An Exercise Program for the Fat Web (opens in new tab)

(blog.codinghorror.com)

96 pointsraviojha6y ago34 comments

34 comments

> It's kind of scary how powerful DNS can be, isn't it?

And that, I think, is why we see a push for DNS-over-HTTPS and other things: because eventually Google (and other device manufacturers) will only use the network-provided DNS servers to find their DNS servers. And of course your device will only use Google's servers, for your security of course.

You might think that sounds crazy, but we've already seen it come to pass: Android apps will now ignore owner-supplied root certs. This means that the device owner cannot inspect HTTPS traffic sent by his own device.

The endgame is that we're not really owners of our own computing devices, but simply renters of media-consumption appliances.

nixpulvis6y ago

If I don't own my technology, I sadly own very little. It makes me really sad.

bryanlarsen6y ago

Switching to Firefox costs $0 and works on every network, not just your home net.

throwmeback6y ago

It's also hella buggy on macOS for me, which is irritating - my browser is the only thing I need to work 100% of the time. As much as I'd like to reduce Google's browser monopoly, I consciously choose to make this one exception.

robin_reala6y ago

Any particular bugs that are annoying you? The main one for most people seems to be excessive battery consumption on retina displays, which is being worked on (requires switching the renderer interface over to Core Animation, so is understandably taking a while). Apart from that I can only think of minor annoyances compared to some of the problems with Chrome like major memory consumption and the gradual strangling of personal privacy extensions.

5 more replies

lucideer6y ago

Define hella buggy? What's not working for you?

(apart from the obvious recent f-up with the addon signing obviously, which—while glaring—was at least a one-off)

mooreds6y ago

Have you tried brave? Not sure if it has feature parity, but it is a new take on a chromium based browser.

1 more reply

oweiler6y ago

Only if you don't value your time. This would at least require me to search for equivalent plugins.

robin_reala6y ago

You’ll find that a lot of the extensions are the same ones, now that Firefox has switched over to Chrome’s WebExtension model as a base.

JoshMnem6y ago

Firefox has some better plugins and features, like container tabs. You can block ads with the built-in tracking protection, uBlock Origin (not uBlock), and uMatrix.

https://support.mozilla.org/en-US/kb/containers

fenwick676y ago

> Eye/o GmbH owns AdBlock and uBlock

Wow, I didn't realize the same company that owns Adblock also owns uBlock.org (but not ublock origin)

Crinus6y ago

Doesn't DNS over HTTPS and HSTS bypass pihole?

(isn't it funny how every single "modern web security" feature, from DNS over HTTPS, to HSTS even to HTTPS itself always ends up with someone giving up control to 3rd parties yet this is always dismissed and pushed through insane amounts of peer pressure - usually by people who have vested interests in those 3rd parties - because 'security'?)

kasey_junk6y ago

My network is setup so local dns goes to the pi-hole which uses dns over https.

detaro6y ago

DNS over HTTPS against a server you can't choose would do so, yes.

fenwick676y ago

You could still shut down the initial DNS query for the dns-over-https provider and make it unreachable

1 more reply

thedanbob6y ago

So does simply using a different DNS server than the network supplies, unless you’re blocking port 53.

eswat6y ago

Pi-Hole is a great tool, just make sure to be exhaustive in your testing to see if it will break any services you depend on.

When I unboxed my old Kindle one day I couldn’t get syncing to work and had no idea why for several days until I tried adding a pass-through filter for Amazon in Pi-Hole, which was the culprit.

Theodores6y ago

I am interested in what happens when you get to a website that insists you turn off your ad blocker. What happens with Pi Hole?

Also I would prefer to just run Privoxy as I have Ubuntu running and can just use that instead of some extra gadget. What happens with Privoxy if you are getting a turn off ad blocker message?

Currently I use 'cat block' or the 'EFF' blocker, depending on what computer I am on, those give you an option to turn off your ad blocker which I find myself doing from time to time, it would be nice to have this option with Privoxy.

deftnerd6y ago

There is a firefox extension you can use to temporarily disable the PiHole blocking on your network with one click so you don't have to visit your PiHole webpage and do it manually.

https://addons.mozilla.org/en-US/firefox/addon/switch-pi-hol...

theandrewbailey6y ago

You can disable blocking temporarily (a few seconds to a few minutes) in the PiHole dashboard.

jdietrich6y ago

That sounds rather inconvenient compared to the two-click option in uBlock Origin.

3 more replies

nkrisc6y ago

In addition to the temporary disable option available at /admin on your pi-hole, you can whitelist domains if you really need to access them and you can't with blocking.

j / k navigate · click thread line to collapse

34 comments

zeveb6y ago

> It's kind of scary how powerful DNS can be, isn't it?

The endgame is that we're not really owners of our own computing devices, but simply renters of media-consumption appliances.

nixpulvis6y ago

If I don't own my technology, I sadly own very little. It makes me really sad.

bryanlarsen6y ago

Switching to Firefox costs $0 and works on every network, not just your home net.

throwmeback6y ago

robin_reala6y ago

5 more replies

lucideer6y ago

Define hella buggy? What's not working for you?

(apart from the obvious recent f-up with the addon signing obviously, which—while glaring—was at least a one-off)

mooreds6y ago

Have you tried brave? Not sure if it has feature parity, but it is a new take on a chromium based browser.

1 more reply

oweiler6y ago

Only if you don't value your time. This would at least require me to search for equivalent plugins.

robin_reala6y ago

You’ll find that a lot of the extensions are the same ones, now that Firefox has switched over to Chrome’s WebExtension model as a base.

JoshMnem6y ago

Firefox has some better plugins and features, like container tabs. You can block ads with the built-in tracking protection, uBlock Origin (not uBlock), and uMatrix.

https://support.mozilla.org/en-US/kb/containers

fenwick676y ago

> Eye/o GmbH owns AdBlock and uBlock

Wow, I didn't realize the same company that owns Adblock also owns uBlock.org (but not ublock origin)

Crinus6y ago

Doesn't DNS over HTTPS and HSTS bypass pihole?

kasey_junk6y ago

My network is setup so local dns goes to the pi-hole which uses dns over https.

detaro6y ago

DNS over HTTPS against a server you can't choose would do so, yes.

fenwick676y ago

You could still shut down the initial DNS query for the dns-over-https provider and make it unreachable

1 more reply

thedanbob6y ago

So does simply using a different DNS server than the network supplies, unless you’re blocking port 53.

eswat6y ago

Pi-Hole is a great tool, just make sure to be exhaustive in your testing to see if it will break any services you depend on.

When I unboxed my old Kindle one day I couldn’t get syncing to work and had no idea why for several days until I tried adding a pass-through filter for Amazon in Pi-Hole, which was the culprit.

Theodores6y ago

I am interested in what happens when you get to a website that insists you turn off your ad blocker. What happens with Pi Hole?

Also I would prefer to just run Privoxy as I have Ubuntu running and can just use that instead of some extra gadget. What happens with Privoxy if you are getting a turn off ad blocker message?

deftnerd6y ago

There is a firefox extension you can use to temporarily disable the PiHole blocking on your network with one click so you don't have to visit your PiHole webpage and do it manually.

https://addons.mozilla.org/en-US/firefox/addon/switch-pi-hol...

theandrewbailey6y ago

You can disable blocking temporarily (a few seconds to a few minutes) in the PiHole dashboard.

jdietrich6y ago

That sounds rather inconvenient compared to the two-click option in uBlock Origin.

3 more replies

nkrisc6y ago

In addition to the temporary disable option available at /admin on your pi-hole, you can whitelist domains if you really need to access them and you can't with blocking.

j / k navigate · click thread line to collapse