All posts in General

Although, having migrated to .net Core for the most part,we all have to support our older applications using .net Framework. As a part of routine, you may tend to update the .net framework in your application only to find out that your test or even prod (yikes!) do not have the latest framework installed. 

One way to find the version is using microsoft’s documentation here:

https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed

You, look at the complexity, and may just give up. I’ve found an easier place to check the same. And it positively has worked for me every time.

All you need is to browse to a folder path:

C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework.NETFramework

Here’s the structure:

And That’s it. You will see all the framework’s installed on this machine, even a minor version has a different folder as well. Easy on the eye indeed.

How to get multiple TeamCity build agents running on one server.

Found this the hard way, that there is an key thing that needs to be changed before finishing the setup as per teamcity’s official instruction.

First log in to the server where you want the agents to run then open TeamCity from a browser on that box.

Go to the Agents tab.

From the top right of the page choose Install Build Agents then MS Windows Installer.

When prompted choose to run the agent installer. You may have to be an administrator since this will be installing windows services.

Choose the directory where you want the agent configuration and working directories to live. I put them under the TeamCity home directory.

Take the defaults as you work your way through the installer.

The agent directory is being configured.

Here it is important that you choose a unique name and port. The directories should be consistent with your previous choices. You may need to change the server URL and port.

When this popup appears do not click OK yet.

Open an Explorer window and navigate the the launcher/conf directory under the build agent directory you configured above.

Edit wrapper.conf and change the name of the ntservice to match your agent name as appropriate. This is important because each agent runs under a different service and they must have unique names, otherwise only one will connect at a time.

Now you can click OK on the popup.

And choose the defaults the rest of the way through the installer.

If you open Services

You should see the service you named.

The new agent should connect and be visible from the TeamCity Agents page within a few moments.

Repeat the steps to add additional agents.


I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free. Somewhere in the middle is a responsible approach. If they can do it in 140 characters and a link, I’m happy. That is all. No images. No video. No script. No HTML tags. No tracking.

 

Which brings me to Pi-hole. I’m going to keep the intro bits as brief as possible but, in a nutshell, Pi-hole is a little DNS server you run on a Raspberry Pi in your local network then point your router at such that every device in your home resolves DNS through the service. It then blacklists about 130k domains used for nasty stuff such that when any client on your network (PC, phone, smart TV) requests sleazy-ad-domain.com, the name just simply doesn’t resolve. Scott Helme put me onto this originally via his two excellent posts on Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1 and Catching and dealing with naughty devices on my home network. Go and read those because I’m deliberately not going to repeat them here. In fact, I hadn’t even planned to write anything until I saw how much difference the service actually made. More on that in a moment, the one other bit I’ll add here is that the Raspberry Pi I purchased for the setup was the Little Bird Raspberry Pi 3 Plus Complete Starter Kit:

Little Bird Raspberry Pi 3 Plus Complete Starter Kit

This just made it a super easy turnkey solution. Plus, Little Bird Electronics down here in Aus delivered it really quickly and followed up with a personal email and a “thank you” for some of the other unrelated stuff I’ve been up to lately. Nice 🙂

I went with an absolute bare bones setup which essentially involved just following the instructions on the Pi-hole site (Scott gets a bit fancier in his blog posts). I had a bit of a drama due to some dependencies and after a quick tweet for help this morning followed by a question on Discourse, I was up and running. I set my Ubiquiti network to resolve DNS through the Pi and that’s it – job done! As devices started picking up the new DNS settings, I got to see just how much difference was made. I set my desktop to manually resolve through Cloudflare’s 1.1.1.1 whilst my laptop was using the Pi-hole which made for some awesome back to back testing. Here’s what I found:

Let’s take a popular local Aussie news site, news.com.au. Here’s what it looks like with no Pi-hole:

news.com.au without pi-hole

In the grand scheme of ads on sites, not too offensive. Let’s look at it from the machine routing through the Pi-hole:

news.com.au with pi-hole

Visually, there’s not a whole lot of difference here. However, check out the network requests at the bottom of the browser before and after Pi-hole:

news.com.au network without pi-hole

news.com.au network with pi-hole.jpg

Whoa! That’s an 80% reduction in network requests and an 82% reduction in the number of bytes transferred. I’d talk about the reduction in load time too except it’s really hard to measure because as you can see from the waterfall diagrams, with no Pi-hole it just keeps going and going and, well, it all gets a bit silly.

Let’s level it up because I reckon the smuttier the publication, the bigger the Pi-hole gain. Let’s try these guys:

dailymail.co.uk with no pi hole

And for comparison, when loaded with the Pi-hole in place:

dailymail.co.uk-with-pi-hole

And now – (drum roll) – the network requests for each:

dailymail.co.uk network with no-pi-hole

dailymail.co.uk network with pi-hole

Holy shit! What – why?! I snapped the one without Pi-hole at 17.4 mins after I got sick of waiting. 2,663 requests (one of which was to Report URI, thank you very much!) and 57.6MB. To read the freakin’ news. (Incidentally, in this image more than the others you can clearly see requests to domains such as fff.dailymail.co.uk failing as the Pi-hole prevents them from resolving.)

After just a few quick tests, I was pretty blown away by the speed difference. I only fired this up at about 8am this morning and I’m just 9 hours into it but already seeing some pretty cool stats:

Pi-hole-dashboard

It’s also flagging a bunch of things I’d like to look at more, for example my wife’s laptop being way chattier than everything else:

Top clients

Top blocked clients

Wife's laptop requests

So in summary, no compromising devices, no putting your trust in the goodwill of an extension developer, no per-device effort, the bad stuff is blocked and the good stuff still works:

Sponsor message still works

Lastly, Pi-hole has a donate page and this is one of those cases where if you find it as awesome as I have already, you should absolutely show them some love. Cash in some of that time you’ve reclaimed by not waiting for rubbish ads to load 😎

This summer Chinese authorities deepened a crackdown on virtual private networks (VPNs)—tools that help internet users inside the mainland access the open, uncensored web. While not a blanket ban, the new restrictions are shifting the services out of their legal grey area and further toward a black one. In July alone, one popular made-in-China VPN abruptly ceased operations, Apple removed dozens of VPN apps from its China-facing app store, and some international hotels stopped offering VPN services as part of their in-house wifi.

Yet the government was targeting VPN usage well before the latest push. Ever since president Xi Jinping took office in 2012, activating a VPN in China has been a constant headache—speeds are slow, and connectivity frequently lapses. Especially before major political events (like this year’s upcoming party congress in October), it’s not uncommon for connections to drop immediately, or not even form at all.

In response to these difficulties, China’s tech-savvy programmers have been relying on another, lesser-known tool to access the open internet. It’s called Shadowsocks, and it’s an open-source proxy built for the specific purpose of jumping China’s Great Firewall. While the government has made efforts to curb its spread, it’s likely to remain difficult to suppress.

How is Shadowsocks different from a VPN?

To understand how Shadowsocks works, we’ll have to get a bit into the cyberweeds. Shadowsocks is based on a technique called proxying. Proxying grew popular in China during the early days of the Great Firewall—before it was truly “great.” In this setup, before connecting to the wider internet, you first connect to a computer other than your own. This other computer is called a “proxy server.” When you use a proxy, all your traffic is routed first through the proxy server, which could be located anywhere. So even if you’re in China, your proxy server in Australia can freely connect to Google, Facebook, and the like.

But the Great Firewall has since grown more powerful. Nowadays, even if you have a proxy server in Australia, the Great Firewall can identify and block traffic it doesn’t like from that server. It still knows you are requesting packets from Google—you’re just using a bit of an odd route for it. That’s where Shadowsocks comes in. It creates an encrypted connection between the Shadowsocks client on your local computer and the one running on your proxy server, using an open-source internet protocol called SOCKS5.

How is this different from a VPN? VPNs also work by rerouting and encrypting data. But most people who use them in China use one of a few large service providers. That makes it easy for the government to identify those providers and then block traffic from them. And VPNs usually rely on one of a few popular internet protocols, which tell computers how to talk to each other over the web. Chinese censors have been able to use machine learning to find “fingerprints” that identify traffic from VPNs using these protocols. These tactics don’t work so well on Shadowsocks, since it is a less centralized system.

 “Each person can configure it to look like their own thing. That way everybody’s not using the same protocol.” 

Each Shadowsocks user creates his own proxy connection, and so each looks a little different from the outside. As a result, identifying this traffic is more difficult for the Great Firewall—that is to say, through Shadowsocks, it’s very hard for the firewall to distinguish traffic heading to an innocuous music video or a financial news article from traffic heading to Google or some other site blocked in China.

Leo Weese, a Hong Kong-based privacy advocate, likens VPNs to a professional freight forwarder, and Shadowsocks to having a package shipped to a friend who then re-addresses the item to the real intended recipient before putting it back in the mail. The former method is more lucrative as a business, but easier for authorities to detect and shut down. The latter is makeshift, but way more discreet.

What’s more, tech-savvy Shadowsocks users often customize their settings, making it even harder for the Great Firewall to detect them wholesale.

“People use VPNs to set up inter-company links, to set up a secure network. It wasn’t designed for the circumvention of censorship,” says Larry Salibra, a Hong Kong-based privacy advocate. With Shadowsocks, he adds, “Each person can configure it to look like their own thing. That way everybody’s not using the same protocol.”

Calling all coders

If you’re a luddite, you’ll probably have a hard time setting up Shadowsocks. One common method to use it requires renting out a virtual private server (VPS) located outside of China and capable of running Shadowsocks. Then users must log in to the server using their computer’s terminal, and enter the Shadowsocks code. Next, using a Shadowsocks client app (there are many, both free and paid), users input the server location and password and access the server. After that, they can browse the internet freely.

Shadowsocks is often difficult to set up because it originated as a for-coders, by-coders tool. The software first reached the public in 2012 via Github, when a developer using the pseudonym “Clowwindy” uploaded it to the code repository. Word-of-mouth spread among other Chinese developers, as well as on Twitter, which has long been a hub for anti-firewall Chinese programmers. A community formed around Shadowsocks. Employees at some of the world’s largest tech companies—both Chinese and international—work together in their free time to maintain the software’s code. Developers have built third-party apps to run it, each touting various custom features.

 “Shadowsocks is a great invention… Until now, there’s still no evidence that it can be identified and get stopped by the Great Firewall.” 

One such developer is the creator behind Potatso, a Shadowsocks client for iOS. Based in Suzhou and employed at a US-based software company, he grew frustrated at the firewall’s block on Google and Github (the latter is blocked intermittently), both of which he relied on to code for work. He built Potatso during nights and weekends out of frustration with other Shadowsocks clients, and eventually put it in the app store.

“Shadowsocks is a great invention,” he says, asking to remain anonymous. “Until now, there’s still no evidence that it can be identified and get stopped by the Great Firewall.”

Not quite underground, not quite above ground

It’s difficult to know how many people use Shadowsocks. The developers for Potatso and Surge, another iOS client, separately told Quartz their paid apps have gathered enough downloads to make for a lucrative hobby on top of other work. But neither could estimate the popularity of the core Shadowsocks software.

Still, anecdotes suggest that the software has reached at least some people in China who aren’t professional developers. One Shadowsocks user Quartz spoke to says he relies on it to watch videos on Vimeo and YouTube. Both sites are blocked in China, but he visits regularly for his job at a production company.

Another Shadowsocks user, 25-year-old Steffie Chao, told Quartz she began using the software four years ago. While preparing to study abroad, she used a VPN to access YouTube and watch university lectures. When her VPN stopped working, she searched for an alternative and discovered Shadowsocks on a Chinese-language internet forum. She ran it on her computer using some rudimentary coding skills she picked up in a class.

At the very least, Shadowsocks is widespread enough that Chinese authorities are aware of its existence. The government has made some attempts to clip its wings. In 2015, around the time of a parade in China celebrating the 70th anniversary of WWII, Clowwindy posted a messageon Github announcing he had been visited by the police, and would have to stop working on Shadowsocks. And when Apple removed dozensof firewall-jumping apps from its Chinese-facing app store, it didn’t just target VPNs—several Shadowsocks apps were removed as well, including Potatso.

Yet Shadowsocks will continue to live on. That’s in part because the code is open-source, meaning that anyone can maintain, alter it, and release it in a different form (the source code remains on Github, it’s simply more difficult to find there than it was previously).

Should Shadowsocks give us hope for freedom on China’s internet? Yes and no.

On the one hand, it’s unlikely that any Shadowsocks app will ever become as widespread as brand-name VPNs, like VyperVPN or AnchorFree. According to Weese, the privacy advocate, Shadowsocks’s underlying technology is difficult to “scale” business-wise compared to a VPN. That means that even though Shadowsocks might be a better tool for jumping the Great Firewall, VPNs will have an advantage when it comes to reaching consumers.

Not that there’s a lot of incentive for an enterprising Chinese coder to build and promote a “mainstream,” easy-to-use Shadowsocks app. After all, if it gets popular enough in China, authorities could take notice, and there could be serious consequences (link in Chinese)—or more government effort towards figuring out how to detect and block users.

Shadowsocks might not be the “perfect weapon” to defeat the Great Firewall once and for all. But it will likely lurk in the dark for some time.

 

Available on GitHub to download:

https://github.com/shadowsocks/shadowsocks-windows