The Miami-Dade Public Libraries, where I tend to hang out on Saturday afternoons because that is where the kids’ chess club meets, has a nice new new free wireless service but it’s infested with about the most restrictive web filters and port blockers it has ever been my misfortune to encounter.
Not only do they block digicrime.com, but they block download.com. And many other harmless sites also. And of course they block the archive.org versions of those pages too.
The library PC’s in the adult section of the library also operate under this highly censored regime. But when one tries to reach a blocked web site on one of those machines one gets an informative error message, and it is possible to request an override code from a librarian. In contrast, the wireless blocking happens in an a most uninformative way: Trying an http connection to a blocked site on the wireless access produces a long delay, followed by this informative popup:
The connection was refused when attempting to contact 192.168.99.32
How many people are likely to know that 192.168.xxx.xxx means a local network, meaning something has intercepted one’s request?
Even armed with the knowledge that one’s browsing is blocked, one is still out of luck: at present the library has no means to override the blocking for wireless users. We can of course use a desktop (if one is available they’re quite popular), and ask for an override code; this workaround means that the blocking has a decent chance of skirting the First Amendment rules that constrain library content censorship.
And did I mention that anything other than port 80 (http web access) and port 443 (https secure web access) appears to be blocked too? I am unable to telnet or more importantly to ssh to my mail server. Why on earth should the library block me getting my email? Indeed it in was the search for a proxy tunneling tool that I hit the download.com block; there may be a method to their madness. (Is there a way to do ssh over http?)
The branch librarians are sympathetic, especially about the blocked sites, but they don’t control the filter list or the wireless port blocking policies. And they don’t get “ports” at all. All that computer stuff is handled by some distant, faceless, unresponsive central administration. So my requests for changes to the policy, so far, go unheeded, including written requests a week ago to unblock a site, and open port 22.
Only mildly relevant links:
Miami-Dade Public Library Internet/Workstation Policy
Miami-Dade County Liability Disclaimer and User Agreement (which states, notably, “Anyone using this system expressly consents to administrative monitoring at all times by Miami-Dade County and its authorized agents and contractors. You (User) are further advised that system administrators may provide evidence of possible criminal activity identified during such monitoring to appropriate law enforcement officials. If you (User) do not wish to consent to monitoring, exit this system now.” This would be a good exam question for someone as it suggests a rather broad waiver of the right to anonymous speech…)
There’s no reason you can’t run an ssh server on either port 80 or port 443, it just means you can’t really run a webserver on the port you choose. There is, of course, nothing “special” about any of the ports. You don’t need to do ssh over http, just run ssh on port 80 or 443. The only other option that I can think of off the top of my head, is to have a port forwarder on computer X forward, say, port 443 to port 22 on computer S, which is running sshd. But there may be another way.
The trouble is, I don’t want to run an ssh *server* in the library, I just want to run the *client* to connect to a vanilla server elsewhere…
I don’t mean to run the sever in the library. You run, on whatever computer you wish to connect to, the ssh server on a port other than 22.
sshd under Unix has a -p command line option that lets you pick whatever port you want for it to listen to (it’s also in the config file). You can then tell your ssh client to connect to that port (80 or 443 in this case) instead of 22. Of course, this won’t work if you don’t have root access to the ssh server computer. Or if you need to run a webserver on both 80 and 443.
Regarding archive.org being blacklisted, see my old censorware report, sadly marginalized:
The Pre-Slipped Slope – censorware vs the Wayback Machine web archive
Why on earth should the library block me getting my email?
why on earth should a public library give you access to your own private email account?
It’s just a library for chrissake.
Please see the sequel: Kudos to the Miami-Dade Public Library.