Raspberry Pi As an Ad Blocking Access Point

coop0030 writes "Adafruit has a new tutorial that will show you how to use your Raspberry Pi as a WiFi access point that blocks ads by default for any devices using it. This is really neat in that it would work for your Android or iOS device, your Xbox 360, TiVo, laptop, and more without needing to customize any of those devices other than to use your Raspberry Pi as the access point for WiFi. Using an ad-blocker can be useful for conserving bandwidth, helping out low-power devices, or for keeping your sanity while browsing the web!"

Cue the usual "debate" ...

[jc42]

... in which one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content. Meanwhile another fraction is pointing out the huge waste of bandwidth and human time soaked up by all those annoying ads. And yet another faction takes the "Can't we all just get along" approach, by suggesting that the commercial folks should make their ads less annoying so that people don't suppress them.

Yeah, we've heard it all before, we'll hear it all again, and nothing much will change.

Re:Cue the usual "debate" ...

[Thantik]

This is like people charging $100 for a porn movie. There will always be someone willing to provide it for free. It is a serious overstatement that advertising provides "free content" - the content will be there with or without advertisers because people enjoy the things they enjoy, and like to share it with others.

Re:Cue the usual "debate" ...

[westlake]

... in which one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content.

What is lost is the free content the add blocker wants to see.

Re:Cue the usual "debate" ...

[fustakrakich]

Ad blockers are for free loadin' commie welfare queens out there drivin' down Bourbon Street in their pink Cadillacs and talkin' on their Obamaphones

Re:Cue the usual "debate" ...

If you don't want to block ads, don't block ads. I'll do what I want. Save your two cents.

Re:Cue the usual "debate" ...

one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content.

To this, I reply: Hotels

The odds of my ad blocking putting a website out of business are negligible.
If you're quick with the knife, you'll find the invisible hand is made of delicious invisible meat.

Red in tooth and claw free market captialism swings both ways baby! WOO HOO!

Re:Cue the usual "debate" ...

[CanHasDIY]

... in which one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content. Meanwhile another fraction is pointing out the huge waste of bandwidth and human time soaked up by all those annoying ads. And yet another faction takes the "Can't we all just get along" approach, by suggesting that the commercial folks should make their ads less annoying so that people don't suppress them.

Screw annoyance, my ISP charges by the bit! If that's how it's going to be, then you're damn skippy I want more control over what bits get sent down my pipe.

If the advertisers want to bitch, they should bitch to Comcast/Mediacon/whoever.

Re:Cue the usual "debate" ...

[Entropy98]

Screw annoyance, my ISP charges by the bit! If that's how it's going to be, then you're damn skippy I want more control over what bits get sent down my pipe.

If the advertisers want to bitch, they should bitch to Comcast/Mediacon/whoever.

The websites you visit have their own ISP and they pay by the bit as well.

Re:Cue the usual "debate" ...

[fermion]

Here is what I find interesting. I hear tv people talking about this through various media outlets and one big issue they have with streaming is that they can sell 15-20 minutes of commercials per hour of TV, but less than half that for streaming. Of course watching a tv is a much difference experience than streaming, On a TV value of the commercials are kept by producing commercials that can have an impact even with fast forward, and that people will wander around during the long commercial breaks. On the computer the commercials tend to be viewed.

Streaming is back to the begining of TV when 30 minute shows like the Honeymooners run 27 minutes instead of 22, and hour shows like gunsmoke was 50 minutes. If steaming includes 20 minutes of commericials per hour, then everyone is going to have ad blockers. Just like so many people flash blockers to keep the pollution of web pages.

Re:Cue the usual "debate" ...

[itsownreward]

Great! If I don't suck down their ads then I'm saving us both money!

Re:Cue the usual "debate" ...

[Entropy98]

That's not true, but you already knew that.

Re:Cue the usual "debate" ...

[sjames]

If the ads pay by the click and he will never click as a matter of principle, then he IS saving them money.

Re:Cue the usual "debate" ...

[EmperorOfCanada]

The ad that pushed me into seeking out adblocking technology was an IBM ad where every 30 seconds or so it would make this very sudden and loud woosh smack noise of a golfball being hit. This was the ultimate in MBA crap, golf as a way to draw in programmers? Annoying people to get your point across? This was a double fail. One it drove me into the hands of adblockers, and two I never respected IBM since.

Then you get sites like Answers.com where if the adblocking software was working perfectly the site would almost be blank.

Re:Cue the usual "debate" ...

[Lincolnshire+Poacher]

... in which one faction points out that ads are funding much of the (commercial) Web, and if you suppress them, you won't have all that Free Content.

Free content? I wish.

I pay economist.com more than $200 per year for their excellent news, and they still have the gall to try to bombard me with as many ads as a non-subscriber. Plus a 'subscribe now!' crawl-up from the bottom of the page.

Ads can go to hell.

Re:Cue the usual "debate" ...

Very few ads (Google AdSense being the big exception) pays by the click. Most pay per 1,000 views. Just serving the ad gets the site paid.

Re:Cue the usual "debate" ...

[rts008]

*Stands up clapping and cheering!*

Thank you for that most succinct, cogent, and insightful jewel!
Outstanding!

Standing ovation* :-)

I plan on using that concept in the future for these types of discussions.

Re:Cue the usual "debate" ...

[Entropy98]

The ads are served by the ad companies servers not the website owners.

Does no one on slashdot know how the internet works anymore???

Re:Cue the usual "debate" ...

The ads come from the ad companies servers, not the website you're visiting, you fucking moron.

Re:Cue the usual "debate" ...

" and if you suppress them, you won't have all that Free Content"

Sure I will. I enjoy bundles of free content with no ads. "But what if everyone did this!?" You ask. Well then it wouldn't work out, just like on sundays I like to go buy some fresh bread from our local baker, but if "everyone did this" then it wouldn't work out either. People can keep on crying apocalypse of the address web for as long as they want, but the fact of the matter is that blocking ads doesn't hurt you, and if you find ads annoying you should do so. If major sites will fail in the future, let them worry about it. You don't have a moral obligation to act in a way that will benefit them financially, they need to take care of their own problems, just like a baker with no costumers shouldn't be sending out moral pleas to the local residents telling them that their skipping sunday breakfast is ruining the baking industry as we know it.

Re:Cue the usual "debate" ...

[CanHasDIY]

Really? The websites I manage are paid for by hosting fees... which, at less than $100/yr total, are not unreasonable. I'd wager a lot of people spend more on entertainment in 6 months than I spend in 2 years, managing 10 websites.

Router

[MrEricSir]

Why do you need a RasPi for this? Why not do this in the router itself and save a little bit of power?

Re:Router

[techprophet]

Because everyone loves Pi!

Re:Router

Because we have to find a use for these damn raspberry pis somehow.

Re:Router

[drinkypoo]

The RasPi can be the router, and most routers don't have the grunt force to be a decent proxy. It'd be okay for most handheld devices but otherwise it'd blow.

Re:Router

[jc42]

Because everyone loves Pi!

Yeah, except for the faction that prefers tau. ;-)

Actually, I'd conjecture that when we finally meet intelligent extraterrestrials, we'll find that those who have technology are evenly divided between those whose geeks memorize pi to zillions of places and those who memorize tau to zillions of places (in whatever base they use).

But I don't expect to be around to learn whether my conjecture is correct.

Re:Router

Most router on the other hand have much better I/O for their Ethernet interface where it counts vs USB. :P

Re:Router

Because then they could not post the 1001th Pi-Article on slashdot (this week)... :-@

Re:Router

[drinkypoo]

Most router on the other hand have much better I/O for their Ethernet interface where it counts vs USB. :P

I'll grant you that most routers have much better I/O for their ethernet; even if it is USB-based it's not hard for it to be better than Pi's. On the other hand, many of us have internet uplinks that won't stress the Pi's janky USB.

Re:Router

They are using base 10. There is no doubt about it, whoever they are.

Re:Router

[I'm+New+Around+Here]

The intelligent alien would use base pi.

Then memorizing pi to zillions of places would be easy.

Re:Router

[BitZtream]

My router, which costs less than a RaspberryPi with the additional parts needed to make it capable of this, is far more powerful as a CPU and has ASICs that can handle 5 gige ports.

