So as we all know the kickoff video is streamed on Twitch.tv but the only problem with that is my school blocks it! It looks like it might be unblocked on our mentor’s computer in the shop! That’s great and all but we reserved the LGI in our building to watch it on the “Big Screen” and I don’t think that computer will have Twitch.tv unblocked! This makes it hard for 100 people to see the kickoff video as it will only be available on 1 user account on 1 computer!
So my question is as follows:
Is there another website that streams the kickoff video? My mentor says he thinks that NASA streamed it but I think that was before my time!
As we all know there are ways around the school filter but as this is a very important day for all of us I don’t really feel comfortable relying on a VPN to skirt the block!
If anyone has any suggestions about what to do (Or a really good VPN) I’m all ears!
You could also look into a VPN such as HotSpot Sheild. Most schools infrastructure doesn’t block encrypted data so you should be able to use twitch through it although you will have advertisements. I know we used it the last two years at our school.
As an IT Tech that works for a school district, I echo everything Eric said. You need to contact your tech department. I can’t speak for all school IT departments, but from my experience our number one goal is to further excellence in education, and will do what we can to accommodate that. Unblocking Twitch for a specific machine over the weekend should be a trivial matter that any reasonable IT manager would approve.
Another +1 for this, because this is the correct answers. Most IT departments are staffed by reasonable people that will make changes if there’s a legitimate school purpose. We put in a request with the school that hosts SCRIW to disable the school’s wireless security system, so it won’t try to shut down the robot networks.
That said, the other step in the process is to test this stuff in advance. We made the request for SCRIW this year, and they said they made the change–but whatever they did in advance of the event didn’t work. Fortunately, we also had the foresight to ensure IT staff were on the premises this year so they were on it as soon as the issue was discovered. It may be worth making a similar request given the size of your crowd.
As well, I manage the IT department at the high school and I firmly believe legitimate use of the schools network is why any IT person in education is there.
That said…
The biggest thing to do is get the communication started with your tech cadre EARLY!
Depending on how your school/DOE/state operates there might be much more involved with opening up access.
In our district there are several layers of protection that would need to be addressed… For us, the state owns the network so they have their firewalls, then the DOE adds theirs, and in our case, the internet service provider has theirs…
So for me to open up sites that are blocked, I have to find who is blocking it.
Many times it is a combination.
The second biggest is to test… I suggest asking for two windows of access. First one to test the system setup as intended to run and verify it actually does. The second is your event with the same setup.
Hope you are able to get this setup easily.
Aloha!
For us kick off is at 5am and I download it onto a flash drive and bring it in for our kickoff party we host for the local teams later in the morning!
{After watching it live at home with my Kona coffee, of course!}
Although I know methods to bypass the blocked websites on most systems… I would not recommend that. You could get in trouble with your school for bypassing what they set in place.
I would talk to the IT department or whoever manages the internet control, and tell them what you need to do, when and why. If you do not think they listen or for some reason you cannot, ask your mentor to say it.
We have the same issue with Twitch. I recently contacted FIRST and requested a test link. They provided me with the following:
“We will again be using twitch.tv for the broadcast of the kickoff video. We heard from many kickoffs last year that it worked quite well. We will not be running a specific testing period this year. Instead, we ask that you try this link: https://www.twitch.tv/videos/113503595. If you are able to view and hear this video using the same equipment that you will be using on Kickoff, we are confident that you will have a successful viewing.”
I emailed our tech department and requested that the link and Twitch be allowed for the day and they were able to grant the request. You may want to request that it is open for a day or so before so you can test it out.
My understanding is it’s an AirTight system (or some competitor to that). End result is the connection between robots and the field AP pretty much gets drowned out as a rogue network as ping times go through the roof. This, obviously, is not conducive to running a robotics competition.
(This also flummoxed 2815, as they kept having problems with their own robot in their own school after coming back from summer break in 2016 and couldn’t figure out why. Needless to say, their robot radios were whitelisted very soon after.)
Here are some key pieces of advice, having run into the same problem in the past:
DO NOT find ways to go around your school’s web filter, that is an easy way to get your organization, and especially your faculty advisory, on the bad side of some really important people in your district.
Be patient and pleasant with your district IT staff. Web filters are required as part of the federal law that provides the eRate pricing that helps finance the enterprise-level internet connections school building need. These staff members are bound by a whole set of policies and procedures, but will do there best to help you.
Suggest that they white list as little as possible for as short of a window as possible.
Invite one of their staff, of if your district has a dedicated A/V person, to the kickoff to be the sole operator of the computer. This can help limit risk for the district because access to the displayed computer is limited to key members of district staff entrusted to make decisions like this.
Overall, remember that frankly, Twitch should most certainly be blocked by any High School’s web filter. You are not the first to have this problem, and honestly FIRST is the party making the bad decision here. Have your event coordinator contact FIRST so that they keep hearing that this decision is having a real effect on the ability for local schools to host Kickoff events.
If you connected to Twitch with plain old non-secure http, this could help. But Twitch redirects all non-secure attempts to connect to its secure (https) server. That’s where it gets complicated. If you’re connecting with https, firstinspires.twitch.tv and Twitch would almost certainly be indistinguishable. Your browser connects to an IP address (like 50.112.196.159,) which may be shared by many hostnames (like twitch.tv or firstinspires.twitch.tv), then secures the connection, and then gives the hostname and the path beneath it that it wants to retrieve. Once the connection is secure (encrypted between your browser and the server,) the content filters can no longer monitor it. It can’t see the hostname you request to decide whether to pass it or not.
Alternately:
If you’re trying this on a school-controlled system,
and the school has installed its own SSL root certificate-authority certificate
and the content filter forces all connections to transparently pass through it
the content filter can pretend to be the other server (twitch.tv), secure its connection with your browser, and accept your request. If it approves of the URL you request, it will connect to the other server, pretending to be you, secure its connection to the server, pass along your request, receive the response, and pass it back to you.
(You see, the certificate-authority certificate allows your school’s filter to pretend it is any other system it wants to be. In the security community, we call this a “man in the middle attack”. So your school can pretend to be Twitch. It can also pretend to be Google, and capture your gmail credential. Or pretend to be your bank, and capture your banking credential. So be careful what you connect to from a school computer.)
Thus, either way, firstinspires.twitch.tv doesn’t give you anything that Twitch does not. You will have to work with your school’s IT people. If this is not possible (gone for winter break) or they are uncooperative, you will have to find alternative methods to connect.
If you have trouble, make sure to tell FIRST about it. Because right now, they think it’s okay.
The benefit to using a subdomain as opposed to a URL directory for the stream is that the content filters in place now use a combination of DNS lookup, SSL cert (which is visible prior to encryption), and timing to detect the destination of a connection. (This is useful when a SSL cert is issued for *.twitch.tv as a wildcard.)
With the filter in place a lookup for firstinspires.twitch.tv could be whitelisted and allow the near-timed connections to the *.twitch.tv. It would also allow them to DNS-block or whitelist other twitch.tv domains/streamers.
This may assist with some content filters, but not others. Our district’s filter only operates on http/https traffic (or what it presumes to be such,) but DNS is untouched. (Matching a DNS request to an http(s) connection via timing doesn’t sound like a reliable filtering method, anyways. I could skirt that by running a caching name server on another host, and point my resolver at that.)
Amusingly, firstinspires.twitch.tv does exist, but it only has mail exchange records. No A or CNAMEs that would make it useful for your use case.