I have to admit that it doesn't seem like you're arguing against anything that I'm actually saying at this point.
From the get go, my response has been that your suggestion implies a false sense of security, that has really been the only thing I have pursuing (can be noted by the numerous times I have repeated it even). In my last post, I have now sufficiently explained why it is a false sense of security, something which you seem to be completely ignoring in your responses over and simply dismissing under the guise that 'security is layered' as a reason. I have explained with an example why your layering is in-effect meaningless in your example. I have even gone as far to suggest an online alternative for privacy concerns (which I didn't want to do).
I also agreed that security isn't perfect and even pointed out that my suggestion isn't a perfect solution either.
Since I'm getting bored of this "debate"
I would be bored too if I were just dismising a point instead of discussing it.
Security is a process, with a large continuum of relative success. The entire process depends on locating risks and minimizing their impact.
Congratulations, you defined 'security' in a way some "cyber" security experts do.
This is of course, irrelevant to the point that you are regardless providing a false sense of security. Your suggestion does nowhere mitigate sufficiently what you're implying.
Your entire statement is a textbook example of letting "perfect" be the enemy of "good enough".
It only seems that way because you're outdated. Have you ever considered that if Google was that interested in that data, they had many other avenues that didn't require client side code to access it?
I mean, when you consider how many sites support logging in via your Google+, Facebook, Twitter account, not to mention the various 'apps' that link with them, they have share buttons that are hosted from those hosts (so even if you're not logged in via their SSO, your authentication cookie can still be tracked through that share button image), do you really think your terrible example even has merit in today's world? This requires no specific browser, no specific executable. You're too far behind on modern security and privacy and you're giving fruitless advice that is only a false sense of security. There are many variables to security and your example is absolutely meaningless in context of the situation you provided since there are far better effective ways of doing it without the password store being involved in the slightest.
The web itself is meant to be a system of interconnected elements and you cannot simply turn it off without breaking functionality significantly. Pushing this down to a level lower, you have ISPs that are datamining your traffic usage and breaking that down further there are government agencies building profiles on you by dipping into Internet Exchange networks. Web SSL cannot combat content providers hostile against your interests, web SSL cannot sufficiently mask your traffic patterns, nor can it hide what hosts you're accessing that can sufficiently datamined that invades your privacy (and by this, I mean, by even identifying what porn you like, what banks you enjoy, what social networks you frequent, what sites you visit).
But hey, let's give another provider our password safe, I'm sure that'll make us more secure against Google, Big ISP corp and Big spy gov (... Not in the slightest).
There is a large region between perfectly secure and completely insecure and pretending that the situation is black and white doesn't actually help anybody.
There certainly is, but the secure line begins with a solution like Freenet, not the web. I certainly don't believe Freenet is perfectly secure.
It is a bit much, which is why your best approach is to avoid situations where you need to put all of your trust in a single other party.
Incorrect, the best approach to avoid such situations is not to expose information you consider to fall under your 'privacy' to such things.
Trusting the biggest dataminer on the planet to handle your data in such a way that they are not able to datamine it, with their word as the only reassurance, is a silly proposition.
Assuming you're able to prevent data collection from the biggest dataminer on the Internet that has tracking through a variety of services and even 3rd party services (as an example, doubleclick) is a false sense of security.
If you use an encryption solution from one party and a storage solution from another party, you've diluted the damage that a single malicious actor can do.
That is just a false sense of security, because now you're assuming you really have "diluted the damage".
Trying to sell the idea that that you can't have perfect privacy
No, I'm not trying to sell anything. I'm establishing that you are selling a false sense of security/privacy.
you should just give up and learn to love Big Brother
Hey look, you want to have anonymity and privacy, go use the Freenet Project (and use the necessary means to audit the thing). That's anonymity and privacy online, not your half baked non-sense.
Trusting Google to protect your privacy, especially from themselves, falls toward the first part of that spectrum.
You seem to be making assumptions about me. Having the expectation you have privacy and/or anonymity outside of specialized purpose built systems like Freenet is ludicrous.
Sorry, my priority to write letters to abolish the licensing fee and instead require the BBC to use encrypted channels if they want to force people to pay a fee for access for their channels instead of trying to force everyone to pay a licensing fee because they're 'automatically' included in Freeview, Sky, Cable etc. in an attempt to get everyone in the UK to pay for a license whether they watch the BBC or not.
How many millions of public money are they squandering in such "advanced" technology to block VPNs?