The RaspberryPi is a SHITTY networking device, pushing 10MB/s through it is almost certain to give you a reboot due to the shitty USB stack and that all networking on it is via USB.

Re:Router

[TheGratefulNet]

too slow.

my choice is an atom (fanless) with intel nic chip (or chips if you want multiple enet ports).

I just bought such a system (jetway mobo that has a daughter card with 3 more intel gig-e nics on it). my wan connection is comcast and I have a 50mbit plan that really does test close to that limit. with the atom inline, I see no insertion loss in terms of lower speed. the 50 stays at 50, with or without the atom inline.

if I want wifi on it, I can go thru ethernet or use the pci-e mini card slot. I prefer an external access point that is mostly just an RF stage going to ethernet. let all the real smarts be on my own router; but let the AP system be best-of-breed when it comes to RF (the new 'ac' for 802.11 speed is something I'd rather do with an external AP box than a pci-e card).

the rasp pi is cute, I have a few and toy around with them, but their usb/ethernet is just lame and I would not count on it, to be honest. its not a very good or strong system.

finally, I'd rather run openvpn (say) on the atom pc vs the rpi. atoms are not great but they're much better and faster than the rpi, and mini-itx systems are pretty damned small. and you can find fanless itx systems.

Re:Router

[drinkypoo]

Like I said, it would be fine for handhelds. Hell, I have a quad-core Android device (rockchip) and it only manages 3MB/sec peak on file transfers with wired ethernet. That, too, is connected via USB, but it's working USB :) Point is, the RasPi isn't going to bottleneck a cellphone. If you're expecting it to keep up with a laptop, that's probably a mistake.

I don't think the RasPi is great for much of anything because of its lack of power control and apparent lack of watchdogging, to say nothing of the missing RTC, WTF? If I were going to use a device of that size/class for something like that, I would use a Pogoplug. They have GigE and they cost next to nothing.

Re:Router

[geminidomino]

Whicch router is that? I'm in the market to replace my very old WRT54G DD-WRT with something that can take a decent aftermarket firmware (something with per-port bandwidth usage would be sweet, to hunt down those annoying gluts that sometimes happen).

Wireless isn't even a concern. Can you recommend yours?

Or you can just run privoxy

[bored]

Privoxy can remove a lot more than just ads served from a given domain/server. It can remove ads served by the same domain/server as the source website, as well as a number of other features that make it pretty nice for speeding up browsing on devices that don't have ad/javascript blockers.

Re:Or you can just run privoxy

+1

Re:Or you can just run privoxy

[Lincolnshire+Poacher]

Privoxy can remove a lot more than just ads served from a given domain/server.

It can for HTTP, but increasingly tracking and ad services are shifting over to HTTPS ( Google Analytics is 100% SSL now ).

Privoxy can't help there, as browsers use SSL Tunnelling when configured to use it as an HTTPS proxy. So it just blindly relays the ads through.

Re:Or you can just run privoxy

[bored]

That is not 100% accurate because privoxy can strip the google analytics calls out of the javascript in the source pages. It can also degrade https to http for questionable domains.

And it can also blacklist whole domains SSL or not, so i don't think there are any cases where you get more functionality with a DNS blacklist.

Re:Or you can just run privoxy

[hobarrera]

Privoxy block HTTP, so it's extremely heavy, especially if you want to place it in an embeded device. Something like adsuck (which works at a DNS level) would better suit your a pi.

Cool...for now.

[Impy+the+Impiuos+Imp]

You mean I will no longer have to click on Slashdot, "Ads Disabled! Thanks again for helping make Slashdot great!"

Seriously, though, this is another utility to download ad server lists, fair enough, but when enough people do this, content providers will just switch to serving the ads directly, the ad companies will forward it to them. The rest is cost negotiation and more Akami (or whatever it is) type stuff.

Re:Cool...for now.

[vux984]

Seriously, though, this is another utility to download ad server lists, fair enough, but when enough people do this, content providers will just switch to serving the ads directly, the ad companies will forward it to them.

Maybe.

The increased costs of serving the ads directly may outweigh the return on the ads, breaking the business model.

Or at least force the ads to be more relevant, less bandwidth heavy, etc...

Both are wins.

Annoying isn't the problem

[cbhacking]

For me, I block ads because they are actually a threat to browsing. In the old days, Flash ads that would pop out a player which extended off the end of the window would crash the browser. These days that's less of a problem, but there are plenty of others still around.

Privacy: advertising is probably the biggest non-government threat to online privacy. I don't really care whether advertisers would respect *my* DoNotTrack headers; I won't even connect to their servers. Supercookies? You'd need to be able to set them, first. Even if a certain site is allowed for some reason, I don't let it see my other browsing history; it gets only a distorted and meaninglessly narrow view.

Security: Advertising networks are one of the biggest problems to online security right now. At least once a month (on average, it comes in waves), one of the web comics I read gets hit with a malicious ad that attempts to serve malware / exploit kits to anybody visiting the site. This has also happened to high-profile reputable news sites and so forth as well. The ad providers don't seem to give a fuck, and the sites serving the ads can't really control the ad content before it's served. Whether it's browser exploits, Flash exploits, Java exploits, embedded PDF exploits, or something else, ad networks cheerfully serve up malicious garbage all the time. You know that advice about "avoid the seedier parts of the web"? Yeah, you can't do that without an ad blocker. Everything is seedy otherwise.

For sites that need money to keep them running, I donate. A few hundred dollars a year in donations is no big deal for me, and it's probably more money than the sites in question would get from my ad impressions anyhow.

Re:Annoying isn't the problem

[PRMan]

This is true. During the Beijing Olympics, one of my co-workers (also a contractor) went to the Chinese medal count page (sent there by NBC.com) and got a virus from one of the ads that infected several machines at the company. He was fired for checking the medal count. I had gone to that page as well, but I was using NoScript, so I didn't load a virus onto the company network and didn't get fired.

Re:Annoying isn't the problem

[elashish14]

Those sites can easily control the ad content before it's served, simply by hosting the advertising content themselves. If they did this, they probably wouldn't get picked up by my Ghostery filters, and they better not unnecessarily use javascript either (99.999% of the web which is written in javascript doesn't need to be). And of course, I block third-party cookies and wipe all other cookies at restart.

Web hosters have decided to use third-party advertisers for convenience. Ease of blocking the content is the price of said convenience.

Re:Annoying isn't the problem

And the advertisers will just take the website owner's word on how many ad impressions they've received. Ad blocking would be made much more complicated by ads and content being served by the same host; if it were that simple, they would have done it by now.

Re:Annoying isn't the problem

[jc42]

... I had gone to that page as well, but I was using NoScript, so I didn't load a virus onto the company network and didn't get fired.

Anyone who surfs the Web from an employer's machine and leaves scripting turned on is just asking for a disaster for which they are held accountable.

This is yet another anecdote illustrating why we should be trying to educate people about and common "dangers" of using the Web. One of the first lessons should be the idea that you don't download code from strangers and let it run it on your machine. Since "scripting" in web pages is code (unlike HTML markup, which isn't ;-), leaving scripting on makes it easy for outsiders to insert software in your machine and run it. And you will be held responsible for the results.

Wow! Amazing!

[wonkey_monkey]

Computer does thing other computers can do!

Re:Wow! Amazing!

[I'm+New+Around+Here]

That was my first reaction.

"Couldn't I do that with one of the old Dell's I have laying around here? Sure, I would have to add a wireless network card (or wired feeding a switch and wireless access point (or how about the spare laptops I've piled up around me? They already have have both the wired and wifi and their cracked screen won't be a hindrance.)) but it's not like this is some magical tech only a PI can do.

.
Okay, part of that is my second and third reaction. But my point stands.

Re:Wow! Amazing!

[spire3661]

That dell will consume an order of magnitude more power. Rapsberry PIs are compelling because they are cheap, low power and flexible. We all have old laptops lying around, but im sure as hell not going to leave my Dothan equipped Dell laptop plugged in 24/7

Re:Wow! Amazing!

[I'm+New+Around+Here]

I'll give you the point on the power. But the writeup seemed to make it out that you need to do this project with a PI, rather than any standard computer that can handle two network interfaces.

Re:Wow! Amazing!

[rts008]

Think outside of the brainwashing box.
Quit thinking like a 'consumer', just inhaling what's force fed to you. We used to be 'customers'.

Use the concept provided and TRULY think about what would be a best fit for you, and make it happen.

The variations are almost endless for this problem.
(hint: think of the 'writeup' as just a suggestion for one of the many solutions, not the one and only solution)

The internet is a vast treasure house of stupefying proportions for knowledge....the winnowing the wheat from the chaff can be a problem, though.

I suggest customer reviews, and a little research to deal with the chaff problem.

Do you have knowledgeable friends/acquaintances? Most would be glad to help you out with advice.

Break out of that 'consumer' (I picture cattle at a feedlot, being force-fed to gain weight for slaughtering for market) mentality, and start thinking like a free, independent individual, instead of part of the herd of consumers...a customer that wants a particular thing either for need or desire....based on your decision, not some marketing department, or ad agency

Use RPZ! / Why Google PDNS / 4.4.4.4 is not GPDNS

[fuzzel]

Instead of shoving a list of addresses into a DNS server (dnsmasq) in this case, it would be better to use RPZ (http://en.wikipedia.org/wiki/Response_policy_zone)....

Next to that:

> Open the file with sudo nano /etc/resolv.conf and replace the contents with the following:
> nameserver 192.168.42.49
> nameserver 8.8.8.8
> nameserver 4.4.4.4

192.168.42.49 = apparently the address of the fake webserver (would be great if they configured that somewhere before making test queries....)
8.8.8.8 = Google Public DNS, no ads maybe but running all your DNS queries through Google is not helping much now does it.
4.4.4.4 = is not a valid DNS server, likely they meant 8.8.4.4 which is the secondary Google Public DNS address.

If you have a DNSmasq anyway, just let it recurse and play caching resolver, much better idea.

> iface wlan0 inet static
> address 192.168.42.1
> netmask 255.255.255.0
> post-up ip addr add dev wlan0 192.168.42.49/24

One just has to wonder which IP the box will be using for outgoing queries, depends a lot on the kernel....
Now if that was 192.168.42.49/32 the .1 would always be chosen, but as a /24 magical things will happen

Etoomanypitholes and lots of people will be bitten.

On a WGR614 v6?

[tepples]

Why not do this in the router itself and save a little bit of power?

Because not everybody's home router 1. is easily customized and 2. has enough memory. I've read that my seven-year-old NETGEAR WGR614 v6 doesn't have enough flash for DD-WRT, and some people don't want to bother soldering, and some other routers are tivoized not to run an unapproved kernel. If I were to replace it with newer hardware, what make and model of home router would you recommend for no more than the price of a Raspberry Pi?

Re:On a WGR614 v6?

[adolf]

Yeah, you're right.

But then there's the obvious counter-argument: Not everyone has a Rasberry Pi and a spare USB WiFi NIC kicking around, either.

If I were to replace it with newer hardware, what make and model of home router would you recommend for no more than the price of a Raspberry Pi?

You didn't set the bar very high, did you?

From adafruit:

$39.95 Raspberry Pi Model B 512MB RAM
$9.95 Adafruit Pi Case- Enclosure for Raspberry Pi Model A or B
$11.95 Miniature WiFi (802.11b/g/n) Module: For Raspberry Pi and more
$5.95 5V 1A (1000mA) USB port power supply - UL Listed
$7.95 SD/MicroSD Memory Card (4 GB SDHC)

== $75.75. Adding first-class USPS shipping (to Ohio) adds another $5.18.

That's a grand total of $80.93 to get enough RaspPi to build an access point (some assembly required). (And you still need an Ethernet cable, and a USB cable for power.)

Or, for $50, shipping included you can get the venerable Linksys WRT54GL. Comes pre-assembled with everything you need except third-party software, which is it is widely compatible with.

For a few dollars more than a pile of Raspberry Pi kit, you can also get an Asus RT-N16. It's a beastly little router for the price, and has a gigabit switch built-in along with 802.11n (2.4GHz only, sadly). It's about as compatible with third-party firmware as the WRT54GL.

They're currently going for about $84, shipping included. Also comes pre-assembled with everything needed except software.

Re:On a WGR614 v6?

[tepples]

Thank you for the detailed analysis and the recommendations. Bookmarking.

Re:On a WGR614 v6?

and at $99, you can get the EdgeMAX Edge Router Lite which can route 1Gbps traffic.
Dual core MIPS, 512 MB DDR2 RAM, 2GB storage and have 3 Gigabit Ethernet port.

RPi is a poor choice for a router as it uses the weakest link: USB for its 10/100 Ethernet. Don't forget, you need to use another USB port to get packet out.
(or use a managed switch with a single arm router) So 2x USB interrupts overhead for routing 1 packet, not a pretty sight.
Broadcom isn't exactly great on their USB in their SoC. They shit all over the place in their router SoC.

Re:On a WGR614 v6?

Or you might buy a nice high-end Buffalo router for $70 that comes with DD-WRT installed at the factory, and under full warranty. No flashing required. And like the Asus RT-N16, comes with gigabit ethernet.

http://www.amazon.com/BUFFALO-AirStation-HighPower-Wireless-WZR-600DHP/dp/B0096239G0/ref=sr_1_1?ie=UTF8&qid=1379122445&sr=8-1&keywords=BUFFALO+AirStation+HighPower+N600+Gigabit+Dual+Band+Wireless+Router+WZR-600DHP

Re:On a WGR614 v6?

I have been very happy with a Buffalo WZR-HP-AG300H that has dual-band wifi and gigabit LAN and WAN ports. I bought it on sale on Amazon for $95 about a year ago, and presumably it is cheaper now or might be replaced by an even nicer model by now. It also has a USB port but I have yet to try to do anything with it. The amount of RAM and CPU in these will put the venerable WRT54GL to shame. Don't buy one of those old museum pieces.

I have found Buffalo's DD-WRT optional firmware to be good enough so that I haven't even bothered to install an OpenWRT build yet, even though I used to compile a custom OpenWRT for my ADSL router at a previous home.

I helped a friend install two of these same Buffalo routers in their home, with one acting as the main router and the other acting as a WDS repeater so that wired LAN clients are bridged to the main LAN off the main router. With dual band, we were able to dedicate one band to WDS and the other to regular wireless clients so that there is no noticeable congestion when the remote wired clients are communicating with wireless clients.

At my place, we run both wifi bands with the same ESSID and it is nice to see that multiple wireless clients will roam back and forth between them and seem to load balance pretty well. Our Android devices and Linux laptops all seem happy to use both bands.

Re:On a WGR614 v6?

[rts008]

Even though I was just lurking, thanks for your comment and links.

This reminds me why I stay on /. after the 'Dice Circus', and why I set up an account back when, after lurking for a few years!

I have learned more about a lot of stuff by way of ./ than I have in many classes/courses of study.

The diversity on subject matter, and expertise and level of knowledge, the 'out of the mouth of babes' moments,...it's all priceless, and justifies the statement that 'the internet has changed the world'.

Back on topic.....
Thanks to you I now feel the need to retire my old 'nix box I've been using as a gateway between my cable modem and router for my home LAN.
  It is becoming increasingly difficult and labor/time intensive to keep this crap out of my network. :-)

Off to the planning stage.....

Re:On a WGR614 v6?

[adolf]

I retired the old 'nix box from routing duty well over a half-decade ago. I got sick of maintaining something with moving parts that -- when it broke -- also prevented me from having Internet access to help me Google a fix. It got replaced with a WRT54GS running Sveasoft (which still works fine, SD card mod and all, though it doesn't get used anymore).

These days, I use an RT-N16 running Shibby. I have no complaints. (And it's a cute little general-purpose headless Linux box in its own right...)

Back to the topic: I don't do ad-blocking at the router. I've considered it, but it seems likely to break lots of stuff in weird ways with the transition between a bog-standard NAT gateway and a magical transparent proxy.

Re:On a WGR614 v6?

[robot5x]

I'd like to vote for the wonderful TP-LINK TL-WR1043ND.

Currently US$53 at amazon, I have it running the excellent Gargoyle firmware and having all kinds of fun playing with user quotas and the QOS. You can put DD-WRT on it too with some cautions.

Re:On a WGR614 v6?

[hobarrera]

So, upgrading a seven-year-old router is out of the question, but buying a raspberry pi to replace it is ok?

Re:On a WGR614 v6?

[tepples]

what make and model of home router would you recommend

So, upgrading a seven-year-old router is out of the question

I never said it was. I tried to make it clear that I was aware that a router purchased to play Mario Kart DS and Tetris DS would probably need replacing by now. I just asked for recommendations on a good model to replace it.

Re:Use RPZ! / Why Google PDNS / 4.4.4.4 is not GPD

[PayPaI]

4.4.4.4 = is not a valid DNS server, likely they meant 8.8.4.4 which is the secondary Google Public DNS address.

It's also possible they meant 4.2.2.[1-6] (of which 4.2.2.4 may be the most popular), which isn't really a public DNS server either, but may be close enough to count as a backup for Google.

Next up

[MichaelSmith]

• How to run ls on the Raspberry Pi
• How to run grep on the Raspberry Pi
• How to run egrep on the Raspberry Pi
• How to run tcpdump on the Raspberry Pi
• How to run ...

Or you can just filter ads with a host file

Filtering ads via the host file is a nice solution
I use the host file (with some minor tweaks of my own) from http://someonewhocares.org/hosts/

Re:Use RPZ! / Why Google PDNS / 4.4.4.4 is not GPD

[BitZtream]

4.4.4.4 used to be a valid DNS server.

> post-up ip addr add dev wlan0 192.168.42.49/24 ... just adds the ip to the interface and sets the net mask to /24. Nothing magical about it, its not really and different than the lines above it really.

RPi as wifi access point is slow

Using mine as a wifi hotspot cuts my internet speed from 4.5MB/s to about 2.0 MB/s. That's without running anything else besides an ssh tunnel into it. I had high hopes for this little device, and it has taught me a lot, but at the end of the day it's a $35 computer.

Ad server spoofing?

[JorDan+Clock]

Could it be used to spoof an ad server? I have used a number of Android apps that will continuously try to reach ad servers if you use any sort of ad blocks, which causes extra battery drain. Could this system be set up to send some placeholders so the app will stop trying to pull an ad?

Re:Ad server spoofing?

[rts008]

Is there an Android version of 'noscript', or 'requestpolicy'?

Disclaimer:
I don't own, or desire, a cell phone, but both of these do well on my desktop with Firefox. (dual-boot: Win7 and Kubuntu 12.04) :-)

AdTrap on CNN

Weird that this shows up as I just saw AdTrap being advertised on CNN.

Re:Use RPZ! / Why Google PDNS / 4.4.4.4 is not GPD

It's a pretty amateur configuration alright. You failed to notice that DNSMASQ's configured DHCP Range includes 192.168.42.49. I haven't tested it but I'm hoping that DNSMASQ is smart enough to *not* serve up it's own address in the dynamic pool.

Slowwwwwww

[BestNicksRTaken]

Silly DNS scripts seems like a bad way to achieve this, Privoxy would be better, and the Pi's ethernet-over-USB setup (and a USB wifi donlge) is going to make this pretty slow.

Why does this have to be a Pi-specific tutorial, you could do this better on pretty much any Linux box.

You'd like this then (vs. other "solutions")

Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers more) by filtering for the IP stack (coded in C & loads w/ OS + 1st net request & 1st resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

(Details + benefits hosts files provide on numerous levels for speed, security, reliability, & anonymity in link)

---

* Cutting out adbanners saves me up to 40% per page on avg via the above (& do a LOT more).

---

A.) Hosts do FAR more than AdBlock ("souled-out" 2 GOOGLE & crippled by default) + Ghostery (Advertiser owned) - "Foxes guarding the henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775

B.) Hosts add reliability vs. downed DNS & protect vs redirected DNS + secure vs. known malicious hosts-domains also -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 & less added "moving parts" complexity room for breakdown,

C.) Hosts files yield more speed (blocks ads & hardcode fav sites - faster resolves vs remote DNS), security (vs. malicious domains serving mal-content + spam/phish links), reliability (vs. downed DNS or vs. Kaminsky vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs/DNSBL's).

---

("Less is more" = GOOD engineering - vs. slowing down already SLOWER usermode browsers layering on MORE in addons that are known to slow 'em down more? I work w/ what you already have in kernelmode via hosts: A tightly integrated PART of the IP stack itself!)

APK

P.S.=> "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

...apk

Why resort to hardware? Use IP Stack!

Via the TCP/IP stack itself & custom hosts files http://hardware.slashdot.org/comments.pl?sid=4211601&cid=44848413 & ANY DEVICE with a BSD derived IP stack (most all, IF not all today) can use 'em: Truly "universal" & ubiquitous!

* "Layered-Security"/"Defense-in-Depth" = a GREAT idea (using both, yours & hosts + other methods)?

NOT ALL ROUTERS CAN DO WHAT YOU SPEAK OF!

(Not enough RAM = cause for LARGER data sets).

The beauty & utility (for you in particular) of my app's that transfer of data it imports for purposes noted below CAN be done easily to a router too since it's just text data (blocking address + host/domain name) easily edited (unlike PAC files, AdBlock regexp lists (total mess), etc.) with less "moving parts" for breakdown, AND, running in a faster level of privelege too, starting LONG before browser addons do (which slow up browsers, fact).

(Thus, adding yet another data source for you to utilize to protect yourself as you see fit using routers!).

APK

P.S.=> Custom hosts files, by themselves, work for ADDED:

1.) Speed
2.) Security
3.) Reliability
4.) Anonymity to an extent

FAR better than other 'solutions' (bought out & crippled by default by advertisers (e.g. - Ghostery/AdBlock) + they're also just plain NOT as capable (ghostery/adblock/request policy) since they don't DO NEARLY AS MUCH FOR YOU, vs. hosts) by far, on far more levels: EVEN SHORING UP DNS PROBLEMS!

(Natively/built-in & TIGHTLY integrated to the IP stack itself, courtesy of the tightly integrated part of the IP stack itself it populates from 12 reputable & reliable sources for the data for that)

Especially since 99.9% of the malicious things blocked are host-domain name based since "fastflux" &/or dynamic dns tricks used to "recycle" & reuse malicious domains malware makers are used which also take advantage of DNS' weaknesses too & so are ads it blocks too (alongside OTHER threats such as spam/phishing link & more)

... apk

You'll LOVE THIS then... apk

http://hardware.slashdot.org/comments.pl?sid=4211601&cid=44848413

* Enjoy, fellow hosts file user!

(Take a read there, & get a BETTER more comprehensive custom hosts file than you've EVER had by using it!)

APK

P.S.=> Using it, You'll get a LOT MORE SOURCES FOR DATA (all reputable & reliable, like someonewhocares, which is 1 of its sources that YOU use) using that app of mine you can even "pick & choose" from if you wish, no less!

... apk

There's this (w/ ANDROID ADB)... apk

Generate hosts & use Android Debugging Bridge (pull command) 4 transfer 2 ANDROID smartphones.

Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) as a filter for IP stack (coded in C & load w/ OS + 1st net request & resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

(Benefits hosts provide on many levels for speed, security, reliability, & anonymity in link)

---

* Blocking ads saves up to 40% per site page on avg via the above (& a LOT more).

---

A.) Hosts do more than AdBlock ("souled-out" 2 GOOGLE & crippled) + Ghostery (Advertiser owned) - "Foxes guarding the henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775

B.) Hosts add reliability vs. downed DNS & protect vs redirected DNS + secure vs. known malicious hosts-domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" room for breakdown,

C.) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed DNS or vs. Kaminsky vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

("Less is more" = GOOD engineering - vs. slowing down SLOWER usermode apps in browsers layering on MORE in addons which are known to slow them down more? I work w/ what you have in kernelmode via hosts: A tightly integrated to the IP stack!)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

...apk

99% of ads != served thus

Advertisers don't trust sites' counts & serve off their servers to count clicks. Nice privoxy does it but it's almost a moot 'advantage' due to how it really works. Only extremely wealthy companies can like Google for example on their own sites which is why other solutions work so well (like hosts files).