Re: [DNG] web conferencing software (was Re: Any interest in a Devuan Meetup in Colorado Springs or Denver?)
Στις 8/3/21 12:29 π.μ., ο/η Rick Moen έγραψε: Leaving aside my being disappointed about people willingly outsourcing their recursive DNS to the second-nosiest company on the planet[1] +1.1.1.1 ... don't forget cloudflare bullies.. but i do forward local queries to opennic (w/ dnscrypt) and a couple more trusted sources.. eg. libreops.cc offer a public resolver and another DoT/DoH & i do also forward to tor-resolve occasionally... so, i would be interested to know, if there's a privacy issue with opennnic? leaving the overlord (=icann) aside, seems like a good idea to me.. d. OpenPGP_signature Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What does this remind you of?
Le 07/03/2021 à 18:20, tito via Dng a écrit : > On Sun, 7 Mar 2021 18:03:30 +0100 > Antony Stone wrote: > >> On Sunday 07 March 2021 at 17:59:22, Steve Litt wrote: >> >>> See this web page: >>> >>> https://en.wikipedia.org/wiki/Anti-pattern >>> >>> I'd say at least half of the listed anti-patterns are used by >>> systemd. >> Very nice. >> >> Antony. >> > Hi, > this makes me think of the times when you could startx > with IceWM on a 1.44 floppy disk. That was simplicity > and to a certain extent poetry. I personally would scrap: > dbus > consolekit > packagekit > policykit > systemd > apparmor > selinux > I am sure I've forgot some other garbage. > > P.S.: I'm open to new technologies.. > when they follow a simple rule: less code is better > as I can understand only as much code as fits > onto my screen. Ciao Tito, I would get rid of all the same if I could. I wrote it to this list several times, except apparmor I still don't know anything of - not installed Beowulf yet. And I don't think selinux is forced on anyone yet. But there is also this feature of file cappabilities and file extended attributes which started a decade ago and looks like a nightmare. -- Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] web conferencing software (was Re: Any interest in a Devuan Meetup in Colorado Springs or Denver?)
> On 8 Mar 2021, at 19:08, Dimitris via Dng wrote: > > Στις 8/3/21 12:29 π.μ., ο/η Rick Moen έγραψε: >> Leaving aside my being disappointed about people willingly outsourcing >> their recursive DNS to the second-nosiest company on the planet[1] > > +1.1.1.1 ... don't forget cloudflare bullies.. > > > but i do forward local queries to opennic (w/ dnscrypt) and a couple more > trusted sources.. eg. libreops.cc offer a public resolver and another DoT/DoH > & i do also forward to tor-resolve occasionally... > > so, i would be interested to know, if there's a privacy issue with opennnic? > leaving the overlord (=icann) aside, seems like a good idea to me.. What’s the consensus on Quad9? Are they any better from a privacy standpoint? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] was: Re: web conferencing software
On Mon, 8 Mar 2021 20:00:46 +1100 wirelessduck--- via Dng wrote: > What’s the consensus on Quad9? Are they any better from a privacy > standpoint? I personally do not trust any of the DNS-providers with such easy- to-remember IP addresses. Also, if you want unfiltered results from Quad9, you won't get DNSSEC [1]. It may or may not be a coincidence that at the very same time that q9 moves its headquarters to independent and neutral Switzerland [2], Palantir (BigData specialist with close connections to the CIA) builds its "new European hub" in Altendorf [3], just a few kilometers across the lake. I'd bet that they share the fiber, if not the data center. And then there was this report, also from this winter, that the EU might want to declare DNS-servers "critical infrastructure" and thus make you require a registration to run one [4]. I want to stress that I rather believe in co-incidence than in any central entities being "in control" (in opposite to "dominance"). I also believe in critical mass, be it moving to which-ever direction. BTW, yesterday I watched Jean Luc Godard's "Alphaville" (1965) once again. Right after Kurosawa's "Rashomon" (1950) one the most important films on my harddisk. Just my two cheese cubes, Florian cens⬛ré Caution [1] https://www.quad9.net/support/faq [2] https://www.switch.ch/news/quad9-moves-to-Switzerland/ [3] https://www.s-ge.com/en/article/news/20211-software-palantir [4] https://connect.geant.org/2021/01/22/running-you-own-dns-service-there-may-be-changes-ahead ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] web conferencing software (was Re: Any interest in a Devuan Meetup in Colorado Springs or Denver?)
On Mon, 2021-03-08 at 10:08 +0200, Dimitris via Dng wrote: > Στις 8/3/21 12:29 π.μ., ο/η Rick Moen έγραψε: > > Leaving aside my being disappointed about people willingly > > outsourcing > > their recursive DNS to the second-nosiest company on the planet[1] > > +1.1.1.1 ... don't forget cloudflare bullies.. > > > but i do forward local queries to opennic (w/ dnscrypt) and a couple > more trusted sources.. eg. libreops.cc offer a public resolver and > another DoT/DoH & i do also forward to tor-resolve occasionally... > > so, i would be interested to know, if there's a privacy issue with > opennnic? > leaving the overlord (=icann) aside, seems like a good idea to me.. I wonder the same thing. I guess what appeals to me about opennic is that they address some of the problems with the way dns is handled elsewhere. Of course running your own dns server is optimal. But it doesn't do a better job to address privacy, and it doesn't make dns into a community issue like opennic is trying to do. As a dns server operator, with opennic you also get the opportunity to invite other anonymous (to you) people to share your dns server, thus pooling your dns queries, which can be good for privacy. If you're not running your own dns server when using opennic, you're relying on the truthfulness of the dns server operator when they checked or didn't check the flags indicating if they keep logs. That's obviously not a very trustworthy indication, but it's nice that they're addressing privacy right up front. I don't know of anyone trying to do what opennic is trying to do. Are there competing ideas in the realm of dns communities? In the absence of a "community of dns server operators and users", is the optimal option to have everyone run their own recursive server? But then the upstream servers still get the birds-eye view and will very likely abuse that information like the big companies do now. I don't mean just to defend opennic, if there are competing or better ideas out there, that would be good to know. I'm just throwing out my 2 cents on the matter. Gabe ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] web conferencing software (was Re: Any interest in a Devuan Meetup in Colorado Springs or Denver?)
On Mon, 2021-03-08 at 06:40 -0700, Gabe Stanton via Dng wrote: > On Mon, 2021-03-08 at 10:08 +0200, Dimitris via Dng wrote: > > Στις 8/3/21 12:29 π.μ., ο/η Rick Moen έγραψε: > > > Leaving aside my being disappointed about people willingly > > > outsourcing > > > their recursive DNS to the second-nosiest company on the > > > planet[1] > > > > +1.1.1.1 ... don't forget cloudflare bullies.. > > > > > > but i do forward local queries to opennic (w/ dnscrypt) and a > > couple > > more trusted sources.. eg. libreops.cc offer a public resolver and > > another DoT/DoH & i do also forward to tor-resolve occasionally... > > > > so, i would be interested to know, if there's a privacy issue with > > opennnic? > > leaving the overlord (=icann) aside, seems like a good idea to me.. > > I wonder the same thing. I guess what appeals to me about opennic is > that they address some of the problems with the way dns is handled > elsewhere. Of course running your own dns server is optimal. But it > doesn't do a better job to address privacy, and it doesn't make dns > into a community issue like opennic is trying to do. > As a dns server operator, with opennic you also get the opportunity > to > invite other anonymous (to you) people to share your dns server, thus > pooling your dns queries, which can be good for privacy. > > If you're not running your own dns server when using opennic, you're > relying on the truthfulness of the dns server operator when they > checked or didn't check the flags indicating if they keep logs. > That's > obviously not a very trustworthy indication, but it's nice that > they're > addressing privacy right up front. > > I don't know of anyone trying to do what opennic is trying to do. Are > there competing ideas in the realm of dns communities? > > In the absence of a "community of dns server operators and users", is > the optimal option to have everyone run their own recursive server? > But > then the upstream servers still get the birds-eye view and will very > likely abuse that information like the big companies do now. > > I don't mean just to defend opennic, if there are competing or better > ideas out there, that would be good to know. I'm just throwing out my > 2 > cents on the matter. Oh, and one more thing since you mentioned icann, one thing to note is that opennic also has their own tld system, independent of icann. As a community of operators, they can do that. Of course no one can access their tld's without pointing to an opennic server. Their main one is .glue but they continue to add them. Anyway, having their own tld's is another thing they're doing right in my opinion. If they don't end up being the best solution to the problem, I feel like they're leading the way. Of course the independent tld system is potentially problematic, but centralized icann is also a problem, so we should be looking for solutions and innovative ideas. Gabe ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Motel wifi: was web conferencing software
Rick Moen said: >The above is a vexing problem for travelers w/laptops who prefer to >specify their own choice of nameserver and still use hotel/motel WiFi >(and wired ethernet, actually). Best case, you have to disable your >nameserver IP override long enough to navigate the captive portal, and >then can put the override back. But, no, you cannot just leave your >choice of nameserver IPs in place (without disappointment). This is good information. I've sometimes wondered why I couldn't log in at the library or Macdonalds. I imagine it would be trivial to make a shellscript to alternate between immutable dns at my current ip address's unbound server, and the resolv.conf given me by the hotel. I never before knew the mechanism by which hotels and libraries and McDonalds pushed that login screen on me when I tried to go to Troubleshooters.Com. By the way, for a travelling notebook, I wouldn't be all that offended with a mutable resolv.conf. SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] web conferencing software (was Re: Any interest in a Devuan Meetup in Colorado Springs or Denver?)
>On Mon, 2021-03-08 at 06:40 -0700, Gabe Stanton via Dng wrote: >Oh, and one more thing since you mentioned icann, one thing to note is >that opennic also has their own tld system, independent of icann. As a >community of operators, they can do that. Of course no one can access >their tld's without pointing to an opennic server. Their main one is >.glue but they continue to add them. Anyway, having their own tld's is >another thing they're doing right in my opinion. If they don't end up >being the best solution to the problem, I feel like they're leading the >way. Wait a minute. This could be cool. Do iopennic TLDs conflict with icann's, or are they different? If they are different, couldn't I just add some of opennic's root servers to my Unbound root server file, so I can get the TLDs from either? How cool would that be? SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] I kinda sorta got opennic DNS working
Hi all, When I added four opennic root servers to my unbound's root.hints, I couldn't resolve grep.geek on my unbound server at 192.168.0.102, even though I could resolve it from the opennic root servers. Then I commented out all the icann root servers, restarted, and now I can resolve grep.geek as well as a bunch of .com and .org domains. I'd really like to have both icann and opennic root servers in my root.hints. Does anybody know a way to do that without the opennic root servers being sabotaged? Thanks, SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Opennic - (was: web conferencing software (was: something else))
Redirecting this thread back to the list. See below q and a between Steve and me. On Mon, 2021-03-08 at 09:16 -0500, Steve Litt wrote: > > On Mon, 2021-03-08 at 06:40 -0700, Gabe Stanton via Dng wrote: > > Oh, and one more thing since you mentioned icann, one thing to note > > is > > that opennic also has their own tld system, independent of icann. > > As a > > community of operators, they can do that. Of course no one can > > access > > their tld's without pointing to an opennic server. Their main one > > is > > .glue but they continue to add them. Anyway, having their own tld's > > is > > another thing they're doing right in my opinion. If they don't end > > up > > being the best solution to the problem, I feel like they're leading > > the > > way. > > Wait a minute. This could be cool. > Do iopennic TLDs conflict with icann's, or are they different? They're different for now, but if I understand correctly there is a company in the domain name arena that has requested and I believe they got, a tld from icann that already exists on opennic, thus creating the inevitable conflict. It'll be interesting to see how that plays out, but I like the approach opennic is taking, that of not asking permission. Edit: I've since found the email thread discussing the company which is selling domains on tld's that opennic also uses. The company is called Epik. The situation is interesting and could potentially set precedents for how independent dns communities, or anyone that doesn't cede all domain authority to icann, deals with icann and/or the companies that may cause conflict. The beginning of the thread is here. https://lists.opennicproject.org/sympa/arc/discuss/2020-04/msg2.html > If they are different, couldn't I just add some of opennic's root > servers to my Unbound root server file, so I can get the TLDs from > either? How cool would that be? Yep you could do that. Opennic's servers serve their own tld's as well a s icann's of course. Gabe ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I kinda sorta got opennic DNS working
On Mon, 2021-03-08 at 10:34 -0500, Steve Litt wrote: > Hi all, > > When I added four opennic root servers to my unbound's root.hints, I > couldn't resolve grep.geek on my unbound server at 192.168.0.102, > even > though I could resolve it from the opennic root servers. > > Then I commented out all the icann root servers, restarted, and now I > can resolve grep.geek as well as a bunch of .com and .org domains. > > I'd really like to have both icann and opennic root servers in my > root.hints. Does anybody know a way to do that without the opennic > root > servers being sabotaged? Is Unbound set to round-robin through your listed root servers? I wouldn't think it would query more than one of your root servers for one request. Maybe when you didn't get .geek that was because it hit a non-opennic server that time. Gabe ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Jitsi advice please [SOLVED] ish
It turns out 80 of the issue was a syntax error in the ALSA configuration. For an unknown reason this mostly only caused an issue for web browsers. In fact I only detected it when running some third party alsa software that displayed a warning. ? mostly only ? it must be bedtime :) publickey - g4sra@protonmail.com - 0x42E94623.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng