Forum    Search    FAQ

Board index » Chat Forums » Political Opinions and Opinionated Posts




Post new topic  Reply to topic  [ 20 posts ] 
 
Author Message
 Post Posted: Tue Jun 24, 2014 8:56 am 
User avatar
Offline
Joined: Tue May 21, 2002 12:00 am
Posts: 12406
Location: The things, they hurt
Just a small update on what's been going on in my corner of the world.

So, China is probably regretting that it ever promised us elections. Back in 2003-4, a very frustrated but unfailingly polite populace took to the streets, bringing about the slow motion collapse of Hong Kong's first post-handover government. China stepped in to squash any hopes of immediate democratic reform, but wound up promising that we would be allowed to elect our own Chief Executive (essentially a glorified mayor) by 2017. It must've seemed a long way off back then. Well, this year, the reforms are supposed to happen.

China seems to have decided that we can vote as long as they get to pre-approve all the candidates. Unsurprisingly, the local democratic parties do not think that a choice between Sock Puppet A and Sock Puppet B counts. A group of activists, calling themselves Occupy Central, insist on open nomination of candidates, and have pledged to spend a week blocking traffic in the central business district this summer if the reform package falls short of their expectations. They've deliberately not applied for a protest permit; it's an act of civil disobedience. (In the last 10 years, our democrats have gotten considerably less polite.) They also arranged an unofficial online "referendum" so that people can express their desire for free elections. That's taking place right now.

If the Powers That Be hadn't reacted, Occupy Central would've probably amounted to a bunch of annoying hippies being annoying. Our democrats are incredibly good at squabbling with each other and have managed to undermine their own online referendum by only offering choices that meet so-called "international standards of democracy", making their poll about as meaningful as one that says: "A: I like puppies. B: I really like puppies. C: I really, really like puppies".

But nope, Beijing freaked the hell out. For months, they've been muttering dark warnings about foreign black hands manipulating our youth, radical splinter groups turning violent, traffic so backed up that people will die in ambulances on the way to the hospital, financial turmoil, economic collapse, a threat to civilization and decency as we know it. Then a couple of weeks ago, they released a so called "White Paper", stating their official position that "All Ur Autonomy R Belong To Us". In not so many words, they basically called us a bunch of brats who don't appreciate how nice they've been to us and stubbornly fail to understand that we only enjoy any of our freedoms because of their generosity. That was exactly what was needed to provoke the average Joe Wonton into supporting the democrats.

Over the weekend, 720,000 people voted in Occupy Central's poll (about 1/5 of the actual electorate). Which by the way, faced possibly the biggest DDoS attack in history. Hmmm... I wonder where that came from? Occupy Central got a company in the US called CloudFlare to handle the web security, and of course they live-tweeted the hacker-fight. I don't understand the technicalities of it, but apparently it was epic.

I'm wondering what China's endgame is. Surely they knew they would piss us off royally. Perhaps they are trying to provoke violence so that they then have an excuse to clamp down.

Top 
   
 Post Posted: Tue Jun 24, 2014 10:10 am 
User avatar
Offline
Joined: Sun May 26, 2002 12:00 am
Posts: 2266
Location: Vienna, Austria, EU
Could be that they saw some foreign development as analogous, and got spooked.

Like propably the Ukraine, where a protest against a specific policy change eventually ended in the overthrow of the goverment. The former goverment there did try to sit out the protests, and when that did not work started to make concessions but always too little, too late, so propably your lords and masters came to the conclusion, that they definitly have to do something different. The options would be either to make a large enough concession fast enough, that they can believably say, they have not been spooked by protests, they always wanted to do things that way, there just has been some miscommunication earlier. Or to launch some attack on the protesters, be it propaganda or otherwise.

And like often with propaganda panic reactions, it does exactly the opposite of what is intended.

Top 
   
 Post Posted: Tue Jun 24, 2014 10:33 am 
Member of the Fraternal Order of the Emergency Pants
User avatar
Offline
Joined: Mon Dec 15, 2003 12:00 am
Posts: 2994
As someone who works in the tech industry, I really want to read a full play-by-play on the DDoS attack; the few tweets they released were entertaining. Apparently, the attack exceeded 300 gigabits per second. Just to get a sense of the scope, the entire English text of Wikipedia is approximately 240 gigabits. The attack volume was basically 1 Wikipedia per 0.8 seconds!

Top 
   
 Post Posted: Wed Jun 25, 2014 5:23 am 
User avatar
Offline
Joined: Tue May 21, 2002 12:00 am
Posts: 12406
Location: The things, they hurt
arcosh wrote:
The options would be either to make a large enough concession fast enough, that they can believably say, they have not been spooked by protests, they always wanted to do things that way, there just has been some miscommunication earlier. Or to launch some attack on the protesters, be it propaganda or otherwise.

My paranoid side wonders if they're trying to provoke a riot so that they can use it as an excuse to clamp down hard, but doing so would be economically and diplomatically costly to them, so they'd have to be pretty desperate to try it.

More likely, they're trying the old divide-and-conquer trick; demonize the Occupiers and convince enough people that resistance is futile that they'll be able to peel off enough moderate democrats from the radicals to get their weak sauce reform package passed. The radicals are saying they'd rather have no reform at all than a fake one, but China's betting that the majority of people would rather have partial progress than none. They're playing chicken and hoping the democrats swerve first.

The funny thing is that China needs this reform to go through because the current system is coming apart at the seams. The local government's credibility is even less than its ability to get anything done, their old coalition of big business and hardcore patriots is disintegrating, the opposition has taken to throwing fruit at officials in the legislature, and every day there's another protest about something. They've had 17 years to figure out that shaking their fists and yelling "You're doing it wrong!" from the sidelines isn't going to make the system work. They probably know they need to try something new, but they will absolutely not risk losing control.

Top 
   
 Post Posted: Thu Jun 26, 2014 10:45 am 
Member of the Fraternal Order of the Emergency Pants
User avatar
Offline
Joined: Mon Feb 18, 2002 12:00 am
Posts: 3167
AOL: drachefly
Location: Philadelphia, PA
AlternateTorg wrote:
Just to get a sense of the scope, the entire English text of Wikipedia is approximately 240 gigabits. The attack volume was basically 1 Wikipedia per 0.8 seconds!


All the text of current pages could fit on 8 DVDs? Really?

Text is small, but there's a whole lot of Wikipedia up there...

Top 
   
 Post Posted: Fri Jun 27, 2014 6:06 am 
User avatar
Offline
Joined: Tue May 21, 2002 12:00 am
Posts: 12406
Location: The things, they hurt
So how hard is it, actually, to throw 10 DVDs worth of data at a single website every second? I've read that they would've needed tens of thousands of zombie computers to pull it off. And how hard is it to fend that off?

Also what the heck does this mean?
Quote:
This is new: Layer 7 HTTPS flood that prioritizes TLSv1/DES-CBC3-SHA, which is CPU intensive.

Top 
   
 Post Posted: Fri Jun 27, 2014 7:45 am 
User avatar
Offline
Joined: Sun May 26, 2002 12:00 am
Posts: 2266
Location: Vienna, Austria, EU
I suppose an escalation is not in the interest of the Chinese Goverment as a whole.

So it could be either that they try to prevent an escalation, by a preemptve show of force (as you suspected) or it could be that a faction in the Chinese goverment figures it could gain from an escalation and it willing to put the interest of the faction over the interest of the whole.

For the latter, i know way too little about internal Chinese politics, to come up with a more detailed theory.

Top 
   
 Post Posted: Fri Jun 27, 2014 8:32 am 
User avatar
Offline
Joined: Tue May 21, 2002 12:00 am
Posts: 12406
Location: The things, they hurt
I don't know much about internal Chinese politics either, but there's been various indications that the hard-asses are in ascendency in Beijing, and there's been a general increase of militancy and paranoia. I hear that crackdowns on dissenters has increased since President Xi Jinping took office in 2012. And then there's been an escalation of China's territorial disputes with neighbours like Japan, the Philippines, and Vietnam. China has decided that it owns 90% of the South China Sea for historical reasons (our ships sailed there in the Ming Dynasty!) and the other countries are all "WTF??!" And they're probably extra jumpy because of a spate of terrorist attacks by Xinjiang separatists. So they probably think of us as one more annoying problem that they wish would go away, or if paranoid, one more weak point for foreign forces to undermine them.

Top 
   
 Post Posted: Fri Jun 27, 2014 11:41 am 
Member of the Fraternal Order of the Emergency Pants
User avatar
Offline
Joined: Wed Feb 26, 2003 12:00 am
Posts: 3411
AOL: Dodger724
Location: Relative Obscurity
Kea wrote:
So how hard is it, actually, to throw 10 DVDs worth of data at a single website every second? I've read that they would've needed tens of thousands of zombie computers to pull it off. And how hard is it to fend that off?

Also what the heck does this mean?
Quote:
This is new: Layer 7 HTTPS flood that prioritizes TLSv1/DES-CBC3-SHA, which is CPU intensive.

Honestly, I have no clue. But it sounds like the DDoS would try to target the computer's hardware in an attempt to make you think the internet was being incredibly slow today. Or something. Again, that is a wild guess.

Top 
   
 Post Posted: Sat Jun 28, 2014 12:35 pm 
User avatar
Offline
Joined: Wed May 15, 2002 12:00 am
Posts: 11381
Kea wrote:
So how hard is it, actually, to throw 10 DVDs worth of data at a single website every second? I've read that they would've needed tens of thousands of zombie computers to pull it off. And how hard is it to fend that off?


How a DDOS works: Imagine for a moment that a server is a bit like an information booth. Every now and then, some guy runs up to the booth, and says "Hi, can I have a webpage please?"

And the server says "Certainly, sir, which one would you like?"

And the customer says "May I have the forum/posting.php page?"

And the server says "Certainly, sir, here you go." and hands over the page.

(In this analogy, the customer is the computer visiting the site). Now, that's when all goes well. A DDOS consists of hundreds, thousands, tens of thousands of customers all turning up at once and saying "Hi, can I have a webpage please?"

And when the server says "Certainly sir, which one would you like?" then the customer runs away. (And often comes straight back and does it again a few hundred times)

When one customer does that, the server just shrugs and carries on. When ten thousand do that every second... well, the results depend on how well the server can handle such overcrowding. If it can't handle the crowds fast enough, then any legitimate queries get delayed by this massive queue of time-wasters, and no-one can use the server.

The reason why it's hard to simply refuse connections from the thousands of fake clients is because they're trying very hard to look like genuine clients until the server has to take a look at them... and even if you can identify and block a few dozen of them, you'll never block all thousand. And the last thing you want to do is fail to respond to a genuine request for information.

Kea wrote:
Also what the heck does this mean?
Quote:
This is new: Layer 7 HTTPS flood that prioritizes TLSv1/DES-CBC3-SHA, which is CPU intensive.


The "Hi, can I have a webpage please?" requests were encrypted (with specifc, named encryption algorithms). To respond to these requests, the server has to first set up the encrypted link, decrypt the incoming message, and then encrypt "Certainly sir, which one would you like?" to send back. All this encryption and decryption needs a fair amount of CPU time, which means the CPU isn't doing other stuff (like responding to other requests).

You know when you do something fairly mathematically intense on a computer (like rendering a 3D image) and the whole computer does everything really slowly until its done? That's what this attack was trying to cause.

Top 
   
 Post Posted: Tue Jul 01, 2014 2:48 pm 
User avatar
Offline
Joined: Tue May 21, 2002 12:00 am
Posts: 12406
Location: The things, they hurt
Huh. So they were coming up with inventive ways to make the server do more intensive pointless busy work. My friend also told me the hackers created a fake voting website to misdirect legitimate traffic.

Also, I just got back from this democracy protest. The march happens annually, but this year there were more people than I have ever seen in my life, and that is saying something. My friend and I waited in the park that was the starting point for an hour and a half, just trying to get into the protest, but got accidentally funneled out of the cordon. We had to take a detour and rejoin the march further downstream. Some other friends who got into in the right spot waited for 4 hours. That was just to get started.

It took us more than an hour to walk 1 kilometer, because there were so many people we could only waddle forwards very slowly.

The organizers, who are usually prone to exaggeration, says there were 510,000 people. The police, who usually lowball, claim there were only 98,600. That's beyond "politically correct underestimation" and well into "what are they smoking" territory.

Top 
   
 Post Posted: Tue Jul 01, 2014 10:15 pm 
User avatar
Offline
Joined: Tue May 21, 2002 12:00 am
Posts: 12406
Location: The things, they hurt
Let's see if we can do some math.

On the most jam-packed section of the protest route, I took about an hour to walk 1.1 km = 0.018 km/minute = 0.3m/s (about 1 foot per second). That sounds about right. After that section, the road got wider and I could finally walk at a normal pace.

Let's say the road space available to the protesters was 10 metres wide for most of that route.

Traffic engineering manuals say that when a walkway is so packed that you can only shuffle forwards intermittently, each person has less than 0.74m2 of space. I can tell you I didn't have 3/4 of a square metre to stand in, so let's say 0.6 m2 per person.

I think the head of the march reached the start of the aforementioned section at around 4 p.m. According to media reports, the tail end of the procession cleared that section at around 10:20 p.m.

If my estimates are in the ballpark, how many people passed through that section of the route? I gotta go to work so I haven't got time to work it out right now.

Top 
   
 Post Posted: Wed Jul 02, 2014 1:00 am 
User avatar
Offline
Joined: Wed May 15, 2002 12:00 am
Posts: 11381
Kea wrote:
Huh. So they were coming up with inventive ways to make the server do more intensive pointless busy work.


Exactly, yes.

Kea wrote:
My friend also told me the hackers created a fake voting website to misdirect legitimate traffic.


You know, that wouldn't surprise me in the least.

Kea wrote:
Let's see if we can do some math.


18 metres per minute. It took 6 hours 20 minutes for the protest to pass a certain point - that's 380 minutes. That gives you a protest that's 18*380=6840m long, almost seven kilometres.

But only 10m wide, so the protest covered an estimated 68400m^2.

As a lower bound, 0.74m^2 per person would give 92 432.4324 people (even lower than the police estimate).

Assuming your 0.6m^2-per-person guess gives 114 000 people in the march.

510 000 people would need 0.134m^2 per person.

Top 
   
 Post Posted: Wed Jul 02, 2014 2:29 am 
User avatar
Offline
Joined: Tue May 21, 2002 12:00 am
Posts: 12406
Location: The things, they hurt
Hmm. I suppose 510,000 was unrealistic after all. The route was just so narrow and movement so slow that it it seemed like a zombie-sardine horde. The cops only allowed the marchers to use 3 lanes of the road. Some university researchers did a mid-route headcount and came up with an estimate of 150,000-175,000, and that seems like the most believable estimate. Not everyone managed to start at the starting point, which is where the cops did their count.

Here is a time lapse video of the march's starting point. I don't know how many people can fill in 6 football pitches what looks like twice over (if not more), but it's crap load of people.

Top 
   
 Post Posted: Wed Jul 02, 2014 3:16 am 
User avatar
Offline
Joined: Wed May 15, 2002 12:00 am
Posts: 11381
Apparently the preferred size of a football pitch is 7 140m^2. Six football pitches twice over is therefore 85680m^2, somewhat higher than the earlier 68400m^2 estimate. (At 10m wide, this would imply a protest moving at 22.5m/s; or, alternatively, at 18m/s this would imply a width of 12.5263m. A couple of metres difference in width makes a huge difference here)

At this total area, 0.74m^2/person gives 115783.783783 people, and 0.6m^2/person gives 142800 people.

...the university researchers sound like they've got a good estimate.

Top 
   
Display posts from previous:  Sort by  
 
Post new topic  Reply to topic  [ 20 posts ] 

Board index » Chat Forums » Political Opinions and Opinionated Posts


Who is online

Users browsing this forum: No registered users and 1 guest

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: