Cancer Council is an Australian charity which raises funds for cancer research and support.
Buying their products supports them (and you would expect they hold themselves to even higher standards for the effectiveness of their product than a random company).
It likely overrides DNS resolution to CDN/POPs in countries which don't require age checking, or routes the traffic through TCP proxies so your traffic appears to come from a different country without these laws.
This will increase the latency of all traffic to that site though.
Sure they can. When your browser resolves a host, they replace the actual IP with the IP of a proxy that is configured to forward traffic according to the Host HTTP header.
- You ask Foo DNS Provider for the IP address of pornhub.com
- Foo DNS Provider responds with the real IP address
- You connect to that address, send a TLS ClientHello containing a Server Name Indication extension of "pornhub.com"
What could happen:
- You ask Foo DNS Provider for the IP address of pornhub.com
- Foo DNS Provider responds with one of their own IP addresses
- You connect to that address, send a TLS ClientHello containing a Server Name Indication extension of "pornhub.com"
- Foo DNS Provider now knows that you intend to connect there, so it connects there for you and relays your ClientHello to it
- Foo DNS Provider then just acts as a dumb relay, passing everything back and forth with no modifications
- The certificate verifies fine because the traffic was not modified and it was presented by the party who controls the corresponding private key
- The website thinks you are connecting from Foo DNS Provider, not your real address
The only thing that would break this is ECH (Encrypted ClientHello), currently supported only by CloudFlare and Google Chrome (and its derivatives) as far as I know. This security feature is provisioned with ... DNS records! So Foo DNS Provider can simply indicate that the records required for ECH do not exist, and your web browser wouldn't encrypt the ClientHello. It's already tampering with the responses to address lookups anyway, so DNSSEC wouldn't be an issue -- you simply would not expect to be able to validate anything.
Instead, NextDNS is very likely abusing the EDNS Client Subnet feature to provide website operators with a spoofed client location. Much more simple and less nefarious.
> A certificate has to be signed by a trusted CA (one your browser already trusts).
Yes.
> A DNS provider could mint a self-signed cert for pornhub.com, but your browser would reject it immediately.
I never said anything about the DNS provider minting any certificates, and explicitly said that the certificate would be provided by PornHub's servers and merely relayed -- verbatim -- through the DNS provider. As well as the rest of the TLS negotiation.
> Instead, NextDNS is very likely abusing the EDNS Client Subnet feature to provide website operators with a spoofed client location.
That's what they are doing now, yes. What I propose is how they can continue to make it work once the website operators catch on and start looking at the ASN information of the source IP address of the HTTP connection.
I am well aware of how CAs and the Web PKI model and TLS work.
Ah, ok... a transparent proxy just to hide the origin IP. Thanks for clarifying. A lot of people are assuming full proxying, but I understand you were describing a hypothetical.
Right. What I proposed is scarcely different from doing HTTPS over a SOCKS5 proxy. It's just that the proxy would infer your destination from the ClientHello rather than being instructed by the client in advance (Edit: and it would have to assume port 443 -- a safe assumption in the context of a service whose feature is bypassing website content blocking).
I tried out NextDNS and this feature doesn't seem to work anyway. Enabling "Bypass Age Verification" has no effect. I tested it out on PornHub and XVideos.
I also can't find anything different in the returned A/AAAA records compared to my standard resolver.
AI proponents keep drawing perfectly straight lines from "no AI --> LLMs exist --> LLMs write some adequate code sometimes" up into the horizon of the Y axis where AIs run all governments, write all code, paint all paintings and so on.
There's a large overlap with the crypto true-believers who were convinced after seeing "no blockchain --> blockchain exists" that all laws would be enshrined in the blockchain, all business would be done with blockchains, etc.
We've had automation in the past; it didn't decimate the labour-force; it just changed how people work.
And we didn't go from handwashing clothes --> washing machines --> all flat surfaces are cleaned daily by washing robots...
It's easy to lapse into personifying it and caricaturing the-thing-in-toto, but then we end up at obvious absurdities - to wit:
- we're on HN, it'd be news to most readers that there's a "large overlap" of "true-believers", AI was a regular discussion topic here a loooong time before ChatGPT, even OpenAI. (been here since 2009)
- Similarly "AI proponents keep drawing perfectly straight lines...AIs run all governments, write all code, paint all paintings and so on."
The technical term would be "strawmen", I believe.
Or maybe begging the question (who are these true-believers who overlap? who are these AI proponents)
Either way, you're not likely to find these easy-to-knock-down caricatures on HN. Maybe some college hypebeast on Twitter. But not here.
Right - more directly, asserting they're overlapping, and then asserting all members of both sets all back the same obviously-wrong argument(s) is a recipe for dull responses from ilk like me :)
I am certain you have observed N members of each set. It's the rest that doesn't follow.
I made my own really mediocre version of this 2 years ago just for PS4 and Switch ROMS, also using IGDB etc. Glad to see something so polished and professional looking.
For the maintainers, does this pull the metadata (e.g Title ID or PKG ID) from the (supported) ROM files directly, or only from the filename? I skimmed the README and Docs and couldn't find a clear answer.
Hi! for some platforms like switch where the games have a Title ID we first try to match against a static file RomM already has loaded and fallback to metadata providers (igdb, screenscraper and mobygames for now) searching by filename
I know you’re being disparaging by using language like “bake into their identity” but everyone is “something” about “something”.
I’m “indifferent” about “roller coasters” and “passionate” about “board games”.
To answer the question (but I’m not OP), I’m skeptical about LLMs. “These words are often near each other” vastly exceeds my expectation at being fairly convincing that the machine “knows” something, but it’s dangerously confident when it’s hilariously incorrect.
Whatever we call the next technological leap where there’s actual knowledge (not just “word statistics” I’ll be less skeptical about.
In my opinion the difference is that a recent graduate knows to say “I don’t know” to questions they’re not sure on, whereas LLMs will extremely confidently and convincingly lie to your face and tell you dangerous nonsense.
My experience is that intellectual humility is a variable, not a universal.
Seen some students very willing to recognise their weaknesses, others who are hamstrung by their hubris. (And not just students, the worst code I've seen in my career generally came from those most certain they're right).
It’s astounding that 2 sentences generated this. (I used text-to-image and the prompt for a space marine in power armour produced something amazing with no extra tweaks required).