It probably doesn't cost them any more than their business as usual as I suspect they got some lowly analyst to fill out known VPN IP ranges into a text file.
Considering so many TV stations license BBC programming, you can do international purchases of DVD/blu-ray content from sites like amazon.co.uk, BBC programmes are available on Netflix. I'm not sure this really is as big of a problem as you're trying to make it out to be.
This comes from the guy that buys blu-rays of Game of Thrones when it's released because it's not available to me on-demand.
If I could have full access to the BBC library through iPlayer I would be happy to pay them that.
Get a UK VPS, setup VPN on VPS, use VPN to access iPlayer (BBC are blocking VPN providers, they can't detect VPNs being used typically).
One thing to consider is that I wouldn't have access to live OTA TV like a resident would so perhaps bring the fee down a little.
If you watch live BBC programming, it doesn't matter if it's through satellite, cable, over the air or Internet streaming, you have to pay for a license regardless here. So, I don't see why you should get any particular exception to this. I should also note that 'on-demand' use of iPlayer does not require a TV license.
$15 a month for iPlayer only access would be more than fair and I would be more than happy to pay the BBC.
I think you can get a London VPS for about that price from Digital Ocean.
No American influence
There is plenty of American influence in BBC programming.
no commercials
BBC has commercials, they're just not of company products/services.
no banners covering the lower third of the screen with little people jumping up and down waving and blowing shit up to let me know about a different program coming up 2 months from now
Can't recall if it's the BBC channels (or other UK channels) that do this to tell you what's coming up shortly.
I want to see the world through their eyes and experience British life vicariously through Brits
Much of the 35 year olds and younger are relying more on Internet than they do on TV these days.
trusting a single party to store your private data and handle the encryption of that private data with a binary that they provide to you is incredibly naive.
Verses auditing the source-code yourself and compiling it every time? Honestly, that's a bit much.
If he's paranoid of Internet firms having his data for 'privacy' reasons, he shouldn't be online. Anything less is a false sense of security; don't even bother trying to sell it otherwise.
Nah, a DNS daemon configured correctly that works with all your devices and platforms is best in my opinion, just one system to configure, not every single system, having to root your tablets that can be rooted to get them to support hosts files etc.
Kaminsky redirect poisoning - 99.999% of ISP DNS aren't patched vs. it.
Irrelevant when you don't use forwarding rules in your DNS server configuration.
Open DNS resolvers (not OpenDNS) get exploited by malware A LOT!
Botnets, sure.
Rogue DNS servers (even in routers not just system IP stack settings).
What I'm suggesting isn't a rogue DNS server either.
* Hosts w/ favs you hardcode in 'em AVOIDS ALL THOSE DNS SECURITY ISSUES ABOVE
So does the DNS daemon in my household.
IT RESOLVES FAR FASTER THAN CALLING TO REMOTE DNS SERVERS
My DNS daemon is local on the network which has certain zone files for resolving certain hosts. Therefore it is 'far faster' than remote DNS servers too.
Hosts combined w/ OpenDNS compliment one other.
In my own experience in Europe, OpenDNS seems to be often slower at resolving than my own DNS daemons. Likely because according to my traceroute, it goes through four countries before I hit their server.
The rest of my hosts files' entries are 3,801,410++ blocked entries vs. malware & ads of many kinds.
(also, look, I can split things up across multiple files for organisational purposes)
Most of those entries include all the subdomains of a given known malicious domain, so no duplicate entries needed to filter out various subdomains.
> P.S.=> Local DNS eats more cpu, RAM, & I/O
To do what I do with my DNS server, it would take up more CPU, RAM, I/O and disk space with a hosts file and the work would have to be duplicated across each system. However, not each system in my household can even do hosts. Such as the game consoles, tablets and mobile phones. So, even if I was doing/just/ what you were doing, it would not be sufficient.
FREE & not 'souled-out' to advertisers + adds speed, security & reliability & does FAR more w/ FAR less more efficiently vs. redundant browser addons & locally installed DNS servers @ home + fixes DNS' many security issues!
If you look at the regular Linux desktop, a DNS server is already provided (usually powerdns) in forwarding mode by default in most major distros, so there isn't really any worse efficiency involved in those circumstances when modifying the configuration. Additionally, they're more efficient than hosts files when blocking entire domains, since you don't need to create over a TB of text file to generate every single possible subdomain combintion (which apparently sticks in your RAM according to you) for just one domain.
It SPEEDS YOU UP 2 ways (adblocking + locally cached in RAM favorites placed @ the TOP of hosts for fastest resolution speed vs. remote DNS also aiding reliability) vs. other "so-called security 'solutions'" SLOWING YOU!
My DNS daemon running on my router is more efficient. It returns NXDOMAIN for blocked domains, my browser doesn't even attempt to establish a TCP connection to an IP address, unlike when you use hosts files. This protects an entire network of computers and doesn't require any configuration of any individual systems to make it work either. The faster NXDOMAIN responses than resolution means that it is faster than without too.
Blocking an entire domain (or subdomain) is as simple as this line in Bind 9:
zone "abcstats.com" { type master; file "/dev/null"; };
Bind errors loading the zone, because it's not a valid zone file, effecively using next to no memory for a doman now considered invalid.
Equality is not achieved : look at salary graphs... You can come back with more SJW bashing now.
The last time I saw my salary in relation to others, I left the company considering I felt I was pulling the weight of those peers who were paid better. I did not feel wage equality between genders was an issue, equality between work produced was.
1.) Protect vs. malicious sites/servers (past ads) 2.) Protect vs. fastflux botnets + stop C&C communique 3.) Protect vs. dynamic dns botnets + stop C&C communique 4.) Protect vs. DGA botnets + stop C&C communique 5.) Protect vs. downed DNS (adds reliability) 6.) Protect vs. DNS redirect poisoned dns 7.) Protect vs. trackers 8.) Protect vs. spam 9.) Protect vs. phish 10.) Protect vs. caps 11.) Get you past a dns blocking 12.) Keep you off dns request logs 13.) Speed up surfing by adblocks & hardcoded fav. sites 14.) Work on anything webbound (ie email programs) multiplatform. 15.) Give you easily controlled data 16.) Do all that & block ads better than addons more efficiently in cpu cycles + memory usage
My DNS daemon at home can do all of that though.
P.S.=> Ab+ does less than hosts & less efficiently
My DNS daemon does it more efficiently by returning NXDOMAIN for blocked hosts. None of the computers on my network even attempt to establish a TCP connection to anything. Nobody even has to configure their computers to do anything when they use my Wi-Fi / LAN, it's 'just works'.
(hosts consume 3-11mb using my program initially).
My DNS daemon is only taking up 2MiB of system memory currently on the router and takes up no memory on the PCs on my network. My DNS server is also more efficient by being able to block complete domains owned by malware authors instead of just specific subdomains too.
What's best?
Clearly my setup as the technical advantages here.
My main complaints with that suggestion are the 3DS screen is like 3 or 4 inches, my laptop is a 17 inch which is a lot like a small TV.
Which is generally irrelevant when you're holding a portable unit like 3ds, since it's closer to you, therefore bigger screen.
I would have to buy 2 3DS which would come to about 3 or 4 hundred dollars.
You could get player 2 to get his own.
All to play a couple of games I used to own before my storage locker was robbed.
This is why having insurance is good.
Or I can emulate the games on the machine I want to play on, my big very nice laptop.
Which doesn't really help quality since pixel graphics tend to look worse on higher resolution screens.
But I have ZERO interest in buying two 3DS machines so I can get an inferior experience to the one I am already getting.
As an owner of current generation consoles, handhelds and a decent PC gaming rig, I believe I have a well rounded experience. I'm not seeing an inferior experience on equipment like 3DSes and I get the impression you're trying to justify something that isn't really a problem.
Your first mistake was being an asshole. How do I know? Because people, as a rule, are lazy. I'm lazy. You're lazy. We're all lazy. So why, I'm forced to ponder, are so many people intent on fucking with you that it overcomes their natural laziness?
I've seen this happen to software developers who happen to not make complicated, hard feature some community wants. That's not being an asshole.
I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP â" sorry, I don't have the logs
I don't believe your friend. Verify it yourself first.
I can't reproduce your claims, nor find evidence of it happening on Google with regards to GPOs.
The closest thing I am aware of is Windows resetting GPOs on a system upgrade (as opposed to updates). But that has been expected behaviour since Windows 2000.
I'd recommend you take at least the Microsoft course 50255C (or a more modern) to learn how GPOs work from a Microosft learning partner.
Slashdot Mirror
They're not writing their own crypto, they're utilizing an existing one.
From the get go, my response has been that your suggestion implies a false sense of security, that has really been the only thing I have pursuing (can be noted by the numerous times I have repeated it even). In my last post, I have now sufficiently explained why it is a false sense of security, something which you seem to be completely ignoring in your responses over and simply dismissing under the guise that 'security is layered' as a reason. I have explained with an example why your layering is in-effect meaningless in your example. I have even gone as far to suggest an online alternative for privacy concerns (which I didn't want to do).
I also agreed that security isn't perfect and even pointed out that my suggestion isn't a perfect solution either.
I would be bored too if I were just dismising a point instead of discussing it.
Congratulations, you defined 'security' in a way some "cyber" security experts do.
This is of course, irrelevant to the point that you are regardless providing a false sense of security. Your suggestion does nowhere mitigate sufficiently what you're implying.
It only seems that way because you're outdated. Have you ever considered that if Google was that interested in that data, they had many other avenues that didn't require client side code to access it?
I mean, when you consider how many sites support logging in via your Google+, Facebook, Twitter account, not to mention the various 'apps' that link with them, they have share buttons that are hosted from those hosts (so even if you're not logged in via their SSO, your authentication cookie can still be tracked through that share button image), do you really think your terrible example even has merit in today's world? This requires no specific browser, no specific executable. You're too far behind on modern security and privacy and you're giving fruitless advice that is only a false sense of security. There are many variables to security and your example is absolutely meaningless in context of the situation you provided since there are far better effective ways of doing it without the password store being involved in the slightest.
The web itself is meant to be a system of interconnected elements and you cannot simply turn it off without breaking functionality significantly. Pushing this down to a level lower, you have ISPs that are datamining your traffic usage and breaking that down further there are government agencies building profiles on you by dipping into Internet Exchange networks. Web SSL cannot combat content providers hostile against your interests, web SSL cannot sufficiently mask your traffic patterns, nor can it hide what hosts you're accessing that can sufficiently datamined that invades your privacy (and by this, I mean, by even identifying what porn you like, what banks you enjoy, what social networks you frequent, what sites you visit).
But hey, let's give another provider our password safe, I'm sure that'll make us more secure against Google, Big ISP corp and Big spy gov (... Not in the slightest).
There certainly is, but the secure line begins with a solution like Freenet, not the web. I certainly don't believe Freenet is perfectly secure.
Incorrect, the best approach to avoid such situations is not to expose information you consider to fall under your 'privacy' to such things.
Assuming you're able to prevent data collection from the biggest dataminer on the Internet that has tracking through a variety of services and even 3rd party services (as an example, doubleclick) is a false sense of security.
That is just a false sense of security, because now you're assuming you really have "diluted the damage".
No, I'm not trying to sell anything. I'm establishing that you are selling a false sense of security/privacy.
Hey look, you want to have anonymity and privacy, go use the Freenet Project (and use the necessary means to audit the thing). That's anonymity and privacy online, not your half baked non-sense.
You seem to be making assumptions about me. Having the expectation you have privacy and/or anonymity outside of specialized purpose built systems like Freenet is ludicrous.
Why don't you for once just do the fucking news.
Sorry, my priority to write letters to abolish the licensing fee and instead require the BBC to use encrypted channels if they want to force people to pay a fee for access for their channels instead of trying to force everyone to pay a licensing fee because they're 'automatically' included in Freeview, Sky, Cable etc. in an attempt to get everyone in the UK to pay for a license whether they watch the BBC or not.
It probably doesn't cost them any more than their business as usual as I suspect they got some lowly analyst to fill out known VPN IP ranges into a text file.
Considering so many TV stations license BBC programming, you can do international purchases of DVD/blu-ray content from sites like amazon.co.uk, BBC programmes are available on Netflix. I'm not sure this really is as big of a problem as you're trying to make it out to be.
This comes from the guy that buys blu-rays of Game of Thrones when it's released because it's not available to me on-demand.
Get a UK VPS, setup VPN on VPS, use VPN to access iPlayer (BBC are blocking VPN providers, they can't detect VPNs being used typically).
If you watch live BBC programming, it doesn't matter if it's through satellite, cable, over the air or Internet streaming, you have to pay for a license regardless here. So, I don't see why you should get any particular exception to this. I should also note that 'on-demand' use of iPlayer does not require a TV license.
I think you can get a London VPS for about that price from Digital Ocean.
There is plenty of American influence in BBC programming.
BBC has commercials, they're just not of company products/services.
Can't recall if it's the BBC channels (or other UK channels) that do this to tell you what's coming up shortly.
Much of the 35 year olds and younger are relying more on Internet than they do on TV these days.
You can actually do the same thing in Internet Explorer by using the blocked sites zone. I think that's been a feature since 4.1.
Verses auditing the source-code yourself and compiling it every time? Honestly, that's a bit much.
If he's paranoid of Internet firms having his data for 'privacy' reasons, he shouldn't be online. Anything less is a false sense of security; don't even bother trying to sell it otherwise.
Nah, a DNS daemon configured correctly that works with all your devices and platforms is best in my opinion, just one system to configure, not every single system, having to root your tablets that can be rooted to get them to support hosts files etc.
Uploading this information to Facebook, Google+ and VK for you.
Irrelevant when you don't use forwarding rules in your DNS server configuration.
Botnets, sure.
What I'm suggesting isn't a rogue DNS server either.
So does the DNS daemon in my household.
My DNS daemon is local on the network which has certain zone files for resolving certain hosts. Therefore it is 'far faster' than remote DNS servers too.
In my own experience in Europe, OpenDNS seems to be often slower at resolving than my own DNS daemons. Likely because according to my traceroute, it goes through four countries before I hit their server.
My blacklisted domains shows:
$ wc -l /etc/bind/blacklist /etc/bind/blacklist
13736
(also, look, I can split things up across multiple files for organisational purposes)
Most of those entries include all the subdomains of a given known malicious domain, so no duplicate entries needed to filter out various subdomains.
To do what I do with my DNS server, it would take up more CPU, RAM, I/O and disk space with a hosts file and the work would have to be duplicated across each system. However, not each system in my household can even do hosts. Such as the game consoles, tablets and mobile phones. So, even if I was doing /just/ what you were doing, it would not be sufficient.
If you look at the regular Linux desktop, a DNS server is already provided (usually powerdns) in forwarding mode by default in most major distros, so there isn't really any worse efficiency involved in those circumstances when modifying the configuration. Additionally, they're more efficient than hosts files when blocking entire domains, since you don't need to create over a TB of text file to generate every single possible subdomain combintion (which apparently sticks in your RAM according to you) for just one domain.
My DNS daemon running on my router is more efficient. It returns NXDOMAIN for blocked domains, my browser doesn't even attempt to establish a TCP connection to an IP address, unlike when you use hosts files. This protects an entire network of computers and doesn't require any configuration of any individual systems to make it work either. The faster NXDOMAIN responses than resolution means that it is faster than without too.
Blocking an entire domain (or subdomain) is as simple as this line in Bind 9:
zone "abcstats.com" { type master; file "/dev/null"; };
Bind errors loading the zone, because it's not a valid zone file, effecively using next to no memory for a doman now considered invalid.
The last time I saw my salary in relation to others, I left the company considering I felt I was pulling the weight of those peers who were paid better. I did not feel wage equality between genders was an issue, equality between work produced was.
They adapted by changing the laws in their favour so they wouldn't die, seems to be working fine to me.
My DNS daemon at home can do all of that though.
My DNS daemon does it more efficiently by returning NXDOMAIN for blocked hosts. None of the computers on my network even attempt to establish a TCP connection to anything. Nobody even has to configure their computers to do anything when they use my Wi-Fi / LAN, it's 'just works'.
My DNS daemon is only taking up 2MiB of system memory currently on the router and takes up no memory on the PCs on my network. My DNS server is also more efficient by being able to block complete domains owned by malware authors instead of just specific subdomains too.
Clearly my setup as the technical advantages here.
System.gc();
Which is generally irrelevant when you're holding a portable unit like 3ds, since it's closer to you, therefore bigger screen.
You could get player 2 to get his own.
This is why having insurance is good.
Which doesn't really help quality since pixel graphics tend to look worse on higher resolution screens.
As an owner of current generation consoles, handhelds and a decent PC gaming rig, I believe I have a well rounded experience. I'm not seeing an inferior experience on equipment like 3DSes and I get the impression you're trying to justify something that isn't really a problem.
No, bring in two 3DSes, why are you being stupid?
I've seen this happen to software developers who happen to not make complicated, hard feature some community wants. That's not being an asshole.
I don't believe your friend. Verify it yourself first.
Cool something, bro.
I can't reproduce your claims, nor find evidence of it happening on Google with regards to GPOs.
The closest thing I am aware of is Windows resetting GPOs on a system upgrade (as opposed to updates). But that has been expected behaviour since Windows 2000.
I'd recommend you take at least the Microsoft course 50255C (or a more modern) to learn how GPOs work from a Microosft learning partner.