Jump to content


Photo

What are some interesting things to do with a offsite server/VPS?

vps

  • Please log in to reply
9 replies to this topic

#1 tastywheat

tastywheat

    Primarch

  • Atomican
  • 1,842 posts

Posted 14 January 2017 - 03:05 AM

Hey Atomic,

 

So I recently set up a VPS to work as a Shadowsocks server in order for me to get around internet censorship in China.  It's pretty awesome compared to commercial VPN services using OpenVPN, which are intermittently blocked using sophisticated deep packet inspection by the Communist Party of China.  I'm in the process of setting up a dedicated router running OpenWRT to make the solution even more seamless, but struggling a bit with the implementation.  

 

My background is embedded C, which doesn't translate too well to ~nix.  However, I've started to realise this stuff is pretty intuitive, and there's a world of of open source programs that enhance every day life that I'm completely unfamiliar with.

 

The purpose of posting this thread is to gather ideas about what other people are doing with their servers or VPS, to see if I can stretch the $5USD I pay Vultr any further.



#2 @~thehung

@~thehung

    Guru

  • Hero
  • 8,522 posts

Posted 14 January 2017 - 11:54 AM

i havent heard of Shadowsocks.  so its some kind of fancy socks5 proxy? 

 

what are the advantages vs SSHing into your box?


no pung intended

#3 tastywheat

tastywheat

    Primarch

  • Atomican
  • 1,842 posts

Posted 14 January 2017 - 11:57 PM

i havent heard of Shadowsocks.  so its some kind of fancy socks5 proxy? 

 

what are the advantages vs SSHing into your box?

 

Yeah, exactly that.  

 

Main advantages are giving local apps 'clean' internet, like Dropbox and my mail client, which would otherwise be blocked.  It's also something I can use on my phone for social media, and Google services (all blocked in China, including the play store).



#4 Jeruselem

Jeruselem

    Guru

  • Atomican
  • 13,579 posts
  • Location:Not Trump-Land

Posted 15 January 2017 - 08:41 AM

The great Chinese firewall is stopping your productivity I guess.

Cortana at your service


#5 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 19,919 posts
  • Location:QLD

Posted 16 January 2017 - 09:42 AM

 

i havent heard of Shadowsocks.  so its some kind of fancy socks5 proxy? 

 

what are the advantages vs SSHing into your box?

 

Yeah, exactly that.  

 

Main advantages are giving local apps 'clean' internet, like Dropbox and my mail client, which would otherwise be blocked.  It's also something I can use on my phone for social media, and Google services (all blocked in China, including the play store).

 

 

I like using DNS-IP tunneling.

 

It's stupid slow, but it gets you 'free' internet where internet wouldn't otherwise be free.

http://code.kryo.se/iodine/

 

All those 'kiosk' and 'hotel' internet points are suddenly free.


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#6 tastywheat

tastywheat

    Primarch

  • Atomican
  • 1,842 posts

Posted 16 January 2017 - 11:59 AM

The great Chinese firewall is stopping your productivity I guess.

 

It does to some extent unfortunately.  I work as a teacher, and there are a lot of great teaching and learning resources online.  I can't use them, because they're either permanently blocked (Khan Academy, TEDed, various science channels on Youtube), or intermittently blocked (Most foreign News services, Wikipedia/Simple Wikipedia whenever a sensitive topic or edit comes up).  

 

A way around it for some things is for me to contact the content creators for permission, download them, vet them through the school CPC member, and then reupload them to Chinese friendly sources (in the process of changing this to a local VPS).  Some channels have been awesome in giving me permission, but bigger organisations like Khan Academy and TED haven't responded.


Edited by tastywheat, 16 January 2017 - 12:54 PM.


#7 @~thehung

@~thehung

    Guru

  • Hero
  • 8,522 posts

Posted 16 January 2017 - 01:50 PM

still dont quite get it.

by 'clean' internet do you mean that you are using a Shadowsocks client to tunnel individual apps to a Shadowsocks server on your VPS, or ALL traffic (rather than mucking around with socks settings per application)?  are you using SSH to the box, or going straight to the proxy (coz thats the only way it works?)?  

you could, for example, use socks via SSH alone, on port 443 for good measure, and tunnel all taffic using something like ProxyCap or Freecap.  

what specificly does Shadowsocks bring to the table?  does it get around some the problems listed here: http://blog.zorinaq....ewall-of-china/
 


Some channels have been awesome in giving me permission, but bigger organisations like Khan Academy and TED haven't responded.

 

why is permission important.  do the CPC goons even care about that? 

 

its fair use, both morally, and in an overarching legal sense.


no pung intended

#8 tastywheat

tastywheat

    Primarch

  • Atomican
  • 1,842 posts

Posted 16 January 2017 - 05:55 PM

still dont quite get it.

by 'clean' internet do you mean that you are using a Shadowsocks client to tunnel individual apps to a Shadowsocks server on your VPS, or ALL traffic (rather than mucking around with socks settings per application)?  are you using SSH to the box, or going straight to the proxy (coz thats the only way it works?)?  

you could, for example, use socks via SSH alone, on port 443 for good measure, and tunnel all taffic using something like ProxyCap or Freecap.  

what specificly does Shadowsocks bring to the table?  does it get around some the problems listed here: http://blog.zorinaq....ewall-of-china/

 

I'm new to this, so I'm probably explaining it poorly, in addition to misinterpreting your previous question.  However, I'm keen to learn, so correct me where I've got it wrong.  This is my understanding of how it works:

 

I have a VPS running a Shadowsocks server on port 8000.  The current setup has a client running on my local machine communicating with the server over port 8000, and forwarding traffic via a local SOCKS5 proxy on port 1080.  I can tap into this using either a proxy setting per application, but I prefer to configure my network connection to route all traffic through the proxy.

 

My initial reason for going with Shadowsocks was based on other people suggesting it was the best solution (i.e. not really based on objective reasoning), and the fact there were simple to configure mobile clients available.  I now understand it to be almost exactly the same as running a SOCKS server via SSH, with a slightly different implementation of the SOCKS5 protocol.

 

Shadowsocks cuts down on some of the overheads, and works for both TCP and UDP connections.  Where a SOCKS5 packet from a client to a server might look like this:

+-------------+--------------+------------------+---------------------+----------+
| Version No. | Command Code | Destination Port |      IP Address     |   Data   |
+-------------+--------------+------------------+---------------------+----------+
|      1      |       1      |         2        |       Variable      | Variable |
+-------------+--------------+------------------+---------------------+----------+

A packet from a Shadowsocks client would look like this:

+--------------+---------------------+------------------+----------+
| Address Type |      IP Address     | Destination Port |   Data   |
+--------------+---------------------+------------------+----------+
|       1      |       Variable      |         2        | Variable |
+--------------+---------------------+------------------+----------+

(Numbers shown represent bytes of data)

 

There also appears to be some additional optimisations for speed, which I don't yet fully understand.

 

why is permission important.  do the CPC goons even care about that? 

 

its fair use, both morally, and in an overarching legal sense.

 

Zero concern is given to legal or copy-write issues.  It's all about control, and exposing the students to ideas that could harm the established order of things.

 

Every school has a party member assigned to supervise operations.  It's written explicitly into my contact that I can't discuss Taiwan, Tibet, Xinjiang, Falung Gong, Tiananmen square (referred only as the 6-4 incident with no other context), and a bunch of other stuff, at any point, inside or outside of school, with current or former students, or else I my contract will be terminated, my residence permit cancelled, and I will be deported at my own expense.  My understanding is that this is a government requirement for my particular province, and every foreign teacher here will have the same clause.

 

It's not illegal for me to access foreign content, but it's potentially illegal for me to distribute it (i.e. show it to my students) if it's deemed to be:

  1. Inciting to resist or breaking the Constitution or laws or the implementation of administrative regulations;
  2. Inciting to overthrow the government or the socialist system;
  3. Inciting division of the country, harming national unification;
  4. Inciting hatred or discrimination among nationalities or harming the unity of the nationalities;
  5. Making falsehoods or distorting the truth, spreading rumors, destroying the order of society;
  6. Promoting feudal superstitions, sexually suggestive material, gambling, violence, murder;
  7. Terrorism or inciting others to criminal activity; openly insulting other people or distorting the truth to slander people;
  8. Injuring the reputation of state organizations;
  9. Picking quarrels and provoking troubles;
  10. Other activities against the Constitution, laws or administrative regulations

 

 

To put this in perspective, a blogger here was recently jailed for making a video that suggested people should do more to tackle local air pollution.  The video had mostly sensible claims, but made the mistake of suggesting that the government could do more to regulate polluters.  It went viral, government officials 'lost face', so they jailed the guy (citing clauses 5, 7, and 9 from the list above), to send a clear message about who was in control.  I tried to find the news story, but of course it's been censored as well.

 

It's very fucked up in these contexts, but in an era of fake news propagating without challenge, the resurgence of Pauline Hanson, movements like Reclaim Australia, and Donald Trump as US president, I'm starting to question from a utilitarian perspective the outcomes that are associated with free speech.


Edited by tastywheat, 16 January 2017 - 06:02 PM.


#9 @~thehung

@~thehung

    Guru

  • Hero
  • 8,522 posts

Posted 16 January 2017 - 06:28 PM

well, i cant say i fully grasp the stuff in the page i linked.  i just thought maybe you had tried vanilla ssh and found it throttled in a similar way, and hence were using Shadowsocks for that specific reason.  my (lazy) googling on Shadowsocks has so far turned up very little between the overly simplistic and brutally technical.

 

on the topic of permission, i just meant if organisations like Khan Academy and TED etc dont give you permission, while its nice to have, meh...


no pung intended

#10 @~thehung

@~thehung

    Guru

  • Hero
  • 8,522 posts

Posted 19 January 2017 - 11:11 AM

okay, things to do?  heres what i would want to do

set up wordpress on it, and lock it down with a free membership plugin, so that you can have fairly good control over public and private areas, and a persistent external place for your friends and family to read your bullshit and post to, (perhaps even automatically from their social media via various WP plugins).

also, run an image gallery software on your server and a WP plugin for that.  useful for dumping every damn pic to, with a streamlined way to include them en masse or selectively in blog posts.

then,

i would want to *try* running a separate WeChat account in android emulator where you live, either on a VM or on another box.  and then find a way to script the automatic uploading of photos from that file system through your proxy to your external image server.  that way, any photo you take or are sent on WeChat you could easily dump to your VPS on the fly by just forwarding it to the other WeChat account.

and things of that ilk
 


Edited by @~thehung, 19 January 2017 - 11:13 AM.

no pung intended




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users