As pointed out by blibble, the blocking is almost certainly due to Mr. Angry having got himself onto a list of open proxies somewhere along the line; any effort directed at tor, whether masking, restricting, or outright blocking, is in my experience always aimed at exit nodes only - because there's simply nothing to be gained by blocking relays.
Note that I have no particular insight into this specific case, but have opered on irc.perl.org for some years now (and was freenode staff for a while) and am working based on a >95% correlation with previous similar cases that I've dealt with myself.
Please read the transcript in its entirety. Specifically the latter parts about trade agreements and bi/multilateral negotiations. Placement of liability (w.r.t. the US common law) makes reform hard to envision yes, but that is just a minor concern in the bigger picture.
The surveillance state was never intended to stop terrorism, it is the true terrorism.
This malice cannot be explained by incompetence.
The guide does mention using a read replica to replicate from, an intermediate RDS instance between your offsite, but I've had no trouble replicating directly from the master instance.
One thing they don't cover is replication over SSL. AWS has failed to mention this shortcoming in the docs last time I checked. To have MySQL replicate over SSL, the master and slave both need an SSL certificate signed by the same CA, which would require you to obtain a cert+key signed by the AWS RDS CA.
Of course you have the option of tunneling the replication connection into a haproxy or stunnel running on an ec2 instance, but that has it's other shortcomings. You can't use the ELBs, since you can't register the RDS instance with an ELB.
Why do you think so? Let's assume I have complete control over a TLD zone file (.com), into which you inserted the DS records of your DNSSEC-signed domain (example.com). Let's say my goal is to MITM users connecting to https://www.example.com relying on DANE for trust of TLS certs.
I surely cannot modify the records in your signed zone because I don't have your KSK/ZSK private keys. What I can do instead is preparing a duplicate of your zone, signed with a freshly-generated KSK/ZSK pair; in that zone, I will change only the DANE records (or also the A records, depending on the kind of MITM attack I need to mount), and I will sign everything with my new keys. Then, I start MITM'ing my target so that:
* DS records replies for example.com contain the DS record for my own KSK/ZSK keys.
* NS records replies for example.com direct to my own nameserver (or even simply MITM the glue records, depending on the nameserver setup).
* My nameserver will reply as authoritative for example.com, and will serve the modified zone, which will be fully DNSSEC validated.
As I understand it, the "friction" induced in your finger is purely a sensation. I mean how much force can it actually apply to your finger?
Also, the actual nature of the surface isn't altered - I wonder if you have two sensations at once?
Personally, I've been waiting for this for a long time... touch-typing on a screen (as it is common today, iphones and androids being ubiquitous) sucks, as you mistype regularly, even as you look at your screen.
