azariah

So something I've encountered whilst running pi-hole on and off over the last 12 months on a Raspberry Pi 3, then 3+, and now in a docker container in unRaid, is that some https enabled sites become interminably slow to load while using pi-hole and a lot of guides jump to a self-signed ssl cert for the pi-hole. The idea is that rather than getting an add the page get's a dummy web page from pi-hole but obviously this an man in the middle (MitM) attack which isn't ideal.
 
I recently found this solution which I've been utilising with my docker setup for a couple of weeks now and it's been great. Here's the link https://pi-hole.net/2018/02/02/why-some-pages-load-slow-when-using-pi-hole-and-how-to-fix-it/ but in a nutshell, you just set a firewall rule on your pi-hole that blocks certain requests on port 80 and 443 using the following rules.
 
iptables -A INPUT -p tcp --destination-port 443 -j REJECT --reject-with tcp-reset iptables -A INPUT -p udp --destination-port 80 -j REJECT --reject-with icmp-port-unreachable iptables -A INPUT -p udp --destination-port 443 -j REJECT --reject-with icmp-port-unreachable ip6tables -A INPUT -p tcp --destination-port 443 -j REJECT --reject-with tcp-reset ip6tables -A INPUT -p udp --destination-port 80 -j REJECT --reject-with icmp6-port-unreachable ip6tables -A INPUT -p udp --destination-port 443 -j REJECT --reject-with icmp6-port-unreachable You'll also need to save the rules with the following commands. iptables-save > /etc/iptables/rules.v4 ip6tables-save > /etc/iptables/rules.v6 Obviously, you need iptables installed which for the docker image you'll find they aren't by default but the official docker image uses Debian so it's a trivial step to install it. Interestingly this does work to block Google's QUIC ad system which was designed to bypass this sort of adblocking solution.
 
So yeah, turns out you can't just send all dns queries to 0.0.0.0 (null) and they have to be redirected somewhere. And because they're redirected somewhere the browser will just sit there and wait for the connection to timeout. Thankfully the solution is simple, just not well documented unfortunately.

So something I've encountered whilst running pi-hole on and off over the last 12 months on a Raspberry Pi 3, then 3+, and now in a docker container in unRaid, is that some https enabled sites become interminably slow to load while using pi-hole and a lot of guides jump to a self-signed ssl cert for the pi-hole. The idea is that rather than getting an add the page get's a dummy web page from pi-hole but obviously this an man in the middle (MitM) attack which isn't ideal.
 
I recently found this solution which I've been utilising with my docker setup for a couple of weeks now and it's been great. Here's the link https://pi-hole.net/2018/02/02/why-some-pages-load-slow-when-using-pi-hole-and-how-to-fix-it/ but in a nutshell, you just set a firewall rule on your pi-hole that blocks certain requests on port 80 and 443 using the following rules.
 
iptables -A INPUT -p tcp --destination-port 443 -j REJECT --reject-with tcp-reset iptables -A INPUT -p udp --destination-port 80 -j REJECT --reject-with icmp-port-unreachable iptables -A INPUT -p udp --destination-port 443 -j REJECT --reject-with icmp-port-unreachable ip6tables -A INPUT -p tcp --destination-port 443 -j REJECT --reject-with tcp-reset ip6tables -A INPUT -p udp --destination-port 80 -j REJECT --reject-with icmp6-port-unreachable ip6tables -A INPUT -p udp --destination-port 443 -j REJECT --reject-with icmp6-port-unreachable You'll also need to save the rules with the following commands. iptables-save > /etc/iptables/rules.v4 ip6tables-save > /etc/iptables/rules.v6 Obviously, you need iptables installed which for the docker image you'll find they aren't by default but the official docker image uses Debian so it's a trivial step to install it. Interestingly this does work to block Google's QUIC ad system which was designed to bypass this sort of adblocking solution.
 
So yeah, turns out you can't just send all dns queries to 0.0.0.0 (null) and they have to be redirected somewhere. And because they're redirected somewhere the browser will just sit there and wait for the connection to timeout. Thankfully the solution is simple, just not well documented unfortunately.

As long term follower of LMG and NCIX (RIP) I can confirm this was business as usual for these two larakins, friendly banter at its finest. Wasn't even cringe worthy tbh.

As long term follower of LMG and NCIX (RIP) I can confirm this was business as usual for these two larakins, friendly banter at its finest. Wasn't even cringe worthy tbh.

As long term follower of LMG and NCIX (RIP) I can confirm this was business as usual for these two larakins, friendly banter at its finest. Wasn't even cringe worthy tbh.

Riley and I have known each other for almost 8 years and we've worked together in some capacity for over half of that time. 
 
He asked to review a graphics card as a total joke. That's not his forte and he's perfectly comfortable with that. Even back at NCIX Tech Tips (as he mentioned on the WAN Show today) he got Ivan's help with a lot of the benchmarking stuff. Big deal. 
 
You also need to understand that he's not some intern who isn't sure about his job security or his skills. Evaluating gaming cards may not be one of them but who cares? That's not what he was hired to do.
 
Riley was brought in as a specialist for TechLinked. 
 
Something you guys might also not realize is that Riley is perfectly comfortable dishing out his share of trolling off-camera - even if he's not sure where the limits are yet with the live audience. 
 
If LMG was a horrible place to work and anyone actually took me seriously about this stuff, we'd probably have a little more turnover, don't you think? These are very talented people who could get a job tomorrow if they felt like it. 
 
We tease each other, but it's part of having some fun at work instead of being all corporate. 
 
I messaged Riley to tell him people were upset at the way he was treated on the WAN Show and to make sure he was okay and he had to go find the timestamps people were posting to see why he was supposed to be upset. 
 
So it's probably worthwhile to try re-watching with all of that in mind..
 
 
 

Just checking into this since I got a PM that was concerned we were trying to conceal the Dbrand product placement and that was worried about us running afoul of sponsorship disclosure laws.Here's what I had to say about Switch Girl in response:
 
Clearly we were wrong in the sense that people didn't think it was funny. 
 
Swing and a miss...