None of the sites I visit regularly which serve up ads give me an cheap and easy alternative that is comparable to how I'd buy a newspaper. (i.e. I shouldn't have to signup, verify-email, enter cc-details, or setup a monthly subscription)
If I was able to just click a button in my browser to debit me a few cents - in a way comparably simple with giving a newspaper vendor a 25c coin - I'd use it all the time.
It's a false dichotomy to pretend that the alternative to ads is a monthly-subscription / members-access-paywall, and it's a strawman to suggest that hating the former requires submitting to the latter (or vice-versa).
I don't want ads or paywalls, but both of these are new. I'm more than happy to pay for content in the way we used to pre-Internet. And if we could find a way to do that online, we wouldn't have to put up with ads.
That doesn't have to be the case though.
In the past content usually cost some small sum of money prior to consumption rather than being fully ad-supported: you paid a few cents for a newspaper, and everyone was OK with that.
Realistically I think most people would still be willing to pay for online content. If a cool blog post cost 5c to view, you'd probably pay it. If reading the news today cost you 20c, would you really object?
The reason paywalls fail isn't because people don't want to pay. It's because paying is still really annoying. I'd be happy to give the Washington Post 5c to read an article, but I'm not happy to set up an account and a password and confirm my email and attach my credit card and a subscription and then ten minutes from now maybe be allowed to read the article.
I have no doubt that the web could be funded without adverts - just like newspapers used to be funded mainly by content-purchases not adverts. The problem is that at the moment the web is funded with adverts, and that makes it hard for any browser to globally disable them without getting content makers to ban you for failing to remunerate them for their content.
There will never be a delay, because the network cost of performing a UDP roundtrip to an upstream DNS server will always dwarf any local in-memory lookup through the hosts file.The "performance cost" is a red-herring made-up excuse by the person Noel was talking to because Noel called them out on their BS that using a "hosts file" is somehow "wrong".
Much as I'd love them to do that, the result would be an enormous number of high profile websites would start blocking Internet Explorer. Sadly ads aren't just the revenue stream for Google, it's the revenue stream for lots of websites as well. And once people can't use IE to browse the sites they love, they'll shift to another browser.
I seriously hate the fact that ads are the revenue stream for the web, but Microsoft killing them off by shoving adblock into their browser is a recipe for killing IE, not for killing ads.
I think the world is just getting intellectually disturbed. Not just video gaming but reality TV, pop stars, celebs, whatever. It seems so much of the masses is obsessed with the most petty and pointless distractions, and maybe I'm getting older but it feels like this "culture" is getting more prominent. I mean it was possible to find like actual history on the History Channel and TLC standed for the Learning Channel and not the HoneyBooBoo channel at one point. Video games were always a distraction and a vice, don't get me wrong. But they've also feel like they've been increasingly idiot'ifed too if you know what I mean. Except for a few gems like Kerbal Space Program of course. Microsoft if would bundle KSP with Windows, I assure you the response to something like that would be extremely positive.
Then stop watching trash. There's plenty of good stuff out there if you reach for the remote. Hell, you could even turn it off and read a book.
That security person doesn't know what they're talking about. There's no negative security impact of sinkholing advert/malware sites.
If a "self-proclaimed security expert" tells you not to do something because it's not secure, but when pressed says "because performance", odds on you can safely ignore them. "Performance" is never a security reason not to do something on your personal computer.
The one caution I'd add, is be careful not to dupe yourself into thinking that sinkholing domains is going to make your machine magically safe. Malware writers constantly change the set of domains they use. Sinkholing servers via the hosts file also won't help you sinkhole webservers accessed by IP-address, only those which are accessed by a domain name.
For that reason the most effective way to sinkhole malware sites is to run anti-virus software. AV vendors have full-time staff that constantly update lists of known bad malware sites, so their list will always be more complete than your list, and they have a better chance of catching known malware being downloaded from a new, unsinkholed website.
But so long as you don't rely on sinkholing via the hosts file to magically solve all of your computer security needs, and you take sensible precautions elsewhere on your system (like keeping your software up-to-date), there's nothing inherently wrong with sinkholing malware and advert sites via the hosts file.
If the file is kernel32.dll or ntdll.dll or user32.dll and so on, the list of applications that are using the file is all of the processes.
This is why Windows tends to need to reboot your machine to do updates, but ordinary applications (like Chrome) only need to restart some top-level application.
May 14, 2015 at 1:49 PM
A cloud provider's security team dwarfs many IT departments.
Yes, but they're looking after the cloud machines, not the customer apps running on them.
This is one mistake that rankles at me. "Move to the cloud and we'll be more security" - nope, if the app you're moving has XSS, SQL injection or any of the other myriad points of failure those will still exist. For example cloud DoS support is normally about keeping the cloud infrastructure up, not your actual app.
Sure. But your server won't get pwned with bugs that Windows Update patched months ago if you're hosting in the cloud (not as VMs). And some categories of bug become much less severe in the cloud as well: a macro in a word document is much more dangerous when opened with Office 2007 than when opened with Office 365 because of where the internal script is run (i.e. not on your desktop, but in some sandbox environment in the cloud).
The cloud doesn't make you magically secure, but it's disingenuous to suggest it has no security benefits either.