Yes. Yes, of course they do. Check for example https://crt.sh with your domain name to see the glorious public history of everything the certificates tell about your domain.
Not spam, but it could be discussed on that site. Lots knowledgeable people on that site. Although not so much discussion of low level firmware issues. A issue that I would have liked to change , as I think firmware and its discussion etc is very relevant to camera and performance.
Came here to post the same reference. The good thing about this repo is that you can configure everything in the .tmux.conf.local. I have this synced to all my machines using syncthing and symlinks to the user directory.
I also have my own keybindings, styling etc. - but this is an awesome base to get started.
The actual source is this: https://community.ui.com/releases/UniFi-OS-Server-4-2-23/21d... but only accessible if you opt-in to the Unifi Early Access program. We are talking beta software / first release here, so any criticism needs to be looked at through that lens.
Look up the numbers. OpenAI actually loses money on every paid subscription, and they’re burning through billions of dollars every year. Even if you convince a fraction of the users to pay for it, it’s still not a sustainable model.
And even if it was the highest profit branch of the company, they still would see a need to do anything possible to further increase profits. That is often where enshittification sets in.
This currently is the sweet phase where growing and thus gaining attention and customers as well as locking in new established processes is dominant. Unless the technical AI development stays as fast as in the beginning, this is bound to change.
I actually wondered about this myself, so I asked Gemini with a long back and forth conversation.
The takeaway from Gemini is that subscriptions do lose money on some subscribers, but it is expected that not all subscribers use up their full quota each month. This is true even for non-AI subscriptions since the beginning of the subscription model (i.e. magazines, gamepass, etc).
The other surprising (to me, anyway) takeaway is that the AI providers have some margin on each token for PAYG users, and that VC money is not necessary for them to continue providing the service. The VC money is capital expenditure into infrastructure for training.
Make of it what you will, but it seems to me that if they stop training they don't need the investments anymore. Of course, that sacrifices future potential for profitability today, so who knows?
That’s just a general explainer of subscription models. As of right now VC money is necessary for just existing. And they can never stop training or researching. They also constantly have to buy new gpus unless there’s at some point a plateau of ‘good enough’
The race to continue training and researching, however, is drive by competition that will fall away if competitors also can't raise more money to subsidise it.
At that point the market may consolidate and progress slow, but not all providers will disappear - there are enough good models that can be hosted and served profitably indefinitely.
For some uses, sure. But for plenty of uses that can be provided in context, RAG, or via tool use, or doesn't matter.
Even for the uses where it does matter, unless providers get squeezed down to zero margin, it's not that new models will never happen, but that the speed at which they can afford to produce large new models will slow.
That's the source you chose to use, according to you.
You don't mention cross-checking the info against other sources.
You have the "make of it what you will" at the end, in what appears to be an attempt to discard any responsibility you might have for the information. But you still chose to bring that information into the conversation. As if it had meaning. Or 'authority'.
If you weren't treating it as at least somewhat authoritative, what was the point of asking Gemini and posting the result?
Gemini's output plus some other data sources could be an interesting post. "Gemini said this but who knows?" is useless filler.
The mediocre AI summaries aren't promoting Gemini when you can't use them to start a chat on Gemini. They effectively ads and search results for no benefit.
"excited" and "designed to elevate your experience" is such a weird way to put this. They are introducing more monetization options, which is their right to do. But different monetization options and discontinuation of a free-tier does not elevate anyone's experience.
NYT is a good example though - I will not pay for a subscription, since I really don't consume it that much. But I would LOVE to pay for an article / a podcast here and there. Let me pay 50c for this one article and I'd gladly pay for it. Unfortunately this doesn't fit the subscription model and publishers are too afraid (I assume) to offer this additional model since there are a lot of subscribers also paying the full subscription fee and not using the service a lot (just like me).
I became a bit disillusioned with quad9 when they started refusing to resolve my website. It's like wetransfer but supporting wget and without the AI scanning or interstitials. A user had uploaded malware and presumably sent the link to a malware scanner. Instead of reporting the malicious upload or blocking the specific URL¹, the whole domain is now blocked on a DNS level. The competing wetransfer.com resolves just fine at 9.9.9.9
I haven't been able to find any recourse. The malware was online for a few hours but it has been weeks and there seems to be no way to clear my name. Someone on github (the website is open source) suggested that it's probably because they didn't know of the website, like everyone heard of wetransfer and github and so they don't get the whole domain blocked for malicious user content. I can't find any other difference, but also no responsible party to ask. The false-positive reporting tool on quad9's website just reloads the page and doesn't do anything
¹ I'm aware DNS can't do this, but with a direct way of contacting a very responsive admin (no captchas or annoying forms, just email), I'd not expect scanners to resort to blocking the domain outright to begin with, at least not after they heard back the first time and the problematic content has been cleared swiftly
Oh hey, didn't expect this to actually be seen by many people, let alone you guys!
There was no ticket number yet because I was mainly trying to resolve it upstream (whoever made it get into uBlock's default block list, Quad9, and probably other places) and then today when I checked your site specifically, the link in "False Positive? <Please contact us>" (when you do a lookup for a blocked domain) just links back to itself so I couldn't open a case there either. Now that I look at the page again, with the advice in mind from a sibling comment to just email you, I now see that maybe this is supposed to go to the generic contact form and I needn't go through this domain status page. Opening the contact page now, I see that removal from blocklist is a selectable option so I'll use that :)
The ticket number I just submitted is 41905. Not that I'd want you to now apply preferential treatment, I didn't expect my post above to be seen by many people though I very much appreciate that you've reached out here. Makes me think you're actually interested in resolving this type of issue for small website operators, where the complete block without so much as a heads up felt a bit, well, like that might not get me anywhere. If the process just works as it normally should, that's good enough for me! Thanks for encouraging me to actually open a ticket!
Glad to hear you were able to submit a ticket! The website form wasn't working a brief time ago. But YES, we want to help! You can DM me in the fedi if you need anything: https://mastodon.social/@quad9dns
I've been the victim of similar abuse before, for my mail servers and one of my community forums that I used to run. It's frustrating when you try to do everything right but you're at the mercy of a cold and uncompromising rules engine.
In the ticket I just opened (see sibling thread), I asked which blocklist my domain was on. Maybe let's see what comes out of it, perhaps they can improve the process (e.g. drop that blocklist, or notify the abuse record of domains which they're blocking so that domain owners are at least aware of where they can go to fix things)
I don't see contact info on your profile or website/blog, but I can post here what the outcome is
You can use it, you just need to set the DNS over HTTPS templates correctly, since there's an issue with the defaults it tries to use when mixing providers.
DNS over HTTPS adds a requirement for an additional field - a URL template - and Windows doesn't handle defaulting that correctly in all cases. If you set them manually it works fine.
It's using DNS over HTTPS, and it doesn't default the URL templates correctly when mixing (some) providers. You can set them manually though, and it works.
This "URL template" thing seems odd – is Windows doing something like creating a URL out of the DNS IP and a pattern, e.g. 1.1.1.1 + "https://<ip>/foo" would yield https://1.1.1.1/foo?
If so, why not just allow providing an actual URL for each server?
It does allow you to provide a URL for each server. The issue is just that its default behavior doesn't work for all providers. I have another comment in this thread telling the original commenter how to configure it.
Could you show a citation? Your statement completely opposes Quad9's official information as published on quad9.net, and what's more it doesn't align at all with Bill Woodcock's known advocacy for privacy.
It doesn't say they sell traffic logs outright, but they do send telemetry on blocked domains to the blocklist provider, and provides "a sparse statistical sampling of timestamped DNS responses" to "a very few carefully vetted security researchers". That's not exactly "selling traffic logs", but is fairly close. Moreover colloquially speaking, it's not uncommon to claim "google sells your data", even they don't provide dumps and only disclose aggregated data.
Disagree that it's fairly close to the statement "they resell traffic logs" and the implication that they leak all queried hostnames ("secret hosts, like for your work, will be leaked"). Unless Quad9 is deceiving users, both statements are, in fact, completely false.
>and the implication that they leak all queried hostnames ("secret hosts, like for your work, will be leaked").
The part about sharing data with "a very few carefully vetted security researchers" doesn't preclude them from leaking domains. For instance if the security researcher exports a "SELECT COUNT(*) GROUP BY hostname" query that would arguably count as "summary form", and would include any secret hostnames.
If you're trying to imply that they can't possibly be leaking hostnames because they don't collect hostnames, that's directly contradicted by the subsequent sections, which specifically mention that they share metrics grouped by hostname basis. Obviously they'll need to collect hostname to provide such information.
I'm implying that I'm convinced they are not storing statistics on (thus leaking) every queried hostname. By your very own admission, they clearly state that they perform statistics on a set of malicious domains provided by a third party, as part of their blocking program. Additionally they publish a "top 500 domains" list regularly. You're really having a go with the shoehorn if you want "secret domains, like for your work" (read: every distinct domain queried) to fit here.
>I'm implying that I'm convinced they are not storing statistics on (thus leaking) every queried hostname. By your very own admission, they clearly state that they perform statistics on a set of malicious domains provided by a third party, as part of their blocking program.
Right, but the privacy policy also says there's a separate program for "a very few carefully vetted security researchers" where they can get data in "summary form", which can leak domain name in the manner I described in my previous comment. Maybe they have a great IRB (or similar) that would prevent this from happening, but that's not mentioned in the privacy policy. Therefore it's totally in the realm of possibility that secret domain names could be leaked, no "really having a go with the shoehorn" required.
We are fully committed to end-user privacy. As a result, Quad9 is intentionally designed to be incapable of capturing end-users' PII. Our privacy policy is clear that queries are never associated with individual persons or IP addresses, and this policy is embedded in the technical (in)capabilities of our systems.
It is about the hostnames themselves like: git.nationalpolice.se but I understand that there is not much choice if you want to keep the service free to use so this is fair
Is that really a concern for most people? Trying to keep hostnames secret is a losing battle anyways these days.
You should probably be using a trusted TLS certificate for your git hosting. And that means the host name will end up in certificate transparency logs which are even easier to scrape than DNS queries.
> When your devices use Quad9 normally, no data containing your IP address is ever logged in any Quad9 system.
Of course they have some kinds of logs. Aggregating resolved domains without logging client IPs is not what the implication of "Quad9 is reselling the traffic logs" seems to be.
Thats more clear, I get your point now. Again, though, that's not how most people would read the original comment. I've never even contemplated that I might generate some hostnames existence of which might be considered sensitive. It seems like a terrible idea to begin with, as I'm sure there are other avenues for those "secret" domains to be leaked. Perhaps name your secret VMs vm1, vm2, ..., instead of <your root password>. But yeah, this is not my area of expertise, nor a concern for the vast majority of internet users who want more privacy than their ISP will provide.
I am curious though, do you have any suggestions for alternative DNS that is better?
I use Google DNS because I feel it suits my personal theory of privacy threats. Among the various public DNS resolver services, I feel that they have the best technical defenses agains insider snooping and outside hackers infiltrating their systems, and I am unperturbed about their permanent logs. I also don't care about Quad9's logs, except to the extent that it seems inconsistent with the privacy story they are selling. I used Quad9 as my resolver of last resort in my config. I doubt any queries actually go there in practice.
It could be some subdomain that’s hard to guess. You can’t (generally) enumerate all subdomains through DNS, and if you use a wildcard TLS certificate (or self-signed / no cert at all), it won’t be leaked to CT logs either. Secret hostname.
Examples:
github.internal.companyname.com
or
jira.corp.org
or
jenkins-ci.internal-finance.acme-corp.com
or
grafana.monitoring.initech.io
or
confluence.prod.internal.companyx.com
etc
These, if you don't know the host, you will not be able to hit the backend service. But if you know, you can start exploiting it, either by lack of auth, or by trying to exploit the software itself
I get the spirit of the DMA. I get the whole designation of gatekeepers and do agree Apple is a closed ecosystem. What I don't understand are the implementation details and I always hear "it is complex".
Let's stick with earbuds or watches, where the argument (e.g. Garmin) is that they can't create functionally equal devices to AirPod / Apple Watch, because not all APIs are open. I understand this point, since yes, Apple has a lot of internal implementation that only Apple can use for their devices. What I don't understand is the EU's standpoint of "just opening it up(!)". Let's say Apple would allow everyone to use all APIs to communicate with their AirPods/Apple Watches. Assume everything is open now - wouldn't that create chaos?
Another vendor could implement everything Apple does and release similar AirPods or Watch with whatever hardware quality - but what happens when Apple changes their internal implementation? Changes the implementation every week, because they optimize for THEIR devices. There is no official ISO standard, Bluetooth standard or whatever standard they are adhering to, they would just open up their implementation. I assume the EU would then say "this is against the spirit of the DMA, do not change your implementation so often", but this would seem like a very long cat and mouse game (it already is a very long process).
Why doesn't the EU define some interoperability requirements that gatekeepers need to adhere to in the EU market? This would make it easier for everyone. I don't get why it always is just the talk about "open it up" - that would be a start in terms of interoperability, no doubt, but that isn't the solution is it?
> Assume everything is open now - wouldn't that create chaos?
Yeah, but equal chaos to all. In the end the achievable experience for Samsung and Apple earbuds need to be the same. It does not need to be the best one.
If Apple wants to have the best experience, they should create for each improvement a new API version and tell it in reasonable advance to their competitors to allow them to equal the playing field.
That's a valid point. Equal chaos to all I haven't thought about. It would still mean that Apple would dictate the terms of any changes, but it would open up the possibility to implement changes for everyone.
And Apple is responding by not shipping features into the EU that it believes it will be forced to “standardize” and document for others’ use, like iPhone mirroring to Mac.
"forced to standardize" - I really haven't thought about it this way, but then it totally makes sense for Apple to cripple their products in the EU (and other markets with similar requirements) making it in turn a worse experience for all consumers.
Not what the EU intended, since this is supposed to be pro-consumer. Ultimately may lead to less sales since the products maybe be worse without all features.
Sorry, reading that back I could have worded that better. I think sometimes security groups also have a vested interest in making their findings sound complex or at least as accomplished as plausible as a showcase for their work (understandable), but I was (at least in my head) playing off the idea that news around Microsoft security in general also has a canny knack for either being played off as sophisticated or simply buried when it is often either down to poor product design or security practices.
> security groups also have a vested interest in making their findings sound complex
Security person here. I always feel that way when reading published papers written by professional scientists, which seem like they can often (especially in computer science, but maybe that's because it's my field and I understand exactly what they're doing and how they got there) be more accessible as a blog post of half the length and a fifth of the complex language. Not all of them, of course, but probably a majority of papers. Not only aren't they optimising for broad audiences (that's fine because that's not their goal) but that it's actively trying to gatekeep by defining useless acronyms and stretching the meaning of jargon just so they can use it
I guess it'll feel that way to anyone who's not familiar with the terms, and we automatically fall for the trap of copying the standards of the field? In school we were definitely copied from each other what the most sophisticated way of writing was during group projects because the teachers clearly cared about it (I didn't experience that at all before doing a master's, at least not outside of language or "how to write a good CV" classes). And this became the standard because the first person in the field had to prove it's a legit new field maybe?
reply