Slashdot Mirror
Beating Censorship By Routing Around DNS
jfruhlinger writes "Last month, the US gov't shut down a number of sites it claimed were infringing copyright. They did it by ordering VeriSign to change the sites' authoritative domain name servers. This revealed that DNS is subject to government interference — and now a number of projects have emerged to bypass DNS entirely."
People tolerated the US controlling ICANN because we were viewed as impartial, or at least less partial than an international organization. But this raises considerable doubt as to whether or not the US should still be allowed that level of control. Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries, to throw that away now so that we can preserve a dieing industry is troubling to say the least.
There's always the old stand-by: the hosts file.
the article says and even links to the fact that the US Government busted people selling counterfeit or pirated goods. selling a pirated copy of a movie is not the same thing as sharing it. it's a real criminal offense
Up next... BGP. We can't let the Chinese upstage us in our censorship efforts.
I am becoming gerund, destroyer of verbs.
This would be great for PPV! The two biggest economic powerhouses battling it out over who can censor the internet to a bigger degree. They money would practically print itself!
The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.
The same applies to the former DNS provider for wikileaks, visa, mastercard and anybody else who stopped doing business with them just because they got a call from some government dude accusing them of illegal activity.
HTML is obsolete. It's time for a new, simpler and richer markup language.
...is govt mandated DNS servers. You go thru theirs, so that can track every hostname you resolve and presumably visit, or if you try to circumvent then that'll become a crime.
It seems like there are potential problems here. With 4LW, I still need to memorize a set of 4 unrelated words for each site, and there's basically a single point of failure. Plus, as the article points out, it assumes a single domain name per IP address, and also IPv6 will complicate things.
P2P DNS seems like a good idea, but getting DNS from random services seems open to attack. One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing. I don't know that I really understand IDONS. I mean, to be totally honest, I'm not sure I really understand any of these alternatives.
Of course, you're going to need some kind of DNS. Things will only get worse when IPv6 gets going. Ideally I'd like to see something that is decentralized, includes record signing, allows for SSL public keys to be kept in DNS records (thereby eliminating most of the need for CAs), and does not allow for domain squatting or phishing to such an extreme degree. Anything fit that bill?
Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries,
Historically, meaning what? thirty years ago? Now we have special places where you can go to protest and no one will have to hear you. We have laws against saying bad things about food, for crying out loud. Free speech is for the rich. If you own a media empire, you have some semblance of free speech. Otherwise, you only have freedom of speech until you say something that someone with money and/or power doesn't like.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Removing the main DNS entry is really quite pointless: anyone who really wants to get to the site can just enter the IP into the browser. DNS is simply "syntactic sugar" to make websites easier to remember.
While it's true that removing a DNS entry will stop a lot of people from getting to the site at first, eventually the IP will start going around, and anyone who really wants to will be able to access it again.
All the world's a CPU, and all the men and women merely AI agents
we were viewed as impartial
We? So you were the one who ordered the takedown? Because it certainly wasn't me.
Be careful of using the term "we" to desribe the relationship between government and the common man. Government and the people are NOT one and the same, no matter how loud the politicians scream. Every little thing that government does counter to your wishes is proof to the contrary.
On the one hand we have people championing DDOS attacks on websites via vigilante action which inflict damage to innocent websites on the other hand, many of these same people are protesting a government with properly issued warrant shutting down websites.
The question is, for those that support the former, and not the latter, exactly what kind of society you are really wanting where laws are meaningless and mobs rule? I'm sure you're fine with it until the mob ruling isn't your kind of mob. What then??
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
let's also have an open, distributed, trustable system for ssl certificates where I don't have to line the pocket of a Versign or other agency to have SSL communication. Ever try to get Android or such to work with SSL gatewayed systems, can be very painful the current way
Instead of re-inventing the wheel Why not try out a existing darknet in the form of Freenet http://freenetproject.org/ or i2p http://www.i2p2.de/
We currently believe the best way to create a stable environment for TLDs is to enact a central authority. We know this will cause much argument within the community, but we have made the decision that we believe will be best for the continued development of this project.
http://dot-p2p.org/index.php?title=Main_Page#Announcement
Really?
Dilbert RSS feed
Apparently, even the Treasury Department can't print convincing 100 dollar bills now.
That's right, sit there and let the cognitive dissonance from the implications of that one seep in.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
A year ago I ordered something from ebay and it was counterfeit. The seller refused to take it back and ebay refused to refund for something like 90 days. I was so pissed I sent a letter to the FBI with names and addresses. I received a nice phone call from the SF FBI office telling me that they did not have enough staff to go after anything less than $10,000 and typically more like $100,000, He also told me they have a handful of agents working inside ebay.
I told the ebay people they were clearly a bunch of criminals themselves and they decided to refund me immediately.
I love amazon.
Can anyone suggest a better system for outing the tiny fraction of bad guys? The current system is clearly not very effective. Chopping off the head because the fingers are slippery is not how a society should work.
I will create a sig when innovation restarts in the U.S.
Someones hit count must be low.
You can say anything you like, and will never be arrested.
You might (might!) be sued, since that is what that law is about. But it's not specifically against the law to say anything you like.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing.
I would have kneejerk replied "try the web of trust", but that's under attack as a consequence of the actions of the U.S. Transportation Security Administration. The OpenPGP global web of trust relies on some users traveling hundreds of miles to key signing parties so that they can extend the web of trust by meeting well-known people living far from them. Otherwise, if Alice is trying to communicate with Bob, but nobody living near Alice has gone to a key signing party with someone living near Bob, they can't verify each other's keys. But the TSA with its "Rapist-scan" backscatter machines and "gate rape" pat-downs is making it hard to travel such distances.
reputation is a maths problem that hasn't been solved yet . anywhere.
Depending on your system wi-fi on Linux was difficult up through around 2003-5. And it's still not perfect.
E.g., A DVD-1 of Debian Squeeze (two months ago) doesn't contain some of the files needed to enable wi-fi. To get it working you need either some other install disk (DVD-2?) or a hardwired connection.
OTOH, I'm more bothered by the way it mismanages power when on battery. I know there are answers out there, but switching to Ubuntu was an easier answer.
I think we've pushed this "anyone can grow up to be president" thing too far.
...or something a lot like it. Ive been using I2P for over a year and the more censorship and surveillance fiascos I see in the news the more invaluable it seems.
1. 'The issue is due process.'
What about coping with an absence of due process? What about communicating and organizing around the need for due process? You need a way around centralized control in the first place in order to bring pressure to bear and undermine establishment false propaganda.
2. 'DNS is being abused and IP addresses blocked'
Some anonymous networks like I2P overlay a virtual mesh topology over the Internet's topology of centralized control points. Each I2P node employs onion-like routing and uses public keys as addresses. Though the popular DNS services on I2P could censor domains, access to the addresses cannot be blocked (and its easy to change to a different DNS provider anyway)... plus even physical eviction from a real-world uplink and IP address cannot make you give up your I2P key address (you always keep your same I2P identity until you alone erase/replace your key).
3. 'A certificate cartel is abusing their power'
See #2 above. On a net like I2P, your net address is a crypto-verified identity as well. A side-benefit is that all links (except proxies leading outside the I2P net) are secure.
4. 'Use Freenet'
Freenet tends to lack in speed and in the types of applications you can use it for. I2P is like an anonymized Internet, flexible and relatively quick. Also see this post that contrasts Tor with I2P.
5. 'Use P2P DNS'
If the P2P DNS project believes a central authority is required for their vision, then they can still be taken out by a government or small group of governments. OTOH, their central authority over I2P could be a nice backup to the simple and switchable I2P DNS.
Further, even sites and users that have been removed from I2P's usual DNS sites can still participate in P2P applications like bittorrent.
http://216.34.181.45/ DNS averted.
I am Bennett Haselton! I am Bennett Haselton!
so their method is to add hosts to a domain name? lol hilarious
OK this is DNS and the internet, Due process by whom under what laws? The US is not the internet, removing names against IP address is not the place of any one country.
How about putting an A or AAAA record in a reverse DNS zone, so your site ends up looking like http://2.0.192.in-addr.arpa/ or whatever. There is no registry involved with the delegation of those reverse zones, so it would be alot more difficult for anyone to interfere with it.
I am a lawyer and this constitutes legal advice and I shall indemnify you against any losses arising from taking it.
Maybe a wizard can supply the details, but it seems we could just host our own DNS file. I would think it could be set to allow review and rollback.
You know eventually the governments will take control over "the internet". The opportunity to monitor our transactions, email, IM, books, video, music, news, comments etc. is irresistible to them. We may as well start building darknet now (or send me an invite if I'm late).
The reason we subjugate ourselves to law is to better procure justice. If law does not accomplish this purpose then it m
Of course, you're going to need some kind of DNS. Things will only get worse when IPv6 gets going.
Why do you need some kind of DNS actually? Do you have DNS for phone numbers? You don't, you just have phone numbers you'll never remember and you don't have to because your phone does that for you.
DNS is overrated. With IPv6 and no shortage of adresses the only ones who *need* DNS are those who badly want you to remember their spiffy domain names, so they can put it an ads.
But of course doing away with DNS wouldn't change anything. If your IP gets grounded, you're fucked anyway and you can't host your stuff elsewhere then and just point your domain name there.
The problem is not a technical one and there won't be a technical solution to it.
for those who don't want to click, that's simply the IP for slashdot.org itself.
Interestingly, the Firefox URL bar displayed "http://slashdot.org/" once I actually went to the link.
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
... like this: http://3626153261/
now we need to go OSS in diesel cars
And you'd need to extend the Hosts file and get a daemon to update it, you'll just end up rewriting the wheel. by icebraining (1313345) on Thursday December 09, @02:37PM (#34505262) Homepage
No, you don't. You can go to mvps.org http://www.mvps.org/winhelp2002/hosts.htm and they update theirs once a month typically and you can download a fully current hosts file there. Updating yours once you download it is as simple as overwriting %windir%\system32\drivers\etc hosts file you already have. On Linux, it's not much different, except that you use sudo dolphin (KDE) to get added rights to overwrite the hosts file you already have there to update it.
Additionally, there are applications that do it for you automatically, and iirc, HostsMan is one such that will update a HOSTS file easily enough remotely. I think it's even mentioned at mvps.org in the download link for the hosts file there in fact.
All this P2P and encoding crap, but nobody thinks to simply archive the last valid result!
I call it the WHOIS Wayback Machine. If you think a particular site is at risk, submit it to all the WWMs you know of and let them do a lookup every week or so and permanently archive the results. When a domain get seized, look up the last valid IP, edit your HOSTS file, go to the site, and update your bookmarks with the new URL.
This could also be done locally for sites you frequently visit. Anyone want to code the browser extension? Heck, it's probably already been done.
The US a terrible example of a world power - except the others are far worse.
i think this shows we've already created our own monsters of the id...
Once a month! Do you really think that's enough? DNS records change all the time. Not all of them, but enough to make that list obsolete in a couple of days." - by icebraining (1313345) on Friday December 10, @04:13AM (#34512138) Homepage
Well - For blocking out known bad sites, that's "adequate" (that's mvps.org's schedule though - I do it FAR MORE FREQUENTLY, as far as blocking of sites that harbor malware exploits)...
However, the HOSTS file can be used to do more than just that though in "hardcoding in" your favorite websites IPAddress - to - domain/host name equation for more speed, & blocking out known bad sites is a part as I noted it above... so is blocking out adbanners (good OR BAD ones http://apcmag.com/microsoft_apologises_for_serving_malware.htm).
(See, icebraining - You're ONLY hitting on 1 use of a HOSTS file only here, in noting hardcoding the "IPAddress-to-Domain/Host Name resolution" into them for more speed, which also gives you the speed advantage of avoiding DNS request roundtrip time, & also the security advantage of avoiding DNS request logs tracking too - HOWEVER, custom HOSTS files are also a great layer of defense vs. being malware attacked by malicious scripts known bad sites have too).
Personally, I use mvps.org's lists for update vs. adbanner servers, & also known bad sites... I use them, alongside MANY others also (see below):
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)
And yes: Even SLASHDOT &/or The Register help!
(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhacker others online that is... not ALL do!)).
2 examples thereof in the past I have used, & noted it there, are/were:
http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500
For blocking out adbanners &/or known bad sites? I do updates from the above sources, everyday (working on one now as I write this)
---
NOW: For more speed to my favorites for my top 250 "favorite sites" (like this one)?
The same program I wrote that does this as well:
1.) Removes duplicate HOSTS files entries
2.) Trims trailing blanks (which a SELECT * DISTINCT ORDER BY query leaves in say, Access, because no VARCHAR exists (like mySQL, Oracle, SQLServer, DB2 etc. have))
3.) Alphabetizes the entries in my HOSTS file
4.) Changes the blocking IP address used from 127.0.0.1 (std./stock loopback adapter address, slowest & largest read of the lot here), to 0.0.0.0 (better in speed/size for reads, & just as compatible as the loopback), to 0 (smallest & fastest of the lot, but, only works in Windows 2000 SP#2 onwards/XP/Server 2003 (used to in VISTA up to 12/09/2008 MS "Patch Tuesday", & it no longer does after that on Windows VISTA/Windows Server 2003/Windows 7))
My custom HOSTS updating program (APK Hosts File Grinder 4.0++) also "Pings" my list of my fav. sites (read up from a text file into a listbox) to keep them curren
"This story is about "Beating Censorship By Routing Around DNS" and you talk about malware and favorite websites. Sigh." - by icebraining (1313345) on Friday December 10, @11:05AM (#34514588)
Yes, & I did cover how HOSTS files get you around the hassles in DNS, as well as DNS request logs also for more "anonymity" and speed too as well as security!
(DNS has seen either bugs like the Kaminsky flaw, and others too, which there have been more than just one, & redirection poisoning? It STILL happens -> http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ & even "gets the best of" security pros, as happened to SECUNIA.COM last week)
That didn't affect ME though! Why/How?? Simply due to my use of HOSTS files hardcodes of my fav. sites into my HOSTS file, as I noted in my init. posts here you replied to & others this past 2-3 weeks now in which you & I have discussed this before already!
I.E. -> I reached the actual site for SECUNIA.COM when it was redirect poisoned in DNS, NO PROBLEM, & I didn't have to wait for subordinate DNS servers to get the CORRECTED updated propogation of the IPAddress4SECUNIA.COM to its Domain/HOSTS name either. I was there all week correctly due to hardcodes of FAVS in a HOSTS file (double-verified by PING & WHOIS also on these)))
---
"Homepage Why do I still reply?" - by icebraining (1313345) on Friday December 10, @11:05AM (#34514588)
I don't know: Perhaps you LIKE when I disprove your points, point-by-point, as per usual? LOL... just kidding! Perhaps you're a "sado-masochist" (just ribbing, not serious here).
It's good solid debate though when you & I have these debates/discussions on HOSTS vs. DNS (or even AdBlock), others reading can GAIN by it...
(Others here have ADMITTED that hosts are EFFECTIVE VALID SOLUTION in discussions you & I have been in too (vs. DNS hassles, over Adblock alone, etc. before, even, here -> http://tech.slashdot.org/comments.pl?sid=1891254&cid=34407138 ))
I am NOT alone in this. Especially here on /. ...
(Though the advertisers &/or malware makers don't LIKE I do this & show others how to I imagine, it's done by myself, for the common good is all, for end users).
---
"This is NOT about blocking websites, in fact it's about PREVENTING from being blocked." - by icebraining (1313345) on Friday December 10, @11:05AM (#34514588)
I covered that though, with hosts file hardcodes of your fav. sites' IPAddress - to - URL equation... did you "skim" over that?
---
"And no, the Hosts file is NOT a good replacement for DNS." - by icebraining (1313345) on Friday December 10, @11:05AM (#34514588)
It's a great supplement, & you're failing to note I use both DNS (OpenDNS or ScrubIT) and HOSTS files (and adblock too)... it operates FASTER than DNS roundtrip resolution times, it's easy to maintain/update, & it's NOT SUBJECT TO DNS HASSLES (see some above).
This way, I or anyone that uses a CUSTOM HOSTS FILE, goes not only noticeably FASTER online than DNS allows, but also protects them also, for security.
