Those are all free products, some of them are pretty good. But free is the best business strategy to get a product to the top of the market. Are others better, are you willing to spend money to find out? Clearly, most people are not interested. The fact that they can destroy the market for many different types of software by giving it away and still stay profitable is amazing. But that's all they are doing. If they started charging for everything there would be better competition and innovation. You could move a whole lot of okay-but-not-great cars, top every market segment you want, if you gave them away for free. Only enthusiasts would remain to pay for slightly more interesting and specific features. Literally no business model can survive when their primary product is competing with good-enough free products.
Please don't conflate pain relief with impossible-to-avoid-murdering-your-mother-when-you-feel-better syndrome. /s
Seriously, if I wasn't in as much pain as I am in then I would be out hugging people. Not hiding in my house, sitting on my hands to numb them and so I avoid touching a mouse for fear of searing pain for several days.
I promise I won't lead a (further) reckless life just because my idiopathic pain of 20 years is gone.
And I wanted to concur with this. A great description of complicated topic. Just enough information in each section to get you ready for the next, nothing extra. Well done.
I've never looked at DOH as an attack on DNSSEC, though I suppose you could. I think the resistance is more about the big corporate and the Internet level DNS operators like Google's 8.8.8.8, they want to be able to manipulate DNS responses when necessary. I know, evil corporate IT Ops hijacking my HNN connection. No, not that.
Think about a coordinated effort by top tier DNS providers globally to stop a giant bot network by simultaneously 'hijacking' DNS responses for the command and control server host-names. In classic DNS this is easy, just intercept the requests at the LDNS provider and return a dummy server IP, all good.
That falls apart with DOH and DNSSEC. With DNSSEC you cannot forge a response to a client that strictly expects signed responses for a particular zone. And with DOH, the various corporate IT shops cannot inspect and 'hijack' the responses. Though, the DOH operator can still change the response. But that moves the capability outside of local corporate IT and into a multinational company that might not agree with your request to 'fix' a problem via assisted DNS hijacking.
So all of these new, safer DNS delivery methods do legitimately impact the ability of "good"* operators to protect the Internet. Is the trade off worth it to protect users DNS traffic versus being able to respond to threats? I think that protecting users daily traffic is net-net better as it is a steady state problem and state sponsored actors have the resources to subvert a population via DNS. But I also feel the loss of a tool to protect users at the same time. Things like this are never zero-sum.
Disclaimer: I work for Microsoft and although I don't operate DNS services as part of my job, I have spent a lot of time on this particular topic over the years. These are my opinions, not the companies. I welcome challenges to my opinions, that's how I learn.
Losing the ability to do this very specific mitigation seems a tiny price to pay for not having everybody's DNS requests have zilch for transit privacy and integrity all the time.
Yeah, the argument you are making about all keys being compromised doesn't make sense. You are leaving out a key assumption in your setup, and without it is not possible (for us) to accept the chained compromise you are describing.
This is a classic arms race. The hijackers back off for a while, but as is always the case in low-margin, low-regulation, low-consequence environments, bad actors will present a way to skim a tiny value out a massive amount of transactions. Give a percentage of that to the network operator, and take the rest home.
The network operators enable this behavior. It would be next to impossible for it to be useful (ROI wise) if they didn't intentionally support it with access to their networks. It doesn't need to be an arms race, but we refuse to regulate or punish anyone in this space. We waste massive amounts of resources detecting and counteracting the hijacking services. The human (developer) cost is where the big waste is here, not electricity.
Right! Around 2010, when this feature was implemented in Chrome, hijacking was a business model that was discussed in regular meetings. I recall one hijacker trying to sell themselves to the company that was 'complaining' about the hijacks.
"Buy us out and we'll stop, and you can use the tech on your customers?!?"
One of the boldest business proposals I've been party to. After a few deep breaths and some laughter, the offer was not taken. But that wasn't a one-off event. Spent a lot of time in early 2010's directly trying to protect customers from this stuff. Still do, but it's getting much harder with TLS-everywhere, HSTS, DOH, and many other things. Not impossible though, we can never let up on the pressure to keep the ROI too low for hijacking. The various network operators and ISPs that let these companies put racks in their data-centers to inspect user traffic should be <<insert_your_own_horrible_idea_here>>.
"so we are “flying blind” to quote a U.S. senator. "
Quoting a US senator on technology is not exactly a strong argument. Like arguing about email security and quoting a senator on the technology committee saying he has never sent an email.
In many cases senators are the least possible informed people on a topic, and are almost certainly not focused on the pure science of an issue. Quoting one of them pretty much means you are trying to sway me by using their position, not research.
Also, nothing that you quoted about 5G actually says it is unsafe. Saying that 2G and 3G are unsafe and that we don't know what 4G does, and that government doesn't want to investigate 5G, and that tumors of a certain type 'may be at least partially attributable' to cell phone radiation, and all of the other slights, all of that doesn't add up to 5G is unsafe.
This is the direct rebut to the article you linked, even from the same site.
> On the strength of epidemiological evidence, cancer fears are dangerously misguided: While American cell-phone usage has grown from virtually zero in 1992 to virtually 100 percent by 2008, there has been no indication that glioma rates have increased proportionally in the same period—a nonrelationship replicated by numerous other studies.
About the author
> David Robert Grimes is a cancer researcher, physicist, and John Maddox Prize–winning science writer. He is based at Dublin City University and is a visiting researcher at the University of Oxford. He advises, across Europe, on the public understanding of science, particularly on vaccination policy and combatting cancer misinformation. His first book, The Irrational Ape: Why Flawed Logic Puts Us All at Risk, and How Critical Thinking Can Save the World, is now available from Simon & Schuster UK.
Hmm, I was selling and installing a lot of Cell Phones in Silicon Valley in 1983 (C-Tell Cellular, Santa Clara), and we had an office in Sacramento that was doing even better than I was sales wise.
To characterize the nearly ten years of cell phone growth as "virtually zero" makes me seriously question the authors fact checking and thought process.
To whit: "While American cell-phone usage has grown from virtually zero in 1992 to virtually 100 percent by 2008"
That's anecdotal evidence. My anecdotal evidence is that I lived in a suburb of a major city on the east coast, and no one I knew had a cellphone until probably the mid-90s.
> a senator on the technology committee saying he has never sent an email
Senators who don't send emails don't do so because they don't know how to send emails -- they do it because they're doing seriously fucked up stuff and don't want a paper trail. As the fictional drug kingpin Stringer Bell says in The Wire -- "is you taking notes on a criminal fucking conspiracy?"
