Open (More or Less) Post on Covid 153
Jul. 9th, 2024 10:10 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ecosophia
We are now winding up the third year of these open posts. As the phrase "died suddenly" repeats in the mass media like a mantra, statistics for work days lost to illness and all-cause mortality mount up in heavily vaccinated nations, and more and more ugly facts about the official response to Covid spill out into public, we are entering what may well turn out to be the most difficult period of the Covid disaster -- the phase in which denial rises in lockstep with the death rate, and a great many people try not to admit what has been done to them by the people and institutions they trusted. It could get ugly, folks. So it's time for another open post. The rules are the same as before:
1. If you plan on parroting the party line of the medical industry and its paid shills, please go away. This is a place for people to talk openly, honestly, and freely about their concerns that the party line in question is dangerously flawed and that actions being pushed by the medical industry et al. are causing injury and death. It is not a place for you to dismiss those concerns. Anyone who wants to hear the official story and the arguments in favor of it can find those on hundreds of thousands of websites.
2. If you plan on insisting that the current situation is the result of a deliberate plot by some villainous group of people or other, please go away. There are tens of thousands of websites currently rehashing various conspiracy theories about the Covid-19 outbreak and the vaccines. This is not one of them. What we're exploring is the likelihood that what's going on is the product of the same arrogance, incompetence, and corruption that the medical industry and its tame politicians have displayed so abundantly in recent decades. That possibility deserves a space of its own for discussion, and that's what we're doing here.
3. If you plan on using rent-a-troll derailing or disruption tactics, please go away. I'm quite familiar with the standard tactics used by troll farms to disrupt online forums, and am ready, willing, and able -- and in fact quite eager -- to ban people permanently for engaging in them here. Oh, and I also lurk on other Covid-19 vaccine skeptic blogs, so I'm likely to notice when the same posts are showing up on more than one venue.
4. If you don't believe in treating people with common courtesy, please go away. I have, and enforce, a strict courtesy policy on my blogs and online forums, and this is no exception. The sort of schoolyard bullying that takes place on so many other internet forums will get you deleted and banned here. Also, please don't drag in current quarrels about sex, race, religions, etc. No, I don't care if you disagree with that: my journal, my rules.
With that said, the floor is open for discussion.
Re: site blocking
Date: 2024-07-12 07:45 pm (UTC)Re: site blocking
Date: 2024-07-12 08:03 pm (UTC)Non-authoritative answer:
Name: dreamwidth.org
Addresses: 3.221.63.47
3.231.247.77
34.206.235.108
34.231.5.204
Aliases: ecosophia.dreamwidth.org
Re: site blocking
Date: 2024-07-12 09:04 pm (UTC)1) None of those IP addresses work; all return an error in my browser, and I checked them in a regular and a private TOR window.
2) If there was a fixed IP it should have one and only one numeric address, not four.
2) I am pretty sure the answer will be No, because ecosophia is a subdomain of dreamwidth.org, and I don't think subdomains can have fixed IPs.
ecosophia.dreamwidth.org has to bring you to dreamwidth.org, and that host completes the connection.
---
HOWEVER...
If you can get to dreamwidth.org, you can search for the site ecosophia from there, and I am pretty sure it is then ecosophia that resolves the search. That MAY get past any blocking at the DNS level.
I can't test that for sure since I have no problem accessing the site.
Re: site blocking
Date: 2024-07-12 11:57 pm (UTC)It won't work because they are not part of the same network either
Re: site blocking
Date: 2024-07-12 09:45 pm (UTC)Re: site blocking
Date: 2024-07-13 05:11 am (UTC)Modern browsers are very certificate security heavy. Meaning by default it will fail if the name in the URL doesn't match the name in the cert. Which it will not, if you just paste in the ip address. Most modern browsers will let you override, in which case you can proceed and all 4 of the ip's I listed, which anyone can lookup via dns, are assigned to ecosophia and will connect to the default dreamwidth.org site (not ecosophia)
It shows ecosophia as a subdomain for dreamwidth.org as an alias in DNS. Meaning whether you type ecosophia.dreamwidth.org or dreamwidth.org at the network layer it is doing a simple dns lookup and sending you to an IP address.
Higher up the OSI model is the fact that we are http or https (port 80 or 443) and if the latter encrypted. It used to be ssl, but now it is mostly a flavor of tls 1.3 being the most current.
So when an http/s request comes in, it will at the lowest level show the default website for the destination server that you hit, which was determined by IP address through dns. But since almost forever it was configurable that a webserver could redirect, depending on the url path, or the domain/subdomains. Meaning if you wanted http://server.com it might go to 1.1.1.1
But if you wanted server.com/mysite1 it could redirect to another ip, or it could redirect to another folder on the server that lives at 1.1.1.1
Another way to create virtual web servers is by the header. You may only have 1 server, and it lives at 1.1.1.1 but rather than by the path, meaning server.comm/mysite1 and server.com/mysite2, you could configure the same outcome by using mysite1.server.com and mysite2.server.com. With this strategy, both mysite1 and mysite2 through DNS point to the same 1.1.1.1, the web server itself (IIS in windows, apache usually in linux), will redirect to the appropriate folder on the web server by parsing the url you pass.
One way to test getting to ecosophia, since placing the raw IP's that I listed in the prior post will get you to the default dreamwidth site (same as going direct to dreamwidth.org), is to add an entry into your operating system's host record. On windows this record lives in C:\Windows\System32\drivers\etc\hosts
For example on windows after adding (usually have to open editor in administrator mode) the following line to the HOSTS file, it works perfectly. Simply point the browser to ecosophia.dreamwidth.org and it will not use DNS, because there is an entry in hosts, and it will go to that IP that you specified. Then the target web server will respond appropriately because the url has the proper syntax for the domain and subdomain.
Here is the entry example only using the first IP from dns added to the HOSTS file:
3.221.63.47 ecosophia.dreamwidth.org
thanks,
rq
Re: site blocking
Date: 2024-07-13 03:51 pm (UTC)For what it's worth I tried that edit in the Hosts file in /etc on my Linux machine, and it still routes me to dreamwidth.org with a warning about an insecure connection. Are there any Linux geeks in the commentariat who can tell me how to get it to work?
Re: site blocking
Date: 2024-07-13 05:02 pm (UTC)A) First disable and then stop dns. If you just stop it you have to be super fast with the rest of the steps or it will restart by itself. You could also do all the steps, kick off the stop immediately following the ping and browser test but its just easier to disable then enable after.
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
Ping a url like subway.com and you should see an error that there is a temp failure in name resolution
B) Use editor of choice to add the ecosophia line in hosts. Here I'll open with nano:
sudo -i nano /etc/hosts
34.206.235.108 ecosophia.dreamwidth.org
C) try to ping subway.com it fails. ping ecosophia.dreamwidth.org it works. Technically the ping fails because icmp is blocked but it resolves and you see the ip address you put in hosts in the response.
D) open firefox (or whatever browser) and goto ecosophia.dreamwidth.org it resolves and lands at the correct page if your hosts entry for the ip includes the fqdn of ecosophia.dreamwidth.com. Try to go to any other internet site or subway.com and it will fail.
E) enable dns, start dns
sudo systemctl enable systemd-resolved
sudo systemctl start systemd-resolved
This will work even if the DNS name is hacked on the internet in an attempt to prevent access. Keep in mind that many gateways out of an organization can block by hostname or fqdn fully qualified domain name, but they can also block by IP address, address ranges, or dynamically find the current range. For example if dreamwidth is kicked off their current hosting platform and goes live at another hoster that has another set of IPs, it would be trivial to have my block discern that dynamically and find that new IP range and block it.
So this isn't 100% but by preparing such you will get past many attempts to block out a site.
If you go so far as to break you dns to prove this works, don't forget to reenable (step E) it to a valid DNS server else nothing but the fqdn's you put in the hosts file can resolve!
cheers,
rq