I merely "Extoll all virtues" of HOSTS files usage.
---
"In fact, the DNS was invented to surpass the limitations of the Hosts file, which already existed." - by icebraining (1313345) on Friday December 10, @11:05AM (#34514588)
I know that, but it comes with its share of problems, and in security (as well as performance, see above)... I know how to "get around it"... for more speed, more security, & some added "anonymity" (vs. DNS request logs @ least, since for my fav sites I use HOSTS h
(DNS has seen either bugs like the Kaminsky flaw, and others too, which there have been more than just one, & redirection poisoning? It STILL happens -> http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ & even "gets the best of" security pros, as happened to SECUNIA.COM last week)
That didn't affect ME though! Why/How?? Simply due to my use of HOSTS files hardcodes of my fav. sites into my HOSTS file, as I noted in my init. posts here you replied to & others this past 2-3 weeks now in which you & I have discussed this before already!
I.E. -> I reached the actual site for SECUNIA.COM when it was redirect poisoned in DNS, NO PROBLEM, & I didn't have to wait for subordinate DNS servers to get the CORRECTED updated propogation of the IPAddress4SECUNIA.COM to its Domain/HOSTS name either. I was there all week correctly due to hardcodes of FAVS in a HOSTS file (double-verified by PING & WHOIS also on these)))
And how did you get Secunia's IP address in the first place, to put in Hosts? And what if it was your first visit to Secunia?
I never said the Hosts file wasn't useful. I said "it's not a replacement for DNS". Using both is NOT an argument against what I said.
I covered that though, with hosts file hardcodes of your fav. sites' IPAddress - to - URL equation... did you "skim" over that?
So that works for the what, dozen of websites you can manually manage and update? What about the millions that you haven't even accessed before, all of which can be blocked before you try to access them?
Which is why I also note I use ScrubIT & alternate it with OpenDNS... if that's invalid? It's going to have to be updated & have it propogate to all subordinate servers is all (kind of like the ISSUE SECUNIA.COM saw: There was "lag time" in updates to subordinate recursive DNS servers, for their CORRECT IPAddy-to-HOST/DOMAIN name resolution updates in the DNS record).
OpenDNS isn't slow to progagate. OpenDNS forges results to show you advertisement when you "mistype" the domain. Or do you think that "this-domain-does-not-exist-stupid-opendns.com" actually exists?
P.S.=> You've just pointed out a flaw in DNS right there, mind you... thanks, you're only helping me make a stronger point for the case of using HOSTS files in fact, in doing so... your point along with the hassles in DNS I put up above? It's HOSTS files all the way for better speed online, more security, & even added "anonymity"... & you want to read this too, I think:
No, I didn't. You just have to choose a DNS server that doesn't suck. Oh, and I get speed using a caching DNS resolver, no need to manually manage domains.
I do use Hosts, for a couple fake domains I use. It's useful. It's NOT a replacement for DNS.
Dilbert RSS feed
"I never said the Hosts file wasn't useful. I said "it's not a replacement for DNS". Using both is NOT an argument against what I said." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage
FIRST: Can you show us where I had EVER said "HOSTS are a replacement for DNS"?
With that little tidbit from you, for the 2nd time now? Well - You're trying to put words in my mouth I never stated, first of all... so, please - DO show us where I state that HOSTS are a "replacement for DNS", ok?? Thank you.
(I said HOSTS are an excellent SUPPLEMENT to DNS, especially in cases where the registrars pull the DNS record, as is the case here in this article in fact!)
ADDITIONALLY:
You're missing the point entirely here: Let's use a quote from Mr. Oliver Day of SECURITYFOCUS.COM in that regard (since this is about "blackholing" the site's you're trying to reach @ a DNS level):
A RETURN TO THE KILLFILE by Security Columnist Mr. Oliver Day
http://www.securityfocus.com/columnists/491
Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):
"Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites."
Read that, read what this article's about, & then realize this: My espousing the use of "hardcoded favorites" of your fav. sites IPAddress - to - Host/Domain name equations IS DOING JUST THAT (the "DNS PROOF METHOD OF REACHING SITES" Mr. Oliver Day of SECURITYFOCUS.COM speaks of here!)
---
"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage
Aha - SO THE "TRUTH COMES OUT", eh?
---
"It's useful." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage
Aha "again": THAT'S ABOUT ALL I EVER WANTED TO HEAR OUT OF YOU..., along with your showing us I stated HOSTS are a REPLACEMENT FOR DNS... please, show us where I ever once stated that.
"OpenDNS isn't slow to progagate." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage
They ALL are, there IS TIME TAKEN for that to happen between DNS servers "synching up"... even SECUNIA.COM noted it here:
"Due to standard DNS caching at some Internet Service Providers, some users may still be redirected." FROM -> http://secunia.com/blog/153/ (the "horses mouth", no less - so much for caching servers, which YOU YOURSELF USE NO LESS & YOU'RE SHOWN QUOTED IN IT BELOW NO LESS)
---
"So that works for the what, dozen of websites you can manually manage and update?" - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage
Absolutely: Nice to see you ADMIT THIS TOO IN FAVOR OF HOSTS FILES, @ last... I love it!
(It's not just "dozens" I do this with in seconds mind you, but literally hundreds (could be thousands, but I don't visit that many sites that regularly)).
---
"What about the millions that you haven't even accessed before, all of which can be blocked before you try to access them?" - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage
There's always alternate sources online for almost anything you could ever want to know/read/download etc. many times, so, there you are... & IF they're KNOWN purveyors of exploits/malware etc.? I get notice from the sources I use to block out such malicious sites, & I even posted my sources
In Windows (since Mandrive provides Linux variant folks a way? You can do the following:
1.) HOSTSMAN - this is a program that does a lot for a user of hosts files, "automagically" (you can get it here -> http://www.mvps.org/winhelp2002/hosts.htm (a reputable & reliable source for UPDATED hosts files, no less... the only thing is does over a program I wrote (for my own personal use is why, I quit the shareware/freeware game around 2004 is why)) is "remote updates" of your HOSTS file, via HTTPGET functionality.
2.) Barring the above? IF you have mySQL installed, & I'd use this over Access (no VARCHAR variable type is in Access afaik)... & you can import a HOSTS file into a table with a single column in it you created of type VARCHAR (this allows you to NOT have "trailing blanks" up to the longest record remaining in the table's entries on exportation BACK to a de-duplicated HOSTS file). You can issue a SELECT * DISTINCT /ORDER BY make-table query. This will remove duplicate entries in your HOSTS file, and order them alphabetically too. Export your query result into your NEWLY CREATED HOSTS FILE (minus duplicates & ordered too).
APK
P.S.=> I wrote my own application for this back circa 2001-2002 & improved it lately (faster code by far, better algorithm/engine), into "APK Hosts File Grinder 4.0++" in late 2005 (it's a multithreaded application written in the FASTEST string-processing language around, Delphi 7), & it does all of the above, & THEN some:
1.) It changes the blocking IP address from the largest & slowest type (127.0.0.1) into the faster & smaller/more efficient ones (0.0.0.0, just as compatible as 127.0.0.1 but incurs NO "loopback" operation, & smaller/faster than 127.0.0.1 per each line record entry in your HOSTS file by 2 bytes per line, which matters in LARGE hosts files)
2.) It orders the entries alphabetically
3.) It removes duplicated entries, effectively "normalizing" the HOSTS file.
4.) It "pings" a list of your favorite websites in SECONDS to their proper IPAddress - to - Hosts/Domain names (for faster access to these sites, & to avoid redirection attacks on DNS servers, OR IF/when DNS servers crash or are taken down, you will STILL get to your fav. sites online, AND avoid DNS request log tracking too (bonus)).
And, more... apk
http://yro.slashdot.org/comments.pl?sid=1903798&cid=34559886
Why was that modded down, & most of all, with NO technical justification as to WHY?
APK
P.S.=> Yes, we know about the trolls around here, that truly have nothing better to do, and they take their inadequacy & years of being taken advantage of and taking it from others.
We also know that they lack the technical knowledge in computing to effectively dispute points other make in posts here.
All you have, are your effete "mod downs" with no technical justification whatsoever, & that just makes me LAUGH, hugely...
Yup - must have been /.'s "std. trolls"... apk