of shadowsocks.

That's all. The winter of China's network comes.

> That's all. The winter of China's network comes.

Is there technical reason to believe that shadowsocks or similar technology is the last stand against automated censorship?

I would just say this is just yet another stage in the censorship/anti-censorship cycle.

You may not be seeing the big picture here. Censorship is about rulers cementing their rule, and may well ultimately lead to complete tyranny.

There's no guarantee that "the censorship arms race" will continue, even in your specific nation-state.

For example, I bet there's not much anti-censorship software being developed in North-Korea, because people don't want themselves and their entire families tortured to death.

The real problem here is not that we might be lagging behind governments with our anti-censorship tools. The real problem is the existence of governments to begin with, because as long as they do, they will want to control their subjects as closely as possible.

Policitians and the real rulers behind the scenes are all psychopaths.

They see us as human livestock, and any one of them would be perfectly happy with a global North-Korea, as long as they personally would be in the tiny ruling elite, with all the riches and power a psycho could ever dream of.

I think that is what he meant. Winter is seasonal after all.

I think maybe he meant it as a Russian winter

> I means recently more and more evidence shows that GFW has finally find a way to recognize shadowsocks's packets.

Hmm... okay, so they defeat shadowsocks by recognizing the packets.

> Then they stopped the development of shadowsocks.

But if they already had shadowsocks beat, why do they make a public show of shutting it down?

Sounds more like they recognize that they don't have the GFW technology to defeat shadowsocks on-going development over time. Which suggests all you need is a new developer.

I don't know if this is the case, but I think it's entirely possible to know that shadowsocks is being used widely without being able to do anything about it at the network level. I think that's plausibly how shadowsocks is designed to avoid the GFW in the first place.

For example, if their capabilities to identify shadowsocks traffic is not particularly specific, filtering would result in undesirable impact on other traffic. They can also have other out-of-band estimates for the extent of shadowsocks use (presence of the software on seized or searched equiment, observed chatter, informants, etc).

actually doing both makes a lot of sense.

a: build a method of detection and prevention and

b: find and coerce developer to stop improving software,

#b is required assuming the developer(s) is considered to be an above average adversary. When there is no silver bullet solution a cat+mouse game is inevitable. That further increases the value of this action.

#a being done at same time as #b has an effect on the collective behavior of the adversary. I'm sure various members for the RIAA and MPAA are wondering how they could have dealt with "filesharing" in a similar manner during the Napster days. But in the end it only buys you time in a cat+mouse games. meh, im sure there is some sun tzu art of war blah blah somewhere saying the same. more poetically of course.

There's no such thing as overkill.

Everyone can just use Lantern (https://www.getlantern.org). They already are, but in greater numbers since the Shadowsocks announcement (https://github.com/trending).

This wasn't a thorough deletion. The shadowsocks-iOS project has been switched to the 'rm' branch, but the 'master' branch still contains all the source code: https://github.com/shadowsocks/shadowsocks-iOS/tree/master There's also a downloadable 2.6.3 release with a built .dmg and source code: https://github.com/shadowsocks/shadowsocks-iOS/releases

Even if it does get completely removed, a duplicate exists on GitLab: https://gitlab.com/mba811/shadowsocks-iOS (No guarantee that it has all the commits prior to deletion, or that it hasn't been modified from the original in some way.)

I can only hope the police in clowwindy's country don't know how to switch GitHub branches.

I don't know what you're talking about. That repo is totally empty. Nothing to see here, move along.


The last commit on the GitLab mirror is cf485148bd9f4d4520d13e2169997cd72464f3c0. On GitHub, it's not the last one, but it's on the first page (not that much commits since).

Because it's the same SHA, and because of the way git works, we know that all the history before it is exactly the same on GitHub and GitLab.

That duplicate will get flushed after they run the 'git pruned' on the 2AM cronjob. Nothing to worry about.

What are you taking about? Does not work. Cannot access the code.

That mostly a side effect of GitHub's caching mechanism. It's all gone now.

All of the links in the post you're replying to still work fine for me.

No, it's not there. You must just be seeing something in your browser cache. It's all gone forever. cough wink cough

Years ago, news said China "banned" bitcoin, years later miners in China live just fine. I guess this is not going to be so different.

The only thing that's "banned" regarding bitcoins in china is that financial institutions arn't allowed to trade them. You can mine them, you can set up companies that mine them, you can trade them if you're not a financial institution.

And as an aside they're the easiest way to exchange money when overseas. It's like a bank where the bank meets you at your hotel and gives you cash, and you never have to worry that your PIN won't work or your home bank will decide not to honor your transaction for fraud protection.

Yes, it's more like regulation that poorly implemented. But less people knew it at the time according to what the news and bitcoin users in China said. As a result, news related to China still can impact the price greatly sometimes, which leads people ask has China really banned bitcoin or not? You could find many discussions in term of this at the time. Of course people by now understand the "ban" itself is limited.

This is different. China(ese government) has a much, much stronger incentive and political resolution to reinforce their Internet speech control than crackdown a couple of bitcoin miners.

> Implying bitcoin has nothing to do with free speech.

I'm saying that the result is not going to be so different, as in people will still use shadowsocks to circumvent the firewall and won't get "disappeared" or whatsoever.

Edit: letters


Someone in this subthread mentioned something about a commit hash. This is important.

I find this comment amazing:


Even with root account, you are not in full control of your Mac - you are sandboxed by Apple.

This is the result of a recent change in OS X 10.11, called System Integrity Protection.

It's a big step in the wrong direction [opinion], especially because it does nothing to verify "integrity". It prevents changes to the System directory by conventional means (and injection into system processes).

If malware were to figure out a way to disable SIP from userland, it could install itself in such a way that nothing short of disabling SIP could uninstall it.

But that's the thing, you can't disable SIP from userland. It can only be disabled when booted into recovery mode. So yes, it absolutely does verify integrity, because it makes it so malware cannot embed itself into the system. Your last sentence there is 100% pure grade A FUD. You may as well just say "every security measure is bullshit, because if malware were to figure a way around it, then it wouldn't work". It's a meaningless statement.

It's a boot argument to the kernel, stored in NVRAM. These arguments are normally mutable. Apple had to write code to prevent modifying said arguments. Said code can have flaws.

But lets say you don't find a vulnerability in SIP userland detection, and instead find a kernel exploit to get around the protection:

If malware were to figure a way around it, then even antivirus software can't uninstall it. Only Apple can. It's not FUD.

Don't be alarmist, worst case a cleaning tool would have to be run from recovery mode, but nuke and pave is usually the recommended cause of action if you get a infected with a rootkit.

SIP holes will be found, and Apple will patch them just like other security flaws.

> Apple will patch them just like other security flaws

With the condition that you have to upgrade to the very latest system :)

There are a few exceptions but generally you can stay one or two versions behind. While Apple annoyingly don't state how long they support OS releases, they currently ship security patches for 10.8 and 10.9. The last patch for Lion was just before the 10.10 release.

It is FUD since it is not impossible to make these changes, it's just (intentionally) more difficult than casually supplying a sudo password. Anyone can detect signature changes in a system directory and anyone can boot to a recovery volume (either the default Apple one or one provided by an anti-virus company, if desired) to make whatever corrective change they want.

This is absolutely FUD. Even if you're correct and malware finds a way around it, then it obviously doesn't work, which means antivirus software could use the same mechanism to kick out the malware.

Unless the malware uses the backdoor/exploit then patches it out once it's inside. It has complete system control, after all.

If you have some malware that actually needs to modify system files, that still significantly ups the ante. Sure, if you have a kernel exploit, you can do it, but currently malware does not need any exploits to take over a system if it can convince a user to download and type in their password to install - Gatekeeper is one mechanism to prevent this, but I've personally been served multiple ads offering malware with a valid Developer ID signature, so it's tricky... (though I don't know how aggressively Apple is working to revoke their certificates). The difference in skill required between just writing an installer disguised as legitimate software on one hand, and continuously coming up with working exploits on the other, is pretty huge. And in any case, the easiest-to-exploit OS X privilege escalation vulnerabilities are things like rootpipe that don't compromise the kernel.

However, this argument falls down a little if malware doesn't actually need to modify system files, which it doesn't for most typical evil stuff I can think of.

what if some os x malware finds a way past the limitations on editing system files? the malware would become undeletable

It wouldn't be undeletable, it would just involve booting into a recovery volume (either the automatic Apple recovery partition or a user supplied volume).

Since all System locations will now be signed (as part of the move to SIP), it means that the basic Apple recovery partition will be able to purge any such malware by a simple signature verification.

Does it actually do that? I haven't heard of it... But just reinstalling the OS accomplishes the same, slightly less quickly. Of course, if the malware is nasty enough, it might modify user settings to make a program run automatically, e.g., by adding it as a startup item, which, unless that OS reinstall included a patch, could then exploit the bug again and reinstall itself to the system locations. Not much Apple can do about that.

Not really surprising, though: Apple has been making OS X a little worse with every iteration.

Tell me about it. I recently bit the bullet and upgraded to 10.10 after waiting for quite a while. Man... Firefox has been crashing regularly since then, the Mail.app will also crash every now and then, and to top it off, the system itself has crashed twice on me over the past... two weeks. Sigh

Try installing a fresh copy, or do some HDD/RAM checks. I have been running 10.10 since it came out (+Firefox) without any problems.

I am doing my best to NOT update my OSX, every time I update it, the thing get slower, it is really annoying.

El-Cap is the fastest version yet in my experience and seems to be getting important security fixes too.

Does booting an alternate OS still work to get around it, or have Apple thought of that route and somehow blocked it too?

(I have limited experience with OS X - only briefly played around with driver development and bootloaders in the 10.4 era with osx86 - and I did have to boot from the DVD a few times when I made the system unbootable.)

This raises the question, what good is root if it's not really root anymore?

This has been the plan for several years. I remember seeing block diagrams for GlobalPlatform's Trusted Execution Environment[1] that were based on the idea of the "Rich OS" (OSX, Linux, etc) being able to run more or less normally, with something that isn't really a hypervisor providing the "secure"/"trusted" environment.

The idea is that a combination of a SecureBoot-style trusted boot sequence and technologies like Intel's SGX instructions to create an area that is protected from everything else, root included.

Ever since (heavily controlled) iOS was accepted by the tech crowd as a replacement for a proper General Purpose Computer, we've been slowly loosing more and more control. At least there seems to be workarounds for this particular OSX "feature". It is incredibly important to stop this trend now; it will be a lot harder to work around these restrictions when it gets hardware support.

[1] http://i.imgur.com/rjbzWyB.jpg

> Does booting an alternate OS still work to get around it, or have Apple thought of that route and somehow blocked it too?

It's easier than that. It's just a kernel argument to disable it. Simply add "rootless=0" to your boot-args and you have control of your machine back.

I'm running the 10.11 beta and I've already had to disable rootless because I like to have /usr/local as a symlink to somewhere else and by default the rootless configuration prevents writes to /usr. :-/

Apple has stated that the "rootless=0" boot argument to disable System Integrity Protection is temporary and will be gone in the GM version of El Capitan. Allowing this route to disable the feature would defeat the entire purpose of it.

Apple have recently made a few changes to how you enable/disable System Integrity Protection...


Source? They said in the WWDC session (http://asciiwwdc.com/2015/sessions/706) that the process to disable rootless may change during the beta, but didn't say that it won't be possible in the GM.

They know that rootless will break some applications/drivers, plus some types of development may need it disabled.

The supported mechanism for disabling System Integrity Protection is via the recovery partition.

Does this break homebrew? Or does it only block writes to entries in /usr and not subdirectories like /usr/local ?

You are allowed to write to /usr/local. But making /usr/local itself into a symlink requires writing to /usr which is prohibited. So I was screwed but for the normal case it should work fine.

There is a supported option to disable SIP from recovery mode, so there's no need to get around it per se. (Recovery mode because it would be hard to impossible to verify the user's intent when malware that already has root privileges is running...)

>nothing short of disabling SIP could uninstall it

At the very least, the OS needs to be reinstalled from an off-disk source, and that's assuming you haven't been hit by something sophisticated enough to put itself in firmware. We're fast approaching an era where you need to trash the hardware. You should never trust an OS install that was ever compromised, and making it more difficult to do so is a good thing in my book.

Windows 10, now OS X... and meanwhile I have installed Linux on all my workstations. Looks like big corporations are shooting themselves in the foot.

How do SIP and dtrace interact?

From https://developer.apple.com/videos/wwdc/2015/?id=706

"all dtrace probes that target a system restricted process will not be matched" (i.e. will fail unless SIP is disabled).

I think you have that backwards. You, as the person with physical access, is in full control as SIP can be controlled from recovery mode. Processes running as root are no longer trusted to have full access to the system. This is definitely a step in the right direction.

This is an iOS app, not a Mac app.

Yes, but from the same commenter earlier: "I want to try this api on MAC OS 10.11. I understand the reason why I need to ask apple for some permission to publish the app with this api to app store, but I can't believe that I have to ask them for permission to run this api on my development machine."

It's possible that commenter is misguided. The documentation on NETunnelProviderManager[1] says it needs the extension and that you should send an email to get it, but there's no indication as to whether there's anything stopping you from granting yourself this entitlement on a development machine (obviously Apple needs to approve it for an app on the MAS; I don't know what limitations there are for non-MAS apps in this regard).

[1] https://developer.apple.com/library/prerelease/mac/documenta...

Where by "extension" I of course meant to say "entitlement".

Wow. OSX ... it was nice knowing you.

As a Chinese developer, I got more and more disappointed to my country.

I'd read a book written by LinYutang, called My Country and My People. All my understandings of my country after reading this book are not same as nowaday China.

What's wrong? I don't know. I just wanna have freedom for Googleing. I just wanna the people in this country be happy not only because they get enough to eat.

Don't worry, western leaders have figured out one doesn't need democracy or free speech for capitalism to function, China set an example. So with all the spying , ban of encryption , limits on freedom of the press with laws such as "the right to be forgotten" or making illegal to criticize cops or politicians in Spain , we have already entered in a post democratic era . And people in Europe take their freedom for granted forgetting they had to fight to death to win their freedom at first place.

The right to be forgotten is actually a powerful mechanism to protect individuals. Though, the law should possibly revised such that it only applies to individuals that are not a public figure, who can prove to have little or no range of responsibilities.

The right to be forgotten flies in the face of capitalism. You cannot assume you act in perfect self-interest without total and perfect information. The first can be easy to acquire, the second harder.

The right to be forgotten impedes on total information awareness and the desire to make the perfect rational decision with your money.

This is a good thing. Total information is not perfect information because of bias and context. Someone seeking such information will process it through a biased lens and never attain perfection. In that case, the individual under the lens will lose out.

In what way has that book changed your way of thinking?

+1 for Lin Yutang, he is an amazing writer who sparked my interest in China. I lived there two years and met my wife. Xie xie Lin Xiansheng!

“Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from GitHub. I have no choice but to obey.

I hope one day I'll live in a country where I have freedom to write any code I like without fearing.

I believe you guys will make great stuff with Network Extensions.


I find this is a very gentle warning compared to what we hear about secret law enforcement in general and China in particular. Isn't the practice to stage a suicide after deleting his repositories?

Not being facetious here - what country do you live in that you think the government can't/won't interfere with your code?

Perhaps I am misunderstanding your use of English, because it is difficult to see how this is not a facetious question.

There are relatively few countries in which the government both could and would interfere with someone's publication of code, and I think only in China is there both widespread computer use and internet access, on the one hand, and state security actors (the civil police, actually) who have the sophistication and funding to intervene with specific projects such as this one.

Did you mean to ask what country he was in?

The US does "interfere" with the publication of some code. I'm thinking of cryptography code. Quoting from https://en.wikipedia.org/wiki/Export_of_cryptography_from_th... .

> Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment. ...

> As of 2009, non-military cryptography exports from the U.S. are controlled by the Department of Commerce's Bureau of Industry and Security. Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorist organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license

> ... Other countries, notably those participating in the Wassenaar Arrangement, have similar restrictions.

But in the US, you can sue the government: https://en.wikipedia.org/wiki/Bernstein_v._United_States

I think you mean "at least", rather than "but"? You'll notice the WP quote I gave includes restrictions post-Bernstein (and links to that case). Even these restrictions count as 'interfer[ing] with someone's publication of code', no?

I'd add the USA to that list - plenty of evidence that National Security Letters have been used to stifle/gain access to/alter coding projects in the interests of US GOV.

It's probably even more insidious, because simply confirming the existence of an NSL can be a crime punishable by significant custodial sentences. In the USA, posting "The police asked me to delete this code" could land in you federal pound you in the ass prison for 10+ years.

> There are relatively few countries in which the government both could and would interfere with someone's publication of code

It's not about interfering with someone's publication of code. It's about neutralizing threats to rulers' rule.

China's rulers shut this guy down because his tool might enable too much free speech among the masses, which, in turn, would pose a threat to the government's rule.

As for the idea that "it couldn't happen here!", see how the US government "interfered" with someone's publication of articles: https://www.youtube.com/watch?v=dUYMPZ4nEOY

See also: https://www.youtube.com/watch?v=u2ebudnWlh4

I think there are more than a few countries where this sort of thing could easily happen. Tech talks get canceled at the behest of the powers that be with some regularity, I don't think requests to take down source code would be out of the question.



You think that, but your links are to two cancelled presentations at conferences, neither of which has any clear connection with the 'powers that be', unless you consider the SEI and Carnegie Mellon University to be the 'powers that be'.

Both those conferences occur in a single country, one which was not even able, under its own laws, to effectively suppress the distribution of cryptographic code when it was legally considered to be militarizable as a weapon.

Do you think you're allowed to talk about the government suppressing you?

And the point isn't that they weren't able to suppress crypto code; it's that they tried.

Maybe China? There's a bit of Chinese in the author's other repos: https://github.com/clowwindy?tab=repositories

Yes it's china, because chinese government fears that the citizens who lived in china know about the truth of government's corruption.

Knowing about corruption, and being able to get away with it are 2 separate things I think. If you don't abuse people human rights) and give them a good life; you can get away with a lot of corruption I presume.

Dear Alex, although this may sound like a revelation, but governments do not fear. They are fictitious entities. Non-humans. One may think about them as a software.

Dear ommunist, I think you are right, governments like "Matrix" which control every childprocess.

No, dear. They are just putting childprocesses into existence. If there is no state, there are no citizens.

From the fact that there's lots of other stuff related to networking/tunneling, and the username has some "Chinese characteristics" to it, I also think it's China.


I've been using this anti-censorship software for about 2 or 3 years. It's the most stable one of all anti-censorship softwares I've ever used. For those who's not in China mainland, you can not imagine how many breaking-wall softwares we've ever used.From ssh -D,pptp,L2tp/ipsec,to OpenVpn. In order to access twitter,someone even create twitter api proxy such as Twip,btw,the creator was ever forced to "drink tea" with the police ,too. The Chinese gov just blocks any sites they want and frighten anyone who is "troublemaker". Best wishes for the gov,and for the heroes who is creative and brave to develop all these anti-censorship softwares.

On this note, we've been trying to upload gigabytes of data via rsync from Europe to China (we are software company who are trying to deliver tools to our Chinese customers..). Connection used to be fast when it was night time in China, but lately the connection has been really slow or unusable. Is there any alternative way to get lots of packages from Western countries to China?

If this happens day to day, you may consider opening a subsidiary in China, with applying for special network. Foreign company in China can have network without GFW.

There's no "special network", it's just plan old VPN.

The recent congestion is caused by the price reducing of ISPs demanded by the government. A lot of customers upgraded their bandwidth without paying additional money. This makes the already busy cables out of bandwidth.

Back to your question, the answer is YES, use a proxy, which is less expensive, or buy a dedicated private virtual line from a Chinese ISP, which is more stable.

You can setup a fast proxy by carefully selecting the routing path. Nowadays, the CN2 cable (http://www.ctamericas.com/content.asp?pl=627&sl=637&contenti...) is a good choice.

Ship it on an usb drive. (use encryption)

And get confiscated by China customs..

The latency with that method is going to suck, though.

Somewhat anecdotal, but try IPv6.

Copy it to an AWS EC2 Japan server, and copy it to China from Japan. I have transferred 1T data from Europe to China with this method.

Why Japan (as a location) is special? GFW does not affect traffic from Japan that much?

It's also effected by GFW. Some Japanese IDCs connect China through CN2 cable which is not so busy right now.

Use Chinese CDN (such as Upyun, Baidu CDN, Qiniu and Aliyun) for http file downloading (with a subdomain provided by the CDN or you'll need to apply permissions at MIIT as ICP) instead of rsync or ssh tunnel. Or rsync your data to Japanese Servers (Linode, GMO, etc) and ask your customers to download through http or https.

The problem is to upload data to China, we are not downloading anything from there.

"Or rsync your data to Japanese Servers (Linode, GMO, etc) and ask your customers to download through http or https."

We've used Amazon CDN before even for Chinese customers and they have closest node in Hong Kong - they still(Chinese) have difficulties to download our packages. I doubt using Japanese server would solve our problem. Thanks anyway.

CloudFront, the CDN from Amazon, have already been blocked by the GFW. But you can use CloudFlare or Baidu's CDN, etc.

Due to political reason, I think Chinese gov seriously and actively censor package from Hong Kong

setup a server with aliyun. the cloud service provider from alibaba. And relay the traffic from there.

Funny you mention it, we are actually uploading to the server in Aliyun cloud services. Completely unusable :(

lol.. I would have thought they have the fastest data center.

It probably is _inside_ China. :)

What an awful government, simply horrible!

Now imagine, one manager coming to you with an idea:

"Hey, here is a great way to make big money: we fire all our expensive US workers and move the whole production chain to China, people are much cheaper there and governement will keep it that way!"

Would you adore such a greedy $$$hole and make him manager of the century?

Just another crazy idea: Imagine we would produce all our hardware for all our communication devices in a country with such an authoritarian neandertal-government! Oh, wait...

As the author of tun2socks (which is currently used under the hood in shadowsocks-android and Psiphon3 for system-wide proxying), I wasn't even aware this effort was in progress. Very sad to see it stop.


The original repositories have been/are being reset. (Some branches were not removed.)

Non-obvious ways to search for forks as the network graph is unavailable for larger projects.


You may not be able to see a list of the forks via the web interface, but you can (albeit less conveniently) see them with the JSON API:


And you can paginate like this:


I don't think it's suitable to distribute the backups until shadowsocks is fade from the gov's memory.

Can't? https://github.com/shadowsocks/shadowsocks-iOS/network seems to work just fine. It even attributes the code to the original author, despite them not having a copy of it.

Tags are still in the original repo


Main site for the software: https://shadowvpn.org

Were the repos mirrored anywhere, or would that present a risk to the original author?

It's hard to see how that would present a risk to the original author, given the current circumstances as we know them.

What is described was a visit from the police in which they asked him to take down his own Github distribution. He clearly hasn't been arrested, and although he may be being fined, he doesn't mention it. You will notice that his message encourages others to continue work and is generally unhappy and defiant.

If this was a matter of any seriousness with regards to state security, it seems more likely to me that the repositories would be simply shut down without explanation.

My expectation based on my own few encounters with the regular civil police[1] is that those who specialize in computer matters are unlikely to be idiots; I assume they will know how version control systems work. It would probably be overly cheeky of him to actually contribute to someone's fork, or work on similar software, but there shouldn't be any negative consequences based on what we've heard.

My experience in China is limited, and someone else might offer contradictory insights, but that's what my expectation would be based on that experience so far.

[1] an edit to clarify: "In China."

And there are more than 500 forks. I'd say good luck deleting that :D

I downloaded the source code on principle. It's good to know there are plenty of online copies.

same did I. Seems like it's pretty good written piece of software, so might be good exercise to hack it a little bit and maybe learn something

In this specific case, DMCA doesn't apply. But it's interesting to read GitHub's policy about taking down forks.

> GitHub will not automatically disable forks when disabling a parent repository. This is because forks belong to different users, may have been altered in significant ways, and may be licensed or used in a different way that is protected by the fair-use doctrine. GitHub does not conduct any independent investigation into forks. We expect copyright owners to conduct that investigation and, if they believe that the forks are also infringing, expressly include forks in their takedown notice.


I am living in Iran and shadowsocks was by far the best tunneling software I have ever used, and believe me I've used almost ANYTHING!

I appreciate the efforts of clowwindy and it's talented developers and hope the development keep going.

That might be nice if some independent organization take ownership of the project so other individuals feel safer contributing to it.

It's not like the source code isn't still there, in the initial 'deleted' repo, not to mention several hundred forks.

Anyone able to verify clowwindy is okay and the encounter with police ended at that? Their twitter seems to be accept-only now.

clowwindy showed up on twitter saying he's ok but has to drop maintenance. I guess he's physically alright.

Holy shit, clowindy was asking me questions related to this issue just last week.

This is a scary wake up.

While I understand what the gov is trying to do, who's to say somebody else that doesn't live in China maintains the project and puts it on GitHub for all the world to see?

Because it is a lot of hard work without much in the way of rewards or recognition. Hundreds of thousands people use clowwindy's code, some of them even make money by building services using his code, yet very few people are willing let alone be able to contribute. Until a few days ago he was complaining that the user community is now full of leechers and he is pondering when to quit. The police visit was probably the final straw.

Maybe they are going to block or attack GitHub again until GitHub takes down all clones of it.

The Chinese government just has to take control of the repo and make a new commit that contains the word "retard" and GitHub will make sure it never sees the light of day again for them.

They will, one day. anyway Gmail was gone, which I think is the most impossible site to be blocked.

PS: nice to see you here. :)

I was shocked to see Gmail blocked, given how many business users were dependent on it. Previously they didn't censor websites critical to business and economy, but now they seem to be prioritizing control of speech over economic development.

I know there are plenty of copies out there, but in case anyone needs a link, here's my (unmodified, except for the rm branch/removal message) fork:


I seldom wonder; what is that the Chinese government aims to gain from all this oppression? What any government hopes to gain? North Korea, Cuba, Venezuela, China, Russia (?) etc....What exactly do they want?

Like most governments around the world, they tend to think that "change = defeat". The US, UK, Canadian, and Australian governments are not really any better in this respect. They don't really understand the internet, and are therefore (sometimes justifiably) frightened by it.

Governments, by definition, are meant to "Govern". Most see that the the rules of governance that they, as experts, have defined, should be "The Only Rules". They have a vested (if only intellectual, but rarely is this the case) interest in seeing people follow these rules. Any discussion, or debate, regarding alternative rules, is obviously being pushed by people who don't know what they're talking about.

It's oppression based on consensus and bureaucracy. Sometimes it's nefariously directed, but often it's just pigheadedness and arrogance that lead to decisions like this being made.

Although, sometimes it's just downright manipulative pricks holding the reigns. Hopefully this is less frequent than it actually appears to be. I'm giving these governments the benefit of the doubt, though they haven't done much in recent years to deserve it.

Spot on! Governments are shit scared of the internet, probably even more than terrorists, probably because internet is a tool for the mind. A free mind has boundless optimism and spirit, and an oppressor cannot reign over such a mind.

They want to remain in control and never be displaced.

You can tell when a country is either totalitarian or when it's heading that way when they begin seeking increased control over the media, when your communications are subject to routine governmental monitoring, when you can become criminally suspect for having cash, when they're afraid of you being able to encrypt anything because it might be Terror/ChildPorn (read as "forming plots against them"), etc.

Most of all, they don't want to end up dead like Saddam and Qaddafi.

They have valid fears of that becoming reality. Just like other politicians....

UK is heading this way..

US, UK, AU....

The only hope is for oil to just run out.

To remain in power a little longer.

At Lantern (https://www.getlantern.org) we make censorship circumvention software that shares some similarities with Shadowsocks but that also uses p2p. Since the @clowwindy announcement we're the #3 trending repository on GitHub basically because a ton of Chinese coders have been starring it - https://github.com/trending

> I have no choice but to obey.

Did he ask a lawyer? Because it looks to me there are two possibilities. One, he was not doing anything illegal in which case the police had no authority to stop his activities. Two, he was indeed doing something illegal in which case he can be glad he got out of it with what appears to be only a warning.

I didn't get where he/she is from.If I were him and I was in US I would fight back with legal system, but if I were in china and Iran I would run away (sadly because there is no reliable legal system in these countries)

It's of no use. If he's lucky, he would "receive" a fabricated charge; if he's not, he would simply disappear.

China is not ruled by law.

Right about now in China, GFW HQ:

- Hey guys, we are on front page of HN again!

- Yaay, lets upvote!!!

In China, People give their country another name --- West Korea.

A lot of people set up shadowsocks on their VPS and then spread it to their circles. It's the growing community and that more people are communicating with each other via means the party can not control that upsets the party. This will not stop, it's our fight for freedom.

I am confused .. did the Chinese police come and ask him to stop working on it? Which country is he in?


Knowing as much as I know about China, I somehow feel it was considerate of them not to arrest the person or hack into his computer. They sent some guys to make him stop. May be I have a very bad impression of the Chinese government.

From Wikipedia:

> The Streisand effect is the phenomenon whereby an attempt to hide, remove, or censor a piece of information has the unintended consequence of publicizing the information more widely, usually facilitated by the Internet.

If you control virtually every aspect of media in a country, I don't see how Streisand effect works...

It works in your theoretical scenario unless you also take away word of mouth, international communication, and international travel. I don't see China banning any of those any time soon.

Because hackers will always find a way.

Tell that to the RIAA and MPAA, and every politician wanting more surveillance and censorship. The reality is that law, and money, and force currently, and always will, trump a geek at a keyboard.

Further, please consider that you don't have to kill a thing to control it. Even when something is technically possible, and arguably inevitable, it can still be neutered and effectively subdued. It's all fine and well to say things that suggest the human spirit will always triumph - that's optimism - but the human body can still be held in chains. A technical solution that is only accessible to a tiny set of people, under the right theoretical conditions, does not make freedom a solved problem.

So how did the Chinese police find clowwindy?

His contact information doesn't look readily available online.

Did Chinese authorities contact Github, which readily complied with information that led to him being located?

It's really not that hard for the cops to track down someone in China. Besides, clowwindy didn't take any precautions before. I believe clowwindy once revealed the company he worked for.

Do you have a reference for clowwindy revealing his employer? I didn't see anything about that.

Cops can do a lot of things, but they don't pull information from thin air. Github would be one source of information.

It's odd that this entire, and very popular, discussion on HN doesn't delve into how this individual was found.

It's also interesting that your reply is from a new account with only this comment.

All ISPs in China are government-owned. It is believed that the government can locate any IP. Then it's only a problem of finding his IP by monitoring.

That may be possible, but no source had made that claim as far as I know, in this case or any other. Also, Github uses SSL. It would be interesting how they distinguish one user's Github connection from all the others originating in China.

Again, how the Github user was actually located by Chinese police was not disclosed or even discussed here. It's interesting that mentioning this has resulted in two comments by new accounts, solely to blame Chinese authorities as discovering the user on their own, with no evidence for it.

This feels rather suspicious to me. Either the police are complete idiots (because people have forked his code and you can still get it from the forks) or there is more to the story.

It would make more sense to just send a DMCA takedown for that plus all forks to ensure that the streisand effect doesn't come into play. Because now I gotta grab a fork and squirrel it away - even though I'm in the US I feel like this is important stuff to keep.

If you were a US developer hit by something similar, you may have been sent an NSL, and would therefore be unable to discuss it at all. The DMCA would only apply if you had been accused of copying, or creating a derivative work.

I find it interesting that the Chinese police have told him to shut it down, but have not put any restrictions on telling people he's been told to shut it down.

Who has the greater freedom in this respect?

> The DMCA would only apply if you had been accused of copying, or creating a derivative work.

See my reply here [1].

> I find it interesting that the Chinese police have told him to shut it down, but have not put any restrictions on telling people he's been told to shut it down.

Don't you think that signals there is more to the story? I doubt some friendly people knocked on his door and asked him nicely to remove the code. Then after he did it - they told him to have a nice day and left him with some tea and biscuits.

My gut feeling is there is more to the story than what is in the one line comment in the issue tracker.

[1] https://news.ycombinator.com/item?id=10102631

The code is still easy to find, but they threatened the main developer so he won't work on it anymore. I think they won this round.

And how would DMCA apply in this case?

You should sign up for notifications for the github repo where they post DMCA takedowns. People who release open source sending DMCA takedowns to people who create repos with that code.

I'm not saying it's right. I think there needs to be a stipulation in the DMCA to allow service providers to actually be able to research and think about the take down request. As it stands right now - you can send a DMCA takedown for any github repo and github MUST ASAP disable that repo - no questions asked. Of course - asking to take down a repo filled with material that isn't copyright to you could get you into legal trouble. However, I doubt people in China care about US laws - especially if they are the government themselves. Would you sue the Chinese government for wrongful DMCA takedown of your github repo?

Any knows a good shadowsocks tutorial for OS X? I'm going to China next week but I need to keep working while I'm there. I need to access Gmail, Github, AWS, etc. I can't get it to work with the few tutorials I found: the connection appears to freeze, and only certain browsers respect the OS X socks settings (no command line tools).

Hey, you could use a GUI client named GoAgentX on github. You could find the download link at this address.


Quote: "Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from GitHub. I have no choice but to obey.

I hope one day I'll live in a country where I have freedom to write any code I like without fearing."

I claim that the west is hardly better: Just say "copyright law".

687 forks. Good luck to the authorities!

Is this then a sign that the network architecture of back hauling everything to SF in order to send it back to Beijing so one can update ones neighbours wall, that architecture is flawed and needs to fall back to a peer to peer approach - one that truly can route around censorship

oh,this seems to be a controversial question.The point is how to regard GFW in China.To be honest,every countries has its censorship.However,the point is GFW in china is opaque,which is not accepted.A man has rights to know what he want to know,and for gov,managing should be public.As for the author of shadowsocks,it is very sorrowful that she is asked to stop his work,which helps many Chinese people.For developers,this is what their work needs;for users,this is chances to see the real Internet.Remember everyone does not want to oppose gov,they just want to see something useful for their jobs,which also includes some politic news against Chinese gov.

This saddens me personally, as I once worked with this guy; he is very productive and talented developer. Imagine how god-awful he feels now, threatened by police and forced to stop committing to his very own projects.

I happily bypassed the great firewall using https://github.com/apenwarr/sshuttle

Long live the shadowsocks.

People who do not yield to the GFW already made backups of all the repos under github.com/shadowsocks. And new tools to bypass the GFW is under development.

Tangential, but the icon is from 星空のメモリア, a Japanese game. It has not been turned into anime, so can he read Japanese decently, or just using random pics?

Might be translated in to Chinese.

Have we all forgotten corkscrew ?


But censorship when the citizens can travel in and out of the country carrying USB,SSD and hard drives will not work.

Do you honestly think you can carry USB and SSD to China without border officers confiscating it?

Maybe I'm lucky but I've done that many times and so far the customs never bothered

So, isn't the real question how to get you into a more liberal country so you can continue your work?

That's true. But immigration for Chinese is much more harder than you think. Even in China, it is not completely free to move from one province to another.

I can imagine that this is not easy. I'd like to hear some ideas to that though, as I lack all the details on what's going on there (just been there once on a business trip - and I know they treat foreigners with money much different)

In this case, it seems like there's a reasonable argument for asylum.

Oh dear, I hope the clones of this repo on Github don't cause the GFW to block Github altogether.

Government used to block Github in past few years. Then lots of programmer strongly disagreed with it.

however,browse github has been harder in 2015.

I love my motherland but i really hate what the government has done.

sorry for my poor english

On the other hand, the more they fall behind the more money and power for us in the west :)

It was blocked months before.

what was this?

Shadowsocks is the most popular solution for circumventing China's GFW these days. It has the advantage of obfuscating the traffic, thus making it hard for GFW to detect it, unlike say SSH or OpenVPN traffic, which are easy to detect.

Shadowsocks for iOS Notice: This version is deprecated. Please wait for iOS 9's new VPN API


Shadowsocks is a cross-platform tunnel proxy which can help you get through firewalls.

This iOS version is for non-jailbroken devices. It has two features.

A web browser with all the traffic going through a Shadowsocks proxy A background global proxy, with some restrictions Install

Available on the App Store

Please visit the App Store.

As a web browser

Shadowsocks works as a multi-tab web browser. It's really easy to use.

Tap the + button to open menu. Tap Settings to configure Shadowsocks proxy settings. Tap New Tab to open a new Tab. Tap URL field on the top to input URL. Swipe a tab to scroll the tabs. Hold and press a tab to swap tabs. If you've changed Proxy Mode, a restart is needed to take effect. (Kill the app, then open the app again). As a global proxy

Shadowsocks works as a background global PAC proxy, with some restrictions.

Only works with Wi-Fi network. But we are working on the cellular network. Only works for a few minutes. Due to iOS restrictions, Shadowsocks can't keep running in the background. It's killed after you leave it for a while. To keep it running for an extended period of time, you have to come back to the Shadowsocks app every few minutes. So it's a little tricky to use global proxy.

Set up proxy settings in shadowsocks. Copy this link Open iOS Settings -> Wi-Fi -> i icon on the right of your connected Wi-Fi -> HTTP Proxy. Choose Auto, paste the link in the URL field. Tap back. Other apps now go through the proxy. If they don't, kill and restart them. Come back every few minutes to keep Shadowsocks running in the background.

Cancerous governments desperate for control. Swim away.

How did/does this tool compare with obfsproxy?

IPv6 is the powerful tools over the GFW

I'm not American, but still catches the eye that this currently stands at "911 points"!

> I hope one day I'll live in a country where I have freedom to write any code I like without fearing.

Can the author reach the US by whatever mean and apply for political asylum? That 'fear that they will suffer persecution due to: ... Political opinion'[0] seems legit.

[0] http://www.uscis.gov/humanitarian/refugees-asylum/asylum

> I hope one day I'll live in a country where I have freedom to write any code I like without fearing.

Frankly I don't know if we are that country. :(

In the context of a Chinese hacker fearing prison this is awfully cynical hyperbole.

It's obviously far worse in china, but still.


Agreed. And even in the small world of my college, this happened for a student writing some filesharing code.


Seeing the position of the US and UK governments on encryption is coming in-line with china, I would be careful of traveling to those countries.

Yes, he should move to the US, where he'll be forced to use NSA approved (read: cracked) or no encryption.


US citizens can use any encryption they wish.

as a sidenote I encourage all people with talent to leave countries with suppressive regimes. I think they should be erased from their position. One way to do that is to encourage everyone to leave their country. One can argue that staying in a bad country may one day help to build it up again, but on the other hand, nothing hurts bad people in power more than complete brain drain.

We detached this subthread from https://news.ycombinator.com/item?id=10101653 and marked it off-topic, since it was a generic tangent that led, as so often happens, to a flamewar.

It happened elsewhere in this thread as well: https://news.ycombinator.com/item?id=10103364. The end state of that one was Hitler, the end state of this one was jingoism. There aren't many end states.

This subthread turned so pathetic that I wonder if we should create overflow pages for these. The bottom of a regular thread seems too good for them.

China is ~20% of the world's population (1.36 billion of 7 billion).

If everyone in China left China, and assuming the rest of the world is living as a family of four (play along), then every home in the world outside of China would have to take in one Chinese refugee.

"Leave" is not a viable strategy at scale.

You don't need everyone to leave, just a relentlessly growing percentage. At some point the system starts to crack, and either they relent or it breaks.

In the USA, there is the fundamental notion of "consent of the governed" - if enough people won't submit, the government cannot function.

That's true anywhere, and it's what governments of all stripes worry about and steer. Western ones do it with a bit more finesse, but there's little fundamental difference. It's why Chomsky talks about 'manufacturing consent', and why marketing is an important field for Western governments, as covered in some detail by Adam Curtis. The UK government even have a unit dedicated to 'nudge theory'.

The US government makes it very hard to leave, no finesse involved. To renounce your U.S. citizenship, you have to pay a fee of over $2000, pay huge "exit taxes", and provide six years of tax compliance proof to the IRS. http://money.cnn.com/2014/12/10/pf/taxes/expat-passport-citi...

When it comes to capital China is actively preventing people with money from leaving; and even putting pressure on family members of people who have left in order bring them and, more importantly, their money back.

Well, in the cases I have heard of the money was stolen from the Chinese people so it seems understandable that they want it back.

Also, Chinese are not prevented from leaving the country, que the opposite. Enormous efforts have been spent in sending a lot of student abroad and bringing foreign teachers in (I have been one of them). The thing is for most people here not being able to Facebook is of minor importance compared to access to cheap and good food, secure cities and an environment where they don't feel people look down on them. So, many Chinese students come back to China after abroad studies, despite all the problems in China, and amongst them GFW is the last important.

> as a sidenote I encourage all people with talent to leave countries with suppressive regimes.

All countries have oppressive regimes. Some are just moreso than others, and some target different people than others.

This is utterly destructive thinking, anyway. If the only hope, the only spark for change, flees, then there can never be improvement.

> All countries have oppressive regimes.


you have to realize that sometimes it is not that easy for people to just leave. it's not like they just quickly buy a plane ticket and fly off to some safe country and the happy ending is complete.

you'll have to to be wealthy enough to afford finding a way out. you'll have to be willing to leave your family/friends. you'll have to be willing to leave the place you might be very attached to. you'll have to be willing to put up with all the bullshit and xenophobia you'll be faced with, once you arrive in your "safe" destination.

Most importantly, you need a visa, which is not necessarily easy to get, especially if you are a Chinese citizen.

It's not just about being attached to your friends or to a place. A lot of people would love to leave their country, but aren't allowed to.

I have plan to leave, I am looking for os research lab to apply in next year or after and I am working on my langauge. quick question , your family does not have any issue with openvpn ? the place where I am we cannot use openvpn.they shut connection down every 2 3 min.

Are you using a commercial OpenVPN provider, or bootstrapping your own OpenVPN proxy like the grandparent poster? That may make a significant difference.

both . in either case scenario was same , and most of my friends (which most of them are in CS industry ) have same experience .

I used to use commercial openvpn provider , and after a while I config my own openvpn server in my own vps . they both lose connection after 2 3 min. right now I am using shadowsocks and I have other options in case of something goes wrong.

To answer your question, OpenVPN is no problem at most ISPs in Canada or the United States. The only ones I have heard of that restrict VPN use from home just want to charge you more money for their "business" service instead of "home".

> nothing hurts bad people in power more than complete brain drain.

Well, yes. A noose, for example. I completly sympathise with those the flee - but change in any country csn really only come from within. Often with help from outside - but without a force of change within - a real force - there will be no real change.

Yes, the micro and macro levels are contradicting. On the micro level, it is everyones personal best to leave and try to make a good life outside. On the macro level, it is best to stay and work on changing things for the better.

I've read that it's the wealthy who are leaving China. Or buying second homes, anyway.

And nothing hurts a whole country more than a massive brain drain


Go there, they welcome guys like you.

See, I am not necessarily talking about the USA as I am from Europe. But I value the universal right of the western world for free expression very much. There is no such thing as the perfect country, but I firmly believe that you should have the right to freely discuss shortcomings and solution. This is given in the USA as well as in Europe. You will not have that possibility in Iran or China. And you will have many other things denied, too. So good luck there!

The 'universal right of ... free expression' that you mention is not quite universal. One does not simply have the right to declare that all members of [insert group] should be [insert unpleasant fate's verb's past participle]: there happen to be hate speech laws... similar situation for slander. That's all very well, but then one finds that anti-Iraq War activists have those same provisions used upon them. What's to stop governments from extending this further and further until we find that we are in an Iran or China like situation? It's not particularly likely but it is still possible, given the situation. Not implying that situation in Iran or China or any other similar countries is comparable to that of much of Europe, though. Just suggesting that there are limits and that the question is how far these limits go, not whether these 'rights' exist at all. In Iran/China everyone is free to support the government, hence very limited free speech.

The fact that you can't legally say anything any time you want does not imply that there is no legally protected right to free expression. It isn't a slippery slope to a dictatorship.

"We should gas all the Jews, rise up with me" isn't just free expression. It is also an act with predictable consequences.

>It is also an act with predictable consequences.

The most likely consequence would be the antagonist getting shouted down and shunned. If you have to worry about a pogrom breaking out as a result of inflammatory speech then you likely have deeper issues to worry about.

I think you see problem in white and black manner , there is no pure white and black. west is much much developed in human rights (by far) compare than countries like iran. but that does not mean west does not have problem. It has its own huge problem , which should be solved but , it provide much better condition for its own people than iran.

this is the way I am looking to problem.

guess what ? If in iran I talk against supreme leader , the chance are they will kill me with false accusation , okay ?

> west is much much developed in human rights (by far) compare than countries like iran

I bet you haven't read much about the treatment prisoners receive in the US...

> guess what ? If in iran I talk against supreme leader , the chance are they will kill me with false accusation , okay ?

The US has destroyed many lives and killed quite a lot of people for offending capitalism. True, many of those weren't/aren't US citizens. But yeah, they don't have one particular supreme leader... not as a person anyway, but in the form of ideas: greed and money.

1. a few rich people control the entire political process by buying out politicians.

in china, the politicians control the rich people, so they become rich instead - i don't think this is much better.

2. where there are frequent shootings and you are never safe due to some idiotic Constitutional amendment.

shootings are lower, but violence and crime are still a pretty big problem.

3. where regularly unarmed minorities are shot dead by the police and the majority jury allow them to go unpunished.

the chinese government's treatment of 'xiaosu mingzu' (officially recognized minorities) is absolutely reprehensible as well. perhaps not to the level of the american indians, and perhaps with military rather than police forces, but i don't see the big difference.

4. where there is no mandate to give workers paid leave include those with a newborn.

i googled "chinese newborn leave" and ... yeah

5. where lobbies can force the government into war and destroy lives around the world.

i guess within a socialist state lobbies are just different wings of the government. but i think you're misusing the precise term 'proxy war,' which is best applied to this point. here, china is beginning to exert its capital and buy influence among poorer countries esp. in africa. having these sorts of allies (read: puppets) sets china up well for the eventual proxy battles over africa's national resources.

6. where there is a high rate of incarceration, primarily due to the motivation of a proxy war against a certain group of people.

yes, USA is between 5-7x higher than china in terms of incarceration. but china is significantly more ... liberal with its use of the death penalty.

7. where the child abuse death rate is one of the highest in the world.

i direct you to point 4 above.

8. where life is just a gamble where you have "opportunity" to become super rich at the expense of everyone else?

welcome to late capitalism (and very few people even get that opportunity)

I'm not going to pretend that anywhere's perfect, but I think the Scandiwegian countries score pretty well on your "checklist".

Good idea. I'd also put Switzerland on the list of almost perfect countries. Best democracy there is, good welfare, good income, good environmental protection, acceptable (low) taxes.

Except it's almost impossible to move there and get gainful employment

BTW, "they" are trying to erode our civil rights as we speak, but this was more of a "as of right now" assessment.

"Sorry. I am neither Chinese nor Iranian, but I would take these two countries over another country who distorts the notion of "freedom" and "democracy" even when they have none of it."

Sure, then what's stopping you?

You're entitled and you don't know the privileges that you have.

You can move to Canada. I think Canada is like USA: The good parts

1. There is gun control

2. Universal Health Care

3. They don't start wars

Canada has it's own problems with ISPs [1]. I still haven't figured out why businesses have to be so greedy...like I don't believe it's one guy going "I'M HUNGRY MORE MONEY".

[1] http://www.dslreports.com/shownews/Bell-Canada-Confirms-Thro...

It's worth noting that Canada is one of the highest gun ownership societies on earth. They're 11th in the world in number of guns per capita. They have nearly as high of a gun ownership rate, in terms of the percentage of the population that owns at least a single gun, as the US.

And their rate of actual shootings and deaths by firearm is much smaller, which is the actual relevant number

Only because they don't have huge ghettos with gang problems. It's basically a demographics issue.

Oh I hear Jane/Finch and Scarborough are veritable paradises these days

Jane and Finch is a paradise compared to most US slums.

Or because Canadians try to use their guns for hunting animals.

That may be true statistically, but is that survey based on a nation-wide basis? I am asking because the culture between provinces and regions can vary extremely widely. I have lived in Canada for 17 yeara and no one I know has a firearm. Most of my friends and their families are the same. Which is to say that I've lived near Toronto and Southern Ontario, but where a sizable portion of the Canadian urban population lives. Of course there are many Canadians living in rural areas where owning firearms makes more sense, but culturally speaking, our gun ownership mindset is still generally far more restrictive. You'd be hard pressed to find a lot of gun owners in major cities and suburbs.

.. err, no - US has 88 guns per 100 people, and Canada has 30. See the list here: https://en.m.wikipedia.org/wiki/Number_of_guns_per_capita_by...

Charlton Heston said it best on bowling for columbine.

by the way, most of you listed shortcomings are true as well as for China as Iran. But they would not allow your post to appear here. Maybe they'd come to your house and just put you into jail for anti-government propaganda. Good countries they are...

You have a fundamental misunderstanding of the second amendment and of cause and effect.

Also substantial ignorance about crime patterns and the role of the courts.

When govts have nuclear weapons, nothing wrong people having assault weapons. Second amendment should be universal.

oh god, another "Guns don't kill people" nut. not sure why you're defending an antiquated amendment that helps the NRA sell more guns.

Guns do kill people. That's the whole point, and why I'm a 2nd amendment supporter. There is a fundamental right to self-defense. Any politician who disagrees is an incredible hypocrite, as they cavort from place to place with a cadre of armed bodyguards.

Nevermind that studies show a weak or non-existent link between banning guns and homicide reduction. But even if they didn't, the right to bear arms is more important than letting politicians decide who has the right to self-defense.


I'm ambivalent about the 2nd amendment (and in fact lean left on it) but flat-out blaming it for the state of personal safety in the US is the dumbest thing I have ever heard. "Guns don't kill people, people do" at least points to the important and relevant truth that murder and homicide is a human behavior with complex motives, even if that alone wouldn't be enough for me to support private gun ownership. "You're not safe in the US because of the second amendment" is just a stupid lie.

West != USA. Move to some European country if you dislike the US so much.

We in Europe we have problems with dumb and stupid politicians. :(

So do those poor Americans... so do all of the world, in fact. Although I will admit that having Marie Le Pen being one of the few to speak out for civil liberties in France is indicative of particular idiocy.

To somewhere that's not America then? Because you've left a few options open...

No, to the country that is:

1) A leader in freedom of speech, press freedom, property rights protections, general freedom of movement, and is low on the corruption index. One of the few countries with extraordinarily well protected freedom of speech rights enshrined at the core of the nation.

2) Has a rapidly adaptive culture, able to implement changes at a fast pace despite its immense scale. That includes things like legalizing and decriminalizing drugs, which is now underway across numerous states, and marriage equality.

3) Has one of the highest median household incomes on earth, and one of the highest disposable incomes. Both of which just got a 20% booster shot against the rest of the world courtesy of the dollar.

4) Has one of the highest standards of living on earth, for both the poor and the rich. See: OECD better life index.

5) Has some of the most generous welfare state policies of any nation. The US has free healthcare, and very large food and housing programs for the poor. Which is why America's poor are better off than all but half a dozen nation's poor.

6) Actually has stable economic growth and vast opportunity. Neither Europe nor the EU have grown in eight years. China is imploding rapidly with non-stop chaos socially and economically, Japan hasn't grown in 25 years.

7) Has a relatively low unemployment rate, and a vast supply of available jobs (presently at ~15 year highs, at nearly six million openings). This is counter to most of the world, with emerging markets in desperate shape, and the rest of the developed world rolling from recession to stagnation to recession again.

8) Is a leader in science, innovation, invention, general technology, aerospace, pharma/biotech, farming, manufacturing, software, Internet, space tech, gaming, and pretty much every other category.

9) Has 45 of the top 50 universities, and the best university system across the board of any nation. With a median student loan debt of $13,000 - which is half the price of a car these days.

10) Where the median household net wealth is higher than Germany, Italy, or Sweden. And where household debt to income ratios are lower than nearly all of developed Europe.

11) Where the murder rate for 99% of the population in cities is closer to 2/100k (and half that in rural areas), on par nicer urban parts of Europe. The US has a hundred nice cities with very low murder rates, pick where you want to live.

12) Where unarmed minorities are not regularly shot dead by the police.

13) Where minorities have a greater opportunity for success than in nearly any other nation. See: the vast wealth and prosperity of Asians in America, they're the best off of any race of people here. In fact, American Asians are among the best off of any people anywhere on this planet.

14) Where you have more opportunities than in any other nation, to make any kind of life for yourself that you want. Fortunately life in America is the exact opposite of a gamble, given the vast success of America's middle 50%. Few nations can claim the kind of success that America's middle class has managed, despite how large it is.

Thanks for curating that wonderful list.

I'd contradict you by saying that the poor have it much better in Germany than in the USA (same great health insurance as everyone else, no masses of homeless people like in US cities) and I'd also say the educational system here is better for the average person (free universities with high standards - not in the Top50 of the world maybe, but still great). But in general I think you have many valid points on your list.

Saying the poor have it better in Germany, would not be contradicting me. I openly acknowledge that there are numerous nations in which the poor are clearly better off than in America (eg: Sweden, Norway, Switzerland, Germany etc).

There are exceptionally few large nations in which the poor are well off however. Nobody would want to discuss the poverty in Indonesia, Pakistan, China, Brazil, India, Nigeria, Bangladesh, Russia, Mexico, Philippines, Vietnam, Ethiopia, Iran etc. In the top 20 large nations, there are only four countries that aren't mired in extreme levels of poverty: France, US, Germany, Japan. When I say extreme, I mean levels so horrible, that if you attempt to compare the standards to the US, people stop wanting to talk about it and consider the comparison to be inherently unfair.

The parent comment for example was being almost comical in their standard, given China has half a billion people living on $3 / day (people with few rights, that by law can't even own the farming land under their feet). Those half a billion people have seen very little improvement in 50 years if you inflation adjust that $3 backwards, and they've seen very little improvement in rights.

Germany is an exceptional nation, without a doubt. Just to be in the same neighborhood as Germany, while having 330 million people and to be as diverse as the US is, is a compliment.

Germany however is also in trouble, with poverty becoming a serious problem. Their lack of economic growth since 2007 is probably playing a big factor.

"Poverty in Germany 'at Record High'" http://europe.newsweek.com/poverty-germany-record-high-says-...

"Poverty in Germany at its highest since reunification" http://www.dw.com/en/poverty-in-germany-at-its-highest-since...

> 2) Has a rapidly adaptive culture, able to implement changes at a fast pace despite its immense scale. That includes things like legalizing and decriminalizing drugs, which is now underway across numerous states, and marriage equality.

The US is able to implement seemingly big changes quickly, but they're not necessarily as big as you think them to be. "Marriage equality" (a name many disagree with, by the way) is not a massive change, for example. It's a tiny change that, while providing some benefit to some gay people, does not fundamentally change power structures. In fact, it strengthens an existing one: the cultural institution of marriage.

> 11) Where the murder rate for 99% of the population in cities is closer to 2/100k (and half that in rural areas), on par nicer urban parts of Europe.

If you exclude the places where murder happens most, of course you appear to have a low murder rate.

> 12) Where unarmed minorities are not regularly shot dead by the police.

Perhaps you have not paid attention to the news. Quite literally hundreds of black people have been shot by US police this year so far. People who, if their skin was a different colour, would not have been shot.

> 13) Where minorities have a greater opportunity for success than in nearly any other nation.

This statement would be amusing were it not so terrifying. Minorities in the US, once in the poverty trap, have virtually no chance of getting out of it. Even those outside it face significant obstacles in getting anywhere.

> See: the vast wealth and prosperity of Asians in America, they're the best off of any race of people here. In fact, American Asians are among the best off of any people anywhere on this planet.

Asians in America are a relatively privileged minority. Now look at how other ethnic groups fare. Not so rosy.

> 14) Where you have more opportunities than in any other nation, to make any kind of life for yourself that you want.

If you're rich.

> If you exclude the places where murder happens most, of course you appear to have a low murder rate.

There is no "of course" about it. If the murder rate were uniform throughout the US then excluding any handful of locations would have minimal effect, but excluding those locations causes it to drop precipitously.

That isn't to say it isn't a problem, but it's a localized problem. So if you're moving here and are worried about being murdered, all you have to do is live in New York and not Baltimore.

> is not a massive change

In fact marriage equality, and the increasingly broad acceptance of homosexuality in America, is an extraordinary accomplishment. And it's only going to keep getting better. That contrasts sharply with the majority of the world, that is the exact opposite and opposed to marriage equality.

> If you exclude the places where murder happens most, of course you appear to have a low murder rate.

Not excluding at all. The whole of the US has a murder rate 1/3 that of Russia, and on par with Amsterdam. Few Americans as a percentage live in very high murder rate neighborhoods or areas. Those areas have extremely high murder rates, the other 99%+ of America where most people live does not. That's an exceptionally critical distinction. The worst areas of eg Chicago do not threaten most of the people that live in Chicago, most of those citizens are under very little risk of being murdered or harmed by that crime. It's context dropping to pretend otherwise. To pretend that all of Chicago suffers from an equally high murder rate is absurd.

> Perhaps you have not paid attention to the news. Quite literally hundreds of black people have been shot by US police this year so far.

In fact I do more than just watch the headlines, I read the stats. Police caused deaths have been falling for 40 years. The US is almost so diverse at this point, that it will soon have no majority. The parent comment claimed unarmed minorities were being killed left and right. In fact, there are typically around 500 police caused deaths per year in the US, a small fraction of which are unarmed minorities that are shot, and a fraction of which are unjustified in terms of use of force. Nearly half of those deaths are white people, not minorities. To put these numbers in context, China executes 2,500+ people per year, with some record execution years that are truly astounding. They've executed more people in the last 10 years, than cops have killed in the US total in the last 100 years.

> Asians in America are a relatively privileged minority. Now look at how other ethnic groups fare. Not so rosy.

I find it fascinating how you excuse the success of Asian Americans by slandering them as privileged. Fact: Asians in America are among the richest Asians on earth; Blacks in America are the richest blacks on earth; Latinos in America are the richest Latinos on earth.

> If you're rich.

Nope, America has the world's largest middle class, and has good upward mobility:

"A surprising and increasing number of middle-skill workers are moving up rather than down the economic ladder."

The fact that the US has one of the highest standards of living, median incomes, and median disposable incomes, proves the point easily. You very clearly don't have to be rich at all to do well in America. The US also has one of the highest rates of college degree acquisition in the world.


> Not excluding at all. The whole of the US has a murder rate [...] on par with Amsterdam.

Amsterdam, a dangerous city, has a murder rate of about 4.4 murders per 100,000 population.

The entire US, including the empty rural bits, has a murder rate of 4.7 per 100,00.

But if we include all of Holland we see a rate of less than 1 per 100,000 population.

Your comparison of a single dangerous city with the entire US is dishonest.

Let's look at a single US city: Detroit. Detroit has a murder rate of 44 per 100,000 population.

Amsterdam, one of the most dangerous cities in Western Europe has a murder rate of 4.4 per 100,000 population.

I want to add that Amsterdam is TOTALLY NOT dangerous. It's got a high murder rate because it's a capital for drug lords and assassinations happen. Civilians are completely unaffected by this. In my neighbourhood multiple people were assassinated while I was a kid, nobody ever talked about it, nobody was scared or anything, it's a non-topic really. In fact most of them used to happen in the wealthiest part of Amsterdam where all the rich people live and where I'd happily and safely cycle to school by myself at age 8 every day.

One of the streets where an assassination happened and where I'd cycle daily was this one: http://www.studiokoning.nl/Foto_Amsterdam_2/Apollolaan_14042...

Again this is a street where virtually everyone living is a millionaire, and the primary school she's 1 minute away from is one of the best in the country.

Nobody I knew ever witnessed anything, you'd just read it in the newspapers. The people who got assassinated were high level drug bosses who'd been in organised crime for decades. We're not talking about civilians here.

Beyond that, these are eurostat numbers and they're a bit shitty. The murder rates include drumroll abortion, dangerous driving and euthanasia. In short, it has nothing to do with crime or safety. So even the homicide rate of the Netherlands (a mere < 1 per 100k) is overstated. (as it probably is for American cities which have high abortion rates due to socioeconomic issues and poor sex ed)

Amsterdam is a super safe city I've lived all my life. (and I've traveled and lived in 4 continents so I can compare.) In terms of safety, sadly no developed country compares to the US, it's that bad.

I'll tell you the actual murder rates for Amsterdam and the Netherlands for 2014. Amsterdam 20, the Netherlands 137.

Per 100k that's about 1.5 for Amsterdam (for comparison, 1.3 in 2010, 1.5 in 2011), the most dangerous city in the Netherlands, and 0.8 for the Netherlands.

It's not dishonest in the least. For a country supposedly as violent and dangerous as the US, with the vast number of guns that we have, to have a murder rate on par with Amsterdam is worth noting - it's also worth noting that it has been improving for decades almost non-stop. As we gradually end the war on drugs, it's likely to drop a lot further.

If we get that 4.x rate down to a high 2.x rate in the next 20 years, would that not be a solid accomplishment given the guns in America? At the rate violent crime has been dropping over time, that's likely to be the outcome.

And as I've noted previously, America in fact has a lot of cities with extremely low murder rates. If you want to live in a very safe city, there are plenty of options.

Let's look at San Diego versus Amsterdam: nearly twice the population and nearly half the murder rate.

1) you're comparing the safest US cities to the 'murder capital' of Europe. That's a total joke. It's like comparing the standard of living of a European billionaire to an American homeless person and saying 'look!'. That's why he's saying it's dishonest.

2) Even if the comparison was reasonable, you completely fail to understand the cause of the numbers and what they say. And they say nothing about safety for ordinary people living in Amsterdam, I can tell you that right away.

Here's some more info on nr (2) https://news.ycombinator.com/item?id=10102529

1) San Diego isn't the safest US city. The safest US cities are on par with the safest eg Scandinavian cities. There are US cities with 100k+ people that regularly have 1.x annual murder rates. If you want to live in a very safe city, the US has plenty to choose from.

2) Nothing you've said refutes or alters Amsterdam's murder rate. Nor is what you said very effective, watch: your statement says nothing about the average safety of someone living in New York City. You completely fail to understand the murder rate in New York City and how it impacts the quality of life of the typical citizen there.



Oh my god, it's the LOWEST. Yes, the lowest of big cities. San diego has a population of a little over a million, quite comparable to Amsterdam (which has a smaller population, but roughly a million).

And what's the murder rate in 2014? 32. Amsterdam's murder rate in 2014? 20.

Alright so, the safest big city in the US, has a murder rate comparable with the most dangerous city in the Netherlands, or as you call it the murder capital of Europe.

(2) Yes I did refute your claims. Are you not listening?

1) Again, the 4.4 number includes abortions, dangerous driving and euthanasia. You can make a claim for dangerous driving (although it's mostly self-murder, so doesn't impact my safety), but euthanasia and abortion doesn't affect my safety AT ALL or anyone else's. Virtually every year the actual murder rate in Amsterdam is below 2, again comparable to the SAFEST city in the US, and this is supposedly the most dangerous city. So someone aborts a baby, or a 95 year old with a great life who went blind, bed ridden and in constant pain from a chronic disease wants to die and is requests euthanasia, makes my life less safe? It's a joke.

2) And those are murder rates of who? Organised crime. 90% of the murders in Amsterdam are assassinations of organised criminals, people who generated +$100m in drug money and get assassinated by a competitor. It has absolutely NOTHING to do with my safety. It doesn't affect me at all. Drug crime isn't like it is in the US, every month or so one or two people get assassinated in a targeted attack. I've never witnessed this or heard the gunshots or seen the blood or the bodies, despite living my entire childhood in neighborhoods in Amsterdam where this happened. (the richest neighbourhood by the way because these drug lords are all multi millionaires who live in expensive villas. The fact someone goes to their home and kills them and spikes the murder rate affects ordinary people in no way whatsoever. As opposed to gang violence in the US which takes the lives of many innocent people, and takes the lives of young small time petty criminals who have few opportunities, as opposed to 50 year old millionaires who've been in crime for decades). It's like saying if a police officer kills a dangerous criminal and the murder rate goes up by 1, that this makes your life less safe, it's a joke.

3) Actual crime (whether it's assault, rape, theft) is all much lower because Amsterdam is extremely safe and the murder rate is only high because virtually all victims are high level criminals. If you actually look at safety (whether it's from murder or any other crime) for ordinary civilians, it's nowhere near the safest US city. The comparison is a total joke.

> In fact marriage equality, and the increasingly broad acceptance of homosexuality in America, is an extraordinary accomplishment.

It is an accomplishment, for sure! The Western world (not just America) has become much more tolerant of gay people.

And yet, while the US has had white people getting more tolerant or even accepting of white gay people, white people have not been getting more tolerant of black people.

In fact, the US has recently stepped backwards in some places, such as the end of the Voting Rights Act.

By all means, celebrate the progress that some people have made in the US. But bear in mind others have made none.

> The US is almost so diverse at this point, that it will soon have no majority.

Majorities and minorities matter less than who holds power. In Apartheid South Africa, black people were the majority.

> The parent comment claimed unarmed minorities were being killed left and right. In fact, there are typically around 500 police caused deaths per year in the US, a small fraction of which are unarmed minorities that are shot, and a fraction of which are unjustified in terms of use of force.

Only a few of which are unjustified? Really? In most civilised nations, police shoot orders of magnitude less people.

Also, the idea that it only matters if unarmed minorities are shot in the US is abhorrent. In the US, you may legally carry arms.

> Nearly half of those deaths are white people, not minorities.

The fact poor white people are also shot is itself alarming.

> To put these numbers in context, China executes 2,500+ people per year,

China isn't a rich, Western nation. It's not a fair point of comparison.

> I find it fascinating how you excuse the success of Asian Americans by slandering them as privileged.

It's not slander, and I don't mean to say they face no discrimination, but they do face a much easier time than, say, black people in the United States.

> Fact: Asians in America are among the richest Asians on earth; Blacks in America are the richest blacks on earth; Latinos in America are the richest Latinos on earth.

Yes, but absolute (if you can even call it that: exchange rates vary) wealth doesn't matter. US Black and hispanic people are living in poverty by US standards.

> Nope, America has the world's largest middle class, and has good upward mobility:

It also has a massive number of people in poverty who cannot move up the latter.

> You very clearly don't have to be rich at all to do well in America.

The whole "upward mobility" concept relies on you eventually being rich. If the metaphorical ladder never reaches you (and for millions of people, it never does), no, you don't do well.

And by "rich" I do not mean upper class. Middle class people are, relatively speaking, rich.

of course, everyone knows that it's a problem that white people get shot by cops too. But bringing it up frustrates the white American liberal because they can't get truly mad about police shooting unless it disproportionally affects (non-asian) minorities. I mean, they'll talk about it, but everybody wants to pretend they're on the front of a new civil rights movement and signal how progressive they are. It gets old.

The problem is that when you take away the racial angle, you might discover that America's pretty violent, and that fact might have an impact on how many police shootings there are.

> 5) Has some of the most generous welfare state policies of any nation. The US has free healthcare, and very large food and housing programs for the poor. Which is why America's poor are better off than all but half a dozen nation's poor.

Not to start an argument. I'm hoping you know something I don't and that will be a huge help.

I keep hearing about this free healthcare, yet I have friends and family members who can't afford the medication that keeps (kept) them alive. There was no other option even after chasing programs offered by the drug companies for "free medication" and applying to state programs. Do you mean they can go to an emergency room? That's not free either, you end up getting calls from collection agencies for the rest of your life, just like any other debt. And the emergency rooms are never a good idea unless you're actually bleeding out. My former father-in-law sat in the waiting room with a ruptured appendix for 12 hours because he was obviously poor and had no insurance. The nurse explained, if you have insurance, you have a Primary Care Physician to get you admitted, you can get right in. He didn't, so they told him to go home and take some ibuprofen. When he didn't (he couldn't physically get up) they got to him when they could.

For myself, health insurance is the single highest cost item in my budget. It costs more than my car payment or rent. I'm on the least expensive Affordable Care Act insurance in Texas. There is no subsidy unless you make 400% of the poverty level. As a business owner with a new business, I have zero revenue or income. I would be fine with that cost as a tax on income, it could grow with me. But as a flat rate, I will only be able to afford this a few more months unless our business becomes profitable, then I'm in the same boat as all the other poor, unless I go running back to some established employer. My wife has Type II diabetes. So I'm going to do whatever I have to. Her prescribed medication costs ~$400 per month, but after much searching we found a different combination that was $40/mo. Hopefully it works as well, we'll have to see.

I'm not complaining. I've had high paid jobs and and made alot of money over my life. We have it easier than most of the people we know. We are both young(ish) and healthy enough to still work. We have some savings, but I've spent most of it pitching in on healthcare for the family members I mentioned including my daughter. One of the reasons we started a business is we want to have something that will support us when we aren't able to do it ourselves, because we don't have anyone to do for us what we did for them. We don't have other options that I know of.

Tell me you do. I want to live in the America you do.

(edited to fix typos)

One has to wonder how the US became what it is... I mean, for example, how do US people get cheap oil? By having their own government invade countries, right?

Good list and I agree on many points.

(4) is total bs though. If you look into the better life index, it's a total joke. Here's one quick tidbit, it rates the bottom 10% in Poland as having a better standard of living than the bottom 10% of France or Japan.

You think that's a joke? It gets better! It rates the TOP 10% of Poland as better than the top 10% of France or Japan, too!

If you know anything about these countries you'd laugh (with all due respect to Poland, great country for the resources they're working with right now and the history they've endured).

(5) is partially false. You can find an equivalent population in Western Europe (e.g. UK, France, Germany, Benelux, Scandinavia) the size of the US population, whose welfare state policies make the US look poor. Of course on a world scale it's great, when you figure there's more than a billion in all of Africa, China and Asia, where the story is quite different. But compared to the best in the world, the US doesn't rank at the top, and we don't have to look at countries of 5 million to make that comparison.

(6-7) Least important. Long-term, yes, but you're mostly referencing a snapshot in time that's not very meaningful without context. After all, if you see your economy drop by 50%, high growth rates after aren't anything special, you're simply returning to where you were years ago. And if you come from a low position like China, getting growth rates that outpace e.g. the US by gigantic amounts isn't very special either, as you're merely catching up slowly to where others have been for decades. The growth number in and of itself is a small indicator without context. Don't forget, Greece and Spain and Ireland's 2015 and 2016 growth forecasts are double that of Germany (guess where you want to live. Germany). And China's is more than 2x that of the US (guess where I'd want to live, the US). Besides the claim that Europe hasn't grown in 8 years is false. Look at Real GDP per Capita, that removes inflation and population changes. You'll find Europe grew a tiny bit. The US isn't really any different, barely any higher than in 2007 [0].

(9) Partially true, partially not true. So for one, rankings wildly differ. The QS rankings have 18 out of top 50 universities in the US. Just 2 in the top 5, compared to the UK (a country with a population 5x smaller) which has 3 in the top 5. Other rankings are more favorable to the US, it depends. But what I think is important is that a lot of these rankings have little to do with education, and a lot to do with your point (8), which is research by 1% of the student base. Almost all of these rankings put a gigantic weight on peer review and citations. So if Chomsky is at MIT, well that boosts up the rate by a gazillion because he's one of the most cited people in the world. Even if he doesn't teach, or even if he teaches in a field that only 10 students in that university actually study.

You'd be surprised that quality of education isn't at all really measured, only by crappy proxies. So for example for QS (it's a horrible ranking, but very popular), 40% is peer review (i.e. almost completely irrelevant to the majority of bachelor/master students), 20% is citations, 10% is faculty/student ratio (have a lot of non-teaching research staff? Well you get peer review, citations and a high faculty/student ratio, without any of that directly translating to students getting taught. Have a popular professor who teaches a wonderful class to 200 students instead of 100? Your rating on this variable just got halved.) And another 10% is international students/staff, which I think is super important in some ways (internationalisation of education is a big deal!) but can also be completely meaningless. i.e. a university which has amazing education and happens to be in a low-immigration country, isn't any less amazing.

In short, rankings differ wildly, rankings are crap, and rankings often don't say much about the quality of education. I can say this because I studied at a top 50 university, top 20 actually, as well as 3 other ones not ranked even in the top 100, and the top 20's quality of education wasn't remarkable (actually had the best grades with the least effort there, too). The difference? The top 50 uni had a load of money, reputation and had brilliant PhDs doing amazing research and got cited a lot, which did 0 for my education but everything for its reputation, the other ones simply had great education without deep and well funded PhD programs.

So what must you do? Look at educational outcomes. More importantly, not look at the top universities, either. Does it matter for a typical student to study in the US if Harvard is in the US when it only takes in 2.000 students per year? The answer is mostly no. 99% of the population goes to different schools, so let's look at them.

You'll find the US does quite poorly compared to the aforementioned European region of equivalent size. And you'll find that whereas in most of Europe education is free or de facto free. (e.g. in Germany, free, in France a few hundred bucks per year, in the Netherlands $2k but you get $2k from the government as a loan, which turns into a gift if you graduate, i.e. free etc) And average student debt is $35k for 2015 in the US.

Having universities like MIT or Harvard is important for point (8), being a leader in science, innovation etc etc. But it's not for point (9), quality of education for a normal person, at a particular cost. You can get better quality cheaper in Europe. My education in the Netherlands compared great with having studied in America, for example.

(10) It's really hard to compare nations, income is a particularly tricky one to rely on. My healthcare is free, my education is free, sports and arts are heavily subsidised, cities are built so I don't need a car etc etc. In short, you can get a much better standard of living with less money. Would you like if your income was $1m per year if your health insurance was $250k, your education was $250k etc? It's an exaggerated example but you get my point. I find if you talk to people who've lived in Western Europe and the US (like I did), that standards of living aren't better in the US.

Household debt to income is rarely used, it's household debt to disposable income. And that's my point, if my healthcare is paid for me for example, does it matter disposable income is a little less? It wildly varies, too. Countries that are usually wonderful to live in have high ratios (Denmark the highest, then the Netherlands, Switzerland of all places comes in fourth. Who comes in last? Slovenia, Poland, Slovak Republic. Not places you want to live. It also masks the fact that Net Household Wealth to Income in the Netherlands (remember, the 2nd worst country on your debt to disposable income rating) is much better than that in the US.) You also have to understand where it comes from and what it entails. Two thirds of household debt reduction in the US was because of defaults. So the number is low because the US had an epic fail, defaulted on the majority of debt reductions and lost people a lot of money. That's not a great situation is it? Beyond that it's important to look at the type of debt. In the US household debt consists of a lot of credit card debt (i.e. empty debt at ridiculous 20% interest rates per year.) In Europe it's a lot more because of recent housing price crashes (i.e. people owing the bank on much lower interest rates on long-term, asset-backed loans, whose value is forecasted to bounce back in the coming years as the housing market picks up as it did this year already). It's important to look into the statistics, I can name a million and one empty statistics that make the US look poor. For example the US owes a ridiculous shit ton of money, $18 trillion, people always like to say. But nobody mentions that the rest of the world owes the US about the same amount.

(11) I think everyone knows that crime rates in a typical American city aren't as good as those in a typical European city. Hell the notion that there are deep issues with even feeling safe around police in the US for substantial portions of the population is insane. I agree fully with you that if you want, you can find very safe cities to live in in the US. But that's cherry picking cities, and if I did that for any of the other points you mentioned it'd be easy peasy, that's why we're having a discussion about countries no?

(12) I just don't see how the US compares to Western Europe in this regard. I mean it's on a completely different scale. I'll cherry pick one number real quick if you allow... it's that the US shot and killed 59 people in the first 24 days of 2015. In the last 24 years, the England & Wales shot and killed fewer, 55. Just think about that. Police shot and killed more people in 0.33% of the time, despite the population being barely 6 times bigger. Or Iceland, a population that is bigger than that of Stockton, California. They had 1 fatal police shooting in 71 years. Stockton? 3 in the first 5 months of this year alone. In I mean I'm cherry picking here obviously but I really think you should scrap this point from your list, cause I can go on and on here and it gets worse.

(13) Absolutely ridiculous. I'm a minority in Europe, my girlfriend is a sociologist. From my experience and the academic perspective, social mobility in the US is not the best in the world, not even close.

(14) More of the same.

[0] http://www.multpl.com/us-real-gdp-per-capita

> You can find an equivalent population in Western Europe (e.g. UK, France, Germany, Benelux, Scandinavia) the size of the US population

If we're going to compare the top 25% of Europe versus the US, then let's use the top 25% of the US for the comparison, and use the bottom 25% of Europe to compare against the bottom 25% of the US. Given the population numbers are a lot closer for that comparison, it makes drastically more sense than trying to compare Finland to the US. It also makes far more sense on a diversity basis, given across all of Europe you get a lot of diversity, and the same is true for the US (with ~140 million minorities, and a vast number of national and cultural backgrounds).

It's absurd to compare solo countries like Norway to the US. There's no scenario under which that can ever make sense.

How does Bulgaria, Moldova, Ukraine, Romania, etc compare to the bottom 25% in America?

How does all of Sweden compare to even the top 50% in the US? (that's 165 million people, so I feel like I'm giving you an extraordinary benefit there, comparing against tiny countries)

It's blatantly obvious what happens when you use a full European comparison, instead of just picking the top European nations. I've been accused a lot in this thread of cherry picking data, well only picking the top European nations is extreme cherry picking.

I think you missed my point. I'm talking about bundling all those countries so you can get an equivalent population and then make comparisons. I wasn't comparing Norway to the US, I mentioned it as part of a bundle of countries that get to an equivalent size of the US population. If you take the countries I mentioned you get something close to 300 million. The US population is a little less than 320m. Western Europe has a population of 400 million for example.

I didn't miss the point, I disagreed with the premise of picking the top outcomes in Europe, while ignoring the other half of Europe that represent quite poor outcomes.

When comparing the US vs European nations, there are certain requirements to get a positive outcome for Europe. You have to drop most of the medium countries like Spain, Portugal, Greece, Italy, Czech, Slovakia, Poland, Lithuania, Latvia, Estonia, Slovenia, Turkey from the comparison - to say nothing of Croatia, Serbia, Bulgaria, Hungary, Romania, Ukraine, Kosovo, Macedonia, Belarus, Russia, Albania, Moldova.

The focus has to be on: France, Germany, UK, Finland, Sweden, Norway, Switzerland, Austria, Denmark, Netherlands, Belgium.

If you deviate from that exact list, Europe's ratings on everything implode rapidly.

It points to the persistent intellectual fraud in most comparisons to the US that you see with regards to Europe. People always want to stick to talking about just a few nations. They never want to do even a EU vs US comparison (eg twice the unemployment rate of the US, with next to zero GDP growth for eight years and with only ~60% the GDP per capita). US life expectancy is also as high as the EU, despite our supposedly inferior healthcare system. Median incomes are quite higher in the US than the EU, and median household wealth is also higher. The US also produces greater total output in terms of science, innovation and nobel prizes than the EU does.

Well if you're not missing the point then why make an unfair comparison? Even western europe alone has a population much, much bigger than the US. So if you want to include all of Europe you're comparing apples to oranges just as much as comparing Germany to the entirety of the US.

Now it depends on what comparison you want to make. I'm telling you you can find a portion of Europe that's all next to eachother and is the developed part of Europe, that has a population that is comparable to the US, and is an interesting basis for a discussion.

If you want to include previous Soviet Union countries, or countries that have been independent states for since 2008 like Kosovo which you mentioned, go for it.

I'm not interested in that discussion, nobody is, nobody is talking about how we should all move to Kosovo or how the US can learn from Kosovo, it's a joke of a discussion and one I'll easily concede the US comes out ahead (surprise surprise! Hell I've literally lived in countries in Africa that do much better than Kosovo, which isn't even recognised by half the world population's governments, let alone part of the EU).

May I ask a question by the way, have you ever lived in the EU?

I ask because of your extreme bias. Because I've shown you countless examples of you citing things without understanding them, or citing them wrongfully, all to make a point regardless of whether the information supports it.

Like say the US producing nobel prizes more than the EU. Guess how many the US produced? 350. The EU? 462. I mean it's a joke. You keep spitting out random blobs of information, many of them flat out false or simply missing the point entirely. (like your info on homicide rates in Amsterdam being a total joke). You switch to national numbers when it suits you, then per capita numbers when it suits you, then shift to individual cities to cherry pick particular variables, and switch between comparisons between the US and individual countries, or the EU or Europe as a whole (yeah let's put Germany and Kosovo in the same basket and compare it to the US, and let's compare a group of countries like Germany and Russia to the US, even though Germany and Russia are like the US and Iran to eachother right now, fighting each other with sanctions and economic warfare, because hey Germany and Russia are both in Europe right? They must be politically united like say the individual states of the US, fair comparison to compare outcomes! /s).

And you make the same mistakes you're attacking others for, calling it 'persistent intellectual fraud' to make faulty comparisons. So let's look at one you brought up: life expectancy The EU life expectancy at birth is slightly better than the US, but as you say, it's comparable. So fair enough, right? But you fail to mention the European Union has more than 500 million people, about the same as the population of all 23 countries in North America, fair comparison? Not so much.

Mexico for example has a horrible life expectancy, even less than the West Bank for crying out loud. [0] Guess who is below Mexico even? Romania. Guess who invited Romania to join their union the past few years? The European Union. Now let's see what happens if the US builds a union in North America with countries like Mexico or say, Haiti, to get to the same 500 million people as the US, and watch what happens to your 'fair comparison'. You'd see variables drop extremely hard across the board. Again you're being a total hypocrite. Just because the EU happened to expand beyond western europe into a group of countries (not a country, but a group of independent states) way bigger than the US, allowing way poorer countries than Mexico for example to join, doesn't mean you can compare the EU to the US and then call 'intellectual fraud' when someone instead makes a more sensible comparison to western europe, or the original EU members. And don't get me started on the comparison to Europe, it's ONLY 750 million people, including hundreds of millions who are politically diametrically opposed and waging economic warfare and even a proxy war in the Ukraine right now. Makes total sense to compare their 'union' to the combination of the united states. And mentioning Kosovo, man I'm still laughing about that one, you're right though the US is totally better than Kosovo, I'm glad we put that controversy to rest.

[0] https://www.cia.gov/library/publications/the-world-factbook/...

It's just 'Ukraine', not 'the Ukraine'. Other than that, totally on board. I'm a dual US/EU citizen (Italia) and I support this post.

Ah thanks for that, I thought it was an English thing (here in the Netherlands we just say 'Ukraine') but I always heard it as 'the' on english television. After your correction I looked into it and it turns out saying 'the' is actually insulting!

I'll be very short, at least Iran and China didn't invade Iraq and Afghanistan on false pretenses. They aren't currently droning civilians in 5 countries. If you pay taxes in America you are financially supporting their military efforts, that's how I look at it.

China invaded Tibet on false pretenses.

What's the bodycount? Incidentally, may I ask how far back in history you are going, is it something more recent than this:

> In October 1950, the People's Liberation Army entered the Tibetan area of Chamdo, defeating sporadic resistance from the Tibetan army.




Using your logic, spraying a country with mustard gas is better than killing half of their citizens, as the body count is smaller.

Which crime is worse is the question you should be asking, instead of trying to invert the interpretation for reasons unknown.

How many bodies do you need before you care?

1, I want to compare atrocities. You need numbers for that.

You mean like "Only 10,000 of your people died. 20,000 of theirs did, so your atrocity isn't as important as theirs."? Helluva world view.

I certainly think 20,000 deaths is worse than 10,000 deaths yes.

I believe there is a much greater discrepancy than 2x, between the Iraq and Afghanistan wars and ongoing drone strikes inflicting civilian casualties, and Chinese incursions into Tibet.

That's not to say I support China in their incursions into Tibet. I am very sympathetic to those who have had atrocities committed towards them.

I do think however that the scale of a crime is important, and can be compared.

With the numbers you can make meaningful comparisons. This person committed two murders, this person committed one. To suggest all atrocities are equal is weak.


Well we have completely opposing views in that case. I think if you cannot compare atrocities or crimes you are suffering from sociopathic/psychopathic tendencies (i.e. morally bankrupt) but I say that as an armchair psychologist, much like you say what you say as an armchair moralist.

I think given any number of examples you would gladly compare crimes and atrocities and quite easily state which you think is worse.

Society does this also, you can usually find it expressed in the sentencing for crimes.

I think if you cannot compare atrocities or crimes you are suffering from sociopathic/psychopathic tendencies

So because I don't tier atrocities into more or less horrifying based on numbers and treat them all as a negative means I have "sociopathic/psychopathic tendencies"? Doesn't take much to understand you don't know what those words mean, including moralist and psychologist.

We both treat them as negative, however that you are unable to appreciate differences in extent raises serious questions for you, yes.

Society seems to be able to distinguish between different crimes and atrocities, yet you seem unwilling in this case.

Suggesting that those who can make such comparisons are morally bankrupt is quite a stretch, don't you think?

Let me add to that:




If you look at history, China looks way more pacifist than the US. In fact, one has to wonder why the US govt. and media keep spreading fear about China... Perhaps the US govt./media are scared of some country doing to them the exact same things they do and have done to other countries.


Your Iran point: How many civilians have Israel taken out in the recent past? America plays the proxy war game too. How much of ISIS armament is of American origin? How many civilians have ISIS taken out?

I guess if you are from the country, it's less likely that you would outraged by your own military's actions.


Thanks for the information regarding China's belligerence, but Chinese citizens might be more sympathetic to that. Much like any nationalists being sympathetic to their own nation's causes.

Once you suggest a place as an alternative place to live, it's worth thinking about what a person who moves there would be supporting financially with their taxes.

What? "America plays the proxy war game too. How much of ISIS armament is of American origin?". America's proxy war involvement is well known, but you picked the most ridiculous conflict that has nothing to do with this. Your argument is ISIS equipment being American. What? That's because equipment given to Iraqis being captured, a very well documented problem. Your implication is the most ridiculous thing I have read in this thread so far.

Creating a power vacuum with a load of weapon caches left behind and hastily trained folk guarding them, does have a pretty predictable outcome.

This is a slipper slope if I've ever seen one. Aid to Syrian rebels is already known, one of the parties to which a proxy war might be a somewhat reasonable assumption. However, given the long involvement of the US in Iraq, this is a very far-fetched conspiracy theory to say the least.

You may want to read this article:


A lot of these guys ended up in ISIS, it would be foolish to assume otherwise. If you view America's foreign policy aim as maintaining an unstable middle east, then it's not a slippery slope argument.

Is also possibly an idiot-trap on a grand scale. If you have a widely dispersed enemy, leave some treats in an area that can be encircled.

You are missing a few sources. 14 to be exact.


All of these statements are easily checked out by googling. Listing sources is a pointless formality.

(not stating that I think they're all accurate, but I do agree with the overall point, and I am very equipped to investigate and adjust the details.)

"Has a rapidly adaptive culture, able to implement changes at a fast pace despite its immense scale."

"A leader in freedom of speech, press freedom [...]"

"Where you have more opportunities than in any other nation"

Are these your idea of a self-evident statement?

I'm not saying that I agree with the individual statements. Just that it's not hard to research and decide the veracity of each of them yourself with minimal effort.

Actually a ton of stuff he's posted in this thread is complete bs, i.e. flat out wrong

Like EU GDP not growing for 8 years, wrong.

Median household wealth being better in the US than Italy, Sweden or Germany, wrong

The US producing more nobel prize winners than the EU, wrong

Statements about the danger of living in Amsterdam, wrong

Canadian gun ownership being comparable to the US, wrong

The murder rate for 99% of US citizens in cities being < 2 per 100k, wrong

Then there's a lot of statements he makes which are so vague, they're likely his opinion rather than substantiated facts, but I can't disregard them altogether as he didn't qualify them. For example the US having more opportunity than any other nation is hard to qualify so one can't even begin to dispute it. But if define what that means by say 'social mobility', which can be qualified to a large extent, and look at social mobility for example, the US is nowhere near the leading country.

And then finally there's a ton of facts which are correct, and they're completely disingenuous. For example he references median student debt at $13k. He doesn't mention that this is the median student debt for all people. i.e. if you graduated in 1970 and still owe $3k in student debt after having paid off tens of thousands already, then you're part of that equation and it hugely understates the debt burden for students. When what you THINK he's talking about is what is the average debt that a student graduates with. And that number is $36k for 2015, much more than his truthful statistic.

The only reference he made is to the OECD better life index, and I'm glad he did because I'm familiar with that index. If he hadn't referenced it I might've taken for granted that he must know what he's talking about. But as I mentioned in another post, here's a little joke: the OECD better life index ranked the bottom 10% of Poland to have a better standard of living than the bottom 10% of Japan and France. And here's the kicker, same with the top 10%. Yes, Poland's bottom and top 10% respectively have better lives than the bottom and top 10% in France. It's a total joke. Of course you could say it's a (giant) anomaly but I've lived in many of the countries in the index in 4 different continents and there's a lot of misguided information there. Like gender equality in the Netherlands being one of the poorest of all studied countries, environment being one of the worst of all countries studied, being one of the least safe countries in the study (even worse than the US), or health being better in Greece than Germany, oh and if you want a good education you better move to Slovenia from the US because the OECD says it's better! I think you get the point, it's a total joke once you look at the individual parameters and the scoring on them.

So yeah some references would've been nice here and there. Not asking for links or anything, but just some reference to a source, like 'OECD better life index' which he referenced and turned out to be nonsense.

Is this a joke?

> 12) Where unarmed minorities are not regularly shot dead by the police

Well, that's nonsense.


In fact it's not non-sense.

The word of emphasis is regularly.

A rough average of 500 police caused deaths per year across 20 years. It spikes and drops by significant amounts by year, but that's a reasonable ballpark average and is near The Guardian's number.

Now break out how many were unjustified uses of force.

Now break out how many were not white (nearly half the people killed by cops are white).

You're talking about maybe 40 or 50 unarmed minorities shot dead by police each year, out of around 140 million total minorities (40% minority base, plus 12 million minorities that aren't citizens). And this is in a country with police that are clearly too violent.

Your odds of being murdered by police, as an unarmed minority, is about one in 2.5 to 3 million. To pretend unarmed minorities are being regularly shot dead by police is beyond ridiculous.

lol, really? https://twitter.com/radmuzom/status/635186717792727040.

Grow up. No one is impressed by this post.

Any technology can be used for both good and bad. There's nothing inherently wrong with technology.

No, that is not true. Look at the atomic bomb for example. The technology here is not just nuclear fission – the bomb itself has a lot of unique technology.

There can be a lot inherently wrong with technology, and there quite often is.

What about all the Peaceful Nuclear Explosions (PNE)? The nuke is extremely destructive and extremely dangerous, but its not inherently wrong, they have been used to close gas wells by the Russians, and I am pretty sure the US had the plowshares program.

There are definitely some arguments that we could have used conventional explosives for those purposes, but my point is that a nuke is just a tool, its the people who decide to use it admirably or despicably.

We might just fundamentally disagree an the whole tool ideology.

Imagine this device: It only has button, pressing it will torture every human beeing in earth for 100 years and then wipe out what's left. Trying to disassemble or analyze it will do the same.

Would this still classify as "just a tool"? (peaceful uses: explaining the importance of restraint etc.)

This is not supposed to be an analogy, but a serious question, because I don't believe that guns dont't kill people. And if we disagree on such a fundamental question, I don't think an internet debate could have a sensible outcome .

I might quibble on the definition of "technology".

For instance, yes, a gun is a tool designed to kill a thing. Some guns are specifically designed to kill people.

But the technology of gunpowder propelled projectiles has peaceful applications. For instance, one of the early uses was to propel a rope to distressed boats and ships so that passengers could be rescued.

Likewise with the hypothetical device you have described. Sure, sounds terrible. But what are the underlying technologies it is built upon? Unless you've tapped into some sort of fundamental evil force of the universe, there are probably some pretty awesome technologies involved, that would have peaceful, useful applications in another device that wasn't so awful.

Guns alone don't kill people (at least if they're not programmed to do so automatically), but as humans sometimes act irrationally, one could say if the population had less guns then there will be less deaths by gun shot.

The sole purpose of a gun is the kill/destroy more efficiently because knives and forks were not.

Nothing really has just one purpose. I admit that the person who built the weapon may have done so with the idea of killing in mind, but nobody can stop me using the gun to crack a nut or scare animals using a blank cartridge. Ultimately is a person (or a machine built as an extension of somebody's will) who points to something and pulls the trigger.

In your hyperbolic example, the tool has no potential positive purpose, so obviously it is only a tool for destruction. I don't think nukes come close to fitting this description, and I don't really understand the purpose of the question, but if it is earnestly asked I will answer it.

I don't deny that nuclear technology has contributed to some of the worst calamities to befall humanity, I simply disagree that they have ONLY done negative things.

Operation Plowshare didn't have much practical application:


Actually, Plowshare succeeded in it's practical applications. They wanted to dig big holes fast, and by god they did. That was when the indirect costs of applying the technology (namely, poisoning the world) became apparent and it was prudently abandoned.

I would use effective to describe what you are talking about. If it were practical, the utility would exceed the indirect costs.

That's a fair statement.

Isn't radioactive fallout a direct cost of the technology?

As maxerickson pointed out, that's true, and I acknowledge the defect in my argument.

But nukes are the reason there haven't been any direct wars between major powers since WWII. Isn't that a good thing?


I like how the guy who thinks Hitler was a good thing because the war he caused spurred a great number of technological (including, incidentally, the nuclear bomb) and societal advances found something that was too utilitarian for his taste after all.

I think by "lessons learnt" he meant learning about the dangers of fascim, racism, nationalism, etc. Not necessarily technological advances.

I think his claim was that the utilitarian analysis is flawed because if you accept it, it may force you to justify Hitler, which is morally unacceptable, so the utilitarian premise that forces you in that direction can't be accepted, and therefore can't be used to justify nuclear weapons either.

I think defending Hitler (millions massacred, world order turned upside down, massive economic damage) is much more utilitarian that defending MAD as a peace-keeping force.

Don't worry. In a thread w/300+ comments a hitler reference was inevitable. Real question is whether humanity is capable of learning the lesson about war in the modern age. Nukes make it so that no leader can start a war without risking their own life. Sending others to their doom is much easier, especially when there's the potential to profit. Censorship on the other hand is a sign of weakness/fear and is eventually self defeating.

> In a thread w/300+ comments a hitler reference was inevitable

Indeed -- it's Godwin's Law[1]!

[1] https://en.wikipedia.org/wiki/Godwin%27s_law

So the murder of 8 million innocent people in gas chambers justified the means of teaching us a "lesson?" That is the sickest thing I've ever heard on here. That attitude is right up there with Stalin, Pol Pot and Mao. You aren't defending the third reich, you're worse; you're intellectualizing the "value" of Hitler. Millions of people killed. Babies grabbed from their mothers and stomped under bootheels. People dissected while stile alive. Woman (and men) raped in unimaginable ways in the name of science. Chemical agents administered to children simply to watch the effects.

Sure, Hitler was "good" in the long run. You should be ashamed of yourself. The ends don't justify the means. Perhaps when the next madman starts up extermination camps, your family ought to be first on the list. Perhaps that would be fitting since, after all, it would be good for Western Civilization.

> gas chambers ... sickest thing I've ever heard ... dissected ... raped ... You should be ashamed of yourself

I've asked you before not to bombard HN with political rhetoric. From an HN point of view, it's tedious, off-topic, and leads straight to incivility, which as you know is the thing that's most against the rules here.

Please really stop.

You misunderstood me. What you said was exactly my point: Just because something bad leads to something good, that doesn't make it good itself.

Don't worry, chronial, the meaning of your post was crystal clear.

Without the Atomic bomb, millions of more people would have died. Thus the Atomic bomb saved lives as well as created a disincentive for Communist expansion during the Cold War. Western Europe would have been a war zone in 1960 if it weren't for the nuclear threat.

Just a caveman assessment of "atom bomb bad, flower good" is intellectually weak. The atomic bomb created a balance of power, the destruction of which would have resulted in countless wars and deaths.

Just a caveman assessment of "atom bomb bad, flower good" is intellectually weak.

A wannabe cold warrior fantasy of "without the nuke, the godless Commies would have put the boot to the civilized world" is just as intellectually weak. I thought this furious jerking off over Regan-era revisionist talking points was passé in the current century.

Name one technology used in a fission device that doesn't have other, non-weapon application.

Weapons-grade uranium.

Stop enriching before it gets to weapons grade purity and it's fuel for a reactor. Fail.

You can make a campfire out of plastic explosives, too. You got an answer to your question and then moved the goalposts. Move on.

I asked what technology in a fission bomb did have non-military applications. He answered with a product (not a technology) for which the technology to produce has other, obvious, non-military applications. He is wrong, your point about plastic explosives is irrelevant sophistry, and no goalposts have been moved.

I'm no expert on the topic, but I think you need essentially different tools and technology to reach the purity necessary for weapons. So using these way more expensive tools to create fuel would be just stupid.

They use exactly the same process and technology (these days either gas diffusion or gas centrifuge). These are iterative processes; you keep running them until you get the level of enrichment you want (<20% for fuel, >80% for weapons). Quit speculating on how you can get the answer you want and try the facts.

This subthread detached from https://news.ycombinator.com/item?id=10102113 and marked off-topic, since it seems to be the root of the flamewar.

We've noticed over and over how generic tangents are the gateway to flamewars. Tangents about something specific ("off-topic, but I once worked with that group...") are often interesting, but generic tangents dilute discussion and not infrequently eventuate in Hitler.

Design can embed intent into an object. Software can embed it very well.


It's worse than either: it's really the government.

I don't see the Great Wall of China as inherently evil. I don't think Chinese people would benefit if we (the west) had free reign to impose all our extreme capitalist beliefs on them. Maybe they are not ready for it.

It's arrogant for us to believe that we are on the 'free' side of the firewall. I don't see how one side is more free than the other - Both sides are subjected to constant brainwashing by various media - Be it at the hands of a suppressive government or those of greedy corporations.

Capitalist beliefs? They're just as capitalist as us, even more so these days (especially in Western Europe).

I am aware of this effect (my wife is Russian) but I would still argue that they are not capitalist in the same way that we are (though they do come across as hyper-capitalist on a superficial level - As in; they are big consumers and they like to show off their social status).

One thing that really surprised me about Russian and Chinese people though is how well they take care of their friends and family (for example, they are often very willing to share their money to help each other) and how genuine they are compared to westerners. I know it's a big generalization but it's something I noticed.

This is a very unique and insightful way to look at it. Absolutely the GFW of china is a huge way to block outside cultural influence ( manipulation and many other unwanted foreign influences )

With that said, I'm of the radical belief that no internet communication should be blocked, inspected, or analyzed etc... but thanks for such a piquant response.

The difference is, we in The West have the right to choose what to consume, or be "brainwashed" by, and China's government chooses for them. Which would you prefer?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact