Slashdot Mirror
Pakistan Looking For Homegrown URL Blocking System
chicksdaddy writes "Tech-enabled filtering and blocking of Web sites and Internet addresses that are deemed hostile to repressive regimes has been a major political and human rights issue in the last year, as popular protests in Egypt, Tunisia, Libya and Syria erupted. Now it looks as if Pakistan's government is looking for a way to strengthen its hand against online content it considers undesirable. According to a request for proposals from the National ICT (Information and Communications and Technologies) R&D Fund, the Pakistani government is struggling to keep a lid on growing Internet and Web use and is looking for a way to filter out undesirable Web sites. The 'indigenous' filtering system would be 'deployed at IP backbones in major cities, i.e., Karachi, Lahore and Islamabad,' the RFP reads (PDF). It would be 'centrally managed by a small and efficient team stationed at POPs of backbone providers,' and must be capable of supporting 100Gbps interfaces and filtering Web traffic against a block list of up to 50 million URLs without latency of more than 1 millisecond."
Porn, websites that criticize the government, members of Al-Qaeda--that whole country is like a big ole' fun game of hide-and-seek. The government hides it, and you get to seek.
SJW: Someone who has run out of real oppression, and has to fake it.
The sad thing is that the governments in these oppressive countries seem to understand how the Internet actually works.. and manage to come up with actual requirements for filtering devices.
May be Pakistan is the only country that didn't manage to keep this secret. You wait for it and this will be everywhere. I wonder what country would love to block Wikileaks or The Pirate Bay, for example.
May Peace Prevail On Earth
That's because their leaders(or at least many important people in the government) were educated in freer Western nations and exposed to what happens with the freedom of information. Bashar Al-Assad is an example of this.
Just append the urls determined to be unholly to the Koran.
They already have the infrastructure to punish infidels.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
...that this is one of our most important allies in the war on terror. I wonder how much of the billions we give them will be spent on this while we stand idly by. Remember the US of A and its allies have carte blanche to do what we tell others is wrong. Greed and hypocracy make the world go 'round.
Silence is a state of mime.
Why not just block everything and only allow what's whitelisted? Examples to include in the whitelist are Corporations, Universities, and other governmental sites. All others seen as non-islamic get blocked outright. If you're not on the list, you simply fill out a form for internal review and hopefully added to the whitelist.
If they're going for total control, do it right. Better yet, just create an entirely new Pakistani network without any outside peering. A pakistani version of Wikipedia could be translated and updated via an air-gapped network scheme.
And no, I'm not the first person to think of this. I'm not that much smarter than everyone else :-P
Life is not for the lazy.
don't try to solve social problems with technology
Keep on setting those unrealistic expectations
how about this for a famous quote:
"People who say it cannot be done should not interrupt those who are doing it." - George Bernard Shaw
They remind me of our former communist politicians - thanks to their position, they got to visit the West, and they still didn't see. They went back home and continued vilifying things they had seen but hadn't grasped. This is such a similar situation that it's not even funny. Islam is the new communism is the new fascism.
Ezekiel 23:20
Maybe but URL filtering in under 1ms with any sizeable list of URLs is going to be pretty darn impossible. Its pretty tough to do much of any thing to traffic that requires any sort of lookup that fast. I mean DRAM fetch is 5+ns.
Even if you can search your lookup table fast enough keep in mind you are not just comparing values at fixed offsets like NAT and IP Access lists and similar need to you first have to figure out is this traffic http? Locate the host header and read until new line. Non of that is especially time consuming but its still going to be a chuck of that already tight ms.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
1 millisecond is 1,000 microseconds or 1,000,000 nanoseconds. A 2 GHz CPU runs at least one instruction every nanosecond and usually more like 6-12 instructions. As you say, the DRAM fetch is significant, but a well-designed B-tree database already loaded in RAM reduces the impact because of good algorithm design.
It's like an eternity in CPU time.
Of course, you can't write the code in Python, Perl or Ruby. You have to use C++.
Not as difficult as it seems. A Bloom Filter of 60-million URLs would only take up 75MB. With only 64 gigs of ram, you could reliably blacklist billions of URLs in a deterministic amount of time.