58 comments

[ 3.1 ms ] story [ 175 ms ] thread
I don't like the fact that mainstream publications (NYT, WSJ, Grauniad) show up on HN this often, especially the paywalled ones, but at this point just have your browser forge referrals for WSJ and always tell it you're coming from Google.

There's refcontrol[1] for Firefox. There are other options for Chrome[2].

[1] https://addons.mozilla.org/En-us/firefox/addon/refcontrol/

[2] https://news.ycombinator.com/item?id=9531941

I'm curious as to why people on HN upvote WSJ stories so much. The WSJ version of this story has more upvotes than other publications. Do the HN readers who upvote this paywalled stuff actually pay for WSJ subscriptions?
It's because "people on HN" is not a monolithic group.
Many more people on HN upvote WSJ stories over similar stories on other publications. So "people on HN" is accurate, as it appears to reflect the majority opinion here.
1. Don't link paywall articles like that, it's really annoying.

2. Is it sad that while OpenDNS has been a handy stopgap for me while I get other options in place, my first thought is "well, there goes OpenDNS..."

I spent quite a bit of my earlier tech days as a Cisco admin, so I have grown to hate them with a fiery passion only reserved for entities that buck/subvert standards and license companies to death because they have market dominance.

> 2. Is it sad that while OpenDNS has been a handy stopgap for me while I get other options in place, my first thought is "well, there goes OpenDNS..."

I'm quite happy with dnsmadeeasy. It's a paid service, but cheap enough to compete with the time cost of me setting up DNS on my own servers.

Slowly, I've been more and more adept of paying for the services I do use. Also, more and more, there are good SaaS offerings at the price point that doesn't make me think too much about the expense (up to 50USD/year).

This is an interesting buy for Cisco. The corporate/small business tier of OpenDNS looks like a good fit with some of their products.

But do they have any other freemium services like the personal/family tiers of OpenDNS? I can't think of any.

Cisco also plans to go big on IoT and this will integrate nicely.
And there goes the "Open" part of OpenDNS. With Cisco's strong ties to the NSA and with its general attitude of supporting censorship in many countries around the world, I'd stay away from using OpenDNS' servers from now on.

I think https://www.opennicproject.org is a nice alternative.

I'd probably be very vigilant about their future contributions to Libsodium as well.

What was open about it? I always felt weird with the combination of 'open' in the name and then tracking and advertising heavily.
Its never been Open. Its a proprietary service now and will be after the acquisition.
libsodium is a personal project that has nothing to do with them. I don't even think they are using it for anything.

Being paid to work on opensource projects is a dream of many, but it rarely happens :(

FYI, opennic is far more than just an alternative resolver to OpenDNS. OpenNIC is running an alternative set of roots, with TLDs that aren't agreed to by the regular DNS-managing bodies (like ICANN). That may be fine with you (opinion on ICANN's handling of new TLD's is a subject for another time), but be aware that you're seeing a different DNS with opennic than you would be with OpenDNS or google's 8.8.8.8
Sometimes I think there are literally people working for the shitty WSJ posting here
Wonderful, another product for Cisco to buy and ruin (see Linksys). OpenDNS was good because it offered an alternative choice to Google's DNS and allowed you to do basic parental control filtering at the DNS level (which is surprisingly effective).
(comment deleted)
Damn, I thought OpenDNS would merge with CloudFlare and then take over Avast to create a new cloud security giant... :-/
I bet their employees are rich now and the culture is going to be even better than ever.
I sincerely hope that Cisco keeps the OpenDNS Home free offering around, as it's by far the best filtering service for families I've used. Sign up, block inappropriate categories through the service, and point your router to the DNS IPs and you're done. (Oh, and grab the IP autoupdater.) Keeping the kids (and adults) safe is my favorite aspect of OpenDNS.

From the "we just got acquired" FAQ:

> The free service will continue to operate. It’s part of who we are, and Cisco loves who we are. We wouldn’t have entered into this agreement if we believed our free service would be in jeopardy. On contrary, Cisco’s commitment back to you is to maintain OpenDNS’s DNS services exactly as it is today. In their words: “This level of service for all users is a priority.”

> In their words: “This level of service for all users is a priority.”

And were those words in a press release, or a contract?

> If we believed our free service would be in jeopardy. [emphasis added]

Oh look, good intentions. I'm sure everything will be fine then. </sarc>

Question: if it's based on bad experience, repeated ad nauseam, is it still called cynicism?

I was part of a company purchased by Cisco 2 years ago that has an open source component (Snort[0]). Cisco is continuing to invest in the open source product since it acquired Sourcefire. The big things being Snort 3.0 [1] (rewrite to allow multi-threading inside a single process), and OpenAppId[2] (application detection using Lua). These are things they could have kept internal but they continued to invest in the open source version. I think Cisco realizes that giving some stuff away with opensource helps build confidence with the tech community, it would be stupid for them to kill off these kinds of products and services.

[0] https://snort.org/

[1] https://snort.org/snort3

[2] http://newsroom.cisco.com/release/1354502

That's promising, and I'm glad to hear it. And, while it's certainly prudent of them, they seem like an outlier in that regard.

To me the discussion is more about the principle: we're relying on Cisco's (or whoever else's) benevolence (and/or competence).

Without writing an essay on the stakeholder theory of value, I just want to say that it'd sure be nice if the users of a service were regarded in some way that's more formal than an FAQ & reassurances.

Curious, what are the worries you're keeping kids safe from? I've got two daughters, now 7 and 8, and since they were born they've had unmonitored, unfiltered[1] IP connectivity. My parents did the same (well, with BBSes at first). The only thing I've ever wanted to filter out is the "kids" stuff since it's often so bad (e.g., Netflix for kids has lots of dumb shit, or those Flash games my kids like so much are ... low quality.) What am I missing?

(If auto updates are on, that pretty much eliminates exploits installing malware. (Assuming no one's gonna waste a 0day to install some spam/ad junk.))

1: The only filtering is client side, an ad blocker so they don't grow up accustomed to adverts. And just for general sanity - the web's rather obnoxious otherwise.

Yeah, well, seeing how you turned out, that's not much of a recommendation ^_^!

Seriously, you need to get back to us in a dozen, dozen and a half years, before you can speak with any authority about your approach to your kids and today's Internet.

The comment is phrased as a question, not a recommendation. (Although I could see how a recommendation could be inferred.)

What specific issues do you have with the poster's approach to his kids' internet access?

No specific issues, it's not an issue I've thought about. And however the phrasing, that this is the policy he's using with his own kids has to count as something of a recommendation.
I'm not speaking with much authority. I'm querying why people are so ... worked up? Over filtering and making sure kids are "safe". Even in the mid nineties this was a massive concern, so it's not new. I've just never found anything that scary, so I'm wondering what people are concerned about when they see 8 yr olds on the net.
Perceived control is a hell of a placebo.
It's not just perceived control - it's the reenforcement. We all speed, but we always speed just a bit over the limit. Raise the limit, people raise their speed.

10 year olds goaded on by friends shouldn't be looking at the kinds of materials that are 18+ on the net today. Heck, most of Reddit isn't appropriate for growing minds.

In a word: pornography.

Occasionally, even with Safe Search turned on, images that I don't want my children seeing will pop up under oddly innocuous searches. And it's easy to accidentally stumble upon it, especially to untrained searchers.

Now I know people will have varying opinions about the subject, but I for one (and I know I'm not alone) don't want to view pornography, and certainly don't want my children viewing it, so a filtering service like OpenDNS is awesome. Beyond pornography, there's a lot of other good stuff that you can restrict as well, like hate/discrimination sites, dating sites, etc.--stuff that I don't need and don't need my kids getting involved with an online dating site right now.

I'm much more worried about my son stumbling onto a beheading than porn, but I suppose to each his own. Obviously one good thing about any kind of imposed filtering is that inspires the little ones to figure out how to bypass it... which is at least good for their development in some ways.
The Windows Live Family Safety filter that was installed on my first internet connected computer taught me how to kill processes and manipulate startup entries on Windows.

Oddly enough, my only experience with OpenDNS is from me convincing my parents to let me try to set it up on the family router because I broke the other control (which makes no sense from a protection / censorship perspective).

Well it's like employers that seek technical solutions to administrative issues. Ineffective and only makes sense for CYA liability.

If your kids are going on dating sites and dating unacceptable people or whatever - well how is that different than real life? Or as another poster wrote, about viewing beheadings. If my kids decide they want to watch such things, I suppose they'll find a way. I'd be more concerned why they wanted to watch it; isn't that the real problem, not the technical means on how they accomplish it? (Well I suppose beyond once out of curiosity.) I'd be just as upset to find them torturing small animals, but I'm not gonna hide scissors and knives.

It doesn't seem plausible that any kids are going to decide "Hey I wanna hook up with people online, but I got an error. Oh well. I'll play with LEGO instead."

And hell, if my kids read Stormfront or RedPill and decide "hey, that makes sense", then I've failed so hard at teaching them how to evaluate probabilities. At that point, DNS would be the last problem on my mind.

Accidental viewing, eh, I'm not too concerned. When my daughter was learning to spell, she was searching for monsters. Unfortunately, her phonetic attempt came out "man store", which was some bondage or leather thing. We had a good laugh and moved on. Maybe I'm wrong and something will trouble them for life, but it just doesn't seem likely to the point of spending any effort or worry on it.

Do you really think accidentally viewing something unsavory is gonna be a big deal?

>Well it's like employers that seek technical solutions to administrative issues.

Not really. As a parent its a good first line of defence. i.e. A transparent solution catches the worst/obvious stuff & the good old parenting talk covers the rest.

i.e. It doesn't have to be mutually exclusive.

Cisco has a poor track record in the consumer space. While I commend them on making that statement, Cisco's MO is not free and consumer focused products. While I sincerely hope that this doesn't end up the end result I am going to likely move to other resolvers as I don't want to be part of Cisco's IP going forward...

It was fun while it lasted, but personally I don't trust the path forward.

Great that folks will downvote with no context. My personal opinion and it's a true statement historically compared to Cisco's track record. Lame.
They'd be dumb to shut down the consumer DNS product. It's a goldmine of useful security data they can funnel back into their other products. Also, DNS doesn't cost much to run.
Cisco acquiring security companies? It's like the 1990s all over again. :)
Congrats to David Ulevitch for building a great company and taking it to a successful conclusion! Well done. I could tell he was on a good trajectory when he hired away one of my more capable colleagues at a previous employer. :)
This seems like a pretty great purchase. Is there anything other than Cisco's licensing model that people truly don't like them for?
The way they handled security when that guy made shellcode for IOS was pretty reprehensible. Apart from flat out refusing to believe it at first, I believe they tried to get him fired as well as using legal tactics.

And in licensing model, be sure to include adding checks to lock out fair competiton ("genuine" checks). There's probably some other shitty things they've done that I'm not recalling ATM.

But otherwise? Well I probably am partial to what I first learned. But I recently tried Fortinet, and the configuration is so braindead stupid, I felt bad for all the times I got annoyed with Cisco.

Licensing is huge for not-a-mama-papa company.

Support is also a bear. I can't think of a time Cisco has significantly improved an acquisition in the near term.

Congrats to davidu and team, you folks made an awesome product and I'm excited to see how Cisco can integrate it in their products as well as what they plan on doing with it in the future.
OpenDNS is a great service. It has been my DNS server for at least 6 months now. I've turned off Tumblr, Facebook, Techcrunch, WSJ, NYTimes, & many others - but not Hacker News. Still, it has greatly minimized my web distractions.