Hi David,
I think we're both going for
> I like to publicise it when I'm reminded that its use might help
> someone else fix any sort of problem.
so I snipped a lot; hopefully without messing up who wrote what.
On 4/27/19, David Wright <deb...@lionunicorn.co.uk> wrote:
> On Thu 25 Apr 2019 at 12:28:37 (-0400), Lee wrote:
>> On 4/25/19, David Wright <deb...@lionunicorn.co.uk> wrote:
>> > On Wed 24 Apr 2019 at 14:29:00 (-0400), Lee wrote:
>> >> On 4/24/19, David Wright <deb...@lionunicorn.co.uk> wrote:
>> >> > The value I get from Dan Pollock is the list of sites rather than
>> >> > the
>> >> > most elegant mechanism for handling that list. Looking at the
>> >> > comments
>> >> > in the list, and by comparing evolving versions, it does appear that
>> >> > Dan actively "opens holes" where people report interference or
>> >> > difficulties using certain legitimate sites.
>>
>> But the holes get opened only after someone reports a problem. If
>> you're using a host file, how do you figure out which host name(s)
>> being blocked are causing the problem?
>
> I guess the people who report the problem figure that out. Looking at
> the comments, they're not services that I use.
Some of the services are things I've used, or at least wanted to take
a look at, which is why I brought up
>> I never figured out an easy way to troubleshoot hostfiles & switched
>> to something that logged what all was blocked and allowed.
>
> That would be easy to check. I build /etc/hosts with a commandline:
>
> # cat /root/hosts-[0-9]-*[^~] | sed -e
> "/^[[:space:]]*192.168.1.[0-9]\+[[:sp
> ace:]]\+$HOSTNAME.corp[[:space:]]\+$HOSTNAME\$/s/[[:space:]]*\([0-9.]\+\)[[:sp
> ace:]]\+\(.*\)\$/127.0.1.1\t\2\t# \1/" > /etc/hosts
>
> so I would hide Dan's file (whose final destination is a file that
> matches /root/hosts-[0-9]-*[^~]) before rerunning that command.
That looks like an all-or-nothing on/off switch for your
ad/malware/etc. hosts file. Which isn't a problem if you've never had
a blacklist prevent you from getting to wherever it is you want to go,
but I've had blacklists block more than I want so I'd rather be able
figure out what needs to be allowed, fix the problem & keep everything
else blocked.
For a single host solution like /etc/hosts, I like
- privoxy so you can see what all is blocked/allowed
https://packages.debian.org/stretch/privoxy
- grab some blacklist files & turn them into a privoxy action files.
eg. something along the lines of
echo "{ +block{someonewhocares hosts file} }" > swc-hosts.txt
curl https://someonewhocares.org/hosts/hosts | grep '^127\.0\.0\.1 ' |\
sed -e 's/127\.0\.0\.1 //' >> swc-hosts.txt
# sanity checks, backup, whatever before
mv swc-hosts.txt swc-hosts.action
- create a privoxy whitelist action file for sites you don't want
blocked even if they show up in one of your blacklists
echo "{-block}" > whitelist.action
echo "localhost" >> whitelist.action
- add swc-hosts.action and whitelist.action to the privoxy config
- tell your browser to use 127.0.0.1:8118 as it's http & https proxy
You can leave privoxy logging enabled all the time if you're curious
or just turn it on as needed to figure out what needs to be allowed to
unbreak some website.
And you can do things like
{ +block{TLDs I probably don't want} }
.ad/
.biz/
.cn/
I've got one exception for
.cn/
three for
.biz/
and none for
.ad/
> I like to publicise it when I'm reminded that its use might help
> someone else fix any sort of problem.
Same here ;)
Regards,
Lee
