CloudFlare 跟百度合作進入中國市場

昨天的大新聞,CloudFlare 宣佈跟百度合作進入中國市場:「How We Extended CloudFlare's Performance and Security Into Mainland China」。

在「China network」這邊可以看到各種限制,首先是需要有牌 (ICP) 才能用:

CloudFlare customers that wish to serve traffic for their domains across the China network must possess a valid Internet Content Provider (ICP) license. An ICP license is a Chinese government issued license required to host or cache Internet content within mainland China. Learn more about how you can obtain an ICP license here.

另外是不支援 HTTPS:

For the moment the China network does not support HTTPS traffic (HTTP only). Support for SSL/TLS will be made available in the coming months.

目前只開放給 Enterprise 用戶:

Initially, the China network will be limited to Enterprise customers. Over time, as we are better able to operationalize the onboarding of customers, we hope to extend the benefits to all plan levels.

由於要 ICP 的關係,對於境外網站沒有太多幫助。另外也不確定是不是還是用 Anycast 技術,如果是的話就要煩惱某些網站的流量有機會被導到中國了。

China's Great Cannon:中華大加農

在「China’s Great Cannon」這篇文章裡面把最近 GitHub 被攻擊的事件所使用的武器稱為 China’s Great Cannon。文章裡分析了攻擊的方式、造成的影響。

不過... 我只是對取名的人讚嘆而已,可以參考偽基百科的「先行者」條目 XDDD


Slashdot 的「New Compilation of Banned Chinese Search-Terms Reveals Curiosities」這篇引用了「Some curious search terms denied to the Chinese」這篇文章,在 GitHub 上面有個 repository 試著蒐集這些關鍵字:「jasonqng/chinese-keywords



CloudFlare 的擴張計畫

在 CloudFlare 的「One More Thing: Keyless SSL and CloudFlare's Growing Network」這篇文章裡提到了 CloudFlare 的擴張計畫,其中藍色是已經有的點,而橘色是計畫的點:

雖然是說打算在 12 個月內搞定上面的計畫:

The map above shows all the locations where CloudFlare is actively working to turn up data centers over the next 12 months.


另外看起來台灣也會有點,不知道會放到哪裡... (以及 routing 會怎麼繞)

Adblock Plus 將會把預設的 ChinaList 改為 EasyList China

在「Switching default blocking lists for Chinese users」這邊看到 Adblock Plus 的官方公告,新安裝的預設值將會從 ChinaList 改變成 Easylist China


To make these improvements, we employed three people as part-time authors.

天下沒有白吃的午餐,加上這幾年 Adblock Plus 的「妥協」太多,接下來應該沒事去看一下 ChinaList 的討論,到底兩個 blocklist 的差異在哪裡。

AWS 進入北京!

早上的時候就有看到消息了,而剛剛在 AWS 老大 Werner VogelsTwitter 上看到他宣佈 AWS 北京區的成立:

官方公告在「Coming Soon - New China (Beijing) Region」這邊。中國大陸的官方網站在「亚马逊 AWS | Cloud Computing in China on Amazon Web Services (Simplified Chinese)」這邊。


This Region will allow China-based and multinational companies to make use of a broad collection of AWS services while remaining in compliance with China's legal and regulatory requirements.

要注意的是,目前列出來的服務並沒有 CloudFrontRoute53,只有看到這樣的說明:

We have been working with a number of local data center, bandwidth, and content delivery partners to bring this Region to life. Companies such as China Net Center and SINNET will provide the infrastructure, network services, and CDN services that are required to support the launch and operation of AWS technology services in China.




首先是有攻擊者成功利用 Comodo CA 產生 的 SSL certificate:「Report of incident on 15-MAR-2011」,雖然被 revoke (撤銷),但是我們知道 revoke 機制極度脆弱:「Revocation doesn't work」。

過沒幾天,有人發現 AT&TFacebook 的流量會流經中國 ISP 的網路設備:「Facebook traffic mysteriously passes through Chinese ISP」。