This would not work. All the firewalls that I've encountered are configured to only allow UDP port 53. If you just have ssh listen on port 53 it will still be blocked because ssh uses TCP.

To do it properly, you really need to have the correct client and server that will make real DNS or ICMP packets that contain your data as a payload.

Why pay? Connect to their access point and tunnel all of your traffic over DNS or ICMP. The firewalls that they use rarely block ICMP and almost never block UDP port 53. All you need is to have a client installed on your machine and run a server out on the interwebs somewhere that is running the right server software and acts as a proxy. The tech to do this has been around for quite a while, and most linux distros have the clients and servers in their repositories. The main system used for DNS is called iodine and there are two different, very good ICMP tunnels that I know of. One is here and another here. If you search through your favorite linux or BSD distro's repository search for "ip over icmp" or "ip over dns" and you'll find what you need.

This article sounds like the DICKS plugin for nmap that was described in this issue of hakin9. This was a beautiful trojan horse.

Not sure that I entirely agree. Keeping a hosts file up-to-date introduces a security vulnerability. The hosts file can do much more damage than a list kept by a browser plugin. Additionally, I'm not convinced that what you're saying is true (it could be your presentation that is poor: next time use English sentences, you will convey your point in a more clear way).

When you enter a URL in the browser, it issues a GET request, then the plugin parses the response and allows the browser to make subsequent requests depending on the list it keeps. As long as you're not keeping too large a list, it shouldn't impact the speed of your browser.

From a security and sandboxing perspective this paradigm is much more secure than running all the variety of services on one instance or server. If you use FreeBSD jails it becomes even more secure because each jail only has the resources and libraries available to run the single application that you want to run. The whole resource argument is a non-starter. You are thinking in terms of old hypervisors that don't do memory deduplication. Most all modern virtualization environments do this and allow you to run a very large number of VMs with very little cost. There is a great video from ShmooCon this year that describes this technology excellently. You should fast forward to 6:33 to skip straight to the pertinent section of the talk. Then fast forward to 24:50 to see a demonstration of this technology in action (KVM's version).

I haven't seen ads or trackers for a very long time. Every once in a blue moon one slips through my combination of AdBlock and Ghostery, but I always report it so they can add it to the block list. All I see is a little number representing how many cooties were blocked for the page I'm on. Hopefully everyone does something like this and the commercial internet dries up and withers away.

FAQ much? There is no central source repository for OpenZFS. Each supported operating system has it's own repository. The previous also has a link to the source tree for each of the supported projects under the umbrella.

Just to reiterate this. Everything is basically tainted at this point. We need to redo tons of standards and we need to exclude the US government from having a seat at the table.

Nobody is completely safe. Even OpenBSD. In light of these new Snowden docs, the following post by the OpenBSD author makes quite a lot of sense. Theo is accusing certain developers of being paid to backdoor the OpenBSD IPSEC stack dating back to 2000/2001 which coincides with the current revalations.

Theo de Raadt's post to the openbsd-tech mailing list.

I use Chrome on Kubuntu which does store its passwords in Kwallet. However, kwallet can have multiple wallets. You are not being forced to store Chrome's passwords in the same wallet that the system stores its passwords at all. The new secretservice libraries and utilities are not stable yet, but when they are, the back end storage for kwallet will be the same back end as gnome.

I predict that this will advance the science of cyberdildonics to the max. I can see all sorts of uses for this type of thing.

If you're playing a file locally, there won't be any packets for you to inspect with wireshark. The browser is opening a file handle and reading data from the file handle.

Do you have a Roku? You can't stream your own content with Roku either, so it essentially the same, just a different manufacturer.

They definitely don't want you to be able to stream your own content. There's a chance that your own content includes pirated stuff, so that will never happen.

I'm not sure why people here want M$ to change their act and get back in the game. I for one am quite happy with M$ being irrelevant and staying that way. Do any of you really want M$ to catch up and become dominant again?