mercutio: ant: it's probably more complicated than doing it with dns ant: mercutio: if you just want to block youtube, most probably mercutio: ant: it's anisfarhana that wanted to block youtube, but yeah. ant: mercutio: yeah, i didn't actually meant _you_ with "you" ;) mercutio: yeah
generic you brycec: heh ant: at my former school i once tried to block gaming sites and other non-school-realted stuff via the web proxy. but i ended up realising that one should try to solve social problems by technical measures brycec: For that matter, it's technically possible to filter https by examining the SNI in-transit and blocking the connection appropriately. (I'm not aware of any f/oss out there that does this, but I know how several firewall vendors do it) mercutio: brycec: that's an interesting idea.
i'm against blocking myself brycec: Even if it's blocking a botnet that uses https for control? mercutio: well botnets may pretend to be facebook or something :/
but yeah i'm not a big fan of dpi
it's too hard to keep up with brycec: (or another very legit use case, eg compliance or other "government rules") mercutio: and leads to too much complexity.
yeah there's a little danger in government enforced access blocks coming out more
already a lot of countries do dns blocking
sometimes forcing isp's hands. brycec: (I was referring to PCI-DSS compliance, but maybe that's not actually government-driven) ant: whoops. just realised that i said the opposite of what i meant...one should _not_ try to solve social problems by technical measures brycec: ^ makes more sense now mercutio: ant: we knew what you meant
well i knew at least :)
lots of workplaces monitor usage of facebook tehse days afaik
but people are shifting more and more to passive monitoring.
if people know that they're being watched they'll avoid detection
and someone using facebook ontheir phone at work is no beter than their office pc as far as time wasting
as long as disabling flash facebook is probably "reasonably safe" ***: qbit has quit IRC (Ping timeout: 264 seconds)
qbit has joined #arpnetworks
qbit is now known as Guest61504
Guest61504 is now known as qbit
qbit_ has joined #arpnetworks
qbit_ has quit IRC (Client Quit)
mnathani has quit IRC (Ping timeout: 252 seconds)
mnathani has joined #arpnetworks
mjp has quit IRC (*.net *.split)
toeshred has quit IRC (*.net *.split)
awyeah has quit IRC (*.net *.split)
jcv has quit IRC (*.net *.split)
anisfarhana has quit IRC (*.net *.split)
jcv has joined #arpnetworks
mjp has joined #arpnetworks
toeshred has joined #arpnetworks
awyeah has joined #arpnetworks
anis has joined #arpnetworks
ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Client Quit)
medum has quit IRC (Remote host closed the connection)
anis is now known as anisfarhana
anisfarhana has quit IRC (Changing host)
anisfarhana has joined #arpnetworks mkb: bdmail mnathani_: mercutio: doesnt have to be human readable compression (for that ipv6 listings) Perhaps only calculate a /64 listed out then we can multiply mercutio: weird google's just changed their dns infrastructure it seems
and www.google.com isn't working properly for me, which used to be a cname from www.google.co.nz
but www.google.co.nz now has a direct a record.
and the ip addresses on multiple dns all seemed to change, and the reverse lookups look different.
oh and now they're returning single records instead of like 8 ***: ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Client Quit)
medum has joined #arpnetworks mkb: mercutio, not here mercutio: mkb: it came right again. BryceBot: That's what she said!! mercutio: it was giving SERVFAIL
it seems there are a whole lot of 216 addresses suddenly when there were 74.125 ones before.
but i found something to do dns lookups around the world, and some people seem to have the older addresses still. i assume they're changing things around a bit ***: dj_goku has quit IRC (Read error: Connection reset by peer)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks