Skip to content

Instantly share code, notes, and snippets.

@raydiak
Last active June 21, 2021 20:16
Show Gist options
  • Save raydiak/c29ce56cd942a38851a9d695bc80f76a to your computer and use it in GitHub Desktop.
Save raydiak/c29ce56cd942a38851a9d695bc80f76a to your computer and use it in GitHub Desktop.
This is the primary documentation site for the Raku programming language. The
other subdomains as well as raku.org itself work as expected, it is only the
documentation site which is impacted. There is no content on it which could be
misconstrued as malicious whatsoever. The operator and I have compared packet
captures from both ends of the same TCP conversation, and determined that the
failure happens when something between our two ends mangles the TLS handshake,
starting with the client side behind an Xfinity connection receiving a TCP
payload of 256 FF bytes instead of a valid TLS ServerHello in response to the
ClientHello. Only a small percentage of other members of the global Raku
community have reported this issue, all in the United States. My research
indicates that this is typically a symptom of a website being blocked by Xfi
Advanced Security.
I'd like to point out:
- This bizarre form of packet mangling is completely unnecessary to provide
service and/or to block a website, from a technical standpoint
- Tampering with the packets of secure network connections is a violation of
various federal wiretap and computer crime laws in the United States
- There appears to be an egregious number of legitimate websites across the
internet being blocked in this way, which constitutes a violation of several
state-level net neutrality laws
Please stop illegitimately blocking docs.raku.org, and pass the above three
points on to your superiors.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment