Clarified: it's server-side encryption with per-user keys, not true E2EE. Added https://quickclip.space/data-security explaining the approach. Open source is under consideration. Thanks for pushing for transparency.
SimpleWindowSwitcher looks like a good alternative, unfortunately on my side I think I would prefer switching between all windows of all apps rather than have two different shortcuts for "switch between windows of the current app" and "switch between apps" (but that's just a personal preference).
ExplorerPatcher looks cool too, though patching explorer is probably a no-no in corporate setups.
I also saw https://github.com/kvakulo/Switcheroo which I was curious to try (although it's not an exact replacement either) but never got to it (also seems quite old).
This change annoyed me too, enough to look up a solution, but not enough to actually install anything to work around it. I have this thread bookmarked, where someone implemented it in AHK, so if you're running that already it might be worth a try: https://www.elevenforum.com/t/classic-alt-tab-reincarnation....
I discovered Switcheroo two weeks ago and seeing it abandoned with over 30 forks with relevant commits made me want try to consolidate the forks and add my own flavor to it:
> Other companies, such as Google and Cloudflare, have the technical means to restrict the blockades to France, but not all providers can do so easily. That includes Quad9, which had no other choice than to apply the French blocking request worldwide.
Just quoting the article, can anyone weigh in on the costs/complexity of a public DNS resolver implementing geo-fencing?
> can anyone weigh in on the costs/complexity of a public DNS resolver implementing geo-fencing
I was a small part of the original team that built OpenDNS. I also operate a less well known public resolver now.
DNS is extremely latency sensitive. You have basically a 20ms budget to work with, which includes the time the request and response traverse the internet. It is also extremely high volume, a large public service like Quad9 could easily see single digit millions of requests per second.
There is nothing that technically prevents you from doing geofencing. Cisco has the money to absorb the costs of the additional overhead - but I could not. My first stab at the problem would be to simply shut down my servers in France to try to get out of the legal jurisdiction. I don't know if that would be sufficient without paying for a lawyer.
Quad9 absolutely has a valid argument here and it pushes more of our public infrastructure into the centralized hands of a small number of players because people like me can't afford to just run free shit on the internet anymore.
There are multiple free and paid geoip databases, from $0 to $1000 a year, depending. Then an hour to write a script to add iptables rules from the database for the country of choice. (Example: https://gist.github.com/asheroto/934e056a302adda334077f0c85c...)
I don't know what is unique about Quad9 that they couldn't do this, but it's possible they have some technical limitation
There's likely a performance impact that is significant at that scale. If they're blocking 670M DNS requests a day, they're likely doing 10-100x that overall.
Have you implemented something at that scale to say this is no big deal for them to do? And what about when 180 countries want their own list and maybe even states, providences, etc do as well?
Who's blocking 670M requests a day? Which requests? From all of France to Quad9? Or all of the whole world's requests to Quad9? It doesn't say anything about that in the article... In any case, 670M DNS requests a day * ~512 bytes (a DNS request is much smaller than this) = 31.76Mbps. Not a tiny amount of traffic, but doable for 1 server.
Assuming this is total blocks for all of Quad9 globally? Spread this over 4 nameservers in a region (assuming anycast), with let's say 4 global regions (to be conservative)? That would be 1.985Mbps per server. That's (max!) 484 DNS requests per second, with 1/500th the bandwidth.
DNS is probably the fastest protocol on the internet other than ICMP. You can handle a ton of traffic with minimal hardware. Bump up the CPU to handle more interrupts/iptables rules. Buy a NIC with packet offload for even less CPU use (thus handling more requests). And eBPF & XDP would be much faster than netfilter.
If you were already gonna accept the request, process it, and send back a reply, dropping the packet doesn't cost you anything. It actually saves bandwidth, tx interrupts, and possibly CPU cycles.
Netfilter is plenty fast, when configured sensibly. You'd probably want script to populate a "hash:net" ipset instead, and have just one iptables rule:
You seriously underestimate how fast modern CPUs are, especially considering how many distributed servers OpenDNS runs on. There’s no meaningful performance impact to be found here.
Also keep in mind we’re talking about Cisco here and not some Ruby on Rails shop.
Anyway, I’m a big fan of the “fuck country $x” approach
Is there a way to authenticate without a browser? (For when we're developing on a headless machine or a remote machine via vscode->ssh, and the callback to localhost can't fire from our client machine)
I've tried launching via
`NO_BROWSER=true embedder` but this doesn't seem to change the auth flow
.>client apps are not open source
.>data-deletion page seems to imply servers are storing images/files copied to the clipboard
.>"end-to-end encrypted" in the marketing materials.