Re: [DNG] FF now defaults to DNS-over-HTTPS for US
Quoting Rainer Weikusat via Dng (dng@lists.dyne.org): > But this is not the case. There's nothing which stops users from running > their own, fully capable resolver locally[*] (or somewhere on a local > network) and thus, not make a comprehensive browsing history available > to any third party. Reminder, I maintain a bestiary of all 'DNS Server (and Related) Software for Linux' by category, here: http://linuxmafia.com/faq/Network_Other/dns-servers.html Candidate (maintained) open source recursive resolvers for Linux are: o bind9 (has baggage; see page) o Deadwood o dnscache (from djbdns), if patched to modern standards o PowerDNS Recursor o Unbound For various reasons out of scope here, I would generally recommend Unbound. (I'm sure Deadwood is really good and competitive, but am unsure of its packaging status. Disclaimer: Sam Trenholme, author of Deadwood and MaraDNS, is a friend of mine.) > [*] Except systemd-resolvd, of course, at that's (reportedly) a stub > resolver to replace another stub resolver :->. Correct. -- Cheers, "Why doesn't anyone invite copyeditors to parties, Rick Moen when we're such cool people out with whom to hang?" r...@linuxmafia.com-- @laureneoneal (Lauren O'Neal) McQ! (4x80) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
Steve Litt writes: > goli...@devuan.org wrote: > >> Just great! So how can we keep off this cloudflare thing? >> >> https://www.theregister.co.uk/2020/02/25/mozilla_turns_on_dns_over_https_by_default_for_usa/ > > "Another relevant question is whether further centralisation [SIC] of > the internet is, inherently, a bad thing." This is a wrong question based on a false dichotomy in this article. It assumes users will always have to use some recursive resolver operated by some third party, hence, they can only chose between a) use the servers you got assigned in some environment "which may include public WiFi" ("Run your life!") b) use some "trusted DoH provider" (trusted by some other US company to be good enough for its users, that is) IOW, that uses will always have to provide a complete history of all their "web movement" to someone. But this is not the case. There's nothing which stops users from running their own, fully capable resolver locally[*] (or somewhere on a local network) and thus, not make a comprehensive browsing history available to any third party. And DoH prevents that. That Google (AFAIK) invented this is certainly just coincidence. [*] Except systemd-resolvd, of course, at that's (reportedly) a stub resolver to replace another stub resolver :->. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Thu, Mar 5, 2020, at 2:18 PM, Florian Zieboll wrote: > > Which leads to an even deeper question: As we tend to move into the > direction we look (think of learning a header or somersault or perhaps > also of getting through a dangerous situation when driving a vehicle) - > what does this mean for writing dystopia? [2] Fear is a bad adviser. Well, it is said that people who read science fiction are better equipped to cope with new and unexpected situations. But humans are turning out to be very predictable and the situations are not new or unexpected when compared to Orwell. The whole DNS vs DoH problem is another choice of "centralization and trust in authority" vs "decreased safety and trust in entities closer to home". The current trend is authoritarian. Orwell teaches us all about that. :) The current trend in tech puts a lot of power in the hands of the root SSL authorities. t ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Thu, 5 Mar 2020 09:10:00 -0500 Dan Purgert wrote: > On Mar 03, 2020, tekHedd wrote: > > On Mon, Mar 2, 2020, at 4:34 AM, Dan Purgert wrote: > [...] > > > > You say "Orwellian thinking" like it's a bad thing. :) > > I ... think ... you're joking? You're joking, right? I think this is (going far off topic) a really good question, because I am not sure, what "Orwellian thinking" actually is: Is it the thinking of Orwell's antagonists, or is it Orwell's awareness of a /possible/ outcome of current [2] phenomenons? Which leads to an even deeper question: As we tend to move into the direction we look (think of learning a header or somersault or perhaps also of getting through a dangerous situation when driving a vehicle) - what does this mean for writing dystopia? [2] Fear is a bad adviser. And is this really so off topic? I mean: Who's afraid of "badly reinvented" concepts?! Thinking aloud, Florian [1] Wow, the beauty of languages killing me, softly, once again: current (adj -> noun) -> drift / stream [2] This is why I like the books of Marge Piercy ("Woman on the Edge of Time", "He, She and It") so much: She creates multiple, coexisting scenarios and thus gives the reader the possibility to compare and choose actively. -- \ \\ \ \ | | / \ |ILS ONT PEUR| |CES ROMAINS.| \__/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Wed, Mar 04, 2020 at 03:01:55PM -0500, Steve Litt wrote: > On Tue, 3 Mar 2020 18:43:01 -0500 > Clarke Sideroad via Dng wrote: > > > On 2020-03-03 5:45 p.m., spiralofhope wrote: > > > This helps me remember: > > > E for English "grEy" > > > A for American "grAy" > > > > > I attempt to be trilingual in "English". > > Thanks, that memory tool is great. > > In Canada we say GrEh, but we spell it the English way. (-; > > It's aboat the same thing, eh? It's likely just personal, but I've always felt that grey is a slightly cleaner colour than gray. -- hendrik > > SteveT > > Steve Litt > February 2020 featured book: Thriving in Tough Times > http://www.troubleshooters.com/thrive > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Mar 03, 2020, tekHedd wrote: > On Mon, Mar 2, 2020, at 4:34 AM, Dan Purgert wrote: > > On Mar 02, 2020, spiralofhope wrote: > > That is certainly some Orwellian thinking right there. > > You say "Orwellian thinking" like it's a bad thing. :) I ... think ... you're joking? You're joking, right? -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281 signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Wed, 4 Mar 2020 21:31:49 +0100 "Dr. Nikolaus Klepp" wrote: > Are you sure that femails would not use slightly more elaborate color > names? Maybe it's just a misunderstanding and "grey" is used for the > more redish tones an "gray" for a more greeish tones? All > indistinguishable for mail eyes, so mails think that it's something > about geolocation? Well, I'm not sure about mails or femails, but I'm very certain there is a subset of females that could certainly give your better descriptions of grey/gray than the platry described six grey/grays in rgb.txt. I am of course referring to those who work in textiles who have to consider the grey/gray content of material in choosing which patterns/colour to combine. The other 102 greyNN labels definitely has to be a typical male trait. Getting back to the subject, taking a tip mentioned earlier about where to point FF's new DNS has certainly uncovered at least one web site for me that the combined various powers prefer not to be visible. So good bt of info to file away. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Mon, Mar 2, 2020, at 4:34 AM, Dan Purgert wrote: > On Mar 02, 2020, spiralofhope wrote: > That is certainly some Orwellian thinking right there. You say "Orwellian thinking" like it's a bad thing. :) DD ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
Anno domini 2020 Wed, 4 Mar 15:01:55 -0500 Steve Litt scripsit: > On Tue, 3 Mar 2020 18:43:01 -0500 > Clarke Sideroad via Dng wrote: > > > On 2020-03-03 5:45 p.m., spiralofhope wrote: > > > This helps me remember: > > > E for English "grEy" > > > A for American "grAy" > > > > > I attempt to be trilingual in "English". > > Thanks, that memory tool is great. > > In Canada we say GrEh, but we spell it the English way. (-; > > It's aboat the same thing, eh? Are you sure that femails would not use slightly more elaborate color names? Maybe it's just a misunderstanding and "grey" is used for the more redish tones an "gray" for a more greeish tones? All indistinguishable for mail eyes, so mails think that it's something about geolocation? Nik > > SteveT > > Steve Litt > February 2020 featured book: Thriving in Tough Times > http://www.troubleshooters.com/thrive > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Tue, 3 Mar 2020 18:43:01 -0500 Clarke Sideroad via Dng wrote: > On 2020-03-03 5:45 p.m., spiralofhope wrote: > > This helps me remember: > > E for English "grEy" > > A for American "grAy" > > > I attempt to be trilingual in "English". > Thanks, that memory tool is great. > In Canada we say GrEh, but we spell it the English way. (-; It's aboat the same thing, eh? SteveT Steve Litt February 2020 featured book: Thriving in Tough Times http://www.troubleshooters.com/thrive ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On 2020-03-03 5:45 p.m., spiralofhope wrote: This helps me remember: E for English "grEy" A for American "grAy" I attempt to be trilingual in "English". Thanks, that memory tool is great. In Canada we say GrEh, but we spell it the English way. (-; Clarke ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Tue, 3 Mar 2020 11:49:57 -0800 Rick Moen wrote: > > 'grey' rather than 'grey': because it's much greyer that way. > 'gray' > > See, even when I set out to adopt quaint USAnaian spelling, I > sometimes can't quite manage it. This helps me remember: E for English "grEy" A for American "grAy" ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
Er, stepping on my own line: > Some years back, I had some good-natured jousting in e-mail with noted > Usenet figure Gharlane of Eddore[1], who had chided me on > rec.arts.sf.tv.babylon5 about my use of Commonwealth spelling -- but > certainly didn't allege that it was mistaken. I amused him and almost > won him over with my declaration that of course I write 'grey' rather > than 'grey': because it's much greyer that way. 'gray' See, even when I set out to adopt quaint USAnaian spelling, I sometimes can't quite manage it. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
Quoting Steve Litt (sl...@troubleshooters.com): > "Another relevant question is whether further centralisation [SIC] of > the internet is, inherently, a bad thing." Unaware of the Queen's English, my good lad? Some years back, I had some good-natured jousting in e-mail with noted Usenet figure Gharlane of Eddore[1], who had chided me on rec.arts.sf.tv.babylon5 about my use of Commonwealth spelling -- but certainly didn't allege that it was mistaken. I amused him and almost won him over with my declaration that of course I write 'grey' rather than 'grey': because it's much greyer that way. I miss him a lot. He was erudite and a real character, just what I want to be when I grow up. [1] https://en.wikipedia.org/wiki/Gharlane_of_Eddore ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On 2020-03-03 12:56, Steve Litt wrote: On Sun, 01 Mar 2020 17:08:28 -0600 goli...@devuan.org wrote: Just great! So how can we keep off this cloudflare thing? https://www.theregister.co.uk/2020/02/25/mozilla_turns_on_dns_over_https_by_default_for_usa/ "Another relevant question is whether further centralisation [SIC] of the internet is, inherently, a bad thing." Yes, centralization of the Internet is a bad thing, completely contrary to the Internet's design and purpose. The Internet (formerly Arpanet) was designed by the Department of Defense to be widely distributed, with lots of redundancy, so that if the Soviet Union nuked the hosts in Philly, the hosts in Atlanta and Chicago and South Bend Indiana picked up the slack. The distributivity made the Internet indestructible. It also made it hard for a scoundrel to poison the DNS system or to get away with lying. Now we're starting to centralize. Facebook, controlled by one multi-billionaire, solicits and promotes political lies that might determine elections. The golden age of the Internet was the mid to late 1990's, when we all got online via the regulated telephone utility. Anyone with a Linux computer, a few modems, and a reasonable on-ramp to the Internet could set themselves up as an ISP, the controller of your last mile. And they did. So prices fell from $75/month in 1995 to $25/month by 1999. And if you didn't like your ISP, you probably had 50 other choices. So ISPs were reasonably priced and customer-focused: Competition at its best. In today's more centralized Internet, there are maybe twenty providers of last-mile service nationwide [1], and they've divided the map such that no more than two compete in most areas. Prices are up. One could argue that price per Mbs is way down, but in 20 years I'd hope so, and believe that with competition we'd be paying about $10/month for the same service. It's my belief that the wide distributivity of the original Internet was what allowed it to thrive to this point, and centralization is slowly choking it, putting it at risk, and making it less useful. Exaaactly. The question is "less useful" for whom? Certainly not the user. It is ultimately about control of information and populations in order to empower and enrich those at the top of the economic food chain. Truth are lies and lies are truth. Just keep buying more of what you don't need to create debt which will enslave you for life. We own you. Get over it and just keep clicking . . . golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Sun, 01 Mar 2020 17:08:28 -0600 goli...@devuan.org wrote: > Just great! So how can we keep off this cloudflare thing? > > https://www.theregister.co.uk/2020/02/25/mozilla_turns_on_dns_over_https_by_default_for_usa/ "Another relevant question is whether further centralisation [SIC] of the internet is, inherently, a bad thing." Yes, centralization of the Internet is a bad thing, completely contrary to the Internet's design and purpose. The Internet (formerly Arpanet) was designed by the Department of Defense to be widely distributed, with lots of redundancy, so that if the Soviet Union nuked the hosts in Philly, the hosts in Atlanta and Chicago and South Bend Indiana picked up the slack. The distributivity made the Internet indestructible. It also made it hard for a scoundrel to poison the DNS system or to get away with lying. Now we're starting to centralize. Facebook, controlled by one multi-billionaire, solicits and promotes political lies that might determine elections. The golden age of the Internet was the mid to late 1990's, when we all got online via the regulated telephone utility. Anyone with a Linux computer, a few modems, and a reasonable on-ramp to the Internet could set themselves up as an ISP, the controller of your last mile. And they did. So prices fell from $75/month in 1995 to $25/month by 1999. And if you didn't like your ISP, you probably had 50 other choices. So ISPs were reasonably priced and customer-focused: Competition at its best. In today's more centralized Internet, there are maybe twenty providers of last-mile service nationwide [1], and they've divided the map such that no more than two compete in most areas. Prices are up. One could argue that price per Mbs is way down, but in 20 years I'd hope so, and believe that with competition we'd be paying about $10/month for the same service. It's my belief that the wide distributivity of the original Internet was what allowed it to thrive to this point, and centralization is slowly choking it, putting it at risk, and making it less useful. [1] Not counting city-provided Internet SteveT Steve Litt February 2020 featured book: Thriving in Tough Times http://www.troubleshooters.com/thrive ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On 3/2/20 1:08 AM, goli...@devuan.org wrote: > So how can we keep off this cloudflare thing? there are also other non-corp DoH/DoT providers, so default cloudflare setting in ff can be changed.. (eg. https://libredns.gr/). generally, i don't find DoH a problem, i think it's a good measure for most users.. it's cloudflare i don't trust. 2c, d. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Sun, 01 Mar 2020 17:08:28 -0600 goli...@devuan.org wrote: > Just great! So how can we keep off this cloudflare thing? > > https://www.theregister.co.uk/2020/02/25/mozilla_turns_on_dns_over_https_by_default_for_usa/ > > Rick Moen? Anyone? > > I am quite happy running unbound locally thanks to Rick and > Centurion_Dan etc. > > Thoughts? https://support.mozilla.org/en-US/kb/firefox-dns-over-https "do the following: Type about:config in the address bar and press Enter. A warning page may appear. Click Accept the Risk and Continue to continue to the about:config page. Search for the preference: network.trr.mode to confirm that the value is either 0 (off) or 5 (off by user choice). " All mine were done a while back - just have to keep watch that Mozilla don't override this. However this exists: https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https pgpD_dhncoud7.pgp Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Mar 02, 2020, spiralofhope wrote: > On Sun, 01 Mar 2020 17:08:28 -0600 > goli...@devuan.org wrote: > > > https://www.theregister.co.uk/2020/02/25/mozilla_turns_on_dns_over_https_by_default_for_usa/ > > } Another relevant question is whether further centralisation of the > } internet is, inherently, a bad thing. ® > > Whoa boy. That is certainly some Orwellian thinking right there. Suppose I have to write a website to counteract this thinking. I suck at it, so apologies in advance (but at least it won't have JS) -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281 signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Sun, 01 Mar 2020 17:08:28 -0600 goli...@devuan.org wrote: > https://www.theregister.co.uk/2020/02/25/mozilla_turns_on_dns_over_https_by_default_for_usa/ } Another relevant question is whether further centralisation of the } internet is, inherently, a bad thing. ® Whoa boy. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
Quoting goli...@devuan.org (goli...@devuan.org): > Just great! So how can we keep off this cloudflare thing? > > https://www.theregister.co.uk/2020/02/25/mozilla_turns_on_dns_over_https_by_default_for_usa/ > > Rick Moen? Anyone? It's been obviously coming (for newer Firefox versions) for quite some time. Since my _personal_ view is that Firefox (Release Edition and Beta) went unacceptably off the rails starting with Firefox 48 on 2016-08-02 (and similar damage to Firefox ESR then being only a matter of time), I see this as unfortunate but as just another hammer in the coffin. As noted in TheReg's article (and linked Mozilla blog item), the new DoH default in Firefox 73.0.1 can be simply unchecked somewhere in the program's Settings (for now). Also, for those who care about new Firefox versions but haven't read the coverage, it should be noted that the new default is (claimed to be) set only in downloadable binary versions of the browser offered at mozilla.org to USA users, not to those elsewhere in the world. The direct effect on Linux users would be only on distros that do no meaningful curating and correcion of Mozilla, Inc.'s sometimes brainless defaults in their distro packages. (I really have no idea if the Debian distro package of Firefox Release Edition suffers this brain damage, having lost interest, as I said, some years back. Perhaps someone else here knows. (Seriously, I really, really wish either Debian or someone else would gather together as much as possible of the 'No, we don't accept mandatory extension signing and are not thrilled about losing XUL/XPCOM without a lot better planning' consensus under one roof under revived brand identity 'Iceweasel'. Seems like an obvious solution, to me -- and, to correct myself just a bit, in a way, it's almost-sorta happened: the several little scattershot Firefox pre-57 forks include Pale Moon, Basilisk, Waterfox, Iceweasel-UXP, Iceape-UXP, and Borealis Navigator. For those who are unfamiliar with Iceweasel-UXP, I recommend reading their lucid and brief explanation: https://wiki.hyperbola.info/doku.php?id=en:project:iceweasel-uxp (But, seriously, IMO they should call it 'Iceweasel', which is peculiar enough without the suffix, but at least has a history.) -- Cheers, "Why doesn't anyone invite copyeditors to parties, Rick Moen when we're such cool people out with whom to hang?" r...@linuxmafia.com-- @laureneoneal (Lauren O'Neal) McQ! (4x80) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FF now defaults to DNS-over-HTTPS for US
On Sun, Mar 01, 2020 at 05:08:28PM -0600, goli...@devuan.org wrote: > Just great! So how can we keep off this cloudflare thing? > > https://www.theregister.co.uk/2020/02/25/mozilla_turns_on_dns_over_https_by_default_for_usa/ There was a thread on (IIRC) debian-devel about this a while ago, with a near-consensus that, while good for a typical insecure Windows user, DoH by default is inappropriate for Debian. I thus assume it won't be on in the packaging. > I am quite happy running unbound locally thanks to Rick and Centurion_Dan > etc. And having unbound by default might be a good default. I just don't have enough experience with hotel/phone/etc networks which block direct DNS to know what problems could be. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ in the beginning was the boot and root floppies and they were good. ⢿⡄⠘⠷⠚⠋⠀ -- on #linux-sunxi ⠈⠳⣄ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng