[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firefox > Preferences > When Firefox starts.

On 4/25/19, David Wright <deblis@lionunicorn.co.uk> wrote:
> On Wed 24 Apr 2019 at 14:29:00 (-0400), Lee wrote:
>> On 4/24/19, David Wright <deblis@lionunicorn.co.uk> wrote:
>> > On Tue 23 Apr 2019 at 10:38:41 (-0400), Lee wrote:
>> >> On 4/22/19, David Wright <deblis@lionunicorn.co.uk> wrote:
>> >> > On Sun 21 Apr 2019 at 20:30:53 (-0700), peter@easthope.ca wrote:
>> >> >>     From: David Wright <deblis@lionunicorn.co.uk>
>> >> >>     Date: Sun, 21 Apr 2019 16:13:11 -0500
>> >> >> > Does the behaviour reported in your OP cause you *great* concern?
>> >> >>
>> >> >> No.  Just wastes time.  Opening a simple local HTML home page
>> >> >> requires
>> >> >> roughly a minute rather than roughly a second.
>> >> >
>> >> > I tend to forget that, because my /etc/hosts file has ~14000 lines,
>> >> > pages appear a lot faster here.
>> >>
>> >> Have you looked at bind's dns rpz?
>> >
>> > Just now.
>> >
>> >>   http://zytrax.com/books/dns/ch7/rpz.html
>> >> It lets you do things like
>> >> *.2o7.net               CNAME   .
>> >> *.doubleclick.net       CNAME   .
>> >>
>> >> to block entire domains instead of having to list each and every
>> >> hostname in the domain.
>> >>
>> >> And you can log what is blocked/allowed to make troubleshooting easier
>> >
>> > It might be a good *mechanism* for the diversion itself, but AFAICT
>> > it's aimed at the *policy* implementers rather than the end-user.
>>
>> Just out of curiosity - do you think pi-hole is aimed at policy
>> implementers or end users?
>
> I don't know about their policies, or whether they have any. I've not
> found any description of how you would configure it, only how you
> install it. Do they provide blacklists?

It looks like they give you a default list of lists that you can modify:
https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh#L1181

> It's also not clear to me where I should install it to. My router
> uses the Google nameservers, and all my machines have the router
> as their nameserver. The router is the only part of the network
> that's always up and running.

I have a server that I leave running all the time; reconfigure your
router to use your dns server instead of google, add a firewall rule
to block all outgoing tcp/udp traffic to port 53 except from the
server & you're done.

> But let me explain what I mean by those terms I used earlier:
>
>     Mechanism: Any method of modifying the result of trying to resolve
>     foo.bar to an IP address, irrespective of the specific domainnames
>     which somebody has to give to it. My mechanism is resolving to
>     localhost.
>
>     Policy implementers: The people who make the decisions about which
>     domainnames should have their resolution modified. If you look
>     through the reference I gave for the source of my /etc/hosts, you
>     can see their policies listed as comments bracketing the sections,
>     and they are:
>
>       #<shock-sites>
>       #<shortcut-examples>
>       #<hijack-sites>
>       #<spyware-sites>
>       #<maybe-spy>
>       #<malware-sites>
>       #<doubleclick-sites>
>       #<intellitxt-sites>
>       #<red-sheriff-sites>
>       #<cydoor-sites>
>       #<2o7-sites>
>       #<oewabox-sites>
>       #<ad-sites>
>       #<maybe-ads>
>       #<canvass-fingerprinting-sites>
>       #<evercookies-sites>
>       #<yahoo-ad-sites>
>       #<hitbox-sites>
>       #<extreme-dm-sites>
>       #<realmedia-sites>
>       #<fastclick-sites>
>       #<belo-interactive-sites>
>       #<popup-traps>
>       #<ecard-scam-sites>
>       #<IVW-sites>
>       #<wiki-spam-sites>
>       #<Windows10>
>
>     End-users: The people whose browsing experience are improved by
>     the policies selected, and implemented using the chosen mechanism.
>
>> > The value I get from Dan Pollock is the list of sites rather than the
>> > most elegant mechanism for handling that list. Looking at the comments
>> > in the list, and by comparing evolving versions, it does appear that
>> > Dan actively "opens holes" where people report interference or
>> > difficulties using certain legitimate sites.

But the holes get opened only after someone reports a problem.  If
you're using a host file, how do you figure out which host name(s)
being blocked are causing the problem?

I never figured out an easy way to troubleshoot hostfiles & switched
to something that logged what all was blocked and allowed.

>> > Finally, I wouldn't know where to start to compile a list of sites
>> > like that.
>>
>> https://dnsrpz.info/
>> If you're a business, you can buy access to an rpz feed.
>
> I'm not, but I take it that different feeds have different policies on
> which sites to include, and come at different prices.
>
>> If you're a [home?] network admin it's simple enough to enable logging
>> & see what all is allowed that you'd rather have blocked.  And/or grab
>> things like Dan Pollock's list and turn them into an rpz file.
>
> Frankly, I don't want to be bothered with processing the list.

That makes it easy then, stay with what you've got :)

Regards,
Lee
Reply to: